Transcript UNSW - QUESTnet

Internet Traffic Management and
Accounting at UNSW
David Rees
Senior Network Engineer
About UNSW
Around 40,000 students & 5,000 staff
Main campus at Kensington in Sydney’s
Eastern Suburbs of Sydney); some small
campuses within Sydney and several
small WAN sites around NSW
Several affiliated organisations such as
NIDA, Garvan Institute, CCIA, Victor
Change Cardiac Research Institute,
NewSouth Global, Private Colleges etc
UNSW’s Network
2 x /16 IPv4 subnets
(no NAT)
90,000 unique devices
Redundant 10Gb/s
links to AARNet &
Internet (since Feb
2009)
Data centres, most
buildings and large
WAN sites connected
Download Stats
Downloaded 747.2TB in 2010 (267.2TB
metered), peaking at 1.72Gb/s
Mostly web traffic, not much R&E traffic
Wireless Network (UniWide)
Upgraded wireless network in late 2007 and
we decided to make it free with no quotas
(subject to acceptable use policies)
Much of growth in metered downloads can
be attributed to the free, unlimited wireless
network: wireless currently responsible for
over half of Internet downloads
No free wireless coverage in student
accommodation areas
Copyright Infringement
Receive around 1 or 2 copyright infringement notices per
week, mostly for students on wireless network
Penalties for network abuse include loss of access to the
wireless network for up to one session; a formal
disciplinary letter from the University and a fine of up to
$1,000
Content Filtering
We have the capability to filter web traffic
using Blue Coat proxies but we don’t filter
any traffic apart from shaping of P2P traffic
on the wireless
Decision taken at executive level not to filter
anything
Content filtering goes against the University
ethos and there would be a large outcry if
we did
Network Charging Models
Student accommodation on campus (colleges) pay roughly
$3 per GB for downloads (all traffic metered)
Affiliated organisations (NIDA, Garvan Institute etc) are
billed quarterly using a cost-recovery model which is
based on a combination of connection charges ($42 per
unique MAC address) and Internet downloads (off-net
traffic only but off-peak is metered)
Centrally funded faculties and business units are not
charged but all network segments/VLANs are still
measured as if they were, using the same billing system
as the affiliated organisations
Wireless network is free
UniWeb College Per-User
Billing
The student accommodation networks use
the ‘UniWeb’ per-user billing system
Pre-paid service based on Cisco Service
Selection Gateway (SSG) integrated with
a captive web portal for authentication
Cost is approx $3 per GB downloaded
The system was setup around 8 years ago
and hasn’t really been touched since
(same Sun server & same router still
chugging along!)
Centurion IP Billing
Network billing system for Affiliates is a 9 year old homegrown solution built by guys that left in 2003
Combination of connection charges and traffic charges
gathered for every segment/VLAN on the network and
then billed quarterly
Only external customers/Affiliates are actually billed; vast
majority is paid for centrally out of the Comms budget.
System comprises basically three servers; one server for
collecting data for the connection charges, one server for
collecting data for the traffic charges and one server that
runs the main database and reporting
Centurion IP Billing (cont.)
Connection charges are based on the number of unique
MAC addresses seen on a segment; as measured by a
PERL script that runs every hour to grab the MAC
address and ARP tables from key network devices
Traffic charges are based on Netflow records from the
primary border router. An attempt is made to only charge
for off-net traffic but the list of on-net routes hasn’t been
updated since 2003 and off-peak traffic is also metered
Each quarter, a report is run which combines the data from
the connection and traffic collectors and, where
appropriate, bills are sent out to the owners of each
network segment.
Future
We have Cisco SCE’s which are currently
just monitoring Internet traffic and shaping
P2P on wireless
We purchased TSA’s CAAB solution for
telephony billing so we’ll probably buy the
IP billing module for that and integrate it
with the SCE’s to replace the college peruser billing system and implement quotas
Low priority until the old systems break
Challenges
Old billing systems are unmaintained, poorly documented
and nobody really understands how they work
Recently had to rewrite the MAC address collector to use
SNMP instead of Expect scripts so we could implement
AAA on network devices
Ambiguous ‘ownership’ of legacy billing systems between
Operations and Finance.
May not be worth replacing the old billing systems if
AARNet Excess charges go away and the proportion of
metered traffic continues to fall
Off-Net Subscription Usage