a potential ragator bug (or of course operator error :-))

[Peter Van Epp]

	We have two links, one commodity and one CA*net4/I2/etc. Due to policy
differences in the various research networks (and some local routing bugs :-))
some routes are asymetric. At present our two links are post processed in 
isolation but when looking for port scans it is interesting to know if the
scan got a reply (because if it didn't I don't much care unless it was one of 
my addresses scanning :-)) and with the links processed in isolation this can 
get lost on the asymetric routes (it looks like no response if the reply is on
the other link). The answer to that is to run both data streams through ragator 
which merges the two streams. What it doesn't appear to be doing (the "appear" 
is where operator error is a possiblily :-)) is setting the M flag to indicate 
multiple physical paths to indicate that route is asymetric in the merged 
record, it appears to pick one set of MACs and use those. It may be that this 
doesn't meet the definition of multiple physical paths (since traffic in any 
one direction always uses the same MACs just the path back uses different MACs).
So the question is is it possible to flag this condition somehow since I think
the information would be useful (or of course is it already being flagged 
somewheres that I haven't found, dumping the merged data in xml format doesn't
show anything obvious but I may just be blind).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada