Help

What support is required from the customer's implementation team?

The support required from the customer is as follows:

  • Fully virtualized KVM images to assist with the setup.
  • IP address delegation for the internal Analytics network and customer router network for ce00 (CE) and NetFlow00 nodes; routing and network connectivity for the same.
  • VM provisioning and VM network connectivity.
  • Mounting of provided ISOs to prepared VMs.
  • Provision of direct access to the step00 node via SSH – or otherwise provision of VPN/Citrix/remote access details for BENOCS staff.

Completion and returning of the Technical Questionnaire.

No further interaction with the VMs will be required by the customer, as BENOCS manages all updates and maintenance.

Which OS needs to be deployed on the virtual machines?

Customers need not pre-install an OS as BENOCS will provide ISO files for the initial setup.

Which VMWare template does BENOCS use for deployment?

There is no need for any VM-vendor specific template definition. BENOCS will create ISO images which are vendor agnostic. We will share the specific images during installation.

How does your frontend and backend communicate with each other?

Our backend comprises several VMs/machines in a standard configuration (see Figure 2) and all are interconnected, while our frontend has one VM/machine, which is the af00 node. Communication between all VMs is done via network (LAN) for scalability and security reasons. Latency shall be minimal for I/O-performance. Backend VMs shall be self-contained in a secured network.

How is the service monitored and operated?

For operational and maintenance services, BENOCS maintains a secured VPN backhook for the ongoing monitoring of services and for alerting of issues found – e.g.: low disk space, high CPU, certificate expiry, applications not started, data flows not being received, etc. It is also used to obtain access for software updates and configuration changes. Our service is operated as a SaaS and enjoys rapid updates plus active monitoring and configuration.

What is the Data Packet XXL

  • Time resolution NetFlow (5 mins): This describes the bucket size of NetFlow data within a single timeframe. Bucket size for SNMP is 5 minutes by default.
  • Delivery to frontend (30 mins): Timeframe from end of last bucket until data is displayed at frontend.
  • Top 200 ASN: Number of ASNs which get displayed individually, sorted by traffic of last 24hrs. All other ASNs are grouped among OTHERS. Directly connected ASNs are always displayed individually.
  • Raw data holding time: Data will be kept in three formats: raw data (NetFlow, BGP, IGP, SNMP), processed data and frontend data. Re-calculations and deep dives can be performed with raw and processed data. Time scale: months

What OIDs does BENOCS use in SNMP queries? Can we create an SNMP view for them?

For SNMP, MIBs are defined by the hardware vendor of the routers. We bulk walk all OIDs and extract all information from these OIDs. We do this on a 5-minute query interval towards all routers. Here are some sample OIDs of some vendor routers we currently query:

Cisco
IfDesc                            = iso.3.6.1.2.1.31.1.1.1.18
IfName                          = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5              = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5                = iso.3.6.1.2.1.31.1.1.1.6
IF-Index                         = iso.3.6.1.2.1.2.2.1.1
IF-Speed                        = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4                           = iso.3.6.1.2.1.4.22.1.3
ConfiguredASN             = iso.3.6.1.4.1.9.9.187.1.2.5.1.11.1.4
ConfiguredASNState     = iso.3.6.1.4.1.9.9.187.1.2.5.1.3.1.4
Hostname                      = iso.3.6.1.2.1.1.5
IfBundleMap                  = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor                 = iso.3.6.1.2.1.1.2

Juniper
IfDesc                             = iso.3.6.1.2.1.31.1.1.1.18
IfName                           = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5              = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5                 = iso.3.6.1.2.1.31.1.1.1.6
IF-Index                          = iso.3.6.1.2.1.2.2.1.1
IF-Speed                         = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4                            = iso.3.6.1.2.1.4.22.1.3
ConfiguredASN              = iso.3.6.1.2.1.15.3.1.9
Hostname                       = iso.3.6.1.2.1.1.5
IfBundleMap                   = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor                  = iso.3.6.1.2.1.1.2

Huawei
IfDesc                              = iso.3.6.1.2.1.31.1.1.1.18
IfName                            = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5               = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5                  = iso.3.6.1.2.1.31.1.1.1.6
netstreamMap                = iso.3.6.1.4.1.2011.5.25.110.1.2.1.2
IF-Speed                         = iso.3.6.1.2.1.31.1.1.1.15
ConfiguredASNState      = iso.3.6.1.2.1.15.3.1.2
bgpPeerLocalAddr         = iso.3.6.1.2.1.15.3.1.5
bgpPeerRemoteAS         = iso.3.6.1.2.1.15.3.1.9
IPtoIfIndex                      = iso.3.6.1.2.1.4.34.1.3.1.4
Hostname                       = iso.3.6.1.2.1.1.5
fullIfBundleMap              = iso.3.6.1.2.1.31.1.2.1.3
deviceVendor                  = iso.3.6.1.2.1.1.2

Arista
IfDesc                             = iso.3.6.1.2.1.31.1.1.1.18
IfName                           = iso.3.6.1.2.1.31.1.1.1.1
output-bytes-5               = iso.3.6.1.2.1.31.1.1.1.10
input-bytes-5                 = iso.3.6.1.2.1.31.1.1.1.6
IF-Index                          = iso.3.6.1.2.1.2.2.1.1
IF-Speed                         = iso.3.6.1.2.1.31.1.1.1.15
IF-IPv4Map                     = iso.3.6.1.2.1.4.22.1.3
bgpLocalAddrToASN      = iso.3.6.1.4.1.30065.4.1.1.2.1.10.1.1.4
deviceVendor                 = iso.3.6.1.2.1.1.2

Alcatel/Lucent
IfDesc                             = iso.3.6.1.4.1.6527.3.1.2.3.4.1.34
IfName                           = iso.3.6.1.4.1.6527.3.1.2.3.4.1.4
output-bytes-5              = iso.3.6.1.4.1.6527.3.1.2.3.74.1.4
input-bytes-5                 = iso.3.6.1.4.1.6527.3.1.2.3.54.1.43
IF-Index                          = iso.3.6.1.4.1.6527.3.1.2.3.4.1.63
IF-SpeedBitPerSec          = iso.3.6.1.4.1.6527.3.1.2.3.54.1.103
v4DropBytes                   = iso.3.6.1.4.1.6527.3.1.2.3.54.1.61
v6DropBytes                   = iso.3.6.1.4.1.6527.3.1.2.3.54.1.64
v4DropPkts                     = iso.3.6.1.4.1.6527.3.1.2.3.54.1.58
v6DropPkts                     = iso.3.6.1.4.1.6527.3.1.2.3.54.1.64
BGPNeighborIPToASN    = iso.3.6.1.4.1.6527.3.1.2.14.4.7.1.66.2.1.4
AllIfToIP                           = iso.3.6.1.4.1.6527.3.1.2.3.6.1.3
AllIfToNetmask                = iso.3.6.1.4.1.6527.3.1.2.3.6.1.4
deviceVendor                   = iso.3.6.1.2.1.1.2

What firewall rules are needed for BENOCS Analytics?

The following table lists the required firewall rules: 

Source  Source Port  Destination  Destination Port  Type  Protocol 
Customer Backbone  Any  NetFlow00: Customer Backbone  TBD-IPFlow  UDP  IP Flow 
ce00: Customer Backbone  Any  Customer Backbone  179  TCP  BGP 
Customer Backbone  Any  ce00: Customer Backbone  179  TCP  BGP 
Customer Backbone (ce00)  Any  Customer Backbone  161  UDP  SNMP 
Customer DNS Network  Any  dns00: Customer DNS Network  5453  TCP  DNS Flow 
Any  Any  Web Frontend Access Network (af00)  80, 443  TCP  Analytics WebApp 
Source  Source Port  Destination  Destination Port  Type  Protocol 
Web Frontend Access Network (af00)  Any  Any  80, 443  TCP  LetsEncrypt Certificates, OS Updates 
Web Frontend Access Network (af00)  Any  Any  53  TCP, UDP  DNS for  

OS Updates 
Web Frontend Access Network (af00)  Any  91.102.13.128/28  587  TCP  SMTP 
Web Frontend Access Network (af00)  Any  91.102.13.128/28  22  TCP  SSH 
Web Frontend Access Network (af00)  Any  91.102.13.128/28  6514  TCP  Encrypted Logs 
Web Frontend Access Network (af00)  Any  91.102.13.128/28  8080  TCP  Encrypted Monitoring 
Web Frontend Access Network (af00)  Any  91.102.13.128/28  8443  TCP  Administrative Access 

 

Back