@internet54:

Also, side question, I have the two servers and on the linode manager dashboard it shows the combined network pool. If I go over bw on one server and the network pool is still not 100% then I am still gonna be charged for the overage correct?
I can't answer your other question with regard to logging, but this is incorrect; you have one bandwidth quota and it is pooled across all servers.

@internet54:

I have 3 sites that are heavy mysql database websites and I would like to know if there is a way to test what ips are being used for transmitting the data between the 2 servers.
If I understand your configuration correctly, this question doesn't really make sense.

Regardless of what "site" is being accessed from the public network on your single front-end server, there's never more than a single pair of IP addresses involved in communication with your second, database, machine - that of the private addresses of the front end and database machine. E.g., the web application on your front end machine that is making the database requests is always the "client" for such requests, not the original requester on the public network.

But yes, this complicates knowing what contributes to that traffic, so you'd have to figure that out based on some other logging, and likely some estimation of how requests translate to traffic.

If you're in control of the application stack, you could perhaps add some specific logging for this purpose, but that may be more work than it's worth. My guess is bandwidth will scale somewhat linearly with request load (assuming roughly equivalent database operations being performed by each site for page requests) so if you just divvy up the aggregate private network usage by the ratio of requests among the sites you won't be all that far off. If the sites are very different types of database users, you could probably estimate some factor to apply to each site to account for that.

Do you really need to account for the precise breakdown of private network traffic?

> What is confusing me the most is that the private bandwidth usage on the mysql server should be extremely low if it is only using private bandwidth.
Do you mean "public" in the first part of this sentence? Your private bandwidth usage should be 100% of your usage, no? But yes, public traffic to your database server should be trivial.

One thing you could do is put very harsh filters on the public address of your database server, thus precluding it from ever handling any direct traffic, and ensuring that you're only communicating with it over the private interface.

> Also, side question, I have the two servers and on the linode manager dashboard it shows the combined network pool. If I go over bw on one server and the network pool is still not 100% then I am still gonna be charged for the overage correct?
iml's response is correct in that bandwidth limits are pooled among all your Linodes, but I'll also mention that this counts even across data centers if you happen to have machines in multiple data centers at some point.

– David

Leave it to me to sound confusing. :lol:

Ok. I have mysql.domain.com pointing to the mysql private ip address on the main machine. On the mysql server I have the host.domain.com private ip address setup. So both private ip's are talking with each other.

This is confirmed via working database connections and using

netstat -n

While using netstat -n I noticed that there were a few IP's that are of the main servers public ip address. If everything was being sent through the private IP's then I shouldn't be seeing any, or just a small amount of public bandwidth showing up in the linode manager graphs.

In just a few days my mysql server bandwidth graph is showing the usage of 33gbs. Am I right in assuming that some of the traffic between the servers are going through public ip addresses?

Which IP address did you tell your web applications to use when connecting to the MySQL server? If you told them the public IP address of the MySQL server (or any publicly available domain name, such as mysql.example.com), of course all traffic will go through the public interface. If you told them the private IP address (192.168.x.x), then you should be OK.

@hybinet:

Which IP address did you tell your web applications to use when connecting to the MySQL server? If you told them the public IP address of the MySQL server (or any publicly available domain name, such as mysql.example.com), of course all traffic will go through the public interface. If you told them the private IP address (192.168.x.x), then you should be OK.

I have mysql.domain.com on the main server setup with the private IP.

I have host.domain.com on the mysql server setup with the private IP.

I can acknowledge that they are speaking with each other and and using the private network for the majority of connections. However, I am seeing the public IP's every now and then using netstat. I'd like to figure out what is causing this.

Thanks.

To clarify, I believe the graphs show combined traffic, but the bandwidth meter should only show public traffic.

Does netstat show the traffic as being to port 3306 (mysql)? If not, which port?

On your database server, try something like this to monitor all TCP connections on non-private IPs with tcpdump:

`$ sudo tcpdump -n -i eth0 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net 192.168.128.0/25'

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

11:40:47.694319 IP 192.0.2.103.50373 > 97.107.134.213.80: Flags [s], seq 1628722382, win 5840, options [mss 1460,sackOK,TS val 294149842 ecr 0,nop,wscale 6], length 0
11:40:47.747661 IP 97.107.134.213.80 > 192.0.2.103.50373: Flags [S.], seq 4080896205, ack 1628722383, win 5792, options [mss 1460,sackOK,TS val 381323993 ecr 294149842,nop,wscale 5], length 0
11:40:50.310730 IP 192.0.2.103.50373 > 97.107.134.213.80: Flags [F.], seq 1, ack 1, win 92, options [nop,nop,TS val 294150497 ecr 381323993], length 0
11:40:50.349323 IP 97.107.134.213.80 > 192.0.2.103.50373: Flags [F.], seq 1, ack 2, win 181, options [nop,nop,TS val 381326595 ecr 294150497], length 0` 

In this example, there's one connection with two start packets (the first and second -- see the [s] and [S.] flags) and two finish packets ([F.] and [F.]).  This should give you an idea of what's going on.  (You can also change the "and not" to "and" for traffic traversing just the private network.)

As a matter of security, you probably want to firewall traffic to your mysql server from non-trusted source IP addresses.  You could consider the public IP of your web server to be non-trusted, drop any such traffic, and then see what breaks.  <e>:-)</e>

Also, take a look at munin, especially the ip_ plugins.  By adding a passive rule to iptables, it will monitor traffic involving a particular IP address, which is a lot more granular than graphing by interface:

![](http://drop.hoopycat.com/ip_97_107_134_213-day-20110120.png)~~[img]~~<url url="http://drop.hoopycat.com/ip_97_107_134_213-day-20110120.png"><link_text text="http://drop.hoopycat.com/ip_97_107_134_ ... 110120.png">http://drop.hoopycat.com/ip_97_107_134_213-day-20110120.png</link_text></url><e>[/img]</e>![](http://drop.hoopycat.com/ip_97_107_131_4-day-20110120.png)~~[img]~~<url url="http://drop.hoopycat.com/ip_97_107_131_4-day-20110120.png"><link_text text="http://drop.hoopycat.com/ip_97_107_131_ ... 110120.png">http://drop.hoopycat.com/ip_97_107_131_4-day-20110120.png</link_text></url><e>[/img]</e>

(I'm using two public IPs in this example, but same deal.)[/s][/s]