Alternative to NetFlow for Measuring Traffic flows
William B. Norton
wbn at equinix.com
Tue Dec 17 04:39:56 UTC 2002
At 09:16 PM 12/16/2002 -0500, K. Scott Bethke wrote:
>Impressive numbers but of course, slackers aside, if it was your connection
>and resources wouldnt you want more accurate information than just a guess?
Yes, but I am also sympathetic to the challenges to ISPs in this economy,
and the challenges with large networks where there are so many
ingress/egress points that getting sampling in place is problematic. I hear
from some Tier 1 ISPs that in some cases sampling is not available on the
too new or too old NIC. In some cases there are simply too many points to
measure, requiring too much disk, time, processing, etc. I heard stories of
those that process the data monthly and do so at great expense, with the
occasional crashes of the weekend jobs. Sometimes the quick and dirty
approach is easier. Doing the research it was surprising to find how many
of the largest ISPs in the world don't/can't do the detailed traffic analysis.
> > Interesting idea. Comments?
>Again it seems to iffy. What if you get a short DOS when you shift an ASN..
>how much of a chump will you look like when you need that peer to be 1gbps
>and you hook up and its only pulling 2mpbs ?
Good point - another assumption (3) that the traffic is normal predictable
sinusoidal pattern such that the peak for the target AS matches the peak of
the rest of the traffic.
> > The other approach some ISPs use is to set up a "trial" peering session,
> > usually using a private cross connect to measure the traffic volume and
> > relative traffic ratios. Then both side can get an idea of the traffic
> > before engaging in a contractual Settlement-Free Peering relationship.
>I like this one the best if I didnt have Netflow stat's... however I doubt
>everyone will allow this because of time, money, resources, security, etc.
Yes, the Empirical Approach is most accurate but, besides the cost of
implementing the trial peering, there are examples of Tier 2 ISPs trying to
game the trial with a Tier 1 ISP in order to obtain the peering
relationship. I heard stories of some pretty wacky routing and traffic
engineering in order to demonstrate during the trial that ratios and
traffic volumes fell within a certain range. ( The "Art of Peering"
documents a few of these tactics.) I can understand why the Tier 1's are
hesitant to do the trial peering even when they don't have the data to
refute the "peering worthiness".
>I tend to look at peering as something you need to know when to do because
>the data tells you so. In this industry as it stands now why would you NOT
>run netflow stats to give you this information? all you are doing is
>wasting more money paying for transit that could be offloaded to peering.
Me too, but differentiate between Tier 1 and Tier 2 solely for the motives;
Tier 2's want to peer broadly to reduce transit fees, while Tier 1's by
definition don't pay transit fees to anyone.
>And the flipside is also true.. why even worry about peering if you cant
>get more than a meg or two max to each AS?
I have found peering to have additive value; a lot of 1-2 Mbps peering
sessions can save as much money for you as a single large traffic peer. The
more traffic, the stronger the case for peering.
More information about the NANOG