[3884] in North American Network Operators' Group
Re: Access to the Internic Blocked
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Mon Aug 26 00:11:53 1996
Date: Sun, 25 Aug 1996 20:57:09 -0700
From: Vadim Antonov <avg@quake.net>
To: dwm@ans.net
Cc: curtis@ans.net, nanog@merit.edu
Daniel W. McRobb <dwm@ans.net> wrote:
> Doing that at 10 kpps is not going to be a solution any time soon.
>You're kidding, right? 10kpps has been doable (and done) for years.
>Did you forget a zero or two?
Hm. The existing boxes which can do 100kpps can't do accounting at that
speed. Not in the real life.
(Where have you seen a 1Mpps box which actually _works_?)
>The vBNS folks are about to release an OC-3 header sniffer that runs on
>a Pentium box. Rumor has it that it'll handle OC-12 as well. There's a
>presentation of it on the USENIX agenda.
Sniffing and logging are two very different things.
> I would also wish you luck with logging SA/DA pairs at places like
> .ICP.NET. where source/destination matrix is about 1-2 millon
> entries long.
>1-2 million is not much. Even in the NSFNET days, I worked w/
>5-million-cell net matrices. All it takes is memory and some CPU.
1-2 _simultaneoulsy_, not over period of time. The 1-hr matrix
would be two orders of magnitude bigger.
Anyway, it does not make any difference, as the box capable of
logging at some speed N is going to cost about the same as a
router of the same speed N (or more). I'm not sure logging worth it.
>We're not sniffing a shared FDDI ring w/ these UNIX boxes. They get
>data from the routers.
What kind of routers? NSSes? You can't get that for ciscos,
sorree...
--vadim
