I'm planning a network configuration for dedicated server hosting that will allow me to measure/bill on traffic to/from the internet, but allow unlimited use on the internal network. I have a single 100 mb ethernet connection per rack to my DC's backbone that I get charged for. If I connect this to a 24 port switch in each rack, how could I just read traffic headed out the uplink PER SERVER? Not sure I can do it this way unless I can set up VLANS for every server and the switch vendoer has a OID for VLANs. I havent picked a switch vendor yet, but am leaning towards the Intel 5xx series that supports VLANS and of course SNMP.

The goal here is to offer value added services that won't affect the customer's BW usage. Things like backups, restores, Databases, etc. If I measure BW at the switch port, all of this will be included in their 95% monthly usage. Should I just do it this way, offer the services for free but charge my standard rate for total BW used? This might be easier. Free backups, but count the BW used against monthly BW rates.

Any other suggestions?

Nik,

The easiest way would just to run MRTG with RRDTool, and the 95% script.


David

Yes, but what counters do I watch? MRTG will give me all traffic on an interface, whether it's a port, NIC card, entire router, etc. I want to include ONLY traffic from a single box routed to the internet, not across switch ports. I don't own the router, it's provided by the DC I'm at.

We use a tool that monitors the switch and watch/generate reports based on the traffic on a given port. One port, one connection.

Aaron

Nik,

When you run the basic MRTG on a switch, it beaks the inbound and ourbound traffic for only that port/server.

Then your uplink port to your upstreams router, can be mnointor for total traffic going across that port.

To do this, all you need is a switch (usually managed) that supports SNMP.


David

David,

Wouldn't the uplink port to my upstream give me the traffic for ALL switch traffic? I want to break it down by port, but only traffic that leaves the switch. That's the real challenge. If I watch the uplinlk port on a 24 port switch, it's going to give me total traffic from all 24 ports. I need to measure per-port traffic, but only in and out the uplink port, not other switch ports. I'm not sure this is do-able.

See attached graphic

You won't be able to "don't count port to port traffic" simply because the uplink is ALSO a port!

What you can do is ask your customers to install a second NIC, configure a local VLAN for them to do server to server data transfer.

Also, MRTG on the uplink port will only give you total Internet traffic, not traffic for all the ports.

I'm not sure which switches (if any) are capable of doing what you're looking for; but my solution would be to set up a transparent bridge (running OpenBSD, probably) between the switch and the outside world. You can then use the bridge for both firewall and accounting purposes.

Make sure you purchase a managed switch. Once it's installed, there's a 'discovery' tool that comes with MRTG. You run this tool and it maps everything out for you on your switch as long as you have the community strings setup properly..

Once you have the default configs for MRTG, you can begin running it. It will graph the inbound, AND outbound traffic on the same graph by default, and the two are very easily distinguishable. This will be measuring the traffic generated at EACH switch port individually. If you have a 24 port switch, you will get 24 seperate graphs.

If you need help setting up/configuring this, PM me..

Heh.. what's he's asking is.. he doesn't want to have the bandwidth that goes BETWEEN servers plugged into the switch show up on the MRTG. He only wants to see traffic that is leaving the switch going to the DC .. the only way you can do that is with vlans and it's a rather difficult setup with only one switch, it would be easier to have two switches. Or just do it on a router instead :P

I agree.... use a 2nd switch, saves headache, then you don't have to use up the 100 meg port for non service related tasks... and with the 2nd switch, you wouldn't need a managed, you could go buy a $200 24 port rackmount switch from compusa...