[j-nsp] ip accounting

Hannes Gredler hannes at juniper.net
Fri Jan 13 10:47:00 EST 2006


tom199 at gmx.net wrote:
> Hi There,
> 
> We need the traffic usage for every IP inside
> our datacenter. The IP's are fixed for our clients. 
> We currently
> useing one /16 and three /18 and a few smaller 
> networks.
> 
> I saw the whitepaper from Juniper:
> http://www.juniper.net/solutions/literature/white_papers/200010.pdf

uhmm so the ghosts from the past are haunting again ;-)

--

i'd not recommend you to use 200K IP2 counters ... thats a scale
to big for the system ...

i guess the prime question is how accurate do you need your results ?
if statistical accuracy is enough then you could use sampling to
get your accounting data ...

> But they do not mention how well the filter based 
> accounting is scalling if we use 100.000 or 200.000 
> filters for small networks (/32)
> I also saw, that the whitepaper is from 2001. So there
> might be a smarter way for accounting in the meanwhile?
> 
> The second option we thought about is the ASM Module for
> the M7i. The ASII-PIC with the accounting licence is out 
> of budget.

thats a pity - b/c this is the recommended solution b/w
statistical sampling and counting;

> But we also have no idea, how well this will work, in
> an environment, with 100-200 k internal IP's and a traffic
> stream of about 1,7 Gbit to the internet and 500 MBit to the
> local datacenter.

that traffic volume would be ideal for traffic sampling ...

> (Traffic pattern is a mix of web services, mail, gameserver,
> VoIP, Custom Internet Appliactions aso) 
> 
> As far I can see out of the M7i docs, the performance of
> the ASM is limited. So we probably have to use sampling for
> this type of load. There is no problem, if we don't have the
> absolute byte values. But the error during the meassuerment
> should not be higher than 3% or 1 GByte, depending 
> whats higher.

thats aciheveable with sampling;

> If we use sampling, we may cope with the bandwith limits
> of the ASM. But there are also limits on the total amount
> of active flows, and the flow setup rate. I asume, that 
> sampling do not have a big advantage on this limits.  
> But I have no idea how many flows our traffic will generate.
> (I hope there are some guys out there with nice 
> real world figures on typical Internet mix) If we don't 
> count the bytes right in special situations like
> dos attacks with ugly traffic patterns - that would be
> ok.  


More information about the juniper-nsp mailing list