Best way to track WAN data usage?

Phrozenpenguin

Phrozenpenguin

Phrozenpenguin

Associate
Joined
20 Oct 2002
Posts
484
I am setting up a new internet connection and have some specific requirements. I need to decide on router/firewall etc, but thats pretty open. What I need is a way to account for traffic on the WAN interface - ideally down to a per user level.

I'm looking at various captive portals / RADIUS server ideas, but so far they seem to measure *all* traffic from a users network card. I don't care if a user sends data over the LAN, but I do want to measure it over the LAN.

This is for ~20 users, mix of wired and wireless, and the WAN connection is a 100Mbps connection. Open to all options at this stage, but economical, stable and quiet are preferences.

Anyone have any experience or pointers? Thanks in advance.
 
If you WAN link is just for interent and you want to monitor what each user is downloading I'd suggest a proxy server, SQUID was the linux freebie back when I last did this but I have no idea what is used these days. This should let you monitor what each individual users is accessing allthough I'm not sure it would give you data volumes.
 
Assuming you actually want to monitor the WAN link rather than just proxying internet traffic then the two options are:

Plug your WAN link into a semi-decent switch, mirror the port and run your analysis software of choice on a server connected to the mirrored port. Buy a router/firewall which supports flow data (cflow/sflow/jflow) and send said data to a server running your choice of analysis software anywhere on your network.

flow data is generally better as it's more scalable and architecturally easier but bear in mind it's a sampling based method and therefore is only so accurate, it's also a feature of more expensive hardware.

Either method will let you account for traffic in virtually every way you could ever want, mirror port slightly more so as you'll see every packet rather than 1 in every however many for sampling flow data.

We used to do some similar things with our VOIP softswitches, we mirrored all the traffic in and out to a analysis server which also kept the last 2TB of data on a rolling basis. So when people called to complain their calls were breaking up we could extract their individual call and then reconstruct it and play it back tp see how it sounded. Which did alarm some people.
 
Thanks. I don't need to proxy the data. I don't really want a separate server with massive storage to capture stuff - I just need the transfer amounts to be logged. I have no need for replaying the data / checking packets.
I will have a look at flow rate data etc and see what else I work out.
 
Netflow or SFlow on the edge router passing traffic digest?

Software like Plixer Scrutinizer, Solarwinds Netflow Traffic Analyzer (NTA) or PRTG should give you the information you want.
They all have free trials so you can see which you like best.
 
They all seem a bit overkill. I was hoping I could have the data usage logged in the device. I don't want to run a server specifically for processing netflow data. Any ideas on routers which can count data usage?
 
http://www.ipbalance.com/traffic-an...me-bandwidth-monitoring-by-snmp-tool-stg.html

Looks like you could run it along side just about any another server you have. It has logging and adjustable update period.
I'm not sure which interface it's tied to specifically, but I just popped it on to our SNMP community and pointed it at one of our edge routers and started churning out data. With a bit of tinkering it'll do what you want I hope!
 
Yamahahahahaha - thanks, I had already looked at that option. The 'problem' is we don't have any in house servers, and are not planning on getting any. I'm exploring the possibility of SNMP logging 'in the cloud' which may be a good compromise.
 
Yamahahahahaha - we have no real need for office servers. Everything we do is based 'in the cloud' - heavy use of Google Apps, 37Signals products and some others. Everyone uses laptops (hooked to screens etc if required). There is a lot of hot desking, and we have moved buildings a lot recently. Not having to cart servers around helps..

tals - thanks - I had seen Gargoyle and similar DD-WRT/Tomato/Open WRT but wanted something with a bit more support - and support for higher end hardware. I'm pretty sure most of the consumer hardware these firmwares support would struggle to perform well with a 100Mbit/s WAN connection.
 
Not really sure on the answer re that a net gear 3700v2 was quite well speced, 64mb ram and 16mb flash. Could be worth the question on the gargoyle forums. There is a process utilise display on the dashboard and I haven't seen mine go above 1%. But in a work environment I wouldn't know.
 
New Sonicwalls have a built in network throughput graph which is pretty simple and can show you a lot of the data without having to setup anything else

Older (TZ170/190 bigger units like 2060 and 3060s etc) Sonicwalls can do a simple SNMP output of throughput on the various interfaces. You don't ge any detail about what ports are being used and which users are using all the bandwidth etc but it does show you basic stuff like throughput and total about of data.
 
I was just about to post up a very similar thread to this!

I've got a Draytek 2820 router, and currently have ISA, however with a network re-jig, we won't have ISA and it's reporting.

The Draytek can be configured to output a syslog to a separate server, which applications could give details on WAN usage from this syslog?
 
I'm looking into Mikrotik devices. Good value, full feature set, learning curve dependent on networking knowledge.
They will output Netflow, or SNMP, or lots of other options. Haven't finalised a solution yet though.
 
You must log in or register to reply here.
Back
Top Bottom