search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.23k stars 654 forks source link

low performance in bridge mode #1206

Closed trickius closed 7 years ago

trickius commented 7 years ago

Hi, i'm using ntopng Pro [Small Business Edition]/Embedded v.2.5.170429 on a raspberry pi 3 with the following parameters ntopng --pid "/var/run/ntopng.pid" --dump-flows "mysql;192.168.1.97;ntopng;ntopng;ntopng;ntopng" --http-prefix "/ntopng" --data-dir "/hdd/ntopng" --interface "bridge:eth1,eth2" --online-license-check "" --local-networks "192.168.1.0/24" --dns-mode "1"

i am experiencing low performance in the bridge interface. Tops at 3-4 mbps in comparison when not using bridge interface or ntopng when clients max out with 50mbit (vdsl throughput).

Is there any performance advice that i can follow? Thanks a lot!

simonemainardi commented 7 years ago

@trickius we have successful examples of users doing 70-80Mbps in bridge mode on rpi2/3. We should try to understand where is the bottleneck.

First of all, I would try to bridge eth1 and eth2 using the linux bridge (see brctl) to see the performances achieved.

Then, I would try to remove ntopng command line options, one after the other, to see if there is a bottleneck there (for example in MySQL flows export).

Finally, can I see your /etc/network/interfaces? Di you use 2+1 or 1+1 bridging mode (see https://github.com/ntop/ntopng/blob/dev/doc/README.inline)? How are the network interfaces connected to the rpi?

trickius commented 7 years ago

Hi I'm using 2+1 but it seems these 2 extra gigabit usb adapters that i am using are not working as expected. Thanks a lot

trickius commented 7 years ago

Ok managed to solve previous problem compiling modules for the extra ethernet interfaces.

My problem right now is whenever ntopng works in bridge mode -i br:eth0,eth1 i have double the ping roundtrip time, 70+ms in comparison to 30ms when ntopng runs with -i br0 with the same afformentioned ethernet interfaces. Also i have a drop of -10mbits when downloading. Does ndpi and layer7 capabilities has that overhead when working on bridge mode?

simonemainardi commented 7 years ago

@trickius try with the latest rpi build that contain a fix (ntopng_2.5.170502-2750_armhf.deb)

trickius commented 7 years ago

No unfortunately same thing happens with update.

simonemainardi commented 7 years ago

@trickius , please, send the contents of /etc/network/interfaces, the output of ifconfig and brctl show when using ntopng with configuration -ibridge:eth0,eth1

by the way, running -ibridge:eth0,eth1 implies that eth0 and eth1 have no ip and you have a third interface that is neither eth0 nor eth1 used to manage the pi. Is this true on your setup?

trickius commented 7 years ago

Hi, yes that is true. Currently i have wlan0 as a management interface and eth0+eth1 (with external usb ethernet doggle) as bridge. Eth0+1 don't have ip addresses. Raspbian 8 needs those setup steps.

when ntopng monitors br0 (-i br0):

auto lo iface lo inet loopback iface eth0 inet manual iface eth1 inet manual auto br0 iface br0 inet manual bridge_ports eth0 eth1 allow-hotplug wlan0 iface wlan0 inet manual wireless-power off wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

dhcpcd.conf needs also some settings:

Custom static IP address for eth0.

interface eth0 nodhcp noipv4ll

Custom static IP address for eth1.

interface eth1 nodhcp noipv4ll

interface br0 nodhcp noipv4ll

Custom static IP address for wlan0.

interface wlan0 static ip_address=192.168.1.98/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1

and ntopng in bridge mode (-i bridge:eth0,eth1)

auto lo iface lo inet loopback iface eth0 inet manual iface eth1 inet manual

auto br0

iface br0 inet manual

bridge_ports eth0 eth1

allow-hotplug wlan0 iface wlan0 inet manual wireless-power off wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

dhcpcd.conf needs also some settings:

Custom static IP address for eth0.

interface eth0 nodhcp noipv4ll

Custom static IP address for eth1.

interface eth1 nodhcp noipv4ll

interface br0

nodhcp

noipv4ll

Custom static IP address for wlan0.

interface wlan0 static ip_address=192.168.1.98/24 static routers=192.168.1.1 static domain_name_servers=192.168.1.1

simonemainardi commented 7 years ago

@trickius I think there is some confusion on how you are using br0. You configured br0 to bridge eth0 and eth1 but actually you don't have to do that. Again, please, refer and follow the guidelines at: https://github.com/ntop/ntopng/blob/dev/doc/README.inline

trickius commented 7 years ago

Hi thanks for your reply. So based on your directions i have to compile rf_ring or use load_hugepages.sh without rf_ring module? Is that possible? Should i purchase rf_ring also in order to have layer7 capability?

Using ntopng bridging in 2+1 mode

In this setup the management interface is used to access the box, and two additional interfaces are use for bridging traffic.

  1. Suppose you want to bridge zc:eth3 with zc:eth4. If the interface names are different please adapt tools/load_hugepages.sh In case you are using non-ZC interfaces there is no need to run load_hugepages.sh

  2. We suppose that you have PF_RING compiled with this layout

    • PF_RING
    • ntopng

    if not modify tools/load_hugepages.sh

  3. Make sure you have executed once ../tools/load_hugepages.sh

  4. Start ntopng as follows ntopng -i "bridge:zc:eth3,zc:eth4"

simonemainardi commented 7 years ago

no, pfring is not available on ARM, use -ibridge:eth0,eth1 and manage the pi via your wlan0.

To make sure the delay is not introduced by the usb adapters, use brctl to bridge eth0 and eth1 without any intervention of ntopng and monitor the latency. Then, delete the bridge created with brctl and run ntopng with -ibridge:eth0,eth1 and see how the latency varies.

trickius commented 7 years ago

I am sorry i didn't explain you good enough my tests so far. What you say is what i did. I already did a test with br0 and there is no latency. I then used -i bridge:eth0,eth1 and there is a latency.

simonemainardi commented 7 years ago

can you try and disable the mysql export?

trickius commented 7 years ago

i will present you various tests with adsl speedtest when -i bridge:eth0,eth1 (ntopng is active and without mysql export):

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cosmote S.A. (Athens) [0.78 km]: 59.958 ms Testing download speed.......................................................... ...................... Download: 37.27 Mbit/s Testing upload speed............................................................ .................................... Upload: 2.64 Mbit/s

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cosmote S.A. (Athens) [0.78 km]: 63.32 ms Testing download speed.......................................................... ...................... Download: 36.22 Mbit/s Testing upload speed............................................................ .................................... Upload: 4.50 Mbit/s

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by OTE S.A. (Athens) [0.78 km]: 70.094 ms Testing download speed................................................................................ Download: 38.12 Mbit/s Testing upload speed................................................................................................ Upload: 4.61 Mbit/s

with br0 (with ntopng -i br0 or disabled ntopng, doesn't really make a difference)

~# ./speedtest-cli Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by GRNET (Athens) [0.78 km]: 33.749 ms Testing download speed................................................................................ Download: 45.89 Mbit/s Testing upload speed................................................................................................ Upload: 4.56 Mbit/s

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Vodafone Greece (Athens) [0.78 km]: 36.96 ms Testing download speed................................................................................ Download: 42.29 Mbit/s Testing upload speed................................................................................................ Upload: 4.72 Mbit/s~

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by LANCOM LTD (Athens) [0.78 km]: 34.08 ms Testing download speed................................................................................ Download: 45.35 Mbit/s Testing upload speed................................................................................................ Upload: 4.65 Mbit/s

simonemainardi commented 7 years ago

Ok, the speeds are comparable. I would have expected similar results. Especially On a pi, there Is a natural minor performance decrease introduced by ntopng. Keep in mind that ntopng has to process each packet, inspect its contents, decide, and forward. You should consider upgrading the hardware if you can't tolerate even that decrease. Please note that even with more powerful hardware, there will still be some minor increase on the latency.

To satisfy my curiosity, can you run the same tests with mysql enabled? Even though mysql flow export is done in a separate thread, I would expect some interference on a pi.

On Fri, 5 May 2017 at 21:52, trickius notifications@github.com wrote:

i will present you various tests with adsl speedtest when -i bridge:eth0,eth1 (ntopng is active and without mysql export): ./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cosmote S.A. (Athens) [0.78 km]: 59.958 ms Testing download speed.......................................................... ...................... Download: 37.27 Mbit/s Testing upload speed............................................................ .................................... Upload: 2.64 Mbit/s ./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cosmote S.A. (Athens) [0.78 km]: 63.32 ms Testing download speed.......................................................... ...................... Download: 36.22 Mbit/s Testing upload speed............................................................ .................................... Upload: 4.50 Mbit/s ./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by OTE S.A. (Athens) [0.78 km]: 70.094 ms Testing download speed................................................................................ Download: 38.12 Mbit/s Testing upload speed................................................................................................ Upload: 4.61 Mbit/s

with br0 (with ntopng -i br0 or disabled ntopng, doesn't really make a difference)

~# ./speedtest-cli Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by GRNET (Athens) [0.78 km]: 33.749 ms Testing download speed................................................................................ Download: 45.89 Mbit/s Testing upload speed................................................................................................ Upload: 4.56 Mbit/s ./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Vodafone Greece (Athens) [0.78 km]: 36.96 ms Testing download speed................................................................................ Download: 42.29 Mbit/s Testing upload speed................................................................................................ Upload: 4.72 Mbit/s~ ./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by LANCOM LTD (Athens) [0.78 km]: 34.08 ms Testing download speed................................................................................ Download: 45.35 Mbit/s Testing upload speed................................................................................................ Upload: 4.65 Mbit/s

— You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub https://github.com/ntop/ntopng/issues/1206#issuecomment-299560023, or mute the thread https://github.com/notifications/unsubscribe-auth/ADPYHzaGLJZGk0Zj6y9N8NRbJR0Up3hmks5r233rgaJpZM4NMW8p .

-- Sent from my iPad. Sorry for typos.

trickius commented 7 years ago

Well it seems that layer7 capability has a significant overhead for me to accept. I will stick with ntopng doing ordinary monitor of -i br0 without layer7. I have a question though.. cpu load in the pi doesn't change in different modes that we're testing. Perhaps there is some room for optimization there?

Following your question this is ntopng with mysql export and -i bridge:eth0,eth1

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by OTE S.A. (Athens) [0.78 km]: 69.922 ms Testing download speed................................................................................ Download: 36.88 Mbit/s Testing upload speed................................................................................................ Upload: 3.32 Mbit/s

./speedtest-cli

Retrieving speedtest.net configuration... Testing from Cosmote (80.107.135.155)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by LANCOM LTD (Athens) [0.78 km]: 59.979 ms Testing download speed................................................................................ Download: 37.07 Mbit/s Testing upload speed................................................................................................ Upload: 4.57 Mbit/s

simonemainardi commented 7 years ago

Thanks for reporting all these benchmarks. I am closing as this is the expected behaviour on a pi.