2

I am looking into finding a way to track public bandwidth usage on a per-instance or per elastic IP basis. Amazon does not seem to offer these metrics. You can get total in/out bandwidth through their reporting mechanisms, but this includes private network bandwidth, and is account wide. You can use cloudwatch to gather more in depth metrics, but they also lump public and private bandwidth together. We are looking into rolling our own, but your servers are built with one interface, and any elastic IPs are NAT’d to that interface. Since everything goes through one interface, it is all lumped together.

Does anyone have any suggestions? Have you ever encountered a similar issue? That is a linux server environment with one interface from which you had to determine public bandwidth usage.

Improve this question

1 Answer 1

Reset to default
2

One option would be to setup iptables to track information.

iptables -I INPUT -s 10.0.0.0/8 iptables -I INPUT ! -s 10.0.0.0/8 iptables -I OUTPUT -d 10.0.0.0/8 iptables -I OUTPUT ! -d 10.0.0.0/8

This will allow for you to see internet/local specifics. -s 10.0.0.0/8 will match all amazon local ips and ! -s 10.0.0.0/8 matches everything but amazon local ips (internet).

iptables --list --verbose Chain INPUT (policy ACCEPT 93 packets, 7602 bytes) pkts bytes target prot opt in out source destination 85 6930 all -- any any !ip-10-0-0-0.ec2.internal/8 anywhere 8 672 all -- any any ip-10-0-0-0.ec2.internal/8 anywhere Chain OUTPUT (policy ACCEPT 78 packets, 9307 bytes) pkts bytes target prot opt in out source destination 70 8635 all -- any any anywhere !ip-10-0-0-0.ec2.internal/8 8 672 all -- any any anywhere ip-10-0-0-0.ec2.internal/8

You will need to set up something to save iptables counters if you want to keep them beyond a reboot. The commands you need are:

iptables-save -c > filename iptables-restore -c < filename

Some AMIs will save automatically. You need to modify their init script to use -c or disable it and replace it with your own.

If you want to be able to read the data more easily set up a cron job to run the iptables-save command on a regular basis so you can just parse that file. You could also upload that file to S3 or use scp to transfer it to a central statistics box. iptables-save and iptables-restore must be run as root and -c is required to save stats for individual rules.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.