Re: [sip-clf] draft-niccolini-sipclf-ipfix-04
Brian Trammell <trammell@tik.ee.ethz.ch> Mon, 13 September 2010 10:17 UTC
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 261A03A6972 for <sip-clf@core3.amsl.com>; Mon, 13 Sep 2010 03:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.469
X-Spam-Level:
X-Spam-Status: No, score=-6.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id As33Zx8ONn5h for <sip-clf@core3.amsl.com>; Mon, 13 Sep 2010 03:17:39 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by core3.amsl.com (Postfix) with ESMTP id C9D663A68F7 for <sip-clf@ietf.org>; Mon, 13 Sep 2010 03:17:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 7C0A1D9360; Mon, 13 Sep 2010 12:18:04 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id AgUI+w-z5iHZ; Mon, 13 Sep 2010 12:18:04 +0200 (MEST)
Received: from pb-10072.ethz.ch (pb-10072.ethz.ch [82.130.103.195]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 210A9D9313; Mon, 13 Sep 2010 12:18:04 +0200 (MEST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <AANLkTikAhfTjazdXtwVobUt0jVwfn_T7MyyL8rtfeqPc@mail.gmail.com>
Date: Mon, 13 Sep 2010 12:18:03 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <E70D6158-F785-49A4-93BF-16893126BD14@tik.ee.ethz.ch>
References: <AANLkTikAhfTjazdXtwVobUt0jVwfn_T7MyyL8rtfeqPc@mail.gmail.com>
To: Peter Musgrave <peter.musgrave@magorcorp.com>
X-Mailer: Apple Mail (2.1081)
Cc: List SIP-CLF Mailing <sip-clf@ietf.org>, niccolini@neclab.eu, Hadriel Kaplan <HKaplan@acmepacket.com>
Subject: Re: [sip-clf] draft-niccolini-sipclf-ipfix-04
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2010 10:17:43 -0000
Hi, Peter, Thanks! Replies inline... On Sep 12, 2010, at 10:41 PM, Peter Musgrave wrote: > Hi IPFIXers, > > (as individual) > > I have started on implementing both formats so I can make a relative > comparison. > > Some questions about the IPFIX draft: > > In Figure 2 and 3 the base request and response templates are listed. > Can the order in the response template be altered so protocol > identifier precedes SIpResponseStatus? This makes the two templates > common up to this point (and saves an IF stmt in the implementation)? Certainly. The reordering there is for alignment purposes, to make it easier to specify a template as a C structure. However, the order of information elements is an implementation-specific thing (readers/collectors must support templates in any order, and the only place ordering is significant is when multiple instances of the same IE appear in a template). > In the example of templates in Figure 6 the template comment and log > data show 16 data elements. I only count 15 in the template in Figure > 2 and 3. It seems that sipServerTransaction is provided in the example > but not > listed in Fig 2 and 3. Correct; this is because Figure 2 and 3 define the _base_ templates, the minimum set of IEs that must be in a template for it to be considered a SIPCLF message as per the problem statement. The server transaction is added this base template in the example, because it is available in the example input. However, on review, I see this is a little confusing as explained in the doc. I'll add a clarifying note to the example. > In the example in figure at 0040: 81 92 should (I think) be followed > by an entry for 81 a3 (to correspond to 419 sipObservation type) and > then 81 93 etc. Indeed it should. (I'm trying to track down exactly how it came _not_ to be there... as the way my workflow for example generation works, it shouldn't work _without_ it). Will fix in the next rev. Cheers, Brian
- [sip-clf] draft-niccolini-sipclf-ipfix-04 Peter Musgrave
- Re: [sip-clf] draft-niccolini-sipclf-ipfix-04 Brian Trammell