Introduction

The goal of this design is to provide eBox with a tool to easily show the current status of the network traffic flowing through eBox.

The use case more common will be something like: Alice is the administrator of a local network which is using eBox as a gateway. Bob is one of the users who is in this LAN behind eBox. Bob is surfing the Internet but it works insanely slow. Bob complains Alice.

Alice fires up her firefox and logs into eBox to check what is going on with the Internet traffic. She takes a look at the per-protocol graph and observes there is a massive use of the SSH protocol. She decides to switch to per-source graph finding out which machine is responsible for this. She adds a traffic shaping rule and every thing goes back to normality again. Bob thanks Alice for a great job.

Requirements

  • Launch monitoring on demand and in real time
  • We should be able to specify the network interface. Note that if we capture traffic only on the external interface we will not able to determine the source due to the NAT actions.
  • Graph should be refreshed every few seconds (1-4)
  • There should be a view that shows the traffic break-down by flow. For example: http, ssh, udp-5678, tcp-46700. Each flow would be the sum of the average traffic of all the individual flow per machine.
  • There should be a view that shows the traffic break-down by source. For example: 192.168.45.3, 192.168.45.5. Each source would be the sum of the average traffic of all the individual flows by source.
  • There should be a view that shows the traffic break-down by the pair source-flow. For example: 192.168.45.3:http, 192.168.45.5:udp-5768.
  • The backend should ease the task of extend it to use destinations.
  • There should be a view that shows the FIXME
  • We should provide a way to filter results (we will probably put off this)

Notes

  • Our first version will be focused on diagnosis not stats neither historic storage.
  • Jnnetop can output its reporting in a very convenient way to be easily parsed by our Perl scripts.
  • We should sample data every 2-3 seconds
  • Initially we will work with a short time span on the graph view: 1-5 minutes.
  • One of the challenges is we can have too many flows and the legend under the graph could grow hugely. To avoid that we should only present those flows which exist during the time frame used on the view. For example: let's say our time frame is 5 seconds and we have a ssh flow during t=3 and t=5 and we don't see it again until t=15. We should see the legend for that flow until t=10, after that it should disappear until t=15, when it would show up again.