[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice / recommendations on Inexpensive Managed Ethernet Switches

You might look at the Ubiquiti EdgeRouter X Advanced Gigabit Ethernet Routers ER-X 256MB Storage 5 Gigabit RJ45 ports abut $50 on Amazon.  It actually runs a small Debian like OS.  It is configured by a web interface and a command line interface through ssh or embedded in the web interface.  It has counters and displays graphs of the current throughput of each port.  The basic router configuration (configured by wizards to get you started) has one port to connect to the internet (your dsl modem) and NATed to the other 4 ports set up like a switch.  It has a DHCP server to assign internal IP addresses on your LAN if you want.  Mirroring is also possible through the command line interface.  Port rate limiting is also possible.  While I use a Debian box for my main router/firewall I have been experimenting with a ER-X for a while as a backup in case the Debian box goes down.

I also have a TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch (TL-SG105E v2.0) about $28 on Amazon.  It has a Web configuration interface (make sure you get the V2.0) and can be easily set up to mirror ports.  This is not a router so it won't protect your internal LAN like the ER-X would. 

Now to actually monitor the traffic from a mirrored port connected to your desktop Debian you can use wireshark.  It can display traffic in real time showing source and destination address/names and protocols.  It can filter by IP so you could just see the traffic your son generates.  You can graph the data also.  Wireshark has many ways to see the data it collects.  My favorite is "conversations" which shows source and destinations and packets/bytes transferred.  For instance you might see your son's internal IP going to youtube and the data he uses just to watch a video.

Another program I use to just watch data amounts being used is vnstat.  It can show data usage by hour, day or month.  Just install vnstat on each Debian machine and have the results of "vnstat -i eth0 -d" emailed to you every day by a crontab entry.  Here is an example of what is on my outgoing port on my route box.

vnstat -i eth1 -d

 eth1  /  daily

         day         rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
     01/05/2017     4.82 GiB |  274.30 MiB |    5.09 GiB |  493.72 kbit/s
     01/06/2017     5.16 GiB |  250.13 MiB |    5.40 GiB |  524.53 kbit/s
     01/07/2017     4.13 GiB |  271.32 MiB |    4.39 GiB |  426.58 kbit/s
     01/08/2017     4.61 GiB |  267.46 MiB |    4.87 GiB |  472.95 kbit/s
     01/09/2017     3.35 GiB |  624.10 MiB |    3.96 GiB |  384.68 kbit/s
     01/10/2017     4.72 GiB |  263.63 MiB |    4.98 GiB |  483.42 kbit/s
     01/11/2017     5.02 GiB |  303.67 MiB |    5.32 GiB |  516.44 kbit/s
     01/12/2017     2.87 GiB |  194.76 MiB |    3.06 GiB |  297.22 kbit/s
     01/13/2017     4.44 GiB |  270.56 MiB |    4.70 GiB |  456.34 kbit/s
     01/14/2017     4.36 GiB |  244.49 MiB |    4.60 GiB |  446.73 kbit/s
     01/15/2017     4.04 GiB |  354.37 MiB |    4.39 GiB |  426.23 kbit/s
     01/16/2017     4.60 GiB |  360.85 MiB |    4.95 GiB |  480.43 kbit/s
     01/17/2017     4.07 GiB |  269.75 MiB |    4.34 GiB |  420.89 kbit/s
     01/18/2017     3.90 GiB |  272.31 MiB |    4.17 GiB |  404.66 kbit/s
     01/19/2017     4.70 GiB |  321.41 MiB |    5.01 GiB |  486.59 kbit/s
     01/20/2017     4.65 GiB |  294.00 MiB |    4.94 GiB |  479.26 kbit/s
     01/21/2017     7.12 GiB |  343.20 MiB |    7.45 GiB |  723.52 kbit/s
     01/22/2017     7.23 GiB |  379.96 MiB |    7.60 GiB |  737.88 kbit/s
     01/23/2017     5.54 GiB |  290.97 MiB |    5.82 GiB |  565.08 kbit/s
     01/24/2017     4.85 GiB |  355.95 MiB |    5.20 GiB |  505.09 kbit/s
     01/25/2017     3.48 GiB |  259.62 MiB |    3.73 GiB |  362.58 kbit/s
     01/26/2017    10.14 GiB |  469.21 MiB |   10.60 GiB |    1.03 Mbit/s
     01/27/2017     4.94 GiB |  324.84 MiB |    5.26 GiB |  510.76 kbit/s
     01/28/2017     5.75 GiB |  332.64 MiB |    6.08 GiB |  589.86 kbit/s
     01/29/2017     4.16 GiB |  291.04 MiB |    4.44 GiB |  431.41 kbit/s
     01/30/2017     5.93 GiB |  331.44 MiB |    6.25 GiB |  606.99 kbit/s
     01/31/2017     3.36 GiB |  247.76 MiB |    3.61 GiB |  350.02 kbit/s
     02/01/2017     3.22 GiB |  248.35 MiB |    3.47 GiB |  336.53 kbit/s
     02/02/2017     3.87 GiB |  257.72 MiB |    4.12 GiB |  399.78 kbit/s
     02/03/2017     1.21 GiB |  128.89 MiB |    1.34 GiB |  265.66 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated      2.48 GiB |     262 MiB |    2.74 GiB |


I watch several hours of Netflix a day so this is pretty high usage. 

Hope this helps.

...Bob

On 02/02/2017 10:42 PM, rhkramer@gmail.com wrote:
Thanks for the replies (from Dan and Frank)!

I'm going to do some thinking--at first I just wanted to find out how we were 
using so much bandwidth, but, once I do, I might want to try blocking some of 
it if that won't disable pages that I want to look at.

I'll look for pfSense or OPNSense--apper doesn't list them for Wheezy, but I'm 
sure I can find them.  

I don' think I want to try to use a Debian box as a smart router, I'd rather 
find a packaged solution.  (I've done things like that before--I've learned too 
much about NAT and such over the last 30 years or so. ;-)

Just for posterity, here's an example of a <$30 smart gigabit switch on eBay:TP-Link 5-Port Gigabit Ethernet Web Managed Easy Smart Switch (TL-SG105E v2.0)

NEW NETGEAR ProSAFE GS105Ev2 5-Port Gigabit Web Managed (Plus) Switch

http://www.ebay.com/itm/NEW-NETGEAR-ProSAFE-GS105Ev2-5-Port-Gigabit-Web-
Managed-Plus-Switch-/381923274422


On Thursday, February 02, 2017 11:58:28 AM Dan Ritter wrote:

On Thu, Feb 02, 2017 at 11:19:59AM -0500, rhkramer@gmail.com wrote:

Aside: I am actually gobsmacked (I don't think I've ever been gobsmacked
before ;-)--in a week of monitoring, we (my son and I, but with my son
gone 8 to 12 hours a day) are downloading 1.5 to 4 GB *per day* (and
uploading 100 to 300 MB *per day*).

Anyway, I want to try to figure out where all this data is going to and
coming from, at least in terms of the devices we have on our LAN (I'll
discuss those below), so I'm thinking that a(n inexpensive) managed
(Ethernet) switch or two (discussed below) might help me do that.

I think you actually want a smart router. A Debian box with two
or more network interfaces can be such a thing.


One thing I want to do is implement QOS--we have two ObiHai VOIP devices
(which we use pretty rarely, but still want to keep--they might be used
for 4 calls / 10 to 30 minutes a week).  Sometimes the conversation gets
pretty choppy, probably depending on what my son is doing at the time (I
mean, like watching a video or something), so I'm hoping that QOS would
improve that (assuming the packets from the ObiHai device can be
recognized--I would think they can based on their (private / on the LAN)
IP addresses.

A router can do that better than a switch can.


Like I mentioned above, the other thing I want to do is start monitoring
(at least on an occasional / diagnostic basis) the bandwidth used by
each device.

Depending on exactly what you want, either a switch or a router
can help here.


Layout of the network (for background):

The Earthlink DSL modem (Westell) is followed by an Ethernet (unmanaged}
switch.

You would want to put your router in between these. If you can
arrange a third network interface on the router, you could
connect the WiFi hotspot to the router, as well.


I see managed 5-port gigabit switches on eBay starting at a little under
$30, and I'd like to stay close to that as a budget (i.e., ~$60 for 2). 
Of course, if a more featureful switch can monitor the data flows to
each device from that (central) location, I could spend that ~$60 for
the more featureful switch). (But there is some value to me to have two
managed switches such that one would serve as a spare for the central
one even if being used at other locations for monitoring.)

Advice / comments / recommendations?

That seems an unlikely price point, even for used equipment on
ebay. And managed switches usually have a minimum of 12 ports,
not 5. (12, 16, 24, 32 and 48 are all common)

I would recommend putting in a Debian box between the DSL modem
and the ethernet switch. You will need to learn a little about
routing and IP masquerading / NAT, and you will want to set up
firewalling with iptables.

You can look at traffic in realtime with iftop, which will show
you graphs of the top users by IP address or domain name and
where they are connecting.

You can set individual traffic counters per IP address or per
service or both with iptables.

What you won't get is flow information between local devices,
but as I understand it you are more concerned about traffic
in/out to the Internet at large.

If you set fq_codel as the queue discipline on the interfaces
to the router, you will probably solve most of your traffic
interference problems without mucking with QoS.

-dsr-

Reply to: