Hello there,
ntopng is a network traffic probe that provides 360° Network visibility, with its ability to gather traffic information from NetFlow exporters like the Mikrotik “Traffic Flow” feature.
ntopng is nomally paired with nprobe to gather the flow data. Because nprobe need a costly license I used netflow2ng instead.
I managed to install netflow2ng and ntopng containers on Router OS using a RB5009.
My goal was to have a nice insight in my network traffic without needing extra hardware.
I think the RB5009 should be powerfull enough to pull this off for a 1Gbps home network.
I bought a fast usb flash drive (sandisk extreme pro usb 3.2 solid state flash drive) to run the containers from.
I managed to get the two containers working together. netflow2ng acts as a collector that recieves the “Traffic Flow” exports from my WAN connection and the LAN bridge that the Mikrotik router is producing.
ntopng connects to the netflow2ng container over the veth inteface and can ingest the netflow v9 data that is converted by netflow2ng into ntopng’s native binary format. Both containers have their own veth interface that are on a seperate bridge to allow the LAN bridge to use hardware offloading while the container bridge is cpu bound.
The ntopng UI performance is good. CPU never exceeds extreme levels. Unfortunately ntopng reports droped ZMQ messages. Apparently ntopng can’t keep up with processing the flow data and drops over 8% of the messages after running for 3 hours.
This little project looked really promising but a drop rate this high is not acceptable for me. So I looked into ways to increase perfromance. There is little to no knobs to turn in Router OS containers.
The documentation mentions a cpu-list setting but that does not seem to exist yet/anymore.
I feel that, if the Mikrotik devs give a little more leeway, this setup would be a viable option for many home labs.
Unless someone out there has some bright ideas I consider this setup a failed experiment for now and will resort to extra hardware for running ntopng.
In case someone wants to reproduce what i have done:
The container images I used are synfinatic/netflow2ng:latest and ntop/ntopng_arm64.dev:latest both from https://registry-1.docker.io
I am open to your thoughts on this, please share.