网卡流量
<h1>报警描述</h1>
<p>业务[XX业务],虚拟机[X.X.X.X]网口|本地连接端口状态报警,端口状态为当前状态:开放,上行宽带比:96.26%,下行宽带比:0.53%,带宽比:96.26%,下行:668.24,上行:120330.33,丢包:0.00,错误包:0.00,速率:千兆</p>
<h1>说明</h1>
<p>带宽比报警,是指实际流量与速率之比超过了报警阈值。在本例中,实际流量为120330.33(KB),按照如下方式换算为“位”(因为速率的单位是“位”):
流量(位/秒) = 实际流量(千字节/秒) <em> 8 / 1000 = 120330.33 </em> 8 / 1000 = 962.64264(位/秒)
则带宽比计算公式为:
带宽比 = 流量(位/秒) / 速率(位/秒) = 962.64264 / 1000 = 0.96264264 = 96.264264%
由于超过了95%的默认报警阈值,所以产生了报警</p>
<h1>监控对象</h1>
<p>Windows、Linux操作系统、Unix操作系统</p>
<h1>监控方式</h1>
<h2>Windows</h2>
<p>获取网卡流量:</p>
<pre><code>sysmonitor.exe -counter io</code></pre>
<p>原理/机制:
对于Windows Vista 及后续Windows版本(包括服务器版)通过调用 iphlpapi.dll 的 GetIfEntry2 函数实现。</p>
<pre><code>IPHLPAPI_DLL_LINKAGE _NETIOAPI_SUCCESS_ NETIOAPI_API GetIfEntry2(
PMIB_IF_ROW2 Row
);</code></pre>
<p>对于WinXP及相关服务器版本(如Windows server 2003),通过调用 iphlpapi.dll 的 GetIfEntry 函数实现。</p>
<pre><code>IPHLPAPI_DLL_LINKAGE DWORD GetIfEntry(
[in, out] PMIB_IFROW pIfRow
);</code></pre>
<p>获取网卡速率(在获取网卡信息失败时采用)</p>
<pre><code>wmic nic get Caption,NetConnectionID,Speed,MACAddress /value</code></pre>
<p>输出示例:</p>
<pre><code>
Caption=[00000002] Intel(R) Wireless-AC 9560
MACAddress=3C:F0:11:20:E2:2A
NetConnectionID=WLAN
Speed=72200000
Caption=[00000006] Realtek PCIe GBE Family Controller
MACAddress=00:23:81:2D:1F:3C
NetConnectionID=以太网 2
Speed=9223372036854775807
</code></pre>
<h2>Linux</h2>
<p>获取网卡流量:</p>
<pre><code>./sysmonitor.bin -counter io</code></pre>
<p>原理:
通过读取 /proc/net/dev 文件实现</p>
<p>示例</p>
<pre><code>Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 7975840 137912 0 0 0 0 0 0 7975840 137912 0 0 0 0 0 0
eth0: 183501724 696961 0 0 0 0 0 0 74131733 553959 0 0 0 0 0 0</code></pre>
<p>获取网卡速率</p>
<pre><code>ls /sys/class/net/|xargs -I {} sh -c 'echo adapter-{} && cat /sys/class/net/{}/speed && cat /sys/class/net/{}/address'</code></pre>
<p>输出示例</p>
<pre><code>adapter-ens33
1000
00:0c:29:7d:2a:9e
adapter-lo
cat: /sys/class/net/lo/speed: Invalid argument</code></pre>
<p>注意:最后面的报错,是lo速率不可读导致</p>
<h2>Unix</h2>
<p>AIX获取网卡流量:</p>
<pre><code>netstat -i</code></pre>
<p>输出示例:</p>
<pre><code>Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
en5 1500 link#2 XXXXXXXXXXXXXXXXXXX 2898152854 0 3969771181 3 0
en5 1500 1.1.1 XXXXXXXXXXXXXXXXXXX 2898152854 0 3969771181 3 0
en5 1500 169.254 XXXXXXXXXXXXXXXXXXX 2898152854 0 3969771181 3 0
en7 1500 link#3 XXXXXXXXXXXXXXXXXXX 2898596999 0 3970608074 3 0
en7 1500 1.1.2 XXXXXXXXXXXXXXXXXXX 2898596999 0 3970608074 3 0
en7 1500 169.254.128 XXXXXXXXXXXXXXXXXXX 2898596999 0 3970608074 3 0
en8 1500 link#4 XXXXXXXXXXXXXXXXXXX 2348673378 0 439416476 6 0
en8 1500 172.16 XXXXXXXXXXXXXXXXXXX 2348673378 0 439416476 6 0
en8 1500 172.16 XXXXXXXXXXXXXXXXXXX 2348673378 0 439416476 6 0
en8 1500 172.16 XXXXXXXXXXXXXXXXXXX 2348673378 0 439416476 6 0
lo0 16896 link#1 XXXXXXXXXXXXXXXXXXX 2308746241 0 2308539324 0 0
lo0 16896 127 XXXXXXXXXXXXXXXXXXX 2308746241 0 2308539324 0 0
lo0 16896 loopback XXXXXXXXXXXXXXXXXXX 2308746241 0 2308539324 0 0</code></pre>
<p>AIX目前尚未知道如何获取网卡速率,默认写死为万兆</p>
<h1>规则</h1>
<p>默认规则为:</p>
<pre><code>[0<=使用率<90] 正常
[90<=使用率<95] 提醒
[95<=] 报警</code></pre>
<p>可通过报警策略进行配置。</p>