The Dude is back!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi there my name is Patrick sharp from Ethne internet service in Germany and I'm happy to be here again this year I hope you enjoy the user meeting and today I'll have a presentation on the dude and as you see the dudes dead but long live the dude and we'll look into that in a second what we're going to see is a very short company introduction of ourselves we dig into the dudes history and see how to run the viewed on NC HR installation go through a few basic security setups you might want to take when you're using the dude look into a special router as features to do comes with and finally customize a few statistics to give you output that the dude will not be able to give you out of the box so for ourselves FMS listen while you add a distributor next to distribution we're doing a lot of training consulting and support the company has been founded in the late 90s by today we are 11 people and we are situated in the very south of Germany just next to the Swiss and the French border most things that we deal with our isp networks wireless transmission equipment and obviously everything that's connected to mikrotik in any way we have a distributor table here and if there's bread everywhere we are here the top left that's a photo of last year's table so if you feel like drop by you see some of the brands that we are covering we'll be happy to talk to you my colleague Sebastian in occurs with me he's our mikrotik trainer or one of our mikrotik trainers if you're interested in training or on-site consulting he's the one to talk to what you see here are a couple of photos of our training facility in Germany if you drop by you will also have a chance to see our micro tech based appliances we'll be happy to talk to you about the plus or G files with Alcatel Lucent so a couple of spectrum analyzers that we brought and even demonstrate a setup on how to do power measurements on my critique devices with them and we can tell too about the new 2048 QM modulation that are a south microwave support a last topic I want to make you aware of what we actually just started with since we had more and more customers demanding that is that we are starting to build towers for wireless eyes piece so if you need to build a tower this year or next year also come by we have a few samples you can have a look at the welding and also talk to the engineers that finally make them that's it for the advertisement so let's go to the dudes and first have a look at the youth history actually since its it's not been taken care of for so long I'm not sure how many people are still using it but the youth used to be a very very popular network monitoring system and it was not only popular in the micro tech user base that but there used to be more and more customers using third party equipment starting to use the dude and there were many reasons that made it popular I think most important one is that it is very easy to use you don't have to fiddle around with configuration files you can simply start and have your graphical map pretty soon it's easy to learn it gives you a little overhead of course it's free that's probably one of the reasons it's it's people liked it but it's more powerful than many of the paid for solutions that have been around last but maybe not least it's not a bad application but it's a real desktop software and many people still prefer that over that applications the sad thing was development of the dude stopped about five years ago and there hasn't been no updates since then not only that the old bucks haven't been fixed but more and more functionality started to break especially true for connecting router as devices since routers are to develop and that you didn't so at the end there was very little you still could do with it and so we actually got more and more complaints from our customers simply saying we'll go and look for something else and it took them a week or two to come back and tell us well we don't find anything suitable having the same easy-to-use concept so they became quite frustrated that there is a great piece of software but it's not been taken care of anymore so finally a couple of weeks ago there was this little line in the change locks the reports of my death have been greatly exaggerated and by that time we found out people are really reading the change locks because they started to call us to email us it was interesting how many reactions we got within 48 hours for that little line but nothing else and it's true that you just been back or it's back it's been back in development there have already been a few release candidates and by now it's working far better than the last beta version number four or five years ago did there are a few key differences that you should be aware of on one hand it's well no laser pointer okay on one hand you don't have language support anymore so it's just English the old view version used to to enable you putting translations in that's not that big of a difference it doesn't come with a web interface anymore at least for now it's also something you will be able to cope with but the most important changes are the platforms that we support so at the moment it's not able or you're not able to run the huge as at least a dude server is the Windows executable anymore so you have to use router or s as the base operating system for the new good versions and that's kind of a drawback actually even for the dude platforms that we support it's not all of them anymore for example you can't go with power piece CEO you can't go with nips PE you have to either stick to tile that is used to cloud core routers or you go for an x86 version or the cloud-hosted router the new concept for virtual routers made by micro tube so since the cloud-hosted router is also something that we get a lot of questions on and it's quite interesting in combination with the dude I want to show you how to get your first dude installation running to do so you have to take a couple of decisions which platform are you going with tile or bare metal x86 or in virtualization and I believe virtual environment is actually great to test and it's also a good production environment later on for your dude server so we will choose a virtual installation and once you decided about that you still have the opportunity use x86 or the new cloud hosted router type of installation and chr will give you a couple of benefits in a virtualization in terms of performance most important it comes within 46 bit kernel and it gives you a lot of extra drivers for example you don't have to use the old 1000 NICs anymore but you can use proper network interfaces so definitely go with the CHR if you plan to run in V and there for my test installation I'm going to use the VMware Player as it will be easy for you to do that on your desktop TPC and basically there are three steps you download the the CHR image it's a complete image that you will use in the VMware later it's not NPK files as you used to use with other platforms then you will install the guest operating system and finally mount these images to your disk we go through that very fast there are a few few points worth to note but most of it is a standard VMware Player installation so simply create a new virtual machine then you will choose to install the operating system later at the bottom left and tell it it's an other 64-bit installation or operating system that you will install finally just take the settings of the hard drive you will delete that hard drive later on anyway and finish the installation now you're done with it and we go right right ahead and edit the settings of the new machine since the wizard will not give you all the options that you need so we have to go back and edit the machine that the wizard created doing so the first task will be to delete the hard disk again and maybe set a few settings on the network interface we will typically run them in bridge mode but whatever suits your test setup so now you can if you want to delete the files of the disk that VMware Player did left over and you should copy the image that you download it from mikrotik to the guests working directory since now and this is the one of the more important steps you create a new hard disk manually choose it to be IDE and finally use the setting that the wizard didn't give us so we didn't use the disk we made up first use an existing virtual disk disk what you see at the right hand side in the red box and that's this will give you the opportunity to mount the image you downloaded from mikrotik that's what you do here you point to your local hard drive point to the image get it loaded and before you go ahead now carefully check the disk sizes that's at least my recommendation is this disk is only made for 128 megabytes and that will usually be far too less and you will limit yourself in a lot of ways so before you first boot the machine make sure that you expand the disk that what you see here at figure 2 and choose a new capacity in figure 3 I'm choosing a gigabit for example as you can just to use that as the operating system disk and not as the dude store later on as I said so the dude store will be on a second disk I would recommend to do so it will make you more flexible so go ahead create a second hard drive choose that one to be created as a new virtual disk so no disk image this time give it the size that you want it to have for example 2 gigabytes and that that set up and finish your your settings of the guest and finally boot it that's what you will see during boot up in your VMware CLI and now you can go ahead and do the first connection with wind box to your new router or schr installation and talking about the dude there a couple of things worth to check first thing is dude is already installed so it's part of the chr image it's not necessary to get a dedicated dude package and install that that's not true for other platforms but for chr you will find that you'd pre-installed you can also see that it's not enabled you can see that in the in the box here at the left hand side on the command line interface is shared you'd print you see it's data directory been set to the first disk but the dude itself not being enabled you will also see that the disk is not yet usable the second one as typically with not formatted disks so what we do is format that disk it's strongly recommended to go with the ext3 file system for that disk and once you've formatted it it will be available in the disc list and also available in the files list so now we got the dude installed it's not running we got the second disk prepared so now you can go ahead and change the dudes data directory to point to that second disc and finally enable the dude when you do so you will instantly see that the new doot-doot store is going to up up in the files list at the second disc actually you can change the data path later on but at least for my tests I did always end up with is with an empty new dude store instead of the old one being copied to the new location so if you change the do stores location after enabling the Duke you will have to export and import your complete settings so simply do it the other way around as I suggest here and you will be fine from the beginning so here we are ready to connect to your new dude server the client interface didn't change at least not here and the user interface of the dude is also pretty much the same just different in a few locations where it comes to configuration before we want to play with it for a bit I want to show you a couple of settings that you might want to take basic security settings definitely please set up an administrator an admin password as you might store all your user credentials in the dude so it's a pretty sensitive system you might also want to disable plain access for my understanding there is no need to have it enabled so go to the main settings the main setting dialog and simply change the port 20-20-20 to ten to zero and plain access has been disabled last thing that you can do within the dude's interface itself in terms of security is to set up an ACL that is you can control the source network that clients will be allowed to connect from and in this example we change it from the default which is 0 0 0 0 / 0 - 10 1000 / 24 so from now on only clients coming from these source networks at this source network can connect that's basically everything you can do within the dude to achieve higher grade of security and there's usually no need not to do so in the last preparation that I want to run you through is setting up email notifications usually a network monitoring or management system one of its major tasks is to send your notifications and actually email notifications are probably most most mostly used for not that important messages and also Gmail is used a lot and there is there are certain steps to take care of if you're using Gmail so we will have a look at that example it is it it's a bit more complicated that you comes with a lot of for not a lot of but a few predefined types of notifications and there are even more types available but not yet instances are configured of those so what you see here in the red box at the right-hand side there is no email notification prepared so we simply go to notifications in the main menu use the ad dialog and choose the type of email in the figure number two once you did that you will get all the additional form fields that you see at 3 and you can do the rest of the configuration like setting the server port to 587 and TLS mode to yes that's what Google we want you to do and you set up your Gmail financials username password and you can set up a recipient recipient that those notifications should be sent to maybe you notice that we are not using Gmail SMTP service IP address here that field is simply empty because I would suggest to do that setting in the main settings of the dude if you do it here you don't have to do it in every instance of email notifications that you're configuring later on and you have a central place where you can do changes so it's more convenient to have DSN SMTP address being set up here after doing so you might notify the test button at the right-hand side of the notification window and you press it and it will instantly show you okay at the bottom left corner no matter if it works or not this from my understanding is either buggy or it's just telling you okay I try to send an email but I have no idea if that was successful or not if you want to get more information about if your email has really been sent you have to move over to VIN box and add email as an lock topic to your standard router OS lock and if you did so you will see all the emails that have been sent by the dude server as it's using the underlying router OS for a gmail you will probably end up with something like that you will see the red line which tells you our failed authentication failure although you actually configured everything correctly and if you do so you should have a look at the text that I marked red which just reads please log into your web browser and then try again gmail is I'm honestly not in gmail expert at all but I tried to dig into that and email is introducing a something called OAuth 2.0 it's to my knowledge Google made security enhancement and everybody who doesn't support it was called to be a less secure application so do definitely is a less secure application although our encryption is properly set so you will have to go to your Google interface and turn on access for less secure applications not only true for the dude but for a lot of other email clients too so after you did that hit that test button again and you will see the log file showing you successfully send email for your notification maybe one more thing if you don't want to have that ugly ex-google original from header reading a bogus information you should also change the from address and the general settings of the dude it doesn't really hurt as it's going to use the correct from address anyway but there are many reasons to change that maybe just because you want to be correct or maybe you don't want everybody to know you sending the notification from dude so no reason to leave it as a disk so actually that's all there is I wanted to show you're regarding pre-configuration and for the rest of the presentation I want to show you a few special features that we get in the dude for outer OS devices and finally show you how to adapt these features to your needs and even tweak the dude a little bit to make it what you wanted to do as I'm not talking about that anymore I want to stress at that point that the dude is very very good at using third-party devices too so we're by no means limited to route OS devices we have an SNMP integration we can make our own SNMP probes and use third-party devices a lot and that's one of the advantages the dude comes with but for now I want to talk about router as devices so first of all you have to make your dude aware of a certain devices a router as device and you do so by checking the router as checkbox and the devices settings and when you do so the router as tab will instantly appear at the above part of the window and you can also let it know that it's a dude server and we'll get another tab that you tap if we do that let's have a short look at these tabs they will give you direct inside in many of your routers settings and informations without actually connecting to the router itself for example in the upper window you can see the wireless registration table showing you what clients are connected to it at the moment in the screenshot below you will see the interfaces what interfaces do I have how many packets how many bytes are transferred and you see a lot of other tabs so this is quite convenient and you can even do little changes here like disabling an interface for the do tab it's almost the same it gives you the ability to connect to different you'd server from within your dude connection so you don't have to leave the client and point it to a different dude server you can simply use the do tab to see the contents of the other server in many areas of the the dude we will have functions or possibilities made for all types of devices but you will usually find special features that are made for router s for example here in the files area if you go to the all tab you will see nib files you will see images all of this can be used for any type of device but there is a special tab called packages which is dedicated to router res and that's the place where you can drag router OS installation files to and use them to centrally manage your software versions of routers later on so what you see here is how a couple of router has configure it and installation files are being transferred it's the same for the devices window within the devices window you can get a list or a tree view of all the devices but there are special tabs already or again called router s that only deal with router OS and that will filter the list to router s devices giving you additional information am I connected to that router is it a secure connection what software version I am running it and so on from there in the context menu you can choose to go to upgrade and doing so will give you submenu showing all the possible installation files already uploaded to the dude' server that you can use to upgrade or downgrade that device and if you want to you can also use the group function to group some devices to a named group and upgrade them all at once so the dude gives you the possibility of central software management having a look at the tools context menu is the same story quite a few tools like ping traceroute and so on that can be used with any type of device but then again there are a few special tools that are only working with router s there are a couple of tools that are meant to connect to your router like wind box for example or terminal or remote connection with will which will also allow you to use neck telnet or the dude but more interesting are those tools that can be run from a router and these tools are or most of them are actually all of them are also available in the inbox but some of them are far more powerful if you use them from the dude map compared to what they can do for you within VIN box first of them is the bandwidth test you'll all know the bandwidth test probably but if you run it from wind box you will manually have to enter the opposite IP address you have to give username and password and so it can be quite time consuming to make bandwidth tests across your backbone or across your network and within the Deut you can simply use the dropdowns to use or select both devices and don't have to use user credentials anymore it's the same story for torch torch can be run from the VIN box directly but when you run it from the dude you can select the router that you that you want to run torch and you can get different views of your network from a central location and next to the table with information that you will present you in win box within dude it will give you additional graphs that are not present in VIN box so you can have pie and bar diagrams of the torch these diagrams are more or less real-time so you can see them change and get additional representations of the torch results the difference is even bigger for spectral scan spectral scan is not implemented in VIN box in the graphical part so it's only running on the command line interface and I believe a lot of customers are either not comfortable with CLI or it's just too complicated for them to interpret the results it's important to stress that spectral scans are not working with all types of Wi-Fi chipsets right now so the the legacy chipsets or the AC chipsets are not working but for the N type a chipsets for example you can get very decent readings within the doot more like a standard spectrum analyzer software and a very big difference is that you can run multiple scans or multiple spectral scans at the same time so you can have a view of different areas of your network in terms of RF environment and that can be very helpful to debug problems and to take decisions about channels for example you're just some bigger graphs so maybe you get you get the idea and go ahead and start to use the do does your spectrum analyzer or type of spectrum analyzer and the last thing that I want to point out is labels and from here we're going to develop some additional functionality employing labels actually there are two types of labels there are link labels and device labels and they will show you changing almost if you want to real-time information about certain devices or certain links and you can choose the Refresh interval here for example is a map it's a flow map and we place some access points there and I believe the the dude might be able to fill a gap in future when it comes to enterprise networks and to controller based networks we have a excellent controller today from mikrotik but we don't have a graphical representation that some of the end customers or their IT staff needs to have and that you'd might be able to fill that and so I wanted to show you how to use a map and now we will see how we add dynamical informations to the labels that might be useful for such enterprise or public Wi-Fi setups actually in a label you can have three different types of information at the very left we don't need SNMP or no router as function it's simply giving you information from the doots menus itself in the middle you will see what happens when you have an SNMP or F SNMP configured for a special device it's automatically going to show you CPU and disk and on the right-hand side I tweaked the label a little bit to also show a route or s based function and that one is not depending on SNMP so it's just depending on the user credentials username and password for the router s device I'm not sure if you can see it but this is the source code that would be needed to get that label usually there's nothing in that window but you can go to the context menu choose appearance and then push the arrow down to get the source code of that given label and as I just told you it's three different types of informations the first one is a variable the second one and SNMP function which is being called which is using oids and the third one a router RS function and you can customize these labels to your will and that's what we're going to do right now before you do so you should have a look at the functions window within the dude there are a lot of predefined functions and you can combine them to make up new functions and later on new probes and services there is one that you might want to take a look at that our OS command and that one will issue either a CLI command or run a script on one of your routers so we will use our OS command now to add a new function and that function is supposed to show the number of connected stations to an access point for my point of point of view that's quite handy if you have your network map and you can see on which of the indoor access means how many clients are connected there at that very moment and that's an example that we will use through the rest of the presentation in the top right image use to see the number two and this is the output of the router s command which is printing the registration sighs it's just returning a number and we print that number in the device label you might want to have it a bit more beautiful and add some text to it so at the bottom right you can see a bit longer information three stations connected that's what we added and to do so you need to do two additional things at first you need Ross command to get the number if you check closely you will see it's ending within a line break at the end so you want to get rid of the line break using the round command and finally use concatenate to add the string so you can output the complete string three stays in stations connected to your map usually you will not want to have all that source code pasted into each of your labels so it's a good idea to really create functions of them and I would recommend to use two functions instead of one the first one just returning the number that is the plain number of XO stations connected and the second one doing all the formatting removing the line feed adding the string so here are the two functions and to create them you go to the function window use add and simply give a name a description and the source code and after you did so you can use the function by its name followed by round brackets to get back the information it's supposed to give you so for now you can have your map you can have a live view of how many stations are connected to each device but if you want to use that for debugging it would be far more interesting to get this information over the time not only for now but maybe you want to know for the conference yesterday at 8 p.m. how have been clients distributed across the access points so that's where you want to use statistics and to use statistics you have to have a look at probes and services and finally charts to align them across different access points so what you see here actually ah now it's working what you can see here at the bottom right is we added some statistical information showing how many stations are connected to that access point over the time you can see they come and go it's been six at the very beginning dropping to zero at 20 to 11 and then rising again you can have statistics in this context layer here and you can also have it in the devices history but to be able to plot statistics you will need to set up a probe and you will need to set up a service from that probe so the function that we already developed is not sufficient to get statistical readings setting up the probe is not really straightforward since probes are actually meant to do something else we are kind of hijacking them here to make the history read the information that we want to read so you add a new probe in the available field you can simply say one equals one that's not a very smooth solution but that will mean this probe is available for any type of device it would be nicer to write a second function checking if there is a wireless interface present or not but let's keep it simple for now in the error of field you will have to make sure that it's returning an empty string because probes are meant to tell you if a service is available or not so they will turn your I can read if something's not available and we want to make sure it's never turning red just because for example there are zero stations connected so we have to make sure net an error is never being raised in all the versions it was sufficient to give two double quotes here but now we have to be a bit more tricky and we use an if clause saying if one is greater than zero which is usually mostly true just give an empty string back and that's what it does so this probe is always available and it's always up so the only thing that it's really doing oops the only thing that it's really doing is down here the value it's calling the function we wrote before registration size and we tell it what type of units to use it's not megabits or packets and this this or for this probe it's stations number of stations connected so after you created the probe you have to set up a service service is the connection between a probe and a given device so we say for our access point it should use this probe and create a service from that device and that probe once you did that the service is constantly running the function is constantly collecting the information and in contrast to the label that we used at the beginning it's not throwing the information away afterwards but it's keeping it in its database so we will be able to draw statistical information in the history for that probe that is we can look back in time and see what's the situation how many stations have been connected when did they come when did they leave and if you start to align this information for different access points that's what I did here manually if two access points here access point on floor 2 and on floor 1 and I took the statistically informations of both of them and aligned them in time you can see in this in this pretty small example there is one station flapping it's constantly moving from second floor to the first floor and back and while it's not not of much use here it can be very useful in bigger deployments when you want to decide where to put your access points if you need additional ones if you should use load balancing groups if you want to set minimum receive levels or something like that it could be very useful to understand over time where our station is going to and there's one last thing I want to show you because you can do that more more nicely than to align these windows by hand you can use charts that's another function in the dude a chart will allow you to graph multiple services or the output of multiple services in one diagram and that's what I did here for two axis points here we see a chart graphing two access points using the service we created using the probe we created using the function we created and you can clearly see there is one station flapping when it leaves the access point one it goes to two and vice versa you can do so of course not for two but you can do it let's say for example four six or eight access points that are in your big conference hall and you would get a very good idea of what happens over time when two hundred people rushed in and when they finally sat down maybe they all stick to the first access point they saw so you can take appropriate action and also prove to your customer what happened so while I run you through a lot of features of the dude and gave you some ideas how you might be able to customize it I hope you feel like giving it a try and I hope my critic is starting or continuing to push development of the dude even further thanks for listening Thank You Patrick the dude really is back do you have questions hello do try immigration from oldest version to new version using import export option not not actually not yet because the those those servers that we are running for customers they are fairly big and I'm pretty sure it's not going to work one one general suggestion is to clear the log files of your old installation to make the outcome of the export file as small as possible and then give it a try it's actually supposed to work but I didn't try the least not for a proper size doing export imports between the new dude on the other hand worked for all the tests that we did so far with the latest release candidates thank you next question hi and what about limitation of database in sides of to a gigabyte sorry I didn't get that the database the database limit was 2 gigabytes was limited to gigabyte yes to 2 gigabyte India's in the new version um I can't answer that also it's like we we don't we don't actually have much more information than what is available publicly and we did work with the new version a lot and but that's the question we should direct to microjig as they will be able to answer that easily okay I asked to mikrotik a spoon come to our table afterwards and we'll tell you more about it do we have any more questions thank you the impact on the network of the dude scanning and acquiring information so my network will be less fast because I have the dude running which is the true Putin in towards the access points and devices in general I'm not sure if I'm getting the question you asked what throughput you need to to use these functions or what bandwidth it will consume yes which bandwidth will do to consume talking with the devices well in general it depends on the refresh rate that you set if you if you have a problem with throughput or bandwidth being consumed I would suggest you to use the general settings and reduce the refresh rate for example for the labels but that of course will not give you that that precise information on the other hand if you set it to a second you will see those companies communication all the time and it's the same for probes and services you can set the refresh rate or the rate when they're going to be done but it's different for services and refreshing of labels ok but the ever gener them I think we have a general option to limit to change for all devices yes you do you know in the main settings actually you have hell I didn't check that in the newest version but what it's used to be is you have the main settings at the very left top that that's for the complete server that can be superseded by the settings for a single map and that in turn can be superseded by the settings for a label or a single probe or service

Info

Channel: MikroTik

Views: 31,343

Rating: undefined out of 5

Keywords: mikrotik, routerboard, routeros, latvia, forum

Id: WcIl0VZCeak

Channel Id: undefined

Length: 43min 39sec (2619 seconds)

Published: Tue Mar 01 2016