Newbie here, please be kind!
Platform: 2x RT-AX86U Pro; one is an AIMesh router and the other is an AIMesh node.
Firmware: Merlin 3004.388.8 on both.
NAT is disabled, 192.168.1.0/24 + 192.168.101.0/24 is on the LAN side and 192.168.2.0/24 is on the WAN side.
Network looks like this:
Carrier VDSL <-> ARRIS BGW210-700 (LAN: 192.168.0.0/17) <-> RT-AX86U Pro (WAN: 192.168.2.0/24, LAN 192.168.1.0/24 + 192.168.101.0/24) <-> LAN
As I could not get "cascaded router" feature on the ARRIS unit to work with private addressing on the LAN side of the RT-AC86U pro, I resorted to using a large CIDR, 192.168.0.0/17, between it and the RT-AX86U pro and enabling proxy ARP on the WAN interface of the RT-AX86U pro router. This arrangement relieves the RT-AC86U Pro from having to perform NAT while still utilizing it to route between the ARRIS and the LAN.
I'm exploring ways to monitor traffic (and diagnose issues) using such packages as tcpdump and ntopng. So far as I can tell, tcpdump on the WAN interface does not see all packets associated with a given "flow" when "fc" HW acceleration is enabled. I don't think this is the case with "runner", as cursory testing appears to indicate that tcpdump sees all packets whether or not "runner" is enabled.
Questions:
1) Is there any way to facilitate tcpdump's ability to see all traffic without disabling "fc". As my internet connection is only 100M down / 20M up, I think whatever core is handling routing has plenty of headroom (that is unless I load it up with other useful addons!). Right now with "fc" disabled I see highest CPU load on one core during a single download flow that maxes out my internet connection hitting perhaps an average of 13-15%, whereas with "fc" enabled, CPU load is far lower to the extent that it can't really be distinguished from noise at the bottom of the graph. As there's headroom, I can afford to leave "fc" off, but would like to leave it on if there's a way to have my cake and eat it too. Any thoughts?
2) I don't believe "runner" has any effect on what tcpdump sees. Is this correct?
3) What exactly does runner do? I haven't found a good explaination, but perhaps I don't know how to use Google as well as I should.
4) Has anyone gotten the Entware ntopng package to work on any ASUS/Merlin installations? I tried a few weeks ago on an RT-AC68U AIMesh router before replacing it and two other AIMesh nodes with RT-AX86U Pro's. There were a number missing aspects to the package installation process and no platform specific instructions. Further, once I'd gotten Redis and ntopng to start without error, I could not log on to the web UI using default credentials despite confirming their presence in Redis. Finally disabled authentication just so I could get in, only to find that pages wouldn't render. It turns out there are a bunch of .js files in the source code that never made it into the Entware package. At this point I gave up. I could manually add the missing .js files, but who knows what else is missing or broken. Anyhow, if anyone has gotten this to work, would love to hear from you.
5) If I were to get ntopng to actually work on the RT-AX86U Pro, would the same packet visibility issue I'm seeing with tcpdump while "fc" is enabled apply?
6) If I can't get ntopng to run on the router itself, I'd consider configuring IP tables to clone every forwarded packet and route the clones to a raspberry pi on the LAN where i can install a build of ntopng I know will work. I've never used iptables for packet cloning and forwarding, but in theory it works. Does anyone have any thoughts on this approach?
Anyhow, thanks for taking the time to read this post.
Platform: 2x RT-AX86U Pro; one is an AIMesh router and the other is an AIMesh node.
Firmware: Merlin 3004.388.8 on both.
NAT is disabled, 192.168.1.0/24 + 192.168.101.0/24 is on the LAN side and 192.168.2.0/24 is on the WAN side.
Network looks like this:
Carrier VDSL <-> ARRIS BGW210-700 (LAN: 192.168.0.0/17) <-> RT-AX86U Pro (WAN: 192.168.2.0/24, LAN 192.168.1.0/24 + 192.168.101.0/24) <-> LAN
As I could not get "cascaded router" feature on the ARRIS unit to work with private addressing on the LAN side of the RT-AC86U pro, I resorted to using a large CIDR, 192.168.0.0/17, between it and the RT-AX86U pro and enabling proxy ARP on the WAN interface of the RT-AX86U pro router. This arrangement relieves the RT-AC86U Pro from having to perform NAT while still utilizing it to route between the ARRIS and the LAN.
I'm exploring ways to monitor traffic (and diagnose issues) using such packages as tcpdump and ntopng. So far as I can tell, tcpdump on the WAN interface does not see all packets associated with a given "flow" when "fc" HW acceleration is enabled. I don't think this is the case with "runner", as cursory testing appears to indicate that tcpdump sees all packets whether or not "runner" is enabled.
Questions:
1) Is there any way to facilitate tcpdump's ability to see all traffic without disabling "fc". As my internet connection is only 100M down / 20M up, I think whatever core is handling routing has plenty of headroom (that is unless I load it up with other useful addons!). Right now with "fc" disabled I see highest CPU load on one core during a single download flow that maxes out my internet connection hitting perhaps an average of 13-15%, whereas with "fc" enabled, CPU load is far lower to the extent that it can't really be distinguished from noise at the bottom of the graph. As there's headroom, I can afford to leave "fc" off, but would like to leave it on if there's a way to have my cake and eat it too. Any thoughts?
2) I don't believe "runner" has any effect on what tcpdump sees. Is this correct?
3) What exactly does runner do? I haven't found a good explaination, but perhaps I don't know how to use Google as well as I should.
4) Has anyone gotten the Entware ntopng package to work on any ASUS/Merlin installations? I tried a few weeks ago on an RT-AC68U AIMesh router before replacing it and two other AIMesh nodes with RT-AX86U Pro's. There were a number missing aspects to the package installation process and no platform specific instructions. Further, once I'd gotten Redis and ntopng to start without error, I could not log on to the web UI using default credentials despite confirming their presence in Redis. Finally disabled authentication just so I could get in, only to find that pages wouldn't render. It turns out there are a bunch of .js files in the source code that never made it into the Entware package. At this point I gave up. I could manually add the missing .js files, but who knows what else is missing or broken. Anyhow, if anyone has gotten this to work, would love to hear from you.
5) If I were to get ntopng to actually work on the RT-AX86U Pro, would the same packet visibility issue I'm seeing with tcpdump while "fc" is enabled apply?
6) If I can't get ntopng to run on the router itself, I'd consider configuring IP tables to clone every forwarded packet and route the clones to a raspberry pi on the LAN where i can install a build of ntopng I know will work. I've never used iptables for packet cloning and forwarding, but in theory it works. Does anyone have any thoughts on this approach?
Anyhow, thanks for taking the time to read this post.
Last edited:
