IPv4 vs. IPv6 Traffic Statistics on Routers

I am very interested in statistics about the usage of IPv6 on Internet routers and firewalls. The problem is, that most routers/firewalls do not have unique SNMP OIDs for IPv4 and IPv6 traffic, but only the normal incoming/outgoing packet counters per interface. Therefore I am using two independent ethernet ports and cables between my outer router and my first firewall, one for IPv4-only and the other one for IPv6-only traffic. Now I have independent statistics for each protocol and can combine them in one summary graph. (Though I know that this will never be a “best practice” solution…)

Idea – Architecture

The main idea is to use two interfaces, e.g., on the Internet-facing firewall. Thereby, two independent SNMP counters are available, one for IPv4-only and the other one for IPv6-only. The architecture might look like this:

IPv4-IPv6 Traffic Statistics

This won’t work for every single subnet on a network, but should fit for the ISP connection to have an overall view of IPv6 vs. IPv4 traffic.

Sample Graph

This is how my combined graph looks like. It is the weekly view zoomed in. (Since this is only my laboratory, the statistics are not that nice. But they show the principle.) Blue is the IPv4 traffic, green IPv6, and red are the total values:

fd-wv-fw01.cfg-_172.16.1.1_IPv4IPv6-w-l2-r1

MRTG/Routers2 Config

In my MRTG/Routers configuration, there are two interfaces. Quite normal. The only interesting part are the routers.cgi*Graph[]: directives on both interfaces, as well as the three configuration lines for that user-defined graph below.

 

Cisco Router has Counters

At least it should be noted that some Cisco routers have independent IPv4/IPv6 counters. However, they are not accessible via SNMP. The CLI command is:

For example, on my single outside interface on a Cisco router 1803 with IOS version 12.4(24)T8, this looks like:

 

4 thoughts on “IPv4 vs. IPv6 Traffic Statistics on Routers

  1. There is a common MIB for IPv4 & IPv6 counters which is of course cleaner than your smart trick.

    See below for a Cisco router:
    $ snmpwalk -c secret -v 1 udp6:[2001:db8::1] –Cw 70 -m IP-MIB ipNetToPhysicalPhysAddress
    SNMP table: IP-MIB::ipIfStatsTable
    index ipIfStatsInReceives ipIfStatsHCInReceives ipIfStatsInOctets
    ipv4.1 683929 ? 55054803
    ipv4.2 1123281 ? 107467461
    ipv6.1 152612 ? 17261398
    ipv6.2 15083935 ? 2131680450

    evyncke@charly:~$ snmpwalk -c secret -v 1 udp6:[2001:db8::1] –Cw 70 -m IP-MIB ipNetToPhysicalPhysAddress

    SNMP table: IP-MIB::ipIfStatsTable

    index ifIndex ifDescr ifType ifMtu ifSpeed
    1 1 FastEthernet0/0 ethernetCsmacd 1500 100000000
    2 2 FastEthernet0/1 ethernetCsmacd 1500 100000000

    1. I think that MIB only applies to IP stuff destined/sourced to/from the local system. Those IP-MIB counters are giving me values that are way too low (in the order of 1-2 packets per second), whilst “show int gig 0/1 accounting” is giving me definitely more correct counters

Leave a Reply

Your email address will not be published. Required fields are marked *