[rrd-users] quick sanity check on my config ... not sure if AVERAGE is appropriate

Simon Hobson linux at thehobsons.co.uk
Mon Oct 22 08:52:15 CEST 2007

At 15:47 -0700 21/10/07, Gore Jarold wrote:
>I keep two ipfw counters of bandwidth - one inbound
>and one outbound:
>10    399000    569950699 count ip from any to any via
>fxp0 in
>11    258417     15855661 count ip from any to any via
>fxp0 out
>I am simply trying to create a simple, standard
>green/blue in/out bandwidth graph, just like MRTG,
>measured in BITS/s.
>I am just not sure if I have created the RRD

>I created the RRD with:
>rrdtool create traffic.rrd DS:inbound:COUNTER:600:0:U
>DS:outbound:COUNTER:600:0:U RRA:AVERAGE:0.5:1:288
>(my cron job will check it every five minutes)
>I update with:
>rrdtool update traffic.rrd N:`/sbin/ipfw show|grep
>^00010 |awk '{print $3}'`:`/sbin/ipfw show|grep ^00011
>|awk '{print $3}'`
>So is this correct ?  I am not sure if AVERAGE is the
>correct aggregate function ?

This looks reasonable, it's similar to what I do (except I use 
iptables directly to read the counters). Is average correct ? Well 
that depends on what you want to graph in the future.

Personally I would suggest having MAX as well - you can't derive max 
from average nor average from max so if you might ever want max (or 
min for that matter) then store it now and you won't be coming back 
in 6 months asking how to get it !

But you WILL be wanting average once your data gets consolidated, 
using max gives a very distorted view of historical traffic.

You have only defined one RRA there, keeping 288x5min samples - if 
you want to show historical traffic then you'll need additional lower 
resolution RRAs to keep the data.

>The 'count' number I am grabbing from ipfw never goes
>down to zero - it is just bigger and bigger every time
>it checks it (unless the system reboots).  And it
>checks it every five minutes.

Well if you leave it long enough it will wrap around to 0 ! I check 
my counters every minute and let rrd take care of the numbers - 
unless you take a lot of care, you won't be checking exactly on rrd's 
sample boundaries and it'll be doing some adjustments anyway. It also 
means that if I reload the firewall config (which resets the 
counters) then I don't lose a whole sample period and it's less of a 
blip in the graphs.

>Also, the 'ipfw count' value I am grabbing is in
>BYTES, so do I need to be dividing by 8 somewhere

It's multiply by 8 to get from bytes/s to bits/s. You can do it as 
you store the data, or when you do the graphs - for such simple 
graphs there is negligable overhead in doing it when you draw the 

More information about the rrd-users mailing list