Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Access to the Internic Blocked

  • From: Vadim Antonov
  • Date: Mon Aug 26 00:21:04 1996

Daniel W. McRobb <> wrote:

> Doing that at 10 kpps is not going to be a solution any time soon.

>You're kidding, right?  10kpps has been doable (and done) for years.
>Did you forget a zero or two?

Hm.  The existing boxes which can do 100kpps can't do accounting at that
speed.  Not in the real life.

(Where have you seen a 1Mpps box which actually _works_?)

>The vBNS folks are about to release an OC-3 header sniffer that runs on
>a Pentium box.  Rumor has it that it'll handle OC-12 as well.  There's a
>presentation of it on the USENIX agenda.

Sniffing and logging are two very different things.

> I would also wish you luck with logging SA/DA pairs at places like
> .ICP.NET. where source/destination matrix is about 1-2 millon
> entries long.

>1-2 million is not much.  Even in the NSFNET days, I worked w/
>5-million-cell net matrices.  All it takes is memory and some CPU.

1-2 _simultaneoulsy_, not over period of time.  The 1-hr matrix
would be two orders of magnitude bigger.

Anyway, it does not make any difference, as the box capable of
logging at some speed N is going to cost about the same as a
router of the same speed N (or more).  I'm not sure logging worth it.

>We're not sniffing a shared FDDI ring w/ these UNIX boxes.  They get
>data from the routers.

What kind of routers?  NSSes?  You can't get that for ciscos,

- - - - - - - - - - - - - - - - -

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.