I have several Entropy Keys with egd in front of them and then all load balanced by haproxy. I then have many client machines using the haproxy service IP as a network source of entropy. I have no idea how much entropy they are requesting.
The Entropy Keys can produce a limited amount of usable entropy. The specs say about 30 kilobit/sec minimum. As far as I can see, the Entropy Key doesn't have a way to query how much it is being asked for. The EGD protocol seems quite hard to sniff to find this information. Clients can request a variable amount of entropy, and they might not get back the same amount.
Has anyone found a simple way to measure how much is being requested from an Entropy Key?
It would be good to know, in order to be able to plan when additional keys are required, and to spot haywire clients.
The only two things that come to mind is trying to measure the response time of your entropy server (there should be a significant increase in latency if it can't keep up) or pooling
/proc/sys/kernel/random/entropy_availand monitoring how much entropy you have (I'm assuming thategdis using/dev/randomand not the hardware directly).It looks like the source tarball for
ekeydhas a munin plugin for providing ekey statistics.Even if you're not running munin I guess it would be possible to extrapolate the script into something usable for your infrastructure.
I think we both know the authors of the device and software though, so might be worth prodding them. :-)
Try:
When it finishes,
ddwill report the read bandwidth, so you will know the amount of entropy provided. You can run it in the server (disconnected from its clients) to measure entropy production, and in the clients, to measure how much are they receiving.Killing the running
ddprocess withSIGUSR1signal will instruct it to report its I/O statistics, so you don't need to wait for it to finish (seeman dd).Also, clients should expose an increase in their download-bandwidth consumption, because of the entropy being read from the server (e.g.:
nethogsplusnetstat).