Minutes of the 20th NMRG meeting IETF 66, Montreal, Canada 10 July 2006 Minutes: Olivier Festor Participants: The meeting was attended by about 40 people. The names were recorded on the rooster which went to the IETF secretariat. Agenda: 17:40 Administrivia Chair(s) 17:45 NMRG Status Report '2006 Juergen Schoenwaelder 18:00 SNMP Traffic Measurements Overview Juergen Schoenwaelder 18:20 Initial Results Juergen Schoenwaelder 18:40 Discussion of Measurement Activities Everybody 19:20 Future Work Everybody 19:40 Wrapup Chair(s) ======================================================================= Two presentations were given by Juergen Schoenwaelder (see slides on the NMRG web site). - Presentation #1 : NMRG Status Report '2006 - Presentation #2 : SNMP Traffic Measurements The presentation received a lot of very positive feedback (one participant stated work is exiting since it is the first time people try to understand how to improve management) and raised many fruitful discussions. The first set of questions that were issued by the participants was around the motivation for collecting such data and what the end goal of such work would be (return on investment). The response was that the specific usage of the results was beyond the scope of the initial initiative which goal was to find out what is happening not why. However, standardization bodies might use the results to revisit their standards, academics can use them to build meaningful models, implementors and operators might use them to improve their implementations. An issue was raised on the accuracy of the measurement if it is done only at the central management station interface. By sniffing at the management station only, one might loose data of management activity going on elsewhere (e.g. through laptops). Specific questions and comments raised: Q: What is the outcome of the analysis on indexing types? A: The big winners are integers (based on the MIB analysis). Q: Did you investigate the use of the data collection to do SNMP fingerprinting ? A: This was not the scope of the work. Q: How hard was it to get traces? What is the "acceptance" percentage? A: Quite surprisingly, it was not that difficult. It is crucial to establish a trust relationship to operators. Doing this work through the NMRG helps and having the goals documented as an Internet-Draft helps. Collaboration of researchers who all have some connections to operators helps. Many discussions took place on the SNMP message sizes, versions and operations measured in the traces. It was noted that more traces need to be analyzed to have a more complete picture. Recommendations: - Measure the usage and impact of security. - To make sure that the collected data is useful for analysis it should be complemented with a questionnaire to be filled by the organization where the traces are collected to see what operators are looking at and how important management is or whether any special events took place. - A web site should be available to help promoting the capture of traces and attract operators. The Internet-Draft is exactly designed for this purpose. - It would be great to get also traces on more configuration oriented operations (e.g., CLI ?). Having the data on the configuration space, would bring a lot of input to the community as well. - It would be interesting to identify signatures or behavioral patterns. For example, it might be useful to identify applications which do the same data collection and propose some optimization. ======================================================================= It was suggested to co-organize a workshop in October 2006 located somewhere in Europe before/during/after the MANWEEK in Dublin to identify fundamental research challenges in network and service management research. This workshop would be co-organized with the European 6th Framework Network of Excellence on the Management of the Internet and Complex Services (EMANICS) ().