Mailing List Archive: Unclear hardware choices

Unclear hardware choices

ntop-flugle at snkmail

May 1, 2017, 10:44 AM

Post #1 of 7 (980 views)

I wish the ntop.org pages were clearer about what is and is not suitable
hardware. I want to monitor a fairly small SMB network and I think that I
might be able to use something ARM-based, but I cannot find any reliable
information regarding capacity or recommendations, beyond an old blog post
on the site which discusses compilation for a Beaglebone.

The network currently has a 10Mb/0.5Mb internet connection and this might
grow to 100Mbps. It is because of bandwidth constraints that we want to
monitor it closely: uplink and downlink can become saturated, but packets
sizes are unlikely to be small, so overall pps surely isn't a problem for
netopng.

I'd like to keep history for 30 days. I'd prefer a single appliance (that I
perhaps build) with two ethernet interfaces and a suitable SSD, but I can
live with a desktop running netopng and an nprobe instance. Both would be
licensed, because we need the traffic categorisation. However I would
prefer the cheaper ARM-based license, at least for nprobe. I I can use ARM
for a single appliance, that would be a bonus.

All suggestions for this scenario are most welcome!

Andrew Hilborne

Re: Unclear hardware choices [ In reply to ]

May 1, 2017, 11:03 AM

Post #2 of 7 (980 views)

Andrew
for ARM-based solutions I think the RPI3 is a good option if you can add external storage on USB as the MMC is not suitable for writing long term data. On the RPI3 if you need the second ethernet you need to use a USB-based adapter

If you can wait until June, a new ADI Engineering board should come out and likely able to satisfy all your needs. Otherwise any PC-based solution (pcengines and up) can be a good option

Regards Luca

> On 1 May 2017, at 19:44, Andrew Hilborne <ntop-flugle@snkmail.com> wrote:
>
> I wish the ntop.org <http://ntop.org/> pages were clearer about what is and is not suitable hardware. I want to monitor a fairly small SMB network and I think that I might be able to use something ARM-based, but I cannot find any reliable information regarding capacity or recommendations, beyond an old blog post on the site which discusses compilation for a Beaglebone.
>
> The network currently has a 10Mb/0.5Mb internet connection and this might grow to 100Mbps. It is because of bandwidth constraints that we want to monitor it closely: uplink and downlink can become saturated, but packets sizes are unlikely to be small, so overall pps surely isn't a problem for netopng.
>
> I'd like to keep history for 30 days. I'd prefer a single appliance (that I perhaps build) with two ethernet interfaces and a suitable SSD, but I can live with a desktop running netopng and an nprobe instance. Both would be licensed, because we need the traffic categorisation. However I would prefer the cheaper ARM-based license, at least for nprobe. I I can use ARM for a single appliance, that would be a bonus.
>
> All suggestions for this scenario are most welcome!
>
> Andrew Hilborne
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Unclear hardware choices [ In reply to ]

May 1, 2017, 11:03 AM

Post #3 of 7 (980 views)

Andrew
for ARM-based solutions I think the RPI3 is a good option if you can add external storage on USB as the MMC is not suitable for writing long term data. On the RPI3 if you need the second ethernet you need to use a USB-based adapter

If you can wait until June, a new ADI Engineering board should come out and likely able to satisfy all your needs. Otherwise any PC-based solution (pcengines and up) can be a good option

Regards Luca

> On 1 May 2017, at 19:44, Andrew Hilborne <ntop-flugle@snkmail.com> wrote:
>
> I wish the ntop.org <http://ntop.org/> pages were clearer about what is and is not suitable hardware. I want to monitor a fairly small SMB network and I think that I might be able to use something ARM-based, but I cannot find any reliable information regarding capacity or recommendations, beyond an old blog post on the site which discusses compilation for a Beaglebone.
>
> The network currently has a 10Mb/0.5Mb internet connection and this might grow to 100Mbps. It is because of bandwidth constraints that we want to monitor it closely: uplink and downlink can become saturated, but packets sizes are unlikely to be small, so overall pps surely isn't a problem for netopng.
>
> I'd like to keep history for 30 days. I'd prefer a single appliance (that I perhaps build) with two ethernet interfaces and a suitable SSD, but I can live with a desktop running netopng and an nprobe instance. Both would be licensed, because we need the traffic categorisation. However I would prefer the cheaper ARM-based license, at least for nprobe. I I can use ARM for a single appliance, that would be a bonus.
>
> All suggestions for this scenario are most welcome!
>
> Andrew Hilborne
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Unclear hardware choices [ In reply to ]

ntop-flugle at snkmail

May 1, 2017, 11:17 AM

Post #4 of 7 (980 views)

On 1 May 2017 at 19:03, Luca Deri deri-at-ntop.org |ntop-flugle| <
1w76poiqot@sneakemail.com> wrote:

> Andrew
> for ARM-based solutions I think the RPI3 is a good option if you can add
> external storage on USB as the MMC is not suitable for writing long term
> data. On the RPI3 if you need the second ethernet you need to use a
> USB-based adapter
>

?Luca,

At what level of traffic does the RPI3 start to max out, please? I
understand that number of flows and packet size are important here, but
this is a pretty small development office with a ~ 10-100Mbps downlink and
fairly standard traffic profiles.

Many thanks for your quick response.

Andrew?

Re: Unclear hardware choices [ In reply to ]

joining at alitdom

May 1, 2017, 8:07 PM

Post #5 of 7 (980 views)

Hi Andrew -

I'm currently using the following with an RB2011UiAS-RM on a
1Gbps/100Mbps link:

https://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

Just a quick estimate based on RRD in Zenoss, CPU is sitting at around
95% idle _most of the time_, after about 15 months of history. I used
this little box as my home router w/OPNSense but once I moved to gig
fiber I couldn't pull more than 450mbit w/o any firewall rules and
upgraded to the RouterOS device. I fluctuate between ~15-25k hosts
depending on uptime and probably max out around 2-3k flows. Using mysql,
historical searches can become problematic beyond 2 weeks even with
SSD+8GB ram.

-j

On 5/1/2017 2:17 PM, Andrew Hilborne wrote:
> On 1 May 2017 at 19:03, Luca Deri deri-at-ntop.org
> <http://deri-at-ntop.org> |ntop-flugle| <1w76poiqot@sneakemail.com
> <mailto:1w76poiqot@sneakemail.com>> wrote:
>
> Andrew
> for ARM-based solutions I think the RPI3 is a good option if you
> can add external storage on USB as the MMC is not suitable for
> writing long term data. On the RPI3 if you need the second
> ethernet you need to use a USB-based adapter
>
>
> ?Luca,
>
> At what level of traffic does the RPI3 start to max out, please? I
> understand that number of flows and packet size are important here,
> but this is a pretty small development office with a ~ 10-100Mbps
> downlink and fairly standard traffic profiles.
>
> Many thanks for your quick response.
>
> Andrew?
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Unclear hardware choices [ In reply to ]

ntop-flugle at snkmail

May 2, 2017, 9:37 AM

Post #6 of 7 (980 views)

So, if I want to run ntopng Pro Linux/Win (x64) (the small business
addition) on something like a pc engines box, without a separate nprobe
box, do I need licenses for both nprobe *and* ntopng (assuming I'm
interested in the extra features)?

Andrew Hilborne

On 2 May 2017 at 04:07, joining joining-at-alitdom.org |ntop-flugle| <
0u15g6swut@sneakemail.com> wrote:

> Hi Andrew -
>
> I'm currently using the following with an RB2011UiAS-RM on a 1Gbps/100Mbps
> link:
>
> https://www.newegg.com/Product/Product.aspx?Item=N82E16856205007
>
> Just a quick estimate based on RRD in Zenoss, CPU is sitting at around 95%
> idle _most of the time_, after about 15 months of history. I used this
> little box as my home router w/OPNSense but once I moved to gig fiber I
> couldn't pull more than 450mbit w/o any firewall rules and upgraded to the
> RouterOS device. I fluctuate between ~15-25k hosts depending on uptime and
> probably max out around 2-3k flows. Using mysql, historical searches can
> become problematic beyond 2 weeks even with SSD+8GB ram.
>
> -j
>
>
> On 5/1/2017 2:17 PM, Andrew Hilborne wrote:
>
> On 1 May 2017 at 19:03, Luca Deri deri-at-ntop.org |ntop-flugle| <
> 1w76poiqot@sneakemail.com> wrote:
>
>> Andrew
>> for ARM-based solutions I think the RPI3 is a good option if you can add
>> external storage on USB as the MMC is not suitable for writing long term
>> data. On the RPI3 if you need the second ethernet you need to use a
>> USB-based adapter
>>
>
> ?Luca,
>
> At what level of traffic does the RPI3 start to max out, please? I
> understand that number of flows and packet size are important here, but
> this is a pretty small development office with a ~ 10-100Mbps downlink and
> fairly standard traffic profiles.
>
> Many thanks for your quick response.
>
> Andrew?
>
>
>
> _______________________________________________
> Ntop mailing listNtop@listgateway.unipi.ithttp://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Re: Unclear hardware choices [ In reply to ]

faranda at ntop

May 3, 2017, 12:46 AM

Post #7 of 7 (980 views)

Hi Andrew,

nProbe and ntopng pro require separate licences, so if you want to run
both, even in the same box, you will need both.

Regards,
Emanuele

On 05/02/2017 06:37 PM, Andrew Hilborne wrote:
> So, if I want to run ntopng Pro Linux/Win (x64) (the small business
> addition) on something like a pc engines box, without a separate
> nprobe box, do I need licenses for both nprobe _and_ ntopng (assuming
> I'm interested in the extra features)?
>
> Andrew Hilborne
>
> On 2 May 2017 at 04:07, joining joining-at-alitdom.org
> <http://joining-at-alitdom.org> |ntop-flugle|
> <0u15g6swut@sneakemail.com <mailto:0u15g6swut@sneakemail.com>> wrote:
>
> Hi Andrew -
>
> I'm currently using the following with an RB2011UiAS-RM on a
> 1Gbps/100Mbps link:
>
> https://www.newegg.com/Product/Product.aspx?Item=N82E16856205007
> <https://www.newegg.com/Product/Product.aspx?Item=N82E16856205007>
>
> Just a quick estimate based on RRD in Zenoss, CPU is sitting at
> around 95% idle _most of the time_, after about 15 months of
> history. I used this little box as my home router w/OPNSense but
> once I moved to gig fiber I couldn't pull more than 450mbit w/o
> any firewall rules and upgraded to the RouterOS device. I
> fluctuate between ~15-25k hosts depending on uptime and probably
> max out around 2-3k flows. Using mysql, historical searches can
> become problematic beyond 2 weeks even with SSD+8GB ram.
>
> -j
>
>
> On 5/1/2017 2:17 PM, Andrew Hilborne wrote:
>> On 1 May 2017 at 19:03, Luca Deri deri-at-ntop.org
>> <http://deri-at-ntop.org> |ntop-flugle|
>> <1w76poiqot@sneakemail.com <mailto:1w76poiqot@sneakemail.com>> wrote:
>>
>> Andrew
>> for ARM-based solutions I think the RPI3 is a good option if
>> you can add external storage on USB as the MMC is not
>> suitable for writing long term data. On the RPI3 if you need
>> the second ethernet you need to use a USB-based adapter
>>
>>
>> ?Luca,
>>
>> At what level of traffic does the RPI3 start to max out, please?
>> I understand that number of flows and packet size are important
>> here, but this is a pretty small development office with a ~
>> 10-100Mbps downlink and fairly standard traffic profiles.
>>
>> Many thanks for your quick response.
>>
>> Andrew?
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop
> <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop