Monitoring Bandwidth Usage: Per Ip Address In Mikrotik

Monitoring bandwidth usage per IP address is a common requirement for network administrators, especially in scenarios where data caps or limited bandwidth allocations are in place. Several methods exist to accomplish this with MikroTik routers, ranging from built-in features to third-party tools and custom scripts. One approach is to utilise the kid-control functionality in RouterOS, which offers the ability to track bandwidth usage per IP. This data can then be stored locally on the router or an attached USB drive, and custom scripts can be employed to generate reports in HTML format. Additionally, MikroTik's Traffic Flow feature, accessible through the IP Firewall Mangle rules, provides a way to monitor bandwidth usage. This data can be analysed using third-party tools such as NetFlow, ntop, or Splunk. Furthermore, simple queues can be created for each IP address, and graphs can be generated to visualise the bandwidth usage over time. While these methods offer insights into bandwidth consumption, they may require additional tools or custom scripts to fully meet the needs of administrators.

Using RouterOS 7 and a USB flash drive

To monitor bandwidth usage per IP address in Mikrotik using RouterOS 7 and a USB flash drive, follow these steps:

Firstly, enable bandwidth tracking in kid-control. This can be done by adding the following configuration:

/ip kid-control add name=Monitor mon=0s-1d tue=0s-1d wed=0s-1d thu=0s-1d fri=0s-1d sat=0s-1d sun=0s-1d

Next, install and format a USB drive. Create a directory called "bandwidth" on the drive. This can be done by creating a folder on your PC and dragging it into the Winbox Files window. You can modify the script variables if you want to change the path.

Then, schedule the script to run at regular intervals, such as every hour, at x:59:59. The script will generate a final report for the month on the last day of the month at 23:59:59 and will not touch it again. The next scheduled run will use the new month's name for data files and the report.

Note that the HTML report will be placed in the root of the flash drive with a .txt extension due to a RouterOS limitation. To view the report, you need to download it from the Winbox Files window and then remove the .txt extension so that only .html remains. Alternatively, you can set up SFTP or FTP and use the fetch tool to rename or upload the report to another location on your network.

Another option is to use the IP Firewall Mangle feature to track bandwidth usage. Add two simple IP Firewall Mangle rules to keep track of your total internet data usage:

/ip firewall mangle add action=passthrough chain=forward comment="Download Global Counter" in-interface=ether1

/ip firewall mangle add action=passthrough chain=forward comment="Upload Global Counter" out-interface=ether1

Additionally, you can use Netflow or SNMP with third-party tools like ntop, LibreNMS, or ISPApp to monitor bandwidth usage per IP address. These tools provide more detailed information and can be used in combination with Mikrotik.

Tracking via kid-control functionality

Step 1: Enable Bandwidth Tracking in Kid-Control

Firstly, you need to enable bandwidth tracking in kid-control. This can be done by adding a configuration that allows tracking without limiting anything. The following command can be used:

/ip kid-control add name=Monitor mon=0s-1d tue=0s-1d wed=0s-1d thu=0s-1d fri=0s-1d sat=0s-1d sun=0s-1d

Step 2: Install and Format a USB Drive

For data storage, you can use a USB flash drive. This is recommended if your device supports external storage. If it doesn't, an alternative is to schedule the script to run less frequently, although this may result in more data loss due to unexpected reboots. Create a directory on the USB drive called "bandwidth". This can be done by creating a folder on your PC and then dragging it into the Winbox Files window.

Step 3: Schedule the Script

The script should be scheduled to run at regular intervals, such as every hour, at x:59:59. For example, you can use the following command:

/system scheduler add interval=1d name=ResetMangleCounters on-event=ResetMangleCounters policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/01/2020 start-time=00:00:00

This will generate a final report for the month on the last day of each month at 23:59:59. The next scheduled run will then use the new month's name for data files and the report.

Step 4: Read the Report

To read the report, download it to your computer and remove the .txt extension, leaving only .html. For example, for the month of May, the file name should be report-2022may.html. You can then open the file in any web browser. The report utilizes basic HTML with JavaScript and Google Charts for visualization.

Step 5: Modify the Script (Optional)

If you require more precision in the report, you can modify the script to report in megabytes instead of the default integers, which have an accuracy of +/-1GB. It is important to note that all calculations and saving are done in bytes, so there are no repeated rounding losses. The rounding happens only when the report is generated.

Additionally, if you are using a shared drive, such as an SMB Raspberry Pi, you may need to use the fetch tool to upload the report via SFTP as RouterOS cannot use SMB shares as a client.

Step 6: Limitations and Troubleshooting

It is important to note that kid-control counts all inter-VLAN traffic, not just WAN. This may impact the accuracy of the bandwidth usage data. Additionally, the script provided has only been tested with RouterOS 7. If you encounter issues with other versions, you may need to modify the script accordingly.

Using NetFlow and a NetFlow analyzer

NetFlow is a system that provides statistical information about packets that pass through a router. It is compatible with Cisco NetFlow and can be used with utilities designed for Cisco's NetFlow. NetFlow supports various formats, including versions 1, 5, 9, and IPFIX, each offering different features and capabilities. To use NetFlow for bandwidth monitoring, you can follow these steps:

• Enable NetFlow on your Mikrotik router by navigating to the "IP Traffic-Flow" section in the RouterOS configuration. Set "enabled" to "yes" and specify the interfaces you want to monitor.
• Specify the IP address and port of the host machine that will receive the NetFlow data. This can be done in the "IP Traffic-Flow Target" section.
• Install a NetFlow analyzer tool on the host machine to collect and analyze the NetFlow data. Examples include nProbe, ManageEngine NetFlow Analyzer, and Flowviewer.
• Configure the NetFlow analyzer to receive data from your Mikrotik router by specifying the IP address and port you configured in step 2.
• Start the NetFlow analyzer and verify that it is receiving data from the router.
• Utilize the features of the NetFlow analyzer to monitor bandwidth usage per IP address. This may involve setting up reports, alerts, or dashboards that provide real-time or historical data on bandwidth usage.

By following these steps, you can use NetFlow and a NetFlow analyzer to monitor bandwidth usage per IP address in your Mikrotik network. This will help you identify which devices or applications are consuming the most bandwidth and allow you to optimize your network performance accordingly.

Using a third-party bandwidth monitoring tool

There are several third-party tools available to monitor bandwidth usage per IP address in Mikrotik. Here are some options:

• Splunk: This tool allows you to log and monitor your Mikrotik Router(s) and provides a graphical user interface for data visualisation. However, it requires an additional application to run on a PC to gather information from the Mikrotik router.
• Nixellion/MikrotikTrafficMonitor: This is a GitHub project that provides a simple way to monitor bandwidth usage per IP address. It offers a web interface to access the data, but it does not work if fast track is enabled, as it bypasses accounting.
• Netflow: Netflow can help monitor bandwidth usage, but you will need a separate device with a netflow analyzer like ntop.
• ISPApp: ISPApp is an alternative to Splunk for managing Mikrotik routers. It can monitor traffic on all interfaces and is easier to set up. However, it is expensive.
• LibreNMS: LibreNMS, in combination with SNMP, can provide per-port accounting. It also allows you to set up alerts for certain usage percentages.
• Cacti: Cacti can be used to graph traffic into and out of separate bridges if you have different subnets NATted.
• Custom scripts: You can also create custom scripts to monitor bandwidth usage per IP address. For example, one user shared a script that uses the kid-control functionality in RouterOS to track monthly bandwidth usage per device. The script stores data on a USB drive and generates an HTML report. Another user shared a script that uses the IP Firewall Mangle passthrough feature to track bandwidth usage for DHCP clients.

Using Simple Queues and Graphing

MikroTik Graphing is a tool that can be used to monitor and record bandwidth usage per IP address. It can display graphics for traffic that passes through interfaces and simple queues, as well as CPU, RAM, and disk usage.

To set up MikroTik Graphing, follow these steps:

• Log in to your MikroTik Router and go to "Tools > Graphing."
• Click on the "Interface Rules" tab and then the PLUS SIGN (+) to add a new interface graphing rule.
• Choose the desired interface from the "Interface" dropdown menu. If you want to view all interfaces' traffic, select "all."
• Enter the desired IP address or network in the "Allow Address" field. If no specific IP address is provided, all IP addresses will be able to view the interface graphs.
• Click "Apply" and "OK" to save the new interface rule.
• Repeat these steps to create as many interface rules as needed.

To create Queue Rules for monitoring simple queue traffic:

• In the Graphing window, click on the "Queue Rules" tab and then the PLUS SIGN (+) to add a new queue graphing rule.
• Choose the desired simple queue from the "Simple Queue" dropdown menu. If you want to view all simple queues' traffic, select "all."
• Enter the desired IP address or network in the "Allow Address" field. If no specific IP address is provided, all IP addresses will be able to view the simple queue graphs.
• Click "Apply" and "OK" to save the new queue rule.
• Repeat these steps to create as many queue rules as needed.

Once you have configured MikroTik Graphing, you can view the bandwidth and resource usage graphs through Winbox or the web interface:

• In Winbox, go to "Tools > Graphing" and click on the "Interface Graphs" tab. Double-click on the desired interface rule to view its graph.
• Click on the "Queue Graphs" tab and select the desired queue to inspect its bandwidth usage report.
• Click on the "Resource Graphs" tab and double-click on the desired resource (CPU, RAM, or Disk) to view its usage graph.
• To view graphs through the web interface, go to https://[Router_IP_address]/graphs. You can also send this URL to your customers or clients for their own inspection.

Frequently asked questions