Tracking traffic usage at router or switch port?
NANOG Community, Typically where would you expect a service provider to monitor bandwidth usage on your circuits? On the physical switch port interface or on the vlan interface at the router? In some of the field testing I've been doing there can be a difference in the bandwidth usage on the vlan interface at the router vs the physical switch port. Is there any particular reason for using one vs the other? Is there an industry best practice for this? Thanks, Jason
I would monitor it wherever you would do traffic shaping/policing. If that happens on the CPE monitor it there. If the CPE is just all Layer2 back to a router or whatever and the router is doing rate limiting monitor it there. For circuits that run at wirespeed with no limits (10/100/1000/10k/etc) the same logic applies, just monitor the bandwidth where you would normally do the policing. *Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Wed, Jun 1, 2016 at 1:58 PM, Jason Lee <jason.m.lee@gmail.com> wrote:
NANOG Community,
Typically where would you expect a service provider to monitor bandwidth usage on your circuits? On the physical switch port interface or on the vlan interface at the router? In some of the field testing I've been doing there can be a difference in the bandwidth usage on the vlan interface at the router vs the physical switch port. Is there any particular reason for using one vs the other? Is there an industry best practice for this?
Thanks,
Jason
On Wed 2016-Jun-01 12:58:15 -0500, Jason Lee <jason.m.lee@gmail.com> wrote:
NANOG Community,
Typically where would you expect a service provider to monitor bandwidth usage on your circuits? On the physical switch port interface or on the vlan interface at the router? In some of the field testing I've been doing there can be a difference in the bandwidth usage on the vlan interface at the router vs the physical switch port. Is there any particular reason for using one vs the other? Is there an industry best practice for this?
How big of a difference? Full frame / L2 (@ switch) vs. L3 payload (@ router)?
Thanks,
Jason
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
The reason there can be a (small) difference between those two test points is encapsulation overhead. If the provider is counting traffic that is still in an MPLS envelope, it will count more bytes than it will after the traffic has been stripped down to just the Ethernet frame on the switch port. This isn’t a big deal for large packets, but for small packets, such as those used for streaming protocol (e.g., VoIP) the percentage of overhead can be as high as 15%. -mel
On Jun 1, 2016, at 10:58 AM, Jason Lee <jason.m.lee@gmail.com> wrote:
NANOG Community,
Typically where would you expect a service provider to monitor bandwidth usage on your circuits? On the physical switch port interface or on the vlan interface at the router? In some of the field testing I've been doing there can be a difference in the bandwidth usage on the vlan interface at the router vs the physical switch port. Is there any particular reason for using one vs the other? Is there an industry best practice for this?
Thanks,
Jason
On 1/Jun/16 19:58, Jason Lee wrote:
NANOG Community,
Typically where would you expect a service provider to monitor bandwidth usage on your circuits? On the physical switch port interface or on the vlan interface at the router? In some of the field testing I've been doing there can be a difference in the bandwidth usage on the vlan interface at the router vs the physical switch port. Is there any particular reason for using one vs the other? Is there an industry best practice for this?
We track both. Mark.
participants (5)
-
Hugo Slabbert
-
Jason Lee
-
Mark Tinka
-
Mel Beckman
-
Spencer Ryan