Traffic Analysis
As I may have previously mentioned, I love traffic analysis reports. I have several locations where I grab information and a script that combines them and collates all the data for me on a monthly basis. One of the sites I get my data from is Internet2.
The data shown on the Internet2 backbone is vastly different in terms
of application percentages (less P2P for the most part). However, all
the other numbers line up with almost all other sources. Check this
out; 90% of all packets are between 1401 and 1500 bytes. Makes you
wonder what your test rig is set to? It also reminds me of our
conversation about IMIX, the description from CAIDA's
site again is: "IMIX derives from analysis of NLANR traces and is
tri-modal (e.g., 58% at 40 bytes, 18% at 576 bytes, and 23% at 1518
bytes)."
Netflow on Internet2 says 100 byte to 1400 byte packets are 9.15% and sub 100 byte is 0.46%, whereas IMIX is 18% at 576 bytes and 58% at 40 bytes. Again - why are people running IMIX? Crazy. After all, IMIX is based on real data, just like the data I'm provided, it's just I'm using current data. Unless your sending your device back in a time machine, I suggest you stop using IMIX.
My final point - how many applications are you testing - because Internet2 is a small backbone (in terms of users) yet according to the netflow data they have more than 40 applications running that they can measure.
P.S. 41.33% of the traffic is unidentifiable :) That's a big piece of data that's missing.
