Re: [IPFIX] WG: I-D Action: draft-ietf-ipfix-flow-selection-tech-06.txt

[Benoit Claise <bclaise@cisco.com>]

Hi Brian,
> Hi, Benoit,
>
> I disagree, I think, for two reasons.
>
> First, if IE3 is defined with parallel semantics to IE1 and IE2 (octet and packet delta count), it should provide _delta_ count, not _total_ count, semantics (i.e., subsequent exports are a delta from last export, not a replacement value).
>
> Second, this is an IE with a much more restricted semantic meaning; it refers to Flow Entries (a new bit of flow selection terminology, the difference between which and "Flow" and "Flow Record" is still a bit unclear to me) that are given as _input_ to a (undefined but I presume contextually resolvable) Flow Selection Process.
>
> This is somewhat different than the Flow analog of Packet and Octet Delta Count.
>
> (However, if IE3 was _not_ defined by Cisco with this in mind, and really means "the total number of flows seen at the (Metering Process or analogue) _before_ flow processing", objection withdrawn.)
See RFC5101

  Metering Process

       The Metering Process generates Flow Records.  Inputs to the
       process are packet headers and characteristics observed at an
       Observation Point, and packet treatment at the Observation Point
       (for example, the selected output interface).

Considering that there are no flows as input to the Metering Process, ...

	"the total number of flows seen at the (Metering Process or analogue) _before_ flow processing"

That gives

	"the total number of flows seen at the Flow Selection Process before flow processing"

Which is equivalent to

Description:

      This Information Element specifies the current number of all Flow
      Entries that form the parent population as input to the Flow
      Selection Process.


And yes, this is how we used this I.E. in Cisco. See Figure D, RFC 6183

                      IPFIX (Data Records)
                                ^ ^
    +---------------------------|-|------------------------+
    | Original Exporter         | |                        |
    |                           | |                        |
    |     .---------------------|-+-------------------.    |
    |    .----------------------+--------------------.|    |
    |    |           Exporting Process(es)           |'    |
    |    '----------------------^--------------------'     |
    |                           | |                        |
    |     .---------------------|-+-------------------.    |
    |    .----------------------+--------------------.|    |
    |    |          Intermediate Process(es)         |'    |
    |    '---------^-----------------------^---------'     |
    |       (**)   |      Data Records     |   (**)        |
    |   .----------+---------.   .---------+----------.    |
    |   | Metering Process 1 |...| Metering Process N |    |
    |   '----------^---------'   '---------^----------'    |
    |              |                       |               |
    |  .-----------+---------.   .---------+-----------.   |
    |  | Observation Point 1 |...| Observation Point N |   |
    |  '-----------^---------'   '---------^-----------'   |
    +--------------|-----------------------|---------------+
                   |                       |
             Packets coming into Observation Points


(**) this is where value is metered.

Btw, Tanja, this is one of my important WG-LAST points.
http://tools.ietf.org/html/draft-ietf-ipfix-flow-selection-tech-06, 
Figure 1, should build on the top of the RFC6183, and clearly explains 
where is the Flow Intermediate Process.

Regards, Benoit.
> Best regards,
>
> Brian
>
> On May 27, 2011, at 12:38 PM, Benoit Claise wrote:
>
>> Dear Tanja,
>>
>> One quick remark (a thorough review should follow) regarding this I.E.
>>
>> 7.5.  fsFlowEntryTotalCount
>>
>>    Description:
>>
>>       This Information Element specifies the current number of all Flow
>>       Entries that form the parent population as input to the Flow
>>       Selection Process.
>>
>>    Abstract Data Type: unsigned64
>>
>>    ElementId: TBD5
>>
>>    Status: Proposed
>>
>>    Units: Flow Entries
>>
>>
>> In Cisco, years ago, we have defined the I.E. #3 with the same concept. It is used when we do router-based aggregation, which is exported with NetFlow version 8. It represents the number of flow that we're given as input to the router-based aggregation process.
>> See http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html (which btw, we're busy updating)
>>
>> So this TBD5 should be 3.  Does it make sense?
>>
>> Regards, Benoit.
>>> Hi all,
>>>
>>> we worked on a major revision of the flow selection draft and just submitted a new version (see below). Among other changes we now provide a much improved classification of methods, which is more consistent with the PSAMP packet selection documents.
>>> Many thanks to all who provided comments.
>>>
>>> Changes:
>>>   - Flow recording process removed
>>>   - Clarification of difference between flow selection and packet selection
>>>   - Distinguished flow filtering and flow sampling similar to PSAMP
>>>   - Flow selection in the metering process either before aggregation or after aggregation
>>>   - Integrated Flow-state dependent packet selection
>>>   - Supporting arbitrary  key space subsets with property match flow filtering
>>>   - Removed timestamp IEs for reporting
>>>   - Mediator integrated in first picture
>>>   - Configuration parameters and IEs redefined and re-named
>>>   - Many rewording, shortened several paragraphs to improve readability
>>>
>>> Kind regards
>>> Tanja
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: ipfix-bounces@ietf.org [mailto:ipfix-bounces@ietf.org] Im Auftrag von internet-drafts@ietf.org
>>> Gesendet: Montag, 23. Mai 2011 11:21
>>> An: i-d-announce@ietf.org
>>> Cc: ipfix@ietf.org
>>> Betreff: [IPFIX] I-D Action: draft-ietf-ipfix-flow-selection-tech-06.txt
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Flow Information Export Working Group of the IETF.
>>>
>>> 	Title           : Flow Selection Techniques
>>> 	Author(s)       : Salvatore D'Antonio
>>>                            Tanja Zseby
>>>                            Christian Henke
>>>                            Lorenzo Peluso
>>> 	Filename        : draft-ietf-ipfix-flow-selection-tech-06.txt
>>> 	Pages           : 25
>>> 	Date            : 2011-05-23
>>>
>>>     Flow selection is the process of selecting a subset of flows from all
>>>     flows observed at an observation point.  Flow selection reduces the
>>>     effort of post-processing flow data and transferring flow records.
>>>     This document describes motivations for flow selection and presents
>>>     flow selection techniques.  It provides an information model for
>>>     configuring flow selection techniques and discusses what information
>>>     about a flow selection process should be exported.
>>>
>>>
>>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-ipfix-flow-selection-tech-06.txt
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> This Internet-Draft can be retrieved at:
>>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipfix-flow-selection-tech-06.txt
>>> _______________________________________________
>>> IPFIX mailing list
>>> IPFIX@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ipfix
>>> _______________________________________________
>>> IPFIX mailing list
>>> IPFIX@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ipfix
>> _______________________________________________
>> IPFIX mailing list
>> IPFIX@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipfix