Lily-
So what this the requirement here?
At 07:04 PM 4/2/2001 -0600, Hilarie Orman wrote:
Function evaluation in a rule pre-condition can get way too
complicated, but, you can have special subsystems for triggering
special events, like the time=IP addr example below. The
existence of the special subsystems, their naming, definition,
that's unfortunately all environment stuff that's outside the
charter, as I understand it. Maybe the interface to the scheduling
subsystem could be part of the rule system, because it is so
important, and that could be used as a model for other subsystems
which need to monitor variables and compute functions of their
values in order to trigger rules.
Hilarie
>>> "Yang, Lily L" <lily(_dot_)l(_dot_)yang(_at_)intel(_dot_)com> 04/02/01 05:08PM
>>>
> -----Original Message-----
> From: Derek Maxson [mailto:techmail(_at_)frontporch(_dot_)com]
> Sent: Monday, April 02, 2001 3:42 PM
> To: Yang, Lily L
> Cc: ietf-openproxy(_at_)imc(_dot_)org
> Subject: RE: Request for Comment: Elapsed-Time as Event in OPES/ICAP
>
2. However, there is no hard limit to number of users
> per bucket. It just
> works out that for 1000 users there are 25 per bucket.
I understand. This is just an example. The key is that only one group is
redirected at any given 15-second interval.
>
> 3. Are you suggesting that the proxylet would be
> employed to evaluate every
> request and measure the time, then create a call-out when the
> time is right?
Yes. that is one way to do it, given that the proxylet has to be very simple
and efficient.
But I think there might be a better way to do this if we get enough
arithmetic support from IRML -- for example, I imagine that a rule like
this:
if (current-system-time-in-seconds mod 40 == Hash(IP))
fire-action-Proxylet1;
// basically it uses the current system timer (measured in seconds) to map
to a particular //user group (there are 40 such groups), and if the incoming
IP happens to be in that group,
// we can fire proxylet1 to do further checking.
Inside Proxylet1: do whatever further constraint checking -- you may even
afford to check on individual IP state (one counter per user), or you can
choose to use just one counter for the whole group -- then determine whether
or not redirection service is fired by insert new-tag-from-Proxylet1.
Second rule would be
if (new-tag-from-Proxylet1) fire-ICAP-service;
Does it make sense?
The second approach is more efficent (since it cuts down the # of requests
going through proxylet), but it requires more arithmetic support -- that
makes me wonder, is regular expression enough for rule matching?
Lily
>
> Derek
>
>
> > -----Original Message-----
> > From: Yang, Lily L [mailto:lily(_dot_)l(_dot_)yang(_at_)intel(_dot_)com]
> > Sent: Monday, April 02, 2001 3:36 PM
> > To: 'Derek Maxson, Front Porch'
> > Cc: ietf-openproxy(_at_)imc(_dot_)org
> > Subject: RE: Request for Comment: Elapsed-Time as Event in OPES/ICAP
> >
> >
> > Derek --
> > Let me make sure that I understand what you meant here --
> > By splitting the users into 40 groups (bucket), we treat
> two IPs falling
> > into one bucket as the same, so effectively it it like the
> problem of
> > handling 40 unique users. Is it right?
> > So what you want to achieve is -- For every 15 seconds,
> only IPs falling
> > into one group would be redirected for up to 25 connections?
> > Is it correct?
> >
> > If so, then an unconditional rule is applied to fire up a local
> > proxylet and
> > all the above logic is wrapped inside that proxylet. Only
> when redirection
> > (or whatever service in your mind) is determined necessary, the
> > remote call
> > out service is fired. In that case a new header is added in the
> > proxylet to
> > trigger the remote callout service in the second rule.
> >
> > Is this what you had in mind?
> >
> > Lily
> >
> > > -----Original Message-----
> > > From: Derek Maxson, Front Porch
[mailto:techmail(_at_)frontporch(_dot_)com]
> > > Sent: Friday, March 30, 2001 11:12 AM
> > > To: ietf-openproxy(_at_)imc(_dot_)org
> > > Subject: RE: Request for Comment: Elapsed-Time as Event
> in OPES/ICAP
> > >
> > >
> > > All:
> > >
> > > Perhaps using groups for timing. A hash could be usedto
> > > aggregate into
> > > interval groups.
> > >
> > > Take 1000 users to be redirected every 10 minutes.
> > > Split the users into
> > > 40 groups by IP hash that will be redirected 25 at a time
> > > every 15 seconds.
> > >
> > > This would likely decrease the load of remembering time
> > > stamps for all
> > > 1000 users (in this example) and enable much larger numbers
> > > to be handled.
> > >
> > > The proxy could keep track of each of the 40 groups as
> > > buckets and load
> > > balance by dropping IP's into the bucket(s) with the fewest
> > > active sessions.
> > >
> > > Thoughts?
> > >
> > > Derek
> > >
> > >
> > > > -----Original Message-----
> > > > From: owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org
> > > > [mailto:owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of
> Derek Maxson,
> > > > Front Porch
> > > > Sent: Monday, March 26, 2001 8:34 AM
> > > > To: ietf-openproxy(_at_)imc(_dot_)org
> > > > Subject: Request for Comment: Elapsed-Time as Event in OPES/ICAP
> > > >
> > > >
> > > > All:
> > > >
> > > > A function that could prove helpful is to measure the
> > > > elapsed time between
> > > > ICAP callouts to ensure a minimum interval.
> > > >
> > > > This function can allow the opportunity for individual
> > > users to be
> > > > redirected via ICAP at certain intervals that can be
> set in a rule.
> > > >
> > > > Is anyone already working on something similar?
> Comments?
> > > >
> > > > Derek Maxson
> > > >
> > >
> > >
> >
>
>
Michael W. Condry
Director, Network Edge Technology