[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [wide-netman:00884] Re: Call for censensus on path forward



[ post by non-subscriber.  with the massive amount of spam, it is easy to
  miss and therefore delete mis-posts.  so fix subscription addresses! ]

Hi,

Network  Researchers trying to characterize high-speed network traffic- need to look at high resolution. Presently, one has to analyze tcpdump traffic(offline) for that purpose. As Glenn has also mentioned, once the traffic is averaged, the traffic pattern is distorted. (You never see the maximum value, only the value averaged over the polling interval.)

There is nothing hard and fast about 1 second (Glenn, am I right?) - it can be smaller if your network, application and systems can take it, and, if you are interested in seeing the peaks in your network traffic. But whatever the polling interval is - there is sense in fetching several MOs  as an aggregate - I see sense there. There is too much of overhead in the MO names in the SNMP PDUs.
 
Regards/
Ashir Ahmed

> -----Original Message-----
> From: Wijnen, Bert (Bert) [mailto:bwijnen@lucent.com]
> Sent: Saturday, September 21, 2002 9:01 PM
> To: Glenn Mansfield Keeni; eos@ops.ietf.org
> Cc: wide-netman@cysols.com
> Subject: [wide-netman:00884] Re: Call for censensus on path forward
> 
> 
> I would really like to hear from a few operators (or
> even NM application developers) if they indeed find it
> a requirement to do polling a 1-second-granularty.
> It does not sound realistic to me... but who is me?
> 
> Thanks,
> Bert 
> 
> > -----Original Message-----
> > From: Glenn Mansfield Keeni [mailto:glenn@cysols.com]
> > Sent: zaterdag 21 september 2002 13:19
> > To: eos@ops.ietf.org
> > Cc: wide-netman@cysols.com
> > Subject: Re: Call for censensus on path forward
> > 
> .. snip ..
> 
> > But then why do we need to look at traffic at 1 second intervals?
> > If we are managing a reasonably fast network, and doing serious
> > management - then we probably need to look at traffic at even
> > smaller intervals. I will cite just two of the instances that we
> > have actually encountered.
> > a. Traffic graphs for a Gigabit network polled at, say, 1 minute
> >     intervals are USELESS. What we end up seeing is the traffic
> >     averaged over a minute! One never sees that real traffic
> >     characteristics from these graphs. [Isn't there anyone out there
> >     monitoring a high speed network ? I would be interested to know
> >     how you do it.]
> > b. Our security applications need high resolution traffic 
> monitoring.
> >     There can be a sustained stealth DoS attack that is 
> disrupting the
> >     network and seriously degrading its performance (with short and
> >     sharp bursts traffic) yet not a flicker shows on the 
> > traffic graphs
> >     to tell about the attack i.e. if you are monitoring at 
> 5 minutes,
> >     1 minute or even several second intervals!
> > 
> > I would love to hear your comments.
> > 
> > Glenn
> > 
> > 
> > 
> > 
> 
>