Data collection methodology and NM paradigms part2

Outline Metering Positions: Where to Collect Data Records Network Element Versus End Device Collection Edge Versus Core Collection Embedded Versus External Device Collection Ingress Versus Egress Collection

Network Element Versus End Device Collection Network Element Collection End Device Collection Advantages Identifies network performance issues. Measures network-specific parameters, such as per traffic class (DSCP) or path-specific. Can be deployed without modifying end devices. Accurately measures the end user experience. Most realistic for application-specific monitoring. Disadvantages Indirectly measures the user experience. Performance impact at the network element. End-to-end results are provided without networkspecific measurements. Introduces end-device challenges, such as dealing with different operating systems, inconsistent configurations, and scalability. Intrusive on the desktop

Edge Versus Core Collection If you have a choice between edge and core collection, a good starting point is the business requirements, because they provide solid justification for selecting the appropriate technology afterwards

Edge Versus Core Collection Edge collection usage: If you want to deploy a usage-based billing system for a large, distributed network, chances are high that a collection only at the core devices might not be sufficient. If adjacent remote locations can communicate directly without passing through the core, edge collection is required.

Edge Versus Core Collection Core collection usage: in case of a traffic engineering application for the core network, the core is the only place to meter.

Edge Versus Core Collection Example from protocols: RMON information can be collected both at the core and at the edge. ART MIB separately measures the "flight time" of datagrams through the network and the server processing time and reports both values. This mandates the meter to be as close to the end devices as possible; therefore, place one ART MIB meter close to the server and the other one close to the users.

Embedded Versus External Device Collection Embedded Devices usage: A network operator needs to collect usage information for performance trend analysis, troubleshooting, and long-term planning. By leveraging integrated meters at network elements, the operator can deploy the metering quickly, without a massive rollout of dedicated metering devices and making use of existing NMS applications for configuration, software image management, and inventory management. If the application requires "BGP next hop" as a data type, this can be metered only by an internal agent at the network element.

Embedded Versus External Device Collection Another scenario is the metering of details, such as application response time, volume of traffic per application, and capturing packets for troubleshooting. In this case, the operator could use integrated RMON groups at network elements.

Embedded Versus External Device Collection Pros and cons of Embedded Devices: Advantages: fast and easy deployment Disadvantages: Additional resource consumption A network elements are not designed to collect a large number of accounting and performance records.

Embedded Versus External Device Collection Embedded Devices example: To balance resource consumption, Cisco routers implement only the RMON alarm and event groups (a group in this sense can be considered a subset of a MIB), whereas Cisco switches support the statistics and history groups in addition to the alarm and event groups

Embedded Versus External Device Collection External Devices usage: Due to the performance requirements of RMON and the ART MIB, a full deployment of both technologies is exclusive to dedicated RMON probes.

Embedded Versus External Device Collection External devices advantages: Dedicated devices are designed solely for network monitoring and can do so very efficiently, without other simultaneous processes interrupting the metering, such as routing, packet forwarding, and others. External devices offer troubleshooting flexibility of being connected to different devices at different locations, which is a cost-efficient way of troubleshooting.

Embedded Versus External Device Collection External devices can be connected directly to the network by using a splitter or TAP to insert the device into the active link.

Embedded Versus External Device Collection External device disadvantages: Limitations on external devices are the deployment overhead, if ubiquitous monitoring is required and the price of a large number of high-speed interfaces is metered, such as in a WAN environment where all links should be monitored directly

Embedded Versus External Device Collection Embedded Collection External Device Collection Advantages Leverages the existing infrastructure, including the management. Measures network element-specific parameters, such as BGP next hop. Includes the routing state in the metering, such as ACLs. Measures encrypted traffic if it terminates at the meter. Network element-independent deployment. Efficient collection, because the device was designed specifically for metering. Offloads management functionality from the network element. Disadvantages Performance impact at the network element. The architecture of the network element was not designed for metering purposes. Deployment and management costs and effort. Cannot monitor encrypted traffic.

Ingress Versus Egress Collection Ingress metering Ingress metering accounts for all incoming traffic before any packet operations are performed by the network element, such as ACLs ‘access control list’ , QoS marking, and policing

Ingress Versus Egress Collection Ingress metering usage: In a service provider environment, ingress traffic at the provider edge (PE) router is metered to identify the traffic volume a customer sends toward the carrier. These data records can be taken into account to check the allowed traffic peak and sustain rate toward the SP as well as for usage-based billing

Ingress Versus Egress Collection Egress metering Egress metering collects traffic that a device forwards after performing operations such as queuing, policing, and dropping; this can be used for traffic analysis and usage-based billing.

Ingress Versus Egress Collection From an end-to-end network perspective, the choice between ingress and egress collection is not too relevant, because the egress interface of one router is connected via a WAN or LAN link to the ingress interface of the next router.

Ingress Versus Egress Collection If you want to collect details at the egress interface of one router, and if a specific accounting feature is implemented as ingress only, you can usually collect it at the subsequent router's ingress interface.

Ingress Versus Egress Collection For the returning traffic, egress becomes ingress and ingress becomes egress

Ingress Versus Egress Collection

Ingress Versus Egress Collection Egress metering usage: If you only need to measure the traffic that is exchanged externally but do not want any local traffic collected, you would meter at the egress interface only. Note: you can also collect traffic from all nine ingress interfaces, but it is very likely that they also carry local traffic, which needs to be filtered afterwards.

abbreviations Abb. Meaning ACLs access control list PE provider edge DSCP Differentiated Services Code Point BGP Border Gateway Protocol