Re: [nsp] ip accounting-transit?

From: Ray Davis (ray@carpe.net)
Date: Tue Jun 19 2001 - 04:35:53 EDT


> On the way I found another interesting command,
> "ip accounting-transits count"
> described as:
> Control the number of transit records that
> will be stored in the IP accounting
> database"
>
> now what's this? What is considered a "transit record"? It sounds
> similar to "ip accounting-threshold", but I can't see where it fits in?
> Maybe it goes together with "ip accounting-list" (which I don't use
> 'cause it isn't too useful for us)?

As I understand it 'ip accounting-threshold' limits the number of records
stored for entries that match your 'ip accounting-list' commands and
'ip accounting-transits' limits the number of records stored for entries
that do not match your 'ip accounting-list' commands.

> Also, I just found that I don't understand "ip accounting-list" either - I
> thought it would restrict the IP addresses that go into accounting, but
> it doesn't work (with 12.2(2)T) - I have set "ip accounting-list" entries
> for two single hosts, and "show ip account" shows everything that passes
> through this router.

Try setting ip accounting-transits to 0 (the default).

> Does someone have a working sample for *this*?

No idea if this snippet is optimal, but it works for me:

    ip accounting-threshold 4098
    ip accounting-list 123.123.237.32 0.0.0.15
    ip accounting-list 123.123.238.48 0.0.0.7
    ip accounting-list 123.123.240.192 0.0.0.31
    ip accounting-list 123.123.236.0 0.0.0.31
    ip accounting-list 123.123.229.44 0.0.0.3
    ip accounting-list 123.123.242.192 0.0.0.63
    ip accounting-list 123.123.243.128 0.0.0.127
    ip accounting-list 123.123.237.80 0.0.0.15
    ip accounting-list 123.123.229.60 0.0.0.3
    ip accounting-list 123.123.236.128 0.0.0.31
    ip accounting-list 123.123.229.128 0.0.0.63
    ip accounting-transits 1024

    interface FastEthernet0/0
     description local ethernet
     ip accounting output-packets

    interface FastEthernet0/1
     description SDSL customer router
     ip accounting output-packets

    interface FastEthernet1/0
     description upstream A
     ip accounting output-packets

    interface Serial1/0:0
     description to ffm1 NAP
      ip accounting output-packets

    interface Serial1/3
     description upstream B
      ip accounting output-packets

Every 15 minutes a unix box uses expect to login to the router and do:

    term len 0
    clear ip accounting
    show ip accounting checkpoint

Then another script parses the checkpoint file and stuffs the data
into a postgres database. Postgres is great since you can make
queries using cidr syntax:

    destination_addr << 123.123.240.192/26

Cheers,
Ray

> Hi,

> starting from the "ip netflow feature-accelerate"-Thread I went to CCO
> to find out what this does (and couldn't find anything useful - it's
> mentioned in a couple of sample configurations, but never fully
> *explained* - or at least I didn't find the relevant page).

> On the way I found another interesting command,
> "ip accounting-transits count"
> described as:
> Control the number of transit records that
> will be stored in the IP accounting
> database"

> now what's this? What is considered a "transit record"? It sounds
> similar to "ip accounting-threshold", but I can't see where it fits in?
> Maybe it goes together with "ip accounting-list" (which I don't use
> 'cause it isn't too useful for us)?

> Also, I just found that I don't understand "ip accounting-list" either - I
> thought it would restrict the IP addresses that go into accounting, but
> it doesn't work (with 12.2(2)T) - I have set "ip accounting-list" entries
> for two single hosts, and "show ip account" shows everything that passes
> through this router. Does someone have a working sample for *this*?

> confused,

> gert

> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert@greenie.muc.de
> fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:42 EDT