Talaia has become renowned for giving detailed insight into networks worldwide, and to that end Talaia needs accurate data. Here's how to make sure your equipment running RouterOS is sending us nothing but the truth.
The most important data that must be correct are the date and time. It's basic, but it's crucial. It's critically important for the clock and the timezone to be set correctly on all devices from which you'll be sending us data, and that the clocks on all such devices are in sync with each other.
Failure to adhere to this hard requirement can lead to unpredictable results such as incorrect visualisation or no data being displayed, so here's how to do it right.
IMPORTANT: If you're used to using Winbox or Webfig to configure your Mikrotik equipment, please open a terminal window to enter the commands shown in this document; the button to do so is usually along the left side of the Winbox or Webfig window. Using the graphical interface is not supported and will not give the desired results. It's easier than you might think — if you're ever not sure how to complete a command, press the ? key and RouterOS will display the options available to you at that point.
This guide will walk you through some steps to:
- Optionally update your router to the latest version of RouterOS
- Enable DNS lookups so names like pool.ntp.org are usable;
- Make sure the date, time, and timezone are correctly set;
- Enable NTP synchronisation to make sure the date and time don't drift, but rather remain correct over time;
- Enable NetFlow export to Talaia
1: Update RouterOS (Optional)
Many versions of RouterOS contain issues with their NetFlow export which has been resolved as of version 6.38; any version newer than that should work great.
You can still use Talaia with almost any version of RouterOS, but for versions older than 6.38, flow lengths shown in Talaia may be incorrect.
You can download the latest version of RouterOS here; the appropriate Main Package file for your platform is likely what you want. Upload that single npk file to the router. You'll need to reboot the router for the software update to take effect, so you may wish to schedule the reboot during an overnight maintenance window. (The file will disappear from the router if the update was successful.)
2: Enabling DNS Lookups
First, you'll want to ensure you've enabled DNS lookup functionality on your equipment. The following command will achieve this; replace 126.96.36.199 and 188.8.131.52 with the DNS servers you'd like to use:
/ip dns set servers=184.108.40.206,220.127.116.11
3: Date, Time, and Timezone Configuration
Here is a configuration snippet for you to customise as needed.
We recommend explicitly disabling time-zone-autodetect as it has the potential to cause chaos with Talaia if its educated guess is ever wrong.
You'll need to substitute the correct date, time, and timezone for your location; an exhaustive list of the options available for time-zone-name are available in the TZ column of the table located here.
/system clock set date=JAN/01/2018
/system clock set time=14:30:00
/system clock set time-zone-autodetect=no
/system clock set time-zone-name=America/New_York
Let's make sure the settings to the date, time, and timezone took effect:
/system clock print
4: NTP Configuration
NetFlow and its brethren include timestamp information that increases the level of insight Talaia can provide, so it's important for these timestamps to be correct.
Once the clock in your equipment is right, it's the job of the Network Time Protocol, or NTP for short, to keep it that way.
RouterOS includes basic NTP client functionality in the system package; you won't need to install the NTP add-on package for our purposes.
First, let's enable the NTP client using NTP servers from pool.ntp.org:
/system ntp client set enabled=yes primary-ntp=[:resolve 0.pool.ntp.org] secondary-ntp=[:resolve 1.pool.ntp.org]
More information on pool.ntp.org is available here.
RouterOS resolves the NTP server name to an IP address only once: the moment you configure it.
For load-balancing purposes, each time they are queried the DNS servers at pool.ntp.org hand out the IP addresses of a few NTP servers from a huge pool. However, servers join and leave the pool over time; since the way RouterOS works is to pick one or two and use those forever, this causes a problem: if anything ever happens to those NTP sources you just hardcoded, you'll lose the benefits of NTP and the unit's clock will start to drift, which will cause havoc with Talaia.
As a result, we've created a simple script you can use that automatically reconfigures the NTP servers in use every 30 minutes to swap out those IPs, giving you a great safety net. (Mikrotik routers without a hardware clock set their time to 1970-01-02 00:00:00 at boot, so this script will wait until two minutes after a reboot before trying to run, allowing the interfaces time to come up first.)
Enter (okay, copy and paste!) the following as a single, long, one-line command:
/system scheduler add interval=30m name=update_ntp_servers on-event="/system ntp client set enabled=yes primary-ntp=[:resolve 0.pool.ntp.org] secondary-ntp=[:resolve 1.pool.ntp.org];" policy=read,write start-date=jan/02/1970 start-time=00:02:00
Now you'll want to make sure the settings to the date, time, and timezone took effect:
/system clock print
Let's make sure the unit has synchronised with an NTP server:
/system ntp client print
If you see a last-adjustment line, you're good to go. If not, wait a few minutes then try that last command again to make sure NTP has made an adjustment of the router's clock (regardless of the size of the adjustment). This adjustment means NTP is enabled and working correctly.
Now you've got a great foundation from which you'll send us valid data. Onward!
5: Enabling NetFlow Export
At this point, you're ready to enable NetFlow export. You'll need to use something like this, substituting IPADDRESS and PORT with the values shown in the Talaia Dashboard for your instance of Talaia:
/ip traffic-flow set active-flow-timeout=1m enabled=yes
/ip traffic-flow target add dst-address=IPADDRESS port=PORT v9-template-timeout=1m
More info on NetFlow export configuration on RouterOS is available here.
Let us know that you've begun sending data, and we'll take it from there.
We'd be happy to examine the current configuration of your equipment and provide the exact commands needed to ensure proper integration with your specific situation. If you'd like us to do so, please perform the following command, which will dump the complete running configuration of a RouterOS device. Redact any security-sensitive information as you see fit, then send us the output.