HowTo Deploy nProbe and ntopng on the Cloud

Posted · Add Comment

Some of our customers deploy ntopng on the cloud in order to collect flows coming from private nProbe instances often deployed on private networks or clouds. Thanks to ZMQ/Kafka communications, data sent by nProbe to ntopng travel encrypted; this is contrary to many other cloud-based collectors that instead receive clear-text IPFIX/NetFlow flows sent by exporters devices.

In this setup ntopng cannot poll the routers as they are on a private networks thus unreachable from ntopng. This means that ntopng cannot poll router interfaces via SNMP and thus to report symbolic interface names on the web GUI, and a workaround has to be identified in order to allow the collector to map interface id to names. This solution works when ntopng collects flows exported by nProbe. In this case you can:

  • Poll the interface names via SNMP and save their name in a text file
  • Use the --snmp-mappings option in order to let nProbe know the interface names
  • Such names are propagated to ntopng via ZMQ (i.e. do not forget to specify --zmq)

The --snmp-mappings option specifies the path of a text file containing the interface names of all flow exporters collected by nProbe (collector mode), or of the host where nProbe is active (probe mode). The file format is pretty straightforward: the first column is the flow exporter IP address, the second is the SNMP interface Id, and the last column the SNMP interface name.

# AgentIP ifIndex ifName
# 1 lo0 2 gif0 3 stf0 4 en0 5 en1 6 en2 11 utun0 12 utun1 13 utun2 14 utun3

In order to ease the creation of such file, the nProbe package comes with a companion tool part of the nProbe package, named /usr/bin/ that you can use to create such file by polling the router via SNMP. The tool syntax is straightforward as shown below:

$ /usr/bin/
Usage: <SNMP agent IP> <SNMP version 1|2c> <SNMP community>

Example: 2c public > snmp_mappings.txt
         nprobe --snmp-mappings snmp_mappings.txt ...

$ /usr/bin/ 2c public > snmp_mappings.txt
$ cat snmp_mappings.txt 1 lo0 2 gif0 3 stf0 4 EHC250 5 EHC253 6 en0 7 en3 8 en1 9 p2p0 10 fw0 11 utun0
         # Agent InterfaceId Name

Using SNMP Mappings

Suppose nProbe to collect packets from interface en3 and sends them to ntopng in flow format. You need to start nProbe and ntopng as follows:

  • nprobe --snmp-mappings snmp_mappings.txt -i en3 --ntopng zmq:// -t 3 -d 3 -b 2 -u 7 -Q 7
  • ntopng -i zmq://

As you can see ntopng has been able to map the interface id to name (en3). Note that the above setup works both with ZMQ and Kafka.

If you want you can read more about this topic in the nProbe manual.

Enjoy !