On the Accuracy and Overhead of Cisco Sampled NetFlow
暂无分享,去创建一个
Traffic measurement and monitoring are an important first step for network management and traffic engineering. With high-speed Internet backbone links, efficient and effective packet sampling are not only desirable, but also increasingly becoming a necessity. The Sampled NetFlow [10] is a Cisco router’s traffic measurement functionality with static packet sampling for high speed links. Since the utility of sampling depends on the accuracy and economy of measurement, it is important to understand sampling error and measurement overhead. In this paper, we first discuss fundamental limitations of sampling techniques used in the Sampled NetFlow. We assess the accuracy of the Sampled NetFlow by comparing its output with complete packet traces [8] from an operational router. We also show the overheads involved in the Sampled NetFlow. We find that the Sampled NetFlow performs correctly without incurring dramatic overhead during our experiments. However, a care should be taken in its use, since the overhead is linearly proportional to the number of flows recored.
[1] Anja Feldmann,et al. NetFlow: information loss or win? , 2002, IMW '02.
[2] D. Berry,et al. Statistics: Theory and Methods , 1990 .
[3] Andreas Karlsson,et al. Elementary Survey Sampling , 2007, Technometrics.
[4] Zhi-Li Zhang,et al. Adaptive packet sampling for accurate and scalable flow measurement , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..
[5] Leopold Schmetterer,et al. Elementary Sampling Theory , 1974 .