Re[2]: Monitoring traffic volumes by country

From: dima (_pppp_at_mail.ru)
Date: 01/18/05

  • Next message: Dmitry Alyabyev: "L7 traffic switch" 
    To: Andrew McNaughton <andrew@scoop.co.nz>
Date: Tue, 18 Jan 2005 14:30:19 +0300

    > >> Can anyone suggest a tool that can collect statistics on traffic volumes
    > >> by the country of the remote host. That on its own would go a long way
    > >> for me, but if it coulod also break down on incoming vs outgoing traffic
    > >> and by local port number that would be ideal.
    > > NetFlow is the "ideal" solution for you.
    > > The best solution for FreeBSD would be ng_netflow kernel module
    > > since all the other implementations (softflowd, fprobe, ntop etc)
    > > use pcap which is a quite CPU-consuming way.
    > >
    > > You can:
    > > 1) force collector to aggregate traffic by source AS
    > > and find out autonomous system to country relation somehow;
    > > 2) aggregate traffic by source IP and make the IP address to country resolution with GeoIP.
    >
    >
    > Where does the CPU time go with pcap? Is it in the kernal or in userland?
    pcap is the original Linux userland packet capturing facility.

    > I suspect that for my current needs I can live with a bit of CPU load,
    > but am not sure where to expect to look for it to turn up.
    You need NetFlow to get your work done well anyway.
    So, why would you use a more CPU-consuming version of it?
    The only possible reason could be that ng_netflow module isn't included in the base system yet;
    but it surely suites an ISP to account as much traffic as a FreeBSD box can route.

    > Andrew

    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Dmitry Alyabyev: "L7 traffic switch"