[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-ietf-psamp-sample-tech-04.txt

Hi Maurizio,

some comments inline for the points in which I have a position.

Benoit Claise wrote:

Dear all,

Here are some comments.

5. Section 4.1 "mask/match filtering"
In practice, this means most of the time configuring an access-list if we speak about the packet header information.
I think it should be clearly mentioned here, even if this is briefly mentioned in the section 4.3 "Router State Filtering"
Same remark for the section 5.2 "information model for filtering techniques", we want to mention the "access-list ID" for "case: Matching"

I'm not sure whether with this "access-list ID" you're proposing a "high-level" syntax for defining mask/match filtering.
Just to clarify: "high-level" would mean something like "proto=TCP and dst port in [1024,1036]"....
Actually, I had already raised that point, whether we want to keep only the currently "low level" syntax for filtering as specified in 5.2 or introduce also another one (that ultimately can be translated in the low level one, see text in 4.1). But so fare there where no suggestions. If we specify a high level synstax we must either specify it or reference where it is specified, otherwhise I don't know what this access-list ID is...

Let me come back to you on this one. It maybe needs some more thoughts on my side...

8. Section 5.1 "information model for sampling techniques"
Case Systematic Time Based: - Interval length (in usec), Spacing _(in usec) _
I think the spacing unit should be in number of packets.

that is the Systematic Count-based case.

My point is that, if systematic time based sampling is implemented, will you do it like 1. or 2.
1. Case Systematic Time Based: - Interval length (in usec), Spacing (in usec)
2. Case Systematic Time Based: - Interval length (in usec), Spacing (# packets)

The option1 has got the big drawback that we have no idea how many packets will be inspected and as a consequence we don't know what are the bandwidth requirement for the export link(s). And if we do sampling, it's typically because we have a bottleneck on the export link(s) bandwidth or on the collector side...

How to specify: I want to specify 1 packet every x msec.
Spacing in usec depends too much on the interface bandwidth

I think that the agreement was that equipment must support at least one of the techniques without specifying which.
So having the Systematic Time Based definition in the information model doesn't do any harm.


30. See if my discussion with Maurizio is in there.

Ooops. Please Forget about this point 30.
I used it when I created this email.
No issue anymore.

Thanks for your comments.

Regards, Benoit.

The following text is at the beginning of page 8. Is it this you referred with the "discussion with Maurizio"?

    Note that a common technique to select packets is to compute a
    Hash Function on some bits of the packet header and/or content
    and to select it if the Hash Value falls in  the Hash Selection
    Range. Since hashing is a deterministic operation on the packet
    content, it is a filtering technique according to our
    categorization. Nevertheless, hash functions are sometimes used
    to approximate random sampling. Depending on the chosen input
    bits, the Hash Function and the Hash Selection Range, this
    technique can be used to approximate the random selection of
    packets with a given probability p. It is also a powerful
    technique to consistently select the same packet subset at
    multiple observation points [DuGr00]


to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>