Re: [sip-clf] FW: New Version Notification for draft-niccolini-sipclf-ipfix-02
"Vijay K. Gurbani" <vkg@bell-labs.com> Tue, 20 April 2010 14:00 UTC
Return-Path: <vkg@bell-labs.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD1B028C193 for <sip-clf@core3.amsl.com>; Tue, 20 Apr 2010 07:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.123
X-Spam-Level:
X-Spam-Status: No, score=-2.123 tagged_above=-999 required=5 tests=[AWL=0.476, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cO23hK6Ywfue for <sip-clf@core3.amsl.com>; Tue, 20 Apr 2010 07:00:53 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 4B63E28C194 for <sip-clf@ietf.org>; Tue, 20 Apr 2010 07:00:45 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id o3KE0Z1V021623 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Apr 2010 09:00:35 -0500 (CDT)
Received: from shoonya.ih.lucent.com (Knoppix-135185238233.ih.lucent.com [135.185.238.233]) by umail.lucent.com (8.13.8/TPES) with ESMTP id o3KE0Ysf005896; Tue, 20 Apr 2010 09:00:35 -0500 (CDT)
Message-ID: <4BCDB3C8.2020307@bell-labs.com>
Date: Tue, 20 Apr 2010 09:01:44 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Thunderbird/3.0.4
MIME-Version: 1.0
To: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
References: <547F018265F92642B577B986577D671C013819FF@VENUS.office> <4BCCD7A5.9090903@bell-labs.com> <547F018265F92642B577B986577D671C01381A7F@VENUS.office>
In-Reply-To: <547F018265F92642B577B986577D671C01381A7F@VENUS.office>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
Cc: SIP-CLF Mailing List <sip-clf@ietf.org>
Subject: Re: [sip-clf] FW: New Version Notification for draft-niccolini-sipclf-ipfix-02
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2010 14:00:55 -0000
On 04/20/2010 02:44 AM, Saverio Niccolini wrote: > If there is something unclear, let us know such that we can improve it > in the next version of the draft. Dear Saverio: I am not sure whether my doubts stem from the draft being unclear or my lack of familiarity with ipfix. It is probably the latter, if anything; in that case, you of course do not have to do any changes to the draft. More inline. > Here we need some clarifications: > > -- (in my opinion) you can not define a data model if you first do not > define an information model, the data model is a mapping of your information > model into particular data structures (it is like the "implementation" > of the "concepts" defined in the information model, the relationship needs > first of all to be defined in the information model) Thanks for starting off the conversation. So let's drill down a bit on this to uncover the details of these models. In SIPCLF, the information model seems fairly simple to me. We have two entities -- a SIPCLF producer (proxy, UAC, UAS, B2BUA, Registrar, Redirect server) and a SIPCLF consumer. There is a one-to-many relationship between the producer and consumer (i.e., for a single SIPCLF producer, many consumers may be interested in the content it is producing.) The producer and consumer do not communicate directly with each other, where communications is defined as sending direct messages over some channel. Rather, the producer and the consumer have a synchronous I/O relationship between them based on a shared resource --- the SIPCLF file. The information model does not seem to be too complex here, but perhaps I am missing something...? Would such an information model work for ipfix? Or do we need to include other entities in the mix, like the collector, etc.? > -- (in my opinion) Section 8. of your draft [1] contains a start to > the definition of information elements to be included in the > information model, the information elements are independent from the > particular data model chosen, the relationship needs still to be defined It seems --- and please do correct me if I am in error --- that you view S8 of [1] as an information model. That was not my intent. My intent was for it to be a data model; i.e., define in some detail the contents of the individual data elements that will be logged; i.e., the structure of data elements (including legal values for the contents of these) and the relationship among the data elements (and by relationship I mean the idea that the server transaction ID can be used to create a call-tree of the session as it forked.) > If you want to see what I mean by the differences between information > model and data model, you can refer to another piece of work I did for > the traceroute use case: http://tools.ietf.org/html/rfc5388 > My understanding was that the information model should be common and > thus described in only one place, but we will have multiple data models > (one ASCII and one binary/IPFIX). > > What is your view on that? I scanned at rfc5388, and it seems that ipfix consider the data elements themselves to be the part of the information model. I think that is where the disconnect is. My view of information model is what I presented above -- a rough ER diagram. The data model then drills down to the "byte order level" to fill in the details of the communication primitives between the entities. What needs to be logged --- the specific SIP headers, etc. --- needs to be defined at one place. How they are logged --- indexed ASCII, ipfix --- will be described in separate drafts. In other words, we cannot have indexed-ASCII draft accord one set of semantics to the server transaction ID while the ipfix accords a completely different set to the same logged header. > Also: I do not think a problem statement draft is the right place to > place an information model and a data model, maybe we need separate drafts > for that. > > Maybe we need: > -- one problem statement > -- another draft where we describe the information model and the two data > models? I think we can revisit the drafts decision once we reach some consensus on the information model vs. data model. Thoughts? Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA) Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org} Web: http://ect.bell-labs.com/who/vkg/
- [sip-clf] FW: New Version Notification for draft-… Saverio Niccolini
- Re: [sip-clf] FW: New Version Notification for dr… Vijay K. Gurbani
- Re: [sip-clf] FW: New Version Notification for dr… Saverio Niccolini
- Re: [sip-clf] FW: New Version Notification for dr… Vijay K. Gurbani
- Re: [sip-clf] FW: New Version Notification for dr… Saverio Niccolini
- Re: [sip-clf] FW: New Version Notification for dr… Vijay K. Gurbani
- Re: [sip-clf] FW: New Version Notification for dr… Saverio Niccolini
- Re: [sip-clf] FW: New Version Notification for dr… Vijay K. Gurbani