Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!ncar!boulder!daemon
From: gfw@pueblo.att.com
Newsgroups: comp.dcom.sys.cisco
Subject: Re: Cisco IP accounting
Message-ID: <29445@boulder.Colorado.EDU>
Date: 8 Nov 90 20:40:07 GMT
Sender: daemon@boulder.Colorado.EDU
Lines: 29

I would like to second the sentiments of Vikas Aggarwal on providing
a mechanism to filter packets included in cisco's IP accounting table.
Actually, I would also like an extension to the mechanism provided
by the "access-list" mechanism.  The access-list would allow screening
on the basis of src and dst addresses, but the table would still
(probably) appear as host src, dst pairs.  This would definitely be
an improvement over the current situation, but not as useful as I would
like.  The extension I would propose would be a mechanism that allowed
aggregation of octet and packet counts based on some maskable portion
of the addresses.  For example, using a filter mask of 255.255.255.0
for a class C network, I could get an IP accounting entry that
reflected the total counts of all hosts on that network (rather
than for each host).

I realize that I could accumulate the host detail information to
obtain subnet-based totals.  The problem is (as Vikas pointed out)
there are simply too many (src, dst) pairs in a large internet for
that level of detail to be kept in the router's memory (and it fills
up too fast to be able to snarf and clear before you start losing
data in the "overflow" area).  By providing aggregation in the router
you reduce the overhead of constant polling and clearing, not to mention
the reduction in memory use and the potential for more accurate data
(less ending up in the overflow area).

Greg Wetzel	(708) 979-4782	G_F_Wetzel@att.com

AT&T Bell Laboratories (IH 1B-213)
2000 N. Naperville Road
Naperville, IL  60566