BENTO FAQHere you will find answers to many questions people have asked in the past. If you have further questions or need clarification, feel free to write to:info@networksignature.com General questions
Server questions
Browser questions
What is the big picture?BENTO allows you to explore your traffic based on Autonomous System and BGP path information. Rather than producing graphs of traffic based on router interfaces in your network, BENTO produces graphs of traffic based on AS information. In effect, you can see beyond the border routers of your network, and identify how much traffic you exchange with other networks both near and far away. Here's a screenshot.Who would use it? What do I gain?BENTO lends itself equally well to both real time monitoring of active traffic and to longer term planning for network optimisation. In a real time operational situation, it is easy to configure the BENTO interface to eg pick up and highlight large amounts of ICMP traffic, which would indicate a malfunction or DoS attack. For network planning, BENTO allows you to explore the entire AS spectrum beyond peers and transit providers, and identify interesting hot spots and networks elsewhere. A typical situation would be that you're wondering if it might be worthwhile connecting directly to another exchange. BENTO enables you to see how much traffic you could exchange with the networks present at that exchange.In practice, how is BENTO installed and used?The BENTO software package will normally be installed on a dedicated server, located somewhere centrally in your network. From your border routers you set up BGP sessions (like you would to any other BGP peer) and export flow data to the BENTO server. The BENTO server identifies the active AS paths in your network traffic by looking up source and destination addresses in the BGP table sent by each router. It then aggregates the traffic information around those paths, and stores the information on disk. Using a sophisticated web-browser based interface (screenshot) you can then view, sort, and compare the data. BENTO can automatically detect and aggregate traffic for peers, home ASs, and the entire AS spectrum at the touch of a button. For further analysis you can enter AS path regular expressions and lists of ASs to refine the data selection.BGP? Peer? AS path? Now I'm really confused.BGP is a protocol that allows routers in a network to exchange reachability information. An important part of BGP is that each destination announced by a router has additional information explaining among other things the origin of the announcement, known as an Autonomous System, and which autonomous systems the announcement has passed through (the "AS path"). In a nutshell, this provides a kind of abstraction of the underlying network(s) -- think of the underlying network as roads, and autonomous systems as different states or countries on a geographical map. BGP is what holds the Internet together, but has uses in large corporate networks too. If you're not using BGP in your network we can provide an add-on that allows you to import static routes and location information, in order to take advantage of BENTO's powerful analysis and monitoring features. Even better, if your network has grown to unmanageable proportions, and it's time to gear up the architecture by introducing BGP, we have all the expertise you need.It's real time, but what is the actual delay and granularity?The granularity is five seconds, meaning that when you extract data from disk it can be addressed with a precision of five seconds. Depending on router vendor, model, and configuration, flow data may stay on the router for up to a minute (or much longer, if the router is configured so) before being exported. In the case of sampled flow data the delay is usually negligible. Once on the BENTO server, data is aggregated for each AS path for a default of sixty seconds before being written to disk. This value is configurable and can be reduced at the expense of CPU power and disk usage.Can I view traffic for individual routers?Yes, BENTO stores the received and aggregated data on a per-router basis, as well as for your AS as a whole. You can also configure which interfaces should form part of your global data, so that you can collect both in- and out-bound traffic for all routers, but only forward the relevant data for global summary. That way you get a complete and correct picture of traffic for both individual routers as well as for your entire AS.Can I identify incorrect traffic and illegal transit?Within certain parameters, yes. Any traffic which cannot be accounted for using the BGP information for the router carrying it will be accounted to ASN0. Under normal circumstances there will be small amounts of inexplicable traffic resulting from route- and switch-cache timeout periods, race conditions, general instability, etc, but noticeable amounts of persistent ASN0 traffic would suggest either stuck route cache entries or some nailed up static routes.Which flow formats are supported?The different formats aren't terribly different, and tend to be compatible variations of Cisco's NetFlow version 1 or 5 (which are themselves very similar). BENTO doesn't need all the information in the format, however, and specifically does not need any BGP information such as home AS. Hence, BENTO works equally well with data from eg ntop and/or nProbe. For special requirements, it is easy for us to provide a custom add-on to work with different formats.What about sampled data?Sample rate is one of the per-router configurations you specify. Received flow data is then scaled according to the sample rate before going further in the BENTO system, resulting in completely transparent handling and presentation of both sampled and full-rate flow information.Which routers/BGP implementations do you support?BGP (specifically, BGP version 4, BGP4) is an industry standard protocol, meaning that no vendor-specific support is necessary. Interoperability has been verified with Cisco, Juniper/Gated, Extreme, and Zebra/Quagga. It is highly unlikely there will be any interoperability problems with other BGP4 implementations.Is it hard or time-consuming to configure?No, not really. BENTO requires only two mandatory and one optional piece of information for each router:
Are there any safeguards against incorrect configuration?Yes, each router exports to an individual port and socket on the BENTO server, and the port numbers are generated by the BENTO system in such a fashion that it takes several incorrect keystrokes during router configuration in order to duplicate another port number. Additionally, all incoming data packets have their source address checked against what is configured for the router in question, and non-matching packets are discarded (with a note being syslogged). Hence, it is practically impossible to inadvertently produce incorrect data by mixing up data from different routers.What platforms are supported?Currently BENTO is available for Linux/Intel architectures, and a BSD port is planned. Principally BENTO requires little else than a POSIX compatible system, and should port easily to other systems. At this time, however, such porting would be by specific customer request and agreement.How is BENTO delivered?BENTO is preferably pre-installed on our purpose-built server. At the core it is a small set of Linux/Intel binary executables as well as supporting web pages and PHP scripts. It requires a Linux system to run and PHP and a web server for you to see the results. It can optionally be installed on a server supplied by the customer.How much CPU power does it need?For collecting and storing flow data, BENTO needs around 6000 CPU cycles from NIC to disk for each flow. In practice, with a typical Internet-style traffic mix, this translates into a 2GHz CPU being able to handle unsampled flow data for 1-1.5Gbps of network traffic. At these traffic levels, however, it is recommended to use sampled data in order to reduce load on the routers, so with a sample rate giving eg a ten-fold reduction in the data presented to the BENTO server, an off-the-shelf mid range CPU can collect data for 10-15Gbps network traffic. To produce graphs the requirement depends entirely on how much data you wish to extract and view. In a typical case, where you're looking at data for one minute, CPU requirements are on the order of 10-100ms per view with a modern, fast CPU in the GHz range. If on the other hand you extract data for an hour, CPU requirements will be, yes, 60 times higher than for one minute.How much disk space does it need?It is highly variable, and depends on your traffic volume and pattern. With the base module providing one hour's worth of history, it needs a minimum of 6M per router. At a few hundred Mbps, this requirement will have grown to around 100M.How long can it store the data for?Within reason, it is a question about disk space and the number of routers you have. The base module needs around 2-3G per hour per router, and will by default store data for one hour, and keep another hour behind that for history comparison. While this can be extended, the amount of disk space required (and the CPU power to process it) quickly becomes unmanageable. A history module, currently under development, will reduce the granularity of the data, and will enable storage for up to a year or longer.Do I need any additional licences or licenced software?For the Linux version, no. BENTO is self-contained, and does not require anything which isn't already part of a typical Linux distribution. Specifically, it requires a web server (Apache), PHP, and some system libraries, as well as a C compiler during installation. For non-Linux/BSD systems, different, vendor-specific licences may apply.Which browsers are supported?The BENTO interface is not written with any particular browser in mind, but in order to provide a flexible and powerful interface we have to lean quite heavily on several browser technologies, including CSS and Javascript, and not all browsers implement a large enough subset of the standards to work well. BENTO has been tested and found working well with recent versions of Internet Explorer, Mozilla (and Mozilla FireBird), and Netscape on (where applicable) Windows 98, Windows NT/2000/etc, X11, and Mac. See the demo notes for more information.Why don't you support KoolBrowzer 0.97p?Although the BENTO interface is implemented by means of a web browser, BENTO is not a website, and the objective is to provide network engineers with a powerful tool, not to support a wide variety of different browsers. In fact, many professional tools resort to native applications requiring actual installation on a workstation in order to be used, and we have taken a major step forward by providing a supremely powerful user interface on a generally portable web-based platform. If you insist, consider BENTO not to be web-based, but to require installation of a native application (called Mozilla FireBird) in order to work.Are there alternatives to browsers?We are considering some high performance visualisation tools that would come as native applications, but at this time the web-based interface is more than powerful enough. For special purposes, however, we are happy to provide a source code licence that would allow customers to extract data using tools they develop themselves. |
© 2002 qbfox ltd 
|