14th NMRG Meeting, 2003-10-19 NEC Europe Ltd., Network Laboratories, Heidelberg, Germany Attendees: 1. MB Marcus Brunner (NEC Europe, Germany) 2. OC Omar Cherkaoui (University of Montreal, Canada) 3. TD Thomas Drevers (University of Twente, The Netherlands) 4. JH James Won-Ki Hong (Postech, Korea) 5. MM Maurizio Molina (NEC Europe, Germany) (until 13:30) 6. JP Jean-Philippe Martin-Flatin (CERN, Switzerland) 7. DP David Perkins (SNMPinfo, USA) 8. AP Aiko Pras (University of Twente, The Netherlands) 9. JQ Juergen Quittek (NEC Europe, Germany) 10. JS Juergen Schoenwaelder (International University Bremen, Germany) 11. RS Radu State (LORIA-INRIA, France) 12. FS Frank Strauss (TU Braunschweig, Germany) 13. RM Remco van de Meent (University of Twente, The Netherlands) 14. MV Matjaz Vrecko (MG Soft, Slovenia) 15. OW Oliver Wellnitz (TU Braunschweig, Germany) Agenda: 11:00 Welcome 11:10 NEC Introduction and Overview of Ongoing Projects (Marcus Brunner) 11:30 Measuring Network Traffic (Remco van de Meent) 12:30 Lunch 13:30 SyncML Device Management (Radu State) 14:30 Coffee Break 15:00 Performance of Web Services compared to traditional SNMP (Thomas Drevers) 16:00 Coffee Break 16:30 Session-based Security Model for SNMPv3 (Dave Perkins) 17:30 Wrap-up 17:45 Meeting Ends The meeting starts at 11:15. FS and JQ take notes, FS will compile them into one text. JQ invites the attendees to have dinner and whiskey tasting at his home. :-) 11:20 NEC Introduction and Overview of Ongoing Projects (MB) ------------------------------------------------------------ MB presents an overview [1] of the topics and projects being worked on in his group at the NEC Network Laboratories in Heidelberg (3GPP, DHCPv6, IP-based Radio Access Networks, ...). He presents problems observed with SNMPv3: (1) No filtering of Get requests like in CMIP. (2) It's complicated to keep an mgmt system in sync with managed nodes if changes are done via CLI. (3) Checking the overall health of boxes requires a lot of requests Idea on (3): "One-Stop Health Check": aggregate various health information into a single object. JS notices that the DISMAN-EVENT/EXPRESSION-MIBs cover this. MB/JQ: The DISMAN MIBs are way to complicated, that's why they did not succeed. We want to set a strict focus on box health and keep it simple. 11:55 Measuring Network Traffic (RM) ------------------------------------ RM gives a presentation [2] on what he's doing for his PhD on high-speed network traffic measurements. The measurements have been done at the University of Twente and two other research institutions at the routers that connect the institutions to their Internet providers. the measurements deliver characteristics of the traffic, such as flows being created per second, flow duration profiles, and application profiles. Observations: 90% of the local traffic is SMB, 10% of the incoming/outgoing traffic is unknown. The project shows that decent hardware is sufficient for even detailed measurements. Discussion: Page 12: We want to find the "clouds of most relevance", so that we come up with the result on page 13. JH: Can you address the specific characteristics of QoS premium class traffic? RM: No, we assume carriers to do reasonable overprovisioning instead of QoS management. AP presents some additional numbers from UT that show, that faculties retrieve much more traffic via file sharing from student houses than vice versa. :-) JS asks to what degree the traffic is anonymized. RM: IP addresses are changed, but mappings are retained. JS: However, you might be able to map back to the users based on other packet characteristics. This might be an issue, if you want to find other people doing such measurements. JP/JQ: It becomes an issue of national laws. MM: A challenging problem is to build models also for the traffic that we cannot yet identify. Protocols like HTTP are the easy cases, but in some situations the yet unidentified traffic is significant. AP: We assume it's right to follow both approaches in parallel: (a) doing careful measurements and analyzing them and (b) trying to come up with methematical models. JQ mentions that it would be reasonable to coordinate with the IRTF IMRG. References: Packet trace anonymization through tcpdpriv: http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html (13:25 Coffee Break) 13:35 SyncML Device Management (RS) ----------------------------------- Radu State reports on SyncML [3] The general motivation for this discussion within the NMRG is not to do work twice. The SyncML initiative is a broadly supported effort towards universal data synchronization. Several manufacturers jointly proposed a standardized framework for device synchronization using a common data model based on XML, that was extended to be used also for device management. LORIA-INRIA has developed an open-source agent toolkit built around the SyncML model and evaluated the performance and cost of this approach in the context of limited devices supposed to host management agents. Discussion: Page 25: JS: It seems a bit strange that e.g. in case of HTTP as the transport, management requests are encapsulated in HTTP responses. DP: How is authentication done: RS: By shared secrets and MD5. JQ/RS: Clarification: The SyncML Forum is now part of the Open Mobile alliance (OMA). AP: What about interoperabilty between vendors. RS: Interoperability has been prooved for synchronization by several vendors. AP: Would you propose that the NETCONF WG should look at this or use this? RS: NETCONF's initial effort by Juniper was good and driven in combination with a data model, but now that the data model is completely taken aside and security is still missing, NETCONF is like an empty shell. JS: NETCONF will address both issues in the future. JQ: Could the NETCONF people learn from SyncML? RS: Yes, they can. DP/RS: Clarification on access control: ACLs are attached to instances. If an object has no ACL, it is inherited from its parent(s). You cannot have ACL properties for objects that do not yet exist, they have to be provided upon instantiation. (14:40 Lunch Break) 16:10 Performance of Web Services compared to traditional SNMP (TD) ------------------------------------------------------------------- AP gives a short overview of what some people at UT have done and are doing related to Web Services in the area of NM. Then TD gives a presentation [4] on a comparison of SOAP and SNMP for monitoring. He developed an implementation that compares both for accessing different portions of the IF-MIB. The network usage was high for uncompressed SOAP, but comparable to SNMP for compressed SOAP. memory and CPU usage was higher for SNMP, but this may be caused by the used NET-SNMP implementation. The total operation time (over a fast link) was much higher for SNMP. The measurement of total time does include encoding and decoding at the SNMP manager. The (slightly surprising) conclusion is that there is no significant performance penalty when compressed XML is used instead of SNMP. Rather an increase in speed is possible. Discussion: JS/TD: Compressed data was well compressable, because most counters were zero because of unused virtual interfaces, so the results have to be interpreted carefully. The very bad CPU usage of NET-SNMP is caused by the fact that for every cell, the whole table is looked up, while in case of the Web Service, you have to fetch the whole table just once to deliver all its cells. For SNMP "walk" that can not be solved by caching, for SNMP GetBulk caching could improve performance, but it is not implemented in NET-SNMP. JP: Is XML validation of the exchanged XML infosets reasonable or even required? Conclusion: A recomendation is out of scope here, but it would be good to have a camparison of footprint and CPU usage with and without validation. DP/TD: Clarification: Operation time is from encoding the request until decoding the response(s). Tests were made on a 1GHz Intel GNU/Linux PC. AP's conclusion from these results: SNMP is good for retrieving single cells; that's what it has been primarily designed for. For larger amounts of data, Web Services win, especially when compression is used. JS: Compressed WS should not be compared to uncompressed SNMP. JS asks to make not only the result but also the code that was used to get the results available. DP/TD: gSOAP's XML message parser is optimized based on the expected messages; this makes it quite efficient. (17:25 Coffee Break) 17:35 Session-based Security Model for SNMPv3 (DP) -------------------------------------------------- DP presents [5] work he has done together with Wes Hardaker (slides not reviewed by Wes) on a session-oriented security model for SNMP. Basically this model replaces the USM by a model that does not need authentication for every message. The model is still under development. JS has doubts how relevant this work is. It seems complicated in terms of key management similar to the former party based security model for SNMPv2. He would prefer to use something like TCP/TLS since it (a) is easier to implement and (b) people might have more trust that the TLS library has already been debugged. DP responds that the proposed work does work with any SNMP transport. References: draft-hardaker-snmp-session-sm-00.txt 18:35 Wrap-up ------------- JS asks to send in the presented slides. The meeting ends at 18:40. References to Presentations --------------------------- [1] http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2003/heidelberg/brunner.pdf [2] http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2003/heidelberg/meent.pdf [3] http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2003/heidelberg/state.pdf [4] http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2003/heidelberg/drevers.pdf [5] http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2003/heidelberg/perkins.pdf