Re: Nanog list uncharacteristically quiet?

15 Dec 1996

...
On Sat, 14 Dec 1996, Mike Leber wrote:
|} Has anybody collected stream duration data?  What does the distribution
|} look like?  98% of streams last how long?  (I bet less than 5 minutes) 
|} I think something like this was brought up at the Ann Arbor NANOG.
What are you calling a 'stream' ?  People are starting to collect flow
data in quite a few places with some interesting results.
-jh-
we've been running netflow for a few weeks now.  we dont' have all 
the data collection working yet and havent' done any real analysis 
yet but in case anyone is interested in a single viewpoint from our 
backbone, here's a snapshot of the netflow cache on our core router 
in san jose:

core1.sjc1#sh ip ca f
IP packet size distribution (219413380  total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  
448  480
   .000 .388 .040 .014 .017 .014 .023 .013 .030 .026 .014 .010 .004 
.004 .004

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .044 .003 .143 .000 .102 .097 .000 .000 .000 .000 .000

IP Flow Switching Cache, 22757 active, 42779 inactive, 9734878 added
  0 flows exported, 0 not exported, 0 export msgs sent
  5 cur max hash, 13 worst max hash, 20773 valid buckets
  0 flow alloc failures
  statistics cleared 36123 seconds ago

Protocol         Total  Flows   Packets Bytes  Packets Active(Sec) 
Idle(Sec)
--------         Flows   /Sec     /Flow  /Pkt     /Sec     /Flow     
/Flow
TCP-Telnet       15886    0.4       159    78     70.1      97.7      
44.3
TCP-FTP         175819    4.8         6    72     31.0       6.1      
45.9
TCP-FTPD         34862    0.9       280   591    270.4      82.3      
44.7
TCP-WWW        5135690  142.1        20   391   2848.3      12.3      
45.9
TCP-SMTP        179682    4.9        18   178     94.0       7.1      
45.8
TCP-X              838    0.0       157   127      3.6      86.3      
45.4
TCP-BGP           4298    0.1        90   113     10.7     322.8      
39.4
TCP-Frag           679    0.0        19   733      0.3      22.0      
45.2
TCP-other       399609   11.0       181   411   2008.3      65.7      
44.9
UDP-DNS        2411976   66.7         5   132    339.2      14.9      
45.5
UDP-NTP         164740    4.5         2    76      9.4       1.2      
45.9
UDP-TFTP             2    0.0         2    69      0.0       0.0      
59.8
UDP-Frag            42    0.0      2747   173      3.1     436.4      
35.7
UDP-other       759665   21.0        22   227    466.6       7.5      
45.5
ICMP            429570   11.8         7    88     93.3      19.8      
44.7
IGMP                85    0.0      1707   102      4.0    1670.4      
 6.2
IPINIP             370    0.0        13   114      0.1      55.0      
45.1
GRE                119    0.0       245   139      0.8    1810.6      
 4.0
IP-other          1490    0.0        31   123      1.2      64.0      
43.9
Total:         9715422  268.9        23   365   6256.0      15.3      
45.7

  web flows obviously beat the pants off of most everything else (big 
surprise).  it seems odd to me that idle seconds/flow are pretty much 
equal regardless of the protocol.  bytes/packet is under 500 
(average) for just about all protocols.  lots of tiny packets 
floating around.

-brett

Re: Nanog list uncharacteristically quiet?

Brett D. Watson