[j-nsp] ip accounting

tom199 at gmx.net tom199 at gmx.net
Fri Jan 13 06:43:14 EST 2006


Hi There,

does anyone have some experience with 
ip accounting on junipers ?

I saw so far two ways, it could be handled,
but we do not have any experience how well 
this setup is performing/scaling on bigger
networks and higher volumes.

We need the traffic usage for every IP inside
our datacenter. The IP's are fixed for our clients. 
We currently
useing one /16 and three /18 and a few smaller 
networks.

I saw the whitepaper from Juniper:
http://www.juniper.net/solutions/literature/white_papers/200010.pdf

But they do not mention how well the filter based 
accounting is scalling if we use 100.000 or 200.000 
filters for small networks (/32)
I also saw, that the whitepaper is from 2001. So there
might be a smarter way for accounting in the meanwhile?

The second option we thought about is the ASM Module for
the M7i. The ASII-PIC with the accounting licence is out 
of budget.

But we also have no idea, how well this will work, in
an environment, with 100-200 k internal IP's and a traffic
stream of about 1,7 Gbit to the internet and 500 MBit to the
local datacenter.
(Traffic pattern is a mix of web services, mail, gameserver,
VoIP, Custom Internet Appliactions aso) 

As far I can see out of the M7i docs, the performance of
the ASM is limited. So we probably have to use sampling for
this type of load. There is no problem, if we don't have the
absolute byte values. But the error during the meassuerment
should not be higher than 3% or 1 GByte, depending 
whats higher.
If we use sampling, we may cope with the bandwith limits
of the ASM. But there are also limits on the total amount
of active flows, and the flow setup rate. I asume, that 
sampling do not have a big advantage on this limits.  
But I have no idea how many flows our traffic will generate.
(I hope there are some guys out there with nice 
real world figures on typical Internet mix) If we don't 
count the bytes right in special situations like
dos attacks with ugly traffic patterns - that would be
ok.  
  
Another option we are currently thinking about, is to do
the accounting not on the juniper side. I saw that foundry
has sflow implemented in the newer boxes, which might do 
the job. But we don't made the decission for using foundry
on the underlying l2 backbone. If we will use huawai, they 
dont have any features for accounting. But the decission
for the 10G l2 equippment isn't done so far. So it would be 
nice to handle the accounting on the juniper side.

Please share your experience on IP-accounting with me :)

Thanks
Tom.

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++


More information about the juniper-nsp mailing list