I'm trying to graph network usage on my router for a specific interface using data from SNMP. I know that ifInOctets/ifOutOctets is only 32 bit and will overflow for high speeds and make my graphs look dumb, but it looks like the differences in values returned by ifInOctets/ifOutOctets and ifHCInOctets/ifHCOutOctets aren't always identical. I've tested a few times by using snmpwalk | grep InOctets
and subtracting the values. Sometimes I see that the change in the 32-bit counter is significantly less (more than 50%) than the change in the 64-bit version, and sometimes I see it go the other way with the 64-bit counter showing a smaller delta.
Am I missing something in the way that the 64-bit counters should be read, or is there just a difference in how their data gets updated? The 32-bit numbers match up with what's in /proc/net/dev, so I'm inclined to believe them more, but the wrapping issue makes them unusable when the speed gets too high:
Here are a few examples, each snmpwalk was run about 10 seconds apart:
$ snmpwalk -c public -v2c 192.168.1.1 | grep -i InOctets.2
IF-MIB::ifInOctets.2 = Counter32: 2291487255
IF-MIB::ifHCInOctets.2 = Counter64: 2901400127083
$ snmpwalk -c public -v2c 192.168.1.1 | grep -i InOctets.2
IF-MIB::ifInOctets.2 = Counter32: 2297202283
IF-MIB::ifHCInOctets.2 = Counter64: 2901400298056
32-bit change: 5715028
64-bit change: 170973
$ snmpwalk -c public -v2c 192.168.1.1 | grep -i InOctets.2
IF-MIB::ifInOctets.2 = Counter32: 2297528566
IF-MIB::ifHCInOctets.2 = Counter64: 2901400453366
32-bit change: 326283
64-bit change: 155310