Detailed Wireless Client Stats with collectd

collectd has always been able to grab interface traffic statistics from Linux. But what if we want to collect data about individual WiFi clients that connect to it? How much bandwidth is each of the clients using?

That information is already being recorded by the wireless driver; all we need to do is to query it. Turns out you can do that with the wl utility. This is Broadcom’s proprietary tool to control and query the wireless interfaces.

To do this, first use wl to get associated stations:

wl -i eth2 assoclist

Given a particular MAC address that is associated to the AP, query its info using sta_info:

# wl -i eth2 sta_info d4:a3:00:aa:bb:cc
 STA d4:a3:00:aa:bb:cc:
     aid:2
     rateset [ 6 9 12 18 24 36 48 54 ]
     idle 0 seconds
     in network 16 seconds
     state: AUTHENTICATED ASSOCIATED AUTHORIZED
     flags 0x11e03b: BRCM WME N_CAP VHT_CAP AMPDU AMSDU
     HT caps 0x6f: LDPC 40MHz SGI20 SGI40
     VHT caps 0x43: LDPC SGI80 SU-BFE
     tx data pkts: 663916
     tx data bytes: 68730715
     tx ucast pkts: 155
     tx ucast bytes: 42699
     tx mcast/bcast pkts: 663761
     tx mcast/bcast bytes: 68688016
     tx failures: 0
     rx data pkts: 234
     rx data bytes: 73557
     rx ucast pkts: 192
     rx ucast bytes: 62971
     rx mcast/bcast pkts: 42
     rx mcast/bcast bytes: 10586
     rate of last tx pkt: 866667 kbps
     rate of last rx pkt: 780000 kbps
     rx decrypt succeeds: 195
     rx decrypt failures: 1
     tx data pkts retried: 19
     tx data pkts retry exhausted: 0
     per antenna rssi of last rx data frame: -61 -56 -59 0
     per antenna average rssi of rx data frames: -61 -56 -57 0
     per antenna noise floor: -104 -98 -98 0

The “easy way” is probably to write a shell script, invoked via the Exec plugin that calls wl multiple times (once per interface, and once for each WiFi client) and uses grep or awk to get the information we need. This won’t be performant, of course.

wl itself does have quite a fair bit of overhead. It does some verification of the provided interface name. It checks for the Broadcom driver magic to ensure that the interface is a Broadcom device. It then needs to convert the MAC address from the argument string to binary, and vice-versa. Sure, that’s not really much “these days”, but we can definitely do better.

Instead, let’s short-circuit the process and write a plugin that directly collects the data, without going through wl. This way, we avoid creating several new processes for every query.

Continue reading

Advertisements

Cross-compiling collectd for ASUSWRT

I have been using collectd on my server to monitor traffic (inbound, outbound and to/from the Internet), as well as disk stats because it’s being used as a NAS. So far it has been helpful, observing various graphs to understand patterns, and detecting problems when they happen.

I’m also recording video from a WiFi camera, so I can constantly see traffic that comes into the server. But without visibility on the router itself, I am unable to determine whether the traffic is from the 5 GHz or 2.4 GHz band, or the guest network.

By getting a collectd instance onto the router, we can get those detailed interface statistics separately.

Continue reading

ONV PD3401G PoE Splitter Teardown & Review

Continuing my PoE series, I bought the ONV PD3401G, an active PoE splitter that is capable of extracting up to 60W (24V @ 2.5A) from the PSE. It is housed in a small aluminum extruded case that can be DIN rail mounted. This splitter is comparatively low-cost, about US$35, and more importantly, is capable of passing through Gigabit.

ONV seems to be quite a reputable company, so I believe their products shouldn’t be too badly designed. This unit can also be easily purchased on Aliexpress without having to go through some obscure distributor.

ONV PoE splitter, side view

ONV PoE splitter, front view

Internally it uses the LT4275A (marking LTGBT) for PD interfacing. The A variant of this chip supports up to 90W of power. On the power supply side, it uses a NCP1034 synchronous buck converter. The NCP1034 is capable of handling up to 100V, which is more than sufficient for PoE.

Looking inside, the in/out Ethernet ports are connected via a transformer, in order extract power from the center taps of each pair. We can see that the PCB traces for the input port pairs are thicker to carry the higher currents. Large beefy diodes form rectifier bridges for the data pairs.

PCB, top side

Surrounding the input port on the underside, there are a lot of unpopulated components; those were supposed to offer input protection, probably using some TVS of some kind. these are marked RD1 ~ RD8, one for each Ethernet wire.

Continue reading

Extending ASUSWRT Functionality, Part 2

Following up from my earlier post, Asus has released faster and beefier routers. But perhaps the more important change here is that they have moved from MIPS in the RT-N56U to ARM in newer routers. I have also upgraded to the RT-AC68U for better reception and hopefully to fix the poor battery life experienced by my Android tablet.

the Asus N56U and AC68U routers, side by side

After upgrading, I noticed that the method I described back then no longer works. Someone also noticed this, as they translated key portions of my post into Chinese, while pointing out some of the steps that didn’t work.

In this post, I’ll summarize the key changes required to get it working again.

Continue reading

PoE: Quick Guide & Cheap Hardware

I have been looking around for Power over Ethernet (PoE) devices to supply power to some networking hardware that will be located in a remote location, without a convenient power outlet. These networking hardware do not have built-in PoE support, so I have to find both an injector and a splitter device.

PoE is typically found on enterprise networking equipment, which usually means a higher price tag. Not wanting to spend a ton on PoE hardware, I did some research to understand what was required to make it work.

Hopefully this will help you understand PoE, how it works, and what to look out for when shopping for PoE hardware that are suitable for your needs.

PoE Quick Guide

Active vs Passive

Passive adapters are very simple, and you will see them mostly as an RJ45 socket with pigtails for power and Ethernet. These adapters do not contain or require any circuitry, which also explains why they are the more inexpensive option between the two.

Photo of a passive PoE injector & splitter pair, sold on Adafruit

Active PoE (the real Power over Ethernet) on the other hand requires some negotiation between the two devices, called the PSE (power sourcing equipment) and the PD (powered device).

There are several PoE standards. 802.3af, 802.3at and the newer 802.3bt. The difference is mainly in the maximum power is made available to PDs:

  • 802.3af – 15.4W
  • 802.3at – 30W
  • 802.3bt – 60W to 100W

802.3bt was just ratified in the last year (2017). In the time span before the 802.3bt standards was ratified (~8 years!), some companies like Linear Technolgy & Cisco Systems took it upon themselves to find other means of carrying up to 60W. The result was LTPoE++ and UPOE, an evolution of the existing 802.3af/at standards, but may not be compatible with the final standard arrived at by committee.

Mode A or B

The Cat5 cable has 8 wires, forming 4 twisted pairs. For 10/100Mbps, only 2 pairs are used: pair 1/2 for Tx and pair 3/6 for Rx.

The modes refer to how power is delivered to the device:

  • Mode A: pairs 1/2, 3/6
  • Mode B: pairs 4/5, 7/8

PoE mode A & B wiring diagram

Mode A uses the data pairs for power. This mode is well suited for very old cabling which didn’t connect all 4 pairs end-to-end. You might see some manufacturers calling this mode End-span wiring. To carry power over the same data cables, phantom power delivery is used (more on this later).

Mode B uses the unused (or spare) pairs for power. You might see this being referred to as Mid-span. This type of wiring is easier because it knows the pair is not carrying any data and thus can be wired directly.

Unlike mode A, mode B in this form cannot be used to carry power for Gigabit networks, because a Gigabit connection will require all 4 pairs for data transmission. Power must therefore be delivered via centre-tapped transformers, or what is known as phantom power. How this works is explained in a 1944 US Army video on telephone electronics.

Power Capacity

The committee decided that two pairs of Cat5 wire should only carry up to 30W of power; which two pairs will depend on whether mode A or B wiring is used.

For higher power capacity like 802.3bt (PoE++) or the non-standards-based UPOE and LTPoE++, the other 2 pairs will be paralleled up, making use of all 4 pairs to carry higher currents.

PoE wiring diagram for 4-pair based PoE

For Gigabit Ethernet (1000Mbps), because all 4 pairs are used to carry data, power (regardless of which pairs used) must be delivered via phantom power delivery.

Why use Active PoE?

In short, because it is safer.

It was designed with the consideration that not all network equipment can accept power, whether via the data pairs or spare pairs.

During the detection phase, the PSE will apply 2.7V to 10V to check for a known resistance. This voltage is low enogh and also for a brief period such that it wouldn’t matter if the device on the other end is shorted. A device that was not designed for PoE would thus never see any higher voltage beyond the detection phase.

Graph depicting voltage vs time during various PoE phases

In contrast, passive PoE makes the full voltage and current available on the data/spare pairs. If the remote end is using a magnetics configuration that shorts out the centre taps, the 30W of power would just melt the port (one would assume).

Integrated PSE controller chipsets will also contain features like overcurrent protection, thermal cut-offs and surge protection, etc. which all contribute towards keeping your PDs safe from harm.

Finding Low-Cost PoE Hardware

It was quite a daunting task, trawling AliExpress for PoE injectors & splitters. The description or specifications for items are also not accurate; it’s like finding a USB cable listed as capable of carrying 2A when in fact it does not.

While passive injectors are the cheapest option, most of them are not meant for Gigabit Ethernet. Recall that Mode B wiring is the easiest and most low-cost method for building a passive device, and that is what you will mostly find. This wiring configuration does not pass through all 4 pairs and thus cannot be used for Gigabit.

Most active PoE splitters output 12V, or 5V via USB. This is largely due to the fact that these devices were meant for IP cameras, which operate at that voltage. If your target device uses a non-standard voltage, you will have difficulty finding a suitable (and yet low-cost) splitter.

Here’s a list of hardware I’ve found; which one is suitable for you depends on your requirements:

  • Do you need 1000Mbps, or just 10/100Mbps would suffice?
  • What voltage does your target device require?
  • How much power does it require? 13W, 30W?

Continue reading