[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SNMP: Monitoring External (WAN) Traffic Only.

Posted on 2008-11-17
6
Medium Priority
?
1,602 Views
Last Modified: 2012-05-05
Hello - a few questions for our office:

We are monitoring In/Out Bits for Total Bandwidth on a handful of switches using Cacti.

#1 -
Is it possible to graph traffic that only goes across the internet and is not transmitted from one port to another.

My problem stems from 2 users transferring data between 2 local switch ports. For billing purposes, we only need to know how much traffic is transferred in/out the wan, not internal traffic caused by sharing files.

#2 - Will setting up VLANs solve this issue? Does monitoring a VLAN include LAN traffic?

#3 - Am I right to say that if a user transfers large files over the local LAN from one office to another it will slow down the overall performance of the network and WAN (internet) speed?

Thanks!

-x
0
Comment
Question by:xyxlor
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 22981469
1) No.  The monitors on a switch sees bytes in/out on the port.  It does not see MAC addresses or  IP addresses.  However, if you know what port the WAN connection is connected to you can monitor the traffic on that port.  All traffic in/out on the port would be your Internet traffic.

2) Not really, but sort of.  You could have one VLAN for internal traffic and one for Internet Traffic.  However, by monitoring the physical port that the WAN connection is on (see #1) you get the same measure ment.

3) If the two offices use the Internet as the network, then yes transferring files between offices will slow down the over all performance of the WAN.

Now, you mentioned traffic from one office to another.  When you say "internal" traffic, what do you mean?  Traffic within your building only, or do you consider traffic in between offices as "internal" even if it crosses the WAN?
0
 

Author Comment

by:xyxlor
ID: 22981586
All offices are inside the same building...
On a 48 port switch, I consider all traffic that does not leave through ports 49 or 50 to be "Internal". So traffic going from switch port 17 to switch port 18 is considered internal.

Cool - thanks for your response so far... the problem I seem to be having is the need to graph internet usage of each office suite, but internal network traffic is throwing our numbers off...

For example, we want to bill each user in the office for how much traffic they send or receive from the internet, but those without office routers are producing unusually large graphs due to internal networking and file transfers.

See my dilemma? I want to model the same billing a webhost or data center would use... and I don't think they monitor internal traffic.

0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 22981714
O.K.  That will be a bit tough.  Data Center and Web hosting companies do things a bit different from you want to do in most cases.

Web hosting companies look at ALL data to/from the web server.  They don't care if the traffic is to a host within the hosting site or on the Internet.

Data Centers typically have high end L3 switches that support Cisco's NetFlow or something like it.  For devices that support it, NetFlow keeps track of traffic based on IP addresses and ports.  So you can easily measure "inside" and "outside" traffic and even what type of traffic it is (HTTP, SMTP, Telnet, FTP, ect.)

VLAN's will not help.  As even with VLAN you canNOT tell which VLAN's the traffic is going between.  All you can tell is it is going to/from the "Internet VLAN."  With a L2 switch only you would need another device/computer that could do routing also.

As for the internal traffic between offices affecting WAN speed.  Most likely it is not, but it can.  If user in office 1 is copying a file to a computer/server in office 2 and is copying enough data to run the ports at their capacity, then anybody in office 1 or 2 will be impacted if they need to get to a host via the switch.  However somebody in office 3 will not be impacted as long as they are not attempting to get to something in office 1 or 2.

What type of switch do you have?

What type of router do you have connecting you to the Internet?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:xyxlor
ID: 22981829
We are using Layer 2 Switches : D-LINK 3550
The internet is routed through a T1 Adtran Router, to the PIX 501. The PIX 501 then connects directly to the switches.


Thanks for the information so far, it has helped a lot. I am going to do a little more research and then award points.

Best,

-x
0
 
LVL 57

Expert Comment

by:giltjr
ID: 22984710
How many total customers do you have?

Which version of PIX software are you running?

Although it could be a pain, depending on which version of PIX you are running you could create a unique VLAN for each customer, then have all of the VLAN's defined to the PIX as sub-interfaces.  Then you should (I have never done this) use SNMP to query each sub interface on the PIX.

This could make access-control lists a bit more complicated as you could end up needed one list per vlan.
0
 

Author Comment

by:xyxlor
ID: 22990762
Thanks for your help - it's given me a good start on where to look next :-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question