[IPFIX] recent ipfix drafts and argus

Carter Bullard carter at qosient.com
Wed Feb 29 11:38:43 EST 2012


Nevil,
I wasn't being disingenuous about Nick or the use of Google in any way.
Nick put in references to argus in his papers, and he didn't even really
say anything about it.  He even spelled the company's name correctly.

What I am saying is the aggregation draft is dealing with a topic that has
been around for a very long time, and there are lots of implementations of
all of the concepts needed in data aggregation around.  Billing packages,
statistics packages,  graphing software all have to deal with these issues.
I can provide you lots of text books that are good references on the topics of
data aggregation that the flow community needs, if you are interested.

With such an unbounded topic to talk about, with so much opportunity,
why do all of the examples in the draft look like documented argus examples
and program outputs?

I stated this in the original email.  I am stating it now.  If you are going to use
examples and technology from other efforts, reference those other efforts.

But each example in the draft is either a specific aggregation where argus has
dedicated programs to generate the output, or they are well documented
examples from the argus web site or mailing list.  

For god's sake, just change the specific objects, the time intervals
and the order and format of the output fields, and you would at least
not look like you took the examples from argus program output.

If you want to look like argus program output, fine. Mention argus.
If you want to look like SiLK, then use SiLK, and mention it.  If you don't
want to look like anybody's tools, then just change the format so it doesn't
look like anybody's tools.

The IPFIX WG is just a working group in the IETF.  It's mailing list is the
only avenue to present issues regarding IPFIX WG business.  I am
saying again, and hopefully for the last time, if you are going to use 
the work of other forums and groups in the flow community, simply give
those efforts credit.  If you don't want to do that, modify your work so
that it doesn't look like you just lifted it, without concern.

Carter

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



On Feb 29, 2012, at 2:48 AM, Nevil Brownlee wrote:

> 
> Hi Carter:
> 
> As the other IPFIX co-chair I feel bound to respond to your comments.
> 
> Your idea that an Internet Standard should document something
> that has "dozens of implementations" is weird, to say the least.
> In many cases there are different groups of people proposing
> different ideas, so to begin with there isn't even a single
> implementation.
> 
> Your comment about 'a Google search for "Argus flow splitting"' is
> disingenuous.  When I spent some time with Google looking for
> information about Argus and its implementation, I simply wasn't able
> to find anything.  Nick Duffield's papers about sampling, i.e.
>  "Charging from sampled network usage" (2001),
>  "Properties and Prediction of Flow Statistics from Sampled
>    Packet Streams, " (2002),
>  "Learn more, sample less: control of volume and variance in
>    network measurement," (2005),
> all cite the Quosient web page for Argus' way of defining flows,
> but there's no text in any of these papers about Argus itself!
> 
> The IPFIX WG provides a forum for interested people to contribute
> ideas about information reporting.  If you have something you'd like to
> see in a WG draft, you need to contribute some text about it on the
> IPFIX list. In the case of the Aggregation draft, you simply haven't
> done that.
> 
> In short:
> - If there is published material out there about Argus,
>     please tell us about it.
> - Kindly withdraw your mischievous accusations of plagiarism, these
>     are unfounded.
> - Constructive technical discussion to the IPFIX list is, of course
>     always welcome.
> 
> Cheers, Nevil
> 
> 
> On 02/27/2012 11:37 AM, Carter Bullard wrote:
>> Gentle people,
>> I'm generally pretty quiet when it comes to IPFIX and its efforts.  But as the first
>> person to develop IP flow records in the 1980's, first to present the idea to the
>> community in 1992, the first to provide open source flow technology in 1995,
>> and the author of the longest lived open source flow system, argus; I feel that
>> I have to say something about the recent wave of IPFIX drafts.
>> 
>> The drafts on flow aggregation describe functionality that the Argus project started
>> over 20 years ago.  The ideas of key modification, conversion of non-key attributes
>> to key members, aggregation operators, interval distribution and the architecture for it,
>> were all developed in argus a long long time ago.  draft-ietf-ipfix-a9n is basically
>> describing the functionality of argus's racluster(), rasplit(), and rabins() programs,
>> and every example given in the text of draft-ietf-ipfix-a9n can be generated using
>> argus's rabins(), with only a few gyrations of its command-line, today.
>> 
>> I personally would expect that if the IETF was going to describe something that is
>> "Standards Track", that there would be dozen's of implementations of this kind of
>> technology available, and that the WG is condensing years of experience to
>> arrive at a "Standards Track", but, this is not the case.  There is only one current
>> implementation of the complete capabilities of the features of draft-ietf-ipfix-a9n
>> that I am aware of, and that is in argus.
>> 
>> Taking just one of the technical descriptions in the draft, "interval distribution", I
>> am not aware of any description of this issue, or implementation of this type
>> of technology in the literature, outside of argus.  No Google search results for "flow
>> interval distribution".   In Argus we call it flow splitting.  The first line from a
>> Google search for "argus flow splitting" return:
>> 
>> Scholarly articles for argus flow splitting
>> … and prediction of flow statistics from sampled packet … - Duffield - Cited by 217
>> 
>> I'm not saying that Nick knows much about argus's support for flow splitting, but
>> its still pretty scary that the first hit is from a paper that is used in IPFIX documents.
>> One would have to assume that the IPFIX community should be aware.
>> 
>> My problem is that most of  draft-ietf-ipfix-a9n is prior work that is not widely
>> implemented, some of the features are still unique to argus.   While IETF support
>> of technology is a good thing, descriptions of technology without reference
>> is a difficult thing to interpret.  Is the IPFIX WG describing what they think is new
>> technology? Does the IPFIX WG think that many companies have implemented
>> this type of technology, and now its time to standardize it ?  Well, I'm not aware
>> of any implementation, open or closed, that does the complete set of what the
>> draft is recommending, other than argus.  So I don't think its new, nor widely
>> implemented.  I would say its a form of technology plagiarism.
>> 
>> IPFIX is considering adding non-IP flows to their definitions.  Argus is the only available
>> flow technology that has significant non-IP flow data models and support.  argus-1.2 had
>> flow generation, transport, analytics and storage of non-IP flows 20 years ago, with its
>> support for bi-directional ethernet, apple-talk and ARP transaction tracking and reporting.
>> In the last 10 years, argus has added MPLS, VLAN, ISO addresses, and Infiniband flow
>> models.  Not attributes, but true flow key elements.   This work is non-trivial.
>> 
>> The concept that the WG would consider dropping the IP from IPFIX and think that is
>> all that is needed, is really so completely wrong, that its laughable, and a dis-service
>> to those that have done the hard work to bring situational awareness and analytics
>> to non-IP traffic.   The same applies to bi-directional flows, but that is another story.
>> 
>> I would love to think that IPFIX could focus back on flow information exchange.
>> Multicast, non-template based connectionless transport strategies, say over UDT
>> as an example, rather than getting into areas for which the WG is unprepared to
>> do even a reasonable job, without resorting to dubious techniques.
>> 
>> Just a few comments, I hope that anyone finds it useful.
>> 
>> Carter
>> 
>> Carter Bullard
>> CEO/President
>> QoSient, LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> 
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> IPFIX mailing list
>> IPFIX at ietf.org
>> https://www.ietf.org/mailman/listinfo/ipfix
> 
> 
> -- 
> ---------------------------------------------------------------------
> Nevil Brownlee                    Computer Science Department | ITS
> Phone: +64 9 373 7599 x88941             The University of Auckland
> FAX: +64 9 373 7453   Private Bag 92019, Auckland 1142, New Zealand
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120229/9fb9f681/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120229/9fb9f681/attachment.bin>
-------------- next part --------------
_______________________________________________
IPFIX mailing list
IPFIX at ietf.org
https://www.ietf.org/mailman/listinfo/ipfix


More information about the argus mailing list