Re: [sip-clf] WGLC: SIPCLF Problem Statement (draft-gurbani-sipclf-problem-statement-01)

"Vijay K. Gurbani" <vkg@bell-labs.com> Sat, 27 March 2010 20:41 UTC

Return-Path: <vkg@bell-labs.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2DC8A3A67E3 for <sip-clf@core3.amsl.com>; Sat, 27 Mar 2010 13:41:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.131
X-Spam-Level: *
X-Spam-Status: No, score=1.131 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVHrIi2h6KqX for <sip-clf@core3.amsl.com>; Sat, 27 Mar 2010 13:41:52 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id 027A43A63C9 for <sip-clf@ietf.org>; Sat, 27 Mar 2010 13:41:51 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id o2RKgFKF026059 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 27 Mar 2010 15:42:15 -0500 (CDT)
Received: from shoonya.ih.lucent.com (vkg.lra.lucent.com [135.244.33.46]) by umail.lucent.com (8.13.8/TPES) with ESMTP id o2RKgEvY013016; Sat, 27 Mar 2010 15:42:15 -0500 (CDT)
Message-ID: <4BAE6DE2.9040801@bell-labs.com>
Date: Sat, 27 Mar 2010 15:43:14 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Thunderbird/3.0.3
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <7505A2C58D8F4FD88B47D10EA74649CD@china.huawei.com> <C1B972DA-0118-4E3F-8C5F-970BE4238577@cisco.com> <430FC6BDED356B4C8498F634416644A91A79E926A0@mail>
In-Reply-To: <430FC6BDED356B4C8498F634416644A91A79E926A0@mail>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Cc: SIP-CLF Mailing List <sip-clf@ietf.org>
Subject: Re: [sip-clf] WGLC: SIPCLF Problem Statement (draft-gurbani-sipclf-problem-statement-01)
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Mar 2010 20:41:55 -0000

On 03/26/2010 11:10 PM, Hadriel Kaplan wrote:
> Sorry for dredging up an old email, but I was scanning old ones and
> came upon this... [I removed lots of text from the original]
[...]
>> I don't think this information model need to be extensible. In fact
>> the one thing I am going to continue to strongly argue is that it
>> should not be extensible. Note this does not mean we can not have
>> new sip headers or new body types, we can, they just go in the list
>> of sip headers or body type.
>
> I don't understand that statement.  You don't want it to be
> extensible, but you're ok with adding more headers and bodies?

If you look at the indexed-ASCII approach, it defines a limited
set of fixed headers (Timestamp, To, From, etc.)  Then it has a
TLV block where you can add as many headers as you want.
The advantage is that this scheme is extensible -- you add
anything you want in the TLV block without perturbing the
fixed block.  You can be creative and come up with a format
string that tell a SIP entity what to put in the TLV block
(a la Apache) at run-time.

> 1) We won't get the list right.  We'll try, but odds are some admin
> will want header Foo which we thought she wouldn't want.
> 2) Some products should/need to record things others don't.  SBC's for
> example need to record some stuff that make no sense for a proxy, and
> likewise a forking proxy might need to record stuff a simple UAC
> wouldn't. We won't want to clutter the list of fields up to
> accommodate the different product types.
> 3) We haven't really talked about events or processing results,
> but I can imagine someday we might want to record more than just
> headers as part of the message record.  For example, if we ever
> make a deployable version of rfc4474, then a verifier generating
> a clf entry for a received Invite might want to add "verified"
> vs. not, or some such. ;)

I believe all of the above use cases will be supported by the
TLV block.

Thanks,

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web:   http://ect.bell-labs.com/who/vkg/