Help - BENOCS

What support is required from the customer's implementation team?

The support required from the customer is as follows:

Fully virtualized KVM images to assist with the setup.
IP address delegation for the internal Analytics network and customer router network for ce00 (CE) and NetFlow00 nodes; routing and network connectivity for the same.
VM provisioning and VM network connectivity.
Mounting of provided ISOs to prepared VMs.
Provision of direct access to the step00 node via SSH – or otherwise provision of VPN/Citrix/remote access details for BENOCS staff.

Completion and returning of the Technical Questionnaire.

No further interaction with the VMs will be required by the customer, as BENOCS manages all updates and maintenance.

Which OS needs to be deployed on the virtual machines?

Customers need not pre-install an OS as BENOCS will provide ISO files for the initial setup.

Which VMWare template does BENOCS use for deployment?

There is no need for any VM-vendor specific template definition. BENOCS will create ISO images which are vendor agnostic. We will share the specific images during installation.

How does your frontend and backend communicate with each other?

Our backend comprises several VMs/machines in a standard configuration (see Figure 2) and all are interconnected, while our frontend has one VM/machine, which is the af00 node. Communication between all VMs is done via network (LAN) for scalability and security reasons. Latency shall be minimal for I/O-performance. Backend VMs shall be self-contained in a secured network.

How is the service monitored and operated?

For operational and maintenance services, BENOCS maintains a secured VPN backhook for the ongoing monitoring of services and for alerting of issues found – e.g.: low disk space, high CPU, certificate expiry, applications not started, data flows not being received, etc. It is also used to obtain access for software updates and configuration changes. Our service is operated as a SaaS and enjoys rapid updates plus active monitoring and configuration.

What is the Data Packet XXL

Time resolution NetFlow (5 mins): This describes the bucket size of NetFlow data within a single timeframe. Bucket size for SNMP is 5 minutes by default.
Delivery to frontend (30 mins): Timeframe from end of last bucket until data is displayed at frontend.
Top 200 ASN: Number of ASNs which get displayed individually, sorted by traffic of last 24hrs. All other ASNs are grouped among OTHERS. Directly connected ASNs are always displayed individually.
Raw data holding time: Data will be kept in three formats: raw data (NetFlow, BGP, IGP, SNMP), processed data and frontend data. Re-calculations and deep dives can be performed with raw and processed data. Time scale: months

What OIDs does BENOCS use in SNMP queries? Can we create an SNMP view for them?

For SNMP, MIBs are defined by the hardware vendor of the routers. We bulk walk all OIDs and extract all information from these OIDs. We do this on a 5-minute query interval towards all routers. Here are some sample OIDs of some vendor routers we currently query:

Cisco
IfDesc = iso.3.6.1.2.1.31.1.1.1.18
IfName = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5 = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5 = iso.3.6.1.2.1.31.1.1.1.6
IF-Index = iso.3.6.1.2.1.2.2.1.1
IF-Speed = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4 = iso.3.6.1.2.1.4.22.1.3
ConfiguredASN = iso.3.6.1.4.1.9.9.187.1.2.5.1.11.1.4
ConfiguredASNState = iso.3.6.1.4.1.9.9.187.1.2.5.1.3.1.4
Hostname = iso.3.6.1.2.1.1.5
IfBundleMap = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor = iso.3.6.1.2.1.1.2

Juniper
IfDesc = iso.3.6.1.2.1.31.1.1.1.18
IfName = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5 = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5 = iso.3.6.1.2.1.31.1.1.1.6
IF-Index = iso.3.6.1.2.1.2.2.1.1
IF-Speed = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4 = iso.3.6.1.2.1.4.22.1.3
ConfiguredASN = iso.3.6.1.2.1.15.3.1.9
Hostname = iso.3.6.1.2.1.1.5
IfBundleMap = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor = iso.3.6.1.2.1.1.2

Huawei
IfDesc = iso.3.6.1.2.1.31.1.1.1.18
IfName = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5 = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5 = iso.3.6.1.2.1.31.1.1.1.6
netstreamMap = iso.3.6.1.4.1.2011.5.25.110.1.2.1.2
IF-Speed = iso.3.6.1.2.1.31.1.1.1.15
ConfiguredASNState = iso.3.6.1.2.1.15.3.1.2
bgpPeerLocalAddr = iso.3.6.1.2.1.15.3.1.5
bgpPeerRemoteAS = iso.3.6.1.2.1.15.3.1.9
IPtoIfIndex = iso.3.6.1.2.1.4.34.1.3.1.4
Hostname = iso.3.6.1.2.1.1.5
fullIfBundleMap = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor = iso.3.6.1.2.1.1.2

Arista
IfDesc = iso.3.6.1.2.1.31.1.1.1.18
IfName = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5 = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5 = iso.3.6.1.2.1.31.1.1.1.6
IF-Index = iso.3.6.1.2.1.2.2.1.1
IF-Speed = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4Map = iso.3.6.1.2.1.4.22.1.3
bgpLocalAddrToASN = iso.3.6.1.4.1.30065.4.1.1.2.1.10.1.1.4
deviceVendor = iso.3.6.1.2.1.1.2

Alcatel/Lucent
IfDesc = iso.3.6.1.4.1.6527.3.1.2.3.4.1.34
IfName = iso.3.6.1.4.1.6527.3.1.2.3.4.1.4
output-bytes-5 = iso.3.6.1.4.1.6527.3.1.2.3.74.1.4
input-bytes-5 = iso.3.6.1.4.1.6527.3.1.2.3.54.1.43
IF-Index = iso.3.6.1.4.1.6527.3.1.2.3.4.1.63
IF-SpeedBitPerSec = iso.3.6.1.4.1.6527.3.1.2.3.54.1.103
v4DropBytes = iso.3.6.1.4.1.6527.3.1.2.3.54.1.61
v6DropBytes = iso.3.6.1.4.1.6527.3.1.2.3.54.1.64
v4DropPkts = iso.3.6.1.4.1.6527.3.1.2.3.54.1.58
v6DropPkts = iso.3.6.1.4.1.6527.3.1.2.3.54.1.64
BGPNeighborIPToASN = iso.3.6.1.4.1.6527.3.1.2.14.4.7.1.66.2.1.4
AllIfToIP = iso.3.6.1.4.1.6527.3.1.2.3.6.1.3
AllIfToNetmask = iso.3.6.1.4.1.6527.3.1.2.3.6.1.4
deviceVendor = iso.3.6.1.2.1.1.2

What firewall rules are needed for BENOCS Analytics?

The following table lists the required firewall rules:

Source	Source Port	Destination	Destination Port	Type	Protocol
Customer Backbone	Any	NetFlow00: Customer Backbone	TBD-IPFlow	UDP	IP Flow
ce00: Customer Backbone	Any	Customer Backbone	179	TCP	BGP
Customer Backbone	Any	ce00: Customer Backbone	179	TCP	BGP
Customer Backbone (ce00)	Any	Customer Backbone	161	UDP	SNMP
Customer DNS Network	Any	dns00: Customer DNS Network	5453	TCP	DNS Flow
Any	Any	Web Frontend Access Network (af00)	80, 443	TCP	Analytics WebApp
Source	Source Port	Destination	Destination Port	Type	Protocol
Web Frontend Access Network (af00)	Any	Any	80, 443	TCP	LetsEncrypt Certificates, OS Updates
Web Frontend Access Network (af00)	Any	Any	53	TCP, UDP	DNS for OS Updates
Web Frontend Access Network (af00)	Any	91.102.13.128/28	587	TCP	SMTP
Web Frontend Access Network (af00)	Any	91.102.13.128/28	22	TCP	SSH
Web Frontend Access Network (af00)	Any	91.102.13.128/28	6514	TCP	Encrypted Logs
Web Frontend Access Network (af00)	Any	91.102.13.128/28	8080	TCP	Encrypted Monitoring
Web Frontend Access Network (af00)	Any	91.102.13.128/28	8443	TCP	Administrative Access

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_pk_id.*	1 year 27 days	Matamo set this cookie to store a unique user ID.
_pk_ses.*	30 minutes	Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.