Using AS Matrices for Capacity Planning

John Hawkinson, BBN Planet
Daniel McRobb, ANS

Table of Contents

• Stan Barber's Notes
• October 1996 NANOG Home Page

Stan Barber's Notes

Flowswitching

• Using Netflow does have some performance impact.
• Data comes from the routing cache, not the actual routing table
• There is also a bug in the Cisco that will output /32 addresses.
• For more information, check http://www.nlanr.net/NA.

Flow-Export

Port plots are interesting to look at. HTTP (port 80) is the most dominant protocol. Some protocols (like NFS) have large packet sizes.

Matrices

These can be very useful in determining where and with whom to create private exchanges.Net matrices are very useful for security event tracking and SYN hunting

Software

• http://engr.ans.net/cflowd
• ftp://engr.ans.net/pub/cflowd
• ftp://ftp.bbnplanet/pub/cflowd