[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft on sampling techniques
Romascanu, Dan (Dan) wrote:
I just made them up. We could use any other value. I think this is a subjective
matter and I don't see any objective way of deciding what the right number
should be. Maybe there is an objective way of deciding if averaging over
30 seconds is too little, too much or just OK. It looks good to me, but those
30 seconds are also just a guess.
The default values of the sampling parameters should be safe. They
should ensure that the number of sampled packets is no more
of the packets carried by the link observed or that they do
not add up
to more than 0.01% of the link capacity. These constraints
over any 30 second time interval. A configuration of the sampling
function that samples no packets at all is safe.
Can you explain where these figures come from?
Actually I was thinking of something else. What I meant there is that if
someone decides to sample based on packets sizes so that large packets are
more likely to be sampled (because one 1500 byte packet matters more than
a 40 byte one), than the sampled packets should not add up to more than 0.1%
of the link capacity.
I understand that they are just default values. I also understand that we are talking about two different links - the link observed, where no more than one packet in 10,000 should be picked by the sampling process, and the link that exports the sampled information where no more than 1/10,000 additional bandwidth should be allowed for each filter on an observed link.
I believe that we do not need this in today's Internet. Sampling independent
of packet sizes should be good enough if packets are between 40 and 1500
bytes. However, in some distant future, when the say 64k or even larger packets
coexist with 40 byte packets, the statistical advantages of sampling based
on packet size might matter. However, I expect that nobody would implement
this for two reasons: 1) it's simpler to make the sampling decision without
looking at the packet header (as Baek-Young Choi pointed out to me) and 2)
it doesn't make that much of a difference, especially if the device has a
normal MTU on the link.
Should we legislate that sampling with probabilities based on packet sizes
is out of our scope?