Hi Oliver, On Oct 26, 2006, at 3:33 PM, Oliver Hookins wrote: > I've done a bit more looking around and found the following > interesting bits > of information. From http://www.sflow.org/about/index.php : > > "Usage accounting for billing and charge-back" > > which seems to suggest 100% accurate representation of bandwidth > consumption, if used for billing. But then in > http://www.sflow.org/sflow_version_5.txt : > > "Packet Flow Sampling: Packet Flow Sampling refers to the random > selection of a fraction of the Packet Flows observed at a Data > Source." > > which suggests exactly what you are saying - it only samples a > fraction of > the actual traffic. But then later in the same page: > > "Sampling Rate: The Sampling Rate specifies the ratio of packets > observed at the Data Source to the samples generated. For > example a > sampling rate of 100 specifies that, on average, 1 sample will be > generated for every 100 packets observed."
You can read more about the accuracy here: http://www.sflow.org/ packetSamplingBasics/index.htm It is still statistics, so in the end you will never have a 100% accurate result. > So it seems indeed if you set the sampling rate to be 1, it would > sample > every single packet. In theory, but the devices (at least the ones I know) are not able to do that. If the sampling is done by the CPU you see the load going up already with reasonable sampling rates. Of course this all depends on the actual framrate going over your network. On a Foundry BigIron 15k the CPU is busy with 100% when you try to set the rate to 2 (1 is not possible). On Foundry RX(8|16) you cannot even choose a sampling rate lower then 512. > To be honest I can't understand why sampling a fraction > of the packets would be useful at all, apart from gleaning a rough > understanding of the relationship between the flows. However this > fractional > sampling leads to data loss and as I mentioned in my first post, the > backchannel with a very small fraction of the total traffic was not > reported > at all. Sampling might be useful in environments with a lot of traffic. At some point you are not able to look at every packet anymore. That's why NetFlow is not able to monitor traffic from >= 1GE ports. With sampling you get at least a rough idea about the traffic flowing over your network, and it's also able to do that on eg. 10GE ports. Cheers -- Elisa Jasinska - AMS-IX NOC http://www.ams-ix.net _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
