Alternative to NetFlow for Measuring Traffic flows

William B. Norton wbn at equinix.com
Tue Dec 17 04:39:56 UTC 2002


At 09:16 PM 12/16/2002 -0500, K. Scott Bethke wrote:
>Impressive numbers but of course, slackers aside, if it was your connection
>and resources wouldnt you want more accurate information than just a guess?

Yes, but I am also sympathetic to the challenges to ISPs in this economy, 
and the challenges with large networks where there are so many 
ingress/egress points that getting sampling in place is problematic. I hear 
from some Tier 1 ISPs that in some cases sampling is not available on the 
too new or too old NIC. In some cases there are simply too many points to 
measure, requiring too much disk, time, processing, etc. I heard stories of 
those that process the data monthly and do so at great expense, with the 
occasional crashes of the weekend jobs. Sometimes the quick and dirty 
approach is easier. Doing the research it was surprising to find how many 
of the largest ISPs in the world don't/can't do the detailed traffic analysis.

<snip>

> > Interesting idea. Comments?
>
>Again it seems to iffy.  What if you get a short DOS when you shift an ASN..
>how much of a chump will you look like when you need that peer to be 1gbps
>and you hook up and its only pulling 2mpbs ?

Good point - another assumption (3) that the traffic is normal predictable 
sinusoidal pattern such that the peak for the target AS matches the peak of 
the rest of the traffic.


> > The other approach some ISPs use is to set up a "trial" peering session,
> > usually using a private cross connect to measure the traffic volume and
> > relative traffic ratios. Then both side can get an idea of the traffic
> > before engaging in a contractual Settlement-Free Peering relationship.
>
>I like this one the best if I didnt have Netflow stat's... however  I doubt
>everyone will allow this because of time, money, resources, security, etc.


Yes, the Empirical Approach is most accurate but, besides the cost of 
implementing the trial peering, there are examples of Tier 2 ISPs trying to 
game the trial with a Tier 1 ISP in order to obtain the peering 
relationship. I heard stories of some pretty wacky routing and traffic 
engineering in order to demonstrate during the trial that ratios and 
traffic volumes fell within a certain range. ( The "Art of Peering" 
documents a few of these tactics.) I can understand why the Tier 1's are 
hesitant to do the trial peering even when they don't have the data to 
refute the "peering worthiness".

>I tend to look at peering as something you need to know when to do because
>the data tells you so.  In this industry as it stands now why would you NOT
>run netflow stats to give you this information?  all you are doing is
>wasting more money paying for transit  that could be offloaded to peering.

Me too, but differentiate between Tier 1 and Tier 2 solely for the motives; 
Tier 2's want to peer broadly to reduce transit fees, while Tier 1's by 
definition don't pay transit fees to anyone.


>And the flipside is also true..  why even worry about peering if you cant
>get more than a meg or two max to each AS?

I have found peering to have additive value; a lot of 1-2 Mbps peering 
sessions can save as much money for you as a single large traffic peer. The 
more traffic, the stronger the case for peering.

Bill






More information about the NANOG mailing list