|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Access to the Internic Blocked
Daniel W. McRobb <[email protected]> wrote: > Doing that at 10 kpps is not going to be a solution any time soon. >You're kidding, right? 10kpps has been doable (and done) for years. >Did you forget a zero or two? Hm. The existing boxes which can do 100kpps can't do accounting at that speed. Not in the real life. (Where have you seen a 1Mpps box which actually _works_?) >The vBNS folks are about to release an OC-3 header sniffer that runs on >a Pentium box. Rumor has it that it'll handle OC-12 as well. There's a >presentation of it on the USENIX agenda. Sniffing and logging are two very different things. > I would also wish you luck with logging SA/DA pairs at places like > .ICP.NET. where source/destination matrix is about 1-2 millon > entries long. >1-2 million is not much. Even in the NSFNET days, I worked w/ >5-million-cell net matrices. All it takes is memory and some CPU. 1-2 _simultaneoulsy_, not over period of time. The 1-hr matrix would be two orders of magnitude bigger. Anyway, it does not make any difference, as the box capable of logging at some speed N is going to cost about the same as a router of the same speed N (or more). I'm not sure logging worth it. >We're not sniffing a shared FDDI ring w/ these UNIX boxes. They get >data from the routers. What kind of routers? NSSes? You can't get that for ciscos, sorree... --vadim - - - - - - - - - - - - - - - - -
|