[unisog] Quota system based on netflows

Jonathan Glass jonathan.glass at oit.gatech.edu
Tue Jan 30 16:03:38 GMT 2007

Valdis.Kletnieks at vt.edu wrote:
> On Mon, 29 Jan 2007 12:41:48 CST, Joe Bazeley said:
>> We're looking to implement a bandwidth-limiting system for our
>> residential users, something on the order of "if you use more than X
>> gigs in a 24 hour period we'll put a bandwidth cap on your connection
>> until the time period resets". 
> You'd be better off using something that polls the switches every N seconds/minutes
> and counts the per-port packets/bytes sent (assuming SNMP-managed infrastructure).
> That greatly lowers your data processing requirements (at our site, we see
> on the order of 7-8 *gigabytes* of netflow data per day, while SNMP traffic
> for 30K ports every 5 minutes is a *lot* less to deal with....).
> Just remember to set N low enough to avoid counter wrap-around issues :)
> ------------------------------------------------------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

Just as an aside, we capture an average of 18GB a day of Netflow.  I'd
hate to have to process all that and make policy decisions in real time.

Jonathan Glass, RHCE, MCP    Information Security Engineer III
OIT Information Security       Georgia Institute of Technology
Atlanta, Georgia 30332-0700          Office/Cell: 404-385-6900
Key ID: 0xAB50FF20     Size: 2048 Bits     Created: 11/17/2004
Fingerprint: 3CD2 1BC6 4485 720B AB45 FF3E 8B3B D6F5 AB50 FF20

More information about the unisog mailing list