| 1 |
On 03/11/11 07:41, Ed W wrote: |
| 2 |
> This is almost certainly the wrong place to ask, but have any clever |
| 3 |
> folks here got some ideas for doing per user (and eventually per |
| 4 |
> user/per protocol) accounting for data crossing a router box (running |
| 5 |
> gentoo)? |
| 6 |
|
| 7 |
|
| 8 |
Architecture |
| 9 |
Via an iptables router or transparent bridge? |
| 10 |
Too many issues for advise. What every you do, |
| 11 |
you'll re-engineer it over and over again. |
| 12 |
This is why carriers have hundreds of coders |
| 13 |
and thousands of folks working on their code. |
| 14 |
It's a task, that is NEVER COMPLETE! |
| 15 |
|
| 16 |
(There is a reason the carriers of the world |
| 17 |
abandoned ATM, as it had this sort of granularity |
| 18 |
built in....caveat emptor! |
| 19 |
|
| 20 |
|
| 21 |
Method 1 |
| 22 |
http://conntrack-tools.netfilter.org/ |
| 23 |
|
| 24 |
Your going to overwhelm an embedded system with all of this |
| 25 |
accounting and database, so split it across several |
| 26 |
systems. Choose the processors wisely and make sure |
| 27 |
they support massive amounts of ram. Choose your final database wisely |
| 28 |
and only track what you need. BLOAT will kill the project. |
| 29 |
|
| 30 |
|
| 31 |
Method 2 |
| 32 |
Adapt an excellent high end NMS (Network Management System) |
| 33 |
Such as Nagios or JFFNMS to your needs. JFFNMS |
| 34 |
does quiet a lot with cisco and other routers, |
| 35 |
pumps data into mysql or postgresql-9; Postgresql-9 |
| 36 |
has many new features and is my choice, but |
| 37 |
it's a BEAST to get your arms around. Unlimited |
| 38 |
scaling and lots of SeLinux support, at least |
| 39 |
in Gentoo. JFFNMS also supports TACAS and |
| 40 |
TACAS+, which, if it encompasses what |
| 41 |
you need, would be your best route to avoid |
| 42 |
a monstrous amount of coding on your own. |
| 43 |
|
| 44 |
|
| 45 |
I'm sure there are other methods. ANY method you choose |
| 46 |
will be a gargantuan task to implement and maintain. |
| 47 |
Many go down this path (bit counting) most fail |
| 48 |
miserably! |
| 49 |
|
| 50 |
I would go with JFFNMS, TACAS+ and Postgresql |
| 51 |
as the backend database (and sql-ledger). If there are |
| 52 |
features you require that TACAS+ does not provide |
| 53 |
build a transparent bridge and use ConnTrak |
| 54 |
in IPtables, to shove that additional data not |
| 55 |
provided by TACAS+, into your postgresql database. |
| 56 |
MySQL might be a better choice for you database |
| 57 |
depending on how big and what you (your staff) know. |
| 58 |
|
| 59 |
For billing purposes, use this software |
| 60 |
SQL-LEDGER for double entry accounting |
| 61 |
(it works great with postgresql!) |
| 62 |
It's been around for a long time and very |
| 63 |
mature open source. Not sure of the license |
| 64 |
any more, read up on that..... |
| 65 |
|
| 66 |
http://sql-ledger.com/ |
| 67 |
|
| 68 |
See you in a year.... |
| 69 |
TTFN(ta ta for now). |
| 70 |
James |
Archives