Hi,
It frightens me that you're sitting on 11Gb/s+ and
unable to utilize
existing toold to determine what is within profile
for your network and
what is not.
That what makes me think it's not possible to
determine "legal" traffic model by available tools.
The total BW keeps increasing, and network attack
keeps going on. We could estimate traffic scheme by
monitoring BW utilized, but it may has exhaust
customer's server resource when we consider those DoS
packet with our traffic scheme.
So, Arbor and alike may be useful to enterprise users,
but to ISPs its effectiveness is questionable.
I'm certain that you'll be contacted by many
commercial vendors who have
working profiling solutions.
I've discussed with some persons, they just disclame
but no demonstration and analysis.
Joe