“In Italy Open Source still means using Linux instead of Windows”
Interview with ntop founder Luca Deri

During the last Italian Conference on Nagios and OSS Monitoring we had the opportunity to meet Luca Deri, leader of the Open Source ntop project the first time. In the following recently made interview Luca gives interesting insights in his future strategies with ntop, in his collaboration plans with NetEye and his opinions on the Italian Open Source scene

Luca, could you please provide a brief introduction about yourself?

Luca Deri: After completing my graduation in the year 1993 in Information Technology at the “Università di Pisa” with a thesis  on network management, I first specialized at the University College of London and later I got my P.h.D at the University of Berne/Switzerland. At that time I developed part of a network Management product, called IBM Workbench/6000, using web interfaces. Back in Italy in the second half of 1997 I continued to work in this sector and in the 1998 I began the ntop project, capitalizing on the experienced I gained in the previous years.

Could you please explain what is your ntop/nprobe project about?

Luca Deri: ntop is a web monitoring console released under GNU GPL license. It is able to analyze the network traffic evaluating the network flows sent in NetFlow and sFlow from network apparatus that support these protocols. The device that are supporting NetFlow are not very common, they are often expensive and limited, so I have decided to develop my NetFlow probe named nprobe on my own. In this way I had the opportunity to make the project ntop be visible also on commercial level. In fact nprobe was immediately appreciated thanks to its speed, versatility and extensions capability that the commercial solutions are not providing.

What are the main advantages of your solution?

Luca Deri: First of all it is a solution that works in an intuitive way, without having the necessity to configure preferences files. Secondly it is unique because it visualizes everything that is passing through the network and not only what is happening on the network systems. So it is possible to answer to the typical questions such as “who is using my network?”, “Who is surfing the website xyz?”, “Who is currently generating heavier traffic?”, without having the need to use more complex tools with elevated acquisition and maintenance costs.

What is the main reason that made you decide to start this project?

Luca Deri: Mainly to solve my personal issue. In 1998 I had a collaboration with the University of Pisa and I was in charge to monitor the network traffic. The available solutions were very limited and therefore I developed my own tool: ntop.

How long have you been working for the project nprobe?

Luca Deri: For a long time, I can say that when I started to develop in 2003, there was no week in which I did not work for the project. nprobe was created as preprocessor for ntop, giving the possibility to use ntop also on fast network, where ntop was having performance problems. Than nprobe became an independent project and as I was mentioning before the key to enter in the commercial market.

How many people are currently involved?

Luca Deri: I am developing nprobe and ntop as engine mainly by myself. But then I got lucky to have two other colleagues helping me developing some special solutions like nBox, a Linux distribution that integrates ntop and nprobe, or for vertical solutions like big network flows. Sometimes we have some other collaborators but only for specific projects.

Are you working mainly in Italy or have you got also some international partnerships?

Luca Deri: In Italy, unfortunately, I am not very well known maybe because the entire website is in English, and this can dissuade many people. I have been collaborating mainly with foreign Companies as NEC, Intel, Agilent, cPacket, Bivio or Endace that are using my software in their products.

What is the knowledge necessary to integrate your solution in preexisting environments?

Luca Deri: To Integrate nprobe it is not required to have a wide knowledge because it produces the network flows in standard formats: it is only needed to configure correctly the traffic data export options. For ntop instead it is different, it has been created as a standalone solution that was not been thought to be integrated as engine of other software. The situation will change quickly when I will terminate an API Python (under development) that will integrate all external programs with ntop. Currently the only way to use ntop as external program is to export the data via HTTP in various formats like JSON, XML or CSV.

And your experience with Nagios? Will many nprobe users also know Nagios?

Luca Deri: As many others, I have also used Nagios in the past to manage the network services and systems. Now I am thinking to let the traffic data, produced by tools like ntop/nprobe, be used to complete the analysis of network services adding traffic information. The main problem is how to identify when the network traffic is becoming critical and where to define the network thresholds. If the thresholds are fixed, an operation like copying a DVD between two hosts can produce a short traffic load with an high volume of data exchange and can generate a warning (that actually is not) while composed thresholds (i.e. a host that in the past five minutes is sending more traffic than all the other hosts) could not identify network problems.

What about the collaboration start with NetEye? How did it all start?

Luca Deri: Last spring I have been contacted by Würth Phoenix that has sent an invitation to participate to the Italian Nagios Conference organized by Würth Phoenix. I had in this way the opportunity to know the product and its developers. Shortly after that we decided to start to proceed in the same direction to integrate ntop/nprobe inside NetEye. This because we wanted to develop a solution able to increase the value of both products and to support the development of an Open Source software.

What are the added values of this partnership for the NetEye users/clients?

Luca Deri: In my opinion the main advantage is that users can view the network traffic using an Open Source tool and continuously evolving. This can guarantee to have a complete vision of what is happening in the network and to be able to identify and solve possible anomalies. 

Do you think it is possible to improve the concept of integration between ntop and NetEye?

Luca Deri: Without any doubts. This integration has just started. Significant evolutions of ntop/nprobe have been planned for next year, that will be integrated in NetEye. The basic goal is to be able to offer to the users monitoring solutions more and more sophisticated and at the same time easy to be used and not intrusive.

The Open Source scene in Italy: is there more or less collaboration among the projects compared to the other countries?

Luca Deri: Personally I have less contacts with Italian open source developers, the majority is abroad, mainly in Switzerland and US, where instead there are many activities in this field, limited to the network monitoring and management. In our country Open Source means using Linux instead of Windows. There are no investments in the training, mainly in the public services, that are preferring open source solutions only because they work on Linux without understanding that actually they continue to finance closed software. The result is that the Open Source projects can only count on the capability of the leader.

What could be improved in this context?

Luca Deri: Definitively the open source world needs the industry to align the products with the users’ requirements and to develop new functionalities. And the industry can capitalize on what has been done in the Open Source world to develop new products that can be immediately ready, without investing too much. So I think that meetings, like the one between ntop and Würth Phoenix, are the good directions to develop open software with economical returns also for the industries that rely on this products.

How do you see nprobe in ten years?

Luca Deri: The initial idea was to produce a flexible tool, compatible with the industrial protocols for the network monitoring, able to provide simple and easy solutions. In the near future nprobe must be able to satisfy the advanced needs of monitoring big volumes of data, new network protocols, and new types of traffics like the cloud computing or the distributed network services.

Luca, thank you very much for this interview.