Home / server / Questions / 235511
Accepted
davr
Asked: 2011-02-15 16:37:09 +0800 CST

Monitor bandwidth over time, excluding certain networks?

  • 772

I'd like to monitor bandwidth usage of my Linux servers, but there's a catch: traffic between my two servers is not counted against me, only traffic to the internet at large. However, my servers have only a single network interface, and pretty much everything I've tried measures on a per-interface basis. Does anyone know of a tool that can generate bandwidth graphs, while not counting traffic to/from certain IP ranges?

Bonus points if it generates RRD files (I can already graph them easily) and double bonus points if it works with collectd (either configuration of the standard collectd, or a plugin to it).

linux rrdtool monitoring bandwidth graph

5 Answers

  1. Best Answer

    Assuming you have no access to an upstream router or switch that provides the same view of this data that your ISP sees, you can use iptables accounting to on each host to count bytes/packets destined for anything other than your other IP address (or IP range), and then poke this into an RRD yourself.

    EDIT

    As an example, you could use some rules like these ones in iptables to create the accounting:

    iptables -N ACCOUNT_IN
iptables -N ACCOUNT_OUT
iptables -I INPUT -j ACCOUNT_IN
iptables -I OUTPUT -j ACCOUNT_OUT

iptables -I ACCOUNT_IN -s ! 10.66.1.0/24
iptables -I ACCOUNT_OUT -d ! 10.66.1.0/24

    This creates two new chains, ACCOUNT_IN and ACCOUNT_OUT. I then insert jumps to these at top of the INPUT and OUTPUT chains. Inside each chain, I add a rule with no jump target to match on remote addresses - for input, anything that doesn't have an address on my local /24 as source; for output, anything that doesn't have an address on my local /24 as destination. Packets then return from this chain back into your normal INPUT/OUTPUT chains, as there is no jump rule.

    To check the accounting data:

    # iptables -L ACCOUNT_IN -n -v
Chain ACCOUNT_IN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5  2138            all  --  *      *      !10.66.1.0/24         0.0.0.0/0 

# iptables -L ACCOUNT_OUT -n -v 
Chain ACCOUNT_OUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   15  2846            all  --  *      *       0.0.0.0/0           !10.66.1.0/24

    From there you can pull out those pkt/byte counts and pass to rrdupdate (I assume that you're OK with passing data into an rrd, as you've said you're ok with pulling data out of an rrd. If not, that question has probably already been asked here).

    If you want to zero the counters each time you read them, pass the -Z command (zero counter) to zero the byte counters.

    If any of your hosts are routers, you'll need to do accounting on the FORWARD chain as well - you can probably just insert a jump to both ACCOUNT_IN and ACCOUNT_OUT from the top of the FORWARD chain and it'll do the right thing, but I haven't thought about that enough to be 100% sure it'll work

    • 4

  2. You should be able to do this through IPTables. However, I really doubt you are going to find any prewritten software that can do this. http://wiki.openvz.org/Traffic_accounting_with_iptables would be a good start for doing this via IPTables.

    I'm guessing you don't have access to the switch you are hosted on, which makes most of the other suggestions so far useless.

    • 2

  3. You can use bandwithd. It allows you to pass a pcap filter, so you can exclude traffic between your servers.

    • 2

  4. I would pull this off using a switch that supports Netflow. Netflow tools aren't always free, but this should do what you're looking for.

    • 0

  5. Sounds like you want something like ntop. There are lots of other tools out there, but this is probably the quickest to getting what you want. It can collect off the wire and report on that, or use other inputs like Netflow and sFlow.

    • 0