Managed Objects for Packet Sampling A Status Report Thomas Dietz dietz@netlab.nec.de Benoit Claise bclaise@cisco.com IETF 62, March 10th 2005
Overview Changes from the Previous Version Open Issues
Changes from -03 Renamed Instance and MethodChain to BaseAssoc and SelectionList to conform with terminology Completed and updated sampling and filtering functions Added Terminology section Text improvements
Diagrams, Examples and Function References The document needs some diagrams and examples to explain the interconnection of different parts of the MIB. An entity relationship diagram should be added in the next version. References with Object ID‘s must be explained. It must be clear which Object ID should be referenced e.g., by psampBaseAssocObservationPoint or psampSampNonUniProbFunc. A new section about undefined functions, parameters and observation point is needed.
Hash Filtering Most difficult function in the PSAMP Architecture. It is still not finally decided how to integrate hash filtering into the MIB. The open points are: Should we support more hash functions that the ones defined in [PSAMP-TECH]? That implies a generic template mechanism for other hash functions? Do we implement all parameters of the hash function in the MIB because the knowledge of these parameters could lead to a potentional attack to the NMS? To be consistent the MIB should implement all parameters but these parameters may be protected by any means to avoid a security breach (see 6.2.2 Guarding Against Pitfalls and Vulnerabilities). Those variables could e.g., be secured by a separate community name and be excluded from public access. Hash-based selection could be overloaded or evaded by an attacker if the Hash Function and the selection range are both known.
Hash Filtering Most difficult function in the PSAMP Architecture. It is still not finally decided how to integrate hash filtering into the MIB. The open points are: psampFilterHashPayloadBytes: "The number of bytes of payload used as input to the hash function." What does Payload mean? Above layer 4? It is not specified in [PSAMP-TECH]. So maybe an issue for [PSAMP-TECH] The description of the hash filtering should differentiate between input and output parameters
Observation Domain, Data Types and Row Status The observation domain is missing in both the PSAMP-MIB PsampBaseAssocEntry and [PSAMP-TECH] document. Maybe this is enough to specify it in [PSAMP-PROTO]? The description of the RowStatus objects must clearly state the minimum set of MIB variables in that table that need to be set in order for the status to go to "create". Consistent usage of data types (especially Unsigned32 and Integer32 with ranges) should be ensured.
Router State Filtering It might be easier with subtables for each router state function. That would also clarify the point of psampFilterRStateAvail: one capability per function and it can be extended with new methods easily. psampFilterRState should be renamed to psampFilterRouterState if maximum OID name length of 32 chars is not exceeded.
Terminology and Document Title Capitalization should be consistent throughout the document. Maybe the solution is to list all reference terms from PSAMP and IPFIX drafts (the ones used in the draft). So just a list, with no definition, in the terminology section. Title „Definitions of Managed Objects for Packet Sampling” should include sampling and filtering not only sampling. All documents not only the MIB document should reflect that change.
Any other feedback? The list of open issues is listed in the draft. Feel free to contribute