Re: [bwm-tools-tech] Graphing Traffic

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

  You can use the mark feature of the iptables (with bwm tools or
without) to "number" the traffic wich classifies as voip traffic. If
you have so many clients you have to try and find the best rule to
match the voip traffic without to much CPU usage.

  For graphing with bwm you have to mark the voip packets, put them in
a "flow" and graph that flow on a per user or per group basis.

  If you don't want to graph with bwm then mark the voip packets with
iptables and use a script wich get's the bytes or the number of
packets or both, something like this:
"iptables -t mangle -nxvL FORWARD"
and then use grep or sed or awk to "see" only those needed values.
Then use mrtg to colect those dates at 1-5 minutes and store them in a
rrd database, then graph them.

I'm sorry I can't give you a sample script to do that because the
output of iptables differs.

It's a little of work to do for you but I think it's worth the time.

Google

On Wed, 23 Mar 2005 11:54:26 -0700, Adam M. Towarnyckyj
<ad...@co...> wrote:
> I thought that the nfmark option was for shaping. I don't want to do any
> shaping of the packets. I just want to log and graph. I'm not sure if
> this is what you meant because I didn't investigate nfmark all that much
> and I'm still not quite sure what bwm_tools does. No offense to the
> creator, but the documentation is a bit sparse on this program. It does
> a great job of explaining how to use everything when you want to shape
> and integrate it with iptables, but there's nothing on just graphing.
> 
> As for your other suggestions, I've looked everywhere for a tool that
> will allow me to track voip usage and graph it. Unfortunately, not many
> free programs can do this that I know of. Ipfm is for total usage and
> won't let me specify voip traffic. Mrtg and rrdtool only graph data you
> already have. I'd need to be able to pull that voip traffic from the
> network in order to use mrtg to graph it. I'm looking at bandwidthd but
> I fear it may have the same results as ntop did when I tried running it.
> It tries to do too much at one time and overloads. It doesn't help when
> a program tries writing the data, producing the web page, producing the
> png, and servicing web requests all at the same time; especially when
> I'm graphing traffic from over 5000 subscribers at one time.
> Thank you very much for the suggestions though. I'm going to investigate
> bandwidthd a bit further. If you could explain a little bit more on what
> you meant by using nfmark, that may help too. Like I said, still a bit
> lost on how bwm_tools works.
> Thanks for your time.
> 
> Adam
> 
> -----Original Message-----
> From: go0ogl3 [mailto:go...@gm...]
> Sent: Wednesday, March 23, 2005 11:18 AM
> To: Adam M. Towarnyckyj
> Cc: bwm...@li...
> Subject: Re: [bwm-tools-tech] Graphing Traffic
> 
>  I'm new to bwm but if you really want to use bwm tools to graph voip
> traffic, why don't u use the nfmark? You only have to mark the packets
> from the voip and shape them with bwm tools. This way you can also
> graph that voip traffic.
> 
>  As an alternate solution you can use ipfm, bandwidthd, mrtg+rrdtool
> or one of the many others.
> 
> Google
> 
> On Wed, 23 Mar 2005 10:46:55 -0700, Adam M. Towarnyckyj
> <ad...@co...> wrote:
> >
> >
> > Thanks to all for your help in getting this up and running for me. Now
> I
> > have some technical questions involving the graphing portion. As
> stated in
> > an earlier post, I am trying to graph voip traffic over our network to
> see
> > what kind of usage we're running into. All I need is bandwidth usage
> in
> > bytes for any given time period. Nigel tells me this is possible. I
> set up
> > my config file as follows:
> >
> >
> >
> > <firewall>
> >
> >   <global>
> >
> >     <modules>
> >
> >       <load name="ip_queue"/>
> >
> >     </modules>
> >
> >     <class name="voip_traffic">
> >
> >       <address name="voip_dst" proto="udp" src-port="10000:20000" />
> >
> >     </class>
> >
> >   </global>
> >
> >   <traffic>
> >
> >     <flow name="voip_traffic_out" report-timeout="60">
> >
> >     voip_traffic
> >
> >     </flow>
> >
> >   </traffic>
> >
> > </firewall>
> >
> >
> >
> > Question one starts here. Is it ok for me to use the standard symbol
> for
> > specifying a range of ports like that? (10000:20000) If that's not
> correct,
> > is there another way to go about doing this? I'd rather not go through
> and
> > write an <address> for each port from 10000 to 20000. J
> >
> > Question two is "what am I doing wrong?" because this isn't working.
> "bwmd"
> > loads, but there is no output to any log files even though I have
> > "report-timeout" specified. I don't want to do any sort of limiting of
> this
> > traffic; I just want to log it.
> >
> >
> >
> > If you have any suggestions on what I can change to make this work,
> they'd
> > be very much appreciated. If I can't get bwm_tools to do what I'm
> looking
> > for, I have no other ideas on how to accomplish this. Thanks!
> >
> >
> >
> > Adam Towarnyckyj
>