Make your network traffic visible using flows

Getting metrics about the utilization of network interfaces isn’t very complicated these days. Most of the time your network gear is instrumented with an SNMP agent which you can use to measure it or if you get modern, they have telemetry streaming, and they send you measurements with protocols like gNMI. I’m not explaining fancy new tech here, everything mentioned here is old, but your devices might have these capabilities but aren’t exploited :)

Net-SNMP version 3 and OpenNMS

To monitor your systems you rely heavily on SNMP, it gives out of the box a lot of possibilities getting important performance and status information.

The main topic security is often not considered. SNMP version 1 and 2c transmit everything in plain text over the wire. There is also no user, password authentication method, just a shared community string which gives access to the information. To address these problems SNMP v3 was introduced.

IPv6 prefix delegation with FRITZ!OS 7.50 and Ubiquiti ER-4

I started working remotely in 2010 for OpenNMS as an open-source network monitoring advocate. I have a little home lab with some real hardware that allows me to play on various things without giving me a big surprise bill from a cloud provider at the end of the month. I have a FRITZ!Box 7530 connected to my ISP 1&1. I get native IPv6 and IPv4 connectivity over an IPv4-in-IPv6-Tunnel. As my main router, I have a Ubiquiti ER-4. It gives me enhanced firewall capabilities and flexibility, especially with routing protocols like OSPF and BGP. I have two networks, one for my work-related stuff and another with all the fun crap you have for fun at home.

Running a private container registry for testing

When I signed up for my DockerHub account in 2013, I never thought sooner than later everything ends up in a container image as it is today. DockerHub was the first public free as in free beer registry to distribute your container images. Containers are now everywhere, and DockerHub, a corporate entity running and funding DockerHub, introduced usage limits for the free tier and started commercializing its registry service. I need to play with software in a micro-service architecture on a platform like Kubernetes, and these limits can be daunting.

Build pmacct on Mac OSX from source

I need a way to generate real-world NetFlow data, and pmacct is a great tool that helped me with various things. I couldn’t find a precompiled package so I have compiled it from the source myself. To get it running on my MacBook Pro with Apple Silicon, I had to jump through a few hoops to get it running. Here is a quick guide to making it work for someone else, including my future self :)

APT Monitoring with Prometheus

As soon you run a Linux server, you need to make sure your systems are up-to-date. It would also be handy to know if you had Kernel upgrades which require a reboot of the system to get applied.

I came across a blog post from Tom Henderson which provided a solution using the Node_Exporter with Prometheus. The way he solved this is pretty slick. I had to tweak the scripts a bit to get it running. He integrated an APT hook which runs a command on apt update and after installing packages. The hooks create a Prometheus file which can be easily shipped with the Node_Exporter.