OK. New job, new problems. Whereas I used to be able to ignore
systems administration and networking, it's now my focus. Our ISP
wants to be able to record IP traffic and bandwidth useage for each of
its users, a common need amongst ISP's.
In my initial search, I found ipac[1] for Debian potato. It worked
with the 2.2 kernels, but nothing greater. A little digging brought
me to the ipac-ng[2] site at Sourceforge[3]. Three patches, a new
debian/rules file, multiple debhelper support files later, a manual
include directive to gcc in agents/iptables/Makefile.in, and I had a
working ipac-ng 1.04 package[4] that used iptables.*
The powers that be, those that provide my paycheck, didn't like the
ipac-ng graphics and wanted something prettier. With ipac-ng came a
few contrib scripts, one for displaying the data via mrtg[5]. The
process is painfully slow and resource intensive, but workable.**
<sarcasm> Making it scriptable is going to be fun. </sarcasm> I'm
interested in trying rrdtool[6] with the mrtg data, but we're not
there quite yet (another step to set up the web cgi).
The IP's we need to track number in the hundreds, and we're expecting
to have to scale this whole operation many times over. With ipac-ng
inserting two rules into iptables for each ip tracked, the tables are
starting to look REAL ugly. I fear that performance on the router is
going suffer (as if it isn't already).
Now, I searched the archives here and took someone's [7] suggestion to
look at fiprad[8]. However, it's kernel module and patch are for the
2.2.14 kernel alone. The last update to the website looks to be in
March of 2000. I was intrigued because of the fiprad daemon that
inserted accounting for ipblocks (VERY nice way to configure by the
way), directly into MySQL (not my favorite, but not a problem). I was
also intrigued by the efficient logic for logging the packets (no nest
of ipchains rules).
I'm interested in finding out what others have done for IP accounting
for a large number of customers. (Rate limiting and traffic shaping
aside -- a topic for another day.) If anyone else is interested in
fiprad for the 2.4 kernel, let me know. I'll send off a copy of this
to the fiprad developers and see if they've worked on it since May
2000.
Footnote
--------
* 1.05, the latest of the ipac-ng thread, had problems parsing the
config file. In the interest of time alone, I dropped down one
version.
References
----------
1. http://packages.debian.org/stable/main/ipac.html
2. http://ipac-ng.sourceforge.net/
3. http://sf.net
4. *.dsc available upon request
5. http://packages.debian.org/stable/main/mrtg.html
6. http://packages.debian.org/stable/main/rrdtool.html
7. http://lists.debian.org/debian-isp-0101/msg00166.html
8. http://www.umplug.org/fipra/
--
Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie
http://www.wookimus.net/ | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
Attachment:
pgpPrkDNWtqCX.pgp
Description: PGP signature