moruda
asked on
Control/Monitor Bandwidth by IP
Hi,
I have a network designed as follows:
Line to internet coming into firewall
(firewall running NAT)
Firewall to Switch
Switch to servers
I need to monitor the incoming/outgoing bandwidth on an IP basis (port would be even better). This is mostly for billing purposes. Currently we are using a Layer 2 switch which can obviously not handle any IP information. What do we need to buy to be able to properly monitor this info. Where would it fit in the network? I was looking at L3 Cisco switches (3550), but I was wondering if I would need to put the switch on the outside facing part of the network, since I do not need to monitor internal traffic, only external. All help appreciated
I have a network designed as follows:
Line to internet coming into firewall
(firewall running NAT)
Firewall to Switch
Switch to servers
I need to monitor the incoming/outgoing bandwidth on an IP basis (port would be even better). This is mostly for billing purposes. Currently we are using a Layer 2 switch which can obviously not handle any IP information. What do we need to buy to be able to properly monitor this info. Where would it fit in the network? I was looking at L3 Cisco switches (3550), but I was wondering if I would need to put the switch on the outside facing part of the network, since I do not need to monitor internal traffic, only external. All help appreciated
<< L3 Cisco switches (3550)>>
Sure they should be able to do this, but any reasonably capable router should be able to do the same thing. If the router is delivering DHCP, then you can get a daily or hourly report from the router sent to one of the IP addresses on the network (like you), and those reports will give you which IPs were trafficking for how long.
And yes, this device should be on the external side of the network, the idea being that all the switched data internal to the network is NOT involved in the auditing, only that data and time going to the extrnal WAN (internet). Make sense?
Sure they should be able to do this, but any reasonably capable router should be able to do the same thing. If the router is delivering DHCP, then you can get a daily or hourly report from the router sent to one of the IP addresses on the network (like you), and those reports will give you which IPs were trafficking for how long.
And yes, this device should be on the external side of the network, the idea being that all the switched data internal to the network is NOT involved in the auditing, only that data and time going to the extrnal WAN (internet). Make sense?
ASKER
So I should get a router? Which one do you suggest? What about security on the router since it isnt behind a firewall?
Even the most basic routers have great firewalling built in -- just turn them on in default mode, and they usually give full stealth mode on all essential ports. That is one of the best things about a router today, it has firewalling built in that is way better than software firewalls, even windows firewalls. For example, take a very basic router like a Linksys BEFSVP41 -- this costs only $75, and is not only a router to the internet with full stealth mode firewall protection on all ports, and a DHCP server, but in addition, it is a VPN endpoint router, so now you have the capability that 1-2 people can VPN into your network from their home offices. The router handles all this, plus it can send logs of usage and traffic to an IP number at any specified time.
Now I am not suggesting that a basic router like this will solve the needs of a big corporation with many users, but they do do all of what you want. Linksys is now owned by cisco, and Cisco, the router leader, now makes linksys routers too. So if you want to go up in capabilities, then go from linksys (or similar low-end routers) to the higher priced, more feature rich Cisco PIX routers. Some of the high end Ciscos can do amazing things, I would go to their website and check them out. Of course, you pay and they are harder to configure than the simpler Linksys routers, but in answer to the Q, should you get a router instead, I would say "YES". They can completely protect the network without any need for software firewalls, and they can do what you want. But check out the specs first, find a router that is compatible with your modem that connects to the internet. Start from there, and also consider VPN capabilities, if you need it. Assume great firewalling is built in.
Now I am not suggesting that a basic router like this will solve the needs of a big corporation with many users, but they do do all of what you want. Linksys is now owned by cisco, and Cisco, the router leader, now makes linksys routers too. So if you want to go up in capabilities, then go from linksys (or similar low-end routers) to the higher priced, more feature rich Cisco PIX routers. Some of the high end Ciscos can do amazing things, I would go to their website and check them out. Of course, you pay and they are harder to configure than the simpler Linksys routers, but in answer to the Q, should you get a router instead, I would say "YES". They can completely protect the network without any need for software firewalls, and they can do what you want. But check out the specs first, find a router that is compatible with your modem that connects to the internet. Start from there, and also consider VPN capabilities, if you need it. Assume great firewalling is built in.
You can put a management ip address on a 3550 it will allow one IP address.. You should do this for management purposes. You don't want to be using your console cable every time you want to make a config change.
You can find more info here about your switch and what it is capable of doing..
http://www.cisco.com/en/US/products/hw/switches/ps646/
Once you have done that telnet in and enable SNMP and use a common tool such as MRTG..
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
If you want totals (in out MB/GB ect) you can use MRTG Total Traffic Generator.
http://bjorn.swift.st/traffic/
Depends how "big" you want to get. Packetteer boxes will let you manage your usage......have a look at:
http://www.packeteer.com/
http://www.packeteer.com/
Moruda: Which traffic do you want to bill? Do you want to bill internal users or you want to check bils from your ISP?
- To bill internal users you need analyze internal traffic - in your LAN before firewall. ISA may help or (check) even firewall can give you statistics. If not - buy 3550 and replace your switch.
- To check ISP - what firewall you use? Check manual, probably it will give statistics on the outside interface to you. If not - buy a router, or if you have ethernet from firewall to provider - put a HUB and plug external interface of firewall, provider's link and put there spare machine to monitor traffic. You will not be able to correlate traffic to users - just the whole traffic for all.
Regards.
- To bill internal users you need analyze internal traffic - in your LAN before firewall. ISA may help or (check) even firewall can give you statistics. If not - buy 3550 and replace your switch.
- To check ISP - what firewall you use? Check manual, probably it will give statistics on the outside interface to you. If not - buy a router, or if you have ethernet from firewall to provider - put a HUB and plug external interface of firewall, provider's link and put there spare machine to monitor traffic. You will not be able to correlate traffic to users - just the whole traffic for all.
Regards.
ASKER
My sonicwall does have some type of monitoring, but I have never successfully set it up. Has anyone set this up in a useful configuration?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
More info: http://www.microsoft.com/isaserver/default.mspx
Ps. A Cisco layer 3 switch will begin to allow some of this, but not without a lot more infrastructure added on - AAA (Authentication and Accounting) servers, etc.