Manual:IP/Accounting

From CableFree RadioOS
Jump to navigation Jump to search
Version.png

Applies to RadioOS: 2.9, v3, v4, v5+


Summary

Authentication, Authorization and Accounting feature provides a possibility of local and/or remote (on RADIUS server) Point-to-Point and HotSpot user management and traffic accounting (all IP traffic passing the router is accounted; local traffic acocunting is an option).

Specifications

Packages required: system License required: Level1 Submenu level: /ip accounting Hardware usage: Traffic accounting requires additional memory

Local IP Traffic Accounting

Sub-menu: /ip accounting


As each packet passes through the router, the packet source and destination addresses are matched against an IP pair list in the accounting table and the traffic for that pair is increased. The traffic of PPP, PPTP, PPPoE, ISDN and HotSpot clients can be accounted on per-user basis too. Both the number of packets and the number of bytes are accounted.

If no matching IP or user pair exists, a new entry will be added to the table.

Only the packets that enter and leave the router are accounted. Packets that are dropped in the router are not counted. Packets that are NATted on the router will be accounted for with the actual IP addresses on each side. Packets that are going through bridged interfaces (i.e. inside the bridge interface) are also counted correctly.

Traffic, generated by the router itself, and sent to it, may as well be accounted.

Properties

Property Description
account-local-traffic (yes |no; Default: no) whether to account the traffic to/from the router itself
enabled (yes |no; Default: no) whether local IP traffic accounting is enabled
threshold (integer; Default: 256) maximum number of IP pairs in the accounting table (maximal value is 8192)

Notes

For bidirectional connections two entries will be created.

Each IP pair uses approximately 100 bytes

When the threshold limit is reached, no new IP pairs will be added to the accounting table. Each packet that is not accounted in the accounting table will then be added to the uncounted counter!

Local IP Traffic Accounting Table

Sub-menu: /ip accounting snapshot


When a snapshot is made for data collection, the accounting table is cleared and new IP pairs and traffic data are added. The more frequently traffic data is collected, the less likelihood that the IP pairs thereshold limit will be reached.

Properties

All properties are read-only.

Property Description
bytes (integer) total number of bytes, matched by this entry
dst-address (IP address) destination IP address
dst-user (text) recipient's name (if applicable)
packets (integer) total number of packets, matched by this entry
src-address (IP address) source IP address
src-user (text; Default: ) sender's name (if aplicable)

Notes

Usernames are shown only if the users are connected to the router via a PPP tunnel or are authenticated by HotSpot.

You should "take" snapshot in order to review the current state of the table by issueing the take command. Before the first snapshot has been taken, the table is empty.


Web Access to the Local IP Traffic Accounting Table

Sub-menu: /ip accounting web-access


The web page report make it possible to use the standard Unix/Linux tool wget to collect the traffic data and save it to a file or to use CableFree shareware Traffic Counter to display the table. If the web report is enabled and the web page is viewed, the snapshot will be made when connection is initiated to the web page. The snapshot will be displayed on the web page. TCP protocol, used by http connections with the wget tool guarantees that none of the traffic data will be lost. The snapshot image will be made when the connection from wget is initiated. Web browsers or wget should connect to URL: http://routerIP/accounting/ip.cgi

Properties

Property Description
accessible-via-web (yes | no; Default: no) whether the snapshot is available via web
address (IP address/netmask; Default: 0.0.0.0/0) IP address range that is allowed to access the snapshot

Uncounted Connections

Sub-menu: /ip accounting uncounted


In case no more IP pairs can be added to the accounting table (the accounting threshold has been reached), all traffic that does not belong to any of the known IP pairs is summed together and totals are shown in this menu

Properties

All properties are read-only.

Property Description
bytes (integer) byte count
packets (integer) packet count

Examples

To take a new snapshot:

[admin@CableFree] ip accounting snapshot> take
[admin@CableFree] ip accounting snapshot> print
 # SRC-ADDRESS     DST-ADDRESS     PACKETS    BYTES      SRC-USER    DST-USER
 0 192.168.0.2     159.148.172.197 474        19130
 1 192.168.0.2     10.0.0.4        3          120
 2 192.168.0.2     192.150.20.254  32         3142
 3 192.150.20.254  192.168.0.2     26         2857
 4 10.0.0.4        192.168.0.2     2          117
 5 159.148.147.196 192.168.0.2     2          136
 6 192.168.0.2     159.148.147.196 1          40
 7 159.148.172.197 192.168.0.2     835        1192962
[admin@CableFree] ip accounting snapshot>

Enable IP accounting::

[admin@CableFree] ip accounting> set enabled=yes
[admin@CableFree] ip accounting> print
                enabled: yes
  account-local-traffic: no
              threshold: 256
[admin@CableFree] ip accounting>

To enable web access from 10.0.0.1 server only:

[admin@CableFree] ip accounting web-access> set accessible-via-web=yes \
\... address=10.0.0.1/32
[admin@CableFree] ip accounting web-access> print
    accessible-via-web: yes
               address: 10.0.0.1/32
[admin@CableFree] ip accounting web-access>

See the uncounted packets:

[admin@CableFree] ip accounting uncounted> print
    packets: 0
      bytes: 0
[admin@CableFree] ip accounting uncounted>