Best Practices for Using ntop Tools on Containers

Posted · Add Comment

Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are a few things to keep in mind:

  1. Service Persistency
    ntopng relies on third party services such as Redis (required) and InfluxDB (optional) to operate. In order not to loose information at container restart, you need to persistently store data or configure ntop tools to rely on such services on an external container that provide such services persistently.
  2. Filesystem Persistency
    ntopng data is usually stored on /var/lib/ntopng/ and this directory must be persistent across restarts. You can map it with -v to a local directory “docker run -it -v /var/lib/ntopng/:/var/lib/ntopng/:rw ntop/ntopng:stable -i eth0”
  3. PF_RING
    In containers the kernel is shared and thus PF_RING must be loaded on the main host and accessed by containers. Please make sure that the PF_RING version is the same across host and containers as otherwise when starting a container you will see errors such as

    root@dell:/home/ntop# docker run -it ntop/ntopng:stable -v /etc/ntopng.license:/etc/ntopng.license:ro 
    Starting redis-server: redis-server.
    [PF_RING] Wrong RING version: kernel is 20, libpfring was compiled with 18
    

    when the kernel PF_RING and the container application (using PF_RING) are not the same version.

  4. Packet Capture
    Container network interfaces are unable to see the host traffic. If you plan to deploy ntop tools on a container and monitor the host traffic please consider using “ –network=host” when starting the container.
  5. Licensing
    The license from the host is shared across all the running containers (i.e. with 1 license you can run ‘n’ containers). In order to do that you need to map the license file as follows “-v /etc/nprobe.license:/etc/nprobe.license:ro”

We hope this post will help you easilydeploying ntop tools on containers

Enjoy !