[sdnog] Cacti software with IPv6

Nishal Goburdhan nishal at controlfreak.co.za
Mon Jun 29 11:07:08 SAST 2015 

On 11 Jun 2015, at 10:29, Daniel Shaw wrote:

> Hi Sara!
>
> Well this depends more on the routers/switches you are monitoring than
> on Cacti actually.
>
> The short answer is, probably, in most cases, no: Cacti would not
> easily separate out ipv4 from ipv6. But in some cases, yes. :-)
>
> To expand: As you know Cacti monitors and graphs based on SNMP. This
> means that if whatever you are monitoring can provide counters in SNMP
> that are separate for IPv4 and IPv6, then Cacti can work with that
> separately too.
> But, if the device only provides Cacti with total traffic through an
> interface that does not separate out IP versions, then Cacti cannot
> either. Cacti doesn't have any "view" of the actual packets. It just
> provides a way to generate graphs and stats from SNMP counter data.
>
> So. What are the cases where Cacti could do this:
> 1. Apparently certain Cisco routers with certain IOS version do
> provide SNMP counters that are per IP version. [1]


remember that the “counters” that you are looking for here, are 
actually just for the ethertype.
IPv4 = 0x0800
IPv6 = 0x86DD
…and you can look to see if your interface supports counters for each 
of these ethertypes as well.


> 2. If your IPv6 and IPv4 traffic are on different interfaces, then
> it's easy of course. For example, if you use a tunnel to get IPv6,
> then that's IPv6 only. And for IPv4 you subtract the v6 from the total
> traffic on the v4 only interface. You mention specifically the same
> interface though, so this probably doesn't help you.
> 3. Possibly some non-Cisco devices maybe also offer separation in
> SNMP. I don't know for certain, you'd need to research.
>
> Lastly, what are your other options? I can think of two alternatives:
> 1. Use NetFLOW rather than SNMP. You can google examples of
> configuring netflow exports from routers. And then look at the Nfsen
> and Nfdump software to process and graph the netflow data [2]

be aware that you’ll need to use netflow v9 to get IPv6 information.
so, if you are exporting netflow and seeing unknown protocol, check your 
configuration.



> 2. Use something completely different that understands layer3 and
> above. There are various Linux/Unix applications for various kinds of
> traffic monitoring. Online searching will turn up a bunch. But, how do
> you get the traffic from a router measured on a Unix server or VM?
> Well what you do is configure what's called a span port or a mirror
> port on a core switch where all your traffic would pass through.
> Again, just search around for more info on span/mirror ports and how
> to set them up on different vendor's switches. You connect this
> special port to a 2nd interface on your monitoring server/VM and then
> you can use just about any packet inspection app to monitor just about
> anything in terms of traffic.

imho, spans don’t scale well…

—n.

More information about the sdnog mailing list