I am not comfortable with the meaning of Layers 2/3 but I'll assume that
Layer 2 is the encapsulated data that actually ends up going across the
Since the overhead for encapsulation should be constant/known I don't see
why you couldn't use the standary ipchains counters and just add a
constant overhead as function of the number of packets passed.
A thought of consolation may also be that I worked for a relatively large
ISP in Germany for a while and, though I was just a temp, I got to see
that they used 'guess-billing' routines for exactly the purpose you
describe. So how sure are you that the ISP has accurate logs?
: We are running a Webserver for different domains, using ip-aliasing with
: a 2.2.10 kernel.
: The problem we are now facing is that the accounting based on ipchains,
: that we are using so far actually accounts on Layer3 of the
: Protocol-Stack. That means, that the data we get about what traffic is
: produced on which IP can`t be directly compared to our Provider's
: IP-Accounting. Is there any possibility to exactly account how much
: traffic originates from which IP ?
: Thanks in advance
: Holger von Ameln