[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on draft-ietf-psamp-sample-tech-04.txt
some comments inline for the points in which I have a position.
Benoit Claise wrote:
Here are some comments.
5. Section 4.1 "mask/match filtering"
In practice, this means most of the time configuring an access-list
if we speak about the packet header information.
I think it should be clearly mentioned here, even if this is briefly
mentioned in the section 4.3 "Router State Filtering"
Same remark for the section 5.2 "information model for filtering
techniques", we want to mention the "access-list ID" for "case:
I'm not sure whether with this "access-list ID" you're proposing a
"high-level" syntax for defining mask/match filtering.
Just to clarify: "high-level" would mean something like "proto=TCP and
dst port in [1024,1036]"....
Actually, I had already raised that point, whether we want to keep
only the currently "low level" syntax for filtering as specified in
5.2 or introduce also another one (that ultimately can be translated
in the low level one, see text in 4.1). But so fare there where no
suggestions. If we specify a high level synstax we must either specify
it or reference where it is specified, otherwhise I don't know what
this access-list ID is...
Let me come back to you on this one.
It maybe needs some more thoughts on my side...
8. Section 5.1 "information model for sampling techniques"
Case Systematic Time Based: - Interval length (in usec),
Spacing _(in usec) _
I think the spacing unit should be in number of packets.
that is the Systematic Count-based case.
My point is that, if systematic time based sampling is implemented, will
you do it like 1. or 2.
1. Case Systematic Time Based: - Interval length (in usec),
Spacing (in usec)
2. Case Systematic Time Based: - Interval length (in usec),
Spacing (# packets)
The option1 has got the big drawback that we have no idea how many
packets will be inspected and as a consequence we don't know what are
the bandwidth requirement for the export link(s). And if we do sampling,
it's typically because we have a bottleneck on the export link(s)
bandwidth or on the collector side...
How to specify: I want to specify 1 packet every x msec.
Spacing in usec depends too much on the interface bandwidth
I think that the agreement was that equipment must support at least
one of the techniques without specifying which.
So having the Systematic Time Based definition in the information
model doesn't do any harm.
30. See if my discussion with Maurizio is in there.
Ooops. Please Forget about this point 30.
I used it when I created this email.
No issue anymore.
Thanks for your comments.
The following text is at the beginning of page 8. Is it this you
referred with the "discussion with Maurizio"?
Note that a common technique to select packets is to compute a
Hash Function on some bits of the packet header and/or content
and to select it if the Hash Value falls in the Hash Selection
Range. Since hashing is a deterministic operation on the packet
content, it is a filtering technique according to our
categorization. Nevertheless, hash functions are sometimes used
to approximate random sampling. Depending on the chosen input
bits, the Hash Function and the Hash Selection Range, this
technique can be used to approximate the random selection of
packets with a given probability p. It is also a powerful
technique to consistently select the same packet subset at
multiple observation points [DuGr00]
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.