Re: comments on draft-ietf-psamp-sample-tech-04.txt

[Benoit Claise <bclaise@cisco.com>]

Hi Maurizio,

> Benoit,
> some comments inline for the points in which I have a position.
> Maurizio
>
> Benoit Claise wrote:
>
> > Dear all,
> >
> > Here are some comments.
>
>
> > 5. Section 4.1 "mask/match filtering"
> > In practice, this means most of the time configuring an access-list 
> > if we speak about the packet header information.
> > I think it should be clearly mentioned here, even if this is briefly 
> > mentioned in the section 4.3 "Router State Filtering"
> > Same remark for the section 5.2 "information model for filtering 
> > techniques", we want to mention the "access-list ID" for "case: 
> > Matching" 
>
>
> I'm not sure whether with this "access-list ID" you're proposing a 
> "high-level" syntax for defining mask/match filtering.
> Just to clarify: "high-level" would mean something like "proto=TCP and 
> dst port in [1024,1036]"....
> Actually, I had already raised that point, whether we want to keep 
> only the currently "low level" syntax  for filtering as specified in 
> 5.2 or introduce also another one (that ultimately can be translated 
> in the low level one, see text in 4.1). But so fare there where no 
> suggestions. If we specify a high level synstax we must either specify 
> it or reference where it is specified, otherwhise I don't know what 
> this access-list ID is...

Let me come back to you on this one.
It maybe needs some more thoughts on my side...

> > 8. Section 5.1 "information model for sampling techniques"
> >     Case Systematic Time Based:        - Interval length (in usec), 
> > Spacing _(in usec) _
> > I think the spacing unit should be in number of packets.
>
>
> that is the Systematic Count-based case.

My point is that, if systematic time based sampling is implemented, will 
you do it like 1. or 2.
1.    Case Systematic Time Based:        - Interval length (in usec), 
Spacing (in usec)
2.    Case Systematic Time Based:        - Interval length (in usec), 
Spacing (# packets)

The option1 has got the big drawback that we have no idea how many 
packets will be inspected and as a consequence we don't know what are 
the bandwidth requirement for the export link(s). And if we do sampling, 
it's typically because we have a bottleneck on the export link(s) 
bandwidth or on the collector side...

> > How to specify: I want to specify 1 packet every x msec.
> > Spacing in usec depends too much on the interface bandwidth 
>
>
> I think that the agreement was that equipment must support at least 
> one of the techniques without specifying which.
> So having the Systematic Time Based definition in the information 
> model doesn't do any harm.

OK.

> > 30.  See if my discussion with Maurizio is in there.
Ooops. Please Forget about this point 30.
I used it when I created this email.
No issue anymore.

Thanks for your comments.

Regards, Benoit.


> The following text is at the beginning of page 8. Is it this you 
> referred with the "discussion with Maurizio"?
>
> >     Note that a common technique to select packets is to compute a
> >     Hash Function on some bits of the packet header and/or content
> >     and to select it if the Hash Value falls in  the Hash Selection
> >     Range. Since hashing is a deterministic operation on the packet
> >     content, it is a filtering technique according to our
> >     categorization. Nevertheless, hash functions are sometimes used
> >     to approximate random sampling. Depending on the chosen input
> >     bits, the Hash Function and the Hash Selection Range, this
> >     technique can be used to approximate the random selection of
> >     packets with a given probability p. It is also a powerful
> >     technique to consistently select the same packet subset at
> >     multiple observation points [DuGr00]
> BR,
> Maurizio
>
> >


--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>