Technical Summary
For internetworking devices that perform routing or switching as
their primary function, the likely reduction in traffic-handling
capacity when traffic monitoring is active continues to be a relevant
question many years after it was first asked ("What happens when you
turn-on Netflow?").
This document provides a methodology and framework for quantifying
the performance impact of monitoring of IP flows on a network device
and export of this information to a collector. It identifies the rate
at which the IP flows are created, expired, and successfully exported
as a new performance metric in combination with traditional
throughput. The metric is only applicable to the devices compliant
with the Architecture for IP Flow Information Export [RFC5470].
The methods are applicable to both internetworking devices that
forward traffic and other devices that simply monitor traffic with
non-intrusive access to transmission facilities.
The Forwarding Plane and Monitoring Plane represent two separate
functional blocks, each with its own performance capability. The
Forwarding Plane handles user data packets and is fully characterised
by the metrics defined by [RFC2544].
The Monitoring Plane handles Flows which reflect the analysed
traffic. The metric for Monitoring Plane performance is Flow Export
Rate, and the benchmark is the Flow Monitoring Throughput.
Working Group Summary
Quite a few bmwg participants and ipfix participants have given this a look
and now concur with the results.
Examples of Test Implementation and Results were presented
during development, which is compelling evidence of practicality.
There were WGLCs yielding long lists of comments/issues to deal with,
and this was finally accomplished. It took several WGLCs before this version
reached consensus (with a few minor editorial changes).
Document Quality
All would agree that Paul Aitken provided very careful and complete
reviews throughout the development process; he left no stone unturned.
Personnel
Al Morton is shepherd.