Alternative to NetFlow for Measuring Traffic flows
Joe Wood
joew at accretive-networks.net
Tue Dec 17 04:53:08 UTC 2002
On Mon, 16 Dec 2002, Joe Abley wrote:
> I think the idea was to say "well, from the mrtg graph, the difference
> between this circuit with all my _9327_ traffic and this circuit
> without any _9327_ traffic, at what I might reasonably estimate their
> peak time to be, looks to be about 2 megs or so".
>
> It's a pretty crude measure, but it does have the advantage of
> requiring no more than mrtg and a route-map to set up.
It is also useful as a supplement to netflow statistics, as sort of a
verification to your flow data. Sometimes due to design, operating
conditions, etc netflow data is not always the most reliable and/or
meaningful.
As an example:
You run two main types of border router platforms. On one platform you
must sample netflow @ 1% due to performance limitations. On the other
platform there is no sampling functionality built into the software.
This creates an immediate skew of data, unless software is created to
sample the flows coming off the second platform.
Now take into account that your traffic is mainly outbound from your
network, which means that you need to ignore vendor best practice
and enable flow caching on your core (internal) facing interfaces to
measure the traffic flowing out of your network.
So, in order for you to get any kind of traffic statistics for a peer,
you've got to spend many hours distilling data manually, doing AS
aggregations, and create a possibly unstable networking environment.
No big deal, right?
It may be crude, but sometimes it can be the most reliable _available_
method to tell how much traffic is going to the ISP and ISP customers.
Joe
More information about the NANOG
mailing list