![]() ![]() nProbe instances collecting flows can run on the same host where ntopng is active, each collecting traffic of an individual customer. each customer will have a ZMQ interface so we do not mix traffic of different customers). In this case you need to configure on a central host where ntopng is running, one ZMQ interface per customer (i.e. As provides often “replicate” the same network for every customer, it is likely that inside the customer network the address plan is the same and thus that you need to divide the traffic per customer and not merge it with he view interface. Mikrotik is a popular device used by many companies). This solution applies to service providers who have remote customer sites with routers/firewalls able to generate NetFlow/IPFIX (e.g. Solution 2: Remote Sites and Overlapping IPs Configuration example (ntopng is active on host 172.16.100.10 and nProbes at 192.168.1.2-192.168.1.4 capturing traffic on interface eno1): Note that licenses bound to the host, so you do not have to pay multiple licenses if you start multiple nProbes per host. In this case you will need one ntopng license and one nProbe license per host. This solution works if c ustomers do not have overlapping IPs and they are assigned statically (i.e. Example: supposing to have a user whose server has IP 192.168.160.10, then this is the configuration to use. In order to limit every user to see its own traffic, you need to configure in ntopng one user per customer by restricting it to the IPs he owns. This way you maximize the overall performance as every interface is independent. ntopng can be configured to collect flows on various ZMQ interfaces, one per probe, and aggregated via the view interface. One nProbe per network is used to monitor the mirrored customer traffic (note that the network cn be distributed hence nProbe instances can run on different hosts and locations) and the flows are delivered to the central ntopng via ZMQ. The simplest solution you can think of is depicted below:įor every service provided network, a mirror/TAP is used to duplicate traffic. ![]() Solution 1: Central Location with Static and Non Overlapping IPs So if you as a MSP, MSSP or ISP and you are wondering how to monitor customer traffic using ntop tools, this post can be your starting point. Over time customers started to ask new services, including traffic monitoring, security (here MSSP come into the scene) and visibility. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |