Graphing IPv4 vs IPv6 traffic
Hi All, I'm interested in comparing the volume of IPv4 and IPv6 traffic entering my home network - ideally by graphing it with Cacti. My edge router is an RB1100AHx2, with a PPPoE connection to my ISP and a couple of ports uplinking to gigabit switches. Unless I'm mistaken, there are no objects in the SNMP MIB for this. I looked at exporting flow data, but it seems flow export is only supported for IPv4. I guess at a pinch I could subtract the IPv4 volume (from the flow data) from the interface counters (IPv4+IPv6) and get something fairly close. Kind of messy though. I could probably whack in some firewall rules to simply count traffic and ssh to the router every 5 minutes to pull the numbers. Also kind of messy. Has anyone done this before? Any suggestions on a relatively simple (and reliable) way to do it that I've overlooked? Cheers.
On Sat, 2015-04-04 at 18:21 +1100, Purdon, Bob wrote:
I'm interested in comparing the volume of IPv4 and IPv6 traffic [...] I looked at exporting flow data, but it seems flow export is only supported for IPv4.
Not true - I'm doing it now. Just make sure you choose NetFlow v9.
Has anyone done this before? Any suggestions on a relatively simple (and reliable) way to do it that I've overlooked?
I don't have complicated needs There's an old netbook running nfdump to collect the flows, and I use nfsen to look at it. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F
Interesting - will check this out. As I only saw the "Traffic flow" item under IPv4 in the Mikrotik web interface, I wrongly assumed it would only export IPv4 flows.. Using the HTTP API to collect firewall rule counters also seems like a workable approach (not as ugly as ssh'ing into the router ever 5 mins :-) ). I'm sure one of those approaches will get me to where I want to go :-) On 4 April 2015 at 18:47, Karl Auer <kauer@nullarbor.com.au> wrote:
On Sat, 2015-04-04 at 18:21 +1100, Purdon, Bob wrote:
I'm interested in comparing the volume of IPv4 and IPv6 traffic [...] I looked at exporting flow data, but it seems flow export is only supported for IPv4.
Not true - I'm doing it now. Just make sure you choose NetFlow v9.
Has anyone done this before? Any suggestions on a relatively simple (and reliable) way to do it that I've overlooked?
I don't have complicated needs There's an old netbook running nfdump to collect the flows, and I use nfsen to look at it.
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
You will also need connection tracking turned on for both ip and ipv6 to get netflow. You could also set up queues to track ipv4 and ipv6 separately and graph them? http://about.me/terry.sweetser ------------------------------------------------------------------------ *From:* Bob Purdon <mailto:%3Ca%3Ebobp@purdon.id.au%3C/a%3E> *Sent:* Saturday, April 04, 2015 6:03PM *To:* Mikrotik Australia Public List <mailto:%3Ca%3Epublic@talk.mikrotik.com.au%3C/a%3E> *Subject:* Re: [MT-AU Public] Graphing IPv4 vs IPv6 traffic
Interesting - will check this out. As I only saw the "Traffic flow" item under IPv4 in the Mikrotik web interface, I wrongly assumed it would only export IPv4 flows..
Using the HTTP API to collect firewall rule counters also seems like a workable approach (not as ugly as ssh'ing into the router ever 5 mins :-) ).
I'm sure one of those approaches will get me to where I want to go :-)
I ended up using firewall rules to collect the numbers, then the API to extract the data. Works well enough for what I needed. On average, inbound IPv6 accounts for 19.6% of my total traffic over the last 5 days. On any single day it can be as high as 40%. On 10 April 2015 at 20:41, Terry Sweetser <terry+mikrotik@skymesh.net.au> wrote:
You will also need connection tracking turned on for both ip and ipv6 to get netflow.
You could also set up queues to track ipv4 and ipv6 separately and graph them?
http://about.me/terry.sweetser
------------------------------------------------------------------------
*From:* Bob Purdon <mailto:%3Ca%3Ebobp@purdon.id.au%3C/a%3E> *Sent:* Saturday, April 04, 2015 6:03PM *To:* Mikrotik Australia Public List <mailto:%3Ca%3Epublic@talk. mikrotik.com.au%3C/a%3E> *Subject:* Re: [MT-AU Public] Graphing IPv4 vs IPv6 traffic
Interesting - will check this out. As I only saw the "Traffic flow" item
under IPv4 in the Mikrotik web interface, I wrongly assumed it would only export IPv4 flows..
Using the HTTP API to collect firewall rule counters also seems like a workable approach (not as ugly as ssh'ing into the router ever 5 mins :-) ).
I'm sure one of those approaches will get me to where I want to go :-)
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hmmm didn't realise they had left v6 off Netflix, will check that! Id (and I'm able it to for a side project) use firewall rules and the http Api to get the data into mrtg or rrds :). -should be fairly simple :) On Saturday, 4 April 2015, Purdon, Bob <bobp@purdon.id.au> wrote:
Hi All,
I'm interested in comparing the volume of IPv4 and IPv6 traffic entering my home network - ideally by graphing it with Cacti. My edge router is an RB1100AHx2, with a PPPoE connection to my ISP and a couple of ports uplinking to gigabit switches.
Unless I'm mistaken, there are no objects in the SNMP MIB for this.
I looked at exporting flow data, but it seems flow export is only supported for IPv4. I guess at a pinch I could subtract the IPv4 volume (from the flow data) from the interface counters (IPv4+IPv6) and get something fairly close. Kind of messy though.
I could probably whack in some firewall rules to simply count traffic and ssh to the router every 5 minutes to pull the numbers. Also kind of messy.
Has anyone done this before? Any suggestions on a relatively simple (and reliable) way to do it that I've overlooked?
Cheers. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au <javascript:;> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Ffs autocorrect! Netflix = netflow and able = about :) Cheers, DG On Saturday, 4 April 2015, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Hmmm didn't realise they had left v6 off Netflix, will check that!
Id (and I'm able it to for a side project) use firewall rules and the http Api to get the data into mrtg or rrds :). -should be fairly simple :)
On Saturday, 4 April 2015, Purdon, Bob <bobp@purdon.id.au <javascript:_e(%7B%7D,'cvml','bobp@purdon.id.au');>> wrote:
Hi All,
I'm interested in comparing the volume of IPv4 and IPv6 traffic entering my home network - ideally by graphing it with Cacti. My edge router is an RB1100AHx2, with a PPPoE connection to my ISP and a couple of ports uplinking to gigabit switches.
Unless I'm mistaken, there are no objects in the SNMP MIB for this.
I looked at exporting flow data, but it seems flow export is only supported for IPv4. I guess at a pinch I could subtract the IPv4 volume (from the flow data) from the interface counters (IPv4+IPv6) and get something fairly close. Kind of messy though.
I could probably whack in some firewall rules to simply count traffic and ssh to the router every 5 minutes to pull the numbers. Also kind of messy.
Has anyone done this before? Any suggestions on a relatively simple (and reliable) way to do it that I've overlooked?
Cheers. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
--
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net <javascript:_e(%7B%7D,'cvml','rendrag@rendrag.net');> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
participants (4)
-
Damien Gardner Jnr
-
Karl Auer
-
Purdon, Bob
-
Terry Sweetser