[mrtg] Re: monitoring specific local IPs

Daniel J McDonald dmcdonald at digicontech.com
Mon Feb 26 14:55:14 MET 2001 

> -----Original Message-----
> From: Larry Sheldon
> Sent: Saturday, February 24, 2001 12:03 PM
> > Can somebody please point me in the direction of the
> documentation where I
> > can learn how to configure a Cisco 2500 router and MRTG to
> help me monitor
> > bandwidth utilization of individual local IPs?  Thanks.

> MRTG can report on two kinds of things:
>
> Anything (underscore "Anything") that can be retrieved using SNMP.

What you need to do for this is CAR.  That will allow you put put arbitrary
traffic into an SNMP variable.

Let's say you want to monitor some addresses for activity.  First you need
to build access lists that describe the addresses, and maybe even the
activity:

ip access-list extended 101
permit icmp any any
ip access-list extended 102
permit ip host 192.168.1.2 any
ip access-list extended 103
permit tcp host 192.168.1.3 eq www any

Next you create rules on the interface, declaring what you want to do with
the stuff:

Interface ethernet 0
ip address 192.168.1.1 255.255.255.0
! Ignore moderate ICMP traffic
 rate-limit input access-group 101 10000 2500 5000 conform-action transmit
exceed-action continue
! record all of Joe's traffic
 rate-limit input access-group 102 10000000 25000 50000 conform-action
transmit exceed-action transmit
! Limit Bob's server to 256K of web traffic
 rate-limit input access-group 103 256000 16000 32000 conform-action
transmit exceed-action drop


Now, query the CISCO-CAR-MIB for the number of bytes and/or packets that
conformed or exceeded the rules.  Specifically the ccarStatTable.  A quick
excerpt from the mib:
CcarStatEntry ::=
        SEQUENCE {
                ccarStatSwitchedPkts
                        Counter32,
                ccarStatSwitchedBytes
                        Counter32,
                ccarStatFilteredPkts
                        Counter32,
                ccarStatFilteredBytes
                        Counter32,
                ccarStatCurBurst
                        Gauge32
        }

So, if we perform an SNMPwalk, we get:
[dmcdonald at netmon mib]$ snmpwalk -IR -m CISCO-CAR-MIB -OS 192.168.1.1 public
ccarStatTable
CISCO-CAR-MIB::ccarStatSwitchedPkts.2.1.1 = 7681930 packets
CISCO-CAR-MIB::ccarStatSwitchedPkts.2.1.2 = 1317539 packets
CISCO-CAR-MIB::ccarStatSwitchedPkts.2.1.3 = 1073446 packets
CISCO-CAR-MIB::ccarStatSwitchedBytes.2.1.1 = 2529172528 bytes
CISCO-CAR-MIB::ccarStatSwitchedBytes.2.1.2 = 608391832 bytes
CISCO-CAR-MIB::ccarStatSwitchedBytes.2.1.3 = 411923429 bytes
CISCO-CAR-MIB::ccarStatFilteredPkts.2.1.1 = 0 packets
CISCO-CAR-MIB::ccarStatFilteredPkts.2.1.2 = 0 packets
CISCO-CAR-MIB::ccarStatFilteredPkts.2.1.3 = 0 packets
CISCO-CAR-MIB::ccarStatFilteredBytes.2.1.1 = 0 bytes
CISCO-CAR-MIB::ccarStatFilteredBytes.2.1.2 = 0 bytes
CISCO-CAR-MIB::ccarStatFilteredBytes.2.1.3 = 0 bytes
CISCO-CAR-MIB::ccarStatCurBurst.2.1.1 = Gauge: 0 bytes
CISCO-CAR-MIB::ccarStatCurBurst.2.1.2 = Gauge: 0 bytes
CISCO-CAR-MIB::ccarStatCurBurst.2.1.3 = Gauge: 0 bytes


The instance is formed from:
	The ifIndex of the interface the CAR rules are applied to,
	The direction of the rule (1 is in, 2 is out)
	The rule number
So, on my example router, ethernet 0 has an ifIndex of 2, the rules are
inbound, and there are three of them.

Finally, I suppose you want to see an MRTG target.  OK, here's one:
Target[amarillo_dino]:
enterprises.9.9.113.1.2.1.1.2.2.1.4&enterprises.9.9.113.1
2.1.1.4.2.1.4:public at 172.16.17.1
MaxBytes[amarillo_dino]: 64000
Title[amarillo_dino]: Traffic Analysis for Et0/0 -- Amarillo Server Dino
PageTop[amarillo_dino]: <H1>Traffic Analysis for Et0/0 -- Amarillo Server
Dino</H1>
 <TABLE>
   <TR><TD>System:</TD>     <TD>Amarillo </TD></TR>
   <TR><TD>Maintainer:</TD> <TD></TD></TR>
   <TR><TD>Description:</TD><TD>Ethernet0/0  </TD></TR>
   <TR><TD>ifType:</TD>     <TD>ethernetCsmacd (6)</TD></TR>
   <TR><TD>ifName:</TD>     <TD>Et0/0</TD></TR>
   <TR><TD>Max Speed:</TD>  <TD>512.0 Kbits/s</TD></TR>
   <TR><TD>Ip:</TD>         <TD>172.16.17.1 ()</TD></TR>
 </TABLE>
Legend1[amarillo_dino]: Allowed Traffic
Legend2[amarillo_dino]: Deferred Traffic

You could, naturally, use the load mibs directive to clean up the code a
little, and you could hack the mrtg_lib.pm file so that you could have it
look up ifIndex for you, but that is left as an exercise to the reader.

Of course, there is a lot more you can do with CAR, such as setting TOS or
QOS bits, which is what I use it for.  But it does give you another tool to
monitor virtually anything that passes through a Cisco router.

Daniel J McDonald - CCIE 2495, CNX
Principal Network Specialist
Digicon Technologies
http://www.digicontech.com
dmcdonald at digicontech.com

Digicon - A Cisco Systems Partner, Silver Certified.


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list