IETF Logo Mail Archive

Re: [Dime] draft-ietf-dime-rfc3588bis review (2/3)

Victor Fajardo <vfajardo@tari.toshiba.com> Sun, 02 November 2008 16:16 UTC

Return-Path: <dime-bounces@ietf.org>
X-Original-To: dime-archive@megatron.ietf.org
Delivered-To: ietfarch-dime-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB68E3A6AD6; Sun, 2 Nov 2008 08:16:30 -0800 (PST)
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BEBC3A6AFC for <dime@core3.amsl.com>; Sun, 2 Nov 2008 08:16:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[AWL=-0.078, BAYES_00=-2.599, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gFSLnoFvRa8v for <dime@core3.amsl.com>; Sun, 2 Nov 2008 08:16:28 -0800 (PST)
Received: from toshi17.tari.toshiba.com (unknown [IPv6:2001:418:1403:0:212:17ff:fe52:7811]) by core3.amsl.com (Postfix) with ESMTP id 1194A3A6816 for <dime@ietf.org>; Sun, 2 Nov 2008 08:15:35 -0800 (PST)
Received: from [127.0.0.1] (mgw.toshibaamericaresearch.com [165.254.55.12]) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id mA2GFUSg036385; Sun, 2 Nov 2008 11:15:30 -0500 (EST) (envelope-from vfajardo@tari.toshiba.com)
Message-ID: <490DD222.6080505@tari.toshiba.com>
Date: Sun, 02 Nov 2008 11:15:30 -0500
From: Victor Fajardo <vfajardo@tari.toshiba.com>
User-Agent: Icedove 1.5.0.14eol (X11/20080724)
MIME-Version: 1.0
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <48CD625D.1000605@gmx.net>
In-Reply-To: <48CD625D.1000605@gmx.net>
Cc: dime@ietf.org
Subject: Re: [Dime] draft-ietf-dime-rfc3588bis review (2/3)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dime-bounces@ietf.org
Errors-To: dime-bounces@ietf.org

Hi Hannes

As with the 1st part of the review, editorial are ok. Other comments 
inline. Changes are incorporated in draft-*13.txt:


> Here is the 2nd part of my review:
>
> 9.2.  Protocol Messages
>
>    A Diameter node that receives a successful authentication and/or
>    authorization messages from the Home AAA server MUST collect
>    accounting information for the session.
>
> s/Home AAA server/Diameter server
>
> I wonder why there is this MUST statement here. Why is there MUST 
> regarding the
> collection of accounting information.
>   

I'm guessing this is historical remnants that is no longer valid in the 
way we use Diameter today. We should relax this to a SHOULD.

>    
>
>    Each Diameter Accounting protocol message MAY be compressed, in order
>    to reduce network bandwidth usage.  If TLS is used to secure the
>    Diameter session, then TLS compression [RFC4346] MAY be used.
>    
> I wonder why this compression aspect is mentioned as there is nothing in 
> Diameter itself
> to provide this compression. Compression is provided by TLS for all 
> Diameter
> messages.
>   

Ok. I suggest we remove it as it does not add value in anyway.

>
> 9.3.  Accounting Application Extension and Requirements
>
>    Each Diameter application (e.g., NASREQ, MobileIP), MUST define their
>    Service-Specific AVPs that MUST be present in the Accounting-Request
>    message in a section entitled "Accounting AVPs".
>
> I wonder why this is a MUST requirement.
>   

Probably the same reason as above. Lets relax to a SHOULD.

>  
>  
>  9.6.  Correlation of Accounting Records
>
>    The Diameter protocol's Session-Id AVP, which is globally unique (see
>    Section 8.8), is used during the authorization phase to identify a
>    particular session.
>
>
>    Services that do not require any authorization
>    still use the Session-Id AVP to identify sessions.
>
>
> Why is the authorization exchange mentioned here explicitly. Session-IDs 
> are used
> throught Diameter and there is nothing specifial about the authorization 
> phase.
>   

Same as above. It seems like 9.6 is binding accounting specifically to 
authz only. We should re-phrase the 1st paragraph to:

        "If an application uses accounting messages, it can correlate 
accounting
         records with a specific application session by using the 
Session-Id of the
         particular application session in the accounting messages. 
Accounting
         messages MAY also use a different Session-Id from that of the 
application
         sessions in which case other session related information is 
needed to
         perform correlation."

>
>    
>    Accounting
>    messages MAY use a different Session-Id from that sent in
>    authorization messages.  Specific applications MAY require different
>    a Session-ID for accounting messages.
>    
> These two sentences essentially say the same thing. Maybe it would be 
> useful to say
>  when the session ID is different.
>   

See above.
>  
>  
>    However, there are certain applications that require multiple
>    accounting sub-sessions.  Such applications would send messages with
>    a constant Session-Id AVP, but a different Accounting-Sub-Session-Id
>    AVP.  In these cases, correlation is performed using the Session-Id.
>    
> The last sentence essentially says what the sentence said previously.
>
>    It is important to note that receiving a STOP_RECORD with no
>    Accounting-Sub-Session-Id AVP when sub-sessions were originally used
>    in the START_RECORD messages implies that all sub-sessions are
>    terminated.
>   

Let's re-phrase this entire paragraph with:

        "In cases where an application requires multiple accounting 
sub-session,
         an Accounting-Sub-Session-Id AVP is used to differentiate each 
sub-session.
         The Session-Id would remain constant for all sub-sessions and 
is be used
         to correlate all sub-sessions to a particular application 
session.</t>
         Note that receiving a STOP_RECORD with no 
Accounting-Sub-Session-Id AVP
         when sub-sessions were originally used in the START_RECORD messages
         implies that all sub-sessions are terminated."

>    Furthermore, there are certain applications where a user receives
>    service from different access devices (e.g., Mobile IPv4), each with
>    their own unique Session-Id.
>
> I am not sure is meant with the Mobile IPv4 example here.
> Is this referring to the case that a user might, as part of their 
> service usage,
> trigger multiple Diameter exchanges from different Diameter clients, 
> such as from
> the NAS and also from an application server?
>
>    In such cases, the Acct-Multi-Session-
>    Id AVP is used for correlation.
>
> I would move this sentence after the subsequent paragraph.
>  
>    During authorization, a server that
>    determines that a request is for an existing session SHOULD include
>    the Acct-Multi-Session-Id AVP, which the access device MUST include
>    in all subsequent accounting messages.
>   

How about re-phrasing the whole paragraph to:

        "There are also cases where an application needs to correlate 
multiple
         application sessions into a single accounting record; the 
accounting record
         may span multiple different Diameter applications and sessions 
used by
         the same user at a given time. In such cases, the 
Acct-Multi-Session-
         Id AVP is used. The Acct-Multi-Session-Id AVP SHOULD be 
signalled by the
         server to the access device (typically during authorization) 
when it
         determines that a request belongs to an existing session. The 
access device
         MUST then include the Acct-Multi-Session-Id AVP in all subsequent
         accounting messages."
>    
>
> 10.1.  Base Protocol Command AVP Table
>
>
> There are a couple of AVPs in the table that do not appear in any command.
> I wonder whether it makes sense to actually list them in the table at all.
> Instead, one could argue that they are rather defined in this document 
> since
> they are of general usage for applications.
>
>   

I'm not sure how we can represent these dangling AVPs. Maybe a separate 
list for them ?


regards,
victor

_______________________________________________
DiME mailing list
DiME@ietf.org
https://www.ietf.org/mailman/listinfo/dime

v2.23.0 | Report a Bug | By Email