5.7. Monitoring Network Performance

The best way to make sure your network is not the bottleneck is to monitor how much traffic is flowing. Because of collision detection and avoidance in Ethernet, once the load gets above about 50% to 60% of its maximum, you will start to see degrading performance if using hubs. This number if higher for switches, but still exists since the silicon on the switch needs to analyze and move the data around.

To make best use of your networking equipment, you will want to monitor the amount of traffic that is flowing through the network. The easiest way to do this is to use SNMP, or Simple Network Management Protocol. SNMP was designed to manage and monitor machines via the network, be it servers, desktops, or other network devices such as switches or network storage. As you would guess, there are SNMP clients and servers avilable for Linux to monitor the statistics and usage of network interfaces.

SNMP uses an MIB or Management Information Base to keep track of the features of an SNMP device. While a Linux box can have things like monitoring the number of users logged in, a Cisco router will not need these functions. So the MIBs are used to identify devices and their particular features.

The SNMP daemon for Linux is net-snmp, formerly known as usd-snmp, and based on the cmu SNMP package. Your distribution should be mostly configured. The only thing you need to do is set the community name, which is really just the password to access the snmpd server. By default, the community name is "private", but should be changed to something else. You will also want to change the security such that you have readonly access to snmpd.

#        sec.name  source          community
com2sec  paranoid  default         public
#com2sec readonly  default         public
#com2sec readwrite default         private

Change the "paranoid" above to read "readonly" and restart snmpd.

This setting will give readonly access to the entire world to your SNMP server. While a malicious intruder will not be able to change data on your machine, it can give them plenty of information about your box to find a weakness and exploit it. You can change the "source" entry to a machine name, a network address. Default means any machine can access snmpd.

You can test that snmpd is working properly by using snmpwalk to query snmpd.

snmpwalk {host} {community} [start point]

$ snmpwalk 192.168.1.175 public system.sysDescr.0
system.sysDescr.0 = Linux clint 2.2.18 #1 Mon Dec 18 11:23:05 EST 2000 i686
$

Since this example uses system.sysDescr.0 as its start point, there is only one entry that gets listed, that of the output of uname.

5.7.1. Network Monitoring with MRTG

The most popular application for monitoring network traffic is MRTG, the Multi Router Traffic Grapher. MRTG tracks and graphs network usage in graphs ranging from the last 24 hours to a year, all on a web page. MRTG uses SNMP to fetch information from routers. You can also track individual servers for ingoing and outgoing traffic.

The process of monitoring a server using SNMP will consume a small portion of network, memory, and CPU.

MRTG is available for Red Hat and Debian distributions. You can also download the source from the MRTG home page. Once installed, you will need to configure MRTG to point to the servers or routers you wish to monitor. You can do this with cfgmaker. The options to cfgmaker have to include the machine and community name that you want to monitor.

mkomarinski@clint:~$ cfgmaker public@localhost --base: Get Device Info on public@localhost --base: Vendor Id: --base: Populating confcache --base: Get Interface Info --base: Walking ifIndex --base: Walking ifType --base: Walking ifSpeed --base: Walking ifAdminStatus --base: Walking ifOperStatus # Created by # /usr/bin/cfgmaker public@localhost ### Global Config Options # for Debian WorkDir: /var/www/mrtg # or for NT # WorkDir: c:\mrtgdata ### Global Defaults # to get bits instead of bytes and graphs growing to the right # Options[_]: growright, bits ###################################################################### # System: clint # Description: Linux clint 2.2.18 #1 Mon Dec 18 11:23:05 EST 2000 i686 # Contact: mkomarinski@valinux.com # Location: Laptop (various locations) ###################################################################### ### Interface 3 >> Descr: 'wvlan0' | Name: '' | Ip: '192.168.1.175' | Eth: '00-02-2d-08-ae-c1' ### Target[localhost_3]: 3:public@localhost MaxBytes[localhost_3]: 1250000 Title[localhost_3]: Traffic Analysis for 3 -- clint PageTop[localhost_3]: <H1>Traffic Analysis for 3 -- clint</H1> <TABLE> <TR><TD>System:</TD> <TD>clint in Laptop (various locations)</TD></TR> <TR><TD>Maintainer:</TD> <TD>mkomarinski@valinux.com</TD></TR> <TR><TD>Description:</TD><TD>wvlan0 </TD></TR> <TR><TD>ifType:</TD> <TD>ethernetCsmacd (6)</TD></TR> <TR><TD>ifName:<TD> <TD></TD></TR> <TR><TD>Max Speed:</TD> <TD>1250.0 kBytes/s</TD></TR> <TR><TD>Ip:</TD> <TD>192.168.1.175 ()</TD></TR> </TABLE>

All the configuration information has been pulled from snmpd. You can redirect the output of cfgmaker into /etc/mrtg.cfg.

Most installations of mrtg will include a cron process to run mrtg if /etc/mrtg.cfg exists every five minutes. Within five minutes, you will see data on your web site.