Bandwidth consume by IP address

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Bandwidth consume by IP address

Hermes Ojeda Ruiz
Hi,

I'm working with a OpenBSD firewall on embedded hardware, and the client
want to know the bandwidth consume by IP address.

I don't know if this is possible using PF, another tool or making scripts to
get the information.

I'm worried about the performance, because, some weeks ago I make a question
in the list "How distribute bandwidth by IP's", and I solved it, using a lot
of cbq's by ip address (~150 ip address) like was recommended on the
replies, of course, using an script to generate it. That's work, perfect,
but generate some delays on the packets, and if I log everything it can make
the connection useless. The firewall is running in a Soekris net5501.

Sorry, if this is a fool question, and my bad english.

--
Hermes Ojeda Ruiz

Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth consume by IP address

Bret S. Lambert-2
man pflow

On Fri, Oct 01, 2010 at 08:57:07PM -0500, Hermes Ojeda Ruiz wrote:

> Hi,
>
> I'm working with a OpenBSD firewall on embedded hardware, and the client
> want to know the bandwidth consume by IP address.
>
> I don't know if this is possible using PF, another tool or making scripts to
> get the information.
>
> I'm worried about the performance, because, some weeks ago I make a question
> in the list "How distribute bandwidth by IP's", and I solved it, using a lot
> of cbq's by ip address (~150 ip address) like was recommended on the
> replies, of course, using an script to generate it. That's work, perfect,
> but generate some delays on the packets, and if I log everything it can make
> the connection useless. The firewall is running in a Soekris net5501.
>
> Sorry, if this is a fool question, and my bad english.
>
> --
> Hermes Ojeda Ruiz

Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth consumed by computer on the network

Hermes Ojeda Ruiz
In reply to this post by Hermes Ojeda Ruiz
Thanks Eugene Yunak,

I'm sorry if I don't explain correctly by language problems.

I need to know how Mb or Kb have received or sent every IP address, or
Consumed/Available bandwidth ratio. The client only need a way to
measure the IP that download/upload more packets.

I hope that help to explain the problem.

On 02/10/10 01:25, Eugene Yunak wrote:

> On 2 October 2010 04:57, Hermes Ojeda Ruiz <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hi,
>
>     I'm working with a OpenBSD firewall on embedded hardware, and the
>     client
>     want to know the bandwidth consume by IP address.
>
>     I don't know if this is possible using PF, another tool or making
>     scripts to
>     get the information.
>
>     I'm worried about the performance, because, some weeks ago I make
>     a question
>     in the list "How distribute bandwidth by IP's", and I solved it,
>     using a lot
>     of cbq's by ip address (~150 ip address) like was recommended on the
>     replies, of course, using an script to generate it. That's work,
>     perfect,
>     but generate some delays on the packets, and if I log everything
>     it can make
>     the connection useless. The firewall is running in a Soekris net5501.
>
>     Sorry, if this is a fool question, and my bad english.
>
>     --
>     Hermes Ojeda Ruiz
>
>
>
> Hi Hermes,
>
> This is probably due to the native-language problem, but your question
> is a bit incorrect.
> The bandwidth consumed by "IP address" is 4x2=8 bytes per each packet
> (unless we are speaking of IPv6).
> But this is not what you want to know. So what do you need?
> Consumed/Available bandwidth ratio? (my best guess)
>
> Hope the clarification of your question will help others answer you.
>
>
> Cheers,
> Eugene
>
> --
> The best the little guy can do is what
> the little guy does right

Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth consume by IP address

Peter Nicolai Mathias Hansteen
In reply to this post by Hermes Ojeda Ruiz
Hermes Ojeda Ruiz <[hidden email]> writes:

> I'm working with a OpenBSD firewall on embedded hardware, and the client
> want to know the bandwidth consume by IP address.
>
> I don't know if this is possible using PF, another tool or making scripts to
> get the information.

There are a few options available. One is to write the rule set with
labels to collect statistics, making sure the labels are one per IP
address.  The other main option is to use pflow(4), with 'set
state-defaults pflow' or 'keep state (pflow)' for individual rules in
your rule set, set up a collector somewhere and extract the data you
need per IP address.  If you go for pflow, the pflow man page will get
you started.  I'd recommend taking a look at Michael W. Lucas' recent
book for the Netflow analysis part, while the upcoming second edition
of the Book of PF contains a bit of material about both approaches too
(the first edition has only the labels part).

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|

Re: Bandwidth consume by IP address

Stuart Henderson
On 2010-10-02, Peter N. M. Hansteen <[hidden email]> wrote:

> Hermes Ojeda Ruiz <[hidden email]> writes:
>
>> I'm working with a OpenBSD firewall on embedded hardware, and the client
>> want to know the bandwidth consume by IP address.
>>
>> I don't know if this is possible using PF, another tool or making scripts to
>> get the information.
>
> There are a few options available. One is to write the rule set with
> labels to collect statistics, making sure the labels are one per IP
> address.  The other main option is to use pflow(4), with 'set
> state-defaults pflow' or 'keep state (pflow)' for individual rules in
> your rule set, set up a collector somewhere and extract the data you
> need per IP address.  If you go for pflow, the pflow man page will get
> you started.

pflow needs software to collect data; you might want to look at nfsen/nfdump,
pmacct or flow-tools - all are in ports. (Note that pflow is compatible
with Netflow).