[unisog] Quota system based on netflows

Jonathan Glass jonathan.glass at oit.gatech.edu
Tue Jan 30 16:03:38 GMT 2007


Valdis.Kletnieks at vt.edu wrote:
> On Mon, 29 Jan 2007 12:41:48 CST, Joe Bazeley said:
>> We're looking to implement a bandwidth-limiting system for our
>> residential users, something on the order of "if you use more than X
>> gigs in a 24 hour period we'll put a bandwidth cap on your connection
>> until the time period resets". 
> 
> You'd be better off using something that polls the switches every N seconds/minutes
> and counts the per-port packets/bytes sent (assuming SNMP-managed infrastructure).
> 
> That greatly lowers your data processing requirements (at our site, we see
> on the order of 7-8 *gigabytes* of netflow data per day, while SNMP traffic
> for 30K ports every 5 minutes is a *lot* less to deal with....).
> 
> Just remember to set N low enough to avoid counter wrap-around issues :)
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

Just as an aside, we capture an average of 18GB a day of Netflow.  I'd
hate to have to process all that and make policy decisions in real time.

-- 
Jonathan Glass, RHCE, MCP    Information Security Engineer III
OIT Information Security       Georgia Institute of Technology
Atlanta, Georgia 30332-0700          Office/Cell: 404-385-6900
Key ID: 0xAB50FF20     Size: 2048 Bits     Created: 11/17/2004
Fingerprint: 3CD2 1BC6 4485 720B AB45 FF3E 8B3B D6F5 AB50 FF20


More information about the unisog mailing list