Monitoring WAN links is different from monitoring LANs, as also the tools for them are different. What do you do to monitor all WAN links that connect your various branch offices? Or about monitoring the link that connects to the Internet? That's also a WAN link, and possibly the most misused one. Here, we'll see how you can monitor traffic flowing through your WAN links, to figure out whether the bandwidth is being properly utilized or not. After all, the biggest challenge on WAN links is to ensure that your business-critical applications get the desired bandwidth.
Difference between LAN and WAN monitoring
The most significant difference between monitoring a LAN and WAN is the size and number of subnets. A LAN might be on a CLASS C network having a maximum of 254 nodes, which makes it easier for a software to sniff the data and create a report out of it. That's why most monitoring software used on LANs works in promiscuous mode and are fundamentally sniffers. Even if you have more than 254 nodes, you can run the sniffers on the different network segments.
But in WANs, you have more than one subnet and as a result these subnets are connected through routers. Sniffers are unable to propagate over routers so are ineffective in this cases.
For that, you have another technology called the RRDTool (Round Robin DNS).
If you have heard about MRTG (Multi Traffic Router Grapher) then you will understand RRDTool better, because it's just a re-implementation of MRTGs graphing and logging features. It's much faster and can handle more data traffic. RRD is a technology, which stores and displays the time-series data such as network bandwidth, machine temperature and server-load average.
It stores the data so compactly that it won't expand over time, and it is also able to present graphs by processing the data
to enforce a certain data density. It can be used via either simple wrapper scripts (from shell or Perl) or via front-end that poll network devices, and put a friendly user interface on it. So we will implement such a frontend of RRDTool known as Cacti.
Cacti Cacti is a frontend for the RRDTool, which uses MySQL, as a backend and PHP to fetch the data over a Web-interface running over apache. While being able to maintain Graphs, Data Sources and Round Robin Archives in a database, cacti also handles the data gathering. There is also SNMP support to be used to create traffic graphs
The installation is not very complex but a prior knowledge of Linux, Apache and MySQL is needed while planning to deploy it over a live network.
To install cacti, you have to download the source tarball of cacti from http://www.cacti.net /downloads/cacti-0.8.6.tar.gz link. Then you will need a Linux machine, which has MySQL, Apache, RRDTool and PHP installed into it. A full installation of PCQLinux 2004 will rock for this purpose. Now run the following commands to unzip and untar the tarball and then copy it to '/var/www/html'.
#tar -zxvf cacti-0.8.6.tar.gz
#cp -rf cacti-0.8.6 /var/www/html/cacti
Now create a database in MySQL called cacti. For this run the command.
#mysqladmin -user=root create cacti
Now Import the default cacti database, which is distributed with the tarball, to the database you have created just now. To do so run.
#mysql cacti < /var/www/html/cacti.sql
Now create a user for the cacti database. This step is needed only if you want to manually administrate the database. You can do this by running the following.
#mysql -user=root mysql
mysql>GRANT ALL ON cacti.* TO cactiuser@loclhost;
mysql> flush privileges;
Create and assign password for this user for your Linux machine like this.
After this you have to modify the include/config.php file and provide the proper username, password and database name so that cacti can connect with the database. For this open the /var/www/html/cacti/include/config.php file in any editor and modify the following lines.
$database_default = "cacti";
$database_hostname = "loclhost";
$database_username = "cactiuser";
$database_password = "your password";
Now give full rights to the cacti folder by running the command.
#chomd 777 -R /var/www/html/cacti
Finally add a cron job, which will pool the data repeatedly for cacti. You can do it by adding the following line in the /etc/crontab file.
*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2 > &1
Now, one by one, restart httpd, mysql like this.
#service httpd restart
#service mysqld restart
Your cacti is now installed and ready for use.
You can now access the cacti frontend from any Web browser by going to http://localhost/cacti. You can even access it from any remote machine by just replacing the localhost with the external IP address of the machine.
When you go to this link for the first time, it will automatically start up a wizard, which will ask whether you want to do a fresh install or upgrade. Finally, it will show you all your database settings and will start the main interface.
At the beginning the main interface will only show the local cacti machine. Now you have to add or search for other devices you want to monitor.
If you are planning to use cacti in a small network, maybe in you LAN, then you can opt for an auto scan, else if you are using it over a WAN then just add the devices manually. To add the device manually you have to click on the Add link, which appears at the top right corner of the Web page.
Now provide the description and IP address or the FQDN of the device in the appropriate fields. Here you will notice one more drop down menu called 'Host Template', select the type of the device such as Local Linux machine, SNMP device, Windows 2000/XP client and router. Now click on the Create button and you are done.
It is the work of cacti to monitor these added devices and report about their behavior such as network traffic and utilization,
temperature and disk space.
All this data is presented through graphs and reports. You can monitor these graphs by
clicking on the Graph tab, at the
top left corner of the Web page.
RRDTool's biggest benefit is that it can monitor nodes across routers, which your ordinary sniffers can't do. So, if you have your offices connected over WAN links, then you can run this tool from one place and monitor the performance of all your WAN routers. It can even show the usage by specific IP addresses, and you can set alarms if a node's traffic usage goes beyond a threshold limit.
RRDTool can monitor the load average, CPU usage, mount volume, logged-in users, RAM usage and temperature. Here, CPU usage, temperature and RAM usage are possibly only if the node/router supports SNMPv2.