[c-nsp] Usage Billing w/ Netflow / Implementation Pitfalls
Joe Loiacono
jloiacon at csc.com
Wed May 21 10:12:07 EDT 2008
Just some local implementation statistics:
Number of exporters: 23
Gigabytes netflow/day: 6Gbytes
Busy router: 1 Gbyte/day
Avg router: 300 Mbytes/day
Total netflow bandwidth to collector: 2Mbps peak; <1Mbps average
Collector hardware:
PowerEdge SC1430 Dual Core Intel. Xeon. 5120; 1066MHZ
4GB 667MHz (2X2GB)
SAMSUNG SpinPoint T Series HD501LJ 500GB 7200 RPM SATA
3.0Gb/s Hard Drive
(total about $1500)
Typical 'crank' times (web response times) depends on specified filter:
FlowViewer top-talkers, 1 hour, avg router: 2 seconds
FlowGrapher typical, 1 hour, avg router: 1 second
FlowViewer top-talkers, 1 hour, busy router: 6 seconds
FlowGrapher typical, 1 hour, busy router: 8 seconds
FlowViewer top-talkers, 24 hours, avg router: ~15 seconds
FlowGrapher typical, 24 hours, avg router: ~15 seconds
I would put your routers in the average category (above) for comparison.
So two months of average router would be about 20-30 Gbytes. If you have a
6500 and you collect intra-VLAN it could be more.
Joe
cisco-nsp-bounces at puck.nether.net wrote on 05/20/2008 08:39:56 PM:
>
> What kind of machine do you need to store the netflow data? Assuming
> pulling data from a couple routers with a 400-500mbps average
> bandwidth.
> How much CPU power to you nee to grind through the data and how much
> drive space do you need to handle a couple months of data?
>
>
> On May 20, 2008, at 5:15 PM, Phil Bedard wrote:
>
> > Using Netflow for billing works fine, as long as the traffic is a
> > manageable level, hardware resources are there, and things are setup
> > correctly such that you aren't double-counting, etc. If the amount
> > of data you are dealing with is on the small side it works really
> > well, when you are pushing Gb/s through the router, not so well.
> >
> > Some have mentioned flow-tracker as a tool you could use to aggregate
> > per subnet, it works well. You can also setup reports using flow-
> > report? that is included in the flow-tools package. While it only
> > runs on Windows, Solarwind's Orion Traffic Analyzer will generate
> > reports based on groups of IP addresses.
> >
> >
> > Phil
> >
> >
> > On May 20, 2008, at 2:03 PM, Chris Riling wrote:
> >
> >> Hi All,
> >>
> >> I know this has been asked thousands of times before, but I
> >> don't think
> >> anyone has ever answered it in quite the same fasion. I'm thinking
> >> about
> >> turning on netflow on my border routers (7606's with Sup32's / full
> >> routes);
> >> Think I'll see any issues from turning on the exports? Also,
> >> specifically,
> >> we're looking to see the ability to generate reports for say, a /22,
> >> and the
> >> amount of transfer for each host in the /22 that has entered /
> >> exited our
> >> network at the border (MRTG on the switchports isn't going to cut
> >> it). I've
> >> heard that a lot of people use ntop for this sort of thing, but in
> >> the demo
> >> I wasn't able to find anything that did exactly this, and I wanted to
> >> consult the list before turning on Netflow at the border routers
> >> anyway.
> >> I've also heard of people using stager for the report generation;
> >> can stager
> >> do the same sort of thing?
> >>
> >> Thanks,
> >> Chris
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list