RE: [bmwg] Meeting Minutes Review: IPsec Terminology Tue, 28 October 2003 22:59 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id RAA04496 for <>; Tue, 28 Oct 2003 17:59:21 -0500 (EST)
Received: from localhost.localdomain ([] by with esmtp (Exim 4.20) id 1AEcnl-0003aj-H9; Tue, 28 Oct 2003 17:59:01 -0500
Received: from ([] by with esmtp (Exim 4.20) id 1AEcn3-0003Ue-8r for; Tue, 28 Oct 2003 17:58:17 -0500
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id RAA04408 for <>; Tue, 28 Oct 2003 17:58:04 -0500 (EST)
Received: from ietf-mx ([]) by ietf-mx with esmtp (Exim 4.12) id 1AEcn0-00025j-00 for; Tue, 28 Oct 2003 17:58:14 -0500
Received: from ([] by ietf-mx with esmtp (Exim 4.12) id 1AEcmz-00025E-00 for; Tue, 28 Oct 2003 17:58:14 -0500
Received: by with Internet Mail Service (5.5.2653.19) id <VJD9MZ1Z>; Tue, 28 Oct 2003 17:57:43 -0500
Message-ID: <>
Subject: RE: [bmwg] Meeting Minutes Review: IPsec Terminology
Date: Tue, 28 Oct 2003 17:57:42 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: Benchmarking Methodology Working Group <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>


We are going to end up debating Packet Sizes for an "Imix" instead of IPsec
benchmarking.  I would add to your list 40 bytes, 48 bytes, and 512 bytes
packets.  40 and 48 bytes are common POS benchmarks and 512 bytes is a
common packet size on the Internet.  

The Imix definition is not unique to IPsec.  It applies to many BMWG drafts
and RFCs.  One alternative is to reference the phrase "a mix of packet
sizes" in the IPsec draft and have it _defined_ in the General Benchmarking
Terminology draft that Al and Kevin plan to write.  This addresses the
problem globally and enables IPsec draft to make progress by putting the
focus back on IPsec issues. 

BTW, Great talk at NANOG last week.

-----Original Message-----
From: Merike Kaeo []
Sent: Tuesday, October 28, 2003 5:40 PM
Subject: RE: [bmwg] Meeting Minutes Review: IPsec Terminology

I think some packet sizes should be explicitly stated so that results would 
be comparable if different testing devices were used to test different 
products.  I personally like the idea of using 64-byte, 768-byte, 1518-byte 
and 4470-byte packets if for no other reason that it covers a mix.  Min and 
max mtu is always good to catch sw issues and then some mid-size packets 
give you feel for what performance curve looks like for a device.  The 
768-byte number can be removed or replaced with another size.....just threw 
it out there......somewhy I remember that looking at corporate network 
traffic data from a few years back produced a lot of traffic around that

- merike

At 05:17 PM 10/28/2003 -0500, wrote:
>Also consider that the specified IMIX does not account for 4470 byte
>packets.  4470 is the default MTU on POS links.
>I do recommend stating that "a mix of Packet Sizes can be used and MUST be
>reported with the results".  That could eliminate the argument about
>definition of "IMIX" and allow the document user to select the best "IMIX"
>for his/her network.  Is this a good solution?
>-----Original Message-----
>From: Talbert, Brian []
>Sent: Tuesday, October 28, 2003 11:03 AM
>To: 'Michele Bustos'; ''
>Cc: Ipsec-Term@External. Cisco. Com (E-mail)
>Subject: RE: [bmwg] Meeting Minutes Review: IPsec Terminology
>The definition seems to draw from Agilent's Journal of Internet Test
>Methodologies.  That is about the only source where I have seen the term
>"Simple IMIX" referenced.   Though your definition here does seem to draw
>the Ixia IMIX test script which uses 64, 570, and 1518 as packet sizes
>(including Ethernet header).  Agilent sticks to IP (as should probably be
>done here) but with some variance in the packet sizes, using 40, 576, and
>In any event, I will again raise caution about trying to define IMIX or at
>least to give reference to any particular distribution.  The distribution
>provided does not appear to be directly based upon any data studies, but
>rather taken from 3rd party sources, be it Agilent or Ixia.  And that may
>itself be fine if so recorded (as examples) but there is concern here as
>well.  For one, the data from which these were based (the NLANR data) is
>coming up on 3 years old and more importantly it represents generalized
>Internet data.  This draft focuses on VPN traffic patterns, for which there
>isn't necessarily any correlation at all to the NLANR data.
>To echo (quite literally) my previous sentiments:
>  Well, I'm not sure that someone must state it in an RFC ... not at
>least in so far as it defines a specific pattern.  First, why do we all use
>IMIX?  I use it because our sales engineers and marketing folks don't want
>lot of information.  They want a single number that they can quote that
>gives a rough idea of the "customer experience".  I suspect the appeal is
>similar for vendors, and IMIX is OK for this purpose.  So the question
>becomes, would a standardized IMIX fairly represent the "customer
>experience".  Well, if that standard includes a specific packet size
>then it would be fair assuming that the customer experience closely
>resembles the source of the model data.   And we know a few things about
>model data: it is several years old and was only then representative of
>general Internet consumption.  So, how well does this data model represent
>VPN applications where the usage is quite differnet from general Internet
>consumption?   VPNs bring the element of enterprise applications into the
>foray and so an IMIX model based on general Internet traffic will loose
>correlation significance.
>The alternative would be to define IMIX very generically and not include
>specific packet distributions.  Do this looses the advangate of have easy
>cross-comparison but it does allow replication.   Also, while this doesn't
>standardize everyone on the exact same mix, it would at least allow for you
>to stipulate that the IMIX pattern (packet sizes and interleave) be
>documented.  This would still go a long way as I see many reports of "IMIX"
>testing only to find out later that the pattern had a smallest packet size
>of 512 or that max size was reduced to avoid fragmentation effects, etc.
>I think you pretty much already do this, though for clarity I would avoid
>any specific references in the discussion and instead focus on issues such
>1.  General distribution of packet sizes
>2.  Interleaving of packets
>3.  Correlation to actual data
>If you definately think it is best to go forward with referencing IMIX
>in the meth then you should probably have it defined in the term. I don't
>think it would be good to rely on Agilent or another outside source for
>definition.   This is how I would probably tackle it:
>Mixed Packet Size Stream
>Definition:  A stream (per Network Layer Traffic Control Term draft??) of
>packets with varying framesizes.
>Discussion:  Mixed packet size streams allow testing to be conducted using
>traffic patterns that simulate those observed in live networks.  Such
>streams can be used to analyze forwarding rates, throughput, and other
>metrics in a scenario that best represents the specific deployment
>utilization of a device.
>The particular distribution of packet sizes and how they are interleaved
>vary depending upon expected operational use of a device.  It is
>that for some purposes a packet mix representing general Internet traffic
>(Internet Mix, or IMIX) will be appropriate, while for other purposes a
>packet mix representing other characteristics will be more appropriate (for
>examplle, a VPN Mix, VoIP Mix, etc.).   In all cases, however, it is
>important the the specific packet sizes, thier distribution ratios, and how
>they are interleaved be as closely correlated to the operational usage as
>possible.   The National Laboratory for Applied Network Research has
>collected data that could be used to correlate an Internet MIX with general
>Internet traffic.  Other data collection efforts may be necessary to
>significantly correlate a mixed packet size stream to actual usage
>Measurment Units:  The units applicable to the underlying test to wich the
>mixed packet size stream is being applied.
>This approach to defining a "MIX" allows for the flexiblity for the
>individual tester to define a mix that meets thier own needs and alows it
>be applied to a variety of metrics.  You could for instance further define
>"VPN MIX Throughput" or "Internet with G.729 MIX Forwarding Rate".   It
>opens the doors to require in a meth (or here if that seems more
>appropriate) that any type of MIX must be defined in results to include:
>1.  Packet sizes within the stream
>2.  Distribution ratios of the packet sizes
>3.  Interleaving characteristics
>???4.  Targeted operational use?
>???5.  Correlation to targeted use
>Brian Talbert
>UUNET Access Engineering
>Office:  703-886-5812              Fax:   703-886-0535
>Email:     AIM:   wbriantalbert
> >>-----Original Message-----
> >>From: [] On
> >>Behalf Of Michele Bustos
> >>Sent: Thursday, October 23, 2003 9:58 PM
> >>To: ''
> >>Cc: Ipsec-Term@External. Cisco. Com (E-mail)
> >>Subject: [bmwg] Meeting Minutes Review: IPsec Terminology
> >>
> >>
> >>To address the issues raised at the last meeting regarding
> >>the IPsec Term draft.
> >>
> >>>The current draft defined IMIX (Internet Mix for traffic synthesis),
> >>>but did not include the reference that Michele Bustos
> >>provided on the
> >>>list. There was a comment suggesting that this is a good
> >>definition to
> >>>include, with the caveat that no one mix of packet sizes represents
> >>>Internet usage.
> >>
> >>We eliminated the NLARR reference from the draft for several
> >>reasons. The reference never actually refers to IMIX, and
> >>they never suggest any frame
> >>sizes or traffic patterns.
> >>
> >>If anyone can provide a reference for IMIX specifically, we
> >>would be happy to investigate it.
> >>
> >>Michele Bustos
> >>Ixia
> >>
> >>
> >>
> >>_______________________________________________
> >>bmwg mailing list
> >>
> >>
> >>
>bmwg mailing list
>bmwg mailing list

bmwg mailing list