[c-nsp] MRTG graphing traffic that hits an ACL

[Dave Weis]

On Wed, 5 Jul 2006, Oliver Boehmer (oboehmer) wrote:
> Dave Weis <> wrote on Wednesday, July 05, 2006 6:40 PM:
>> On Wed, 5 Jul 2006, Oliver Boehmer (oboehmer) wrote:
>>> Dave Weis <> wrote on Wednesday, July 05, 2006 6:11 PM:
>>>> I wanted to graph how much bandwidth or how many packets match a
>>>> specific ACL on a 2600 series router. Does something like that show
>>>> up in the SNMP MIB and how do I reference it with MRTG or similar?
>>> no.
>>> Not sure if this works, but if you really need to find out, you could
>>> try to put this traffic into a QoS class, use the "drop" directivy in
>>> the appropriate class within a policy-map and monitor the offered
>>> rate using QOS-MIB (not sure if we maintain per-class BW in this
>>> case, if not, a policer with "drop" as conform- and exceed-action
>>> will likely do). But this MIB is not trivial, and this definitly has
>>> a performance impact (unless you're already doing QoS)..
>>
>> Any less painful method to see how much bandwidth a specific type of
>> traffic is consuming?
>
> netflow? Netflow will report dropped flows using a zero egress
> interface.. MRTG graphing could be tricky, though (maybe there are some
> tools around).
> Out of interest: why do you want to graph traffic that you drop? Is this
> supposed to be a permanent measure, or just temporarily?

It won't necessarily be dropped, we just want to see how much p2p and IM 
traffic is going through now.

-- 
Dave Weis
djweis at internetsolver.com
http://www.internetsolver.com/