Hi Ruben, welcome onboard - read my replies inline: On Fri, Jun 08, 2007 at 01:12:22PM +0200, Ruben Laban wrote:
> We have 2 hosting locations with 2 class C public subnets each assigned to > them (so roughly 1024 ip addresses in total). Per single IP we want to know > the ammount of traffic to/from it in a given timeframe and a 95-percentile > over a given timeframe. > > I know pmacct isn't suited for delivering these numbers directly but isn't > the > case with ipac-ng either. Having to do some scripting/programming to get the > actual data is of no problem. pmacct is able to give you back the amount of inbound/outbound/sum traffic for a certain IP address no problem. The 95th percentile would still require some (should be simple enough, if using SQL) elaboration on your side. > On a more detailed side (and I admit I'm still reading the docs), I am > wondering about some specific configuration issues. The memory size of > various pools/buffers/etc in particular. One location has an 100Mbit/s uplink > and the other 1Gbit/s uplink which is currently throttled to about > 150-200Mbit/s. I don't have any actual numbers of packets/s, but only bytes/s > and the fact that most traffic is HTTP. The average usage of both lines > fluctuates between 20-40 Mbit/s with peaks upto 150Mbit/s for one location. > > Related to the above is also the performance of pmacct and the load it > imposes > on the machine. The firewalls in question are Dell PE860 machines with dual > core Xeon's at 3GHz, 1 or 2GB of ram and running Suse Linux Enterprise Server > 9. I see your boxes are pretty beefy, you should not encounter issues of any sort with it. If you are going the promiscuous mode way, would suggest you to take a close look to Q5 of FAQS document - which encompasses some tips both about bufferization and how you can optimize CPU usage while getting packets off the wire PF_RING/libpcap-mmap/etc. You can also search the mailing-list archives regarding a) some numbers the guys have provided in terms of resources consumption - there has been a small survey a while ago; b) a recent discussion about pmacct into a CoLo/hosting environment. Hope this helps. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
