Access to the Internic Blocked

Who said host-to-host matrix? I have not needed that granularity for
finding traffic that's coming into our backbone at an ingress that it
should not traverse.

I think for the provider crowd, net traffic matrices and AS traffic
matrices are very useful and host matrices are too fine in terms of
granularity to be useful. Of course I said that here a while ago. It's
really up to the provider and it's just my opinion (because net and AS
traffic matrices been very useful to us).

It was fairly easy to get this kind of data from the NSS routers. The
Ciscos have the instrumentation to let you get this data as well.
Whether or not you can enable it on a particular box depends on whether
or not the box in question can handle it (not running out of CPU cycles
or memory). And of course you need a machine you can export to that
won't roll over and die (or just drop packets). I think in many cases,
it's really no problem to enable flow switching and export to a pretty
whimpy workstation. And for the very busy routers, flow switching in
and of itself is probably more likely to cause problems than the export
will cause for a modern workstation. At some point that may change (of
course that's the router vendor's issue).

I know that in our case, there are several points on the ANS backbone
where we can potentially enable flow switching and export the flow
stats. We haven't done that yet (because I'm still working w/ Cisco to
get the data), but it will probably happen at some point in the future.