Community discussions

MikroTik App
 
fanepix
just joined
Topic Author
Posts: 4
Joined: Wed Nov 26, 2008 8:48 am

Bridge with traffic flow forwarding for netflow and graphs

Wed Nov 26, 2008 9:20 am

Anybody has successfully developed a system with a bridge forwarding traffic and a third network interface acting as a server for netflow stream, for a separate machine doing network graphing ? (note: this is all on a wired network.)
I have a network wich forwards about 10 mbits of traffic, with torrents, dc clients, mail, instant messaging, and all kinds of stuff, occupied about 8 mbits all of the time.
What I want to achieve is to see who and what kind of traffic goes trough this network:
- what user gets most bandwidth ?
- what kind of traffic do they use ? (ftp, http, torrent-like, dc connections, etc.) It would be enough to see the traffic split by protocol or ports used.
- graph these.

For this I should use a traffic-flow + netflow, on a linux box.
My questions follow:
- has anybody real data from a setup similar to this ?
- has anybody measured cpu% during a 10 mbit load on a bridge ?
- is this even possible ? with a bridge, as not to modify anything in the current setup, or do I have to implement this on the border router ?
- What kind of machine specs do I need ? pc/rb ? Price might be an issue, though, but if it can be done properly, not a that big issue. Also, I would prefer a MT solution to this, as I am very familiar with it, and all the network infrastructure is based on it.

As of now, my idea of doing this is to setup a bridge, and on the router third interface (not participating in bridge) add an ip address, and forward traffic to a linux machine with netflow installed. If there's an easier way, please suggest it. From what i've seen on the forum, I have not seen nothing enough usable for this yet.

If anybody can help me, I would really appreciate it. I'm no newbie, I can take a general guideline and implement it.

Thank you all in advance.
 
User avatar
Aug
Member
Member
Posts: 313
Joined: Thu Jun 07, 2007 2:10 am

Re: Bridge with traffic flow forwarding for netflow and graphs

Wed Nov 26, 2008 6:56 pm

Just run torch on the interface you're wanting to monitor. You won't get the graphing but you'll be able to see all the traffic and what ports/protocols/ip addresses is being used as well as bandwidth they are using.
Aug
 
fanepix
just joined
Topic Author
Posts: 4
Joined: Wed Nov 26, 2008 8:48 am

Re: Bridge with traffic flow forwarding for netflow and graphs

Thu Nov 27, 2008 10:39 am

Just run torch on the interface you're wanting to monitor. You won't get the graphing but you'll be able to see all the traffic and what ports/protocols/ip addresses is being used as well as bandwidth they are using.
:lol:

You're kidding, right ?
:D

C'mon, it must be somebody who is graphing this kind of stuff......
I am willing to pay for it.

MT stuff, will an article on the wiki regarding this qualify for a L6 license ?

( as for Aug, please do make yourself a graph from torch...., and insert it in here...... )
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24493
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Bridge with traffic flow forwarding for netflow and graphs

Thu Nov 27, 2008 10:42 am

No answer to your question? How to write posts
 
Muqatil
Trainer
Trainer
Posts: 574
Joined: Mon Mar 03, 2008 1:03 pm
Location: London - UK
Contact:

Re: Bridge with traffic flow forwarding for netflow and graphs

Thu Nov 27, 2008 11:12 am

I use Cacti + snmp on every queue tree.
Renato Bernardi

skype: medtech5
 
fanepix
just joined
Topic Author
Posts: 4
Joined: Wed Nov 26, 2008 8:48 am

Re: Bridge with traffic flow forwarding for netflow and graphs

Thu Nov 27, 2008 8:45 pm

Thank you Normis.
I know what I need. The question still remains: can this be put on a bridge ? And what would be the impact on a router with 8 to 10 mbits of traffic, 4000 - 10 000 p/s ?
If nobody did it this way, I guess i'll have to do it myself and find out. If anybody did it, I would appreciate if it shared the results.

The reason I'm asking this is: my backbone link is on a tower wich is not easy accessible, and with restricted access. If i implement something that does work bad or it doesn't at all, I'll be disturbing traffic for a while, and I have a few "sensitive" clients.
 
dufyd
just joined
Posts: 4
Joined: Fri Nov 04, 2011 8:18 pm

Re: Bridge with traffic flow forwarding for netflow and grap

Fri Nov 04, 2011 8:28 pm

Hello,

3 years later, and I'm having the same issue. Hopefully someone will see this and provide some help.

I have Traffic Flow enabled, and sent to a PC where I have Netflow traffic monitoring software.
I also enabled SNMP so I could read the interfaces, so on so forth.

I have used netflow on single ports in the past, however a bridge presents a new challenge.

The problem I have is:
I can capture data from any port, as long as its not on a bridge. NOT if the port is on a bridge.
I can capture data from the bridge, however this is not relevant data.

I've tried:
Mirroring the port and capture the data on the mirrored port, however the mirroring was not successful, and I'm not sure if I did it correctly.

Messy things I can think of:
Give 2 ports an address, and use src-nats to redirect the traffic from one port to the other, and vice-versa, this however can cause some problems and I rather not do this.

Use a packet sniffer on the bridge, and then use the data to create graphs, connections, etc. Basically an alternate of using Netflow. But I'm really trying to get netflow to work on a bridge.

Any solutions/suggestions or help is very much appreciated.

Thank you,
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Bridge with traffic flow forwarding for netflow and grap

Mon Nov 07, 2011 5:20 pm

Since you already have the collector, why not use it on your current central router instead of trying to set up a dedicated box in bridge mode for it? The CPU cost is minimal for it to send the data, so unless your board is already near 100% load all the time, you won't see any problems having it on the same board. I've never set it up in bridged mode, but you should just be able to enable the traffic flow service and leave it at it's default "all" interfaces and let it run.
 
dufyd
just joined
Posts: 4
Joined: Fri Nov 04, 2011 8:18 pm

Re: Bridge with traffic flow forwarding for netflow and grap

Tue Nov 29, 2011 1:22 am

I'm trying to do this for a client, and I do not have access to their main router, I'm cutting/intercepting the wire from their lan to the main router.

Very simple mikrotik setup.
ports 2&3 are bridged
e9 has a separate public ip address
netflow data is collected from bridge and sent elsewhere(encrypted) via the public ip address on e9

So physical setup is as follows.
From Main router to port 2 on the ti
from port 3 on the tik to their LAN(switches)

It seems to work, however the data received can not be distinguished from outbound/inbound, the bridge sees everything as both.

Any help? remember you cannot collect data from a port on the bridge, only from the bridge itself.

Thank you,
 
merrywt
just joined
Posts: 16
Joined: Mon Dec 05, 2011 7:53 pm
Location: Hertfordshire, UK

Re: Bridge with traffic flow forwarding for netflow and grap

Mon Dec 05, 2011 8:12 pm

fanepix it sounds like you need a network tap.

We use the netopics Zero delay tap. This support 10/100/1000Base-TX connections and will give you what you need in the way of monitoring as it replicates every packet received on and interface to a separate monitoring interface. I.E. every packet that is received on network port A is replicated on monitor port A.

If you sit this in front of the bridge then you can replicate all of the traffic that you want to monitor.

Regards

Tom

Who is online

Users browsing this forum: No registered users and 173 guests