2,253
edits
Changes
m
Robot: Automated text replacement (-VE +container)
Suppose you need to know how much traffic your [[VEcontainer]]s eat. It can be easily done
using iptables.
== Situation description ==
Let's consider the very simple situation: one VE container with one IP address on the [[Hardware Node]]with only one network interface. To be more exact, assume that [[VEcontainer]] ID is <tt>200</tt>, the IP address of the [[HN]]is <tt>192.168.0.56</tt>, the network interface name is <tt>eth0</tt>, and the IP address of the [[VEcontainer]] is <tt>192.168.0.117</tt>.
You wish to know how many bytes VE container 200 eats. One more assumption is that there are no iptables rules
on HN now. All these assumption are only for clarity!
== Solution ==
Almost any traffic that goes to and from a VE container can be catched by FORWARD chain of iptables module in [[VE0container0]],
thus we add such rules:
<pre>
</pre>
It means that all traffic forwarded to IP 192.168.0.117 and from IP 192.168.0.117 will be accounted.
To obtain current traffic usage of VE container you can issue the command:
<pre>
# iptables -nv -L FORWARD
15 1052 all -- * * 0.0.0.0/0 192.168.0.117
</pre>
'''Bytes''' column is the column we need. It's worth saying, that restarting a VE container doesn't affect accounting,
it remains right. But if you restart your [[hardware node]], all the rules and consequently statistics are dropped.
So it is recommended to
You will get the exact value of the packet and byte counters, instead of only the rounded number in K’s (multiples of 1000) M’s (multiples of 1000K) or G’s (multiples of 1000M).
As is easy to see, it's not per-VE container statistic, but rather per-IP statistic. Thus you must be carefulthen changing VE container IP addresses, otherwise you'll get mess of results.
By saying ''almost any traffic'' I mean that traffic between a [[VEcontainer]] and [[VE0container0]] is not accounted by rules above.
Not sure if it can be useful for anybody, but to account such traffic these rules are needed:
<pre>
more complicated situations.
; More than one VE container on the node: Just add the rules like above for each VE container IP.
; More than one IP per VEcontainer.: For each IP add the rules like above. When counting the complete traffic of a VE container you have to summarize over all IPs that this VE container owns.
; More interfaces on the HN.
