IETF Logo Mail Archive

Re: [sip-clf] FW: New Version Notification for draft-niccolini-sipclf-ipfix-02

"Vijay K. Gurbani" <vkg@bell-labs.com> Tue, 20 April 2010 14:00 UTC

Return-Path: <vkg@bell-labs.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD1B028C193 for <sip-clf@core3.amsl.com>; Tue, 20 Apr 2010 07:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.123
X-Spam-Level:
X-Spam-Status: No, score=-2.123 tagged_above=-999 required=5 tests=[AWL=0.476, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cO23hK6Ywfue for <sip-clf@core3.amsl.com>; Tue, 20 Apr 2010 07:00:53 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 4B63E28C194 for <sip-clf@ietf.org>; Tue, 20 Apr 2010 07:00:45 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id o3KE0Z1V021623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Apr 2010 09:00:35 -0500 (CDT)
Received: from shoonya.ih.lucent.com (Knoppix-135185238233.ih.lucent.com [135.185.238.233]) by umail.lucent.com (8.13.8/TPES) with ESMTP id o3KE0Ysf005896; Tue, 20 Apr 2010 09:00:35 -0500 (CDT)
Message-ID: <4BCDB3C8.2020307@bell-labs.com>
Date: Tue, 20 Apr 2010 09:01:44 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
References: <547F018265F92642B577B986577D671C013819FF@VENUS.office> <4BCCD7A5.9090903@bell-labs.com> <547F018265F92642B577B986577D671C01381A7F@VENUS.office>
In-Reply-To: <547F018265F92642B577B986577D671C01381A7F@VENUS.office>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
Cc: SIP-CLF Mailing List <sip-clf@ietf.org>
Subject: Re: [sip-clf] FW: New Version Notification for draft-niccolini-sipclf-ipfix-02
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2010 14:00:55 -0000

On 04/20/2010 02:44 AM, Saverio Niccolini wrote:
> If there is something unclear, let us know such that we can improve it
> in the next version of the draft.

Dear Saverio: I am not sure whether my doubts stem from the
draft being unclear or my lack of familiarity with ipfix.  It is
probably the latter, if anything; in that case, you of
course do not have to do any changes to the draft.

More inline.

> Here we need some clarifications:
>
> -- (in my opinion) you can not define a data model if you first do not
> define an information model, the data model is a mapping of your information
> model into particular data structures (it is like the "implementation"
> of the "concepts" defined in the information model, the relationship needs
> first of all to be defined in the information model)

Thanks for starting off the conversation.  So let's drill down
a bit on this to uncover the details of these models.

In SIPCLF, the information model seems fairly simple to me.  We have
two entities -- a SIPCLF producer (proxy, UAC, UAS, B2BUA, Registrar,
Redirect server) and a SIPCLF consumer.  There is a one-to-many
relationship between the producer and consumer (i.e., for a single
SIPCLF producer, many consumers may be interested in the content
it is producing.)  The producer and consumer do not communicate
directly with each other, where communications is defined as sending
direct messages over some channel.  Rather, the producer and the
consumer have a synchronous I/O relationship between them based on a
shared resource --- the SIPCLF file.

The information model does not seem to be too complex here, but
perhaps I am missing something...?  Would such an information model
work for ipfix?  Or do we need to include other entities in the
mix, like the collector, etc.?

> -- (in my opinion) Section 8. of your draft [1] contains a start to
> the definition of information elements to be included in the
> information model, the information elements are independent from the
> particular data model chosen, the relationship needs still to be defined

It seems --- and please do correct me if I am in error --- that you
view S8 of [1] as an information model.  That was not my intent.  My
intent was for it to be a data model; i.e., define in some detail
the contents of the individual data elements that will be logged;
i.e., the structure of data elements (including legal values for the
contents of these) and the relationship among the data elements (and
by relationship I mean the idea that the server transaction ID can
be used to create a call-tree of the session as it forked.)

> If you want to see what I mean by the differences between information
> model and data model, you can refer to another piece of work I did for
> the traceroute use case: http://tools.ietf.org/html/rfc5388
> My understanding was that the information model should be common and
> thus described in only one place, but we will have multiple data models
> (one ASCII and one binary/IPFIX).
>
> What is your view on that?

I scanned at rfc5388, and it seems that ipfix consider the data elements
themselves to be the part of the information model.  I think that is
where the disconnect is.  My view of information model is what I
presented above -- a rough ER diagram.  The data model then drills
down to the "byte order level" to fill in the details of the
communication primitives between the entities.

What needs to be logged --- the specific SIP headers, etc. --- needs
to be defined at one place.  How they are logged --- indexed ASCII,
ipfix --- will be described in separate drafts.  In other words, we
cannot have indexed-ASCII draft accord one set of semantics to the
server transaction ID while the ipfix accords a completely different
set to the same logged header.

> Also: I do not think a problem statement draft is the right place to
> place an information model and a data model, maybe we need separate drafts
> for that.
>
> Maybe we need:
> -- one problem statement
> -- another draft where we describe the information model and the two data
> models?

I think we can revisit the drafts decision once we reach some
consensus on the information model vs. data model.

Thoughts?

Thanks,

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web:   http://ect.bell-labs.com/who/vkg/

v2.23.0 | Report a Bug | By Email