nProbe™ Cento 100 Gbps Packet Processor User Guide Version 1.4 Jan 2018 © 2002-18 nProbe™ Cento User Guide v.1.4 Overview .........................................................................................................................................................4 Main Features ............................................................................................................................................5 Installation ......................................................................................................................................................6 Executables ................................................................................................................................................6 The cento Executable ............................................................................................................................6 The cento-ids Executable ......................................................................................................................6 The cento-bridge Executable ................................................................................................................6 Licensing .....................................................................................................................................................7 Definitions .......................................................................................................................................................8 Use Cases .....................................................................................................................................................10 100Gbps Flow Exporter ............................................................................................................................12 Integration with ntopng .......................................................................................................................13 Exporting flows to ntop over ZMQ ......................................................................................................13 Exporting flows to ntop over ZC socket ..............................................................................................14 Integration with a NetFlow Collector ...................................................................................................15 Flows Injection in Apache Kafka .........................................................................................................15 Flows Dump to Plain Text Files ............................................................................................................17 Flows Dump to Syslog ..........................................................................................................................18 Full-Duplex TAP Aggregator + 100Gbps Probe .....................................................................................19 TAP-Aggregated Flows Export to a Netflow Collector ......................................................................20 100Gbps Probe + Traffic Aggregator ......................................................................................................21 Packet-to-Disk Recording ....................................................................................................................21 Policed Packet-To-Disk Recording ....................................................................................................24 100Gbps Probe + Traffic Balancer for IDS / IPS .....................................................................................26 Integration with Suricata IDS/IPS ........................................................................................................27 Integration with Snort IDS/IPS .............................................................................................................27 Egress Queues .............................................................................................................................................28 Policing Egress Queues Traffic ...............................................................................................................29 Policy Rules ...........................................................................................................................................29 The Egress Queues Configuration File ....................................................................................................31 Shunting ................................................................................................................................................31 Aggregated Egress Queue .................................................................................................................32 Balanced Egress Queues ...................................................................................................................33 The Egress Queues runtime REST Configuration API ............................................................................34 Identifying the base REST Endpoint ....................................................................................................34 Configuring Queue-Level Rules ..........................................................................................................35 Configuring Subnet-Level Rules .........................................................................................................35 Configuring Protocol-Level Rules .......................................................................................................35 Network Bridge ............................................................................................................................................36 Policing Bridged Traffic ............................................................................................................................36 Policy Rules ...........................................................................................................................................37 The Network Bridge Configuration File ..................................................................................................38 Network Bridge Example ........................................................................................................................39 The Network Bridge Runtime REST Configuration API ..........................................................................40 Identifying the base REST Endpoint ....................................................................................................40 Configuring Bridge-Level Rules ..........................................................................................................40 Configuring Subnet-Level Rules .........................................................................................................40 Configuring Protocol-Level Rules ........................................................................................................41 Command Line Options ..............................................................................................................................42 Interfaces ..................................................................................................................................................42 Egress queues .........................................................................................................................................43 Flows Generation .....................................................................................................................................45 !2 nProbe™ Cento User Guide v.1.4 CPU Affinity ...............................................................................................................................................46 Flows Export Settings ...............................................................................................................................48 Miscellaneous Settings ...........................................................................................................................52 PF_RING / PF_RING Zero Copy ...............................................................................................................54 REST ...........................................................................................................................................................54 PF_RING ZC Huge Pages Configuration ....................................................................................................55 References ....................................................................................................................................................56 User Guide Summary of Changes Date Changes 2016-09-29 Added options: --skip-fragments --tunnel --dump-compression --zmq --zmq-encrypt-pwd --hugepages --monitor-aggregator-core --timer-core --dont-drop-privileges —daemon,--json-to- syslog !3 nProbe™ Cento User Guide v.1.4 Overview Measuring network traffic is a fundamental task in any modern packet-switched network. Accurate measurements offer an effective support in the timely diagnosis of network issues. Misbehaving hosts, faulty adapters, intruders, undesired traffic, are just a few examples of issues that are likely to occur in any real-world deployment. Other popular use cases that demand for accurate traffic monitoring include, but are not limited to, billing and reporting systems used by service providers and network operators. The steady increase in network