monogon-dev / netmeta Goto Github PK

View Code? Open in Web Editor NEW

133.0 10.0 8.0 909 KB

NetMeta is a scalable network observability toolkit optimized for performance.

Home Page: https://netmeta.demo.monogon.dev/

License: Apache License 2.0

Shell 0.41% Go 1.76% CUE 95.50% Starlark 2.33% Assembly 0.01%

sflow collector hacktoberfest ipfix netflow network observability portmirror

netmeta's People

Contributors

Stargazers

Watchers

Forkers

skorpy2009 vidister hanemile johannwagner unamedrus wobcom thorrisnep

netmeta's Issues

Tested backup/restore procedure

Global min interval for all panels

For, say, NetFlow data it's pointless to group by a 1s interval

ClickHouse Grafana plugin leaks credentials to client

Maxmind Geolite lookup

Just load the entire Geolite DB as an IP Trie and look at at query time.

Dashboard panel for release notes

Grafana can display RSS feeds, use it to display news about NetMeta.

Collect AS paths via BMP

-> embed https://github.com/bio-routing/bio-rd

Slightly tricky - might be hard to do via dictionary lookup, better to have a separate Kafka topic for postprocessing.

Use pipeline to build containers and remove build dependencies

Fix template variable refresh at dashboard load

Insert template variable autorefresh attribute that Grafana refuses to save to the JSON.
Remove rawQuery

Sensible max_memory_usage value

https://clickhouse.tech/docs/en/operations/settings/query-complexity/

https://github.com/Altinity/clickhouse-operator/blob/master/docs/quick_start.md

Prevent server from eating itself.

Remove duplicated proto definition in deployment

Filter by interface groups

Add an extra annotation to the interface configs to group interfaces ("show transit ports only").

Fix sampling on demo host and document Linux setup

CRDs weren't created on first deployment attempt

persistentvolumeclaim/grafana-data-claim created
persistentvolumeclaim/traefik-data created
unable to recognize "STDIN": no matches for kind "Kafka" in version "kafka.strimzi.io/v1beta1"
unable to recognize "STDIN": no matches for kind "KafkaTopic" in version "kafka.strimzi.io/v1beta1"
unable to recognize "STDIN": no matches for kind "ClickHouseInstallation" in version "clickhouse.altinity.com/v1"
unable to recognize "STDIN": no matches for kind "IngressRoute" in version "traefik.containo.us/v1alpha1"
command "kubectl apply --all -f -" failed: exit status 1

Kafka and ClickHouse monitoring dashboards via Prometheus

Plus an embedded node_exporter for the host itself.

Configurable dictionaries for next hops and interfaces

Generic tenant field

Should be a LowCardinality(String) field to account for weird customers.

FlowDirection can't be filtered on due to Grafana plugin bug

Get rid of remaining k3s public services or replace by something else

Viable replacements:

microk8s
kind
k8os?

Carefully consider flows_raw sorting key

Optimize for main dasboard queries.
Low-cardinality values first for easy filtering (verify that this does what we think it does).
Sequence Num for sampling, but how? It's as high-cardinality as it gets.
Play with secondary idexes - are they more efficient than a carefully-considered sorting key?

Pin everything that can be pinned

We can probably pin almost every binary dependency we pull in via digests.

(is there a way to verify k3s binaries and containers?)

Eliminate python3 bazel workaround on CentOS 8

SELinux support on RHEL/CentOS 7 + 8

This does not work due to missing features in k3s/cri.

microk8s isn't any better.

Recreate Kafka table at runtime rather than using migrations

This allows for declarative parameter changes in the engine spec without migrations.

Prune old partitions when the disk is running full

Interface dictionaries + sorting

Fork vertamedia-clickhouse to simplify queries

The current templating engine becomes ....unwieldy:

SELECT
    $timeSeries as t,
    SrcAS,
    sum(Bytes * SamplingRate) * 8 / $interval AS Bps
FROM $table
WHERE
    $timeFilter AND FlowDirection = 0
    $conditionalTest(AND SamplerAddress = toIPv6($sampler), $sampler)
    $conditionalTest(AND SrcAddr = toIPv6('$srcIP'), $srcIP)
    $conditionalTest(AND DstAddr = toIPv6('$dstIP'), $dstIP)
    $conditionalTest(AND (SrcAddr = toIPv6('$hostIP') OR DstAddr = toIPv6('$hostIP')), $hostIP)
    $conditionalTest(AND NextHop = toIPv6('$nextHop'), $nextHop)
    $conditionalTest(AND (InIf = $interface OR OutIf = $interface), $interface)
    AND SrcAS IN (
    SELECT SrcAS
    FROM $table
    WHERE $timeFilter AND FlowDirection = 0 AND $adhoc
      $conditionalTest(AND SamplerAddress = toIPv6($sampler), $sampler)
      $conditionalTest(AND SrcAddr = toIPv6('$srcIP'), $srcIP)
      $conditionalTest(AND DstAddr = toIPv6('$dstIP'), $dstIP)
      $conditionalTest(AND (SrcAddr = toIPv6('$hostIP') OR DstAddr = toIPv6('$hostIP')), $hostIP)
      $conditionalTest(AND NextHop = toIPv6('$nextHop'), $nextHop)
      $conditionalTest(AND (InIf = $interface OR OutIf = $interface), $interface)
      $conditionalTest(AND ($extra), $extra)
    GROUP BY SrcAS
    ORDER BY count(*) DESC
    LIMIT 10)
    $conditionalTest(AND ($extra), $extra)
GROUP BY
    t,
    SrcAS
ORDER BY t, Bps

We need to fork https://github.com/Vertamedia/clickhouse-grafana and add custom templates for this.

Downsampling for long-term storage

We don't need 1-second high resolution data for long-term archival.

Use an AggreatingMergeTree, aggregate it to 5m or so and possibly keep min/max/median.

Don't evict pods on a single node cluster

Efficient canvas-based rendering for heatmaps

Render this waterfall:

Without melting the browser.

Normalize Bytes and Packets to sampling rate in ingest stage

Outbound traffic sankey diagrams

Depends On: #44

Once we have the AS paths, it's trivial to build a Sankey diagram for egress traffic. Might require a server-side component to feed something like this: https://github.com/kumaravel29/grafana-sankey-panel