Managed Objects for Packet Sampling

1
Managed Objects forPacket Sampling

• A Status Report
• Thomas Dietz dietz_at_netlab.nec.de
• Benoit Claise bclaise_at_cisco.comIETF 62, March
  10th 2005

2
Overview

• Changes from the Previous Version
• Open Issues

3
Changes from -03

• Renamed Instance and MethodChain to BaseAssoc and
  SelectionList to conform with terminology
• Completed and updated sampling and filtering
  functions
• Added Terminology section
• Text improvements

4
Diagrams, Examples and Function References

• The document needs some diagrams and examples to
  explain the interconnection of different parts of
  the MIB. An entity relationship diagram should be
  added in the next version.
• References with Object IDs must be explained. It
  must be clear which Object ID should be
  referenced e.g., by psampBaseAssocObservationPoint
  or psampSampNonUniProbFunc.
• A new section about undefined functions,
  parameters and observation point is needed.

5
Hash Filtering

• Most difficult function in the PSAMP
  Architecture. It is still not finally decided how
  to integrate hash filtering into the MIB. The
  open points are
• Should we support more hash functions that the
  ones defined in PSAMP-TECH?That implies a
  generic template mechanism for other hash
  functions?
• Do we implement all parameters of the hash
  function in the MIB because the knowledge of
  these parameters could lead to a potentional
  attack to the NMS? To be consistent the MIB
  should implement all parameters but these
  parameters may be protected by any means to avoid
  a security breach (see 6.2.2 Guarding Against
  Pitfalls and Vulnerabilities). Those variables
  could e.g., be secured by a separate community
  name and be excluded from public access.

6
Hash Filtering

• Most difficult function in the PSAMP
  Architecture. It is still not finally decided how
  to integrate hash filtering into the MIB. The
  open points are
• psampFilterHashPayloadBytes "The number of bytes
  of payload used as input to the hash function."
• What does Payload mean? Above layer 4? It is
  not specified in PSAMP-TECH.So maybe an issue
  for PSAMP-TECH
• The description of the hash filtering should
  differentiate between input and output parameters

7
Observation Domain, Data Types and Row Status

• The observation domain is missing in both the
  PSAMP-MIB PsampBaseAssocEntry and PSAMP-TECH
  document.
• Maybe this is enough to specify it in
  PSAMP-PROTO?
• The description of the RowStatus objects must
  clearly state the minimum set of MIB variables in
  that table that need to be set in order for the
  status to go to "create".
• Consistent usage of data types (especially
  Unsigned32 and Integer32 with ranges) should be
  ensured.

8
Router State Filtering

• It might be easier with subtables for each router
  state function. That would also clarify the point
  of psampFilterRStateAvail one capability per
  function and it can be extended with new methods
  easily.
• psampFilterRState should be renamed to
  psampFilterRouterState if maximum OID name length
  of 32 chars is not exceeded.

9
Terminology and Document Title

• Capitalization should be consistent throughout
  the document. Maybe the solution is to list all
  reference terms from PSAMP and IPFIX drafts (the
  ones used in the draft). So just a list, with no
  definition, in the terminology section.
• Title Definitions of Managed Objects for Packet
  Sampling
• should include sampling and filtering not only
  sampling.
• All documents not only the MIB document should
  reflect that change.

10

• Any other feedback?
• The list of open issues is listed in the draft.
  Feel free to contribute