nProbe

Last May I did a tutorial at the Nagios Conference Europe about application and network latency measurement using nProbe. The video of the tutorial has been now released and you are free to watch it if interested in he topic. The video is available here. …

This is to invite you to webcast NetFlow-lite: Enable Data Center-wide Monitoring which is scheduled for Tuesday, 06-28-2011. I will be speaking  about NetFlow-lite together with the key Cisco people who worked with me at this project. Hope you will join the workshop! …

Today we have held a webinar about NetFlow-Lite with both Cisco and Plixer. Subscribers of this blog should know by now what is NetFlow-Lite and why nProbe is necessary to exploit this technology. Nevertheless you might be interested to know more about NetFlow-Lite, both in terms of features and usage scenarios. Below you can find a could of presentations about this topic that I think are worth reading: ntop, Implementing a NetFlow Cache for NetFlow-Lite Cisco Systems, Catalyst 4948E NetFlow-lite ntop, Using nProbe as NetFlow-Lite Aggregator In interested, you can also see the video …

On May 12th in Bolzano (I) at the Nagios World Conference Europe,  I will give a speech about network and application latency monitoring using nProbe. This is an hot topic, in particular for those who think of NetFlow/IPFIX as just a way to count bytes and packets. NetFlow/IPFIX instead is (this is my opinion) an open protocol that can be used to carry monitoring data from observation points to monitoring systems. The fact that many probes export you just bytes 'n packets info, it's not a protocol limitation but a probe limitation. In this respect nProbe supports many extensions such as latency monitoring, information about packets out-of-order, retransmitted, fragmented, average flow packet size and many more. In particular, latency is computed both as network and application latency: Read more

Release 6.3 of nprobe targeted IPFIX compatibility. In release 6.4.x (just introduced) the main focus has been on scalability and performance. Until 6.3, the nProbe architecture was not really exploiting multicore systems, due to heritage of previous versions. With this release nProbe reaches a new level as you can see from the graph below (traffic was generated using an IXIA 400, flows last 5 seconds, and are emitted in V5 format, PF_RING 4.6.3, Intel e1000e capture adapter with PF_RING-aware driver [no TNAPI]). Both graphs depict the sustained throughput rate (Y …

Last week I have participated to an IPFIX interoperability event held in Prague, right before the IETF 80. In the picture below you can see me between Benoit Claise (Cisco, one of the IPFIX/NetFlow fathers) and Jiri Novotni (Invea-Tech). nProbe 6.3.x has been successfully tested against all the available implementations including Vermont, SiLK, nfdump/IPFIX (Cesnet). nProbe has passed all the IPFIX interoperability tests as both probe (over SCTP, UDP, and TCP) and collector (UDP), dissecting both IPv4 and IPv6 traffic, and also converting NetFlow-Lite flows into IPFIX flows. Most of you …

Over the past month quite a lot of effort has been put on the IPFIX side of nProbe. Recently, nProbe has been successfully verified by Juniper as an IPFIX (in addition to v9) collector for flows generated by Juniper MX routers, and Cisco Catalyst 4948E switches. In order to further guarantee users that nProbe respects the IPFIX standards, nProbe will be tested against other IPFIX implementations at the IPFIX Interoperability Event that will take place next week in Prague. In the following months, ntop will also try to push in the …

Just like Apple is the computer brand I use since 1985, for me Cisco is the networking company, the one that created the first routers and switches on which the Internet was built. It has been a great surprise when last summer I have been contacted by a Cisco representative, who has asked me whether I was interested in starting a new project on NetFlow. After the initial surprise, of course I have accepted, and now it’s a few months I work with (not for) Cisco on this nice and challenging …

Are you interested in getting URL information from NetFlow?  The nProbe NetFlow probe or the nBox can do it.  Paul at Plixer International recently wrote a blog on Recommended nProbe Templates.  For a foundation on this topic, check out his blog.  As an extension of his blog, I’ll explain how to get URLS from the nProbe. Scrutinizer from Plixer is the ideal tool for advanced IPFIX reporting and network traffic analysis. Below is a top domain report. For our company, the first page of this report is usually legitimate sites, …