INTRODUCTION
ABW is application for passive monitoring of bandwidth usage and distribution among protocols. It is written on top of DiMAPI (Distributed Monitoring Application Interface). Primary advantages of monitoring bandwidth by ABW when compared to using SNMP to read router interface byte counters are the following:
- We can distinquish bandwidth used by different protocols at different layers (L2, L3, L4 or application protocols)
- We can monitor bandwidth usage in short intervals (e.g., 1 second) and thus detect short peaks
Detecting application protocols requires a combination of header filtering and payload searching. Support to show the most active sources and destinations and to show packet size distribution is planned to be added in the future release.
ABW can be used in two modes, arrows in the following pictures show data flow.
- With DiMAPI and a central machine gathering results from remote monitoring stations:
WEB SERVER CENTRAL STATION REMOTE MONITORING
STATION(-S)
ABW application <------ mapid +
| DiMAPI mapicommd
v
RRD files
|
v
PHP scripts <----- shell scripts
ssh
2) With MAPI and a web server communicating directly with remote
monitoring stations (without central monitoring station):
WEB SERVER REMOTE MONITORING
STATION(-S)
ABW application <------ mapid
| MAPI
v
RRD files
|
v
PHP scripts <----- shell scripts
ssh
ABW can also use a combination of these two modes, that is the web server communicates with some remote monitoring stations directly and obtains results from other monitoring stations through the central station. You simply point the PHP scripts to the right station for each monitored link (to the central station or to some remote monitoring station). Using the central station makes configuration of PHP scripts a little bit simpler, but contacting the remote monitoring stations directly currently provides faster response.
Each remote monitoring station has one or more monitoring cards (regular NICs, DAG cards or COMBO cards), which receive traffic tapped from the monitored links (using optical splitters or monitoring ports on routers).
The two directions of one monitored link can be monitored by a) two ports on a multi-port monitoring card, b) two single-port monitoring cards in one remote monitoring station, c) two single-port monitoring cards in two remote monitoring stations. ABW splits or gathers results correctly and displays them in one graph (inbound traffic in upper part of graph and outbound traffic in lower part of graph).
INSTALLATION
I. Prerequisitives
The following standard packages are needed:
libtool (needed by autoconf)
readline-dev
rrdtool >= 1.2.15
libart-2.0 (needed by rrdtool)
libart-2.0-dev (needed by rrdtool)
libpcap
Install these packages using package management in your distribution of Linux (e.g., dselect in Debian or yast in SuSe) or from sources.
Note 1: Graphs are not produced correctly with rrdtool 1.2.11, which
includes bug in time resolution processing.
Note 2: If you want to monitor MPLS links and do packet classification
on L3 or L4 headers, which are after MPLS headers, you need the
latest libpcap from CVS, because support for IP filtering of
MPLS packets is not yet in libpcap available in packages or as
a tarball. See http://www.tcpdump.org how to checkout libpcap
sources from CVS and compile them.
II. Checkout MAPI and ABW application from SVN:
Do this on remote monitoring stations, on a central station (if you use the central station) and on the web server (which only needs content of htdocs directory from ABW application, you can delete the rest).
svn co --username public --password public \ https://svn.testnett.uninett.no/mapi/trunk
III. Compile and install MAPI
Do this on remote monitoring stations and on a central station (if you use the central station).
These instructions are also included in README file in MAPI sources.
- cd trunk
- ./bootstrap.sh
- ./configure --prefix=/usr/local/mapi --enable-trackflib \
[ --enable-dimapi ] \ [ --with-libpcap=/usr/local/src/libpcap ] \ [ --enable-dag --with-libdag=/usr/local/dag ] [ --enable-anonlib --enable-ipfixflib --enable-extraflib ] \
If you want to gather results from remote monitoring stations on a central station, use --enable-dimapi.
If you use some specific libpcap, such as the latest sources from CVS
in order to monitor MPLS links, use --with-libpcap.
If you want to read packets from DAG card, you need DAG software
installed and use --enable-dag and --with-libdag.
Features enabled by --enable-anonlib, --enable-ipfixlib and
--enable-extraflib are currently not used by abw application,
but you can include them in your installation of MAPI for future use.
4) make
5) make install
6) vi /usr/local/mapi/etc/mapi.conf
add monitoring interfaces, such as eth1, /dev/dag0, etc.
7) vi /etc/ld.so.conf
add /usr/local/mapi/lib and /usr/local/mapi/share/mapi
8) ldconfig
IV. Install scripts on the web server
Do this on the web server.
- Tell the PHP scripts where to get measurement results
vi htdocs/index.php
Edit part between "BEGINNING OF USER CONFIGURATION SECTION" and
"END OF USER CONFIGURATION SECTION".
2) Copy contents of htdocs directory in the distribution of abw application
to some directory on a web server dedicated for user interface of abw
application. For example:
cp htdocs/* /var/www/perfmon/abw
3) Generate SSH key for the user under which the web server is running
and set access rights to it. For example, when the web server runs under
www-data user and its home directory configured in /etc/passwd is
/usr/local/perfmon (it is a good idea to make it outside of directory
tree accessible by the web server, so that the web server cannot be
misused to read or write the key):
ssh-keygen -t dsa store the key in /usr/local/perfmon/.ssh/id_dsa
touch /usr/local/perfmon/.ssh/known_hosts
chown root.www-data /usr/local/perfmon
chown root.www-data /usr/local/perfmon/.ssh
chown www-data.www-data /usr/local/perfmon/.ssh/*
chmod 750 /usr/local/perfmon
chmod 750 /usr/local/perfmon/.ssh
chmod 600 /usr/local/perfmon/.ssh/id_dsa
chmod 640 /usr/local/perfmon/.ssh/id_dsa.pub
chmod 644 /usr/local/perfmon/.ssh/known_hosts
V. Compile and install ABW application
Do this on remote monitoring stations and on a central station (if you use the central station).
- cd trunk/applications/abw
- make
- vi abw.cfg abw_const.cfg
specify what monitoring should be done
4) vi /etc/passwd /etc/shadow /etc/group
create username "abw" with unmatchable password (e.g., * or ! in password
field in /etc/shadow) and group "abw", this should be done on each
monitoring station so that the central station can use "abw" account
to retrieve results
5) scp root@web-server-hostname:/usr/local/perfmon/.ssh/id_dsa.pub authorized_keys
copy public SSH key of a user on the web server under which the web
server is running (usually user www-data) and which will be used
to connect to "abw" user on monitoring machines to retrieve results
6) vi abw.cfg
ABW uses this is configuration file to learn about monitoring adapters
and what protocols to monitor.
If you contact some remote monitoring station directly, you must
edit abw.cfg on this remote monitoring station. Otherwise you must
edit abw.cfg on the central monitoring station. The syntax is exactly
the same in both cases.
7) make install
8) rm authorized_keys
the key was copied to $HOME/.ssh of "abw" user and can be removed here
9) crontab -e
periodically call abw_mapi.sh to check if ABW and MAPI are running and
possibly restart them, for example:
0,15,30,45 * * * * /usr/local/bin/abw_mapi.sh 2>&1 > /dev/null