Date: Tue, 18 Jan 2005 14:30:19 +0300 From: dima <_pppp@mail.ru> To: Andrew McNaughton <andrew@scoop.co.nz> Cc: freebsd-isp@freebsd.org Subject: Re[2]: Monitoring traffic volumes by country Message-ID: <E1CqrYx-00064P-00._pppp-mail-ru@f31.mail.ru> In-Reply-To: <20050118233707.W9021@a2.scoop.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> Can anyone suggest a tool that can collect statistics on traffic volumes > >> by the country of the remote host. That on its own would go a long way > >> for me, but if it coulod also break down on incoming vs outgoing traffic > >> and by local port number that would be ideal. > > NetFlow is the "ideal" solution for you. > > The best solution for FreeBSD would be ng_netflow kernel module > > since all the other implementations (softflowd, fprobe, ntop etc) > > use pcap which is a quite CPU-consuming way. > > > > You can: > > 1) force collector to aggregate traffic by source AS > > and find out autonomous system to country relation somehow; > > 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP. > > > Where does the CPU time go with pcap? Is it in the kernal or in userland? pcap is the original Linux userland packet capturing facility. > I suspect that for my current needs I can live with a bit of CPU load, > but am not sure where to expect to look for it to turn up. You need NetFlow to get your work done well anyway. So, why would you use a more CPU-consuming version of it? The only possible reason could be that ng_netflow module isn't included in the base system yet; but it surely suites an ISP to account as much traffic as a FreeBSD box can route. > Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CqrYx-00064P-00._pppp-mail-ru>