Anybody has successfully developed a system with a bridge forwarding traffic and a third network interface acting as a server for netflow stream, for a separate machine doing network graphing ? (note: this is all on a wired network.)
I have a network wich forwards about 10 mbits of traffic, with torrents, dc clients, mail, instant messaging, and all kinds of stuff, occupied about 8 mbits all of the time.
What I want to achieve is to see who and what kind of traffic goes trough this network:
- what user gets most bandwidth ?
- what kind of traffic do they use ? (ftp, http, torrent-like, dc connections, etc.) It would be enough to see the traffic split by protocol or ports used.
- graph these.
For this I should use a traffic-flow + netflow, on a linux box.
My questions follow:
- has anybody real data from a setup similar to this ?
- has anybody measured cpu% during a 10 mbit load on a bridge ?
- is this even possible ? with a bridge, as not to modify anything in the current setup, or do I have to implement this on the border router ?
- What kind of machine specs do I need ? pc/rb ? Price might be an issue, though, but if it can be done properly, not a that big issue. Also, I would prefer a MT solution to this, as I am very familiar with it, and all the network infrastructure is based on it.
As of now, my idea of doing this is to setup a bridge, and on the router third interface (not participating in bridge) add an ip address, and forward traffic to a linux machine with netflow installed. If there's an easier way, please suggest it. From what i've seen on the forum, I have not seen nothing enough usable for this yet.
If anybody can help me, I would really appreciate it. I'm no newbie, I can take a general guideline and implement it.
Thank you all in advance.