[rrd-users] Re: Cisco Interface Statistics

Dave Plonka plonka at doit.wisc.edu
Thu Apr 13 16:34:45 MEST 2000

On Thu, Apr 13, 2000 at 09:54:41PM +0800, Jason Jordan wrote:
> Howdy Folks,
> I know this isn't on topic, but it is related to network monitoring and
> seeing as though thats what we do...

I'll try to bring it toward the topic...
> I have a need to calculate total volume through a particular interface
> on a Cisco router on a rolling day, week, month, year basis.
> I need to be accurate, so averaging is out.
> We get billed per kb and we'd like to verify the charge.

Sorry but some sort of averaging is the *only* way, you can't get
instantaneous bandwidth usage - the device isn't able to tell you

There are two popular methods with Ciscos:

  1) polling counters using SNMP

     This is a "polling" technique.  That is, you must ask the device
     how much traffic it has seen.

     This is, of course, what is done with MRTG, Cricket, and some of
     the other RRDTOOL frontends.

  2) using Cisco's NetFlow export feature

     This is an "unsolicited event/trap-based" technique.  That is, the
     device will send the traffic information to you.

     This will depend on what sort of Cisco you have, and what IOS version.
     This is collected using tools like CAIDA's cflowd.
     There is a nice list of references about it here:

Interestingly enough, RRDTOOL can be used with either of these methods,
with available frontends.

As for averaging, you can average over very short periods of time (e.g.
5 minutes - the MRTG precedent, or less), but it's still averaging.  In
rare instances we've done 1 or 2 minutes with MRTG.

To deal with your concern about further averaging after the initial
data points are collect (i.e. the coallescing of multiple data points
in seperate Round-Robin Archives) you will probably want to define your
own RRA, maybe just one big one with 5 minute samples/averages only.
(The "problem" is your ".rrd" will be very big if you do this for a
long time, and your "current" time pointer into that RRA will
wrap-around more often.  With the default MRTG or Cricket config, we've
got years to think about how to adjust things before we really lose and

> I'd prefer to do it in Perl, but I'm no programmer.  I've looked at
> adapting some of the contrib code in the MRTG package and I've seen
> tools like chan-stat for Windows...
> I guess what I'm really hoping for is that someone in here has already
> done all the hardwork and has written a little perl script that does
> what I've described.... 8-)

They have - MRTG, Cricket, etc.  (Your concept of "small" may be different,
but anything tiny is probably a kludge and won't have the checks and
balances that should be there.)

If you don't want to take advantage of the experience and hard work of
the authors of all those packages, then the trivial example to just get
the raw data is (e.g. in Bourne, Korn, bash shells):

   $ snmpwalk router.my.domain public interfaces.ifTable.ifEntry.ifDescr

In that output, find the interface index that you're interested in -
e.g. "1", then do:

   $ while true
      snmpget router.my.domain public interfaces.ifTable.ifEntry.ifInOctets.1
      snmpget router.my.domain public interfaces.ifTable.ifEntry.ifOutOctets.1
      sleep 5 # number of seconds between samples
   Name: interfaces.ifTable.ifEntry.ifInOctets.1 -> Counter: 129759671
   Name: interfaces.ifTable.ifEntry.ifOutOctets.1 -> Counter: 638271223
   Name: interfaces.ifTable.ifEntry.ifInOctets.1 -> Counter: 130076353
   Name: interfaces.ifTable.ifEntry.ifOutOctets.1 -> Counter: 638284805

Direct that to a log file, and wait for it to break.  "Subtract" the
sampled values to find how many bytes have been passed by that
interface in that number of seconds (being aware that they wrap-around
at UINT_MAX for a 32-bit unsigned integer).

snmpwalk/get are from the CMU SNMP package:


Similar utils also come with other packages and commercial programs
such as Tivoli/IBM's NetView, etc.  Personally, I always use Simon
Leinen's perl SNMP stuff:



plonka at doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF  Madison, WI

Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/rrd-users

More information about the rrd-users mailing list