![]() OpenWRT is a Linux based firmware, which supports a lot of networking hardware. Now I wanted to look at more advanced tools for the job. In my previous post I talked about using a Network Namespace to control the download limit. Recently I have been looking at tools for managing and monitoring my home network. Posted on MaMaCategories Networking, Notes Tags homenetwork, ospf, routeros 2 Comments on Test-driving OSPF on RouterOS Test driving OpenWRT I was able to get OSPF running with RouterOS in no time. Following configuration is used on the routers. OSPF Configurationįor testing purpose I restricted my setup to area 0 to which both routers are connected. The following figures show the final setup. Linux bridges were used to connect the routers and the hosts. To keep things lite weight I used NameSpaces to simulate hosts connected to the routers. The actual setup however needs some hosts on the network to test the connectivity after implementing OSPF. I used virt-manager to setup the test network. MikroTik © recommends 128 MB RAM and 128 MB of HDD as minimal hardware requirements. The footprint of the router VMs are quite small. All for these are installed as VMs on my home desktop. The following diagram describes my network setup. So I decided to test OSPF routing with Router OS. This is perfect for learning purposes and experimenting at home. What is more amazing is they provide a RouterOS in a virtual form-factor called Cloud Hosted Router (CHR) that can be installed on hypervisors like KVM/VirtualBox/VMware. I came across RouterOS by MikroTik © which provides advances routing protocol support. Ntop can even be run from a docker container Now the monitoring data from ntopng can can be exported to Grafana. This will keep the monitored traffic separate from the monitoring traffic. Accessing the Monitoring resultĪs the Gigabit port of the Pi is used to receive mirrored traffic, the monitoring dashboard is accessed over the wlan0 interface. I used the Rasbian image for the pi and Ntopng can be easily installed from their repository using apt. It can aggregate and produce nice traffic analysis summary. To monitor traffic over long time I used Ntop. These tools give a live view of the packets going through my home network. Once the traffic is available on the mirrored port, I was able to run traffic monitors like wireshark, tshark and tcpdump on the mirror port to analyze all the traffic between the router and ISP. All traffic monitoring happens on the Pi. The mirrored traffic is passed on to the Raspberry Pi. I used this to mirror traffic arriving through the router and the ISP connection. The NetGear GS105E switch provides the capability of port mirroring. The following figure shows the connectivity. To get around the problem I decided to put the traffic monitor on the WAN side of the router. This makes traffic monitoring a bit of a problem on the LAN side. As with most people I have very few devices that connect to the router over an Ethernet cable, most devices are wifi capable. The router provides both wire and wifi connectivity. I have a PPPoE connection to my ISP that connects to my home router. So, I decided to do a weekend project to implement traffic analysis on my home network. I already tried to modify some settings in ntopng directy to lower the CPU but none of them worked.I had the Raspberry Pi laying around for some time without doing any major function and so was the NetGear switch. Snort is running with >0.5% and uses promiscous mode, too. I know that ntopng needs some CPU und promiscous mode, too that needs to be activated with ntopng but e.g. Reason is ntopng process only according to "top" in shell and all other processes run below 0.5%. The CPU is in total always changing inbetween 5-10% CPU even when there is no traffic at all, e.g. That´s why I enabled adaptive mode where the lock down of frequency to lower states work. When I have powerd with HIadaptive enabled it never clocks the CPU frequency down. Since the change I wondered that the CPU usage is high in IDLE mode. I run ntopng package (0.8.13_1 = 11) to monitor total traffic used by certain IPs. Network is small with ~8 users not doing much network traffic except Windows RDP to a certain IP (RDS Server). ![]() I changed with version 2.4.4 from pfSense in a VM (ESXI on 2vCPU Xeon Dual-CPU) to a standalone server with an AMD GX-424CC CPU Passmark and 8 GB Ram.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |