IP accounting

Document revision:2.1 (Fri Dec 17 18:28:01 GMT 2004)
Applies to: V2.9

General Information

Summary

Authentication, Authorization and Accounting feature provides a possibility of local and/or remote (on RADIUS server) Point-to-Point and HotSpot user management and traffic accounting (all IP traffic passing the router is accounted; local traffic acocunting is an option).

Specifications

Packages required: system
License required: Level1
Submenu level: /user, /ppp, /ip accounting, /radius
Standards and Technologies: RADIUS
Hardware usage: Traffic accounting requires additional memory

Related Documents

Local IP Traffic Accounting

Submenu level: /ip accounting

Description

As each packet passes through the router, the packet source and destination addresses are matched against an IP pair in the accounting table and the traffic for that pair is increased. The traffic of PPP, PPTP, PPPoE, ISDN and HotSpot clients can be accounted on per-user basis too. Both the number of packets and the number of bytes are accounted.

If no matching IP or user pair exists, a new entry will be added to the table

Only the packets that enter and leave the router are accounted. Packets that are dropped in the router are not counted. Packets that are NATted on the router will be accounted for with the actual IP addresses on each side. Packets that are going through bridged interfaces (i.e. inside the bridge interface) are also accounted correctly.

Traffic, generated by the router itself, and sent to it, may as well be accounted.

Property Description

enabled (yes | no; default: no) - whether local IP traffic accounting is enabled

account-local-traffic (yes | no; default: no) - whether to account the traffic to/from the router itself

threshold (integer; default: 256) - maximum number of IP pairs in the accounting table (maximal value is 8192)

Notes

For bidirectional connections two entries will be created.

Each IP pair uses approximately 100 bytes

When the threshold limit is reached, no new IP pairs will be added to the accounting table. Each packet that is not accounted in the accounting table will then be added to the uncounted counter!

Example

Enable IP accounting:

[admin@MikroTik] ip accounting> set enabled=yes
[admin@MikroTik] ip accounting> print
                enabled: yes
  account-local-traffic: no
              threshold: 256
[admin@MikroTik] ip accounting>

Example

See the uncounted packets:

[admin@MikroTik] ip accounting uncounted> print
    packets: 0
      bytes: 0
[admin@MikroTik] ip accounting uncounted>

Local IP Traffic Accounting Table

Submenu level: /ip accounting snapshot

Description

When a snapshot is made for data collection, the accounting table is cleared and new IP pairs and traffic data are added. The more frequently traffic data is collected, the less likelihood that the IP pairs thereshold limit will be reached.

Property Description

bytes (read-only: integer) - total number of bytes, matched by this entry

dst-address (read-only: IP address) - destination IP address

dst-user (read-only: text) - recipient's name (if aplicable)

packets (read-only: integer) - total number of packets, matched by this entry

src-address (read-only: IP address) - source IP address

src-user (read-only: text) - sender's name (if aplicable)

Notes

Usernames are shown only if the users are connected to the router via a PPP tunnel or are authenticated by HotSpot.

Before the first snapshot is taken, the table is empty.

Example

To take a new snapshot:

[admin@MikroTik] ip accounting snapshot> take
[admin@MikroTik] ip accounting snapshot> print
 # SRC-ADDRESS     DST-ADDRESS     PACKETS    BYTES      SRC-USER    DST-USER
 0 192.168.0.2     159.148.172.197 474        19130
 1 192.168.0.2     10.0.0.4        3          120
 2 192.168.0.2     192.150.20.254  32         3142
 3 192.150.20.254  192.168.0.2     26         2857
 4 10.0.0.4        192.168.0.2     2          117
 5 159.148.147.196 192.168.0.2     2          136
 6 192.168.0.2     159.148.147.196 1          40
 7 159.148.172.197 192.168.0.2     835        1192962
[admin@MikroTik] ip accounting snapshot>

Web Access to the Local IP Traffic Accounting Table

Submenu level: /ip accounting web-access

Description

The web page report make it possible to use the standard Unix/Linux tool wget to collect the traffic data and save it to a file or to use MikroTik shareware Traffic Counter to display the table. If the web report is enabled and the web page is viewed, the snapshot will be made when connection is initiated to the web page. The snapshot will be displayed on the web page. TCP protocol, used by http connections with the wget tool guarantees that none of the traffic data will be lost. The snapshot image will be made when the connection from wget is initiated. Web browsers or wget should connect to URL: http://routerIP/accounting/ip.cgi

Property Description

accessible-via-web (yes | no; default: no) - wheather the snapshot is available via web

address (IP address/netmask; default: 0.0.0.0) - IP address range that is allowed to access the snapshot

Example

To enable web access from 10.0.0.1 server only:

[admin@MikroTik] ip accounting web-access> set accessible-via-web=yes \
\... address=10.0.0.1/32
[admin@MikroTik] ip accounting web-access> print
    accessible-via-web: yes
               address: 10.0.0.1/32
[admin@MikroTik] ip accounting web-access>