[AusNOG] Cisco ASR1001-x netflow

Mark Newton newton at atdot.dotat.org
Wed Jun 21 15:55:56 EST 2017 

Remember that the 7200 was a software platform, a veritable swiss army 
chainsaw of routers.

Most of the rest of the Cisco service provider products only provide 
features which are capable of being hardware accelerated.

The ASR1k is mostly a software platform, but not totally. So yeah, you 
get a feature reduction.

Happily, as you've observed, it's a pretty good LNS.

My strong suggestion would be to give up on per-subscriber netflow.

IOS-XE platforms support QoS policy accounting via Radius. That means 
you can set up QoS classifiers and get a bytecount reported in per-user 
radius accounting attributes for traffic which matches them.

Much easier to do traffic accounting that way. Scalable, accurate, and 
there's no chance of missing data if your collector happens to be 
offline for a while.

Note that you don't have to do any queuing, shaping or policing, mere 
classification is sufficient to get bytecounts.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-xe-3s-book/qos-plcshp-pol-actg.html

A common example:

1. Define an ACL which has unmetered content sources as source addresses 
and "any any" as destination addresses.

2. Define a class-map which matches the ACL.

3. Define a policy-map which cites the class-map.

4. Make arrangements in Radius to cause the policy-map to be attached as 
an outbound service policy on subscriber virtual-access interfaces.

With the feature enabled, you'll get two Radius Accounting-Request 
updates per interim accounting interval, one for the session as a whole 
and one for the service policy. You can do some simple arithmetic in 
your billing system to subtract the unmetered class bytecount from the 
session bytecount to get a billable answer; and you can present metered 
and unmetered traffic separately on your customer toolbox webpages.

You can also define separate IPv4 and IPv6 ACLs associated with separate 
classes on the same policy-map to accomplish unmetered dual-stack.

You can do the config dynamically with subscriber templates, but that 
comes with some limitations you don't see if you define static policy maps.

There are config examples at the bottom of the URL cited above.

    - mark


On 06/21/2017 12:30 PM, michael.bethune at australiaonline.net.au wrote:
> Hi All,
>
> Looking at the ASR1001-x it looks to be a decent LNS.
> On the other hand, significant features seem to have been removed
> as compared to the old 7200s, presumably to unburden the interfaces and
> maximise performance.
>
> I can't for the life of me work out how to get Netflow reported for 
> individual
> PPP subscribers. The virtual access interfaces have been retired in 
> favour of
> sub-interfaces and the Virtual Templates don't like being configured 
> for netflow.
>
> Any thoughts would be appreciated.
>
> Regards
>
> Michael Bethune
> Australia On Line
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list