Author: Luca Deri

  • Home
  • Articles by: Luca Deri
ntop

Network Visibility and Observability: ntopng vs SNMP+
Recently, we’ve encountered users with high monitoring requirements. Some users need to monitor 1,000 routers and want to know who are the top talkers or top protocols. Others have a network with 200 branches, each with a NetFlow-enabled router. They need to know from a central location who are the top bandwidth users and ports on selected branches. Essentially, these users don’t need fine-grained network traffic monitoring. They just need a rough idea of who the top network users are (IP and ports). Often, users who ask us these questions …
PF_RING

Building a 10 Gbit Traffic Generator using PF_RING and Ostinato
Whoever has developed network applications, soon or later had to buy or rent a traffic generator. Years ago I have purchased my 1 Gbit IXIA 400T on ebay for 2500$, and I wanted to buy a 10 Gbit traffic generator when I started to develop DNA. Unfortunately I could not afford the price of those useful yet costly devices, and I have spent over 10K $ for a 10 Gbit FPGA-based NIC (manufactured by one of the leading companies, guess who, that on my PC can’t now keep up with …
ntop

Released ntop 4.1
Over the week end we released ntop 4.1. We decided to create a smaller version with respect to the previous 4.0.3 in order to remove some legacy code that caused trouble in the past. This release lacks some of the 4.0.3 features but it can benefit in terms of stability and efficiency. The next release will re-incorporate some of the features we cut on 4.1 as we’re currently redesigning them. The idea is to make ntop faster and more modern than past versions. In 4.1 for instance we have removed …
ntop

Ok, but how much time do I have?
Accelerating packet capture and processing is a constant race. New hardware innovations, modern computing architectures, and improvements in packet capture (e.g. PF_RING) allow applications to reduce the (both CPU and real) time they need for processing packets. But the main question still holds: how much time do I have for processing packets? This is the main point. A common misconception on this field is that hardware-accelerated cards will do the magic and solve all problems. This is a wrong statement. Technologies such as PF_RING, DNA, and those cards reduce the …
PF_RING

10 Gbit PF_RING DNA on Virtual Machines (VMware and KVM)
As you know, PF_RING DNA allows you to manipulate packets at 10 Gbit wire speed (any packet size) on low-end Linux servers. As virtualization is becoming pervasive in data-centers, you might wonder whether you can benefit of DNA on virtualized environments. The answer is positive. This post explains you how to use DNA on both VMware and KVM, Linux-native virtualization system. XEN users can also exploit DNA configuring using similar system configurations. VMware Configuration In order to use DNA, you must configure the 10G card in passthrough-mode as depicted below. …
nProbe

NetFlow-lite Webcast Invitation
This is to invite you to webcast NetFlow-lite: Enable Data Center-wide Monitoring which is scheduled for Tuesday, 06-28-2011. I will be speaking  about NetFlow-lite together with the key Cisco people who worked with me at this project. Hope you will join the workshop! …
PF_RING

Introducing the 10 Gbit PF_RING DNA Driver
Today we released PF_RING 4.7.0. It includes 10 Gbit DNA support (RX/TX) for Intel-based 82598/99 ethernet adapters thus you can finally manipulate packets at wire-rate using commodity adapters. With a low-end Core2Duo you can handle more than 11 Mpps per queue, with a Xeon you can have wire rate at any packet size and using limited CPU cycles. We are very grateful to Silicom who has sponsored this developmment work. The source code of the driver is part of PF_RING and it has been placed in the PF_RING SVN. In case you want …
PF_RING

How to send/receive 26Mpps using PF_RING on commodity hardware
Until last month, I have struggled to reach 7 Mpps packet capture using TNAPI. This week I see users still asking questions about how to handle 2 x 1 Gbit wire rate on commodity hardware. I believe it’s now time to move to the next level, and achieve full 10Gbit wire rate on both RX and TX, using little CPU cycles so that we can not just capture but also process traffic. Together with Silicom we have developed a 10 Gbit PF_RING DNA driver, that we’ll soon introduce to the Linux …
nProbe

NetFlow-Lite and nProbe: a Tutorial
Today we have held a webinar about NetFlow-Lite with both Cisco and Plixer. Subscribers of this blog should know by now what is NetFlow-Lite and why nProbe is necessary to exploit this technology. Nevertheless you might be interested to know more about NetFlow-Lite, both in terms of features and usage scenarios. Below you can find a could of presentations about this topic that I think are worth reading: ntop, Implementing a NetFlow Cache for NetFlow-Lite Cisco Systems, Catalyst 4948E NetFlow-lite ntop, Using nProbe as NetFlow-Lite Aggregator In interested, you can also see the video …
nProbe

Invitation to NetFlow-Lite Webinar
As most of you know, nProbe has recently added NetFlow-Lite support in 6.5 release. NetFlow-Lite is a protocol that brings you visibility into switched networks, similar to what NetFlow “classic” is doing on routed networks. As this technology is pretty new, perhaps you might be interested in hearing more about it right from the source. I would like to invite you to this free webinar that will take place later this week. Shall you be interested please register now. Cisco NetFlow-Lite: Enabling Traffic Monitoring at Data Center Access Date: May …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe