From owner-freebsd-questions Sat Dec 15 10:45:22 2001 Delivered-To: freebsd-questions@freebsd.org Received: from truemetal.org (destruction.truemetal.org [206.168.16.98]) by hub.freebsd.org (Postfix) with SMTP id 4B1DB37B419 for ; Sat, 15 Dec 2001 10:45:13 -0800 (PST) Received: (qmail 12863 invoked by alias); 15 Dec 2001 18:34:46 -0000 Received: from unknown (HELO truemetal.org) (213.23.52.196) by truemetal.org with SMTP; 15 Dec 2001 18:34:46 -0000 Message-ID: <3C1B99EA.94AEF8B@truemetal.org> Date: Sat, 15 Dec 2001 19:43:54 +0100 From: universe X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: traffic metering at centralized location Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG we'd like to measure the internet-traffic that our co-location and dedicated server customers are producing, and therefore put a metering-box at a centralized location in our network which is going to measure the traffic coming from our switch' monitoring-port (which reflects all data that is being sent to the internet). for this purpose we've been thinking about using a software like ipmeter (http://www.ipmeter.com), however, it turns out that ipmeter isn't reliable enough for our needs, and doesn't provide all necessary functions - like: a customer must be able to log in to a web interface in order to find out how much traffic his servers have used up for a certain period of time. right now, for the metering purposes, we are directly polling our switch by using PACT (http://pact.insider.org) via SNMP. unfortunately, any and all traffic is counted here, even the traffic that is not destined for the internet but rather for the local backup-server etc. we cannot bill this traffic to the customers, so this method is no longer acceptable. another method would be to put a 2nd network card in every dedicated server / box that is being co-located and build up a small network for internal traffic only. however, that would result in many complications (eg. we only use 1U-servers, so what to do if a customer needs a raid-card in his machine - there's no place for a 2nd pci card)... i've approached several attempts at measuring the traffic in my home network by using freebsd as a bridge, but without avail. i cannot think of another way to put the network interface in promiscuous mode except by setting up a bridge. however, that attempt didn't work out, no traffic was being counted (using ipfw and rules like "ipfw add count ip from 192.168.0.2 to any"), where 192.168.0.2 is just a workstation on the same lan/hub. therefore: how to get a freebsd box (not being used as a router) to measure traffic that isn't destined for local ip addresses? or, does anyone have another idea how to measure the traffic that's destined for the internet? thanks a bunch for any hints or pointers! markus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message