Re: IPv6 traffic percentages?

[Job Snijders <job () instituut net>]

On Thu, Jan 21, 2016 at 11:00:46PM +0900, Randy Bush wrote:
> > We know the GPS coordinates for each BGP next-hop in the network, and
> > traffic is sampled on ingress at the edge of the network and reported
> > to pmacct (*flow), which also receives a RR-style BGP feed for
> > correlation.
> >
> > We can know where (geographically) a packet enters the network, where
> > it leaves the network and to what address family it belongs.
>
> i have only seen pmacct used for aggregated flow/traffic.  you actually
> know where each packet enters and leaves?

No, not each individual packet. That's too much data.

(Taking into consideration that anything reported through flowbased
telemetry to the pmacct instances is heavily sampled)

You can configure pmacct to specify on which properties of the received
flow data it should aggregate its output data, one could configure
pmacct to store data using the following primitives:

    ($timeperiod, $entrypoint_router_id, $bgp_nexthop, $packet_count)

Where $timeperiod is something like 5 minute ranges, and the post
processing software calculates the distance between the entrypoint
router and where the flow would leave the network ($bgp_nexthop).

See 'aggregate' on http://wiki.pmacct.net/OfficialConfigKeys

In short: you configure pmacct to throw away everything you don't need
(maybe after some light pre-processing), and hope that what remains is
small enough to fit in your cluster and at the same time offers enough
insight to answer the question you set out to resolve.

Kind regards,

Job