This document only describes using the CoralReef software package. It assumes your hardware is already set up according to the installation instructions and "Hardware" section of the FAQ, and that the CoralReef software is installed according to the INSTALL file in the top directory of the software distribution.
First, use crl_rate_layer2 to test that everything is set up correctly. Try a command like:
crl_rate_layer2 -Cd=60 /dev/fatm0
This will print a summary of the number of ATM cells and data rate
seen on each VC in a 60 second period. If these values look reasonable,
you know your hardware and drivers are set up correctly.
If you have a POINT card and see a large number of unexpected VC's in
addition to the expected VC's, especially at high total traffic rates,
you may be experiencing a known bug in which the POINT card shifts ATM
cells by a multiple of 4 bytes.
If you plan to use CoralReef for IP analysis, try crl_rate next. For example,
crl_rate -Cd=60 /dev/fatm0
This will print a summary of IP packets, IP bytes, and non-IP datagrams seen
on each VC in a 60 second period.
This assumes that each VC of an ATM interface contains
traffic encapsulated with LLC/SNAP according to RFC 1483. If this is
not true, you'll see a lot of non-IP packets reported in the example above.
If you want to ignore certain VCs (such as those dedicated to signalling),
you can exclude them with the deny option.
If some or all of your VCs contain an encapsulation other than RFC 1483,
you can specify that with the proto option.
(See the Command Usage document.)
For example, if you have
null-encapsulated IP traffic on VP:VC 42:6, ATM_RFC1483 traffic on VP:VC 27:3,
and there's signalling traffic on VP:VC 0:16 that you don't care about,
you might have a Cisco router with the configuration
atm pvc 1 42 6 aal5mux ip
atm pvc 2 27 3 aal5snap
and you would use a CoralReef command like this:
crl_rate -C'deny 0:16' -C'proto 42:6 IP' -Cd=60 /dev/fatm0
This will print the same summary as the previous example, except that
VP:VC 0:16 will be ignored,
VP:VC 42:6 will be interpreted as containing null-encapsulated IP,
and every other VP:VC will be interpreted as containing ATM_RFC1483.
You may want to put these proto and
deny commands in a configuration file,
which you can use with any crl_* application with the
-Cf=file option.
For more information on applications, see the Applications document.