Allegro Network Multimeter – Simultaneous historical and real-time data traffic analysis

Allegro Packets - Network Multimeter Analysis Tools

Allegro Network Multimeter – Simultaneous historical and real-time data traffic analysis

Allegro Packets Network Multimeter is the only device on the market capable of simultaneously analysing historical traffic and real-time data. The Allegro Network Multimeter is a powerful real-time network multimeter for detecting network problems. It measures many performance parameters from Layer 2 to Layer 7 and is used for troubleshooting and network analysis.

All information recorded by the device is available in real-time, including traffic history graphs (per MAC address, IP address, protocol, per connection). In addition, the graphics can be clicked to zoom into a specific time window and display the results only for this time window. The Allegro Network Multimeter uses two different databases to display and process the recorded information:

  • the in-memory database and
  • the packet ring buffer on the hard disk or SSD.

In-Memory Database

The Allegro Network Multimeter uses an in-memory database to store the metadata of the processed packets. This means that all recorded measurement data is available without time-consuming disk access and can be called up for instant searches.

The Allegro Multimeter can operate without an internal or external hard disk and only use in-memory for the metadata, i.e. no data is written to the hard disk.

The in-memory database capacity varies between 2 GB and 1.5 TB depending on the model. As an approximation, the history of about 150,000 connections and their aggregations can be stored per gigabyte in-memory database.

The Allegro Network Multimeter adapts its memory configuration to the quantity of traffic. It always stores all data. If the memory is full, the longest inactive connections and IP addresses are deleted. This means that in smaller networks the device stores historical data for a longer period, while in larger networks the device stores more IP addresses and associated information, but only for a shorter period of time.

The Allegro system’s memory fills up automatically over time (except for a memory reserve) to provide measurement data for as long as possible. Afterwards, old data is automatically deleted to ensure optimal system memory.

Ring Buffer Database

If a packet ring buffer is used, the packets are stored on a connected storage medium. The following systems can be used for this purpose:

  • Internal hard disks or SSDs (Allegro 500 and higher),
  • External hard disks via USB3 (all Allegro Multimeters),
  • iSCSI systems via the management port (all Allegro Multimeters).

The ring buffer makes it possible to create a fixed size packet buffer on which all recorded packets are stored – on one or more external storage devices. When the buffer is full, the oldest packets in the buffer are replaced by new packets.

The ring buffer can also be created over several hard disks. Up to 64 hard disks with a ring buffer of several petabytes are supported. Additionally, a data redundancy with 0 up to 3-fold redundancy is supported.

To prevent misuse, the storage device can be formatted with AES256 encryption (Caution: subsequent access to the disk without a password is not possible).

Whitepaper: In-Memory-DB and Packet Ring Buffer

Download full content as PDF by clicking this link.

Max Planck Institutes Rely on Allegro Packets for Network Troubleshooting

Allegro Packets - Network Multimeter Analysis Tools

Max Planck Institutes Rely on Allegro Packets for Network Troubleshooting

The Allegro Network Multimeter network analysis tool is now being used by the Max Planck Facilities and Institutes in Berlin / Brandenburg for network troubleshooting and long-term network security. These tools from Allegro Packets impressed the staff at these locations with their fast diagnostic capability, ease of use and portability.

The fifteen facilities of the Max-Planck-Gesellschaft (MPG) located in the Berlin/Brandenburg region are connected via the Joint Network Centre (GNZ) of the Berlin/Brandenburg Max Planck Institutes located at the Fritz Haber Institute.

An Allegro 1000, optimised for monitoring and troubleshooting for all environments with Gigabit and 10-Gigabit cabling has become an integral part of the IT architecture. Gerd Schnapka, head of the GNZ, explained in an interview which criteria led to the selection of the Allegro Network Multimeter.

What was decisive for the selection of the Allegro Packets solution?

Above all, the Allegro Network Multimeter impressed us with how few clicks are required to view and analyse certain traffic data. In the past, we used several tools that occasionally caused problems. The mobility of the device was also important to us. We act as a service provider for all institutes and facilities of the MPG in Berlin and Brandenburg. However, not all problems can be checked remotely. In such a case, the Allegro can easily be taken along or sent.

Gerd Schnapka
How do you use the Allegro?

For us, the Allegro 1000 is both a monitoring and troubleshooting tool. Currently, the connection between backbone switch and firewall is mirrored to the Allegro 1000 and analysed in detail to identify weak points and possible error causes. In the future, we are planning to gradually mirror one building, one cabinet row or one network area at a time to analyse the traffic and optimise it with the help of the Allegro Network Multimeter. All in all, we use it to make ourselves even more productive. We see errors faster and can take action before problems arise.

Have you already diagnosed vulnerabilities with the Allegro 1000?

Yes, right from the start we recognised problems that we either haven’t seen before or only with a lot of effort. On the one hand, we had network traffic which from time to time put a lot of strain on the firewall. This was caused by the use of network storage and other connections that traversed the firewall several times due to unfavorable installations. On the other hand, we found unusual traffic in VLANs that had not been noticed before. Both vulnerabilities were fixed as soon as they were detected.

The Allegro Network Multimeter measures network traffic from Layer 2 to 7 and displays it in real-time. With just a few clicks you can navigate from the dashboard to the most important parameters (most active protocols and IPs, largest connections, etc.) to unusual traffic. You can also examine previous incidents in detail using pcaps. The Allegro 1000 Series allow you to monitor the last 80,000 seen IP addresses and up to 32 million connections for retroactive debugging and investigation.

Link to original article published on Allegro Packets’s web pages: Allegro Packets Wins Max Planck Institutes as Customer