Re: Access to the Internic Blocked
Daniel W. McRobb <dwm@ans.net> wrote:
1-2 million is not much. Even in the NSFNET days, I worked w/ 5-million-cell net matrices. All it takes is memory and some CPU.
1-2 _simultaneoulsy_, not over period of time. The 1-hr matrix would be two orders of magnitude bigger.
A typical 1 hour matrix is considerably smaller. Even a core router who carries 40,000 routes will not see anywhere near 40,000 * 40,000 cells in a one hour period, or even 2 million cells. Not in my experience. Even the NAP and MAE routers where I've collected this data have seen net matrices only on the order of (10^3) to (10^5) for a one hour period.
That's _host address_ matrix, not network address matrix. It is at least three orders of magnitude bigger.
Who said host-to-host matrix? I have not needed that granularity for finding traffic that's coming into our backbone at an ingress that it should not traverse. I think for the provider crowd, net traffic matrices and AS traffic matrices are very useful and host matrices are too fine in terms of granularity to be useful. Of course I said that here a while ago. It's really up to the provider and it's just my opinion (because net and AS traffic matrices been very useful to us). It was fairly easy to get this kind of data from the NSS routers. The Ciscos have the instrumentation to let you get this data as well. Whether or not you can enable it on a particular box depends on whether or not the box in question can handle it (not running out of CPU cycles or memory). And of course you need a machine you can export to that won't roll over and die (or just drop packets). I think in many cases, it's really no problem to enable flow switching and export to a pretty whimpy workstation. And for the very busy routers, flow switching in and of itself is probably more likely to cause problems than the export will cause for a modern workstation. At some point that may change (of course that's the router vendor's issue). I know that in our case, there are several points on the ANS backbone where we can potentially enable flow switching and export the flow stats. We haven't done that yet (because I'm still working w/ Cisco to get the data), but it will probably happen at some point in the future. Daniel ~~~~~~
participants (1)
-
Daniel W. McRobb