NI Home
Documentation
Subscribers
Gadgets Software & Professional Services Ltd. banner

Server installation tutorial

The Network Intelligence server software runs on i386 GNU/Linux platforms, and forms part of the Network Intelligence software package. The server component accepts processed statistics from the collectors and places them in a database. The server also maintains connections with the clients, sending each client details of the 3D network environment based on data extracted from the database.

The server software is distributed in an archive called ni-server-x.y.z.tgz, where x, y, and z make up the version number. To extract it chant the following command: 

gtar xvfz ni-server-x.y.z.tgz

Be sure to read the copyright notice and readme.server file that may contain any last minute notes of interest and relevance.

An installation script install.server is provided to install the files into their correct locations. You need to run this installation scrip t as root. The script will prompt you for a user to run the program as. If in doubt, a user nobody is usually available. Check your /etc/passwd file if in doubt. Running the program as root is generally considered to be a bad idea. 

[root@butzi skynet]# ./install.server 
Welcome to the Network Intelligence SERVER installation script.

This script will create directories /opt/ni/bin, /etc/opt/ni
/var/opt/ni and /var/opt/ni/database.  It will then place several
files into the /opt/ni/bin and /etc/opt/ni directories.  It will then
create rc scripts to start the software automatically.

For security reasons it is best if the software is owned and run by a
user other than root.  Most systems have a user called nobody that is
safe to use.  Note: if you are installing both the SERVER and
COLLECTOR software on the same machine, you should use the same user
for both.

Enter name of user the server is to run as (eg. nobody): nobody

The installation is very fast, and all going well the software will be installed and scripts and links will be installed to run the software on startup.

Edit the configuration file /etc/opt/ni/nid.conf and go through each line one at a time to confirm the parameter is set correctly. Some guidelines for configuring this file follow. The configuration file itself contains detailed descriptions of the function of each parameter.

  • licence - A single line obtained from Gadgets Software should you choose to register Network Intelligence. Do not attempt to modify or generate this line yourself. Doing so will render the package unusable!
  • user - Specify here the user you wish the process to run as. The user must have read/write access to the database directory and files contained within. The user must also have read access to the BGP, SNMP, and router config files.
  • port - The TCP port to run the server on. 6700 is standard for the master server.
  • collector_pw - The password used on all of your collectors. This should be kept secret!
  • password_file - The name of the file specifying authorisation control for this server. The file contains usercodes, passwords and authorisation levels.
  • update_period - The time between updates sent to clients, in seconds. This is just a default value and ADMIN level users are able to alter this from the client GUI.
  • collector_report_interval - The time between reports as generated by the collector machines, in seconds. A longer time will offer reduced traffic through better aggregation, but changes in traffic patterns will not be visable as quickly as shorter intervals.
  • sim_aggregation_period - When generating the network view for a client, the server aggregates stats over this period, in seconds. This has the effect of averaging the data samples to some extent. This should be a multiple of the collector_report_interval.
  • bgp_file - The name of the file containing the complete BGP table. The format is that as produced interactively by a Cisco router.
  • snmp_file - The name of the file containing all the mappings between router interfaces and their ifIndex numbers.
  • motd - Message of the day. All clients will receive this message, even if they do not use a valid usercode and password to log in.
  • log_file - When logging information should go. Serious log entries will also be sent to syslog.
  • router_config_dir - This is where all the router configuration files are.
  • collectors & routers - These lines specify to the server what collectors we have set up, and the routers each of those collectors is gathering for. If you do not have your collectors specified here, don't expect to receive any stats from them!
  • collector_load_warn - The one minute load average of a collector at which an alarm will be raised. Overloaded collectors will drop statistics so it is important the load is kept below a reasonable level.
  • master_server - Either 0 or 1, specifying whether this is a master server or a slave server. Master servers collect stats from collectors and populate the database while maintaining client connections. Slave servers read from the database while maintaining client connections. In order to populate the database with stats a master server is required. Master servers operate only in the present time frame. Slave servers on the other hand may jump backwards in time. In order to view historic network data you need at least one slave server. At present certain features of the slave server are not yet fully implemented.
  • db_directory - Where the network database comtaining the network representation and network traffic is stored.
  • router_dropped_warn - An alarm can be raised when Netflow Exports are dropped. This field lets you specify the number of exports that can be dropped over the period of one report cycle before an alarm is raised.
  • display_interior_traffic - Sometimes we do not want to model the entire network. In such a case, the simulated traffic on the links internal to the network is quite meaningless. This option allows you to disable the possibly confusing interior traffic display.

You now need to put in place the data files that Network Intelligence uses. These files include the BGP routing table for your network, the SNMP ifIndex information for your routers, as well as the router configuration files themselves. These are dealt with one by one in the following paragraphs.

You will need to obtain from your network a dump of the BGP routing table. If you are using Cisco routers, the following command (in enable mode) can be used to retrieve this information. Beware! The output from the command may be a few megabytes in size! 

term len 0
show ip bgp

The format of the BGP file is

Format: 
*>i<destination_network/netmask> <next_hop> <cost> <AS_path> i
                            .
                            .
                            .
Example: 
*>i192.168.14.0     192.168.10.45  100  0 3 16 i
*>i192.168.15.0/24  192.168.10.41  100  0 12 i
*>i192.168.16.0/24  192.168.10.45  100  0 3 16 21 i
Note: 
destination_network is specified with an optional netmask
next_hop is the IP address of a router in your network
AS_path is the path of ASes taken to reach the destination network

Place the output into the BGP routing table file /etc/opt/ni/bgp.txt.

For the SNMP information you will need to obtain mappings between router interfaces and the ifIndex number of those interfaces. Exactly where this information can be obtained is highly specific to your network. It's quite possible that whatever software you are using to monitor the network (HP OpenView, Spectrum etc.) will be able to provide you with some raw text files with this information. You will then have to convert these raw files into some form readable by Network Intelligence. Perl is a good choice for this kind of task.

The format of the required SNMP file is

Format: 
<router_name>;<interface_name>;<ifIndex_number>
                  .
                  .
                  .
Example: 
amsterdam1;serial1;1
amsterdam1;serial2;2
amsterdam2;serial1;10
geneva20;eth1;3
geneva20;eth2;4
geneva20;ser1;7

The SNMP ifIndex information is used to map from the Netflow Export statistics, which contain ifIndex numbers, to real interface names that can be displayed within the Network Intelligence software.

Once you have something in this format, place it into an SNMP file /etc/opt/ni/snmp.txt.

Copy your router configuration files to /etc/opt/ni/config. These are used to build the model of your network within Network Intelligence.

After completing all of the steps above you should be ok to start the server software. When running the server for the first time it is recommended to use the interactive option. This makes it a lot easier to identify problems when setting the server up. To start the server interactively from the command line chant the command: 

/opt/ni/bin/networkintelligenced -i

If everything goes smoothly with no errors, it's then quite safe to run the server as a daemon. Stop the command above (use ctrl-c). The directory containing the script for starting and stopping the server as a daemon will vary from system to system. Typically either /etc/rc.d/init.d or /etc/init.d will be used. To start the server you will need to chant something like: 

/etc/rc.d/init.d/nid start

Check your syslog to see if there are any unexpected messages. All going well the server software will now be running. You can perform a basic test by using telnet to connect to the server. The following command can be used: 

[martin@butzi martin]$ telnet localhost 6700

The response will be something like: 

Trying 127.0.0.1...
Connected to butzi (127.0.0.1).
Escape character is '^]'.
VERSION;0.01;Unregistered demo evaluation
MESSAGE;BROADCAST;This is the message of the day.
AUTHENTICATION;CHALLENGE;O4P1qvofnUGJ0FOY
Connection closed by foreign host.
[martin@butzi martin]$

If you get the AUTHENTICATION;CHALLENGE line that is a good sign that everything is working properly.

Support application - access_control

A small application called access_control is distributed in the archive. This is used to administer the password file used to limit who has access to connect to the Network Intelligence server. The usage is as follows. 

Usage: ./access_control <-a|-d> [-f filename] <-u username> [-l access_level]
-a Add a user with specified username and access level,
   in the specified file.  If they already exist in the
   file the current values will just be updated.

-d Delete the user with the specified username from the
   specified file.

access_level is either USER or ADMIN.

Default file is: access_file
Default access level is: USER

For security reasons, any option requiring a password will
prompt the user for it interactively.
© Gadgets Software 2001-2008