1 / 12

Flow-based Traffic Accounting at SWITCH

Simon Leinen Team Leader LAN, SWITCH. ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011). Flow-based Traffic Accounting at SWITCH. About SWITCH. National Research and Education Network (NREN) for Switzerland Provide Internet(1+2) to universities

phillipschristopher
Download Presentation

Flow-based Traffic Accounting at SWITCH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Simon Leinen Team Leader LAN, SWITCH ITU-T Workshop onIP Traffic Flow Measurement(Geneva, Switzerland, 24 March 2011) Flow-based Traffic Accounting at SWITCH

  2. About SWITCH National Research and Education Network (NREN) for Switzerland Provide Internet(1+2) to universities One of the first Swiss ISPs Fiber-based since 2001 Operates C/DWDM, routers, peerings Upstreams in Geneva and Zurich Peerings in Geneva, Zurich, Amsterdam Total ext. traffic levels: 10-20 Gb/s

  3. How SWITCH uses Netflow data Volume-based charging Traffic planning for peering & transit Security - early warnings, forensics To support research (ETHZ EE-CSG)

  4. Volume-based charging at SWITCH Principle mandated by foundation: Costs recovery must distribute charges according to costs caused! Implementation: Volume charges In addition to fee components based on: Access capacity Access type (redundant/non-redundant) Headcount Value-added services

  5. Volume Charges: First Attempt • Early model: count (using SNMP) bytes crossing SWITCHsite i/f • only in that direction - outbound is free! • Unwanted customer reactions: • Reduce cheap local traffic (e.g. USENET) • Build back-door connections between universities • Fear of new services such as multicast

  6. New model (since 1998) Only off-net traffic is charged Still inbound-only, i.e. Internetsite Research traffic (e.g GÉANT) exempt Transit & commercial peerings charged Initially: Only transatlantic traffic Other intricacies Nights (20-08 local) and weekends free IPv6 currently free to encourage use

  7. “Fluxoscope” Accounting System Consume (unsampled) flows from border routers Aggregate off-net flows online by: Customer ID Peer AS Application (guessed from ports etc.) Write statistics to files every 5 min Post-process offline (bills, graphs, …)

  8. Why Unsampled? Because our routers can do it Hardware Netflow implementation And they are bad at sampling Billing might work with sampling As long as sampling is random/unbiased We charge large aggregates Secondary applications are the problem! (security, research)

  9. Issue: Cost/Performance Performance of the underlying measurement even though our platform does Netflow "in hardware” too many flows  occasional acct. loss router CPU overworked with flow export Cost of processing data Servers, licenses, storage, operations

  10. Accounting Load @~22Gb/s • Flows/s processed by Fluxoscope jobs

  11. Issue: Where does value accrue? • No idea who initiated a connection • At SWITCH, we charge the receiver • Questionable because sender controls • “Information creates value for receiver” • Not applicable to e.g. commercial content providers

  12. Issue: Asymmetric Routing • On IXPs, not sure which neighbor AS traffic really came from • Netflow includes “source AS” (peer or origin), but these are derived from local router’s routing tables

More Related