Re: [IPFIX] Draft Standard version of RFC5101
Benoit Claise <bclaise@cisco.com> Mon, 28 March 2011 15:01 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: ipfix@core3.amsl.com
Delivered-To: ipfix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EAA093A6A2B for <ipfix@core3.amsl.com>; Mon, 28 Mar 2011 08:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.623
X-Spam-Level:
X-Spam-Status: No, score=-2.623 tagged_above=-999 required=5 tests=[AWL=-0.025, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X21iNrjoYXdf for <ipfix@core3.amsl.com>; Mon, 28 Mar 2011 08:01:24 -0700 (PDT)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by core3.amsl.com (Postfix) with ESMTP id A997B3A6A1E for <ipfix@ietf.org>; Mon, 28 Mar 2011 08:01:22 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2SEY4Wh018990; Mon, 28 Mar 2011 16:34:04 +0200 (CEST)
Received: from [10.61.107.95] (dhcp-10-61-107-95.cisco.com [10.61.107.95]) by strange-brew.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id p2SEY3v1022725; Mon, 28 Mar 2011 16:34:04 +0200 (CEST)
Message-ID: <4D909C5B.5010206@cisco.com>
Date: Mon, 28 Mar 2011 16:34:03 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
References: <4D8F492A.6040605@cisco.com> <EDC652A26FB23C4EB6384A4584434A0402E70236@307622ANEX5.global.avaya.com>
In-Reply-To: <EDC652A26FB23C4EB6384A4584434A0402E70236@307622ANEX5.global.avaya.com>
Content-Type: multipart/alternative; boundary="------------040808080107010003040707"
Cc: ipfix@ietf.org
Subject: Re: [IPFIX] Draft Standard version of RFC5101
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:01:26 -0000
Hi Dan, > > Hi, > > When progressing from Proposed to Draft only editorial > clarifications editorial changes are allowed. You can also point to > portion of the specification that you would like to obsolete because > the implementation experience show that they are no longer used. > However, you cannot make changes that are not 100% compatible with the > version of the protocol defined at Proposed. If such changes are > needed the document needs to recycle at Proposed. > > Are you sure that all the changes that you are suggesting are > editorial clarifications? For example change #3, change #8 and change > #10? > thanks for the clarification. #8 and #10, I agree with you: not editorial Regarding #3, there is a gap in the specifications. Should we address it. The proposed solution would not bring incompatibilities. Regards, Benoit. > > > Thanks and Regards, > > Dan > > > ------------------------------------------------------------------------ > *From:* ipfix-bounces@ietf.org [mailto:ipfix-bounces@ietf.org] *On > Behalf Of *Benoit Claise > *Sent:* Sunday, March 27, 2011 4:27 PM > *To:* ipfix@ietf.org > *Subject:* [IPFIX] Draft Standard version of RFC5101 > > Dear all, > > Here is the list of things to be changed in the Draft Standard > version of RFC5101. > Along the years, I've been collecting (from different people a > list of what could be improved in IPFIX. Many points come from > discussions with Paul Aitken. > > Some of points below should be discussed. > > 1. what must be changed is obviously > http://www.rfc-editor.org/errata_search.php?rfc=5101 > > 2. the email thread > http://www.ietf.org/mail-archive/web/ipfix/current/msg05652.html > suggests to change the definition from "IP Traffic Flow or Flow" > to "Traffic Flow or Flow", and from "IP packets" to "packets" when > RFC5101 will go from Proposed Standard to Draft Standard. > > 3. Different Template Record management between the transport > protocol (feedback from the IPFIX interop) > > SCTP transport > > If the Collecting Process receives a Template that has > already been received but that has not previously been withdrawn > (i.e., a Template Record from the same Exporter Observation Domain > with the same Template ID received on the SCTP association), then the > Collecting Process MUST shut down the association. > > > So an identical Template Record is resent (like in UDP), the > Collecting Process MUST shut down the association > First problem: we don't have the same statement for TCP, which > only says: > > If the Collecting Process receives a malformed IPFIX Message, it MUST > discard the IPFIX Message and SHOULD log the error. > > So this is not consistent as we don't know what "malformed" means. > Thinking some more about it, is this really a mistake if SCTP and > TCP would behave as UDP, i.e. accept the exact same (Options) > Template Record to be resent? Proposal with something such as: > It's NOT RECOMMENDED that _identical _Template Record are resent > in SCTP and TCP.... but it will not cause the SCTP association or > TCP association to be shut down... > Before applying this change, we have to double-check if there are > no complications for draft-ietf-ipfix-export-per-sctp-stream-08 > > 4. > > OLD: > > Exporting Process ID > The identifier of the Exporting Process for > which lack of reliability is reported. There > are three Information Elements specified in > [RFC5102 <http://tools.ietf.org/html/rfc5102>] that can be used for this purpose: > exporterIPv4Address, exporterIPv6Address, or > exportingProcessId. This Information Element > MUST be defined as a Scope Field. > > NEW: > > Exporting Process ID > The identifier of the Exporting Process for > which lack of reliability is reported. There > are three Information Elements specified in > [RFC5102 <http://tools.ietf.org/html/rfc5102>] that can be used for this purpose: > exporterIPv4Address, exporterIPv6Address, or > exportingProcessId. This Information Element, > _or these Information Elements if multiple are > _ _needed,_ MUST be defined as a Scope Field > > Justification: both the address and process ID are needed to > identify a specific exporter in the case of multiple exporters at > the same address. > > > > 5. > > 10.3.6. Template Management > > Following a configuration change that can modify the > interpretation > of the Data Records (for example, a sampling rate change) a new > Template ID MUST be used, and the old Template ID MUST NOT be > reused > until its lifetime (see Section 10.3.7) has expired. > > In section 10.3.7. Collecting Process, we read: > > The Template lifetime at the Collecting Process MUST be at least 3 > times higher than the Template refresh timeout configured on the > Exporting Process. > > > In Flexible NetFlow, template refresh is in units of packets, so > that template export scales with the volume of exported data. > If we're no longer exporting any packets then the "3 times higher" > threshold will never be reached... so the templates will never > expire. > eg, if we're exporting templates every 1,000 packets, then the > lifetime on the collector should be 3,000 packets. Yet once we're > no longer using the template, we'll be exporting 0 packets... > So the RFC should specify the units, or give an alternative > mechanism. > > > 6. > > Section 8: > If the measurement parameters change such that a new Template is > required, the Template MUST be withdrawn (using a Template > Withdraw > Message and a new Template definition) or an unused Template ID > MUST > be used. Examples of the measurement changes are: a new sampling > rate, a new Flow expiration process, a new filtering > definition, etc. > > A new sampling rate etc may not require a new template at all; it > may be expressed with the same template, just different data. The > template belongs to the transport layer and really has nothing to > do with the sampler change! > > Proposal: remove "a new sampling rate" > > > 7. > > Section 4.3. The Exporting Process Reliability Statistics Option Template > > time first flow dropped > The timestamp of the first Flow was > dropped by > the Metering Process. For this timestamp, > any > of the "flowStart" timestamp Information > Elements flowStartMilliseconds, > flowStartMicroseconds, > flowStartNanoseconds, and > flowStartDeltaMicroseconds can be used. > > time last flow dropped > The timestamp of the last IP packet that was > ignored by the Metering Process. For this > timestamp, any of the "flowEnd" timestamp > Information Elements flowEndMilliseconds, > flowEndMicroseconds, flowEndNanoseconds, and > flowEndDeltaMicroseconds can be used. > > Firstly, these definitions are inconsistent since the names and > the first definition say "flow" while the second definition says > "IP packet". Obviously "IP packet" != "flow" :-o > > Secondly, "The timestamp of the first Flow was dropped by the > Metering Process." is bad English: at least it's missing "that". > > 8. > > Section 4.3. The Exporting Process Reliability Statistics Option Template > > These statistics where defined before we introduced the concept of > Transport Session. > This full section 3.4 should be re-specified for "4.3 The > Transport Session Reliability Statistics Option Template" > > > 9. > > Section 4.2. The Metering Process Reliability Statistics Option Template > > Suppose a packet cannot be classified before it's dropped. Which > Metering Process (meteringProcessId) should report this? > > Suppose the packet pertains to several monitors. If some or all of > them cannot record the packet (eg, cache full), should they all report > the loss? That might look like some random number of packets had been > lost, when in fact it's only one. > > > > 10. > > Do we want to have a new IE for the template lifetime, to be sent > in an Options Template Record. > > > Regards, Benoit. > >
- [IPFIX] Draft Standard version of RFC5101 Benoit Claise
- Re: [IPFIX] Draft Standard version of RFC5101 Romascanu, Dan (Dan)
- Re: [IPFIX] Draft Standard version of RFC5101 Benoit Claise
- Re: [IPFIX] Draft Standard version of RFC5101 Romascanu, Dan (Dan)