[c-nsp] MRTG graphing traffic that hits an ACL
Ed Ravin
eravin at panix.com
Wed Jul 5 13:55:39 EDT 2006
On Wed, Jul 05, 2006 at 11:10:30AM -0500, Dave Weis wrote:
>
> I wanted to graph how much bandwidth or how many packets match a specific
> ACL on a 2600 series router. Does something like that show up in the SNMP
> MIB and how do I reference it with MRTG or similar?
The genRtrConfig and/or genDevConfig scripts from Acktomic generate Cricket
config files for monitoring rate-limit filters. You could set things
up so that the rate-limit uses a particular ACL, and then you'd get
a graph of traffic passed or blocked by the rate-limit statements.
You can get a graph for each rate-limit statement on an interface, so
you should be able arrange things so that you can measure traffic that
you pass as well as traffic that you block.
genRtrConfig/genDevConfig can be downloaded from:
http://www.acktomic.com/cricket/cricket-genRtrConfig.htm
Although it creates files for Cricket, you should be able to convert
it into MRTG, since the graphs are created by fetching the values of
SNMP counters. I've used the rate-limit graphing with Cricket and it
works as expected, though with multiple rate-limit statements on an
interface, it's a little hard to tell which one is which.
As others have posted, you could do this with Netflow, but I think
it would work only if your ACL checks only for things that can also
be seen in Netflow data - namely IP addresses and port numbers.
If your ACL is also testing for SYN or other stuff that gets summarized
by the time Netflow gets ahold of it, you're out of luck. If you decide
you want to pursue this path, I'd recommend using flow-tools and the
tutorial at http://www.dynamicnetworks.us/netflow/ .
-- Ed
More information about the cisco-nsp
mailing list