Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.

Slides:



Advertisements
Similar presentations
Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Advertisements

Ch 20. Internet Protocol (IP) Internetworking PHY and data link layers operate locally.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.
Transmission Control Protocol (TCP) Basics
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
CP476 Internet Computing TCP/IP 1 Lecture 3. TCP / IP Objective: A in-step look at TCP/IP Purposes and operations Header specifications Implementations.
Network Layer Packet Forwarding IS250 Spring 2010
Chapter 5 The Network Layer.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Chapter 3 Review of Protocols And Packet Formats
ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.
4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.
Internet Protocol (IP)
1 ECE453 – Introduction to Computer Networks Lecture 12 – Network Layer (IV)
TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_a
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Review the key networking concepts –TCP/IP reference model –Ethernet –Switched Ethernet –IP, ARP –TCP –DNS.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
Internet 1) Internet basic concepts 2) The IP protocol stack 3) The IP datagram header (IPv4 and IPv6) 4) Addressing and routing 5) Example: downloading.
1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Network Layer4-1 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection RIP, OSPF, BGP IP protocol.
Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.
Network Layer4-1 Datagram networks r no call setup at network layer r routers: no state about end-to-end connections m no network-level concept of “connection”
Decoding an IP Header (1)
CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
Net Flow Network Protocol Presented By : Arslan Qamar.
Internet Protocol Version 4 VersionHeader Length Type of Service Total Length IdentificationFragment Offset Time to LiveProtocolHeader Checksum Source.
1 CSE 5346 Spring Network Simulator Project.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
A network primer (or refresher) Henning Schulzrinne (based on slides from Kurose/Ross)
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.
Introduction to Networks
Introduction To TCP/IP Networking Mr. Zeeshan Ali, Asst. Professor
Chapter 4 Network Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 CPSC 335 Data Communication.
Chapter 3 TCP and IP Chapter 3 TCP and IP.
Introduction to TCP/IP networking
Internet Protocol Formats
CS 457 – Lecture 10 Internetworking and IP
Internet Protocol (IP)
Network Core and QoS.
Wide Area Networks and Internet CT1403
Net 323 D: Networks Protocols
Chapter 15. Internet Protocol
Chapter 4 Network Layer Computer Networking: A Top Down Approach 5th edition. Jim Kurose, Keith Ross Addison-Wesley, April Network Layer.
Internet Protocol Formats
Network Architecture Models: Layered Communications
ITIS 6167/8167: Network and Information Security
32 bit destination IP address
Network Core and QoS.
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011)

Geneva, 24 March Abstract The first part of this talk focuses on the latest NetFlow development in Cisco, while the second part will share experience regarding the specific use case of usage based billing with NetFlow.

What is NetFlow? Cache Collector NetFlow Records export Over UDP or SCTP Traffic

What is NetFlow? NetFlow is used for traffic monitoring, security analysis, capacity planning and billing Billing is just a few % of our customers, mainly for charge back within enterprise network (not between service providers) NetFlow = a exporting protocol: NetFlow v5, 7, 8, 9 (RFC3954), and IPFIX (RFC5101/RFC5102) NetFlow v9 and IPFIX work with a template based mechanism Advantage: extensibility, just need to add new Information Element NetFlow = a metering process: Flexible NetFlow Advantages: cache and export content flexibility User selection of flow keys User definition of the records

Flexible NetFlow: Potential Key Fields IPv4 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) TTL Protocol Options bitmap Fragmentation Flags Version Fragmentation Offset Precedence IdentificationDSCP Header LengthTOS Total Length Interface Input Output Flow Sampler ID Direction Source MAC address Destination MAC address Dot1q VLAN Source VLAN Layer 2 IPv6 IP (Source or Destination) Payload Size Prefix (Source or Destination) Packet Section (Header) Mask (Source or Destination) Packet Section (Payload) Minimum-Mask (Source or Destination) DSCP ProtocolExtension Headers Traffic ClassHop-Limit Flow LabelLength Option HeaderNext-header Header LengthVersion Payload Length Dest VLAN Dot1q priority

Multicast Replication Factor* RPF Check Drop* Is-Multicast Flexible NetFlow: Potential Key Fields Input VRF Name BGP Next Hop IGP Next Hop src or dest AS Peer AS Traffic Index Forwarding Status Routing Transport Destination PortTCP Flag: ACK Source PortTCP Flag: CWR ICMP CodeTCP Flag: ECE ICMP TypeTCP Flag: FIN IGMP Type*TCP Flag: PSH TCP ACK NumberTCP Flag: RST TCP Header LengthTCP Flag: SYN TCP Sequence NumberTCP Flag: URG TCP Window-SizeUDP Message Length TCP Source PortUDP Source Port TCP Destination Port UDP Destination Port TCP Urgent Pointer Application Application ID* *: IPv4 Flow only

Flexible NetFlow: Potential Non-Key Fields Plus any of the potential key fields: will be the value from the first packet in the flow Counters Bytes Bytes Long Bytes Square Sum Bytes Square Sum Long Packets Packets Long Timestamp sysUpTime First Packet IPv4 Total Length Minimum (*) Total Length Maximum (*) TTL Minimum TTL Maximum (*) IPV4_TOTAL_LEN_MIN, IPV4_TOTAL_LEN_MAX (**)IP_LENGTH_TOTAL_MIN, IP_LENGTH_TOTAL_MAX IPv4 and IPv6 Total Length Minimum (**) Total Length Maximum (**)

Performance Limited Resources in Router Dont enable all flow keys The routers still have to route packets

NetFlow for Billing: Experience

Packet Size Standard Deviation σ f Mean Packet Size µ f #Packets N f Estimation Accuracy (PLT_NZIX1, S24D00, Cisco, f=5% Issue: Can we use Sampled NetFlow for billing? Huge amount of data, must sometimes deal with sampled NetFlow, i.e. 1 out of N packets, depending on the platform Packet Sampling for Flow Accounting: Challenges and LimitationsPacket Sampling for Flow Accounting: Challenges and Limitations, Tanja Zseby, Thomas Hirsch, Benoit Claise, PAM 2008

Issue: Can we use Sampled NetFlow for billing? Square sum of bytes available in Flexible NetFlow Not used in practice, not even by the collectors! Customers afraid of legal issues with sampling along with a billing service

AS=196 E-BGP ISP 1 $5.00 per 100 MB traffic index = 1 Prefix Traffic-index Forwarding Information Base prefix two traffic index = 2 prefix one traffic index = 1 Destination Sensitive Billing Proposal (many years ago) AS=193 Customer E-BGP AS 192 ISP 2 $7.00 per 100 MB 1. BGP routing updates 2. Go through a table-map statement 3. table-map calls a route-map 4. route-maps criteria: if criteria 1 -> traffic-index = 1 if criteria 2 -> traffic-index = 2 prefix one traffic index = 1 Accounting I-BGP

BGP Policy Accounting Principles Allows to classify packets based on IP access lists, BGP community list to characterize the exit points, where each exit point would set an specific community BGP AS paths

The ISP The Customer Issue: What about the Returning Packets? ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB FTP Request 100 MB back Who should pay for the 100 MB back? Destination Sensitive Billing requires also source lookup (Source Sensitive Billing) Who should pay for the 100 MB back? Destination Sensitive Billing requires also source lookup (Source Sensitive Billing)

The ISP The Customer Issue: What about the Returning Packets? ISP 1 $5.00 per 100 MB ISP 2 $7.00 per 100 MB FTP Request 100 MB back Lookup: On the outgoing packets (on the packets coming back) On the source Same selection criteria Lookup: On the outgoing packets (on the packets coming back) On the source Same selection criteria

The ISP The Customer in Europe Issue: BGP Asymmetry Problem ISP 1 in AsiaISP 2 in US FTP Request 100 MB back Will charge the 10 Meg as if they were directly coming from the US!!!

Issue: BGP Asymmetry Problem The source lookup is based on the route the router would take to reach the source!

Too Many Issues Destination Sensitive Billing requires Source Sensitive Billing BGP asymmetry problem Only the traffic following the BGP routes will be accounted What if local policies outside of BGP? Limited amount of buckets in the Destination Sensitive Billing Doesnt scale: too many entries Performance issues Entire NMS solution to be put in place

Destination Sensitive Billing Conclusion/feedback from customers: too many issues not realistically deployable -> back to some sort of flat rate Benoits concern: If we bill per AS-PATH and each AS get a piece of the pie, people will create new AS and try to attract traffic Bad for the internet performance

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011)