[j-nsp] Question on CFlowd
Hannes Gredler
hannes at juniper.net
Wed Dec 7 02:35:31 EST 2005
> What I do not understand is:
>
> 1) does max-packets-per-second limit the threshold of
> number of packet sampled by each switch fabric in one
> second?
correct - it limits the number of packets per-PFE block that
is sent to the RE - note that this is a software enforced
limit -> if the number of sampled packets is about to cross
the max-threshold ... the PFE S/W stops sending sample records
to the RE.
> 2) is the built-in limit 7000pps limit the single
> switch fabric sampling rate?
the 7000pps is the amount of traffic that can get DMAed
from the PFE hardware-block to the respective PFE's S-board.
this is a hardware restriction.
> if it is, does this mean the total output rate of 4
> switch fabric could be 28000pps?
correct - however a steady load of 28000 pps will likely max-out
your RE as it needs to envelope the sample records in
cflowd format and perform AS-{origin/peer} lookups
> 3) Isn't the 100Mbps hardware bandwidth the upper
> limit?
no 100MB in theory would be able to carry millions of
sample records per second .... practically speaking
the RE is the throttle because it performs the AS
(source/origin) insertion.
> 4) can i calculate the largest amount of traffic that
> could be monitored with one M160 box?
the more interesting question to most customers is if the
sampled data is accurate enough:
according to the center-limit theorem the standard-error-deviation
of the sampled set is not worse than the standard-error-deviation of the
base set if the sampled set is bigger or equal than SQRT(base set).
e.g. total input (= base set) over a minute is 120.000.000 packets
there is a configured sample rate of 1000 samples/s
which results in a sampled set of 60.000 packets per minute
SQRT(120.000.000) == 10954 <= 60.0000
--> you have got a statistical accurate result.
---
if you are interested in high-volume sampling i.e. > 10000 samples/s
i'd recommend buying an monitoring PIC, which removes a lot
of the restrictions of the RE-based sampling.
HTH,
/hannes
More information about the juniper-nsp
mailing list