Replicator

After a Replicator license is registered, the Replicator web interface page becomes available and allows users to monitor activity, manage replication parameters (profiles, policies, collectors, etc.), and enable Auto Replicate.

Note

See the Replicator online documentation for further details about Replicator’s core functions and other deployment options.

On this page:

Overview

Overview

Exporters

Exporters

Profiles

Profiles

Collectors

Collectors

Auto Replicate

Auto Replicate

High availability

High-availability replication

Overview

The Overview view is a dashboard summarizing statistics related to Replicator’s functions.

Real-Time Statistics

The Real-time Statistics gadgets contain visualizations for the following statistics:

• Total number of exporters in profiles

• Total number of collectors in profiles

• Total number of unique collector-exporter pairs across all profiles

• Current number of profiles configured

• Average packet rate (in and out)

• Average bit rate (in and out)

• Packet rates over time (in and out)

• Bit rates over time (in and out)

• Total bits received and sent

• Total number of packets received and sent

Hovering over the packet or bit rate timeline will display details for a specific point in time.

Topology

The Topology gadget shows the flow of packets from exporters to their destination collectors.

Filters

When a filter is defined from the Filters menu in any of the Replicator UI views, the filter is applied to all views, including the Overview.

Note

The information that can be displayed in the Overview will reflect the type of filter applied:

• If a profile filter is applied, only outbound/replicated traffic for the selected profile will be displayed. This is because inbound traffic vitals are not associated with a profile (i.e., inbound traffic can apply to no profiles, a single profile, or multiple profiles).

• If a filter for a Replicator instance/appliance is applied, information for all inbound and outbound traffic on that instance will be displayed.

Exporters

The Exporters view displays all exporters currently sending packets/flows to the Replicator appliance.

The list/table includes the following details for each exporter:

• IP address

• Port number

• Current status of the exporter

• Replicator appliance associated with the exporter

• Timestamp when the exporter was last confirmed as available

• Total number of profiles associated with the exporter

• Total number of collectors associated with the exporter

• Timestamp when the exporter was last modified

Clicking the IP address in the main list/table opens the summary/details view for the exporter. Managing profiles and collectors associated with the exporter can also be done here.

Additional exporter actions

In the main list/table, the three-dot menu also includes shortcuts to view names, profiles, and collectors associated with the exporter.

Clicking Add To Profiles from the three-dot menu opens a secondary tray where you can select one or more profiles to add the exporter to.

Advanced filters

Clicking the Filters button opens a tray where one or more filters can be manually configured.

The following filtering options are available:

• Replicator

• Profile Name

• Exporter

• Exporter Port

• Collector

• Collector Port

To apply a filter, expand the filter option/section, and select the criteria to use. Multiple options and criteria can be applied at the same time.

Profiles

The Profiles view can be used to create, edit, and manage replication profile configurations.

The list/table shows the following details for all profiles currently saved on the Replicator appliance:

• Profile name

• Replicator instance/appliance assigned to the profile

• Number of policies added to the profile

• Number of exporters included in the profile

• Number of collectors assigned to the profile

• Username of the user who created the profile

• Date and time the profile was last modified

Creating a new profile

View instructions

1. Click the + button.

2. In the Add Replicator Profile tray, enter a name for the profile.

3. Select a profile type from the Type dropdown:

   Profile types

   • IPv4 HA Dual Exporters: Rewrites the header of IPv4 packets from a redundant exporter pair to show a specified IP address and port as their origin

   • IPv4 Spoofing: Rewrites the header of IPv4 packets to show the source exporter as their origin

   • IPv6 Spoofing: Rewrites the header of IPv6 packets to show the source exporter as their origin

   • Plixer Exporter Spoofing: Modifies the packet header to include the origin exporter for Plixer collectors (used only in cloud environments, where conventional spoofing is not possible)

   • Auto Replicate Seed: (Plixer One/Scrutinizer deployments only) Used to enable autoreplicate across one or more remote collectors in distributed clusters

   • Auto Replicate Collector: (Plixer One/Scrutinizer deployments only) Used to associate collectors with the seed profile when automatic load balancing is enabled

   Note

   IPv4 spoofing profiles replicate IPv6 datagrams, while IPv6 spoofing profiles do not replicate IPv4 datagrams.

4. Select the Replicator appliance to associate the profile with.

5. Add a description for the profile, and then select whether to enable or disable the profile.

6. Click Save.

Once created, new profiles will be added to the main Profiles list/table and can be further configured at a later time.

Deleting profiles

Profiles can be deleted by ticking one or more profiles in the main list/table, and then clicking Delete via the Bulk Actions button.

Editing a profile

Clicking the profile name or selecting Edit from the three-dot menu in the main list/table opens the profile settings tray where the following can be modified:

• Name

• Type

• Replicator

• Description

• Enable/disable the profile

• Policies added to the profile

• Exporters added to the profile

• Collectors assigned to the profile

Adding Replicator policies to a profile

View instructions

1. Select Add Replicator Policy from the three-dot menu in the list/table.

2. Enter the subnet/CIDR for the exporters to be defined by the policy.

3. Select whether to include or exclude the specified subnet/CIDR for the policy.

4. Click Save.

Assigning collectors to a profile

Select Add Collectors from the three-dot menu in the list/table, and then in the Add Collectors tray, select the collector to assign to the profile.

Additional profile actions

In the main view, the three-dot menu for profiles also includes shortcuts to view policies and collectors assigned to a profile.

Filtering options

Clicking the Filters button opens a tray where one or more filters can be manually configured.

The following filtering options are available:

• Replicator

• Profile Name

• Exporter

• Exporter Port

• Collector

• Collector Port

To apply a filter, expand the filter option/section, and select the criteria to use. Multiple options and criteria can be applied at the same time.

Collectors

The Collectors view can be used to view all collectors that are currently assigned to at least one profile.

The list/table includes the following details for each collector:

• IP address

• Port number

• Current status of the collector

• Replicator appliance associated with the collector

• Timestamp when the collector was last confirmed as available

• Total number of profiles associated with the collector

• Total number of exporters associated with the collector

Adding a Replicator collector

To add a Replicator collector, click the + button. In the Add Replicator Collector tray, enter the IP address of the collector, the collector port number, the Replicator instance/appliance to associate with the collector, and a description for the collector. Then, click Save.

Once created, the new collector will be added to the main Collectors list/table and can be further configured at a later time.

Changed in version 19.7.2: Replication to internal/Plixer collectors (including autoreplication) is now supported with any Plixer One license type.

External collectors (as well as additional Replicator instances) can be enabled with a Replicator license key. Contact Plixer Technical Support for more information.

Editing a collector

Clicking the collector IP address or selecting Edit from the three-dot menu in the main list/table opens the collector settings tray where the following can be modified:

• IP address

• Port number

• Description

• Profiles associated with the collector

• Exporters associated with the collector

Adding a collector to profile/s

Select Add To Profiles from the three-dot menu in the main list/table, and then in the Add To Profiles tray, select one or more profiles to add the collector to.

Additional collector actions

In the main view, the three-dot menu also includes shortcuts to view profiles and exporters associated with the collector.

Advanced filters

Clicking the Filters button opens a tray where one or more filters can be manually configured.

The following filtering options are available:

• Replicator

• Profile Name

• Collector

• Collector Port

• Exporter

• Exporter Port

To apply a filter, expand the filter option/section, and select the criteria to use. Multiple options and criteria can be applied at the same time.

Auto Replicate

The Auto Replicate feature allows flow streams to all be sent to a single Replicator IP and then automatically assigned to collectors with available capacity in a cluster. This eliminates the need for network teams to manually assign flows to collectors based on availability.

Auto Replicate must be enabled/configured on either the local Replicator instance on a Scrutinizer primary reporter or a headless deployment registered with the primary reporter. Destination collectors for autoreplication must be registered with the same primary reporter, which will have access to all collector configurations and current loads.

To set up Auto Replicate, create an Auto Replicate Seed profile and two or more Auto Replicate Collector profiles as described below.

Creating a seed profile

The Auto Replicate Seed profile contains inclusion and exclusion policies that define the exporters/streams that should be autoreplicated.

Flows from matching exporters are sent to one of the collectors in the cluster (must be defined by collector profiles). Each new exporter is always assigned to the collector with the most available capacity. If a collector becomes overloaded (based on exporter count or flow rate) as a result, the exporter will be reassigned to a collector with the required capacity available.

To create a new seed profile:

View instructions

1. Navigate to Replicator > Profiles, and then click the + icon to create a new profile.

2. In the Add Replicator Profile tray, enter a name for the profile.

3. Select Auto Replicate Seed as the profile type in the dropdown, and then select the Replicator appliance to assign to the profile.

4. Add a description for the profile, and then select whether to enable or disable the profile.

5. Click Save.

Once the seed profile has been configured, proceed to creating collector profiles. When adding collector profiles, only profiles that are currently unlinked (created without a seed profile association or removed from another seed profile) will be available.

Note

• Multiple seed profiles can be created to enable autoreplication for separate collector groups/clusters.

• By default, new exporters/streams are assigned to collectors once every hour, and collectors are checked to verify that they are not over capacity once a day. These times can be adjusted in /home/plixer/scrutinizer/files/conf/rebalance.yaml. Rebalancing can also be manually initiated via the seed profile in the Replicator UI. Exporter reassignment is kept to a minimum to improve system performance.

Creating a collector profile

Auto Replicate Collector profiles define the destination collectors for a seed profile. A collector profile must be created for each collector and then assigned to the seed profile for its cluster.

To create a new collector profile:

View instructions

1. Navigate to Replicator > Collectors, and then click the + icon to create a new collector profile.

2. Enter the IP address of the collector and its port number.

3. Select the Replicator appliance to associate with the collector.

4. [OPTIONAL] Add a description for the collector.

5. Click Save and repeat the steps to create additional collector profiles as needed.

After the necessary collector profiles have been created, select the collector profile in the main Collectors view to open the configuration tray and assign the collector to a seed profile.

High-availability replication

A Replicator instance can be paired with a secondary instance to create a high-availability pair that ensures uninterrupted flow data replication. Configuration data is synced between the primary and secondary instances for seamless failover.

Note

Any unpaired headless deployment without saved profiles can be set as a secondary instance in an HA pair.

In distributed Scrutinizer clusters, the secondary reporter or any remote collector can be used as a secondary Replicator instance by enabling the Replicator service.

Multi-network mode

When the primary and secondary Replicator instances are on different subnets (i.e., a virtual IP address cannot be used), the flow data to be replicated must be sent to both Replicator instances.

After a high availability pair is set up in this mode, the primary instance continuously sends UDP heartbeat packets to the secondary instance (1 packet per second). If the secondary fails to receive two consecutive heartbeat packets, it immediately starts replication. Once a heartbeat packet is received from the primary instance again, the secondary syncs any configuration updates, stops replication, and reverts to the standby state.

Note

Multi-network mode is the default high-availability configuration. If the primary and secondary Replicator instances are on the same network, enabling virtual IP/single-network mode is recommended.

Enabling multi-network HA on a Replicator

To create a multi-network HA pair, follow these steps:

View instructions

1. Go to Admin > Resources > Replicators, and then click on the name of the Replicator instance to use as the primary.

2. In the Replicator configuration tray, toggle the High Availability switch to On (will not be displayed if no secondary instances are available).

3. Select the Replicator instance to use as the secondary in the Secondary IP dropdown.

4. Click Save to create the HA pair.

After the multi-network HA pair has been saved, configure all exporters to send flow data to both the primary and secondary instances.

Virtual IP mode

When the primary and secondary Replicator instances are on the same network, they can receive flow data packets via a shared virtual IP address.

After a high-availability pair is set up in this mode, the availability of the primary and secondary instances is monitored using the Virtual Router Redundancy Protocol (VRRP). If the primary Replicator instance becomes unavailable, the specified virtual IP address is immediately reassigned to the secondary instance, which then starts replication (handover typically takes ~1 second). Once the primary becomes available again, it re-assumes responsibility for the IP address and resumes replication after a user-defined delay (see instructions below).

Enabling virtual IP HA on a Replicator

View instructions

1. Go to Admin > Resources > Replicators, and then click on the name of the Replicator instance to use as the primary.

2. In the Replicator configuration tray, toggle the High Availability switch to On.

3. Select the Replicator instance to use as the secondary in the Secondary IP dropdown.

4. Enable Virtual IP, and then enter the following details in the provided fields:

   • Virtual IP address: IP address to be shared between the primary and secondary instances

   • Virtual router ID: Virtual router ID to assign to the HA pair (must be unique to the pair to avoid conflicts with other software devices using VRRP)

   • Failover delay: Length of time that the primary instance must be online again before it takes over the virtual IP and replication (to avoid flapping)

   Note

   The failover delay is meant to allow all services on primary instance to fully restart after a reboot/outage. A delay of at least 2 minutes is recommended (default: 5 minutes).

5. Click Save to create the HA pair.

After the VIP HA pair has been saved, configure all exporters to send flow data to the virtual IP address specified.

Reverting HA pairings

To revert paired Replicator instances back to single appliances, toggle off High Availability for the primary instance.

This will unpair the instances and allow them to be used as single deployments again. The primary instance will retain all profiles, collectors, and other settings previously applied, and the secondary instance will be reverted to its unused, post-deployment state.

High-availability exporter pairs

Replicator can automatically manage flow data streams from a specified pair of redundant IPv4 exporters using the IPv4 Dual HA Exporters profile type.

After a profile of this type is created, it must be configured as follows:

View instructions

1. Select the Replicator instance to use.

2. [Optional] Add a description for the profile.

3. Enter the spoofed IP address to use for replicated streams.

4. [Optional] Enter the spoofed port to use for replicated streams.

5. Create exactly two /32 policies (one for each HA exporter).

6. Select the preferred/primary source.

7. Set the amount of time to wait for the preferred source.

8. Add collectors to the profile (or define new collectors, if necessary).

After the profile has been configured and enabled, flow data from the preferred source will be replicated and forwarded to the specified collector(s). If the preferred source becomes inactive for the specified wait time, replication will start for the stream from the other exporter/policy defined in the profile. The same spoofed IP address and port will be used regardless of the active source.