North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Access to the Internic Blocked
- From: Vadim Antonov
- Date: Mon Aug 26 00:21:04 1996
Daniel W. McRobb <email@example.com> wrote:
> Doing that at 10 kpps is not going to be a solution any time soon.
>You're kidding, right? 10kpps has been doable (and done) for years.
>Did you forget a zero or two?
Hm. The existing boxes which can do 100kpps can't do accounting at that
speed. Not in the real life.
(Where have you seen a 1Mpps box which actually _works_?)
>The vBNS folks are about to release an OC-3 header sniffer that runs on
>a Pentium box. Rumor has it that it'll handle OC-12 as well. There's a
>presentation of it on the USENIX agenda.
Sniffing and logging are two very different things.
> I would also wish you luck with logging SA/DA pairs at places like
> .ICP.NET. where source/destination matrix is about 1-2 millon
> entries long.
>1-2 million is not much. Even in the NSFNET days, I worked w/
>5-million-cell net matrices. All it takes is memory and some CPU.
1-2 _simultaneoulsy_, not over period of time. The 1-hr matrix
would be two orders of magnitude bigger.
Anyway, it does not make any difference, as the box capable of
logging at some speed N is going to cost about the same as a
router of the same speed N (or more). I'm not sure logging worth it.
>We're not sniffing a shared FDDI ring w/ these UNIX boxes. They get
>data from the routers.
What kind of routers? NSSes? You can't get that for ciscos,
- - - - - - - - - - - - - - - - -