Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A Problem of Traffic Calculation

Hello dear colleagues,

There are a lot of different ways to account for traffic. I would be happy to know the most efficient, reliable and preferable way to account for traffic (e.g. Internet traffic in a local network).

- RADIUS accounting. Not very informative. Doesn't support traffic classification. Doesn't really work in real time. But (what is good) doesn't load networks.

- NetFlow accounting. Very informative. Allows real-time accounting, but loads network by great amount of NetFlow packets.

- IP-accounting. Very convenient. May be set in periodical mode. Allows real time accounting.

Please correct me if I'm wrong. Additions are also appreciated.

2 REPLIES
Blue

Re: A Problem of Traffic Calculation

all methods you mentioned above have their limitations. (netFlow being the best of your mentions)

you can also look towards an SNMP solution. requires an investment but they usually have much more functionality and reporting capability than some of the others mentioned.

SNMP packages could include, IPM (ciscoWorks successor), NetIQ, HP OpenView...more..

all of these packages have solutions for traffic accounting and reporting. (again, may not be terribly cheap depending on what your solution requires)

Re: A Problem of Traffic Calculation

It depends what do you want to see in the accounting data. NetFlow is indeed most informative way. To remedy problem with large amount of NetFlow packets you've mentioned, some newer IOS at least on some platforms support 'sampled NetFlow'.

IP accounting is of quite limited value because in many cases it will result in process switching, which penalises performance of the router.

I wouldn't put much hope into SNMP beyond collecting ifOctets & Co from interfaces because even with moderate traffic you will have either to poll very often or loose some info. Also SNMP is low-priority process on routers if I remember correct, so during high-load you may not have information why that load actually happened.

RADIUS accounting is limited to connections that were authenticated via RADIUS, that's mainly dial-up and all sort of DSL/PPPoE users.

If you only want to know how much traffic leaves and enters your network (so you can compare it with values on your ISP bill), polling ifOctets via SNMP should be fast and easy to implement. If you want to know how your network is being used, then use NetFlow. Or actually use both.

272
Views
0
Helpful
2
Replies
CreatePlease login to create content