> >> Can anyone suggest a tool that can collect statistics on traffic volumes
> >> by the country of the remote host. That on its own would go a long way
> >> for me, but if it coulod also break down on incoming vs outgoing traffic
> >> and by local port number that would be ideal.
> > NetFlow is the "ideal" solution for you.
> > The best solution for FreeBSD would be ng_netflow kernel module
> > since all the other implementations (softflowd, fprobe, ntop etc)
> > use pcap which is a quite CPU-consuming way.
> >
> > You can:
> > 1) force collector to aggregate traffic by source AS
> > and find out autonomous system to country relation somehow;
> > 2) aggregate traffic by source IP and make the IP address to country
> > resolution with GeoIP.
>
>
> Where does the CPU time go with pcap? Is it in the kernal or in userland?
pcap is the original Linux userland packet capturing facility.
> I suspect that for my current needs I can live with a bit of CPU load,
> but am not sure where to expect to look for it to turn up.
You need NetFlow to get your work done well anyway.
So, why would you use a more CPU-consuming version of it?
The only possible reason could be that ng_netflow module isn't included in the
base system yet;
but it surely suites an ISP to account as much traffic as a FreeBSD box can
route.
> Andrew
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
|
