Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:dpi:dpi_components:qoestor [2019/04/04 14:15] – kvazikrav | en:dpi:dpi_components:qoestor [2024/09/26 15:29] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== QoE Stor (Statistics collection module) |
| - | == QoE analytics data collection and storage module == | + | {{indexmenu_n> |
| - | + | -[[en: | |
| - | ===== Introduction ===== | + | -[[en: |
| - | + | -[[en: | |
| - | The module is designed to collect and store Neflow and Clickstream data. Data is used to analyze QoE in DPIUI2. | + | -[[en: |
| - | + | -[[en: | |
| - | + | -[[en: | |
| - | ===== Architecture ===== | + | |
| - | + | ||
| - | Data from the VAS Experts DPI is received on several sockets (tcp or udp) using [[en: | + | |
| - | + | ||
| - | The collected data is stored in the ClickHouse database. | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | ===== Installation and Update ===== | + | |
| - | + | ||
| - | ==== Recommendations on device to be used for installing QoE Stor Module | + | |
| - | + | ||
| - | <note important> | + | |
| - | + | ||
| - | === Minimum requirements === | + | |
| - | + | ||
| - | For the subsystem, you can use hardware or virtual machines with the characteristics listed below: | + | |
| - | - Processor (CPU) 2.5 ГГц - 1 pce | + | |
| - | - RAM - at least 16 GB | + | |
| - | - Hard disk drive (SSD is highly desirable) - at least 500 GB | + | |
| - | - Operating system - Cent OS 6.4 - 7.x+ | + | |
| - | - Network interface (NIC) - at least 1 Gbps | + | |
| - | **10 Gbps average daily traffic generates approximately 25 GB of data per hour in the QoE Store** | + | |
| - | == Processor == | + | |
| - | + | ||
| - | SSE 4.2 instruction set support is required. | + | |
| - | + | ||
| - | Choose processors with a large number of cores. Clock frequency is less important. For example, 16 cores with 2,600 MHz are better than 8 cores at 3,600 MHz. | + | |
| - | + | ||
| - | <note important> | + | |
| - | + | ||
| - | == RAM == | + | |
| - | + | ||
| - | RAM should be no less than the amount of data requested. | + | |
| - | + | ||
| - | The more RAM server has, the better performance will be achieved when building reports. | + | |
| - | + | ||
| - | The more memory, the less disk system is stressing. | + | |
| - | + | ||
| - | Minimum prerequisites is 16 GB. | + | |
| - | + | ||
| - | Always disable the swap file. | + | |
| - | + | ||
| - | == Disk == | + | |
| - | + | ||
| - | Required disk space is at least 16 GB for every storage day, it's actual value depends on daily traffic. | + | |
| - | + | ||
| - | If your budget makes you possible to use SSD, use it. Otherwise use HDD. SATA HDDs 7200 RPM will be suitable. | + | |
| - | + | ||
| - | When using HDD, you can combine them into RAID-10, RAID-5, RAID-6 or RAID-50. | + | |
| - | + | ||
| - | Most of the data is stored in the ''/ | + | |
| - | + | ||
| - | Temporary data (ipfix dumps) is stored in the ''/ | + | |
| - | + | ||
| - | === Maintenance advice from Yandex ClickHouse === | + | |
| - | + | ||
| - | You could familiarize yourself with the contents of maintenance advice from Yandex ClickHouse by following the [[https:// | + | |
| - | + | ||
| - | + | ||
| - | ==== Version Information ==== | + | |
| - | + | ||
| - | === Version v.1.0.9 (21.02.2019) === | + | |
| - | + | ||
| - | | + | |
| - | * '' | + | |
| - | + | ||
| - | === Version v.1.0.7 hot fixes (24.12.2018) === | + | |
| - | + | ||
| - | * ipfix re-export feature is added and is available through the ipfixreceiver configuration file: IPFIX_FULLFLOW_EXPORT and IPFIX_CLICKSTREAM_EXPORT | + | |
| - | + | ||
| - | === Version v.1.0.6 hot fixes (04.12.2018) === | + | |
| - | + | ||
| - | * Bugs concerning the work of the subnets_local_dic dictionary (such as "A call to function range would produce 12884901882 array elements" | + | |
| - | * ipfixreceiver2 receiver configuration has been fixed (FileWriter queue is full. Records dropped.) | + | |
| - | + | ||
| - | === Version v.1.0.5 (03.12.2018) === | + | |
| - | + | ||
| - | * Host Category Dictionaries | + | |
| - | * Transition to the ipfixreceiver2 | + | |
| - | + | ||
| - | <note important> | + | |
| - | - Do not forget to update the installation script (in the Installation section) before upgrading. To upgrade, use the installation script. | + | |
| - | - After the upgrade has been finished, check whether the receivers are running: < | + | |
| - | - If receivers are not running, execute the / | + | |
| - | </ | + | |
| - | + | ||
| - | === Version v.1.0.4 (02.11.2018) === | + | |
| - | + | ||
| - | * Preaggregation is implemented resulting in reducing the netflow by 6-7 times and clickstream by 3 times | + | |
| - | * The following dictionaries are implemented: | + | |
| - | * The following features are added: identification the traffic direction and subscribers filtering | + | |
| - | + | ||
| - | This QoE Stor version works with the version of DPIUI2-2.1.5 and higher | + | |
| - | + | ||
| - | <note important> | + | |
| - | To do so issue the command: | + | |
| - | + | ||
| - | + | ||
| - | === Version v.1.0.0 (20.09.2018) === | + | |
| - | + | ||
| - | * A new QoE Stor module is implemented | + | |
| - | + | ||
| - | + | ||
| - | ==== Installation ==== | + | |
| - | + | ||
| - | <note warning> | + | |
| - | + | ||
| - | For automatically installation or upgrading follow these steps: | + | |
| - | + | ||
| - | - Execute [[https:// | + | |
| - | - Execute [[https:// | + | |
| - | - Check whether the qoestor database in clickhouse is available. To do this, issue the command< | + | |
| - | - If there is no database (probably the database server is not running), you should to create it by issuing the following command< | + | |
| - | + | ||
| - | ==== Upgrading ==== | + | |
| - | + | ||
| - | Upgrading is performed using the same scripts as in the [[en: | + | |
| - | + | ||
| - | If receivers stopped after you have executed the < | + | |
| - | + | ||
| - | ==== Configuration ==== | + | |
| - | + | ||
| - | === ipfix receivers configuration === | + | |
| - | + | ||
| - | ipfix receivers configuration is implemented through the .env file: \\ < | + | |
| - | + | ||
| - | Default | + | |
| - | #Ipfix form DPI 0 | + | |
| - | IPFIX_FULLFLOW_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_FULLFLOW_PORT[0]=1500 | + | |
| - | # | + | |
| - | + | ||
| - | IPFIX_CLICKSTREAM_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_CLICKSTREAM_PORT[0]=1501 | + | |
| - | # | + | |
| - | + | ||
| - | #Traffic direction definition | + | |
| - | # 0 - as is | + | |
| - | # 1 - by AS (for fullflow only) | + | |
| - | # 2 - by CIDR (for fullflow and clickstream) | + | |
| - | # 3 - by both: AS and CIDR | + | |
| - | # 4 - any: AS or CIDR | + | |
| - | TRAFFIC_DIR_DEF_MODE=0 | + | |
| - | + | ||
| - | #Subscriber filter | + | |
| - | # 0 - no filter | + | |
| - | # 1 - by AS (for fullflow only) | + | |
| - | # 2 - by CIDR (for fullflow and clickstream) | + | |
| - | # 3 - by both: AS and CIDR | + | |
| - | # 4 - any: AS or CIDR | + | |
| - | SUBSCRIBER_FILTER_MODE=0 | + | |
| - | </ | + | |
| - | + | ||
| - | In the configuration above fullflow and clickstream receivers are listening 1500 and 1501 socket respectively. << | + | |
| - | + | ||
| - | <note tip>It is better to prefer tcp over udp because udp packets can be lost when the MTU is exceeded.</ | + | |
| - | + | ||
| - | The values TRAFFIC_DIR_DEF_MODE = 0 and SUBSCRIBER_FILTER_MODE = 0 mean that there is no need to calculate the traffic direction and apply filters to subscribers. | + | |
| - | + | ||
| - | The IPFIX_FULLFLOW_EXPORT and IPFIX_CLICKSTREAM_EXPORT parameters allow you to configure export to third-party receivers. Format for use: ip/ | + | |
| - | + | ||
| - | <note important> | + | |
| - | + | ||
| - | **The following example shows how to configure data reception from several DPIs** \\ < | + | |
| - | #Ipfix form DPI 0 | + | |
| - | IPFIX_FULLFLOW_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_FULLFLOW_PORT[0]=1500 | + | |
| - | + | ||
| - | IPFIX_CLICKSTREAM_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_CLICKSTREAM_PORT[0]=1501 | + | |
| - | + | ||
| - | #Ipfix form DPI 1 | + | |
| - | IPFIX_FULLFLOW_PORT_TYPE[1]=tcp | + | |
| - | IPFIX_FULLFLOW_PORT[1]=1510 | + | |
| - | + | ||
| - | IPFIX_CLICKSTREAM_PORT_TYPE[1]=tcp | + | |
| - | IPFIX_CLICKSTREAM_PORT[1]=1511 | + | |
| - | + | ||
| - | #Ipfix form DPI 2 | + | |
| - | IPFIX_FULLFLOW_PORT_TYPE[2]=tcp | + | |
| - | IPFIX_FULLFLOW_PORT[2]=1520 | + | |
| - | + | ||
| - | IPFIX_CLICKSTREAM_PORT_TYPE[2]=tcp | + | |
| - | IPFIX_CLICKSTREAM_PORT[2]=1521 | + | |
| - | </ | + | |
| - | + | ||
| - | **The following example corresponds to the situation when you need to identify subscribers by CIDR** | + | |
| - | + | ||
| - | This configuration makes sense only when the VAS Experts DPI is installed using port mirroring. | + | |
| - | + | ||
| - | < | + | |
| - | TRAFFIC_DIR_DEF_MODE=2 | + | |
| - | SUBSCRIBER_FILTER_MODE=2 | + | |
| - | </ | + | |
| - | + | ||
| - | Be sure to configure subnets_local_dic dictionary for this configuration example! | + | |
| - | + | ||
| - | **The following example corresponds to the situation when export to third-party receivers is configured** | + | |
| - | + | ||
| - | < | + | |
| - | IPFIX_FULLFLOW_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_FULLFLOW_PORT[0]=1500 | + | |
| - | IPFIX_FULLFLOW_EXPORT[0]=10.0.0.2/ | + | |
| - | + | ||
| - | IPFIX_CLICKSTREAM_PORT_TYPE[0]=tcp | + | |
| - | IPFIX_CLICKSTREAM_PORT[0]=1501 | + | |
| - | IPFIX_CLICKSTREAM_EXPORT[0]=10.0.0.2/ | + | |
| - | </ | + | |
| - | + | ||
| - | == Restarting the receivers == | + | |
| - | + | ||
| - | All receivers can be restarted using the command: < | + | |
| - | + | ||
| - | If you need to restart the receivers one by one, you can do this by restarting corresponding systemd service units, for example | + | |
| - | + | ||
| - | | + | |
| - | systemctl restart qoestor_clickstream_0.service</ | + | |
| - | * For CentOS 6 < | + | |
| - | service qoestor_clickstream_0 stop | + | |
| - | service qoestor_fullflow_0 start | + | |
| - | service qoestor_clickstream_0 start</ | + | |
| - | + | ||
| - | == Stoping the receivers == | + | |
| - | * For CentOS 7 < | + | |
| - | systemctl stop qoestor_clickstream_0.service</ | + | |
| - | * For CentOS 6 < | + | |
| - | service qoestor_fullflow_0 stop</ | + | |
| - | + | ||
| - | == Сlickhouse DB stop and start == | + | |
| - | * Stop < | + | |
| - | * Start < | + | |
| - | + | ||
| - | === DPI configuration === | + | |
| - | + | ||
| - | == Export configuration == | + | |
| - | + | ||
| - | The DPI version must be at least 8.1. | + | |
| - | + | ||
| - | You can configure ipfix export by editing the fastdpi.conf configuration file on your DPI device. | + | |
| - | < | + | |
| - | netflow=8 | + | |
| - | netflow_dev=em1 | + | |
| - | netflow_timeout=10 | + | |
| - | netflow_as_direction=3 | + | |
| - | netflow_full_collector_type=2 | + | |
| - | netflow_full_port_swap=0 | + | |
| - | netflow_full_collector=YOUR_QOESTOR_IP: | + | |
| - | netflow_passive_timeout=20 | + | |
| - | netflow_active_timeout=60 | + | |
| - | netflow_rate_limit=120 | + | |
| - | ipfix_dev=em1 | + | |
| - | ipfix_tcp_collectors=YOUR_QOESTOR_IP: | + | |
| - | </ | + | |
| - | + | ||
| - | <note important> | + | |
| - | **service fastdpi restart**</ | + | |
| - | + | ||
| - | + | ||
| - | This can be achieved also using [[en: | + | |
| - | + | ||
| - | To perform configuration using DPIUI2 you should open the section DPI CONTROL -> CONFIGURATION. Open the tab **Collection and analysis of statistics on protocols and directions**. | + | |
| - | + | ||
| - | Set neflow option to **Export of complete statistics for sessions**. See figure below. | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | Then specify socket for fullflow receiver within " | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | Type in the clickstream receiver socket in " | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | Press Save and then restart fast_dpi. See the figure below. | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | + | ||
| - | == ID assignment to ipfix collector == | + | |
| - | + | ||
| - | Open the section Hardware " | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | === Setting up DPIUI2 connection to the QoE Stor module === | + | |
| - | + | ||
| - | In order to browse QoE reports, you should configure the DPIUI2 connection to the QoE Stor. See the [[en: | + | |
| - | + | ||
| - | ==== Configuring the dictionaries ==== | + | |
| - | + | ||
| - | All dictionaries are in the / | + | |
| - | + | ||
| - | Each dictionary has it's own sample.txt which can be used as a pattern. | + | |
| - | + | ||
| - | All columns within the dictionaries are separated by a tab character (\t). The number of \t should be one less than the number of columns in dictionary. Please, pay close attention to this circumstance. | + | |
| - | + | ||
| - | When files are changed, the data is loaded into the database automatically. | + | |
| - | + | ||
| - | Some useful commands when working with dictionaries: | + | |
| - | + | ||
| - | * Speed up data updates in directories < | + | |
| - | * Check dictionaries for errors < | + | |
| - | * Check if there is data in the directory, for example for the '' | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | ==== asnum_local_dic and subnets_local_dic dictionaries ==== | + | |
| - | + | ||
| - | The lists of your local AS and local subnets are specified in these dictionaries. | + | |
| - | Dictionaries are used to identify the traffic direction (true in case the DPI is installed using mirroring) and to filter subscribers (so that the hosts IP addresses do not appear in the subscriber reports) | + | |
| - | + | ||
| - | Example of **asnum_local_dic** dictionary | + | |
| - | < | + | |
| - | 12345 LOCAL | + | |
| - | 65535 UNKNOWN | + | |
| - | </ | + | |
| - | + | ||
| - | The first column is AS number, the second one is it's name (it is displayed in reports). | + | |
| - | + | ||
| - | Example of **subnets_local_dic** dictionary | + | |
| - | < | + | |
| - | 192.168.1.0/ | + | |
| - | 10.64.66.0/ | + | |
| - | 172.16.0.0 LOCAL | + | |
| - | 2a02: | + | |
| - | </ | + | |
| - | + | ||
| - | The first column is IP address or CIDR, the second one is the name (it is NOT displayed in reports, but it is required by format). | + | |
| - | + | ||
| - | <note important> | + | |
| - | + | ||
| - | ==== subscribers_dic, | + | |
| - | + | ||
| - | === subscribers_dic === | + | |
| - | + | ||
| - | Dictionary of subscribers. | + | |
| - | + | ||
| - | Dictionary example | + | |
| - | < | + | |
| - | 10.64.66.100 login 5 port1 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.101 login 2 port1 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.102 login 3 port1 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.103 login 4 port1 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.104 login 5 port1 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.105 login 5 port2 unit_vendor cabel contract services mac | + | |
| - | 10.64.66.106 login 5 port3 unit_vendor cabel contract services mac | + | |
| - | </ | + | |
| - | + | ||
| - | Columns: | + | |
| - | - IP address | + | |
| - | - Login | + | |
| - | - Switch ID (access switch) | + | |
| - | - Switch port | + | |
| - | - Subscriber device vendor | + | |
| - | - Cable | + | |
| - | - Contract | + | |
| - | - Services | + | |
| - | - Subscriber device MAC address (is reserved for future purposes) | + | |
| - | + | ||
| - | === switches_dic === | + | |
| - | + | ||
| - | Hierarchical dictionary of devices (access switches and trunk switches) | + | |
| - | + | ||
| - | Dictionary example | + | |
| - | < | + | |
| - | 1 Switch_1 Ethernet Region_1 Address_1 10.140.1.18 ISP_1 0 0 | + | |
| - | 2 Switch_2 Ethernet Region_2 Address_2 10.140.2.18 ISP_1 0 0 | + | |
| - | 3 Switch_3 Ethernet Region_3 Address_3 10.140.3.18 ISP_1 0 1 port1 | + | |
| - | 4 Switch_4 Ethernet Region_4 Address_4 10.140.4.18 ISP_1 0 3 port1 | + | |
| - | 5 Switch_5 Ethernet Region_5 Address_5 10.140.5.18 ISP_1 0 4 port1 | + | |
| - | </ | + | |
| - | + | ||
| - | Columns: | + | |
| - | - Device ID UInt64 | + | |
| - | - Device name | + | |
| - | - Device type | + | |
| - | - Region | + | |
| - | - Address | + | |
| - | - Switch IP address | + | |
| - | - Internet service provider | + | |
| - | - Indicator: trunk switch indicator (1 if so). Is not currently used, you can set 0 everywhere | + | |
| - | - Upstream Switch ID UInt64 | + | |
| - | - Upstream Switch port | + | |
| - | - The owner | + | |
| - | + | ||
| - | === crc_dic === | + | |
| - | + | ||
| - | CRC Errors Dictionary (on switch ports) | + | |
| - | + | ||
| - | Dictionary example | + | |
| - | < | + | |
| - | 2 port_1 450 | + | |
| - | 5 port_1 550 | + | |
| - | 5 port_2 500 | + | |
| - | 4 port_1 780 | + | |
| - | </ | + | |
| - | + | ||
| - | Columns | + | |
| - | - Switch ID | + | |
| - | - Switch port | + | |
| - | - CRC value | + | |
| - | + | ||
| - | ==== urlcats_dic and urlcats_host_dic dictionaries ==== | + | |
| - | + | ||
| - | Host categories dictionaries. Designed to determine the ownership of a particular host category. | + | |
| - | + | ||
| - | Directories are automatically downloaded from vasexperts.ru resources. | + | |
| - | + | ||
| - | To speed up the initial load, issue the following commands | + | |
| - | - < | + | |
| - | - < | + | |
| - | + | ||
| - | + | ||
| - | ===== Troubleshooting ===== | + | |
| - | + | ||
| - | ==== QoE Stor module does not work, although everything was installed according to the instructions. ==== | + | |
| - | + | ||
| - | If you have installed and configured everything according to the instructions above, and the DPIUI2 "QoE Analytics" | + | |
| - | + | ||
| - | - Check the time and timezone settings on servers with dpiui2 and QoE Stor installed. Try to specify a long period in dpiui2. If it's about the timezone, the data will appear. Set the proper time on the servers with dpiui2 and QoE Stor module installed , restart the corresponding servers (on which the dpiui2 and QoE Stor module are installed). | + | |
| - | - Check if the database is created on the server with QoE Stor installed < | + | |
| - | - Check if there is data in the database on the server with QoE Stor installed < | + | |
| - | - Check the content of the receiver dumps on the server with QoE Stor installed < | + | |
| - | - Check the receivers logs under the < | + | |
| - | - Check whether the 1500 and 1501 ports are listening on the server with QoE Stor installed < | + | |
| - | - Check again [[en: | + | |
| - | - Check the [[en: | + | |
| - | - Check if the ClickHouse database is running on the server with QoE Stor installed by issuing following command: < | + | |
| - | - Check the clickhouse logs under the / | + | |
| - | + | ||
| - | Если есть необходимость очистить все данные в БД, то на сервере с QoE Stor надо | + | |
| - | - Удалить БД командой < | + | |
| - | - Пересоздать БД командой < | + | |
| - | + | ||
| - | ==== Выполнили yum –y update, не запускаются ресиверы ==== | + | |
| - | + | ||
| - | При выполнении **yum –y update** ломаются некоторые библиотеки. Ресиверы перестают запускаться. | + | |
| - | - Удалите fastor и зависимости < | + | |
| - | - Установите заново, | + | |
| - | + | ||
| - | + | ||
| - | ===== SQL и выгрузка данных в CSV, JSON, TabSeparated ===== | + | |
| - | + | ||
| - | При необходимости вы можете самостоятельно без дополнительных | + | |
| - | + | ||
| - | Данные хранятся в 4 основных логах | + | |
| - | * qoestor.fullflow – полный netflow лог, период хранения – 24 часа | + | |
| - | * qoestor.clicksteam – полный clickstream лог, период хранения – 24 часа | + | |
| - | * qoestor.fullflow_agg – предагрегированный neflow лог, период хранения не ограничен | + | |
| - | * qoestor.clicksteam_agg – предагрегированный clickstream лог, период хранения не ограничен | + | |
| - | + | ||
| - | Формат команды следущий < | + | |
| - | + | ||
| - | По умолчанию данные выгружаются в формате TabSeparated. | + | |
| - | + | ||
| - | **Пример**. Клиент попросил лог соединений с определенным хостом в формате CSV | + | |
| - | + | ||
| - | < | + | |
| - | + | ||
| - | Подробную информацию по SQL ClickHouse смотрите по ссылке [[https:// | + | |
| - | + | ||
| - | ~~DISCUSSION|Помогите нам улучшить документацию: | + | |