Does anyone know of a tool like Cflowd which will capture Netflow Type 7 stats? The only one I know of is the commercial product from Cisco; any advice would be greatly appreciated. ----------------------------------------------------------- Roland Dobbins <rdobbins@netmore.net> // 818.535.5024 voice -----Original Message----- From: Alex [mailto:alex@nac.net] Sent: Wednesday, July 26, 2000 8:23 AM To: David M. Ramsey Cc: nanog@merit.edu Subject: Re: bw usage? On Wed, 26 Jul 2000, David M. Ramsey wrote:
For now I've cobbled together some crude software to regularly read SNMP port byte in/out counters from our switches, stashing the deltas in a DB for later reporting/analysis.
We do about the same thing, but we store absolute byte counts, relative byte counts from the last measurement, and figure the kb/s; we also store AdminStatus and OperStatus for SLA purposes.
I'm concerned that the data is misleading, though, in that it will include LAN broadcast traffic. Also, customers end up paying for other bandwidth that they did not want or induce, like network scans, etc. (tough luck?).
Exactly, tough. If they use the bandwidth, then they should pay for the bandwidth.
We've considered implementing unique customer VLANS to separate customer broadcast domains, but it seems like that'd be a pain, would eat up IP addresses, and possibly tax our routers with all of the ISL/VLAN stuff?
We do that; it's unwise to have everyone on the same VLAN, as some others have demonstrated.
Usually you don't want type 7, you want type 5. Let cflowd et al have the full data. Type 7 the router has done aggregation for you. Good for reducing overall data rate to the flow capture system but bad for seeing what's going on in your network. ----- Original Message ----- From: <rdobbins@netmore.net> To: <nanog@merit.edu> Sent: Wednesday, July 26, 2000 12:11 PM Subject: Netflow Type 7 (was RE: bw usage?)
Does anyone know of a tool like Cflowd which will capture Netflow Type 7 stats? The only one I know of is the commercial product from Cisco; any advice would be greatly appreciated.
----------------------------------------------------------- Roland Dobbins <rdobbins@netmore.net> // 818.535.5024 voice
-----Original Message----- From: Alex [mailto:alex@nac.net] Sent: Wednesday, July 26, 2000 8:23 AM To: David M. Ramsey Cc: nanog@merit.edu Subject: Re: bw usage?
On Wed, 26 Jul 2000, David M. Ramsey wrote:
For now I've cobbled together some crude software to regularly read SNMP port byte in/out counters from our switches, stashing the deltas in a DB for later reporting/analysis.
We do about the same thing, but we store absolute byte counts, relative byte counts from the last measurement, and figure the kb/s; we also store AdminStatus and OperStatus for SLA purposes.
I'm concerned that the data is misleading, though, in that it will include LAN broadcast traffic. Also, customers end up paying for other bandwidth that they did not want or induce, like network scans, etc. (tough luck?).
Exactly, tough. If they use the bandwidth, then they should pay for the bandwidth.
We've considered implementing unique customer VLANS to separate customer broadcast domains, but it seems like that'd be a pain, would eat up IP addresses, and possibly tax our routers with all of the ISL/VLAN stuff?
We do that; it's unwise to have everyone on the same VLAN, as some others have demonstrated.
participants (2)
-
Dana Hudes
-
rdobbins@netmore.net