190 likes | 320 Views
ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011). Cisco experiences of IP traffic flow measurement and billing with NetFlow. Benoit Claise, Distinguished Engineer, Cisco. What is NetFlow?. Collector. NetFlow Records export. Cache. Over UDP or SCTP.
E N D
ITU-T Workshop onIP Traffic Flow Measurement(Geneva, Switzerland, 24 March 2011) Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco
What is NetFlow? Collector NetFlow Records export Cache Over UDP or SCTP Traffic
What is NetFlow? • NetFlow is used for traffic monitoring, security analysis, capacity planning and billing • Billing is just a few % of our customers, mainly for charge back within enterprise network (not between service providers) • NetFlow = a exporting protocol: NetFlow v5, 7, 8, 9 (RFC3954), and IPFIX (RFC5101/RFC5102) • NetFlow v9 and IPFIX work with a template based mechanism • Advantage: extensibility, just need to add new Information Element • NetFlow = a metering process: Flexible NetFlow • Advantages: cache and export content flexibility • User selection of flow keys • User definition of the records
Layer 2 Source VLAN Dot1q VLAN Source MAC address Destination MAC address Flexible NetFlow: Potential Key Fields Dest VLAN Dot1q priority
Flexible NetFlow: Potential Key Fields Routing src or dest AS Peer AS Traffic Index Forwarding Status IGP Next Hop BGP Next Hop *: IPv4 Flow only
Flexible NetFlow: Potential Non-Key Fields • Plus any of the potential “key” fields: will be the value from the first packet in the flow (*) IPV4_TOTAL_LEN_MIN, IPV4_TOTAL_LEN_MAX (**)IP_LENGTH_TOTAL_MIN, IP_LENGTH_TOTAL_MAX
Performance • Limited Resources in Router • Don’t enable all flow keys • The routers still have to route packets
#Packets Nf Packet Size Standard Deviation σf Mean Packet Size µf Issue: Can we use Sampled NetFlow for billing? • Huge amount of data, must sometimes deal with sampled NetFlow, i.e. 1 out of N packets, depending on the platform • Packet Sampling for Flow Accounting: Challenges and Limitations, Tanja Zseby, Thomas Hirsch, Benoit Claise, PAM 2008 Estimation Accuracy (PLT_NZIX1, S24D00, Cisco, f=5%
Issue: Can we use Sampled NetFlow for billing? • Square sum of bytes available in Flexible NetFlow • Not used in practice, not even by the collectors! • Customers afraid of legal issues with sampling along with a billing service
Destination Sensitive Billing Proposal(many years ago) 1. BGP routing updates Forwarding Information Base Prefix Traffic-index E-BGP AS=196 traffic index = 1 traffic index = 1 traffic index = 1 traffic index = 2 prefix one prefix one prefix two ISP 1 $5.00 per 100 MB 2. Go through a table-map statement 3. table-map calls a route-map Customer 4. route-map’s criteria: if criteria 1 -> traffic-index = 1 AS 192 if criteria 2 -> traffic-index = 2 I-BGP E-BGP AS=193 Accounting ISP 2 $7.00 per 100 MB
BGP Policy Accounting Principles • Allows to classify packets based on • IP access lists, • BGP community list • to characterize the exit points, where each exit point would set an specific community • BGP AS paths
Issue: What about the Returning Packets? FTP Request • 100 MB back Who should pay for the 100 MB back? Destination Sensitive Billing requires also source lookup (Source Sensitive Billing) The Customer The ISP ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB
Issue: What about the Returning Packets? • Lookup: • On the outgoing packets(on the packets coming back) • On the source • Same selection criteria FTP Request • 100 MB back The Customer The ISP ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB
Issue: BGP Asymmetry Problem FTP Request 100 MB back The Customer in Europe Will charge the 10 Meg as if they were directly coming from the US!!! The ISP ISP 1 in Asia ISP 2 in US
Issue: BGP Asymmetry Problem The source lookup is based on the route the router would take to reach the source!
Too Many Issues • Destination Sensitive Billing requires Source Sensitive Billing • BGP asymmetry problem • Only the traffic following the BGP routes will be accounted • What if local policies outside of BGP? • Limited amount of buckets in the Destination Sensitive Billing • Doesn’t scale: too many entries • Performance issues • Entire NMS solution to be put in place
Destination Sensitive Billing • Conclusion/feedback from customers: • too many issues • not realistically deployable -> back to some sort of flat rate • Benoit’s concern: • If we bill per AS-PATH and each AS get a piece of the pie, people will create new AS and try to attract traffic • Bad for the internet performance
ITU-T Workshop onIP Traffic Flow Measurement(Geneva, Switzerland, 24 March 2011) Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco