I'm trying to understand what techniques/solutions are available to
Correct, and you can't generalize by assuming the traffic to by
symmetrical, as it isn't far more of the time than it is.
In my work, I've always looked at the entire AS-path on outbound traffic,
and done a weighted assignment of bytes-through to each AS in the path.
For inbound traffic, basically all you can do is look at the origin AS by
itself. The neighbor you receive it from isn't interesting, because
that's who you _currently_ receive it from, and the whole point of this
exercise is to determine who _else_ you could receive it from if you added
Josh Wepman and I talked about this in our tutorial on Sunday and
BOF on Monday, slides from which can be found here:
(Sorry for the "ppt" part). We realised after we had finished that
we forgot to put those URLs on the screen.
Our examples were based on measuring outbound traffic, bascially
counting packets and bytes per AS_PATH, as Bill mentioned.
Some analysis of inbound traffic seems like it should be possible,
but it is difficult to know how your model based on your particular
view of the BGP table will correspond with real life: for example,
you might be able to see a bunch of traffic sources that seem to
get at least some transit through a small set of ASes, which might
make those ASes good candidates for peering. However, just because
they get some transit that way doesn't mean they don't have other
transit too. Predicting traffic flow due to the policy of remote
networks you have no control over is a somewhat inexact science.
Questions of who to peer with are much easier to answer if your
traffic profile is weighted outbound away from your AS.