Shulou(Shulou.com)06/01 Report--

Panabit

Panabit is currently the highest single board processing capacity of X86 platform in China (two-way 40G), and has been widely used in operators, universities and other industries (more than 400 X operators with gigabit specifications and more than 400 have generally been running steadily until the seventh year). Real-time DPI identification and optimization services for network bandwidth exceeding 3TB, and provide free version (software form) for small and medium-sized enterprises. It is a new generation of application gateway with the core advantage of DPI and developed with the most professional, the best online effect and the highest performance-to-price ratio. In 2014, it actually supports more than 800 domestic application protocols, and has integrated practical functions such as routing, load balancing, authentication, one-to-one detection, mobile terminal identification, DNS management and control, HTTP management and control, log audit and so on.

Panabit continues to lead the DPI field for many years with an accurate recognition rate of no less than 95%, and takes the lead in proposing and implementing "application diversion" features (such as P2P download exit 1, video exit 2, game exit 3).

According to incomplete statistics, there are more than 15000 small and medium-sized enterprises using only the free version, of which about 6000 are active enterprise users who keep updating synchronously.

Panabit, not only "flow control"!

Baidu encyclopedia: http://baike.baidu.com/view/2851189.htm

Experience in using Panabit traffic management system

2010-02-24 10:14:15

Tag: Panabit Traffic Management Leisure Workplace

Original works are allowed to be reproduced. When reprinting, please be sure to indicate the original origin of the article, the author's information and this statement in the form of hyperlinks. Otherwise, legal liability will be investigated. Http://wangchunhai.blog.51cto.com/225186/278207

Panabit is an application layer traffic management system developed by Beijing Paiwang based on FreeBSD Linux operating system, especially for the identification and control of P2P applications. Its standard version can be used free of charge, with a limit of 256 IP addresses for concurrent connections, which is sufficient for the vast majority of small and medium-sized enterprises.

The Panabit flow control system is located at the network device level OS and needs to be installed in a separate computer. Panabit released the standard version, are the latest research results and the latest stable version, no validity and other restrictions, can fully meet the DIY 100-megabyte professional flow control equipment.

This section will introduce some experience in the use of Panabit, including installation, configuration, upgrade and other issues. Through this article, you can get started quickly and build a traffic management system suitable for your own unit.

1 Panabit architecture

Panabit supports two access and deployment scenarios: bypass snooping and transparent bridge mode. Most users use the latter. In the "transparent bridge" mode, Panabit is deployed on the egress link as a transparent bridge to analyze and count the two-way traffic on the egress link, and flexibly limit and distribute the traffic according to the set rules. In order to prevent Panabit from being scanned and *, the IP address does not need to be configured on the bridge. Users can configure and manage the Panabit through a special management port. A typical deployment is shown in figure 1.

Figure 1 transparent bridge mode of Panabit

Using transparent bridge mode access, users can not only count traffic, but also do access control and bandwidth management.

In the "bypass monitoring" mode, Panabit devices are deployed next to the switch or router in a bypass manner, and the protocol analysis and statistics of the traffic passing through the uplink and downlink ports of the switch and router are carried out through the "Port Mirror" technology of the switch or router. In bypass monitoring mode, Panabit can only analyze and count the traffic, but not control it.

Figure 2 Panabit monitoring mode

Many beginners don't understand the meaning of "bridge". In Panabit, bridges always appear in pairs, consisting of two network cards, one connected to the internal network and the other connected to the external network, and the data passes through the bridge. Panabit analyzes and controls the data passing through the bridge.

2 Panabit installation

Panabit computer, hardware configuration requires P3 800Mhz or above, 256m memory or more, 3 network cards, 256MB or above electronic disk or hard disk, optical drive (for software installation, can be removed after installation). It is recommended to use Intel series network cards, or you can use network cards such as Rtl8139.

If you are using Panabit for the first time, it is recommended that you download the live CD version (an ISO image with a size of only 10 megabytes) from the Panabit website. After downloading, burn it to a CD, and use the CD to start the computer on which you want to install Panabit. The installation steps are as follows:

(1) after the login appears, log in with the username root and password root (both in lowercase), as shown in figure 3.

(2) after logging in, run. / setup to start the installation, as shown in figure 4. Notice that there is a slash and an English period in front of the Setup.

Figure 3 Login

Figure 4 start the installer

(3) in "Do you want to continue (y / n [n])?" Enter y after the prompt, and then press enter. If you press another key, you will exit setup.

Press "enter" directly after the "Please select one [da0]" prompt

In "Do you want to continue (y / n [y])?" Press enter directly after the prompt, as shown in figure 5.

Figure 5 confirm installation

(4) after the installation is complete, select the network card used to manage the Panabit. The Panabit installer will list the network cards that currently have drivers installed. Please select one of them to manage and display em0, em1 and em2 in the virtual machine where I am experimenting. Type a network card you want to manage, such as em0, after "Please choose one of above as your admin interface", then press enter, and then set the management address, subnet mask, and gateway address, as shown in figure 6.

It should be noted that the address of this setting is accessible to other computers on the local network segment and that the Panabit management network card is connected to the correct switch port. If you set a separate management address for Panabit and add it to a separate VLAN, you need to connect the Panabit management Nic to the appropriate switch port.

Figure 6 Select the management interface network card and set the management address

(5) then restart the computer by executing shutdown-r now

3 Let Panabit start to work

After reboot, connect to the administrative address on a workstation in the network, which in this case is the https://192.168.1.33 panabit Web administrative username admin, as shown in figure 7. You can change this password after logging in.

Figure 7 Log in to Panabit

After logging in, in the "Network configuration → data Interface", set the application mode. If it is the "flow control" mode, you need to set up the bridge and set the access location of the bridge, which is a very new step, as shown in figure 8.

Figure 8 data interface

Many beginners, or first-time users of Panabit, will "make mistakes" here. Therefore, we should focus on these contents.

(1) if your Panabit computer has three network cards installed, one of them has been set as a management network card, then the other two network cards can only form "one bridge"; if your Panabit computer has five network cards, one is set to manage the network card, and the other four network cards, every two can form a bridge, and a total of two bridges can be formed.

(2) four bridges can be supported in Panabit. When only two network cards form a bridge, in the "Application Mode", select the same bridge name, such as Bridge 1, or Bridge 2, 3, 4, as long as it is the same.

3) pay attention to the direction of the bridge. After selecting the name of the bridge, connect to the network card on the intranet core switch, select "connect to the intranet" in the "access location" drop-down list, and select "connect to the external network" to the network card connected to the router or firewall.

If you can not tell which network card is connected to the internal network and the external network, it is also relatively simple. Unplug a network casually from the Panabit computer, and then press F5 to refresh it in the Panabit management interface. If you cannot manage Panabit again, it means that you are unplugging the network cable for managing Panabit. If what is disconnected is the internal or external network cable, the corresponding network card location on the right side of "Network configuration → data Interface" will display a similar prompt of "cable disconnected". At this time, you can tell which network card is connected to that network.

The key configuration word of the bridge is "the bridge appears in pairs, and the direction of the bridge is in and out."

When configured, enter the "Monitoring Statistics" tab. When the bridge is configured correctly and computers in the "Internal Network" access the external network, you can see different colors in the "Monitoring Statistics → whole system" and in the pie chart in the lower left corner (as shown in figure 9), which indicates that Panabit has started to work. If it has been a "gray", it means that the Panabit is not working, and at this time, the computers on the internal network cannot access the external network.

When the Panabit starts to work, the system should first ensure the normal use of the network. No policy is configured for traffic analysis in pure bridge mode. Traffic analysis is carried out step by step, and the initial unknown proportion will be very large and gradually decline. Usually, after 24 hours, the proportion of all kinds of traffic will tend to be stable, and then according to the traffic distribution ratio, start to configure traffic management policies. Within a week after the policy is set, appropriate adjustments need to be made according to the actual operation of the network and user feedback until appropriate.

Figure 9 Monitoring statistics

If you want to modify the management address, you can set it in Network configuration, Management Interface, as shown in figure 10.

Figure 9 Management Interface configuration

4 Panabit policy settings

The policy setting for Panabit is relatively simple, but you need to note the following:

When restricting access to Internet by "intranet" computers, it is best to limit "speed" rather than the number of "concurrent connections". In practical use, if the number of concurrent connections is limited, even if the user is given a high speed, the user access to the network is very slow; but after not limiting the number of concurrent connections, even if the speed of the user is limited, the user access to the network is also very fast.

Example: a unit has an export bandwidth of 8m, and long-term stable online users have 70,90computers. Without limiting the number of concurrent connections of computers in the internal network, when the speed of each IP 800Kb/s is limited, the speed of users accessing the network is very fast.

5 upgrade Panabit system and feature library

When using Panabit for traffic monitoring, including other traffic monitoring devices, we need to upgrade the feature library in time in order to capture new protocols (or new applications) in time. Panabit also does a good job in this respect. Even if you are using a free version, you can easily get the upgraded feature library and complete the upgrade. But many beginners, do not know how to download to the feature library, do not know how to upgrade, let's talk about this problem.

(1) check the version of FreeBSD installed in the Panabit traffic monitoring software. You can log in with the username root and password root on the computer where Panabit is installed, and the version of FreeBSD is displayed on the first line of the screen, as shown in figure 10.

Figure 10 check the current version of FreeBSD

In this example, the version of FreeBSD is 8.0.

(2) then log on to Panabit's official website, download the latest Panabit installation package based on FreeBSD 8.0 at http://www.panabit.com/download/index.html, instead of the LiveCD installation image, and do not download other FreeBSD versions of the installation package. In this example, the download to the installer is 877KB size and the file name is Panabit1001_fb8x.tar.gz.

(3) Log in to the Panabit management interface, in the "system maintenance" tab, enter "system upgrade → system upgrade", on the right, click the "Browse" button, browse the installation program downloaded in the previous step, and then click the "upload upgrade package" button, as shown in figure 11.

Figure 11 upload upgrade package

When the upload is complete, in "system upgrade → system Update", click the "upgrade" link, as shown in figure 12.

Figure 12 start the upgrade

After about 20 seconds, the upgrade is complete and the dialog box in figure 13 pops up.

Figure 13 upgrade completed

[note] do not upgrade with different versions of FreeBSD's Panabit installer, otherwise the system will not be able to use it after the upgrade. Currently, you can upgrade for FreeBSD-based versions 7.x and 8.x of Panabit.

6 reinstall and upgrade

If your previous installation of Panabit is based on FreeBSD version 6.2, you cannot use the previous method to upgrade. At this time, you can export the current Panabit policy, use the latest version of Panabit installation, and import the policy. The main steps are as follows:

(1) in "system maintenance → configuration Management → configuration Export", right-click on the right to cause the configuration to be configured to the management computer.

(2) download the latest Panabit LiveCD installation image from the Panabit website, burn it to CD, and reinstall Panabit.

(3) after the installation is complete, log in to the management Panabit again, log in to "system maintenance → configuration Management → configuration Import", and import the saved policy.

Figure 14 Import and export configuration

Take a few pictures to see:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.