Access to the Internic Blocked

• Previous message (by thread): Access to the Internic Blocked
• Next message (by thread): Access to the Internic Blocked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Daniel W. McRobb <dwm at ans.net> wrote:
> 
> > >1-2 million is not much.  Even in the NSFNET days, I worked w/
> > >5-million-cell net matrices.  All it takes is memory and some CPU.
> > 
> > 1-2 _simultaneoulsy_, not over period of time.  The 1-hr matrix
> > would be two orders of magnitude bigger.
> 
> >A typical 1 hour matrix is considerably smaller.  Even a core router
> >who carries 40,000 routes will not see anywhere near 40,000 * 40,000
> >cells in a one hour period, or even 2 million cells.  Not in my
> >experience.  Even the NAP and MAE routers where I've collected this data
> >have seen net matrices only on the order of (10^3) to (10^5) for a one
> >hour period.
> 
> That's _host address_ matrix, not network address matrix.  It is at least
> three orders of magnitude bigger.

Who said host-to-host matrix?  I have not needed that granularity for
finding traffic that's coming into our backbone at an ingress that it
should not traverse.

I think for the provider crowd, net traffic matrices and AS traffic
matrices are very useful and host matrices are too fine in terms of
granularity to be useful.  Of course I said that here a while ago.  It's
really up to the provider and it's just my opinion (because net and AS
traffic matrices been very useful to us).

It was fairly easy to get this kind of data from the NSS routers.  The
Ciscos have the instrumentation to let you get this data as well.
Whether or not you can enable it on a particular box depends on whether
or not the box in question can handle it (not running out of CPU cycles
or memory).  And of course you need a machine you can export to that
won't roll over and die (or just drop packets).  I think in many cases,
it's really no problem to enable flow switching and export to a pretty
whimpy workstation.  And for the very busy routers, flow switching in
and of itself is probably more likely to cause problems than the export
will cause for a modern workstation.  At some point that may change (of
course that's the router vendor's issue).

I know that in our case, there are several points on the ANS backbone
where we can potentially enable flow switching and export the flow
stats.  We haven't done that yet (because I'm still working w/ Cisco to
get the data), but it will probably happen at some point in the future.

Daniel
~~~~~~

• Previous message (by thread): Access to the Internic Blocked
• Next message (by thread): Access to the Internic Blocked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]