Hi,
When using "sysstat" from the command line, it's very easy to get an idea of the network throughput that is currently being handled by the filer, and with commands like "vif stat" it's easy to get an idea on the interfaces that are transmitting or receiving this traffic.
However, I am wondering if is it possible to get an idea on the client IP addresses that are generating most of the network traffic without having to resort to pktt every time, then copying over the capture file and analyzing it afterwards ?
Are there any counters availble from a command that show how much traffic a particular IP address has sent/received ? I tried various commands (eg. netstat has a few interesting options) but couldn't find anything that solved my problem.
At the moment, if I need to determine the hosts that are using most of the iSCSI or NFS bandwidth, I have to resort to pktt, and I am looking for a easier way to achieve what I want. Ideally, I'd like to get information on the protocols and ports involved too, but having IP addresses would already be very useful.
Best regards, Filip
If the traffic is nfs, and you have nfs.per_client_stats.enable, then nfsstats -l gives the number of nfs requests per host.
-George
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Filip Sneppe Sent: Wednesday, September 17, 2008 2:21 PM To: Toasters Subject: Identify traffic per IP address without using pktt
Hi,
When using "sysstat" from the command line, it's very easy to get an idea of the network throughput that is currently being handled by the filer, and with commands like "vif stat" it's easy to get an idea on the interfaces that are transmitting or receiving this traffic.
However, I am wondering if is it possible to get an idea on the client IP addresses that are generating most of the network traffic without having to resort to pktt every time, then copying over the capture file and analyzing it afterwards ?
Are there any counters availble from a command that show how much traffic a particular IP address has sent/received ? I tried various commands (eg. netstat has a few interesting options) but couldn't find anything that solved my problem.
At the moment, if I need to determine the hosts that are using most of the iSCSI or NFS bandwidth, I have to resort to pktt, and I am looking for a easier way to achieve what I want. Ideally, I'd like to get information on the protocols and ports involved too, but having IP addresses would already be very useful.
Best regards, Filip
Similar is 'cifs top' if you have cifs.per_client_stats.enable set to 'on'. However, it gives you top talkers based on username (you'd have to use 'cifs sessions' to get the machine name\IP) and only for the last 3 second rolling average (though there are other options).
Not really a way to get what you're looking for, to my knowledge...
Glenn
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of George T Chen Sent: Wednesday, September 17, 2008 5:49 PM To: Filip Sneppe; Toasters Subject: RE: Identify traffic per IP address without using pktt
If the traffic is nfs, and you have nfs.per_client_stats.enable, then nfsstats -l gives the number of nfs requests per host.
-George
-----Original Message----- From: owner-toasters@mathworks.com
[mailto:owner-toasters@mathworks.com]
On Behalf Of Filip Sneppe Sent: Wednesday, September 17, 2008 2:21 PM To: Toasters Subject: Identify traffic per IP address without using pktt
Hi,
When using "sysstat" from the command line, it's very easy to get an idea of the network throughput that is currently being handled by the filer, and with commands like "vif stat" it's easy to get an idea on the interfaces that are transmitting or receiving this traffic.
However, I am wondering if is it possible to get an idea on the client IP addresses that are generating most of the network traffic without having to resort to pktt every time, then copying over the capture file and analyzing it afterwards ?
Are there any counters availble from a command that show how much
traffic
a particular IP address has sent/received ? I tried various commands (eg. netstat has a few interesting options) but couldn't find anything that solved my
problem.
At the moment, if I need to determine the hosts that are using most of
the
iSCSI or NFS bandwidth, I have to resort to pktt, and I am looking for a
easier
way to achieve what I want. Ideally, I'd like to get information on the protocols and ports involved too, but having IP addresses would already be very useful.
Best regards, Filip
On Wed, Sep 17, 2008 at 11:21:21PM +0200, Filip Sneppe wrote:
At the moment, if I need to determine the hosts that are using most of the iSCSI or NFS bandwidth, I have to resort to pktt, and I am looking for a easier way to achieve what I want. Ideally, I'd like to get information on the protocols and ports involved too, but having IP addresses would already be very useful.
For all traffic, I don't really know a way. But since most of my filers are mainly NFS, I can get who's beating up NFS with 'nfsstat -l' for per-client statistics and that gives me a good idea. HTTP I can parse the http log and show addresses with the most transfers. CIFS hasn't been enough of an issue for me to attempt. I don't know how easy that is.
On Wed, Sep 17, 2008 at 5:21 PM, Filip Sneppe filip.sneppe@gmail.comwrote:
Hi,
When using "sysstat" from the command line, it's very easy to get an idea of the network throughput that is currently being handled by the filer, and with commands like "vif stat" it's easy to get an idea on the interfaces that are transmitting or receiving this traffic.
However, I am wondering if is it possible to get an idea on the client IP addresses that are generating most of the network traffic without having to resort to pktt every time, then copying over the capture file and analyzing it afterwards ?
Are there any counters availble from a command that show how much traffic a particular IP address has sent/received ? I tried various commands (eg. netstat has a few interesting options) but couldn't find anything that solved my problem.
At the moment, if I need to determine the hosts that are using most of the iSCSI or NFS bandwidth, I have to resort to pktt, and I am looking for a easier way to achieve what I want. Ideally, I'd like to get information on the protocols and ports involved too, but having IP addresses would already be very useful.
Best regards, Filip
I'm not sure about getting IP Addresses and ports but I know how to get volume/lun based information, which you could relate back to the host's ip address that are using the volumes. I've written a tool called 'topvol' that uses the filers 'stats' command line utility to gather and display filer volumes based statistics. topvol gathers and displays volume operations and latency but the stats command on the filers can also display much more. Take a look at the stats command, it's a little odd but I've found it very useful in data trending. For example here are the objects that stats can monitor.
na2> stats list objects Objects: dump logical_replication_source logical_replication_destination vfiler qtree aggregate iscsi fcp cifs volume lun target nfsv3 ifnet processor disk system
and here are the counters for the volume object:
na2> stats list counters volume Counters for object name: volume avg_latency total_ops read_data read_latency read_ops write_data write_latency write_ops other_latency other_ops
If you are interested in taking a look at topvol which monitors volume activity (which includes volumes with luns) in a unix top like way you can download it here:
http://communities.netapp.com/docs/DOC-1262
-
A Darren Dunham -
Filip Sneppe -
George T Chen -
Glenn Walker -
Romeo Theriault