User:Syoder/Monitoring

From ImageStream Router Documentation

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
== Aggregate Ethernet Monitoring Setup ==
== Aggregate Ethernet Monitoring Setup ==
-
Hardware setup uses an Ethernet tap and requires 2 Ethernet ports on the router per Ethernet port tapped to monitor traffic in both directions. Our example uses Ethernet1 and Ethernet2 to receive the traffic from the tap. The ports are bridged together to allow a capture program to monitor both flows of traffic simultaneously.
+
Hardware setup uses an Ethernet tap and requires 2 Ethernet ports on the router per Ethernet port tapped to monitor traffic in both directions. Our example uses Ethernet1 and Ethernet2 to receive the traffic from the tap. The ports are bridged together to allow a capture program to monitor both flows of traffic simultaneously. Even though the hardware tap disconnects the transmit lines we shouldn't be transmitting any data on the ports. We use the split-horizon feature of bridging to prevent packets received on one port from being transmitted on the other port.
 +
 +
Local Packet Capture Example
 +
<nowiki> </nowiki>
  interface bvi1
  interface bvi1
   description Ethernet Ports 1+2
   description Ethernet Ports 1+2
Line 16: Line 19:
  !
  !
-
Even though the hardware tap disconnects the transmit lines we shouldn't be transmitting any data on the ports. We use the split-horizon feature of bridging to prevent packets received on one port from being transmitted on the other port.
+
Run ''tcpdump -i bvi1 -w dump.cap'' to capture data from the bridge. The router's ramdisk has limited storage space so an add-on hard drive is recommended for captures over a few megabytes in size.
 +
 
 +
If an external monitoring server is to be used the data can be sent to the server by simply adding the port connecting to the monitoring server to the bridge group. The port can be an Ethernet port, VLAN interface, WAN port or tunnel.
 +
 
 +
External Packet Capture Example
 +
<nowiki> </nowiki>
 +
interface bvi1
 +
  description Ethernet Ports 1+2
 +
  no ip address
 +
!
 +
interface Ethernet1
 +
  no ip address
 +
  bridge-group 1 spanning-disabled horizon 1
 +
!
 +
interface Ethernet2
 +
  no ip address
 +
  bridge-group 1 spanning-disabled horizon 1
 +
!
 +
interface Ethernet3
 +
  no ip address
 +
  bridge-group 1 spanning-disabled
 +
!
 +
 
 +
Traffic from the monitored ports from Ethernet 1+2 will be sent to Ethernet3.
 +
 
 +
 
 +
== WAN Monitoring Setup ==

Revision as of 20:01, 5 June 2008

Aggregate Ethernet Monitoring Setup

Hardware setup uses an Ethernet tap and requires 2 Ethernet ports on the router per Ethernet port tapped to monitor traffic in both directions. Our example uses Ethernet1 and Ethernet2 to receive the traffic from the tap. The ports are bridged together to allow a capture program to monitor both flows of traffic simultaneously. Even though the hardware tap disconnects the transmit lines we shouldn't be transmitting any data on the ports. We use the split-horizon feature of bridging to prevent packets received on one port from being transmitted on the other port.


Local Packet Capture Example
 
interface bvi1
 description Ethernet Ports 1+2
 no ip address
!
interface Ethernet1
 no ip address
 bridge-group 1 spanning-disabled horizon 1
!
interface Ethernet2
 no ip address
 bridge-group 1 spanning-disabled horizon 1
!

Run tcpdump -i bvi1 -w dump.cap to capture data from the bridge. The router's ramdisk has limited storage space so an add-on hard drive is recommended for captures over a few megabytes in size.

If an external monitoring server is to be used the data can be sent to the server by simply adding the port connecting to the monitoring server to the bridge group. The port can be an Ethernet port, VLAN interface, WAN port or tunnel.

External Packet Capture Example
 
interface bvi1
 description Ethernet Ports 1+2
 no ip address
!
interface Ethernet1
 no ip address
 bridge-group 1 spanning-disabled horizon 1
!
interface Ethernet2
 no ip address
 bridge-group 1 spanning-disabled horizon 1
!
interface Ethernet3
 no ip address
 bridge-group 1 spanning-disabled
!

Traffic from the monitored ports from Ethernet 1+2 will be sent to Ethernet3.


WAN Monitoring Setup

Personal tools
Router software releases