IETF Logo Mail Archive

Re: [IPFIX] [Technical Errata Reported] RFC7012 (3852)

Stewart Bryant <stbryant@cisco.com> Fri, 03 January 2014 12:12 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 175D11ADF96 for <ipfix@ietfa.amsl.com>; Fri, 3 Jan 2014 04:12:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.038
X-Spam-Level:
X-Spam-Status: No, score=-10.038 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBq9Xwvw4UYE for <ipfix@ietfa.amsl.com>; Fri, 3 Jan 2014 04:12:08 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id 9FADA1ADF8D for <ipfix@ietf.org>; Fri, 3 Jan 2014 04:12:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=34765; q=dns/txt; s=iport; t=1388751119; x=1389960719; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to; bh=Kztbm+E7vOvyTpcKvp5orC7cUHMARYB8Zr75LBkDIus=; b=bdx2dOLWcpwDgK4k48DsoYd0d0vMbmddY5vG1+DV6pmyymVSk8fKO6io sfd54jtk6G1ct44NGr7HyISRU5qgY1cwgZNqHG5NpywivHaXjvA5LEr/s i7ze8TJ7Vr9awbJfyxjjYfw9ELj5Uf8Gg3KCtzQoW7wEL7XsWMqWzGi9D E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgkFAA6oxlKQ/khM/2dsb2JhbAA+GoMLOLlhgQ0WdIIlAQEBAwEBAQEXVAoBEAsYCRYBBwcJAwIBAgEVHxEGDQEFAgEBh3gIDTbCVBeOKBEBUAeENgSYF5IUgy15eA
X-IronPort-AV: E=Sophos;i="4.95,597,1384300800"; d="scan'208,217";a="2472217"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-2.cisco.com with ESMTP; 03 Jan 2014 12:11:58 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s03CBvXe005715 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 3 Jan 2014 12:11:57 GMT
Received: from [IPv6:::1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id s03CBbKN010261; Fri, 3 Jan 2014 12:11:37 GMT
Message-ID: <52C6A8F9.7070706@cisco.com>
Date: Fri, 03 Jan 2014 12:11:37 +0000
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
References: <20131230151331.29E9F7FC393@rfc-editor.org> <52C19DF7.4050501@plixer.com> <52C232EB.30802@cisco.com>, <535E38C8-A1C0-4FD5-991C-D9A132D97923@tik.ee.ethz.ch> <0BEF0D66-E9DB-40E7-A2E4-ABCBCA5634CB@cisco.com> <52C2BC12.6090108@tik.ee.ethz.ch> <52C55358.5060402@cisco.com> <D7B124FF-81ED-4D05-89D0-2F85047A2B8A@tik.ee.ethz.ch>
In-Reply-To: <D7B124FF-81ED-4D05-89D0-2F85047A2B8A@tik.ee.ethz.ch>
Content-Type: multipart/alternative; boundary="------------010507000001050103010401"
Cc: "joelja@bogus.com Jaeggli" <joelja@bogus.com>, Nevil Brownlee <n.brownlee@auckland.ac.nz>, "ipfix@ietf.org Group" <ipfix@ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [IPFIX] [Technical Errata Reported] RFC7012 (3852)
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 12:12:12 -0000

Hi Brian

We are getting there.

On 03/01/2014 10:00, Brian Trammell wrote:
> hi Stewart,
>
> inline as per tradition…
>
> On 02 Jan 2014, at 12:54, Stewart Bryant <stbryant@cisco.com 
> <mailto:stbryant@cisco.com>> wrote:
>
>> Brian
>>
>> Firstly going back to my original problem, I think that would be
>> better addressed by
>>
>> OLD
>> Definitions of timestamp data types have been clarified.
>>
>> NEW
>>
>> Definitions of timestamp data types have been clarified and
>> the definition of the epochs has been moved to sections
>> 6.1.7 through 6.1.11 of RFC 7011
>>
>> End
> Okay, good point. this works for me.
>> Your new text is also helpful.
>>
>> Then there is the problem of the IANA registry pointing to
>> an obsolete RFC, which then takes you to RFC7012 which
>> does not define the IEs.
>>
>> Consider IE 150, the reader is directed to RFC7012 by the
>> registry header, and finds the datatype isdateTimeSeconds
>> (which they dutifully look up in RFC7012 as indicated
>> in the registry) they find the definition of dateTimeSeconds
>> without the epoch and then what... For the definition
>> of the IE to be complete, the reader needs the epoch
>> which arguably now belongs in the registry, but is missing.
>> I think that the root cause is that when we made the
>> registry the definitive definition of the IEs, we
>> did not add sufficient information in the case of the
>> time definitions.
> Okay, I understand your issue better here. We should consider a new 
> erratum changing the introduction as well as para 2 section 3.1.
>> Now we have one other issue which I have been puzzling
>> over since you sent the email and can't quite get my
>> head around. You use the term "value" in the ADT
>> context. With for example i.e. 52 (min TTL) it's
>> easy to imagine what "value" means however you
>> represent it. However I am struggling to understand
>> whether it is meaningful to define the "value" of IE
>> 150:"The absolute timestamp of the first packet of
>> this Flow" is without some specific epoch. This
>> issue is addressed in I.E. 1 by specifying the count
>> relative to a previous instance of count, so I think
>> whilst that is a value, the timestamps are not.
> But each timestamp value has an underlying real value, a moment in 
> time. If you have a sequence of octets, you need both the ADT (7012) 
> as well as the encoding (7011) to interpret it.
>
> Take, for example, “09:45:00 UTC on Friday 3 January 2014 CE”. That 
> string, interpreted by a human who makes a couple of basic assumptions 
> (implicit selection of Gregorian over Julian calendar given the date, 
> selection of a post-Julian solar calendar given the name of the month, 
> presence in a negligibly accelerated reference frame with respect to 
> Earth, a commonly agreed method of handling/ignoring leap seconds) 
> unambiguously represents a single second in time. Which is what 
> dateTimeSeconds is meant to do according to the 7012 definition. That 
> second in time is the value.
>
> The positive integer 1388742300 encoded as a big-endian unsigned32 is 
> the IPFIX encoding of this value. This, as you say, requires an epoch, 
> which is given in 7011. Without the epoch, you cannot interpret it at all.
>
> The same value encoded as in draft-trammell-ipfix-text-adt would be 
> “2014-01-03 09:45:00”: less efficient that the IPFIX encoding, but 
> more readable. There’s an implicit epoch here as well (“2014” in this 
> context taken to be years since 1 BCE), but it’s a different epoch 
> from that given in 7011; this is defined by reference, eventually, to 
> ISO 8601.
>
> So each instance of an IE of an ADT can take a value, and that value 
> exists separate from its encoding. 7011 and 7012 together combine to 
> make an unambiguous mapping between the two possible in IPFIX.

I think the key is the last sentence, and so long as we make that clear 
we are good.

Maybe some text of the form "relative to the defined epoch" would sort 
it out. At least
that would remind the reader that they needs to know rather than assume 
the epoch.

- Stewart

>
> Cheers,
>
> Brian
>
>> We may need a call to work though this and another issue
>> I am about to raise on the IPFIX list.
>>
>> - Stewart
>>
>> On 31/12/2013 12:44, Brian Trammell wrote:
>>> hi Stewart,
>>>
>>> Stewart Bryant (stbryant) wrote:
>>>> Certainly something is needed. I was thinking of using IPFIX as an information gathering method in a radio context, and went to look at the definition of the types and could not find the epoch, or even a reference to the epoch. Now part of the problem (which was my fault) was that I did not notice at the time that the elements were defined by the obsolete RFC5102 and went straight to the new RFC. However having the definitions in an obsolete RFC also seems problematic, since it puts the IEs in a strange state. Since RFC 7012 replaces RFC5102 and includes the definitions you would expect the definition in RFC7012 to replace the definition in RFC5102, but those definitions are, as I explained incomplete.
>>> This is intentional. See below.
>>>
>>>> I need to look at this some more when I get back to work, but I am now also concerned that if the epoch can change, the definition of the existing IEs is now unreliable.
>>> The definition of the existing IEs is based upon the definition of the
>>> ADT itself in 7012 as well as the definition of the ADT representation
>>> within the IPFIX protocol in 7011. It is not the intention that reading
>>> 7012 tells you how to encode IEs for use with IPFIX; that's what section
>>> 6.1 of 7011 is for.
>>>
>>>> You will notice in the errata that I did suggest that an alternative resolution would be to include a reference to the epoch text.
>>> The point is that the ADT _explicitly_ does not have a binding to an
>>> epoch, as epochs are only necessary when using integral representations
>>> of timestamps. IPFIX's representations for these ADTs are integral, but
>>> bindings to other representations need not be (see, for example,
>>> draft-trammell-ipfix-text-adt, which recommends ISO8601-style timestamps
>>> for textual representations of IE values).
>>>
>>> I'd suggest instead somehow expanding the present text in 7012 to
>>> reiterate that if you're using IPFIX, the representations of the ADTs
>>> are in 7011:
>>>
>>> OLD para 2 sec 3.1 7012:
>>>
>>>     The current encodings of these data types for use with the IPFIX
>>>     protocol are defined in [RFC7011]; encodings allowing the use of the
>>>     IPFIX Information Elements [IANA-IPFIX] with other protocols may be
>>>     defined in the future by referencing this document.
>>>
>>> NEW para 2 sec 3.1 7012:
>>>
>>>     The abstract data type definitions in this section are intended
>>>     only to define the values which can be taken by Information
>>>     Elements of each type. The encodings of these data types for
>>>     use with the IPFIX protocol are defined in Section 6.1 of
>>>     [RFC7011]; encodings  allowing the use of the IPFIX Information
>>>     Elements [IANA-IPFIX] with other protocols may be defined in the
>>>     future by referencing this document.
>>>
>>> Best regards,
>>>
>>> Brian
>>>
>>>
>>>> Stewart
>>>>
>>>>
>>>>
>>>> Sent from my iPad
>>>>
>>>>> On 31 Dec 2013, at 08:50, "Brian Trammell"<trammell@tik.ee.ethz.ch>  wrote:
>>>>>
>>>>> hi Paul, all,
>>>>>
>>>>> +n.
>>>>>
>>>>> The separation between ADTs and ADT encoding between 7012 and 7011 was explicit and purposeful. Specifically, we do _not_ want to exclude other representations of the IPFIX Information Model from being based upon other encodings of these ADTs, whether ISO 8601 (which either has no epoch or epoch 0000-00-00 00:00 UTC, depending on how you count), NTP (1904), Julian day based counting, etc, etc, etc…
>>>>>
>>>>> If there is confusion on this point, I’d suggest adding more explanatory text on this point to Paragraph 2 of the front matter to section 3.1. But as is, I emphatically recommend rejection of this reported erratum.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Brian
>>>>>
>>>>>> On 31 Dec 2013, at 03:58, Paul Aitken<paitken@cisco.com>  wrote:
>>>>>>
>>>>>> +1
>>>>>>
>>>>>> If anyone was going to raise an errata on this, it would have been me ;-)
>>>>>>
>>>>>> I've pointed this issue out before, probably more than once - and have been encouraged to read RFC 3444.
>>>>>>
>>>>>> P.
>>>>>>
>>>>>>
>>>>>>> On 30/12/2013 09:23, Andrew Feren wrote:
>>>>>>> The encoding for the time data types is specified RFC 7011 Sections
>>>>>>> 6.1.7 through 6.1.10.
>>>>>>>
>>>>>>> -Andrew
>>>>>>>
>>>>>>>> On 12/30/2013 10:13 AM, RFC Errata System wrote:
>>>>>>>> The following errata report has been submitted for RFC7012,
>>>>>>>> "Information Model for IP Flow Information Export (IPFIX)".
>>>>>>>>
>>>>>>>> --------------------------------------
>>>>>>>> You may review the report below and at:
>>>>>>>> http://www.rfc-editor.org/errata_search.php?rfc=7012&eid=3852
>>>>>>>>
>>>>>>>> --------------------------------------
>>>>>>>> Type: Technical
>>>>>>>> Reported by: Stewart Bryant<stbryant@cisco.com>
>>>>>>>>
>>>>>>>> Section: 3.1.15-17
>>>>>>>>
>>>>>>>> Original Text
>>>>>>>> -------------
>>>>>>>> 3.1.15. dateTimeSeconds
>>>>>>>>
>>>>>>>>    The type "dateTimeSeconds" represents a time value expressed with
>>>>>>>>    second-level precision.
>>>>>>>>
>>>>>>>> 3.1.16. dateTimeMilliseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeMilliseconds" represents a time value expressed
>>>>>>>>    with millisecond-level precision.
>>>>>>>>
>>>>>>>> 3.1.17. dateTimeMicroseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeMicroseconds" represents a time value expressed
>>>>>>>>    with microsecond-level precision.
>>>>>>>>
>>>>>>>> 3.1.18. dateTimeNanoseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeNanoseconds" represents a time value expressed with
>>>>>>>>    nanosecond-level precision.
>>>>>>>>
>>>>>>>>
>>>>>>>> Corrected Text
>>>>>>>> --------------
>>>>>>>> 3.1.15. dateTimeSeconds
>>>>>>>>
>>>>>>>>    The type "dateTimeSeconds" represents a time value in units of
>>>>>>>>    seconds based on coordinated universal time (UTC).  The choice of an
>>>>>>>>    epoch, for example, 00:00 UTC, January 1, 1970, is left to
>>>>>>>>    corresponding encoding specifications for this type, for example, the
>>>>>>>>    IPFIX protocol specification.  Leap seconds are excluded.  Note that
>>>>>>>>    transformation of values might be required between different
>>>>>>>>    encodings if different epoch values are used.
>>>>>>>>
>>>>>>>> 3.1.16. dateTimeMilliseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeMilliseconds" represents a time value in units of
>>>>>>>>    milliseconds based on coordinated universal time (UTC).  The choice
>>>>>>>>    of an epoch, for example, 00:00 UTC, January 1, 1970, is left to
>>>>>>>>    corresponding encoding specifications for this type, for example, the
>>>>>>>>    IPFIX protocol specification.  Leap seconds are excluded.  Note that
>>>>>>>>    transformation of values might be required between different
>>>>>>>>    encodings if different epoch values are used.
>>>>>>>>
>>>>>>>> 3.1.17. dateTimeMicroseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeMicroseconds" represents a time value in units of
>>>>>>>>    microseconds based on coordinated universal time (UTC).  The choice
>>>>>>>>    of an epoch, for example, 00:00 UTC, January 1, 1970, is left to
>>>>>>>>    corresponding encoding specifications for this type, for example, the
>>>>>>>>    IPFIX protocol specification.  Leap seconds are excluded.  Note that
>>>>>>>>    transformation of values might be required between different
>>>>>>>>    encodings if different epoch values are used.
>>>>>>>>
>>>>>>>> 3.1.18. dateTimeNanoseconds
>>>>>>>>
>>>>>>>>    The type "dateTimeNanoseconds" represents a time value in units of
>>>>>>>>    nanoseconds based on coordinated universal time (UTC).  The choice of
>>>>>>>>    an epoch, for example, 00:00 UTC, January 1, 1970, is left to
>>>>>>>>    corresponding encoding specifications for this type, for example, the
>>>>>>>>    IPFIX protocol specification.  Leap seconds are excluded.  Note that
>>>>>>>>    transformation of values might be required between different
>>>>>>>>    encodings if different epoch values are used.
>>>>>>>>
>>>>>>>>
>>>>>>>> Notes
>>>>>>>> -----
>>>>>>>> Although section 1.1 says : - "Definitions of timestamp data types have been clarified." The edited text has removed the epoch definition, and this does not seem to have been incorporated elsewhere in the RFC.
>>>>>>>>
>>>>>>>> Without a specified epoch, there is no unique definition of the timestamps.
>>>>>>>>
>>>>>>>> My proposal above is to revert to the RFC5102 definitions. RFC7102 is intended to be backwards compatible with RFC5102 and thus the definitions need to be technically identical. Alternatively, if the text is now included elsewhere in RFC7012 or in another RFC, it would be helpful to the reader to provide a reference to the epoch definition in an editorial update to dateTimeX definitions in RFC7102.
>>>>>>>>
>>>>>>>> Instructions:
>>>>>>>> -------------
>>>>>>>> This errata is currently posted as "Reported". If necessary, please
>>>>>>>> use "Reply All" to discuss whether it should be verified or
>>>>>>>> rejected. When a decision is reached, the verifying party (IESG)
>>>>>>>> can log in to change the status and edit the report, if necessary.
>>>>>>>>
>>>>>>>> --------------------------------------
>>>>>>>> RFC7012 (draft-ietf-ipfix-information-model-rfc5102bis-10)
>>>>>>>> --------------------------------------
>>>>>>>> Title               : Information Model for IP Flow Information Export (IPFIX)
>>>>>>>> Publication Date    : September 2013
>>>>>>>> Author(s)           : B. Claise, Ed., B. Trammell, Ed.
>>>>>>>> Category            : PROPOSED STANDARD
>>>>>>>> Source              : IP Flow Information Export
>>>>>>>> Area                : Operations and Management
>>>>>>>> Stream              : IETF
>>>>>>>> Verifying Party     : IESG
>>>>>>>> _______________________________________________
>>>>>>>> IPFIX mailing list
>>>>>>>> IPFIX@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/ipfix
>>>>>>> _______________________________________________
>>>>>>> IPFIX mailing list
>>>>>>> IPFIX@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/ipfix
>>>>> _______________________________________________
>>>>> IPFIX mailing list
>>>>> IPFIX@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/ipfix
>>
>>
>> -- 
>> For corporate legal information go to:
>>
>> http://www.cisco.com/web/about/doing_business/legal/cri/index.html
>>
>


-- 
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html

v2.23.0 | Report a Bug | By Email