Monitor Application & Network using ACOS Prometheus Exporter
This article describes how to setup Prometheus and A10 Thunder running pre-ACOS 5.0 version (e.g., 3.2, 4.1.4 or 5.1) using a Prometheus Exporter to gain application network visibility and operational insights.
Prometheus uses the HTTP PULL model to scrape such various data from network devices and store the received values in a time-series database. Using a visualization and analytics tool, like Grafana, the data stored in Prometheus can be tracked to understand various baselines and thresholds that the networks should be operating under, thus enabling event monitoring and alerting.
In this article, we use an ACOS Prometheus Exporter, a python-based script, that acts as a proxy between Prometheus and A10 Thunder. To enable the integration, the exporter listens on port 9734 for HTTP PULL requests from Prometheus. Once the exporter receives the request from Prometheus, it then makes the corresponding API calls to the A10 device to fetch the requested statistics. After the A10 devices has responded, the exporter hands those statistics over to Prometheus thus completing the original Prometheus HTTP PULL request. The Prometheus Exporter python script is maintained on the A10 Networks GitHub page.
Prerequisites
- You will need previous experience with Prometheus, Grafana and A10 Thunder
- Prometheus
- Install a Prometheus service on a server. In this example, Prometheus is installed on an Ubuntu virtual machine.
- For Prometheus installation, refer to Prometheus Installation.
- Grafana
- Install a Grafana service on a server. In this example, Grafana is also installed on the same server as the Prometheus using port 3030.
- Add Prometheus as a data source
- For Grafana installation, refer to Grafana Installation.
- Thunder device
- A10 Thunder (hardware, virtual, bare metal or container)
- ADC/CGN/CFW - ACOS version 4.1.4 and above
- TPS - ACOS version 3.2 and above
- In this example, Thunder TPS is used for DDoS Protection.
- Get vThunder free trial
- Note: Thunder have native support for Prometheus in ACOS 5.2.0. A10 device running ACOS 3.x/4.x can be integrated with the use of Prometheus Exporter.
- A10 Thunder (hardware, virtual, bare metal or container)
- Prometheus Exporter for A10 Thunder
- Clone ACOS Prometheus exporter from A10 Networks GitHub. In this example, Prometheus exporter is installed on the same server as the Prometheus using port 9734.
- https://github.com/a10networks/PrometheusExporter
ACOS Prometheus Exporter Setup
The ACOS Prometheus exporter module is a python-based script that acts as a proxy between Prometheus and A10 Thunder devices to collect A10 device stats and displays the results as metrics. In order to install ACOS Prometheus Exporter, you can fist clone it from A10 GitHub.
$git clone https://github.com/a10networks/PrometheusExporter.git $cd PrometheusExporter $pip install -r requirements.txt
You will find the config.yml in the PrometheusExporter directory and modify it with the A10 Thunder devices to be monitored.
$vi config.yaml --- hosts: 192.168.2.112: username: admin password: a10 log: log_file: logs.log log_level: INFO
Finally, run the ACOS Prometheus Exporter
$python ./acos_exporter.py
Note: You can also run the ACOS Prometheus Exporter as a container or on Kubernetes/ OpenShift using Helm package. For more details, refer to https://github.com/a10networks/PrometheusExporter
Prometheus Installation and Configuration
In this example, we install Prometheus on to an Ubuntu server and configure it to collect the data from A10 Thunder device via ACOS Prometheus Exporter.
Note: The installation instruction may vary depending on your environment including OS version and Prometheus release. Please refer to the latest instruction at Prometheus site.
$wget https://github.com/prometheus/prometheus/releases/download/v2.22.2/prometheus-2.22.2.linuxamd64.tar.gz $tar xvfz prometheus-*.tar.gz $cd prometheus-*
The configuration file defines everything related to scraping jobs and their instances, as well as which rule files to load. The file where these configurations are stored is called prometheus.yml. Over here we define the frequency with which Prometheus is supposed to run certain jobs (scraping network devices for data).
Here is what the beginning of your file should look like:
$cat prometheus.yml # my global config global: scrape_interval: 30s # Default is every 1 minute. evaluation_interval: 30s # Default is every 1 minute.
Further below in prometheus.yml, you will notice the jobs defined. You can add many jobs here, and this is an example job for Thunder TPS.
- job_name: 'a10tps-job' metrics_path: '/metrics' static_configs: - targets: ['localhost:9734'] params: host_ip: ["192.168.2.112"] api_endpoint: ["/system/memory/stats", "/system/data-cpu/stats", "/ddos/l7-dns/stats", "/system/bandwidth/stats"]
Here is the detailed explanation of arguments defined in the a10tps-job:
- Params - This is where the parameters are configured.
- host_ip: IP of the monitored device that needs to be scraped. In this example, it is IP of the Thunder TPS.
- api_endpoint: The API endpoint(s) that provides the data/statistics. In this example, this scraps memory consumption, data CPU utilizations, DNS DDoS protection stats and total bandwidth passing through the Thunder TPS.
- api_name: A convenient label for the api_endpoints listed above.
- Targets – IP: port of the target device for Prometheus to communicate. In this example, it is set to the Prometheus Exporter using port 9734.
Once the prometheus.yml is set, start Prometheus service and check the status and collected data.
$ ./prometheus --config.file=prometheus.yml
Grafana Setup
Once Prometheus starts colleting metrics from Thunder, you can create your own dashboard to visualize application traffic and monitor device and service status using threshold and baselining.
Here is the commands and steps to install and configure Grafana Enterprise edition on the same Ubuntu server. For detailed installation information, refer to https://grafana.com/docs/grafana/latest/installation/
$sudo apt-get install -y apt-transport-https $sudo apt-get install -y software-properties-common wget $wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add - $echo "deb https://packages.grafana.com/enterprise/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list $sudo apt-get update $sudo apt-get install grafana-enterprise $sudo systemctl daemon-reload $sudo systemctl start grafana-server $sudo systemctl status grafana-server
In this example, following metrics are used for each data source to visualize DNS service and DDoS protection status.
- Traffic Volume
- input_bytes_per_sec
- output_bytes_per_sec
- DNS Traffic Stats
- dns_pkt_processed
- dns_query_type_XXX
- dns_query_class_XXX
- Dropped DNS Counters
- dns_qry_any_drop
- dns_malform_drop
- dns_nx_drop
- dns_auth_drop
- dns_fqdn_label_len_exceed
- dns_fqdn_rate_by_label_count_exceed
- and more
You want to watch a demo of the A10 Thunder and Prometheus integration? Go to a10transcend.com