Hi boys and girls,
I have a customer where I am fairly sure they are maxing out their internet connection. At present their network is fairly flat (only a vlan for phones and one for public wifi) and it all goes straight into a Draytek 2860 router.
The problem I have is that the monitoring on the draytak leaves quite a bit to be desired. I can get a current list of which IP’s are using what bandwidth (in and out) or a graph giving total usage either daily or weekly but without any ability to pinpoint actual values.
I would quite like to try and find out who the big bandwidth users are by IP in a given date/time range.
I have provided the customer with a quote to install a pfSense VM but it also requires some server updates (low ram and hdd) so they are reluctant at the moment to give me the OK.
So, to my question…
Do I install pfSense on the current setup which won’t be ideal but which I think will allow me to monitor things more easily AND do load balancing if we decide a second WAN connection is the fix
or
Can anyone think of a better short term solution to monitor bandwidth usage on the router to prove that a/ the “slow internet” is a bandwidth issue and b/ that someone isn’t pulling(or pushing) a load of data that they shouldn’t be?
Any thoughts would be appreciated.
Hi @garethw,
Can’t use something like a monitoring system like zabbix?
I just checked the support for them and you can monitor the wan interface. (https://zabbix.org/wiki/Zabbix_Templates)
On that you can create an alert to send it to an email or text message.
Hope this helps!
Regards,
Mitchell
we used to use Draytek SmartMoniror was a bit crappy but gave some metrics.
https://www.draytek.co.uk/products/accessories/smartmonitor#downloads
I probably would not put pfSense on a VM in a network like thiis. Put a hardware box in.
Thanks guys,
@mitchellve, learning Zabbix is on my list of things to do so maybe this is a good excuse
@innermotion, now you mention it I think I might have come across that before but had totally forgotten it exists. Might grab it and try that first as a quick fix. Quite happy with pfsense as a VM, dedicated hardware is better in many ways but I like the redundancy you get from a VM
Yeah +1 for Zabbix
Your mileage may vary i have not used it for years so might well not run very well. Dust off a windows 7 VM to run it.
I just hate that anything goes wrong in Virtual stack you lose all your network, i have learnt the hard way on this on ;-)). Probably would just pop in SG-3100 to replace a 2860 or could get a cheaper 3rd party box. I just like same hardware everywhere makes having spares easy.
The PTRG free version may be good for you
https://www.paessler.com/lan_monitor , it’s free for upto 100 hosts.
SNMP available on your Draytek? You could use MRTG or more robust monitoring system like NAV (https://nav.uninett.no - my preferred system), Zabbix, Nagios, etc. to record bandwidth usage…
If SNMP isn’t available on the router, is it available on the switch feeding it? Or can you do a SPAN/Monitor port of the port feeding the router (or insert a tap on the line feeding it) and record traffic statistics with a device off of that?
If per host statistics are needed (and monitoring switchports are not an option), something like NTOP provides good data.
Brilliant replies everyone thanks.
I guess most of the options involve about the same amount of work as dropping pfSense in. My experience of Nagios and MRTG is that they are huge and complicated to set up (I’ve failed at them more times than I’ve succeeded). I’ve played with PRTG in the past as an on boarding tool but never for monitoring so will look at that as well
As I said previously, Zabbix is on my “to learn” list so I might use the draytek smartmon thing as a quick fix, drop prtg on see if that helps then spend the weekend figuring Zabbix out.
@egftechman SNMP is available on all switches and the router so something using that is almost certainly going to be one of the options. Will check out NAV as well.