J. Nerius wrote: > How many hosts and how much traffic are you running through it? I've > wanted to come up with a solution similar to the one you've described > to replace my current bandwidthd setup but I'm thinking that my > network may be too large with too much traffic to support something > like that without building a monster box just to capture the stats. > If you have a small static number of hosts in/out of your system, you may want to use netfilter blank rule counters since the penalty of passing each counter is very very low (entirely kernel side). To put this in perspective, there've been a lot of performance issues with people running 10000+ rule sites with adverse effects on their network setup. Lower than that, and the impact is pretty low. Plus, blank rules don't do anything but increment the counter, so the actual CPU utilization of these rules are even lower. This is to give maxumum accounting of an existing kernel. I'm sure there have been a few in-kernel accounting packages made, but I can't recall any at the moment. Maybe someone here can refresh our memory. Of course the problem with this approach is that you have to know what IP's that are generating traffic before setting this thing up since the iptables rules are static. Its good if you want to monitor internal user's traffic to the net and the amount of traffic a server is getting, but to actually track the internet endpoints, you're better off using a dynamic traffic tracking tools like ntop or bandwidthd.
