23 NMRG Meeting, October 08-09, 2007 University of Twente, Enschede, Netherlands Participants: - Aiko Pras (AP), University of Twente, Netherlands - Juergen Schoenwaelder (JS), Jacobs University Bremen, Germany - Lisandro Granville (LG), UFRGS, Brazil - Krzysztof Nowak (KN), PSNC, Poland - Gijs van den Broek (GB), University of Twente, Netherlands - Olivier Festor (OF), INRIA, France - Sameh Bel Haj Saad (SS), University Federal Armed Forces Munich, Germany Original Agenda: - Thursday (2007-11-08) 13:00 Welcome and agenda bashing 13:15 Status of draft-irtf-nmrg-snmp-measure 13:30 Performance of SNMP over SSH/TLS/DTLS 14:15 SMIng and YANG support for libsmi 15:00 A Visualization Tool for SNMP Traces 15:30 Coffee Break 16:00 Detecting Periodic and Aperiodic SNMP Traffic 16:45 Discussion 18:00 Wrap up of the first day - Friday (2007-11-09) 09:00 Definition of Common Metrics and Terminology 10:30 Coffee Break 11:00 Definition of Common Metrics and Terminology 12:00 Lunch Break 13:00 Definition of Common Metrics and Terminology 15:00 Wrap up of the second day Roles: - AP acted as the chair and host of the meeting - JS took responsibility for the minutes 1. Agenda Bashing It was agreed to defer the discussion of the ID to a later time since Bert Wijnen was not yet there. [Ed.: We later discovered that Bert Wijnen will not be able attend at all.] The talk by Kaloyan Kanev on SMIng support for libsmi was cancelled since Kaloyan could not attend due to a health issue. 2. Performance of SNMP over SSH/TLS/DTLS Juergen Schoenwaelder (Jacobs University) gave a brief introduction into the motivation behind SNMP over secure transports and the ISMS work done in this space. He then discussed some technical aspects of running SNMP over SSH, TLS, and DTLS and finally showed some measurements done with a prototype implementation. Since there are some inconsistencies and shortcomings in the data set, the measurements need to be repeated. Once that has happened, a detailed paper about this work will be submitted. 3. A Visualization Tool for SNMP Traces Lisandro Zambenedetti Granville (UFRGS) presented a tool being developed by one of his students which (a) provides a Web-based front-end to the functionality provided by the snmpdump tool and (b) creates visualizations such as topology graphs, MIB object usage graphs, and traffic intensity graphs. It is unclear whether this work continues once the student involved has finished his assignment. 4. SNMP Trace Analysis at PSNC Krzysztof Nowak (PSNC) reported about some SNMP traces they have collected and analyzed. His presentation was based on the material that can also be found in EMANICS deliverable D7.2. There were some discussions concerning the nature of the data sets. Poznan is collecting more traces and creating ideas to do further analysis, for example concerning reaction time to network events detected by SNMP management systems. 5. Detecting Periodic and Aperiodic SNMP Traffic Gijs van den Broek (University of Twente) briefly explained the problem of separating periodic from aperiodic traffic. After a discussion how people would approach the problem, the work done in Twente was presented by Gijs. This lead to a detailed discussion about assumptions made by several definitions. It became clear that some assumptions are unavoidable. 6. Definitions The second day focusses solely on the discussion of common definitions for SNMP trace analysis work. First, it was recognized that the flow definition used in the IM paper (although not spelled out well in the paper) is consistent with the session definition introduced by Gijs. Next, it was recognized that the term session using by Gijs can be misleading since for example ISMS uses the term session to refer to SSH or TLS connections. Since the term sequence can also be misleading, it was decided to use the term "slice" since this term nicely fits that model that we split flows into slices and has no other meaning in the SNMP context. After some extensive discussion concerning potential definitions of these terms, an initial set of definitions was drafted by JS and GB and presented at the end of the meeting. JS and GB agreed to continue work towards a consistent set of definitions that are needed for the trace analysis work done at the University of Twente (periodic/aperiodic traffic) and at the Jacobs University Bremen (table retrieval algorithms). The definitions will be put into an ID with the final goal to progress them in the NMRG towards RFC publication. The research groups will then use these definitions in the research papers they are working on.