Monitoring traffic volumes by country
dima
_pppp at mail.ru
Tue Jan 18 03:30:23 PST 2005
> >> Can anyone suggest a tool that can collect statistics on traffic volumes
> >> by the country of the remote host. That on its own would go a long way
> >> for me, but if it coulod also break down on incoming vs outgoing traffic
> >> and by local port number that would be ideal.
> > NetFlow is the "ideal" solution for you.
> > The best solution for FreeBSD would be ng_netflow kernel module
> > since all the other implementations (softflowd, fprobe, ntop etc)
> > use pcap which is a quite CPU-consuming way.
> >
> > You can:
> > 1) force collector to aggregate traffic by source AS
> > and find out autonomous system to country relation somehow;
> > 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP.
>
>
> Where does the CPU time go with pcap? Is it in the kernal or in userland?
pcap is the original Linux userland packet capturing facility.
> I suspect that for my current needs I can live with a bit of CPU load,
> but am not sure where to expect to look for it to turn up.
You need NetFlow to get your work done well anyway.
So, why would you use a more CPU-consuming version of it?
The only possible reason could be that ng_netflow module isn't included in the base system yet;
but it surely suites an ISP to account as much traffic as a FreeBSD box can route.
> Andrew
More information about the freebsd-isp
mailing list