[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 RFC 5477

Network Working Group                                           T. Dietz
Internet-Draft                                           NEC Europe Ltd.
Expires: April 27, 2006                                      F. Dressler
                                        University of Erlangen-Nuremberg
                                                                G. Carle
                                                 University of Tuebingen
                                                               B. Claise
                                                               P. Aitken
                                                           Cisco Systems
                                                        October 24, 2005


             Information Model for Packet Sampling Exports
                     <draft-ietf-psamp-info-03.txt>

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 27, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This memo defines an information model for the Packet Sampling
   (PSAMP) protocol.  It is used by the PSAMP protocol for encoding



Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 1]


Internet-Draft           PSAMP Information Model            October 2005


   sampled packet data and information related to the sampling process.
   As the PSAMP protocol is based on the IPFIX protocol, this
   information model is an extension to the IPFIX information model.
















































Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 2]


Internet-Draft           PSAMP Information Model            October 2005


Table of Contents

   1.   Open Issues  . . . . . . . . . . . . . . . . . . . . . . . .   5
     1.1  PSAMP architecture/protocol related  . . . . . . . . . . .   5
     1.2  IPFIX related  . . . . . . . . . . . . . . . . . . . . . .   6
     1.3  NETFLOW v9 related . . . . . . . . . . . . . . . . . . . .   6
     1.4  PSAMP number space for Information Elements  . . . . . . .   6

   2.   Introduction . . . . . . . . . . . . . . . . . . . . . . . .   7

   3.   Relationship between PSAMP and IPFIX . . . . . . . . . . . .   7

   4.   Properties of a PSAMP Information Element  . . . . . . . . .   8

   5.   Type Space . . . . . . . . . . . . . . . . . . . . . . . . .   8

   6.   The PSAMP Information Elements . . . . . . . . . . . . . . .   8
     6.1  PSAMP Usage of IPFIX Attributes  . . . . . . . . . . . . .   8
     6.2  Additional PSAMP Information Elements  . . . . . . . . . .   9
       6.2.1  selectorId . . . . . . . . . . . . . . . . . . . . . .   9
       6.2.2  selectorInputSequenceNumber  . . . . . . . . . . . . .   9
       6.2.3  selectorAlgorithm  . . . . . . . . . . . . . . . . . .  10
       6.2.4  samplingPacketInterval . . . . . . . . . . . . . . . .  10
       6.2.5  samplingPacketSpace  . . . . . . . . . . . . . . . . .  11
       6.2.6  samplingTimeInterval . . . . . . . . . . . . . . . . .  11
       6.2.7  samplingTimeSpace  . . . . . . . . . . . . . . . . . .  11
       6.2.8  samplingPopulation . . . . . . . . . . . . . . . . . .  12
       6.2.9  samplingSize . . . . . . . . . . . . . . . . . . . . .  12
       6.2.10   samplingProbabilityN . . . . . . . . . . . . . . . .  12
       6.2.11   samplingProbabilityM . . . . . . . . . . . . . . . .  12
       6.2.12   ipHeaderPacketSection  . . . . . . . . . . . . . . .  13
       6.2.13   ipPayloadPacketSection . . . . . . . . . . . . . . .  13
       6.2.14   l2HeaderPacketSection  . . . . . . . . . . . . . . .  13
       6.2.15   l2PayloadPacketSection . . . . . . . . . . . . . . .  14
       6.2.16   mplsLabelStackSection  . . . . . . . . . . . . . . .  14
       6.2.17   mplsPayloadPacketSection . . . . . . . . . . . . . .  14
       6.2.18   meteringProcesssId . . . . . . . . . . . . . . . . .  14
       6.2.19   observationPointId . . . . . . . . . . . . . . . . .  15
       6.2.20   associationsId . . . . . . . . . . . . . . . . . . .  15
       6.2.21   selectorType . . . . . . . . . . . . . . . . . . . .  15
       6.2.22   packetsObserved  . . . . . . . . . . . . . . . . . .  15
       6.2.23   packetsSelected  . . . . . . . . . . . . . . . . . .  15
       6.2.24   accuracy . . . . . . . . . . . . . . . . . . . . . .  15

   7.   Security Considerations  . . . . . . . . . . . . . . . . . .  16

   8.   IANA Considerations  . . . . . . . . . . . . . . . . . . . .  16




Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 3]


Internet-Draft           PSAMP Information Model            October 2005


   9.   References . . . . . . . . . . . . . . . . . . . . . . . . .  16
     9.1  Normative References . . . . . . . . . . . . . . . . . . .  16
     9.2  Informative References . . . . . . . . . . . . . . . . . .  17

        Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  18

   A.   Formal Specification of PSAMP Information Elements . . . . .  19

        Intellectual Property and Copyright Statements . . . . . . .  29










































Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 4]


Internet-Draft           PSAMP Information Model            October 2005


1.  Open Issues

   This section covers some open issues which have to be solved in a
   future version of this draft.

1.1  PSAMP architecture/protocol related

   o  PROPOSAL: we won't overload Information Elements with multiple
      meanings or re-use them for multiple purposes.  We will allocate
      different IE's for each requirement.
   o  PROPOSAL: although having different IE's for each requirement
      allows us to infer the selection method, we will include a
      separate IE for the method, e.g. for including in scope info and
      depicting the contents of composites.
   o  We currently define the sampling/filtering algorithm and the hash
      function Information Element as a simple 8-bit identifier.  This
      implies that an extension is very easy.  Nevertheless, it might be
      appropriate to have a single Information Element for each method
      in order to integrate special information about the sampling/
      filtering algorithm or the hash function directly into the
      Information Element.  PROPOSAL: special information will be
      encoded in new Information Elements as necessary, and not be
      encoded in the selection method.
   o  The flow state sampling, random non-uniform probabilistic
      sampling, the mask filtering and the router state filtering are
      currently not fully covered by the information model because the
      Information Elements needed for these algorithms still need to be
      specified.
   o  The PSAMP protocol [I-D.ietf-psamp-protocol] allows to define
      multiple selection methods which are applied in a sequential
      order.  Therefore, the order of the Information Elements in a
      template becomes important.  This is a primary difference to the
      semantics of the flow template in the IPFIX definition.
      Currently, we do not have a proper definition for the ordering of
      Information Elements.  PROPOSAL: where the order of the elements
      is important (according to the PSAMP protocol [I-D.ietf-psamp-
      protocol]) they must be specified in the correct order.
   o  The unit property is currently optional, but we would like to have
      information about units wherever possible.  The unit property may
      become mandatory in a future version of this document and we would
      define the unit as "not applicable" when no unit can be given.
   o  We need to specify the "accuracy" Information Element.
   o  data type - variable length for packet fragment.
   o  How to export very long packets?  An MTU of 1500 permits an
      template of 350+ elements, but it may not be possible to transmit
      all the desired elements in one packet since the 16-bit length
      field in the IPFIX header only allows IPFIX packets up to 65535
      bytes.



Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 5]


Internet-Draft           PSAMP Information Model            October 2005


   o  Clearly define "layer 2" and MPLS.  PROPOSAL: discuss at the
      Vancouver IETF.
   o  Rather than creating new header and payload sections for each
      layer, protocol or application, should there only be one header
      section and one payload section, with another IE describing what
      it is?  PROPOSAL: discuss at the Vancouver IETF.

1.2  IPFIX related

   o  This document only defines the Information Elements for exporting
      PSAMP data that are not defined by the IPFIX information model.
      Nevertheless, we should include a usage statement for the
      Information Elements defined by IPFIX when used by the PSAMP
      export protocol or include a special section discussing the usage
      of IPFIX information elements by PSAMP.
   o  The export of sampled data may not need all information elements
      defined by the IPFIX information model.  Thus a section within
      this document should give an overview of flow Information Elements
      defined in the IPFIX information model and their usage in the
      PSAMP environment.
   o  The observation point is currently not covered by the IPFIX
      information model.  It is not clear if we should include the
      observation point by ourselves or if we should wait for IPFIX to
      include it in their information model.  PROPOSAL: We should define
      it here, either in its own Information Element, or consider it to
      be a particular kind of selector.
   o  Insert or cross reference the following sections from IPFIX-INFO:
      *  2.  Properties of IPFIX Protocol Information Elements
      *  2.1  Information Elements Specification Template
      *  2.2  Scope of Information Elements
      *  2.3  Naming Conventions for Information Elements
      *  3.  Type Space
      *  4.  Information Element Identifiers
   o  Verify consistency with definitions in
      *  draft-ietf-psamp-sample-tech-07.txt
      *  draft-ietf-psamp-framework-10.txt

1.3  NETFLOW v9 related

   o  Align the Information Elements with the information elements
      currently defined in NETFLOWv9 if possible.  Currently Information
      Elements types 34,35 as well as 48-50 are candidates.  PROPOSAL:
      Retain these Information Elements as RESERVED, and create new
      Information Elements for PSAMP.

1.4  PSAMP number space for Information Elements





Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 6]


Internet-Draft           PSAMP Information Model            October 2005


   o  The Information Element number space is not assigned by any
      directory (IANA), yet.  The IPFIX Information Model [I-D.ietf-
      ipfix-info] defines Information Elements 1 through 214, so we
      started the PSAMP Information Element numbering from 300.

2.  Introduction

   Packet sampling techniques are required for various measurement
   scenarios.  The packet sampling (PSAMP) protocol provides mechanisms
   for the packet selection using different filtering and sampling
   techniques.  A standard way for the export and storage of such
   sampled packet data is required.  The definition of the PSAMP
   information and data model is based on the IP Flow Information eXport
   (IPFIX) protocol [I-D.ietf-ipfix-protocol].  The PSAMP protocol
   document [I-D.ietf-psamp-protocol] describes how to use the IPFIX
   protocol in the PSAMP context.

   This document examines the IPFIX information model [I-D.ietf-ipfix-
   info] and extends it to meet the PSAMP requirements.  Therefore, the
   structure of this document is strongly based on the IPFIX document.
   It complements the PSAMP protocol specification by providing an
   appropriate PSAMP information model.  The main part of this document,
   section 6, defines the list of Information Elements to be transmitted
   by the PSAMP protocol.  Sections 5 and 4 describe the data types and
   Information Element properties used within this document and their
   relationship to the IPFIX information model.

   The main body of section 6 was generated from a XML document.  The
   XML-based specification of the PSAMP Information Elements can be used
   for automatically checking syntactical correctness of the
   specification.  Furthermore it can be used - in combination with the
   IPFIX information model - for an automated code generation.  The
   resulting code can be used in PSAMP protocol implementations to deal
   with processing PSAMP information elements.

   For that reason, the XML document that served as source for section 6
   is attached to this document in Appendix A.

   Note that although partially generated from the attached XML
   documents, the main body of this document is normative while the
   appendices are informational.

3.  Relationship between PSAMP and IPFIX

   As described in IETF working document
   draft-quittek-psamp-ipfix-01.txt [I-D.quittek-psamp-ipfix], a PSAMP
   data record can be seen as a very special IPFIX flow record.  It
   represents an IPFIX flow containing only a single packet.  Therefore,



Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 7]


Internet-Draft           PSAMP Information Model            October 2005


   the IPFIX information model can be used as a basis for PSAMP reports.

   Nevertheless, there are properties required in PSAMP reports which
   cannot be modelled using the current IPFIX information model.  This
   document describes extensions to the IPFIX model which allow the
   modelling of information and data required by PSAMP.

   Some of these extensions allow the export of what may be considered
   sensitive information.  Refer to the Security Considerations section
   for a fuller discussion.

4.  Properties of a PSAMP Information Element

   The PSAMP Information Elements are in accordance with the definitions
   of IPFIX.  Therefore we do not repeat the properties in this draft.
   Nevertheless, we strongly recommend to define the optional "unit"
   element for every information element (if applicable).

5.  Type Space

   The PSAMP Information Elements MUST be constructed from the basic
   data types described in the IPFIX Information Model [I-D.ietf-ipfix-
   info].  To avoid duplicated work and to keep consistency between
   IPFIX and PSAMP the data types are not repeated in this document.

6.  The PSAMP Information Elements

   This sections describes the Information Elements used by the PSAMP
   exporting functions.  Basically, the Information Elements described
   by the IPFIX information model [I-D.ietf-ipfix-info] are used by the
   PSAMP export functions where applicable.  To avoid inconsistencies
   between the IPFIX and the PSAMP information and data models, only
   those Information Elements are defined here that are not already
   described by the IPFIX information model.

6.1  PSAMP Usage of IPFIX Attributes

   Some Information Elements defined by the IPFIX information model are
   not needed by the PSAMP protocol.  Other Information Elements have a
   different meaning or usage pattern than in IPFIX.  This section lists
   the IPFIX Information Elements that are needed in the PSAMP context
   and introduces their usage.

   EDITOR NOTE: this section needs to be finished once IPFIX as well as
   PSAMP info model are stable.

   List of additional PSAMP Information Elements:




Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 8]


Internet-Draft           PSAMP Information Model            October 2005


   o  300 - selectorId
   o  301 - selectorInputSequenceNumber
   o  302 - selectorAlgorithm
   o  303 -
   o  304 - samplingPacketInterval
   o  305 - samplingPacketSpace
   o  306 - samplingTimeInterval
   o  307 - samplingTimeSpace
   o  308 - samplingPopulation
   o  309 - samplingSize
   o  310 - samplingProbabilityN
   o  311 - samplingProbabilityM
   o  312 -
   o  313 - ipHeaderPacketSection
   o  314 - ipPayloadPacketSection
   o  315 - l2HeaderPacketSection
   o  316 - l2PayloadPacketSection
   o  317 - mplsLabelStackSection
   o  318 - mplsPayloadPacketSection
   o  319 - meteringProcesssId
   o  320 - ObservationPointID
   o  321 - pathId
   o  322 -
   o  323 - selectorType
   o  324 - packetsObserved
   o  325 - packetsSelected
   o  326 - accuracy
   o  327 -
   o  328 -
   o  329 -

6.2  Additional PSAMP Information Elements

6.2.1  selectorId

   Description:
      The ID of a selector.  Each selector instance must have a unique
      ID in the observation domain.
   Abstract Data Type: unsigned16
   Data Type Semantics: identifier
   ElementId: 300
   Status: current

6.2.2  selectorInputSequenceNumber







Dietz, et al.         draft-ietf-psamp-info-03.txt              [Page 9]


Internet-Draft           PSAMP Information Model            October 2005


   Description:
      The input sequence number of a packet at a selector.
      Since each use of a selector is independent, each separate
      selector instance must maintain its own
      selectorInputSequenceNumber.
   Abstract Data Type: unsigned32
   ElementId: 301
   Status: current

6.2.3  selectorAlgorithm

   Description:
      Specifies the selector algorithm (e.g., filter, sampler, hash)
      that was used on a packet.  It is exported in the options data
      flow record to specify how a collector has to interpret a data
      flow record.

      The following selector algorithms are currently defined:
      *  1 Systematic count-based sampling
      *  2 Systematic time-based sampling
      *  3 Random n-out-of-N sampling
      *  4 Uniform probabilistic sampling
      *  5 Non-uniform probabilistic sampling
      *  6 Non-uniform flow state sampling
      *  7 Match based filtering
      *  8 Hash based filtering
      *  9 Router state filtering

      The parameters for most of these algorithms are defined in this
      information model.  Some parameters - especially those for
      algorithms 5, 6 and 8 are not covered by this information model
      since they depend very much on the underlying hardware.
      Currently there are no hash functions defined.

      EDITOR'S NOTE: This list may extend to the final version.  The
      "octet" data type is probably not the best choice but keeps the
      list extensible.
   Abstract Data Type: octet
   Data Type Semantics: identifier
   ElementId: 302
   Status: current

6.2.4  samplingPacketInterval








Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 10]


Internet-Draft           PSAMP Information Model            October 2005


   Description:
      Number of packets that are consecutively sampled.  For example a
      value of 100 means that 100 contiguous packets are sampled.
      This information element is used for the systematic count-based
      sampling.
   Abstract Data Type: unsigned32
   ElementId: 304
   Status: current
   Units: packets

6.2.5  samplingPacketSpace

   Description:
      The number of packets between two "samplingPacketInterval"s.  A
      value of 100 means that the next interval starts after 100 packets
      (which are not sampled) when the current "samplingPacketInterval"
      is over.
      This information element is used for the systematic count-based
      sampling.
   Abstract Data Type: unsigned32
   ElementId: 305
   Status: current
   Units: packets

6.2.6  samplingTimeInterval

   Description:
      Time interval in microseconds in which all arriving packets are
      sampled.
      This information element is used for the systematic time-based
      sampling.
   Abstract Data Type: dateTimeMicroSeconds
   ElementId: 306
   Status: current
   Units: microseconds

6.2.7  samplingTimeSpace

   Description:
      The time interval in microseconds between two
      "samplingTimeInterval"s.  A value of 100 would mean that the next
      interval would start after 100 microseconds (in which no packets
      are sampled) when the current "samplingTimeInterval" is over.
      This information element is used for the systematic time-based
      sampling.






Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 11]


Internet-Draft           PSAMP Information Model            October 2005


   Abstract Data Type: dateTimeMicroSeconds
   ElementId: 307
   Status: current
   Units: microseconds

6.2.8  samplingPopulation

   Description:
      The number of elements in the parent population for random
      sampling algorithms.
      This information element is used for the random n-out-of-N
      sampling algorithm.
   Abstract Data Type: unsigned32
   ElementId: 308
   Status: current
   Units: packets

6.2.9  samplingSize

   Description:
      The number of elements taken from the parent population for random
      sampling algorithms.
      This information element is used for the random n-out-of-N
      sampling algorithm.
   Abstract Data Type: unsigned32
   ElementId: 309
   Status: current
   Units: packets

6.2.10  samplingProbabilityN

   Description:
      The probability that a packet is sampled.  The probability is
      equal for every packet.  The sampling probability is
      samplingProbabilityN / samplingProbabilityM.  A value of 0 means
      no packet was sampled (probability is 0).  Any other value is
      meaningless without a samplingProbabilityM.
      This information element is used for the uniform probabilistic
      sampling algorithm.
   Abstract Data Type: unsigned32
   ElementId: 310
   Status: current

6.2.11  samplingProbabilityM







Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 12]


Internet-Draft           PSAMP Information Model            October 2005


   Description:
      The probability that a packet is sampled.  The probability is
      equal for every packet.  The sampling probability is
      samplingProbabilityN / samplingProbabilityM.  Any value is
      meaningless without a samplingProbabilityN.  The value MUST NOT be
      zero and MUST NOT be greater than samplingProbabilityN.
      This information element is used for the uniform probabilistic
      sampling algorithm.
   Abstract Data Type: unsigned32
   ElementId: 311
   Status: current

6.2.12  ipHeaderPacketSection

   Description:
      This information element carries the first n octets from the IP
      header of a sampled packet.  If insufficient octets are available,
      the remainder of the data should be zero-filled and an additional
      information element sent (e.g., ipPayloadLength) indicating how
      much of the data is valid.

   Abstract Data Type: octetArray
   ElementId: 313
   Status: current

6.2.13  ipPayloadPacketSection

   Description:
      This information element carries the first n octets from the IP
      payload of a sampled packet.  If insufficient octets are
      available, the remainder of the data should be zero-filled and an
      additional information element sent (e.g., ipPayloadLength)
      indicating how much of the data is valid.
      The IPv4 payload is that part of the packet which follows the IPv4
      header and any options, which RFC 791 refers to as "data" or "data
      octets". e.g., see the examples in RFC 791 APPENDIX A.
   Abstract Data Type: octetArray
   ElementId: 314
   Status: current

6.2.14  l2HeaderPacketSection

   Description:
      This information element carries the first n octets from the layer
      2 header of a sampled packet.






Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 13]


Internet-Draft           PSAMP Information Model            October 2005


      EDITOR'S NOTE: TODO.
   Abstract Data Type: octetArray
   ElementId: 315
   Status: current

6.2.15  l2PayloadPacketSection

   Description:
      This information element carries the first n octets from the layer
      2 payload of a sampled packet.
      EDITOR'S NOTE: TODO.
   Abstract Data Type: octetArray
   ElementId: 316
   Status: current

6.2.16  mplsLabelStackSection

   Description:
      This information element carries the first n octets from the MPLS
      label stack of a sampled packet.  See RFC 3031 for the
      specification of MPLS packets.  See RFC 3032 for the specification
      of the MPLS label stack.
      EDITOR'S NOTE: TODO.
   Abstract Data Type: octetArray
   ElementId: 317
   Status: current

6.2.17  mplsPayloadPacketSection

   Description:
      This information element carries the first n octets from the MPLS
      payload of a sampled packet, being data that follows immediately
      after the MPLS label stack.  See RFC 3031 for the specification of
      MPLS packets.  See RFC 3032 for the specification of the MPLS
      label stack.
      EDITOR'S NOTE: TODO.
   Abstract Data Type: octetArray
   ElementId: 318
   Status: current

6.2.18  meteringProcesssId

   Description:
      ID of the metering process.  Unique in the observation domain.







Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 14]


Internet-Draft           PSAMP Information Model            October 2005


   Abstract Data Type: octet
   ElementId: 319
   Status: current

6.2.19  observationPointId

   Description:
      ID of the observation process.  Unique in the observation domain.
   Abstract Data Type: octet
   ElementId: 320
   Status: current

6.2.20  associationsId

   Description:
      ID of the associations.  Unique in the observation domain.
   Abstract Data Type: octet
   ElementId: 321
   Status: current

6.2.21  selectorType

   Description:
      Type of a selector.  Unique in the observation domain.
   Abstract Data Type: octet
   ElementId: 323
   Status: current

6.2.22  packetsObserved

   Description:
      Number of packets observed by a selector.
   Abstract Data Type: octet
   ElementId: 324
   Status: current

6.2.23  packetsSelected

   Description:
      Number of packets selected by a selector.
   Abstract Data Type: octet
   ElementId: 325
   Status: current

6.2.24  accuracy






Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 15]


Internet-Draft           PSAMP Information Model            October 2005


   Description:
      Describes the accuracy of a selector.
   Abstract Data Type: octet
   ElementId: 326
   Status: current

7.  Security Considerations

   The PSAMP information model itself does not directly introduce
   security issues.  Rather it defines a set of attributes which may for
   privacy or business issues be considered sensitive information.

   Specifically, the Information Elements pertaining to packet sections
   MUST target no more than the packet header, some subsequent bytes of
   the packet, and encapsulating headers if present.  Full packet
   capture of arbitrary packet streams is explicitly out of scope, per
   RFC 2804 and the PSAMP WG charter.

   The underlying protocol used to exchange the information described
   here must therefore apply appropriate procedures to guarantee the
   integrity and confidentiality of the exported information.  Such
   protocols are defined in separate documents, specifically the IPFIX
   protocol document [I-D.ietf-ipfix-protocol].

8.  IANA Considerations

   This document defines an initial set of PSAMP Information Elements,
   as an extension to the IPFIX Information Elements [IPFIX-INFO].  New
   assignments for PSAMP Information Elements will be administered
   according to rules explained in the "IANA Consideration" section of
   the IPFIX Information Model document [IPFIX-INFO].  Note that the
   PSAMP Information Element IDs were initially started at the value
   300, in order to leave a gap for any ongoing IPFIX work requiring new
   Information Elements.  It is expected that this gap in the
   Information Element numbering will be filled in by IANA with new
   IPFIX Information Elements.  Appendix B defines an XML schema which
   may be used to create consistent machine readable extensions to the
   IPFIX information model.  This schema introduces a new namespace,
   which will be assigned by IANA according to RFC 3688.

9.  References

9.1  Normative References

   [I-D.ietf-psamp-sample-tech]
              Zseby, T., Molina, M., Raspall, F., and N. Duffield,
              "Sampling and Filtering Techniques for IP Packet
              Selection", draft-ietf-psamp-sample-tech-07 (work in



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 16]


Internet-Draft           PSAMP Information Model            October 2005


              progress), July 2005.

   [I-D.ietf-psamp-protocol]
              Claise, B., "Packet Sampling (PSAMP) Protocol
              Specifications", draft-ietf-psamp-protocol-01 (work in
              progress), February 2004.

   [I-D.ietf-psamp-mib]
              Dietz, T., "Definitions of Managed Objects for Packet
              Sampling", draft-ietf-psamp-mib-02 (work in progress),
              February 2004.

   [I-D.ietf-ipfix-reqs]
              Quittek, J., "Requirements for IP Flow Information
              Export", draft-ietf-ipfix-reqs-16 (work in progress),
              June 2004.

   [I-D.ietf-ipfix-info]
              Calato, P., "Information Model for IP Flow Information
              Export", draft-ietf-ipfix-info-03 (work in progress),
              February 2004.

   [I-D.ietf-ipfix-protocol]
              Claise, B., "IPFIX Protocol Specifications",
              draft-ietf-ipfix-protocol-03 (work in progress),
              February 2004.

9.2  Informative References

   [I-D.ietf-ipfix-architecture]
              Norseth, K. and G. Sadasivan, "Architecture Model for IP
              Flow Information Export", draft-ietf-ipfix-architecture-02
              (work in progress), June 2002.

   [I-D.ietf-psamp-framework]
              Duffield, N., "A Framework for Passive Packet
              Measurement", draft-ietf-psamp-framework-05 (work in
              progress), January 2004.

   [I-D.quittek-psamp-ipfix]
              Quittek, J. and B. Claise, "On the Relationship between
              PSAMP and IPFIX", draft-quittek-psamp-ipfix-01 (work in
              progress), March 2003.

   [RFC2629]  Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
              June 1999.

   [RFC3444]  Pras, A. and J. Schoenwaelder, "On the Difference between



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 17]


Internet-Draft           PSAMP Information Model            October 2005


              Information Models and Data Models", RFC 3444,
              January 2003.

   [RFC3470]  Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for
              the Use of Extensible Markup Language (XML) within IETF
              Protocols", BCP 70, RFC 3470, January 2003.


Authors' Addresses

   Thomas Dietz
   NEC Europe Ltd.
   Network Laboratories
   Kurfuersten-Anlage 36
   Heidelberg  69115
   Germany

   Phone: +49 6221 90511-28
   Email: dietz@netlab.nec.de
   URI:   http://www.netlab.nec.de/


   Falko Dressler
   University of Erlangen-Nuremberg
   Dept. of Computer Sciences
   Martensstr. 3
   Erlangen  91058
   Germany

   Phone: +49 9131 85-27914
   Email: dressler@informatik.uni-erlangen.de
   URI:   http://www7.informatik.uni-erlangen.de/~dressler


   Georg Carle
   University of Tuebingen
   Wilhelm-Schickard-Institute for Computer Science
   Auf der Morgenstelle 10C
   Tuebingen  71076
   Germany

   Phone: +49 7071 29-70505
   Email: carle@informatik.uni-tuebingen.de
   URI:   http://net.informatik.uni-tuebingen.de/~carle/







Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 18]


Internet-Draft           PSAMP Information Model            October 2005


   Benoit Claise
   Cisco Systems
   De Kleetlaan 6a b1
   Degem  1813
   Belgium

   Phone: +32 2 704 5622
   Email: bclaise@cisco.com


   Paul Aitken
   Cisco Systems
   96 Commercial Quay
   Edinburgh  EH6 6LX
   Scotland

   Phone: +44 131 561 3616
   Email: paitken@cisco.com
   URI:   http://www.cisco.com/

Appendix A.  Formal Specification of PSAMP Information Elements

   This appendix contains a formal description of the PSAMP information
   model XML document.  Note that this appendix is of informational
   nature, while the text in section Section 6 generated from this
   appendix is normative.

   Using a formal and machine readable syntax for the information model
   enables the creation of PSAMP aware tools which can automatically
   adapt to extensions to the information model, by simply reading
   updated information model specifications.

   The wide availability of XML aware tools and libraries for client
   devices is a primary consideration for this choice.  In particular
   libraries for parsing XML documents are readily available.  Also
   mechanisms such as the Extensible Stylesheet Language (XSL) allow for
   transforming a source XML document into other documents.  This draft
   was authored in XML and transformed according to RFC2629.

   It should be noted that the use of XML in exporters, collectors or
   other tools is not mandatory for the deployment of PSAMP.  In
   particular, exporting processes do not produce or consume XML as part
   of their operation.  It is expected that PSAMP collectors MAY take
   advantage of the machine readability of the information model vs.
   hardcoding their behavior or inventing proprietary means for
   accommodating extensions.

   Using XML-based specifications does not currently address possible



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 19]


Internet-Draft           PSAMP Information Model            October 2005


   IANA implications associated with XML Namespace URIs.  The use of
   Namespaces as an extension mechanism implies that an IANA registered
   Namespace URI should be available and that directory names below this
   base URI be assigned for relevant IETF specifications.  The authors
   are not aware of this mechanism today.



   <?xml version="1.0" encoding="UTF-8"?>
   <fieldDefinitions><!-- xmlns="http://www.ietf.org/ipfix"-->
     <field name="selectorId" dataType="unsigned16"
            dataTypeSemantics="identifier"
            fieldId="300" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
             The ID of a selector. Each selector instance
             must have a unique ID in the observation domain.
         </paragraph>
       </description>
     </field>

     <field name="selectorInputSequenceNumber" dataType="unsigned32"
            fieldId="301" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           The input sequence number of a packet at a selector.
         </paragraph>
         <paragraph>
           Since each use of a selector is independent, each separate
           selector instance must maintain its own
           selectorInputSequenceNumber.
         </paragraph>
       </description>
     </field>

     <field name="selectorAlgorithm" dataType="octet"
            dataTypeSemantics="identifier"
            fieldId="302" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           Specifies the selector algorithm (e.g., filter, sampler,
           hash) that was used on a packet.
           It is exported in the options data flow record to specify
           how a collector has to interpret a data flow record.
         </paragraph>



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 20]


Internet-Draft           PSAMP Information Model            October 2005


         <paragraph>
         </paragraph>
         <paragraph>
           The following selector algorithms are currently defined:
         </paragraph>

         <itemlist>
           <item>1 Systematic count-based sampling</item>
           <item>2 Systematic time-based sampling</item>
           <item>3 Random n-out-of-N sampling</item>
           <item>4 Uniform probabilistic sampling</item>
           <item>5 Non-uniform probabilistic sampling</item>
           <item>6 Non-uniform flow state sampling</item>
           <item>7 Match based filtering</item>
           <item>8 Hash based filtering</item>
           <item>9 Router state filtering</item>
         </itemlist>

         <paragraph>
         </paragraph>
         <paragraph>
           The parameters for most of these algorithms
           are defined in this information model. Some parameters -
           especially those for algorithms 5, 6 and 8
           are not covered by this information model since they depend
           very much on the underlying hardware.
         </paragraph>
         <paragraph>
           Currently there are no hash functions defined.
         </paragraph>
         <paragraph>
         </paragraph>
         <paragraph>
           EDITOR'S NOTE: This list may extend to the final
           version. The "octet" data type is probably not the best
           choice but keeps the list extensible.
         </paragraph>
       </description>
     </field>

     <field name="samplingPacketInterval" dataType="unsigned32"
            fieldId="304" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           Number of packets that are consecutively sampled.
           For example a value of 100 means that 100 contiguous
           packets are sampled.



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 21]


Internet-Draft           PSAMP Information Model            October 2005


         </paragraph>
         <paragraph>
           This information element is used for the systematic
           count-based sampling.
         </paragraph>
       </description>
       <units>packets</units>
     </field>

     <field name="samplingPacketSpace" dataType="unsigned32"
            fieldId="305" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           The number of packets between two
           "samplingPacketInterval"s. A value of 100 means that the
           next interval starts after 100 packets (which are not
           sampled) when the current "samplingPacketInterval" is over.
         </paragraph>
         <paragraph>
           This information element is used for the systematic
           count-based sampling.
         </paragraph>
       </description>
       <units>packets</units>
     </field>

     <field name="samplingTimeInterval" dataType="dateTimeMicroSeconds"
            fieldId="306" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           Time interval in microseconds in which all arriving
           packets are sampled.
         </paragraph>
         <paragraph>
           This information element is used for the systematic
           time-based sampling.
         </paragraph>
       </description>
       <units>microseconds</units>
     </field>

     <field name="samplingTimeSpace" dataType="dateTimeMicroSeconds"
            fieldId="307" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 22]


Internet-Draft           PSAMP Information Model            October 2005


           The time interval in microseconds between two
           "samplingTimeInterval"s. A value of 100 would mean that the
           next interval would start after 100 microseconds (in which no
           packets are sampled) when the current "samplingTimeInterval"
           is over.
         </paragraph>
         <paragraph>
           This information element is used for the systematic
           time-based sampling.
         </paragraph>
       </description>
       <units>microseconds</units>
     </field>

     <field name="samplingPopulation" dataType="unsigned32"
            fieldId="308" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           The number of elements in the parent population
           for random sampling algorithms.
         </paragraph>
         <paragraph>
           This information element is used for the random
           n-out-of-N sampling algorithm.
         </paragraph>
       </description>
       <units>packets</units>
     </field>

     <field name="samplingSize" dataType="unsigned32"
            fieldId="309" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           The number of elements taken from the parent
           population for random sampling algorithms.
         </paragraph>
         <paragraph>
           This information element is used for the random
           n-out-of-N sampling algorithm.
         </paragraph>
       </description>
       <units>packets</units>
     </field>

     <field name="samplingProbabilityN" dataType="unsigned32"
            fieldId="310" applicability="option" status="current"



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 23]


Internet-Draft           PSAMP Information Model            October 2005


            group="common">
       <description>
         <paragraph>
           The probability that a packet is sampled.
           The probability is equal for every packet.
           The sampling probability is samplingProbabilityN /
           samplingProbabilityM.
           A value of 0 means no packet was sampled
           (probability is 0).
           Any other value is meaningless without
           a samplingProbabilityM.
         </paragraph>
         <paragraph>
           This information element is used for the uniform
           probabilistic sampling algorithm.
         </paragraph>
       </description>
     </field>

     <field name="samplingProbabilityM" dataType="unsigned32"
            fieldId="311" applicability="option" status="current"
            group="common">
       <description>
         <paragraph>
           The probability that a packet is sampled.
           The probability is equal for every packet.
           The sampling probability is samplingProbabilityN /
           samplingProbabilityM.
           Any value is meaningless without a samplingProbabilityN.
           The value MUST NOT be zero and MUST NOT be greater than
           samplingProbabilityN.
         </paragraph>
         <paragraph>
           This information element is used for the uniform
           probabilistic sampling algorithm.
         </paragraph>
       </description>
     </field>

     <field name="ipHeaderPacketSection" dataType="octetArray"
            fieldId="313" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           This information element carries the first n octets
           from the IP header of a sampled packet.
           If insufficient octets are available, the remainder of the
           data should be zero-filled and an additional information



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 24]


Internet-Draft           PSAMP Information Model            October 2005


           element sent (e.g., ipPayloadLength) indicating how much of
           the data is valid.
         </paragraph>
         <paragraph>
         </paragraph>
       </description>
     </field>

     <field name="ipPayloadPacketSection" dataType="octetArray"
            fieldId="314" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           This information element carries the first n octets
           from the IP payload of a sampled packet.
           If insufficient octets are available, the remainder of the
           data should be zero-filled and an additional information
           element sent (e.g., ipPayloadLength) indicating how much of
           the data is valid.
         </paragraph>
         <paragraph>
           The IPv4 payload is that part of the packet which follows the
           IPv4 header and any options, which RFC 791 refers to as
           "data" or "data octets".
           e.g., see the examples in RFC 791 APPENDIX A.
         </paragraph>
       </description>
     </field>

     <field name="l2HeaderPacketSection" dataType="octetArray"
            fieldId="315" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           This information element carries the first n octets
           from the layer 2 header of a sampled packet.
         </paragraph>
         <paragraph>
           EDITOR'S NOTE: TODO.
         </paragraph>
       </description>
     </field>

     <field name="l2PayloadPacketSection" dataType="octetArray"
            fieldId="316" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 25]


Internet-Draft           PSAMP Information Model            October 2005


           This information element carries the first n octets
           from the layer 2 payload of a sampled packet.
         </paragraph>
         <paragraph>
           EDITOR'S NOTE: TODO.
         </paragraph>
       </description>
     </field>

     <field name="mplsLabelStackSection" dataType="octetArray"
            fieldId="317" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           This information element carries the first n octets
           from the MPLS label stack of a sampled packet.
           See RFC 3031 for the specification of MPLS packets.
           See RFC 3032 for the specification of the MPLS label stack.
         </paragraph>
         <paragraph>
           EDITOR'S NOTE: TODO.
         </paragraph>
       </description>
     </field>

     <field name="mplsPayloadPacketSection" dataType="octetArray"
            fieldId="318" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           This information element carries the first n octets
           from the MPLS payload of a sampled packet, being data
           that follows immediately after the MPLS label stack.
           See RFC 3031 for the specification of MPLS packets.
           See RFC 3032 for the specification of the MPLS label stack.
         </paragraph>
         <paragraph>
           EDITOR'S NOTE: TODO.
         </paragraph>
       </description>
     </field>

     <field name="meteringProcesssId" dataType="octet"
            fieldId="319" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           ID of the metering process.



Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 26]


Internet-Draft           PSAMP Information Model            October 2005


           Unique in the observation domain.
         </paragraph>
       </description>
     </field>

     <field name="observationPointId" dataType="octet"
            fieldId="320" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           ID of the observation process.
           Unique in the observation domain.
         </paragraph>
       </description>
     </field>

     <field name="associationsId" dataType="octet"
            fieldId="321" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           ID of the associations.
           Unique in the observation domain.
         </paragraph>
       </description>
     </field>

     <field name="selectorType" dataType="octet"
            fieldId="323" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           Type of a selector.
           Unique in the observation domain.
         </paragraph>
       </description>
     </field>

     <field name="packetsObserved" dataType="octet"
            fieldId="324" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           Number of packets observed by a selector.
         </paragraph>
       </description>
     </field>




Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 27]


Internet-Draft           PSAMP Information Model            October 2005


     <field name="packetsSelected" dataType="octet"
            fieldId="325" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           Number of packets selected by a selector.
         </paragraph>
       </description>
     </field>

     <field name="accuracy" dataType="octet"
            fieldId="326" applicability="data" status="current"
            group="common">
       <description>
         <paragraph>
           Describes the accuracy of a selector.
         </paragraph>
       </description>
     </field>

   </fieldDefinitions>






























Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 28]


Internet-Draft           PSAMP Information Model            October 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Dietz, et al.         draft-ietf-psamp-info-03.txt             [Page 29]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/