Subject: Re: Resetting ip, icmp etc statistics
To: Steven M. Bellovin <email@example.com>
From: None <firstname.lastname@example.org>
Date: 03/31/2006 18:43:10
In message <email@example.com>,
"Steven M. Bellovin" writes:
>On Fri, 31 Mar 2006 17:55:06 -0800, firstname.lastname@example.org wrote:
>> And some folks find it objectionable. Next point?
>Let's look at it another way. People want the ability to issue some
>command at a certain point in time, then see what the deltas are in
>counters since that point. They also want to do it without installing
>things like snmp agents, partly because of complexity and partly
>because they (like I) may run some network tests in single-user mode.
>>From that perspective, either zeroing the counters or checkpointing
>them is reasonable. In general, I'm of the "give them enough rope"
>school of thought, but since checkpointing is strictly more powerful at
>only a slight increase in complexity (the need to specify an extra
>option when querying) it's probably the right solution.
I'm truly astonished if that needed to be spelled out so bluntly:
surely it was obvious in context? But (since you took the time):
thank you for expounding it so well --- even in a forum where the
exposition *should* be superfluous.
And for those who handwaved about counter overflow: we use 64-bit
counters. A 1.0Gbit/sec ethernet link sustains at most 123,000,000
bytes/sec. So a 1GbE link will therefore increment our 64-bit byte
counter by just under 1^27 per second. so we have roughly 2^37
seconds before overflow. ^At 86,400 sec/day, a giga-second is rounghy
11,574 days, call it 31 years. So in very rough terms, a 64-bit
counter on a gigabit link will overflow in roughly 128 gigaseconds, or
(very roughly) four thousand years? Hmmm, GDB says 123ULL * 1000 *
1000 will exceed (1ULL << 63) in 2,377 years. Close enough, seeing we
get all (2^64)-1) values.