Network Monitoring bridge... possible? how?

zeegy

zeegy

zeegy

Associate
Joined
7 Oct 2003
Posts
674
Location
Bournemouth
I appreciate that there a lot of awesome tools out there such ClearOS, Untangle and the like.

Most of these devices are used to provide all one solutions or to act as a gateway similar.
What I would like is a some software that I can place as a server, solely for analysis of data that passes through essentially a bridge and reports how much bandwidth is in use, broken down by IP or similar to help me diagnose what is using up my bandwidth that comes in, or back from the gateway
Ideally, I do not want this server to manage DHCP, DNS or NAT – It is simply sat in between the gateway and the lan and monitors traffic coming in and out.

Anyone know of any tools that can do this? I have enclosed a diagram to help you understand what I am trying to do.
Or, am I looking at it the wrong way? I need to keep the existing router, so using untangle as my gateway and using my modem/router in modem only mode is not an option.

networking_question.jpg
 
I've never used this software but a quick search found ipband: http://ipband.sourceforge.net

This should be easy enough to do, install whatever version of linux you are comfortable with (assuming you are as you mentioned ClearOS) on the server, bridge the two NIC's together, patch the two NICs so that all Ethernet traffic is going through the server as your diagram suggests, you shouldn't even have to reconfigure anything else? The other server would continue handing out DHCP / DNS etc as it already is and the second server would just bridge the traffic between the two NICs.

With a linux box sitting in between your network and the internet there won't be much you can't analyse using iptraf, tshark/wireshark, ipband, and 100s of other tools?

Edit: Also worth a mention is some managed switches have the ability to mirror traffic from one port to another which might be a possibility depending what your switch is.
 
Last edited:
Bridging introduces a whole bunch of complexity and latency into your network, for no real good reason. Find a router that supports Netflow (e.g. the EdgeRouter Lite).
 
I've had VMs running software routers with bridged interfaces for both their WAN and LAN and found the latency to be perfectly acceptable and I don't see why bridging two interfaces adds any major complexity..He could go out and buy a new router but why not make use of what he has already?
 
Some IPS products will do this sort of thing, but not exactly free ;)

IBM have a free 30 trial download of their XGS system that you can run in a VM, might be worth it for a quick play?
 
Illusion said:
I've had VMs running software routers with bridged interfaces for both their WAN and LAN and found the latency to be perfectly acceptable and I don't see why bridging two interfaces adds any major complexity..He could go out and buy a new router but why not make use of what he has already?
Click to expand...
Sure. But... You can't deny that adding an additional device to the chain:

- creates additional latency -- small, but measurable, and in my opinion always unwanted
- creates an additional point of failure and unreliability
- introduces additional complexity when it comes to troubleshooting -- and if you've never installed/configured/troubleshooted a bridge, then you're in for a treat

Not to mention an additional device that consumes power, generates heat and noise, requires security patches, additional IP addresses to keep track of, etc. etc.

That is what I meant.
 
zeegy said:
Or, am I looking at it the wrong way? I need to keep the existing router, so using untangle as my gateway and using my modem/router in modem only mode is not an option.
Click to expand...
Could you give a bit of background to why replacing the router isn't an option?
 
rotor said:
Could you give a bit of background to why replacing the router isn't an option?
Click to expand...

Sure, the router is also a load balancer. I know that some tools like untangle support WAN balancing too but the company want to keep with a hardware solution.

Additional latency will be minimal, but the new infrastructure will be a lot, lot better than what they have had before. it will still seem quicker to them.

I agree, there is the risk of failure, which is why i like this idea more than replacing the router... if the server fails, disconnect the two leads from the server, get a coupler and join the network together without this in the middle :)
 
Or if there's budget buy a device/appliance to do this that has network bypass capability in event of failure :)
 
You must log in or register to reply here.
Back
Top Bottom