diff --git a/patches/systemvm/debian/config/opt/cloud/bin/cloud-nic.sh b/patches/systemvm/debian/config/opt/cloud/bin/cloud-nic.sh
index 8dd623a6416..d540cca4c4a 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/cloud-nic.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/cloud-nic.sh
@@ -16,6 +16,11 @@ unplug_nic() {
   sudo ip route flush table $tableName
   sudo sed -i /"$tableNo $tableName"/d /etc/iproute2/rt_tables 2>/dev/null
   sudo ip route flush cache
+  # remove usage
+  sudo iptables -t mangle -F NETWORK_STATS_$dev 2>/dev/null
+  sudo iptables -t mangle -D POSTROUTING -o $dev -j NETWORK_STATS_$dev 2>/dev/null
+  sudo iptables -t mangle -D POSTROUTING -i $dev -j NETWORK_STATS_$dev 2>/dev/null
+  sudo iptables -t mangle -X NETWORK_STATS_$dev 2>/dev/null
 }
 
 action=$1
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
index f7111747339..79bebf7df03 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
@@ -28,3 +28,18 @@ getEthByIp (){
   return 1
 }    
 
+getVPCcidr () {
+  CMDLINE=$(cat /var/cache/cloud/cmdline)
+  for i in $CMDLINE
+  do
+    # search for foo=bar pattern and cut out foo
+    KEY=$(echo $i | cut -d= -f1)
+    VALUE=$(echo $i | cut -d= -f2)
+    if [ "$KEY" == "vpccidr" ]
+    then
+      echo "$VALUE"
+      return 0
+    fi
+  done
+  return 1
+}
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index 4c1020669ef..449729612a8 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -16,6 +16,7 @@
 # @VERSION@
 
 source /root/func.sh
+source /opt/cloud/bin/vpc_func.sh
 
 lock="biglock"
 locked=$(getLockFile $lock)
@@ -67,6 +68,13 @@ desetup_dnsmasq() {
   sleep 1
 }
 
+setup_usage() {
+  sudo iptables -t mangle -N NETWORK_STATS_$dev
+  sudo iptables -t mangle -A POSTROUTING -o $dev -j NETWORK_STATS_$dev
+  sudo iptables -t mangle -A POSTROUTING -i $dev -j NETWORK_STATS_$dev
+  sudo iptables -t mangle -A NETWORK_STATS_$dev -o $dev ! -s $vpccidr
+  sudo iptables -t mangle -A NETWORK_STATS_$dev -i $dev ! -d $vpccidr
+}
 
 create_guest_network() {
   logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network $ip/$mask "
@@ -143,6 +151,7 @@ do
   esac
 done
 
+vpccidr=getVPCcidr
 
 if [ "$Cflag$Dflag$dflag" != "11" ]
 then
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh
index 0ddb46b6c3a..fa0dbc97d0a 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_netusage.sh
@@ -40,7 +40,7 @@ create_usage_rules () {
 }
 
 get_usage () {
-  iptables -L NETWORK_STATS_$gGateway -n -v -x | awk '$1 ~ /^[0-9]+$/ { printf "%s:", $2}'; > /dev/null
+  iptables -L NETWORK_STATS_$ethDev -n -v -x | awk '$1 ~ /^[0-9]+$/ { printf "%s:", $2}'; > /dev/null
   if [ $? -gt 0 ]
   then
      printf $?
@@ -49,7 +49,7 @@ get_usage () {
 }
 
 reset_usage () {
-  iptables -Z NETWORK_STATS_$gGateway > /dev/null
+  iptables -Z NETWORK_STATS_$ethDev > /dev/null
   if [ $? -gt 0  -a $? -ne 2 ]
   then
      return 1
@@ -93,8 +93,7 @@ done
 
 if [ "$cflag" == "1" ] 
 then
-  create_usage_rules  
-  unlock_exit $? $lock $locked
+  unlock_exit 0 $lock $locked
 fi
 
 if [ "$gflag" == "1" ]