[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]
Versions: 00 01 02 03 04 05 06 07 08 09 10 11
RFC 5477
Network Working Group T. Dietz
Internet-Draft NEC Europe Ltd.
Intended status: Standards Track B. Claise
Expires: April 23, 2009 P. Aitken
Cisco Systems, Inc.
F. Dressler
University of Erlangen-Nuremberg
G. Carle
Technical University of Munich
October 20, 2008
Information Model for Packet Sampling Exports
<draft-ietf-psamp-info-11.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 23, 2009.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 1]
Internet-Draft PSAMP Information Model October 2008
Abstract
This memo defines an information model for the Packet Sampling
(PSAMP) protocol. It is used by the PSAMP protocol for encoding
sampled packet data and information related to the Sampling process.
As the PSAMP protocol is based on the IPFIX protocol, this
information model is an extension to the IPFIX information model.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 2]
Internet-Draft PSAMP Information Model October 2008
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. PSAMP Documents Overview . . . . . . . . . . . . . . . . . . . 6
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Relationship between PSAMP and IPFIX . . . . . . . . . . . . . 8
5. Properties of a PSAMP Information Element . . . . . . . . . . 9
6. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7. Overloading Information Elements . . . . . . . . . . . . . . . 11
8. The PSAMP Information Elements . . . . . . . . . . . . . . . . 12
8.1. Identifiers (301-303) . . . . . . . . . . . . . . . . . . 12
8.1.1. selectionSequenceId . . . . . . . . . . . . . . . . . 13
8.1.2. selectorId . . . . . . . . . . . . . . . . . . . . . . 13
8.1.3. informationElementId . . . . . . . . . . . . . . . . . 13
8.2. Sampling Configuration (304-311) . . . . . . . . . . . . . 14
8.2.1. selectorAlgorithm . . . . . . . . . . . . . . . . . . 14
8.2.2. samplingPacketInterval . . . . . . . . . . . . . . . . 16
8.2.3. samplingPacketSpace . . . . . . . . . . . . . . . . . 16
8.2.4. samplingTimeInterval . . . . . . . . . . . . . . . . . 17
8.2.5. samplingTimeSpace . . . . . . . . . . . . . . . . . . 17
8.2.6. samplingSize . . . . . . . . . . . . . . . . . . . . . 18
8.2.7. samplingPopulation . . . . . . . . . . . . . . . . . . 18
8.2.8. samplingProbability . . . . . . . . . . . . . . . . . 19
8.3. Hash Configuration (326-334) . . . . . . . . . . . . . . . 19
8.3.1. digestHashValue . . . . . . . . . . . . . . . . . . . 19
8.3.2. hashIPPayloadOffset . . . . . . . . . . . . . . . . . 20
8.3.3. hashIPPayloadSize . . . . . . . . . . . . . . . . . . 20
8.3.4. hashOutputRangeMin . . . . . . . . . . . . . . . . . . 21
8.3.5. hashOutputRangeMax . . . . . . . . . . . . . . . . . . 21
8.3.6. hashSelectedRangeMin . . . . . . . . . . . . . . . . . 21
8.3.7. hashSelectedRangeMax . . . . . . . . . . . . . . . . . 22
8.3.8. hashDigestOutput . . . . . . . . . . . . . . . . . . . 22
8.3.9. hashInitialiserValue . . . . . . . . . . . . . . . . . 23
8.4. Time Stamps (322-325) . . . . . . . . . . . . . . . . . . 23
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 3]
Internet-Draft PSAMP Information Model October 2008
8.4.1. observationTimeSeconds . . . . . . . . . . . . . . . . 23
8.4.2. observationTimeMilliseconds . . . . . . . . . . . . . 24
8.4.3. observationTimeMicroseconds . . . . . . . . . . . . . 24
8.4.4. observationTimeNanoseconds . . . . . . . . . . . . . . 24
8.5. Packet Data (312-317) . . . . . . . . . . . . . . . . . . 25
8.5.1. ipHeaderPacketSection . . . . . . . . . . . . . . . . 25
8.5.2. ipPayloadPacketSection . . . . . . . . . . . . . . . . 26
8.5.3. mplsLabelStackSection . . . . . . . . . . . . . . . . 26
8.5.4. mplsPayloadPacketSection . . . . . . . . . . . . . . . 27
8.6. Statistics (318-321) . . . . . . . . . . . . . . . . . . . 27
8.6.1. selectorIdTotalPktsObserved . . . . . . . . . . . . . 28
8.6.2. selectorIdTotalPktsSelected . . . . . . . . . . . . . 28
8.6.3. absoluteError . . . . . . . . . . . . . . . . . . . . 29
8.6.4. relativeError . . . . . . . . . . . . . . . . . . . . 29
8.6.5. upperCILimit . . . . . . . . . . . . . . . . . . . . . 30
8.6.6. lowerCILimit . . . . . . . . . . . . . . . . . . . . . 31
8.6.7. confidenceLevel . . . . . . . . . . . . . . . . . . . 31
9. Security Considerations . . . . . . . . . . . . . . . . . . . 33
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
10.1. Related Considerations . . . . . . . . . . . . . . . . . . 34
10.2. PSAMP Related Considerations . . . . . . . . . . . . . . . 34
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35
11.1. Normative References . . . . . . . . . . . . . . . . . . . 35
11.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. Formal Specification of PSAMP Information Elements . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 53
Intellectual Property and Copyright Statements . . . . . . . . . . 55
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 4]
Internet-Draft PSAMP Information Model October 2008
1. Introduction
Packet Sampling techniques are required for various measurement
scenarios. The Packet Sampling (PSAMP) protocol provides mechanisms
for packet selection using different Filtering and Sampling
techniques. A standardized way for the export and storage of the
Information Elements defined in section 8 is required. The
definition of the PSAMP information and data model is based on the
IPFIX Information Model [RFC5102]. The PSAMP protocol document
[I-D.ietf-psamp-protocol] specifies how to use the IPFIX protocol in
the PSAMP context.
This document examines the IPFIX Information Model [RFC5102] and
extends it to meet the PSAMP requirements [RFC3917]. Therefore, the
structure of this document is strongly based on the IPFIX document.
It complements the PSAMP protocol specification by providing an
appropriate PSAMP information model. The main part of this document,
section 8, defines the list of Information Elements to be transmitted
by the PSAMP protocol. Sections 5 and 6 describe the data types and
Information Element properties used within this document and their
relationship to the IPFIX information model.
The main body of section 8 was generated from an XML document. The
XML-based specification of the PSAMP Information Elements can be used
for automatically checking syntactical correctness of the
specification. Furthermore it can be used - in combination with the
IPFIX information model - for automated code generation. The
resulting code can be used in PSAMP protocol implementations to deal
with processing PSAMP information elements.
For that reason, the XML document that served as the source for
section 8 is attached to this document in Appendix A.
Note that although partially generated from the attached XML
documents, the main body of this document is normative while the
appendices are informational.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 5]
Internet-Draft PSAMP Information Model October 2008
2. PSAMP Documents Overview
[I-D.ietf-psamp-framework]: "A Framework for Packet Selection and
Reporting" describes the PSAMP framework for network elements to
select subsets of packets by statistical and other methods, and to
export a stream of reports on the selected packets to a collector.
[I-D.ietf-psamp-sample-tech]: "Sampling and Filtering Techniques for
IP Packet Selection" describes the set of packet selection techniques
supported by PSAMP.
[I-D.ietf-psamp-protocol]: "Packet Sampling (PSAMP) Protocol
Specifications" specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Collecting Process.
This document, "Information Model for Packet Sampling Exports",
defines an information and data model for PSAMP.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 6]
Internet-Draft PSAMP Information Model October 2008
3. Terminology
IPFIX-specific terminology used in this document is defined in
Section 2 of [RFC5101]. PSAMP-specific terminology used in this
document is defined in Section 3.2 of [I-D.ietf-psamp-protocol]. As
in [RFC5101] and [I-D.ietf-psamp-protocol], these IPFIX- and PSAMP-
specific terms have the first letter of a word capitalized when used
in this document.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 7]
Internet-Draft PSAMP Information Model October 2008
4. Relationship between PSAMP and IPFIX
As described in the PSAMP protocol [I-D.ietf-psamp-protocol] a PSAMP
Report can be seen as a very special IPFIX Data Record. It
represents an IPFIX Flow containing only a single packet. Therefore,
the IPFIX information model can be used as a basis for PSAMP Reports.
Nevertheless, there are properties required in PSAMP Reports which
cannot be modelled using the current IPFIX information model. This
document describes extensions to the IPFIX information model which
allow the modelling of information and data required by PSAMP.
Some of these extensions allow the export of what may be considered
sensitive information. Refer to the Security Considerations section
for a fuller discussion.
Note that the export of sampled or filtered PSAMP Reports may not
need all the Information Elements defined by the IPFIX information
model [RFC5102], as discussed in sections 6.2 and 6.3 of the PSAMP
Framework [I-D.ietf-psamp-framework].
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 8]
Internet-Draft PSAMP Information Model October 2008
5. Properties of a PSAMP Information Element
The PSAMP Information Elements are defined in accordance with
sections 2.1 to 2.3 of the IPFIX Information Model [RFC5102] to which
reference should be made for more information. Nevertheless, we
strongly recommend defining the optional "units" property for every
information element (if applicable).
The Data Types defined in section 3.1 of the IPFIX Information Model
[RFC5102] are also used for the PSAMP Information Elements.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 9]
Internet-Draft PSAMP Information Model October 2008
6. Type Space
The PSAMP Information Elements MUST be constructed from the basic
abstract data types and data type semantics described in section 3 of
the IPFIX Information Model [RFC5102]. To ensure consistency between
IPFIX and PSAMP, the data types are not repeated in this document.
The encoding of these data types is described in the IPFIX Protocol
[RFC5101].
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 10]
Internet-Draft PSAMP Information Model October 2008
7. Overloading Information Elements
Information Elements SHOULD NOT be overloaded with multiple meanings
or re-used for multiple purposes. Different Information Elements
SHOULD be allocated for each requirement.
Although the presence of certain other Information Elements allows
the selection method to be inferred, a separate Information Element
is provided for the selectorAlgorithm to include as scope for the
Selector Report Interpretation [I-D.ietf-psamp-protocol].
Even if the Information Elements are specified with a specific
selection method (i.e. a specific value of selectorAlgorithm) in
mind, these Information Elements are not restricted to the selection
method and MAY be used for different selection methods in the future.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 11]
Internet-Draft PSAMP Information Model October 2008
8. The PSAMP Information Elements
This section describes the Information Elements used by the PSAMP
protocol.
For each Information Element specified in sections 8.1 - 8.6 below a
unique identifier is allocated in accordance with section 4 of the
IPFIX information model [RFC5102]. The assignments are controlled by
IANA as an extension of the IPFIX Information Model.
The Information Elements specified by the IPFIX information model
[RFC5102] are used by the PSAMP protocol where applicable. To avoid
inconsistencies between the IPFIX and the PSAMP information and data
models, only those Information Elements that are not already
described by the IPFIX information model are defined here.
List of additional PSAMP Information Elements:
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 301 | selectionSequenceId | 321 | relativeError |
| 302 | selectorId | 322 | observationTimeSeconds |
| 303 | informationElementId | 323 | observationTimeMilliseconds|
| 304 | selectorAlgorithm | 324 | observationTimeMicroseconds|
| 305 | samplingPacketInterval | 325 | observationTimeNanoseconds |
| 306 | samplingPacketSpace | 326 | digestHashValue |
| 307 | samplingTimeInterval | 327 | hashIPPayloadOffset |
| 308 | samplingTimeSpace | 328 | hashIPPayloadSize |
| 309 | samplingSize | 329 | hashOutputRangeMin |
| 310 | samplingPopulation | 330 | hashOutputRangeMax |
| 311 | samplingProbability | 331 | hashSelectedRangeMin |
| 313 | ipHeaderPacketSection | 332 | hashSelectedRangeMax |
| 314 | ipPayloadPacketSection | 333 | hashDigestOutput |
| 316 | mplsLabelStackSection | 334 | hashInitialiserValue |
| 317 | mplsPayloadPacketSection | 336 | upperCILimit |
| 318 | selectorIdTotalPktsObserved| 337 | lowerCILimit |
| 319 | selectorIdTotalPktsSelected| 338 | confidenceLevel |
| 320 | absoluteError | | |
+-----+----------------------------+-----+----------------------------+
8.1. Identifiers (301-303)
Information Elements in this section serve as identifiers. All of
them have an integral abstract data type and data type semantics
"identifier".
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 12]
Internet-Draft PSAMP Information Model October 2008
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 301 | selectionSequenceId | 303 | informationElementId |
| 302 | selectorId | | |
+-----+----------------------------+-----+----------------------------+
8.1.1. selectionSequenceId
Description:
From all the packets observed at an Observation Point, a subset of
the packets is selected by a sequence of one or more Selectors.
The selectionSequenceId is a unique value per Observation Domain,
specifying the Observation Point and the sequence of Selectors
through which the packets are selected.
Abstract Data Type: unsigned64
Data Type Semantics: identifier
ElementId: 301
Status: current
8.1.2. selectorId
Description:
The Selector ID is the unique ID identifying a Primitive Selector.
Each Primitive Selector must have a unique ID in the Observation
Domain.
Abstract Data Type: unsigned16
Data Type Semantics: identifier
ElementId: 302
Status: current
8.1.3. informationElementId
Description:
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 13]
Internet-Draft PSAMP Information Model October 2008
This Information Element contains the ID of another Information
Element.
Abstract Data Type: unsigned16
Data Type Semantics: identifier
ElementId: 303
Status: current
8.2. Sampling Configuration (304-311)
Information Elements in this section can be used for describing the
sampling configuration of a Selection Process.
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 304 | selectorAlgorithm | 308 | samplingTimeSpace |
| 305 | samplingPacketInterval | 309 | samplingSize |
| 306 | samplingPacketSpace | 310 | samplingPopulation |
| 307 | samplingTimeInterval | 311 | samplingProbability |
+-----+----------------------------+-----+----------------------------+
8.2.1. selectorAlgorithm
Description:
This Information Element identifies the packet selection methods
(e.g., Filtering, Sampling) that are applied by the Selection
Process.
Most of these methods have parameters. Further Information
Elements are needed to fully specify packet selection with these
methods and all their parameters.
The methods listed below are defined in [I-D.ietf-psamp-sample-
tech]. For their parameters, Information Elements are defined in
the Information Model Document. The names of these Information
Elements are listed for each method identifier.
Further method identifiers may be added to the list below. It
might be necessary to define new Information Elements to specify
their parameters.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 14]
Internet-Draft PSAMP Information Model October 2008
The selectorAlgorithm registry is maintained by IANA. New
assignments for the registry will be administered by IANA, and
subject to Expert Review [RFC5226].
The registry can be updated when specifications of the new
method(s) and any new Information Elements are provided.
The group of experts must double check the selectorAlgorithm
definitions and Information Elements with already defined
selectorAlgorithms and Information Elements for completeness,
accuracy and redundancy. Those experts will initially be drawn
from the Working Group Chairs and document editors of the IPFIX
and PSAMP Working Groups.
The following packet selection methods identifiers are defined
here:
+----+------------------------+------------------------+
| ID | Method | Parameters |
+----+------------------------+------------------------+
| 1 | Systematic count-based | samplingPacketInterval |
| | Sampling | samplingPacketSpace |
+----+------------------------+------------------------+
| 2 | Systematic time-based | samplingTimeInterval |
| | Sampling | samplingTimeSpace |
+----+------------------------+------------------------+
| 3 | Random n-out-of-N | samplingSize |
| | Sampling | samplingPopulation |
+----+------------------------+------------------------+
| 4 | Uniform probabilistic | samplingProbability |
| | Sampling | |
+----+------------------------+------------------------+
| 5 | Property match | no agreed parameters |
| | Filtering | |
+----+------------------------+------------------------+
| Hash based Filtering | hashInitialiserValue |
+----+------------------------+ hashIPPayloadOffset |
| 6 | using BOB | hashIPPayloadSize |
+----+------------------------+ hashSelectedRangeMin |
| 7 | using IPSX | hashSelectedRangeMax |
+----+------------------------+ hashOutputRangeMin |
| 8 | using CRC | hashOutputRangeMax |
+----+------------------------+------------------------+
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 15]
Internet-Draft PSAMP Information Model October 2008
There is a broad variety of possible parameters that could be used
for Property match Filtering (5) but currently there are no agreed
parameters specified.
Abstract Data Type: unsigned16
Data Type Semantics: identifier
ElementId: 304
Status: current
8.2.2. samplingPacketInterval
Description:
This Information Element specifies the number of packets that are
consecutively sampled. For example a value of 100 means that 100
consecutive packets are sampled.
For example, this Information Element may be used to describe the
configuration of a systematic count-based Sampling Selector.
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: 305
Status: current
Units: packets
8.2.3. samplingPacketSpace
Description:
This Information Element specifies the number of packets between
two "samplingPacketInterval"s. A value of 100 means that the next
interval starts 100 packets (which are not sampled) after the
current "samplingPacketInterval" is over.
For example, this Information Element may be used to describe the
configuration of a systematic count-based Sampling Selector.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 16]
Internet-Draft PSAMP Information Model October 2008
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: 306
Status: current
Units: packets
8.2.4. samplingTimeInterval
Description:
This Information Element specifies the time interval in
microseconds during which all arriving packets are sampled.
For example, this Information Element may be used to describe the
configuration of a systematic time-based Sampling Selector.
Abstract Data Type: dateTimeMicroseconds
Data Type Semantics: quantity
ElementId: 307
Status: current
Units: microseconds
8.2.5. samplingTimeSpace
Description:
This Information Element specifies the time interval in
microseconds between two "samplingTimeInterval"s. A value of 100
means that the next interval starts 100 microseconds (during which
no packets are sampled) after the current "samplingTimeInterval"
is over.
For example, this Information Element may used to describe the
configuration of a systematic time-based Sampling Selector.
Abstract Data Type: dateTimeMicroseconds
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 17]
Internet-Draft PSAMP Information Model October 2008
Data Type Semantics: quantity
ElementId: 308
Status: current
Units: microseconds
8.2.6. samplingSize
Description:
This Information Element specifies the number of elements taken
from the parent Population for random Sampling methods.
For example, this Information Element may be used to describe the
configuration of a random n-out-of-N Sampling Selector.
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: 309
Status: current
Units: packets
8.2.7. samplingPopulation
Description:
This Information Element specifies the number of elements in the
parent Population for random Sampling methods.
For example, this Information Element may be used to describe the
configuration of a random n-out-of-N Sampling Selector.
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: 310
Status: current
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 18]
Internet-Draft PSAMP Information Model October 2008
Units: packets
8.2.8. samplingProbability
Description:
This Information Element specifies the probability that a packet
is sampled, expressed as a value between 0 and 1. The probability
is equal for every packet. A value of 0 means no packet was
sampled since the probability is 0.
For example, this Information Element may be used to describe the
configuration of a uniform probabilistic Sampling Selector.
Abstract Data Type: float64
Data Type Semantics: quantity
ElementId: 311
Status: current
8.3. Hash Configuration (326-334)
The following Information Elements can be used for describing the
sampling configuration of a Selection Process. The individual
parameters are explained in more detail in the
[I-D.ietf-psamp-sample-tech] in section 6.2 as well as in sections
3.8 and 7.1.
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 326 | digestHashValue | 331 | hashSelectedRangeMin |
| 327 | hashIPPayloadOffset | 332 | hashSelectedRangeMax |
| 328 | hashIPPayloadSize | 333 | hashDigestOutput |
| 329 | hashOutputRangeMin | 334 | hashInitialiserValue |
| 330 | hashOutputRangeMax | | |
+-----+----------------------------+-----+----------------------------+
8.3.1. digestHashValue
Description:
This Information Element specifies the value from the digest hash
function.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 19]
Internet-Draft PSAMP Information Model October 2008
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 326
Status: current
8.3.2. hashIPPayloadOffset
Description:
This Information Element specifies the IP payload offset used by a
hash based Selector.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 327
Status: current
8.3.3. hashIPPayloadSize
Description:
This Information Element specifies the IP payload size used by a
hash based Selector. See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 328
Status: current
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 20]
Internet-Draft PSAMP Information Model October 2008
8.3.4. hashOutputRangeMin
Description:
This Information Element specifies the value for the beginning of
a hash function's potential output range.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 329
Status: current
8.3.5. hashOutputRangeMax
Description:
This Information Element specifies the value for the end of a hash
function's potential output range.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 330
Status: current
8.3.6. hashSelectedRangeMin
Description:
This Information Element specifies the value for the beginning of
a hash function's selected range.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 21]
Internet-Draft PSAMP Information Model October 2008
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 331
Status: current
8.3.7. hashSelectedRangeMax
Description:
This Information Element specifies the value for the end of a hash
function's selected range.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 332
Status: current
8.3.8. hashDigestOutput
Description:
This Information Element contains a boolean value which is TRUE if
the output from this hash Selector has been configured to be
included in the packet report as a packet digest, else FALSE.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: boolean
Data Type Semantics: quantity
ElementId: 333
Status: current
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 22]
Internet-Draft PSAMP Information Model October 2008
8.3.9. hashInitialiserValue
Description:
This Information Element specifies the initialiser value to the
hash function.
See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample-
tech].
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 334
Status: current
8.4. Time Stamps (322-325)
The Information Elements listed below contain time stamps. They can
be used for reporting the observation time of a single packet.
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 322 | observationTimeSeconds | 324 | observationTimeMicroseconds|
| 323 | observationTimeMilliseconds| 325 | observationTimeNanoseconds |
+-----+----------------------------+-----+----------------------------+
8.4.1. observationTimeSeconds
Description:
This Information Element specifies the absolute time in seconds of
an observation.
Abstract Data Type: dateTimeSeconds
Data Type Semantics: quantity
ElementId: 322
Status: current
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 23]
Internet-Draft PSAMP Information Model October 2008
Units: seconds
8.4.2. observationTimeMilliseconds
Description:
This Information Element specifies the absolute time in
milliseconds of an observation.
Abstract Data Type: dateTimeMilliseconds
Data Type Semantics: quantity
ElementId: 323
Status: current
Units: milliseconds
8.4.3. observationTimeMicroseconds
Description:
This Information Element specifies the absolute time in
microseconds of an observation.
Abstract Data Type: dateTimeMicroseconds
Data Type Semantics: quantity
ElementId: 324
Status: current
Units: microseconds
8.4.4. observationTimeNanoseconds
Description:
This Information Element specifies the absolute time in
nanoseconds of an observation.
Abstract Data Type: dateTimeNanoseconds
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 24]
Internet-Draft PSAMP Information Model October 2008
Data Type Semantics: quantity
ElementId: 325
Status: current
Units: nanoseconds
8.5. Packet Data (312-317)
The following Information Elements are all used for reporting raw
content of a packet. The only exception is dataLinkFrameSize that
reports the size of the related data link frame. All other
Information Elements contain sections of the raw packet. All
Information Elements containing sections of the observed packet can
also be used in IPFIX [RFC5101]. If the values for those sections
vary for different packets in a Flow then the Flow Report will
contain the value observed in the first packet of the Flow.
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 313 | ipHeaderPacketSection | 316 | mplsLabelStackSection |
| 314 | ipPayloadPacketSection | 317 | mplsPayloadPacketSection |
+-----+----------------------------+-----+----------------------------+
8.5.1. ipHeaderPacketSection
Description:
This Information Element, which may have a variable length,
carries a series of octets from the start of the IP header of a
sampled packet.
With sufficient length, this element also reports octets from the
IP payload, subject to [RFC2804]. See the Security Considerations
section.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
Abstract Data Type: octetArray
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 25]
Internet-Draft PSAMP Information Model October 2008
Data Type Semantics: quantity
ElementId: 313
Status: current
8.5.2. ipPayloadPacketSection
Description:
This Information Element, which may have a variable length,
carries a series of octets from the start of the IP payload of a
sampled packet.
The IPv4 payload is that part of the packet which follows the IPv4
header and any options, which [RFC0791] refers to as "data" or
"data octets". e.g., see the examples in [RFC0791] APPENDIX A.
The IPv6 payload is the rest of the packet following the 40 octet
IPv6 header. Note that any extension headers present are
considered part of the payload. See [RFC2460] for the IPv6
specification.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
Abstract Data Type: octetArray
Data Type Semantics: quantity
ElementId: 314
Status: current
8.5.3. mplsLabelStackSection
Description:
This Information Element, which may have a variable length,
carries the first n octets from the MPLS label stack of a sampled
packet.
With sufficient length, this element also reports octets from the
MPLS payload, subject to [RFC2804]. See the Security
Considerations section.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 26]
Internet-Draft PSAMP Information Model October 2008
See [RFC3031] for the specification of MPLS packets.
See [RFC3032] for the specification of the MPLS label stack.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
Abstract Data Type: octetArray
Data Type Semantics: quantity
ElementId: 316
Status: current
8.5.4. mplsPayloadPacketSection
Description:
This Information Element, which may have a variable length,
carries the first n octets from the MPLS payload of a sampled
packet, being data that follows immediately after the MPLS label
stack.
See [RFC3031] for the specification of MPLS packets.
See [RFC3032] for the specification of the MPLS label stack.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
Abstract Data Type: octetArray
Data Type Semantics: quantity
ElementId: 317
Status: current
8.6. Statistics (318-321)
Information Elements in this section can be used for reporting
statistics from the Metering Process.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 27]
Internet-Draft PSAMP Information Model October 2008
+-----+----------------------------+-----+----------------------------+
| ID | Name | ID | Name |
+-----+----------------------------+-----+----------------------------+
| 318 | selectorIdTotalPktsObserved| 336 | upperCILimit |
| 319 | selectorIdTotalPktsSelected| 337 | lowerCILimit |
| 320 | absoluteError | 338 | confidenceLevel |
| 321 | relativeError | | |
+-----+----------------------------+-----+----------------------------+
8.6.1. selectorIdTotalPktsObserved
Description:
This Information Element specifies the total number of packets
observed by a Selector, for a specific value of SelectorId.
This Information Element should be used in an option template
scoped to the observation to which it refers. See section 3.4.2.1
of the IPFIX Information Model [RFC5102].
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
ElementId: 318
Status: current
Units: packets
8.6.2. selectorIdTotalPktsSelected
Description:
This Information Element specifies the total number of packets
selected by a Selector, for a specific value of SelectorId.
This Information Element should be used in an option template
scoped to the observation to which it refers. See section 3.4.2.1
of the IPFIX Information Model [RFC5102].
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 28]
Internet-Draft PSAMP Information Model October 2008
ElementId: 319
Status: current
Units: packets
8.6.3. absoluteError
Description:
This Information Element specifies the maximum possible
measurement error of the reported value for a given Information
Element. The absoluteError has the same unit as the Information
Element it is associated with. The real value of the metric can
differ by absoluteError (positive or negative) from the measured
value.
This Information Element provides only the error for measured
values. If an Information Element contains an estimated value
(from sampling), the confidence boundaries and confidence level
have to be provided instead, using the upperCILimit, lowerCILimit
and confidenceLevel Information Elements.
This Information Element should be used in an option template
scoped to the observation to which it refers. See section 3.4.2.1
of the IPFIX Information Model [RFC5102].
Abstract Data Type: float64
Data Type Semantics: quantity
ElementId: 320
Status: current
Units: The units of the Information Element for which the error is
specified.
8.6.4. relativeError
Description:
This Information Element specifies the maximum possible positive
or negative error ratio for the reported value for a given
Information Element as percentage of the measured value. The real
value of the metric can differ by relativeError percent (positive
or negative) from the measured value.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 29]
Internet-Draft PSAMP Information Model October 2008
This Information Element provides only the error for measured
values. If an Information Element contains an estimated value
(from sampling), the confidence boundaries and confidence level
have to be provided instead, using the upperCILimit, lowerCILimit
and confidenceLevel Information Elements.
This Information Element should be used in an option template
scoped to the observation to which it refers. See section 3.4.2.1
of the IPFIX Information Model [RFC5102].
Abstract Data Type: float64
Data Type Semantics: quantity
ElementId: 321
Status: current
8.6.5. upperCILimit
Description:
This Information Element specifies the upper limit of a confidence
interval. It is used to provide an accuracy statement for an
estimated value. The confidence limits define the range in which
the real value is assumed to be with a certain probability p.
Confidence limits always need to be associated with a confidence
level that defines this probability p. Please note that a
confidence interval only provides a probability that the real
values lies within the limits. That means the real value can lie
outside the confidence limits.
The upperCILimit, lowerCILimit and confidenceLevel Information
Elements should all be used in an option template scoped to the
observation to which they refer. See section 3.4.2.1 of the IPFIX
Information Model [RFC5102].
Note that the upperCILimit, lowerCILimit and confidenceLevel are
all required to specify confidence, and should be disregarded
unless all three are specified together.
Abstract Data Type: float64
Data Type Semantics: quantity
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 30]
Internet-Draft PSAMP Information Model October 2008
ElementId: 336
Status: current
8.6.6. lowerCILimit
Description:
This Information Element specifies the lower limit of a confidence
interval. For further information see the description of
upperCILimit.
The upperCILimit, lowerCILimit and confidenceLevel Information
Elements should all be used in an option template scoped to the
observation to which they refer. See section 3.4.2.1 of the IPFIX
Information Model [RFC5102].
Note that the upperCILimit, lowerCILimit and confidenceLevel are
all required to specify confidence, and should be disregarded
unless all three are specified together.
Abstract Data Type: float64
Data Type Semantics: quantity
ElementId: 337
Status: current
8.6.7. confidenceLevel
Description:
This Information Element specifies the confidence level. It is
used to provide an accuracy statement for estimated values. The
confidence level provides the probability p with which the real
value lies within a given range. A confidence level always needs
to be associated with confidence limits that define the range in
which the real value is assumed to be.
The upperCILimit, lowerCILimit and confidenceLevel Information
Elements should all be used in an option template scoped to the
observation to which they refer. See section 3.4.2.1 of the IPFIX
Information Model [RFC5102].
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 31]
Internet-Draft PSAMP Information Model October 2008
Note that the upperCILimit, lowerCILimit and confidenceLevel are
all required to specify confidence, and should be disregarded
unless all three are specified together.
Abstract Data Type: float64
Data Type Semantics: quantity
ElementId: 338
Status: current
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 32]
Internet-Draft PSAMP Information Model October 2008
9. Security Considerations
The PSAMP information model itself does not directly introduce
security issues. Rather it defines a set of attributes which may for
privacy or business issues be considered sensitive information.
For example, exporting values of header fields may make attacks
possible for the receiver of this information, which would otherwise
only be possible for direct observers of the reported Flows along the
data path. Specifically, the Information Elements pertaining to
packet sections MUST target no more than the packet header, some
subsequent bytes of the packet, and encapsulating headers if present.
Full packet capture of arbitrary packet streams is explicitly out of
scope, per [RFC2804].
The underlying protocol used to exchange the information described
here MUST therefore apply appropriate procedures to guarantee the
integrity and confidentiality of the exported information. Such
procedures are defined in separate documents, specifically the IPFIX
protocol document [RFC5101].
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 33]
Internet-Draft PSAMP Information Model October 2008
10. IANA Considerations
The PSAMP Information Model, as set out in this document, has two
sets of assigned numbers. Considerations for assigning them are
discussed in this section, using the example policies as set out in
the "Guidelines for IANA Considerations" document [RFC5226]
10.1. Related Considerations
As the PSAMP protocol uses the IPFIX protocol, refer to the IANA
considerations section in [RFC5102] for the assignments of numbers
used in the protocol and for the numbers used in the information
model.
10.2. PSAMP Related Considerations
This document specifies an initial set of PSAMP Information Elements
fulfilling the needs specified in [I-D.ietf-psamp-sample-tech], as an
extension to the IPFIX Information Elements [RFC5102].
Note that the PSAMP Information Element IDs were initially started at
the value 301, in order to leave a gap for any ongoing IPFIX work
requiring new Information Elements. It is expected that this gap in
the Information Element numbering will be filled in by IANA with new
IPFIX Information Elements.
Each new selection method MUST be assigned a unique value in the
selectorAlgorithm registry. Its configuration parameter(s), along
with the way to report it/them with an Options Template, MUST be
clearly specified. The initial content of the selectorAlgorithm
registry is found in section 8.2.1.
New assignments for the PSAMP selection method will be administered
by IANA and subject to Expert Review [RFC5226]. The group of experts
must double check the Information Elements definitions with already
defined Information Elements for completeness, accuracy and
redundancy. Those experts will initially be drawn from the Working
Group Chairs and document editors of the IPFIX and PSAMP Working
Groups. The selectorAlgorithm registry is maintained by IANA and can
be updated as long as specifications of the new method(s) and any new
Information Elements are provided.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 34]
Internet-Draft PSAMP Information Model October 2008
11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
Meyer, "Information Model for IP Flow Information Export",
RFC 5102, January 2008.
[I-D.ietf-psamp-sample-tech]
Zseby, T., "Sampling and Filtering Techniques for IP
Packet Selection", draft-ietf-psamp-sample-tech-11 (work
in progress), July 2008.
[I-D.ietf-psamp-protocol]
Claise, B., "Packet Sampling (PSAMP) Protocol
Specifications", draft-ietf-psamp-protocol-09 (work in
progress), December 2007.
11.2. Informative References
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
September 1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999.
[RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804,
May 2000.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, January 2001.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 35]
Internet-Draft PSAMP Information Model October 2008
Encoding", RFC 3032, January 2001.
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander,
"Requirements for IP Flow Information Export (IPFIX)",
RFC 3917, October 2004.
[I-D.ietf-psamp-framework]
Chiou, D., Claise, B., Duffield, N., Greenberg, A.,
Grossglauser, M., Rexford, J., and S. Goldberg, "A
Framework for Packet Selection and Reporting",
draft-ietf-psamp-framework-13 (work in progress),
June 2008.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 36]
Internet-Draft PSAMP Information Model October 2008
Appendix A. Formal Specification of PSAMP Information Elements
This appendix contains a formal description of the PSAMP information
model XML document. Note that this appendix is of informational
nature, while the text in section Section 8 generated from this
appendix is normative.
Using a formal and machine readable syntax for the information model
enables the creation of PSAMP aware tools which can automatically
adapt to extensions to the information model, by simply reading
updated information model specifications.
The wide availability of XML aware tools and libraries for client
devices is a primary consideration for this choice. In particular
libraries for parsing XML documents are readily available. Also
mechanisms such as the Extensible Stylesheet Language (XSL) allow for
transforming a source XML document into other documents. This draft
was authored in XML and transformed according to [RFC2629].
It should be noted that the use of XML in exporters, collectors or
other tools is not mandatory for the deployment of PSAMP. In
particular, exporting processes do not produce or consume XML as part
of their operation. It is expected that PSAMP collectors MAY take
advantage of the machine readability of the information model vs.
hardcoding their behavior or inventing proprietary means for
accommodating extensions.
Using XML-based specifications does not currently address possible
IANA implications associated with XML Namespace URIs. The use of
Namespaces as an extension mechanism implies that an IANA registered
Namespace URI should be available and that directory names below this
base URI be assigned for relevant IETF specifications. The authors
are not aware of this mechanism today.
<?xml version="1.0" encoding="UTF-8"?>
<!--
This XML document is a product of the IETF IPFIX Working Group.
Contact information:
WG charter:
http://www.ietf.org/html.charters/ipfix-charter.html
Mailing Lists:
General Discussion: ipfix@ietf.org
To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix
Archive:
http://www1.ietf.org/mail-archive/web/ipfix/current/index.html
Editor:
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 37]
Internet-Draft PSAMP Information Model October 2008
Thomas Dietz
NEC Europe Ltd.
NEC Laboratories Europe
Network Research Division
Kurfuersten-Anlage 36
69115 Heidelberg
Germany
Phone: +49 6221 4342-128
Email: Thomas.Dietz@nw.neclab.eu
Benoit Claise
Cisco Systems, Inc.
De Kleetlaan 6a b1
Degem 1813
Belgium
Phone: +32 2 704 5622
Email: bclaise@cisco.com
Paul Aitken
Cisco Systems, Inc.
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3616
Email: paitken@cisco.com
URI: http://www.cisco.com/
Falko Dressler
University of Erlangen-Nuremberg
Dept. of Computer Sciences
Martensstr. 3
Erlangen 91058
Germany
Phone: +49 9131 85-27914
Email: dressler@informatik.uni-erlangen.de
URI: http://www7.informatik.uni-erlangen.de/~dressler
Georg Carle
University of Tuebingen
Wilhelm-Schickard-Institute for Computer Science
Auf der Morgenstelle 10C
Tuebingen 71076
Germany
Phone: +49 7071 29-70505
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 38]
Internet-Draft PSAMP Information Model October 2008
Email: carle@informatik.uni-tuebingen.de
URI: http://net.informatik.uni-tuebingen.de/~carle/
Abstract:
This memo defines an information model for the Packet Sampling
(PSAMP) protocol. It is used by the PSAMP protocol for encoding
sampled packet data and information related to the Sampling process.
As the PSAMP protocol is based on the IPFIX protocol, this
information model is an extension to the IPFIX information model.
Copyright (C) The IETF Trust (2008). This version of the XML
document is part of RFC yyyy; see the RFC itself for full legal
notices.
-->
<fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
ipfix-info.xsd">
<field name="selectionSequenceId" dataType="unsigned64"
dataTypeSemantics="identifier" elementId="301" status="current"
group="identifiers">
<description>
<paragraph>
From all the packets observed at an Observation Point, a subset
of the packets is selected by a sequence of one or more
Selectors. The selectionSequenceId is a unique value per
Observation Domain, specifying the Observation Point and the
sequence of Selectors through which the packets are selected.
</paragraph>
</description>
</field>
<field name="selectorId" dataType="unsigned16"
dataTypeSemantics="identifier" elementId="302" status="current"
group="identifiers">
<description>
<paragraph>
The Selector ID is the unique ID identifying a Primitive
Selector. Each Primitive Selector must have a unique ID in the
Observation Domain.
</paragraph>
</description>
</field>
<field name="informationElementId" dataType="unsigned16"
dataTypeSemantics="identifier" elementId="303" status="current"
group="identifiers">
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 39]
Internet-Draft PSAMP Information Model October 2008
<description>
<paragraph>
This Information Element contains the ID of another Information
Element.
</paragraph>
</description>
</field>
<field name="selectorAlgorithm" dataType="unsigned16"
dataTypeSemantics="identifier" elementId="304" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element identifies the packet selection
methods (e.g., Filtering, Sampling) that are applied by
the Selection Process.
Most of these methods have parameters. Further
Information Elements are needed to fully specify packet
selection with these methods and all their parameters.
The methods listed below are defined in
[I-D.ietf-psamp-sample-tech]. For their parameters,
Information Elements are defined in the Information Model
Document. The names of these Information Elements are
listed for each method identifier.
Further method identifiers may be added to the list
below. It might be necessary to define new Information
Elements to specify their parameters.
The selectorAlgorithm registry is maintained by IANA. New
assignments for the registry will be administered by IANA,
and subject to Expert Review [RFC5226].
The registry can be updated when specifications of the new
method(s) and any new Information Elements are provided.
The group of experts must double check the selectorAlgorithm
definitions and Information Elements with already defined
selectorAlgorithms and Information Elements for completeness,
accuracy and redundancy. Those experts will initially be drawn
from the Working Group Chairs and document editors of the IPFIX
and PSAMP Working Groups.
The following packet selection methods identifiers are
defined here:
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 40]
Internet-Draft PSAMP Information Model October 2008
+----+------------------------+------------------------+
| ID | Method | Parameters |
+----+------------------------+------------------------+
| 1 | Systematic count-based | samplingPacketInterval |
| | Sampling | samplingPacketSpace |
+----+------------------------+------------------------+
| 2 | Systematic time-based | samplingTimeInterval |
| | Sampling | samplingTimeSpace |
+----+------------------------+------------------------+
| 3 | Random n-out-of-N | samplingSize |
| | Sampling | samplingPopulation |
+----+------------------------+------------------------+
| 4 | Uniform probabilistic | samplingProbability |
| | Sampling | |
+----+------------------------+------------------------+
| 5 | Property match | no agreed parameters |
| | Filtering | |
+----+------------------------+------------------------+
| Hash based Filtering | hashInitialiserValue |
+----+------------------------+ hashIPPayloadOffset |
| 6 | using BOB | hashIPPayloadSize |
+----+------------------------+ hashSelectedRangeMin |
| 7 | using IPSX | hashSelectedRangeMax |
+----+------------------------+ hashOutputRangeMin |
| 8 | using CRC | hashOutputRangeMax |
+----+------------------------+------------------------+
There is a broad variety of possible parameters that could be
used for Property match Filtering (5) but currently there are no
agreed parameters specified.
</paragraph>
</description>
</field>
<field name="samplingPacketInterval" dataType="unsigned32"
dataTypeSemantics="quantity" elementId="305" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the number of packets that
are consecutively sampled. For example a value of 100 means that
100 consecutive packets are sampled.
For example, this Information Element may be used to describe
the configuration of a systematic count-based Sampling Selector.
</paragraph>
</description>
<units>packets</units>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 41]
Internet-Draft PSAMP Information Model October 2008
</field>
<field name="samplingPacketSpace" dataType="unsigned32"
dataTypeSemantics="quantity" elementId="306" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the number of packets between
two "samplingPacketInterval"s. A value of 100 means that the
next interval starts 100 packets (which are not sampled)
after the current "samplingPacketInterval" is over.
For example, this Information Element may be used to describe
the configuration of a systematic count-based Sampling Selector.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingTimeInterval" dataType="dateTimeMicroseconds"
dataTypeSemantics="quantity" elementId="307" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the time interval in
microseconds during which all arriving packets are sampled.
For example, this Information Element may be used to describe
the configuration of a systematic time-based Sampling Selector.
</paragraph>
</description>
<units>microseconds</units>
</field>
<field name="samplingTimeSpace" dataType="dateTimeMicroseconds"
dataTypeSemantics="quantity" elementId="308" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the time interval in
microseconds between two "samplingTimeInterval"s. A value of 100
means that the next interval starts 100 microseconds
(during which no packets are sampled) after the current
"samplingTimeInterval" is over.
For example, this Information Element may used to describe the
configuration of a systematic time-based Sampling Selector.
</paragraph>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 42]
Internet-Draft PSAMP Information Model October 2008
</description>
<units>microseconds</units>
</field>
<field name="samplingSize" dataType="unsigned32"
dataTypeSemantics="quantity" elementId="309" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the number of elements taken
from the parent Population for random Sampling methods.
For example, this Information Element may be used to describe
the configuration of a random n-out-of-N Sampling Selector.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingPopulation" dataType="unsigned32"
dataTypeSemantics="quantity" elementId="310" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the number of elements in the
parent Population for random Sampling methods.
For example, this Information Element may be used to describe
the configuration of a random n-out-of-N Sampling Selector.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingProbability" dataType="float64"
dataTypeSemantics="quantity" elementId="311" status="current"
group="sampling configuration">
<description>
<paragraph>
This Information Element specifies the probability that a packet
is sampled, expressed as a value between 0 and 1. The
probability is equal for every packet. A value of 0 means no
packet was sampled since the probability is 0.
For example, this Information Element may be used to describe
the configuration of a uniform probabilistic Sampling Selector.
</paragraph>
</description>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 43]
Internet-Draft PSAMP Information Model October 2008
</field>
<field name="ipHeaderPacketSection" dataType="octetArray"
dataTypeSemantics="quantity" elementId="313" status="current"
group="packet data">
<description>
<paragraph>
This Information Element, which may have a variable length,
carries a series of octets from the start of the IP header of a
sampled packet.
With sufficient length, this element also reports octets from
the IP payload, subject to [RFC2804]. See the Security
Considerations section.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
</paragraph>
</description>
</field>
<field name="ipPayloadPacketSection" dataType="octetArray"
dataTypeSemantics="quantity" elementId="314" status="current"
group="packet data">
<description>
<paragraph>
This Information Element, which may have a variable length,
carries a series of octets from the start of the IP payload of a
sampled packet.
The IPv4 payload is that part of the packet which follows the
IPv4 header and any options, which [RFC0791] refers to as "data"
or "data octets". e.g., see the examples in [RFC0791] APPENDIX
A.
The IPv6 payload is the rest of the packet following the 40
octet IPv6 header. Note that any extension headers present are
considered part of the payload. See [RFC2460] for the IPv6
specification.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
</paragraph>
</description>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 44]
Internet-Draft PSAMP Information Model October 2008
</field>
<field name="mplsLabelStackSection" dataType="octetArray"
dataTypeSemantics="quantity" elementId="316" status="current"
group="packet data">
<description>
<paragraph>
This Information Element, which may have a variable length,
carries the first n octets from the MPLS label stack of a
sampled packet.
With sufficient length, this element also reports octets from
the MPLS payload, subject to [RFC2804]. See the Security
Considerations section.
See [RFC3031] for the specification of MPLS packets.
See [RFC3032] for the specification of the MPLS label stack.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
</paragraph>
</description>
</field>
<field name="mplsPayloadPacketSection" dataType="octetArray"
dataTypeSemantics="quantity" elementId="317" status="current"
group="packet data">
<description>
<paragraph>
This Information Element, which may have a variable length,
carries the first n octets from the MPLS payload of a sampled
packet, being data that follows immediately after the MPLS label
stack.
See [RFC3031] for the specification of MPLS packets.
See [RFC3032] for the specification of the MPLS label stack.
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded.
</paragraph>
</description>
</field>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 45]
Internet-Draft PSAMP Information Model October 2008
<field name="selectorIdTotalPktsObserved" dataType="unsigned64"
dataTypeSemantics="totalCounter" elementId="318" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the total number of packets
observed by a Selector, for a specific value of SelectorId.
This Information Element should be used in an option template
scoped to the observation to which it refers.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
</paragraph>
</description>
<units>packets</units>
</field>
<field name="selectorIdTotalPktsSelected" dataType="unsigned64"
dataTypeSemantics="totalCounter" elementId="319" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the total number of packets
selected by a Selector, for a specific value of SelectorId.
This Information Element should be used in an option template
scoped to the observation to which it refers.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
</paragraph>
</description>
<units>packets</units>
</field>
<field name="absoluteError" dataType="float64"
dataTypeSemantics="quantity" elementId="320" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the maximum possible
measurement error of the reported value for a given Information
Element. The absoluteError has the same unit as the Information
Element it is associated with. The real value of the metric can
differ by absoluteError (positive or negative) from the
measured value.
This Information Element provides only the
error for measured values. If an Information Element contains
an estimated value (from sampling), the confidence boundaries
and confidence level have to be provided instead, using the
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 46]
Internet-Draft PSAMP Information Model October 2008
upperCILimit, lowerCILimit and confidenceLevel Information
Elements.
This Information Element should be used in an option template
scoped to the observation to which it refers.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
</paragraph>
</description>
<units>
The units of the Information Element for which the error is
specified.
</units>
</field>
<field name="relativeError" dataType="float64"
dataTypeSemantics="quantity" elementId="321" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the maximum possible positive
or negative error ratio for the reported value for a given
Information Element as percentage of the measured value.
The real value of the metric can differ by relativeError percent
(positive or negative) from the measured value.
This Information Element
provides only the error for measured values. If an Information
Element contains an estimated value (from sampling), the
confidence boundaries and confidence level have to be provided
instead, using the upperCILimit, lowerCILimit and
confidenceLevel Information Elements.
This Information Element should be used in an option template
scoped to the observation to which it refers.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
</paragraph>
</description>
</field>
<field name="observationTimeSeconds" dataType="dateTimeSeconds"
dataTypeSemantics="quantity" elementId="322" status="current"
group="timestamps">
<description>
<paragraph>
This Information Element specifies the absolute time in seconds
of an observation.
</paragraph>
</description>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 47]
Internet-Draft PSAMP Information Model October 2008
<units>seconds</units>
</field>
<field name="observationTimeMilliseconds"
dataType="dateTimeMilliseconds" dataTypeSemantics="quantity"
elementId="323" status="current" group="timestamps">
<description>
<paragraph>
This Information Element specifies the absolute time in
milliseconds of an observation.
</paragraph>
</description>
<units>milliseconds</units>
</field>
<field name="observationTimeMicroseconds"
dataType="dateTimeMicroseconds" dataTypeSemantics="quantity"
elementId="324" status="current" group="timestamps">
<description>
<paragraph>
This Information Element specifies the absolute time in
microseconds of an observation.
</paragraph>
</description>
<units>microseconds</units>
</field>
<field name="observationTimeNanoseconds"
dataType="dateTimeNanoseconds" dataTypeSemantics="quantity"
elementId="325" status="current" group="timestamps">
<description>
<paragraph>
This Information Element specifies the absolute time in
nanoseconds of an observation.
</paragraph>
</description>
<units>nanoseconds</units>
</field>
<field name="digestHashValue" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="326" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the value from the digest
hash function.
See also sections 6.2, 3.8 and 7.1 of
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 48]
Internet-Draft PSAMP Information Model October 2008
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashIPPayloadOffset" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="327" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the IP payload offset used by
a hash based Selector.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashIPPayloadSize" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="328" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the IP payload size used by a
hash based Selector.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashOutputRangeMin" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="329" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the value for the beginning
of a hash function's potential output range.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashOutputRangeMax" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="330" status="current"
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 49]
Internet-Draft PSAMP Information Model October 2008
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the value for the end of a
hash function's potential output range.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashSelectedRangeMin" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="331" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the value for the beginning
of a hash function's selected range.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashSelectedRangeMax" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="332" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the value for the end of a
hash function's selected range.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashDigestOutput" dataType="boolean"
dataTypeSemantics="quantity" elementId="333" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element contains a boolean value which is TRUE
if the output from this hash Selector has been configured to be
included in the packet report as a packet digest, else FALSE.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 50]
Internet-Draft PSAMP Information Model October 2008
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="hashInitialiserValue" dataType="unsigned64"
dataTypeSemantics="quantity" elementId="334" status="current"
group="hash configuration">
<description>
<paragraph>
This Information Element specifies the initialiser value to the
hash function.
See also sections 6.2, 3.8 and 7.1 of
[I-D.ietf-psamp-sample-tech].
</paragraph>
</description>
</field>
<field name="upperCILimit" dataType="float64"
dataTypeSemantics="quantity" elementId="336" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the upper limit of a
confidence interval. It is used to provide an accuracy
statement for an estimated value. The confidence limits
define the range in which the real value is assumed to be
with a certain probability p. Confidence limits always need
to be associated with a confidence level that defines this
probability p. Please note that a confidence interval only
provides a probability that the real values lies within the
limits. That means the real value can lie outside the
confidence limits.
The upperCILimit, lowerCILimit and confidenceLevel
Information Elements should all be used in an option template
scoped to the observation to which they refer.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
Note that the upperCILimit, lowerCILimit and confidenceLevel
are all required to specify confidence, and should be
disregarded unless all three are specified together.
</paragraph>
</description>
</field>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 51]
Internet-Draft PSAMP Information Model October 2008
<field name="lowerCILimit" dataType="float64"
dataTypeSemantics="quantity" elementId="337" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the lower limit of a
confidence interval. For further information see the
description of upperCILimit.
The upperCILimit, lowerCILimit and confidenceLevel
Information Elements should all be used in an option template
scoped to the observation to which they refer.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
Note that the upperCILimit, lowerCILimit and confidenceLevel
are all required to specify confidence, and should be
disregarded unless all three are specified together.
</paragraph>
</description>
</field>
<field name="confidenceLevel" dataType="float64"
dataTypeSemantics="quantity" elementId="338" status="current"
group="statistics">
<description>
<paragraph>
This Information Element specifies the confidence level. It is
used to provide an accuracy statement for estimated values.
The confidence level provides the probability p with which the
real value lies within a given range. A confidence level
always needs to be associated with confidence limits that
define the range in which the real value is assumed to be.
The upperCILimit, lowerCILimit and confidenceLevel
Information Elements should all be used in an option template
scoped to the observation to which they refer.
See section 3.4.2.1 of the IPFIX Information Model [RFC5102].
Note that the upperCILimit, lowerCILimit and confidenceLevel
are all required to specify confidence, and should be
disregarded unless all three are specified together.
</paragraph>
</description>
</field>
</fieldDefinitions>
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 52]
Internet-Draft PSAMP Information Model October 2008
Authors' Addresses
Thomas Dietz
NEC Europe Ltd.
NEC Laboratories Europe
Network Research Division
Kurfuersten-Anlage 36
Heidelberg 69115
Germany
Phone: +49 6221 4342-128
Email: Thomas.Dietz@nw.neclab.eu
URI: http://www.nw.neclab.eu/
Benoit Claise
Cisco Systems, Inc.
De Kleetlaan 6a b1
Degem 1813
Belgium
Phone: +32 2 704 5622
Email: bclaise@cisco.com
Paul Aitken
Cisco Systems, Inc.
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3616
Email: paitken@cisco.com
URI: http://www.cisco.com/
Falko Dressler
University of Erlangen-Nuremberg
Dept. of Computer Sciences
Martensstr. 3
Erlangen 91058
Germany
Phone: +49 9131 85-27914
Email: dressler@informatik.uni-erlangen.de
URI: http://www7.informatik.uni-erlangen.de/~dressler
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 53]
Internet-Draft PSAMP Information Model October 2008
Georg Carle
Technical University of Munich
Institute for Informatics
Boltzmannstr. 3
Garching bei Muenchen 85737
Germany
Phone: +49 89 289-18030
Email: carle@in.tum.de
URI: http://www.net.in.tum.de/~carle/
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 54]
Internet-Draft PSAMP Information Model October 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Dietz, et al. draft-ietf-psamp-info-11.txt [Page 55]
Html markup produced by rfcmarkup 1.129c, available from
https://tools.ietf.org/tools/rfcmarkup/