Issue with adding different source

[sarfarosh]

Hello team,
We have a Client who had purchased NNA, we are configuring it they have 70 router + switches which they want to add in NNA, but now the issue is if we add the source we get the attached error, They have enabled port 9996 on all the devices for flow, can you please help me with the workaround for this or what am i missing

[slansing]

Be sure to give each source a different port, they need different port's because the source's pull their data off of each incoming port you've assigned.

[sarfarosh]

Hello slansing,
Thanks for reply is there no work around for using same port for all the 70 source device, as client says that they are currently monitoring all the 70 routers/switches using OPMANAGE with same port, and it's not feasible for they to assign different port on all the devices

[sreinhardt]

At this point, it is not possible with nna to use a single port for multiple services. The only options you would have, would be to use iptables natting, to redirect 9996 for different IPs to different ports internal to NNA, or use a external firewall in front of NNA to do the same.

[sarfarosh]

Hello Spenser,
can you please help me with the example on how can i do port natting with iptables as i am not able to do.

[sreinhardt]

Without testing this, I can do that tomorrow if needed, you would need to run the command below to add in a preroute rule for iptables.

Code: Select all

iptables -t nat -A PREROUTING -s 10.0.0.1 -p tcp --dport 9996 -j REDIRECT --to-ports 2145

This will tell iptables to add a prerouting rule for the nat table, with a source(-s) of IP 10.0.0.1, protocol(-p) of tcp, destination port(--dport) on the original packet of 9996, and this rule will redirect to port 2145. For your case, the source IP(-s) and port(--to-ports) to send to will need to change for each device sending as they must both be unique to that IP and what port nna is expecting the traffic on.

Code: Select all

iptables -t nat -A PREROUTING -s [Sending device IP] -p tcp --dport 9996 -j REDIRECT --to-ports [NNA configured port]

I do want to take the time here, as I realize this is somewhat of a large undertaking, to explain that receiving traffic from every single switch and router in your network that has the possibility to send it, will be quite a lot of redundant data. You are far better off monitoring points where different floors, buildings, or network segments intersect so you can see how and where traffic is flowing. Core switches and endpoint routers and firewalls are also good points of interest for capturing metrics on outgoing traffic. However if you are capturing every single or a large majority of switches, imagine the following case.

Code: Select all

Server A---------------|
                       |Switch 2----|
Server B---|           |            |-----Core switch----|--Firewall----|---Internet
           |Switch 1---|            |
Server C---|              Server D--|

If you were to capture traffic at switches 1, 2, Core, and the firewall, you will see any data from server B and C on reports for every single switch and firewall, the only unique information would be from switch 1, which would only contain unique information regarding communication between A and B. Where as capturing from switch 2, would only lose the minimal use information between B and C while removing the duplication from B and C's outgoing traffic or traffic to servers D and A and the internet. Obviously the next layer of removal would be to go the core switch or firewall directly as this is a pretty small example, however I hope you see the point of the immense amount of additional data you are looking at capturing.