Re: Traffic Accounting

To: debian-isp@lists.debian.org
Subject: Re: Traffic Accounting
From: George Georgalis <georgw@galis.org>
Date: Sun, 20 Jul 2003 14:02:12 -0400
Message-id: <[🔎] 20030720180212.GB5665@trot.local>
In-reply-to: <[🔎] 1058720527.1011.78.camel@kgb.netel.bg>
References: <[🔎] 3.0.6.16.20030720145858.0d175280@pop3.01019freenet.de> <[🔎] 1058716884.1011.66.camel@kgb.netel.bg> <[🔎] 20030720162720.GB5403@trot.local> <[🔎] 1058720527.1011.78.camel@kgb.netel.bg>

On Sun, Jul 20, 2003 at 08:02:07PM +0300, kgb wrote:
>On Sun, 2003-07-20 at 19:27, George Georgalis wrote:
>> On Sun, Jul 20, 2003 at 07:01:24PM +0300, kgb wrote:
>> >On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote:
>> >> Hello Russian Secret Service Agent...
>> >> 
>> >> Am 23:35 2003-07-19 +0300 hat kgb geschrieben:
>> >> >
>> >> >Hello,
>> >> >
>> >> >Which is best way for traffic accounting i use ipac-ng but i don't like
>> >> >it anymore because it make my system under high load.
>> >> >
>> >> >Thanks in advanced.
>> >> 
>> >> I think there is no other choice...
>> >> 
>> >> I use ipac on a 100 MBit LAN where I count the traffic of five 
>> >> 11 MBit WaveLAN-Channels... where ipac has two NIC's and is 
>> >> In-Line between the Main-Router and the Switch where the Lucent 
>> >> ORINOCO COR-1100 and wireless Bridges are connected...
>> >> 
>> >> Each channel has 120 Clients...
>> >> 
>> >> I use a AMD Athlon XP 2400+ with 512 MByte of memory and the 
>> >> load is around 17...
>> >> 
>> >> I have for each client (all fixed IP's) two rules (rx/tx) to the 
>> >> Internet and two rules (rx/tx) to the internal mail-Server. 
>> >> 
>> >> So I have completly 2400 rules plus som special-rules to count 
>> >> ftp, http, shttp and mail traffic. 
>> >> 
>> >> In summary around 2500 rules.
>> >> 
>> >> What Do you have ???
>> >> 
>> >> Thanks
>> >> Michelle
>> >> 
>> >I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx"
>> >machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are
>> >limit in iptables but when they are so many this is really sucks this is
>> >on 100Mbit LAN the problem is when fetchipac is running and ipacsum because 
>> >file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller
>> >or fetchipac and ipacsum is not running everything is fine i think thats can not be 
>> >the only one way...
>> >
>> 
>> I don't run it, I'm just a by stander; but I bet you are not dealing
>> with cpu issues but disk io. run top and compare system load to your cpu
>> state % idle time.
>> 
>> If you've got idle cpu, and load over one, you are most likely dealing
>> with disk speed not cpu.... time for hardware scsi, striped raid, on 15k
>> rpm disks :-P unfortunatly that's a lot more difficult and expensive
>> than upgrading cpu and ram :-\
>> 
>> // George
>> 
>
>Yes, you're right but my question is, is there have other way to do accounting
>some bash, shell script to fetch traffic with "tc" command from cbq shaper ?

I don't really know that stuff... If you just want to log tcp/udp/icmp
ip use iptables:

iptables -N watchit
iptables -I watchit -s 10.1.0.0/24 -p tcp -m state --state NEW -j LOG --log-prefix '##_NEW_## '

and periodically do something like

tablestats () {
iptables -vnL >>${LOG}/iptablestats-${now}
iptables -t nat -vnL >>${LOG}/iptablestats-${now}
}       


or you may need qdisc routing and logging, I don't know much about
that. My favorite setup is an ebtables bridging router/fw (has no ip
address), patched to send packets through the netfilter tables. :)
That and iptable stats should probably cover your needs.

Just found these, should help with qdisc:
http://lartc.org/howto/index.html
http://lartc.org/howto/lartc.qdisc.html
http://lartc.org/howto/lartc.bridging.html


These are the links I saved from 6 or 8 months back.

http://plorf.net/linux-ip/html/
Guide to IP Layer Network Administration with Linux

http://users.pandora.be/bart.de.schuymer/ebtables/
http://users.pandora.be/bart.de.schuymer/ebtables/sourcecode.html
Ebtables homepage
http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
Ethernet Bridge + netfilter Howto
http://www.sparkle-cc.co.uk/firewall/firewall.html
Implementing a Bridging Firewall By David Whitmarsh
http://www.compsci.lyon.edu/mcritch/dante/
Dante - Traffic control and QoS with Linux
http://lartc.org/
Linux Advanced Routing & Traffic Control
http://lartc.org/howto/lartc.bridging.html
Building bridges, and pseudo-bridges with Proxy ARP
http://bridge.sourceforge.net/docs.html
http://bridge.sourceforge.net/docs/Firewalling for Free.pdf
Firewalling for Free, by Shawn Grimes.
http://www.pom.gr/ilisepe1/firewall_help.html#5
Transparent Firewall Bridging
http://plorf.net/linux-ip/html/ether-bridging.htm
Address Resolution Protocol and Bridging
http://www.zebra.org/
routing software


Have fun. Let us know what you come up with. :)

// George




-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027    <IXOYE><
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george

Reply to:

Follow-Ups:
- Re: Traffic Accounting
  - From: George Georgalis <georgw@galis.org>

References:
- Re: Traffic Accounting
  - From: Michelle Konzack <linux4michelle@freenet.de>
- Re: Traffic Accounting
  - From: kgb <kgb@kgb.netel.bg>
- Re: Traffic Accounting
  - From: George Georgalis <georgw@galis.org>
- Re: Traffic Accounting
  - From: kgb <kgb@kgb.netel.bg>

Prev by Date: Re: Traffic Accounting
Next by Date: Re: Traffic Accounting
Previous by thread: Re: Traffic Accounting
Next by thread: Re: Traffic Accounting
Index(es):
- Date
- Thread