[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSAMP framework open issues

To: <psamp@ops.ietf.org>
Subject: PSAMP framework open issues
From: <duffield@research.att.com>
Date: Thu, 13 Nov 2003 00:17:48 -0500

Hi,

Here are the remaining open issues for the framework draft. Please send
comments to the list by December 5.

Thanks,

Nick

----

FW-1 Encryption for export
   . Problem: what is the conformance level?
   . Proposed Solution: mandatory to implement and optional to use. This

     was required by the IESG for IPFIX. PSAMP requirements at least as

     strong, due to possibility of payload fragments in reports.

FW-2 Timestamps
   . Problem: should PSAMP require certain resolution or accuracy?
   . Proposed Solution: require microsecond resolution (as for IPFIX);
     no requirement for accuracy, but it should be reported. 
   . Question: How should it be reported (e.g., numerical accuracy,
     synchronization method, ...)?

FW-3 Selecting Encrypted Packets
   . Problem: Encryption key is not generally available. Content
     dependent selection problematic since encrypted fields lose
meaning.
     How should selection of encrypted packets be modified, if at all?
   . Question: what forms of encryption can be detected from packet?
   . Proposed Solution:
     - for filtering and content dependent sampling: option to
       ignore encrypted packets (if detectable ...)
   . Comments:
     - not needed for content-independent sampling 
     - not needed for hash-based selection ( it emulates /
       approximates content-independent sampling) unless trajectory 
       sampling with encryption taking place at point between      
       observation points) 
     

FW-4 Reporting Input Sequence Numbers
   . Problem: should the sequence numbers be in every report, or just 
     sent periodically in report interpretation?
   . Proposed Solution: send in every report (probably yields more 
     information for diagnosis under high load conditions with packets)

FW-5 Timeliness  
   . Problem: some applications (e.g. some security
     applications) will need to receive packet reports within a few
     seconds of observation rather than (say) a minute afterwards. How
     to specify this in the protocol? Can't easily control delay due to
     resource contention e.g. if users chose to run at routers at high
     load (although possible). More control over buffering delay.
   . Proposed Solution: 
     - mandatory ability to set maximum buffering delay in forming
export      	 packets (including 0, meaning one packet report per
export packet)
     - mandatory ability to set maximum export buffer delay in transport

       protocol (else discard; it appears that SCTP-PR can provide this)



--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>

Follow-Ups:
- Re: PSAMP framework open issues
  - From: Maurizio Molina <molina@ccrle.nec.de>

Prev by Date: packet selection: open issues
Next by Date: Re: PSAMP framework open issues
Previous by thread: packet selection: open issues
Next by thread: Re: PSAMP framework open issues
Index(es):
- Date
- Thread