SNMP Bandwidth Monitoring with Node-Red

This is an example of how to monitor the bandwidth usage of a firewall. The data is queried via SNMP from the firewall and visualized via Node-Red. Firewall System in this case is an OPNSense.

SNMP Bandwidth Monitoring Flow with Node-Red

The background: On Linux systems you can’t query utilization via SNMP. You can just query the number of octets transmitted or received on a specific interface.

The trick: Query the octets of input and output interface, wait for 1 second and check query again. Then subtract both values from each other and convert them to MBit/s.

Here are the single node configurations for the Input Utilization:
Start with Inject node: Mark inject once after 0.1 seconds and set repeat to 2 seconds.
SNMP node (WAN interface input): OID (beware: no leading dot)
Split node (split): default
Change node: Move msg.payload.value to msg.payload
Head over to the Delay node: Configure a 1 second delay
Add another SNMP, Split and Change Node with same parameters as above
Combine both Change nodes with a Join node (Input): Manual Mode, combine each msg.payload to create an array after a number of message parts: 2
Add a function node to calculate the bandwidth utilization:

msg.payload = msg.payload[1] – msg.payload[0];
msg.payload = msg.payload / 1048576 * 8;
return msg;

At least (for input) add a chart node, label it input and configure x-axis last 1 minute.
To add another graph for Output, just copy and paste the flow above and change the OID in the two SNMP nodes to OID for outgoing packets.

Node-Red Dashboard: Bandwidth Utilization WAN Interface

OPNSense / pfSense High Availability

If you have problems with High Availability, CARP and DHCP failover on pfSense or OPNSense, you should check that the interfaces on both systems are the same. It is not the freely assigned interface name that counts, but the names that the system assigned during the initial setup (OPT1, OPT2, and so on). So, if interface VLAN10 on Master is OPT1 and VLAN10 on Backup is OPT2, then some functions like DHCP synchronization will not work! You will see errors like:
„DHCP rejected: Connection rejected, invalid failover partner“ or
„[…] rejected: Connection rejected, invalid failover partner.“ or
„dhcp failover peer state unknown“
It does not matter that the IP connection works! The (system) names of the interfaces are relevant.