1 / 19

Cisco experiences of IP traffic flow measurement and billing with NetFlow

ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011). Cisco experiences of IP traffic flow measurement and billing with NetFlow. Benoit Claise, Distinguished Engineer, Cisco. What is NetFlow?. Collector. NetFlow Records export. Cache. Over UDP or SCTP.

radwan
Download Presentation

Cisco experiences of IP traffic flow measurement and billing with NetFlow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITU-T Workshop onIP Traffic Flow Measurement(Geneva, Switzerland, 24 March 2011) Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco

  2. What is NetFlow? Collector NetFlow Records export Cache Over UDP or SCTP Traffic

  3. What is NetFlow? • NetFlow is used for traffic monitoring, security analysis, capacity planning and billing • Billing is just a few % of our customers, mainly for charge back within enterprise network (not between service providers) • NetFlow = a exporting protocol: NetFlow v5, 7, 8, 9 (RFC3954), and IPFIX (RFC5101/RFC5102) • NetFlow v9 and IPFIX work with a template based mechanism • Advantage: extensibility, just need to add new Information Element • NetFlow = a metering process: Flexible NetFlow • Advantages: cache and export content flexibility • User selection of flow keys • User definition of the records

  4. Layer 2 Source VLAN Dot1q VLAN Source MAC address Destination MAC address Flexible NetFlow: Potential Key Fields Dest VLAN Dot1q priority

  5. Flexible NetFlow: Potential Key Fields Routing src or dest AS Peer AS Traffic Index Forwarding Status IGP Next Hop BGP Next Hop *: IPv4 Flow only

  6. Flexible NetFlow: Potential Non-Key Fields • Plus any of the potential “key” fields: will be the value from the first packet in the flow (*) IPV4_TOTAL_LEN_MIN, IPV4_TOTAL_LEN_MAX (**)IP_LENGTH_TOTAL_MIN, IP_LENGTH_TOTAL_MAX

  7. Performance • Limited Resources in Router • Don’t enable all flow keys • The routers still have to route packets

  8. NetFlow for Billing: Experience

  9. #Packets Nf Packet Size Standard Deviation σf Mean Packet Size µf Issue: Can we use Sampled NetFlow for billing? • Huge amount of data, must sometimes deal with sampled NetFlow, i.e. 1 out of N packets, depending on the platform • Packet Sampling for Flow Accounting: Challenges and Limitations, Tanja Zseby, Thomas Hirsch, Benoit Claise, PAM 2008 Estimation Accuracy (PLT_NZIX1, S24D00, Cisco, f=5%

  10. Issue: Can we use Sampled NetFlow for billing? • Square sum of bytes available in Flexible NetFlow • Not used in practice, not even by the collectors! • Customers afraid of legal issues with sampling along with a billing service

  11. Destination Sensitive Billing Proposal(many years ago) 1. BGP routing updates Forwarding Information Base Prefix Traffic-index E-BGP AS=196 traffic index = 1 traffic index = 1 traffic index = 1 traffic index = 2 prefix one prefix one prefix two ISP 1 $5.00 per 100 MB 2. Go through a table-map statement 3. table-map calls a route-map Customer 4. route-map’s criteria: if criteria 1 -> traffic-index = 1 AS 192 if criteria 2 -> traffic-index = 2 I-BGP E-BGP AS=193 Accounting ISP 2 $7.00 per 100 MB

  12. BGP Policy Accounting Principles • Allows to classify packets based on • IP access lists, • BGP community list • to characterize the exit points, where each exit point would set an specific community • BGP AS paths

  13. Issue: What about the Returning Packets? FTP Request • 100 MB back Who should pay for the 100 MB back? Destination Sensitive Billing requires also source lookup (Source Sensitive Billing) The Customer The ISP ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB

  14. Issue: What about the Returning Packets? • Lookup: • On the outgoing packets(on the packets coming back) • On the source • Same selection criteria FTP Request • 100 MB back The Customer The ISP ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB

  15. Issue: BGP Asymmetry Problem FTP Request 100 MB back The Customer in Europe Will charge the 10 Meg as if they were directly coming from the US!!! The ISP ISP 1 in Asia ISP 2 in US

  16. Issue: BGP Asymmetry Problem The source lookup is based on the route the router would take to reach the source!

  17. Too Many Issues • Destination Sensitive Billing requires Source Sensitive Billing • BGP asymmetry problem • Only the traffic following the BGP routes will be accounted • What if local policies outside of BGP? • Limited amount of buckets in the Destination Sensitive Billing • Doesn’t scale: too many entries • Performance issues • Entire NMS solution to be put in place

  18. Destination Sensitive Billing • Conclusion/feedback from customers: • too many issues • not realistically deployable -> back to some sort of flat rate • Benoit’s concern: • If we bill per AS-PATH and each AS get a piece of the pie, people will create new AS and try to attract traffic • Bad for the internet performance

  19. ITU-T Workshop onIP Traffic Flow Measurement(Geneva, Switzerland, 24 March 2011) Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco

More Related