[c-nsp] Usage Billing w/ Netflow / Implementation Pitfalls

Chris Riling criling at gmail.com
Tue May 20 17:03:56 EDT 2008 

I track based on interface where I can (which is most everywhere), but there
is one portion of the network where this is not really possible due to
design issues of something I inherited... I'm in the process of changing
that, but realistically I'll never entirely get away from having to do
*some* form of IP based accounting, only limit the scope of interfaces where
I'll see the traffic when the network is more segmented. Then I can pull
netflow info from specific interfaces which would have a very small number
of subnets hanging off of them, but I'd still have to sort it by some sort
of L2 or L3 info...

Chris


On 5/20/08, Gert Doering <gert at greenie.muc.de> wrote:
>
> Hi,
>
> On Tue, May 20, 2008 at 02:03:19PM -0400, Chris Riling wrote:
> >      I know this has been asked thousands of times before, but I don't
> think
> > anyone has ever answered it in quite the same fasion. I'm thinking about
> > turning on netflow on my border routers (7606's with Sup32's / full
> routes);
> > Think I'll see any issues from turning on the exports? Also,
> specifically,
> > we're looking to see the ability to generate reports for say, a /22, and
> the
> > amount of transfer for each host in the /22 that has entered / exited our
> > network at the border (MRTG on the switchports isn't going to cut it).
>
> As far as I know, netflow on the PFC3* cannot aggregate to /22 boundaries
> - so you'll get lots of flows for individual IPs, and need to aggregate
> in the collector machine.
>
> I wonder why you're aiming that way, though.
>
> Why am I saying this?  We have a very nice and shiny netflow based
> accounting and billing system - and it takes *quite* some effort to
> maintain, and to construct the network in ways to keep it working ("do
> not overload the netflow engine on *this* router, do not plug together
> those boxes *that* way, otherwise you'll get doubly-counted flows").
>
> So we're actually trying to get rid of IP address based billing - and
> move to "router interface based billing" (SNMP counters on SVI interfaces).
>
> This, if done right, scales pretty much unbounded - as opposed to netflow,
> which always hits some upper limit somewhere.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>                                                           //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>
>

More information about the cisco-nsp mailing list