North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Alternative to NetFlow for Measuring Traffic flows

  • From: William B. Norton
  • Date: Mon Dec 16 23:43:41 2002

At 09:16 PM 12/16/2002 -0500, K. Scott Bethke wrote:
Impressive numbers but of course, slackers aside, if it was your connection
and resources wouldnt you want more accurate information than just a guess?
Yes, but I am also sympathetic to the challenges to ISPs in this economy, and the challenges with large networks where there are so many ingress/egress points that getting sampling in place is problematic. I hear from some Tier 1 ISPs that in some cases sampling is not available on the too new or too old NIC. In some cases there are simply too many points to measure, requiring too much disk, time, processing, etc. I heard stories of those that process the data monthly and do so at great expense, with the occasional crashes of the weekend jobs. Sometimes the quick and dirty approach is easier. Doing the research it was surprising to find how many of the largest ISPs in the world don't/can't do the detailed traffic analysis.


> Interesting idea. Comments?

Again it seems to iffy.  What if you get a short DOS when you shift an ASN..
how much of a chump will you look like when you need that peer to be 1gbps
and you hook up and its only pulling 2mpbs ?
Good point - another assumption (3) that the traffic is normal predictable sinusoidal pattern such that the peak for the target AS matches the peak of the rest of the traffic.

> The other approach some ISPs use is to set up a "trial" peering session,
> usually using a private cross connect to measure the traffic volume and
> relative traffic ratios. Then both side can get an idea of the traffic
> before engaging in a contractual Settlement-Free Peering relationship.

I like this one the best if I didnt have Netflow stat's... however  I doubt
everyone will allow this because of time, money, resources, security, etc.

Yes, the Empirical Approach is most accurate but, besides the cost of implementing the trial peering, there are examples of Tier 2 ISPs trying to game the trial with a Tier 1 ISP in order to obtain the peering relationship. I heard stories of some pretty wacky routing and traffic engineering in order to demonstrate during the trial that ratios and traffic volumes fell within a certain range. ( The "Art of Peering" documents a few of these tactics.) I can understand why the Tier 1's are hesitant to do the trial peering even when they don't have the data to refute the "peering worthiness".

I tend to look at peering as something you need to know when to do because
the data tells you so.  In this industry as it stands now why would you NOT
run netflow stats to give you this information?  all you are doing is
wasting more money paying for transit  that could be offloaded to peering.
Me too, but differentiate between Tier 1 and Tier 2 solely for the motives; Tier 2's want to peer broadly to reduce transit fees, while Tier 1's by definition don't pay transit fees to anyone.

And the flipside is also true..  why even worry about peering if you cant
get more than a meg or two max to each AS?
I have found peering to have additive value; a lot of 1-2 Mbps peering sessions can save as much money for you as a single large traffic peer. The more traffic, the stronger the case for peering.