ipacc summarises incoming IP traffic data based on a topology
map, indicating which IP addresses (and ranges) belong to what
chargeable networks, and grouping into topological areas.
(A network may include multiple address ranges; in this document, a
network is defined in terms of an administrative or billing entity, not
a technical one. An address or address range refers to
specific IP addresses.)
Charges are then assigned according which topological groups addresses in
the input data belong to. Groups may be nested.
ipacc is divided into three main components. These are the
collector, the charging program and the summary program. In addition
there is a supervisor process and route file generators
The supervisor process is launched when ipacc is first started up. It
ensures that the necessary collector processes are running (and
periodically checks that they are), and schedules the charging and
summarisation processes to run at the configured times. It also
performs housekeeping tasks such as removing stale data files, and
schedules data file generation as desired.
The collector processes gather traffic data in real time, and stores it
as flows in a temporary buffer, either from Cisco NetFlow data, or
derived from packet data read via the Berkeley Packet Filter (BPF) on a
BSD host.
The collection process can consult the defined topology to determine
whether to record a given flow at all, reducing the amount of data
collected, however collection processes do not read dynamic information,
so such configurations must be carefully crafted.
Note that Cisco accounting data is read directly by the charging
process, and does not have a real-time collector process.
The charge process is run frequently, e.g. every five minutes, and reads
from the collector's buffer, outputting charge records to files in a
data directory. This step greatly reduces the amount of data stored,
and provides near-real-time application of charging rules.
The charge process can read dynamic IP address assignments to apply
charge codes and topology information in near real time.
The summary process reads the collected and rated data and produces
output files suitable for passing to a mediation engine, or even to
produce human readable reports. The output can be further summarised
from the level of detail produced by the charging process, and multiple
summaries can be produced from the same data, at different frequencies.
The route file generation process periodically dumps routing information
from the local routing table, or a local or remote Cisco or Quagga
routing process, and uses this data to extract a list of network
prefixes (selecting on next hop address, routing type, next hop
interface or BGP path) to be included in the topology database.
In addition to the standard processing, various files can be generated
automatically and distributed around various co-operating ipacc
installations around the network. This sort of processing typically
involves running a user-written script, writing to standard output; the
run can be processed on a schedule, or when a specified file has been
modified.