[AusNOG] User-Aware Netflow
Mark Newton
newton at atdot.dotat.org
Mon Mar 31 14:21:53 EST 2014
On Mar 28, 2014, at 8:31 AM, Scott O'Brien <scott at scottyob.com> wrote:
> Yeah. User attribution and classification of traffic. I wonder how the ISP's do it with their "unmetered" content. Must be something similar??
Radius start and stop records provide a timestamped series of allocate/release events which map username to IP address.
Netflow records have timestamps and IPs.
Measure netflow on the router between your unmetered walled garden and the rest of the world. Consume radius to map destination IP address to username. Walk through the netflow records, translate flows into negative bytecounts to be applied to each username’s total bytecount in the billing system.
Pretty much any ISP with a unmetered walled garden has done this already.
- mark
More information about the AusNOG
mailing list