Ping flooding (fwd)

Per Gregers Bilse bilse at
Wed Jul 10 14:24:53 UTC 1996

Is it just me, or are the ANS commandos after me?

I don't think further discussion of ways of generating stats are
terribly interesting.  Needs are often defined in terms of available
solutions, so you see a different need than I do.

As for achieving some useful end result, several roads lead to Rome,
or can be made to go there.  The essential issue is not if knob X
exists on box Y, but if there are enough knobs and instruments to let
you do what you need.  One thing we have found much more useful than
AS traffic matrices (which I have to admit has a certain trivia feel
about them, although I'm the one who made the stuff) is live, X-based
line load monitoring (humm; I made that too): each "interesting" (for
some value of interesting) line has several 20-minute histograms for
salient interface information, updated every 10 seconds, on one of
four monitors, right here behind me.  Some years ago, with lower
speed lines to small countries, we could even spot DNS loops; and
it allowed us to detect CU-SeeMe traffic storms instantly, when
that was a problem.

As noted, busy core routers are ill suited for collecting IP
accounting.  The fact that they may be border routers in BGP terms
doesn't make them any less core routers from a network perspective.
So you just have to rig things differently, then.

Other people have mentioned flow switching in Ciscos; and yes, we see
5-10% lower CPU as well.

------ ___                        --- Per G. Bilse, Mgr Network Operations Ctr
----- /     /  /   __   ___  _/_ ---- EUnet Communications Services B.V.
---- /---  /  /  /  /  /__/  /  ----- Singel 540, 1017 AZ Amsterdam, NL
--- /___  /__/  /  /  /__   /  ------ tel: +31 20 6233803, fax: +31 20 6224657
---                           ------- 24hr emergency number: +31 20 421 0865
--- Connecting Europe since 1982  ---  e-mail: bilse at

More information about the NANOG mailing list