[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft on sampling techniques

Romascanu, Dan (Dan) wrote:
The default values of the sampling parameters should be safe. They 
should ensure that the number of sampled packets is no more 
than 0.01% 
of the packets carried by the link observed or that they do 
not add up 
to more than 0.01% of the link capacity. These constraints 
should hold 
over any 30 second time interval. A configuration of the sampling 
function that samples no packets at all is safe.



Can you explain where these figures come from? 
I just made them up. We could use any other value. I think this is a subjective matter and I don't see any objective way of deciding what the right number should be. Maybe there is an objective way of deciding if averaging over 30 seconds is too little, too much or just OK. It looks good to me, but those 30 seconds are also just a guess.
I understand that they are just default values. I also understand that we are talking about two different links - the link observed, where no more than one packet in 10,000 should be picked by the sampling process, and the link that exports the sampled information where no more than 1/10,000 additional bandwidth should be allowed for each filter on an observed link.
Actually I was thinking of something else. What I meant there is that if someone decides to sample based on packets sizes so that large packets are more likely to be sampled (because one 1500 byte packet matters more than a 40 byte one), than the sampled packets should not add up to more than 0.1% of the link capacity.

I believe that we do not need this in today's Internet. Sampling independent of packet sizes should be good enough if packets are between 40 and 1500 bytes. However, in some distant future, when the say 64k or even larger packets coexist with 40 byte packets, the statistical advantages of sampling based on packet size might matter. However, I expect that nobody would implement this for two reasons: 1) it's simpler to make the sampling decision without looking at the packet header (as Baek-Young Choi pointed out to me) and 2) it doesn't make that much of a difference, especially if the device has a normal MTU on the link.

Should we legislate that sampling with probabilities based on packet sizes is out of our scope?