[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: next step
As a general rule, there is hesistancy with regards to the offset/length/mask method of specifying classification rules for sampling since it is very hard to verify that no value a customer can input will keep from causing problems in
some dimension. And the vendor always seems to get blamed in such cases :) There is certainly discussion about it, but quite a bit of hesitancy.
It is generally preferred to have a list of interesting fields for classification (as is being defined in some versions of the proposed IPFIX data model) and let the fields be specified for classification.
Will Eatherton
> >Sorry, I didn't understand this point. What do you mean by "act
> >as a pointer to sampling"
> My usage of words was wrong.I can explain to clarify my view.
> In the filtering operation,incoming packets are compared with the
> predicates and mapped.The predicate may be a tuple <offset,length,mask,
> value> as in path
> finder(http://citeseer.nj.nec.com/bailey94pathfinder.html).
> For an uniform sampling i.e..selecting 1 in N packets can be done
> by using
> a predicate * for every <N> <pred> *.It will sample 1 in N
> packets meeting
> the <pred> predicate.
>
> >and "expose Dos attack"?
> I totally misinterpreted at this point.Thanks for pointing
> out.This is once
> again a rant about applications.Disregard the sixth point :-).
> This was more to stress use of filtering for various on-board
> applications like:
> - source address verification:
> - tracing the DoS attack path
>
> -Senthil
>
>
>
>
>
>
>
>
>
>
--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>
- References:
- RE: next step
- From: "Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu>