You are here

High Data Usage Over Tunnel

9 posts / 0 new
Last post
AJ6BL
AJ6BL's picture
High Data Usage Over Tunnel

I have noticed that my tunnel client is processing a tremendous amount of data through my network. In the last 24 hours it has downloaded 1.6GB and uploaded 95MB of data. I have not been using the node and no computers are connected to the system currently, so I don't know what this could be. When I do a packet inspection it shows the majority of this is "Unknown" data. My guess is that somehow all the traffic on the tunnel servers end is passing though my node somehow, but thats just a guess. Any thoughts? Thanks!

K6CCC
K6CCC's picture
Since you appear to not be RF

Since you appear to not be RF connected to anything else, and you have only the one tunnel, I would assume that everything you are seeing is going to something at your station.  Your node indicates that you are running a PBX, so I would assume most of the traffic is related to the PBX.
 

AJ6BL
AJ6BL's picture
I will disconnect the PBX and

I will disconnect the PBX and see what happens. Whats odd is that the PBX only has 1 client and I rarely use it. Thanks for the followup.

AJ6BL
AJ6BL's picture
I checked the traffic from

I checked the traffic from the pbx and it shows that it passed about 13mb of traffic over the last 24hrs compared to the 3.9GB that the node passed. I am taking it off the WAN for now.

K5DLQ
K5DLQ's picture
did you have "Mesh Gateway"

did you have "Mesh Gateway/Allow others to use my WAN" enabled?
 

AJ6BL
AJ6BL's picture
I dont but that was the first

I dont but that was the first thing I thought. This is running on a Mikrotik hAP. Firmware glitch maybe?

KX5DX
How big of a mesh network are

How big of a mesh network are you connecting to over the tunnel?

I remember seeing about 150Kbps of constant traffic when connecting to a big mesh like those in California. That's about 1.5GB/day of mostly routing updates.

K6CCC
K6CCC's picture
Good catch KX5DX.  Yes he is

Good catch KX5DX.  Yes he is out here in SoCal, and you are right, there is a lot of traffic.  OLSR entries from my hAP (also in the SoCal network): 

Total = 1413
Nodes = 449
 
AE6XE
AE6XE's picture
If you install the tcpdump

If you install the tcpdump package, then it is possible to see the live traffic on a mesh node.   (If using a nightly build, be sure to get current version, then install the package.)   on the node, do an "ifconfig" command to see the interfaces.  An interface of, e.g. eth1.2 (looking for one with ".2", which means vlan 2) to see traffic going in/out the dtdlink interface.  to see tunnel traffic, look for a "tun*" interface.   

On my hap ac lite over the dtdlink, the command is "tcpdump -i eth1.2 port 698" to see all the olsr packets.  In one second on the SoCal mesh, it looks like this:


09:15:20.073546 IP dtdlink.AE6XE-NSM3-QTH.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0x304e, length 1452
09:15:20.132813 IP dtdlink.AE6XE-haplite-qth.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0xb350, length 52
09:15:20.178186 IP dtdlink.AE6XE-NSM3-QTH.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0x304f, length 776
09:15:20.371296 IP dtdlink.AE6XE-NSM3-QTH.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0x3050, length 1456
09:15:20.471120 IP dtdlink.AE6XE-NSM3-QTH.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0x3051, length 1464
09:15:20.475170 IP dtdlink.AE6XE-NSM3-QTH.local.mesh.698 > 10.255.255.255.698: OLSRv4, seq 0x3052, length 1468

This is about 7kb/sec incoming rate (from my ae6xe-nsm3-qth node on the roof).  This is about 605M per 24hr day.

Do you have a gateway advertised?   Someone downloading windows updates, etc.?   

To see the traffic routing though your mesh node (or any connection the iptables or the firewall is tracking), do:   "cat /proc/net/nf_conntrack".   This may take some investigation/learning to interpret these connections (going through the NAT to the internet). 

Joe AE6XE

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer