Tag Archives: Traffic

Load Balancing NTP via F5 BIG-IP LTM

As you hopefully already know, you should use at least three different NTP servers to get your time. However, there might be situations in which you can configure only one single NTP server, either via static IP addresses or via an FQDN. To overcome this single point of failure you can use an external load balancing server such as F5 LTM (in HA of course) to forward your NTP queries to one of many NTP servers. Here are some hints:

Continue reading Load Balancing NTP via F5 BIG-IP LTM

Using NetFlow with nProbe for ntopng

This blog post is about using NetFlow for sending network traffic statistics to an nProbe collector which forwards the flows to the network analyzer ntopng. It refers to my blog post about installing ntopng on a Linux machine. I am sending the NetFlow packets from a Palo Alto Networks firewall.

My current ntopng installation uses a dedicated monitoring ethernet port (mirror port) in order to “see” everything that happens in that net. This has the major disadvantage that it only gets packets from directly connected layer 2 networks and vlans. NetFlow on the other hand can be used to send traffic statistics from different locations to a NetFlow flow collector, in this case to the tool nProbe. This single flow collector can receive flows from different subnets and routers/firewalls and even VPN tunnel interfaces, etc. However, it turned out that the “real-time” functionalities of NetFlow are limited since it only refreshes flows every few seconds/bytes, but does not give a real-time look at the network. It should be used only for statistics but not for real-time troubleshooting.

Continue reading Using NetFlow with nProbe for ntopng

ntopng Installation

Some time ago I published a post introducing ntopng as an out-of-the-box network monitoring tool. I am running it on a Knoppix live Linux notebook with two network cards. However, I have a few customers that wanted a persistent installation of ntopng in theirĀ  environment. So this is a step-by-step tutorial on how to install ntopng on a Ubuntu server with at least two NICs.

Continue reading ntopng Installation

Out of the Box Network Analyzer “ntopng”

Some time ago I installed a new firewall at the customer’s site. Meanwhile the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in real-time.

The solution was to bring a network analyzer on a mirror port near to the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful commands and you’re done:

Continue reading Out of the Box Network Analyzer “ntopng”

IPv4 vs. IPv6 Traffic Statistics on Routers

I am very interested in statistics about the usage of IPv6 on Internet routers and firewalls. The problem is, that most routers/firewalls do not have unique SNMP OIDs for IPv4 and IPv6 traffic, but only the normal incoming/outgoing packet counters per interface. Therefore I am using two independent ethernet ports and cables between my outer router and my first firewall, one for IPv4-only and the other one for IPv6-only traffic. Now I have independent statistics for each protocol and can combine them in one summary graph. (Though I know that this will never be a “best practice” solution…)

Continue reading IPv4 vs. IPv6 Traffic Statistics on Routers