Hi all, Imagine you have a number of GE and 10GE interfaces spread across multiple MX-class Juniper routers, and for each interface you want to maintain an accurate count of bytes sent, categorised by destination address. There is no layer-2 aggregation going on beyond the router, so no opportunity to create span ports on which to measure over on the side. Using optical splitters on each and every router interface and listening on the side using dedicated sniffers is an option, although it means tangles of fibre and potentially lots of sniffer boxes with lots of interfaces. I don't necessarily need a free or tremendously cheap solution, although it's always nice not to have to spend money. What are better approaches? Off-list would be fine if people have experience of this kind of thing; I can summarise if there is interest. Joe
On Mar 12, 2013, at 8:25 PM, Joe Abley wrote:
What are better approaches?
Flow telemetry. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Tue, Mar 12, 2013 at 9:53 AM, Joe Abley <jabley@hopcount.ca> wrote:
On 2013-03-12, at 09:30, "Dobbins, Roland" <rdobbins@arbor.net> wrote:
On Mar 12, 2013, at 8:25 PM, Joe Abley wrote:
What are better approaches?
Flow telemetry.
Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC?
probably.. depending on how much traffic you actually get the DPC/FPC -> RE path is limited.
On 3/12/13 10:18 AM, Christopher Morrow wrote:
On 2013-03-12, at 09:30, "Dobbins, Roland" <rdobbins@arbor.net> wrote:
On Mar 12, 2013, at 8:25 PM, Joe Abley wrote:
What are better approaches? Flow telemetry. Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC?
On Tue, Mar 12, 2013 at 9:53 AM, Joe Abley <jabley@hopcount.ca> wrote: probably.. depending on how much traffic you actually get the DPC/FPC -> RE path is limited.
"Specify the threshold traffic value by using themax-packets-per-secondstatement. The value is the maximum number of packets to be sampled, beyond which the sampling mechanism begins dropping packets. The range is 0 through 65,535. A value of 0 instructs the Packet Forwarding Engine not to sample any packets. The default value is 1000."
On 3/12/2013 8:53 AM, Joe Abley wrote:
Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC? Joe
If you use MPC/trio with appropriate licensing, you might be able to hit 1:1 with ipfix. They were still working on IPv6 and other features when I looked a year ago, but the trio ipfix maximums outclassed the MS-DPC by a lot. Jack
On Mar 12, 2013, at 8:53 PM, Joe Abley wrote:
Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC?
I'm not a Juniper person, so I'm not sure; note however that a) MS-DPC is necessary for NetFlow v9 (which is required for IPv6, for example), and b) sampled NetFlow (i.e., not 1:1, but higher ratios) is widely used and accepted in the industry. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
I guess if you are only counting bytes is possible to use firewall filters with counters? I guess it depends on how many match conditions vs lookup time are acceptable? Sent from some sort of iDevice. On 13/03/2013, at 2:18 AM, "Dobbins, Roland" <rdobbins@arbor.net> wrote:
On Mar 12, 2013, at 8:53 PM, Joe Abley wrote:
Can you use cflow/jflow/ipfix exports with 1:1 sampling on an MX480 without an MS-DPC?
I'm not a Juniper person, so I'm not sure; note however that a) MS-DPC is necessary for NetFlow v9 (which is required for IPv6, for example), and b) sampled NetFlow (i.e., not 1:1, but higher ratios) is widely used and accepted in the industry.
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
On Tue, 12 Mar 2013 09:25:29 -0400, Joe Abley said:
Imagine you have a number of GE and 10GE interfaces spread across multiple MX-class Juniper routers, and for each interface you want to maintain an accurate count of bytes sent, categorised by destination address.
An important question that may impact possible solutions - exactly how accurate does it have to be?
On 2013-03-12, at 10:32, Valdis.Kletnieks@vt.edu wrote:
On Tue, 12 Mar 2013 09:25:29 -0400, Joe Abley said:
Imagine you have a number of GE and 10GE interfaces spread across multiple MX-class Juniper routers, and for each interface you want to maintain an accurate count of bytes sent, categorised by destination address.
An important question that may impact possible solutions - exactly how accurate does it have to be?
Ideally I'd count every byte, and any deficiencies in the data would be due to unplanned outage rather than systematic short-cutting. Sampling 1 in 10 packets and multiplying the observed byte count by 10 might be better than nothing, though. Off-list, someone suggested DCU ("destination class accounting"), but that's limited to 126 classes of counters; another parameter I forgot to mention at the beginning is that there are thousands of destination addresses reached through each of these interfaces, and I'm looking for accounting by destination address, so 126 isn't going to cut it. Joe
participants (7)
-
Christopher Morrow
-
Dobbins, Roland
-
Jack Bates
-
Joe Abley
-
joel jaeggli
-
Mark Tees
-
Valdis.Kletnieks@vt.edu