[c-nsp] Usage Billing w/ Netflow / Implementation Pitfalls

Tue May 20 14:39:38 EDT 2008

Haha, yeah, I *knew* that was going to come up... the FIB TCAM is running at
about 99% capacity, but I haven't had any issues yet; I'm hoping I can
software switch until they're willing to spring for 720's, otherwise it
looks like I won't be taking full routes anymore... :) Ultimately, I guess
I'll just have to install some different packages and do some
experimenting... Thanks!

Chris

On 5/20/08, Peter Rathlev <peter at rathlev.dk> wrote:
>
> Hi Chris,
>
> On Tue, 2008-05-20 at 14:03 -0400, Chris Riling wrote:
> > I know this has been asked thousands of times before, but I don't think
> > anyone has ever answered it in quite the same fasion. I'm thinking
> >  about turning on netflow on my border routers (7606's with Sup32's /
> >  full routes);
>
> Impressive. I didn't think Sup32 could do full routes any longer. :-)
>
> > Think I'll see any issues from turning on the exports?
>
> It shouldn't have any impact on the hardware forwarding of the box, but
> the export uses some CPU on the MSFC. On our Sup720s the CPU spends most
> of its time around 0-1%, exporting on average ~400 flows per second.
> They're not really doing much else with the CPU though, no full tables
> or anything. The Sup32 may be stressed a little more, and it all depends
> on how many flows you export.
>
> You also need to think about the TCAM, there's a limit on how many flows
> you can store at once, maybe forcing you to use aggressive aging timers.
>
> AFAIK no Netflow configuration should have any impact on the forwarding
> performance of the box, but I may be very wrong. ;-)
>
> > Also, specifically, we're looking to see the ability to generate
> >  reports for say, a /22, and the amount of transfer for each host in
> >  the /22 that has entered / exited our network at the border (MRTG on
> >  the switchports isn't going to cut it). I've heard that a lot of
> >  people use ntop for this sort of thing, but in the demo I wasn't able
> >  to find anything that did exactly this, and I wanted to consult the
> >  list before turning on Netflow at the border routers anyway. I've also
> >  heard of people using stager for the report generation; can stager do
> >  the same sort of thing?
>
> We're using nfdump/NFSen and it can do all kinds of sweet things
> regarding aggregation. We're not using it for billing though, just for
> base lining and such.
>
> This reminds me: All the flows we receive max out at ~2.1GB. I'd like to
> assume that this is because the switches automatically ages flows before
> they reach the 32-bit limit (or 31-bit?); can anyone confirm this?
>
> Regards,
> Peter
>
>
>