Ip flow accounting

  • is there any midrange juniper/netscreen firewall around that will allow me to do traffic accounting per ip. i dont need a full log of the traffic, just the bite size would be nice since accounting per interface on either firewall or switch is too inaccurate.

    or would i need a router for this ? if so is there any recommendations for around 5mbits traffic reaching peaks of up to 100mbits.

    thank you

  • the Problem I have is that I cannot use snmp based traps for each Virtual Machine.

    Every user of these VMs has full root permission so bascially he can simply shut down his snmp daemon and the whole traffic accounting idea is gone.

    I need a central Way i.e. my Firewall to do this accounting. Currently we are not using any own routers so my only chance is the gateway towards the ISP Router which would be my new Netscreen.

    Currently I am using iptables, but I dont want to add rules on 40 Machines, I need a central location, i.e. a pair of active/passive clustered Netscreen25

    Thank You

    • Chris

  • If you want to make this kind of accounting I wouldn’t use a firewall for that, but I would use a open-source traffic-monitoring server for that with RRD or MRTG and snmp-traps on every machine which you wanna read out. Thats the most accurate solution for this. Anyway you can still hide your VM’s behind a firewall and read out the snmp-traps from the trusted network.

    We use this solution at work to and its very effective and accurate.

    Here’s some links :


    Lots more to find via google, but i’m sure you know you’re way around …

    Hope this helps.

  • no I want to export the Traffic Data Accounted by the Netscreen Device to import it into a mysql Database.

    CVS would be one option for me, since i doubt Netscreen is able to import straight into mysql.

    Kind Regards

    • Chris

  • You mean, the possibility of your VM’s using cvs ?

  • thank you very much.

    basically I want to buy a Netscreen25 and use it to protect and account my Xen Based Virtual Machines.

    What export Methods do I have from the netscreen itself ? is cvs possible ? can I poll it somehow ?

    Any links are welcome.

    Thanks in Advance

    • Chris

  • Any Netscreen device can do that for you, per ip , even per service depending what policy you would take.

    • make a policy with specific ip’s (source or destination, depends what you want actually ) or make one for specific service. You can even combine them …
    • turn on accounting on that policy
    • read out counting graphs afterwards …

    Standard features on the Netscreens actually.

    Hope this helps.