Rough Notes on the XIWT Internet Performance Working Team Meeting

March 3, 1998, Hyatt at Fisherman's Wharf, San Francisco, Ca.

There were eleven attendees from CNRI, HP, Intel, Bell South, SLAC and Inverse, there were several last minute cancellations. There were 5 laptops and 2 Palm Pilots in use.

Table of Contents:

Rough Notes on the XIWT Internet Performance Working Team Meeting *

Common Definitions Sub Group *

Discussion of need for Security Sub Group *

Update on SLAC Monitoring Software - Warren Matthews *

Passive Measurements Sub Group *

Objectives: *

Benefits *

Scope *

Tasks *

Craig of NIST has a workstation earmarked to be an archive site, plus a person to be a caretaker. They will contact Dave Martin of HEPNRC to get the software installed. There is a Web list of collection sites and remote sites. Not all the collection sites are collecting yet. Hughes started a collection site after the last meeting. They are running traceroute regularly. Most route swaps appear to be within an ISP as opposed to being at the interchanges.

Common Definitions Sub Group

The goals of the meeting were to define a product of the group such as a White Paper, come up with a timeline, get more feedback, decide on who should review.

As a starting point it was suggested to produce a white paper with review by groups such as the IPPM, ANSI, and IOPS. The timeline is for a first draft to be ready for discussion at (and available for informal review prior to) the April meeting (at Reston), with reviews and comments in by June and publishing by July. This white paper could be a publication of the XIWT. There will be two revisions. The first will be the set of definitions. The second revision would contain measurements to validate the methodology. A zeroth order draft was handed out; updates etc will be made available on the protected IPWT Web page. Zhirad of HP will be the keeper of the document. Zhirad led a discussion of the zeroth order document.

Discussion of need for Security Sub Group

Many folks are concerned about the need to provide security if one is to make the Internet safe for business. One of the big concerns is the denial of service attack. This is not just a technical issue, but also requires involving law agencies for defining what is illegal, what happens when an illegal act is perpetrated, how the perpetrator is discovered, apprehended and punished. This is complicated by the international spread of the Internet. There is a desire to get beyond simply sharing information and getting into the solution space. The XIWT chair will work with interested IPWT people to try and draft a requirement's document which will be bought to the executive committee.

Update on SLAC Monitoring Software - Warren Matthews

Warren talked about the SLAC/HEPNRC Ping measurement tools. There were several questions on the correlation between ping and HTTP GET. There was considerable interest in Warren's SAS free tools since it could avoid the cost of a SAS license. He is looking at how to automate the installation of the PingER tools. Dave Martin of HEPNRC is working on Poisson sampling. Intel will note exceptions and manually contact ISPs to understand why there are problems and work to resolve them. They use heuristics such as two sampling intervals with no reachability, or big changes in packet loss for a set of related sites.

Passive Measurements Sub Group

The first meeting of this group was June 1997.

The goals for this meeting (March 3rd 1998) were to: define the objective of the group, define the scope, and to define what has to be accomplished.


A question was raised as to whether passive measurements can replace the need for active (e.g. ping) measurements. If one can detect problems using passive measurements then one can initiate active monitoring. Thus passive measurement could reduce the need for active monitoring.


So some benefits of passive measurements are:

Most logs provide bytes and time so a measure of throughput is available. One would like to add information on server loading, network loading, cpu utilization, egress location, DNS resolution time, time to set up TCP connection. Probably time of day, file-size and "type" (e.g. CGI script) are already available.


The audience is the server software vendors, and server operators.

The scope includes: Web servers, FTP servers, proxy servers, mail relays.

If one could count on clients sending in the NetMedic logs this would also enable passive monitoring, however this is not realistically possible. Thus the focus here is to use the server logs which takes less coordination to acquire.


  1. Complete correlation of Keynote/timeit/server logs. This is targetted for completion by April 9th, Cindy Bickerstaff will be making a presentation to the Intel marketing folks on this day.
  2. Define an experiment using PingER boxes to demonstrate that the correlation observed with item 1 is repeatable in a wider domain. The idea would be that each PingER box will use Timeit to do an HTTP GET from another PingER box and note the DNS and GET response time (these response times are built into timeit). This will be correlated with the Ping responses for similar time periods and with the Web server logs (i.e. it assumes a Web server would be available on the PingER box). On one or more of the PingERs, one could also set up a WebBench to see the effect of server loading. Also on a Web server, which one can modify (e.g. Apache), one could modify the logging to add extra information such as the TCP setup time (SYN/ACK time) - one probably wants to define this as a requirement. May have to do a statistical experiment design. Would be good to communicate with the server vendors to see if they are interested.
  3. Draft recommendations for software vendors.