Re: [sip-clf] IETF 76 Minutes posted

"David Harrington" <ietfdbh@comcast.net> Mon, 28 December 2009 21:04 UTC

Return-Path: <ietfdbh@comcast.net>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59EF63A68B7 for <sip-clf@core3.amsl.com>; Mon, 28 Dec 2009 13:04:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[AWL=0.505, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvY6yoTnE8-s for <sip-clf@core3.amsl.com>; Mon, 28 Dec 2009 13:04:25 -0800 (PST)
Received: from QMTA03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [76.96.62.32]) by core3.amsl.com (Postfix) with ESMTP id 054F73A680A for <sip-clf@ietf.org>; Mon, 28 Dec 2009 13:04:24 -0800 (PST)
Received: from OMTA06.westchester.pa.mail.comcast.net ([76.96.62.51]) by QMTA03.westchester.pa.mail.comcast.net with comcast id Nk121d00316LCl053l46bh; Mon, 28 Dec 2009 21:04:06 +0000
Received: from Harrington73653 ([24.147.240.98]) by OMTA06.westchester.pa.mail.comcast.net with comcast id Nl461d008284sdk3Sl46q4; Mon, 28 Dec 2009 21:04:06 +0000
From: "David Harrington" <ietfdbh@comcast.net>
To: "'Hadriel Kaplan'" <HKaplan@acmepacket.com>, "'Spencer Dawkins'" <spencer@wonderhamster.org>, "'SIP-CLF Mailing List'" <sip-clf@ietf.org>
References: <80E39BBD4A004C1AB4A850A747A6242F@china.huawei.com><3435BE5CBD6F4224BB3A587599DE968B@china.huawei.com> <E6C2E8958BA59A4FB960963D475F7AC31A23DC1C61@mail>
Date: Mon, 28 Dec 2009 16:04:04 -0500
Message-ID: <0c6d01ca8801$49eb9080$6601a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <E6C2E8958BA59A4FB960963D475F7AC31A23DC1C61@mail>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: Acp9wL+DYiER6FtRTKm6dbWm6U7xcgAEqJgQAop12rA=
Subject: Re: [sip-clf] IETF 76 Minutes posted
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2009 21:04:26 -0000

Hi,

comments inline.

> -----Original Message-----
> From: sip-clf-bounces@ietf.org 
> [mailto:sip-clf-bounces@ietf.org] On Behalf Of Hadriel Kaplan
> Sent: Tuesday, December 15, 2009 5:21 PM
> To: Spencer Dawkins; SIP-CLF Mailing List
> Subject: Re: [sip-clf] IETF 76 Minutes posted
> 
> 
> Actually Saverio's writing up a draft explaining why IPFIX is 
> a good solution, with several folks agreeing to help him on 
> it.  I think the plan is to get that submitted sometime in January.
> 
> His group also did submit a proposal called "SIPFIX" for 
> using IPFIX for SIP previously, into the IPFIX WG, available at:
> http://tools.ietf.org/html/draft-huici-ipfix-sipfix-00
> 
> We debated that draft in IPFIX back in Stockholm, and it went 
> beyond what we're looking for in SIP-CLF, but it's another 
> useful data point.
> 
> To create a draft on using IPFIX for a SIP-CLF, though, 
> doesn't require a draft detailing the file format - the "file 
> format" is already defined: it would be based on RFC 5655.  
> All we need is to decide on the information element fields.

As Technical advisor, I will point out that IETF NM protocols
typically define three parts, following the general recommendations of
RFC1052 "IAB recommendations for the development of Internet network
management standards". That is, design solutions in three parts - a
data modeling language, data models, and one or more protocols to
transport the data. Most, if not all, IETF Standards-track NM
protocols follow this paradigm, including SNMP, Netconf, syslog,
ipfix, etc. This approach has proven to be effective. I recommend that
sipclf follow this paradigm as well.

Ipfix already provides a protocol and a data modeling language. In
addition, RFC5655 specifies a file format for storing data that has
been received in the ipfix file format. The IPFIX File format is
designed to facilitate interoperability and reusability among a wide
variety of flow storage, processing, and analysis tools.

As Hadriel points out, what needs to be done is to decide on the
information element fields - the data model.

I recommend that WG participants read RFC3444 "On the Difference
between Information Models and Data Models", and start by
understanding the capabilities of relevant data modeling languages
(text, indexed-text, and ipfix), then deciding on an information
model. 

Regardless of which data modeling language you use, you will need to
reach consensus on how the logged information will be used, to
understand what to log.  That is your information model.

>From the information model, you can create corresponding, consistent,
data models in different formats, possibly for different purposes.
When you discuss data models, you will need to reach consensus on when
vendor interoperability will be important, and how to secure the data
both at rest and in transit.

David Harrington
dbharrington@comcast.net
ietfdbh@comcast.net
dharrington@huawei.com


> 
> -hadriel
> 
> 
> > -----Original Message-----
> > From: sip-clf-bounces@ietf.org 
> [mailto:sip-clf-bounces@ietf.org] On Behalf
> > Of Spencer Dawkins
> > Sent: Tuesday, December 15, 2009 2:56 PM
> > To: SIP-CLF Mailing List
> > Subject: Re: [sip-clf] IETF 76 Minutes posted
> > 
> > Just following up...
> > 
> > > Please let me know (quickly!) about any changes to
> > > http://www.ietf.org/proceedings/09nov/minutes/sipclf.htm 
> that Theo and I
> > > need to make.
> > 
> > OK, Theo and I haven't seen any requests for changes to the 
> minutes, so
> > let's go from where we said we were after Hiroshima.
> > 
> > For the problem statement - we said we would look at the 
> next version of
> > draft-gurbani-sipclf-problem-statement for adoption. Vijay, 
> do you have an
> > ETA for this?
> > 
> > For the file format drafts - I know that Hadriel is working 
> on a proposal
> > on
> > the IPFIX side. We also had proposals for a text format and 
> an indexed-
> > text
> > format. My understanding from Hiroshima was that these 
> proposals were
> > likely
> > to be combined - Vijay and Adam, can you confirm or deny?
> > 
> > Thanks,
> > 
> > Spencer, as co-chair
> > 
> > _______________________________________________
> > sip-clf mailing list
> > sip-clf@ietf.org
> > https://www.ietf.org/mailman/listinfo/sip-clf
> _______________________________________________
> sip-clf mailing list
> sip-clf@ietf.org
> https://www.ietf.org/mailman/listinfo/sip-clf
>