Editor's Note: I was in the other bof, so
both Kent and Michael
took notes at my request. I was not sure that both would be able to do this
and I am delighted that both did. Both sets of notes are presented here.
My thanks to both of them.
Stan Barber
This was one of two BOF tracks. Stan Barber took notes on the other track and not having perfected the art of being in two places at once he asked for a volunteer to record this track :-)
Daniel has been analyzing AS-based traffic matrices from flow export on various Ciscos over the past 3 months or so. The data is collected using cflowd and there is Return to the top of the page.
AS Matrices from flow-export from experimental images from cisco http://engr.ans.net/cflowd
The Good News
Showed plot of mae-east ans data in Mbps/sec over 5 min intervals by dest ASN most of traffic is to AOL
Showed plot of mae-east ans data in Mbps/sec over half hour interval by dest ASN
yet another plot of mae-east data over 5 min interval by dest ASN
a plot of mae-east data by source ASN
These plots allow problem isolation by identifing traffic loss by ASN. You can detect circuit outages, reconfig problems, routing problems. You can detect illegal traffic that should not be coming in.
Showed plot of data by source AS where AS=0 dominates. (Evidence of a cisco problem with prefix caching that needs fixing.)
The Bad News
AS 0 is overloaded due to prefix cache misses. Ambiguities need to be removed by cisco. Traffic from flow-export is very bursty. The export algorithm needs to be more net friendly.
Advice
use flow-export to find ingress of "bad traffic". (eg, SYN floods) there are issues with source/dest AS tuple (no full AS path)
cflowd future features
Architectures supported (written using autoconf for portability)
Your Input
There was some discussion of volume of traffic of export data, which is highly variable due to configuration choices.
Return to the top of the page.