[3405] in North American Network Operators' Group
Re: Ping flooding (fwd)
daemon@ATHENA.MIT.EDU (Curtis Villamizar)
Tue Jul 9 22:09:14 1996
To: Per Gregers Bilse <bilse@EU.net>
cc: "Daniel W. McRobb" <dwm@ans.net>, nanog@merit.edu
Reply-To: curtis@ans.net
In-reply-to: Your message of "Wed, 10 Jul 1996 01:55:22 +0200."
<199607092355.AA00621@jotun.EU.net>
Date: Tue, 09 Jul 1996 22:00:25 -0400
From: Curtis Villamizar <curtis@ans.net>
In message <199607092355.AA00621@jotun.EU.net>, Per Gregers Bilse writes:
>
> Yes ... but you shouldn't need anything special for that. We have
> been doing the same for a long time, using regular IP accounting on
> the edge routers, which is then summarised over a full routing table.
> The only discrepancies that occur are if changes in routing occur
> between the time of accounting and processing, but this tends not to
> be a problem.
What if the edge router is sitting at MaeEast or some other very busy
edge of your network. Knowing traffic patterns to/from the
interconnects is very useful for traffic engineering and neccesary if
the "attack" you want to trace back goes through an interconnect.
I may be wrong, but I was under the impression that flow switching
wasn't up for this and regular IP accounting is completely useless in
this particular case.
Curtis
