wdiff draft-ietf-cdni-logging-01.txt draft-ietf-cdni-logging-02.txt

Internet Engineering Task Force G. Bertrand, Ed.
Internet-Draft I. Oprescu, Ed.
Intended status: Informational E. Stephan
Expires: August 26, 2013 France Telecom - Orange
R. Peterkofsky
Skytide, Inc.
Expires: November 28, 2013 F. Le Faucheur, Ed.
Cisco Systems
P. Grochocki
Orange Polska
February 22,
R. Peterkofsky
Skytide, Inc.
May 27, 2013

CDNI Logging Interface
draft-ietf-cdni-logging-01
draft-ietf-cdni-logging-02

Abstract

This memo specifies the Logging interface between a downstream CDN
(dCDN) and an upstream CDN (uCDN) that are interconnected as per the
CDN Interconnection (CDNI) framework. First, it describes a
reference model for CDNI logging. Then, it specifies the CDNI
Logging File format and the actual protocol for CDNI logging information exchange covering the
information elements as well as the transport of those elements. CDNI
Logging Files.

Status of this This Memo

This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

This Internet-Draft will expire on August 26, November 28, 2013.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.

This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 8 4
2. CDNI Logging Reference Model . . . . . . . . . . . . . . . . . 8 5
2.1. CDNI Logging interactions . . . . . . . . . . . . . . . . 8 5
2.2. Overall Logging Chain . . . . . . . . . . . . . . . . . . 12 8
2.2.1. Logging Generation and During-Generation Aggregation . . . . . . . . . . . . . . . . . . . . . 13 9
2.2.2. Logging Collection . . . . . . . . . . . . . . . . . . 14 10
2.2.3. Logging Filtering . . . . . . . . . . . . . . . . . . 14 10
2.2.4. Logging Rectification and Post-Generation Aggregation . . . . . . . . . . . . . . . . . . . . . 15 11
2.2.5. Log-Consuming Applications . . . . . . . . . . . . . . 15 12
2.2.5.1. Maintenance/Debugging . . . . . . . . . . . . . . 15 12
2.2.5.2. Accounting . . . . . . . . . . . . . . . . . . . . 16 12
2.2.5.3. Analytics and Reporting . . . . . . . . . . . . . 16 13
2.2.5.4. Security . . . . . . . . . . . . . . . . . . . . . 16 13
2.2.5.5. Legal Logging Duties . . . . . . . . . . . . . . . 16 13
2.2.5.6. Notions common to multiple Log Consuming
Applications . . . . . . . . . . . . . . . . . . . 16 13
3. CDNI Logging Transport Requirements . File Format . . . . . . . . . . . . 18
3.1. Timeliness . . . . . . 15
3.1. CDNI Logging File Directives . . . . . . . . . . . . . . 16
3.2. Logging Records . . . . 19
3.2. Reliability . . . . . . . . . . . . . . . . . 19
3.2.1. HTTP Request Logging Record . . . . . . 19
3.3. Security . . . . . . . 20
3.2.2. CDNI Logging File Example . . . . . . . . . . . . . . 26
3.3. Fields and Directives Formats . . . . 19
3.4. Scalability . . . . . . . . . . 27
4. CDNI Logging File Exchange Protocol . . . . . . . . . . . . . 19
3.5. Consistency between 27
4.1. CDNI Logging and CDN Logging Feed . . . . . 20
3.6. Dispatching/Filtering . . . . . . . . . . . . . . . 28
4.2. CDNI Logging File Pull . . . 20
4. CDNI Logging Information Structure and Transport . . . . . . . 20
5. CDNI Logging Fields . . . . . . . 28
5. Open Issues . . . . . . . . . . . . . . 22
5.1. Semantics of CDNI Logging Fields . . . . . . . . . . . 29
6. IANA Considerations . . 22
5.2. Syntax of CDNI Logging Fields . . . . . . . . . . . . . . 26
6. CDNI Logging Records . . . . . 31
7. Security Considerations . . . . . . . . . . . . . . . . 27
6.1. Content Delivery . . . 31
7.1. Authentication, Confidentiality, Integrity Protection . . 31
7.2. Non Repudiation . . . . . . . . . . . . . . . . 27
6.2. Content Invalidation and Purging . . . . . 32
7.3. Privacy . . . . . . . . 29
6.3. Request Routing . . . . . . . . . . . . . . . . . 32
8. Acknowledgments . . . . 29
6.4. Logging Extensibility . . . . . . . . . . . . . . . . . . 29
7. CDNI Logging File Format . . . . . . . . . . . . . . . . . . . 29
7.1. Logging Files . . . . . . . . 32
9. References . . . . . . . . . . . . . . 29
7.2. File Format . . . . . . . . . . . 33
9.1. Normative References . . . . . . . . . . . . 29
7.2.1. Headers . . . . . . 33
9.2. Informative References . . . . . . . . . . . . . . . . . 30
7.2.2. Body (Logging Records) Format 33
Appendix A. Requirements . . . . . . . . . . . . 31
7.2.3. Footer Format . . . . . . . . 34
A.1. Compliance with cdni-requirements . . . . . . . . . . . . 31
8. CDNI Logging File Transport Protocol 34
A.2. Additional Requirements . . . . . . . . . . . . . 31
9. Open Issues . . . . 34
A.2.1. Timeliness . . . . . . . . . . . . . . . . . . . . . 32
10. IANA Considerations 34
A.2.2. Reliability . . . . . . . . . . . . . . . . . . . . . 32
11. 35
A.2.3. Security Considerations . . . . . . . . . . . . . . . . . . . 32
11.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 33
11.2. Non Repudiation . . . . . . . . . . . . . . . . . . . . . 33
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33
13. References . . . . . . . . . . . . . . . . . . . . . . . . 35
A.2.4. Scalability . . 33
13.1. Normative References . . . . . . . . . . . . . . . . . . . 33
13.2. Informative References 35
A.2.5. Consistency between CDNI Logging and CDN Logging . . 35
A.2.6. Dispatching/Filtering . . . . . . . . . . . . . . . . 33 35
Appendix A. Examples Log Format . . . . . B. Analysis of candidate protocols for Logging
Transport . . . . . . . . . . . . 34
A.1. W3C Common Log File (CLF) Format . . . . . . . . . 36
B.1. Syslog . . . . 35
A.2. W3C Extended Log File (ELF) Format . . . . . . . . . . . . 35
A.3. National Center for Supercomputing Applications (NCSA)
Common Log Format . . . . . . . . . 36
B.2. XMPP . . . . . . . . . . . 37
A.4. NCSA Combined Log Format . . . . . . . . . . . . . . . 36
B.3. SNMP . . 37
A.5. NCSA Separate Log Format . . . . . . . . . . . . . . . . . 37
A.6. Squid 2.0 Native Log Format for Access Logs . . . . . . . 37
Appendix B. Requirements 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 38
B.1. Additional Requirements . . . . . . . . . . . . . . . . . 38
B.2. Compliancy with Requirements draft . . . . . . . . . . . . 39
Appendix C. Analysis of candidate protocols for Logging
Transport . . . . . . . . . . . . . . . . . . . . . . 39
C.1. Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . 40
C.2. XMPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
C.3. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 40 36

1. Introduction

This memo specifies the Logging interface between a downstream CDN
(dCDN) and an upstream CDN (uCDN). First, it describes a reference
model for CDNI logging. Then, it specifies the CDNI Logging File
format and the actual protocol for
CDNI logging information exchange covering the information elements
as well as the transport of those elements. CDNI Logging Files.

The reader should be familiar with the work of the CDNI WG: following documents:

o CDNI problem statement [RFC6707] and framework
[I-D.ietf-cdni-framework] identify a Logging interface,

o Section 7 8 of [I-D.ietf-cdni-requirements] specifies a set of
requirements for Logging,

o [RFC6770] outlines real world use-cases for interconnecting CDNs.
These use cases require the exchange of Logging information
between the dCDN and the uCDN.

As stated in [RFC6707], "the CDNI Logging interface enables details
of logs or events to be exchanged between interconnected CDNs".

The present document describes:

o The CDNI Logging reference model (Section 2),

o The CDNI Logging information structure and Transport (Section 4),

o The CDNI Logging Fields (Section 5),

o The CDNI Logging Records (Section 6),

o The CDNI Logging File format (Section 7), 3),

o The CDNI Logging File Transport Protocol Exchange protocol (Section 8),

In the Appendices, the document provides:

o A list of identified requirements (Appendix B.1), which should be
considered for inclusion in [I-D.ietf-cdni-requirements], 4).

1.1. Terminology

In this document, the first letter of each CDNI-specific term is
capitalized. We adopt the terminology described in [RFC6707] and
[I-D.ietf-cdni-framework], and extend it with the additional terms
defined below.

For clarity, we use the word "Log" only for referring to internal CDN
logs and we use the word "Logging" for any inter-CDN information
exchange and processing operations related to CDNI Logging interface.
Log and Logging formats may be different.

CDN Logging information: logging information generated and collected
within a CDN

CDNI Logging information: logging information exchanged across CDNs
using the CDNI Logging Interface

Logging information: logging information generated and collected
within a CDN or obtained from another CDN using the CDNI Logging
Interface

CDNI Logging Field: an atomic element of information that can be
included in a CDNI Logging Record. The time an event/task started,
the IP address of an End user to whom content was delivered, and the
URI of the content delivered are examples of CDNI Logging Fields.

CDNI Logging Record: an information record providing information
about a specific event. This comprises a collection of CDNI Logging
Fields.

Separator Character: a specific character used to enable the parsing
of Logging Records. This character separates the Logging Fields that
compose a Logging Record.

CDNI Logging File: a file containing CDNI Logging Records, as well as
additional information facilitating the processing of the CDNI
Logging Records.

CDN Reporting: the process of providing the relevant information that
will be used to create a formatted content delivery report provided
to the CSP in deferred time. Such information typically includes
aggregated data that can cover a large period of time (e.g., from
hours to several months). Uses of Reporting include the collection
of charging data related to CDN services and the computation of Key
Performance Indicators (KPIs).

CDN Monitoring: the process of providing content delivery information
in real-time. Monitoring typically includes data in real time to
provide visibility of the deliveries in progress, for service
operation purposes. It presents a view of the global health of the
services as well as information on usage and performance, for network
services supervision and operation management. In particular,
monitoring data can be used to generate alarms.

End-User experience management: study of Logging data using
statistical analysis to discover, understand, and predict user
behavior patterns.

Class-of-requests: A Class-of-requests identifies a set of content
Requests, related to a specific CSP, received from clients in a given
footprint and sharing common properties. These properties include:

o Any header, URL parameter, query parameter of an HTTP (or RTMP)
content request

o Any header, or sub-domain of the FQDN of a DNS lookup request

Examples:

o Class-of-Requests = all the requests that include the HTTP header
"User-Agent: Mozilla/5.0" related to CSP
"http://*.cdn.example.com" from AS3215

o Class-of-Requests = all the DNS requests from anywhere and related
to CSP "cdn*.example.com"

Delivery Service: A Delivery Service is defined by a set of Class-of-
Requests and a list of parameters that apply to all these Class-of-
Requests (logging format, delivery quality/capabilities
requirements...)

Service Agreement: A service agreement is defined by a uCDN
identifier, a dCDN identifier, a set of Delivery Services and a list
of parameters that apply to the Service Agreement.

Once a Service Agreement is agreed between the administrative
entities managing the CDNs to be interconnected, the upstream CDN and
the downstream CDN of the CDNI interconnection must be configured
according to this agreed Service Agreement. For instance, a given
uCDN (uCDN1) may request a given dCDN (dCDN1) to configure one
Delivery Service for handling requests for HTTP Adaptive streaming
videos delegated by uCDN1 and related to a specific CSP (CSP1) and
another one for handling requests for static pictures delegated by
uCDN1 and related to CSP1. These Delivery services would belong to
the Service Agreement between uCDN1 and dCDN1 for CSP1. In this
simple example, uCDN1 may request dCDN1 to include Delivery Service
information in its CDNI Logging, to help uCDN1 to provide relevant
reports to CSP1.

1.2. Abbreviations

o API: Application Programming Interface

o CCID: Content Collection Identifier

o CDN: Content Delivery Network

o CDNP: Content Delivery Network Provider

o CoDR: Content Delivery Record

o CSP: Content Service Provider

o DASH: Dynamic Adaptive Streaming over HTTP

o dCDN: downstream CDN

o FTP: File Transfer Protocol

o HAS: HTTP Adaptive Streaming

o KPI: Key Performance Indicator

o PVR: Personal Video Recorder

o SID: Session Identifier

o SFTP: SSH File Transfer Protocol

o SNMP: Simple Network Management Protocol

o uCDN: upstream CDN

2. CDNI Logging Reference Model

2.1. CDNI Logging interactions

The CDNI logging reference model between a given uCDN and a given
dCDN involves the following interactions:

o customization by the uCDN of the CDNI logging information to be
provided by the dCDN to the uCDN (e.g. control of which logging
fields are to be communicated to the uCDN for a given task
performed by the dCDN, control of which types of events are to be
logged). The dCDN takes into account this CDNI logging
customization information to determine what logging information to
provide to the uCDN, but it may, or may not, take into account
this CDNI logging customization information to influence what CDN
logging information is to be generated and collected within the
dCDN (e.g. even if the uCDN requests a restricted subset of the
logging information, the dCDN may elect to generate a broader set
of logging information). The mechanism to support the
customisation by the uCDN of CDNI Logging information is outside
the scope of this document and left for further study. We note
that the CDNI Control interface ore or the CDNI Metadata interfaces interface
appear as candidate interfaces on which to potentially build such
a customisation mechanism. mechanism in the future. Before such a mechanism
is available, the uCDN and dCDN are expected to agree off-line on
what CDNI logging information is to be provide by dCDN to UCDN and
rely on management plane actions to configure the CDNI Logging
functions to generate (respectively, expect) in dCDN
(respectively, in uCDN).

o generation and collection by the dCDN of logging information
related to the completion of any task performed by the dCDN on
behalf of the uCDN (e.g., delivery of the content to an end user)
or related to events happening in the dCDN that are relevant to
the uCDN (e.g., failures or unavailability in dCDN). This takes
place within the dCDN and does not directly involve CDNI
interfaces.

o communication by the dCDN to the uCDN of the logging information
collected by the dCDN relevant to the uCDN. This is supported by
the CDNI Logging interface and in the scope of the present
document. For example, the uCDN may use this logging information
to charge the CSP, to perform analytics and monitoring for
operational reasons, to provide analytics and monitoring views on
its content delivery to the CSP or to perform trouble-shooting.

o customization by the dCDN of the logging to be performed by the
uCDN on behalf of the dCDN. The mechanism to support the
customisation by the dCDN of CDNI Logging information is outside
the scope of this document and left for further study.

o generation and collection by the uCDN of logging information
related to the completion of any task performed by the uCDN on
behalf of the dCDN (e.g., serving of content by uCDN to dCDN for
acquisition purposes by dCDN) or related to events happening in
the uCDN that are relevant to the dCDN. This takes place within
the uCDN and does not directly involve CDNI interfaces.

o communication by the uCDN to the dCDN of the logging information
collected by the uCDN relevant to the dCDN. For example, the dCDN
might potentially benefit form this information for security
auditing or content acquisition troubleshooting. This is outside
the scope of this document and left for further study.

Figure 1 provides an example of CDNI Logging interactions (focusing
only on the interactions that are in the scope of this document) in a
particular scenario where 4 CDNs are involved in the delivery of
content from a given CSP: the uCDN has a CDNI interconnection with
dCDN-1 and dCDN-2. In turn, dCDN2 has a CDNI interconnection with
dCDN3. In this example, uCDN, dCDN-1, dCDN-2 and dCDN-3 all
participate in the delivery of content for the CSP. In this example,
the CDNI Logging interface enables the uCDN to obtain logging
information from all the dCDNs involved in the delivery. In the
example, uCDN uses the Logging data:

o to analyze the performance of the delivery operated by the dCDNs
and to adjust its operations (e.g., request routing) as
appropriate,

o to provide reporting (non real-time) and monitoring (real-time)
information to CSP.

For instance, uCDN merges Logging data, extracts relevant KPIs, and
presents a formatted report to the CSP, in addition to a bill for the
content delivered by uCDN itself or by its dCDNs on his behalf. uCDN
may also provide Logging data as raw log files to the CSP, so that
the CSP can use its own logging analysis tools.

+-----+
| CSP |
+-----+
^ Reporting and monitoring data
* Billing
,--*--.
Logging ,-' `-.
Data =>( uCDN )<= Logging
// `-. _,-' \\ Data
|| `-'-'-' ||
,-----. ,-----.
,-' `-. ,-' `-.
( dCDN-1 ) ( dCDN-2 )<== Logging
`-. ,-' `-. _,-' \\ Data
`--'--' `--'-' ||
,-----.
,' `-.
( dCDN-3 )
`. ,-'
`--'--'

===> CDNI Logging Interface
***> outside the scope of CDNI

Figure 1: Interactions in CDNI Logging Reference Model

A dCDN (e.g., dCDN-2) integrates the relevant logging information
obtained from its dCDNs (e.g., dCDN-3) in the logging information
that it provides to the uCDN, so that the uCDN ultimately obtains all
logging information relevant to a CSP for which it acts as the
authoritative CDN.

Note that the format of Logging information that a CDN provides over
the CDNI interface might be different from the one that the CDN uses
internally. In this case, the CDN needs to reformat the Logging
information before it provides this information to the other CDN over
the CDNI Logging interface. Similarly, a CDN might reformat the
Logging data that it receives over the CDNI Logging interface before
injecting it into its log-consuming applications or before providing
some of this logging information to the CSP. Such reformatting
operations introduce latency in the logging distribution chain and
introduce a processing burden. Therefore, there are benefits in
specifying CDNI Logging format that are suitable for use inside CDNs
and also are close to the CDN Log formats commonly used in CDNs
today.

2.2. Overall Logging Chain

This section discusses the overall logging chain within and across
CDNs to clarify how CDN Logging information is expected to fit in
this overall chain. Figure 2 illustrates the overall logging chain
within the dCDN, across CDNs using the CDNI Logging interface and
within the uCDN. Note that the logging chain illustrated in the
Figure is obviously only indicative and varies depending on the
specific environments. For example, there may be more or less
instantiations of each entity (i.e., there may be 4 Log consuming
applications in a given CDN). As another example, there may be one
instance of Rectification process per Log Consuming Application
instead of a shared one.

Figure 2: CDNI Logging in the overall Logging Chain

The following subsections describe each of the processes potentially
involved in the logging chain of Figure 2.

2.2.1. Logging Generation and During-Generation Aggregation

CDNs typically generate logging information for all significant task
completions, events, and failures. Logs are typically generated by
many devices in the CDN including the surrogates, the request routing
system, and the control system.

The amount of Logging information generated can be huge. Therefore,
during contract negotiations, interconnected CDNs often agree on a
Logging retention duration, and optionally, on a maximum size of the
Logging data that the dCDN must keep. If this size is exceeded, the
dCDN must alert the uCDN but may not keep more Logs for the
considered time period. In addition, CDNs may aggregate logs and
transmit only summaries for some categories of operations instead of
the full Logging data. Note that such aggregation leads to an
information loss, which may be problematic for some usages of Logging
(e.g., debugging).

[I-D.brandenburg-cdni-has] discusses logging for HTTP Adaptive
Streaming (HAS). In accordance with the recommendations articulated
there, it is expected that a surrogate will generate separate logging
information for delivery of each chunk of HAS content. This ensures
that separate logging information can then be provided to
interconnected CDNs over the CDNI Logging interface. Still in line
with the recommendations of [I-D.brandenburg-cdni-has], the logging
information for per-chunck delivery may include some information (a
Content Collection IDentifier and a Session IDentifier as discussed
in Section 5) IDentifier) intended to
facilitate subsequent post-generation aggregation of per-chunk logs
into per-session logs. Note that a CDN may also elect to generate
aggregate per-session logs when performing HAS delivery, but this
needs to be in addition to, and not instead of, the per-chunk
delivery logs. We note that this may be revisited in future versions
of this document.

Note that in the case of non real-time logging, the trigger of the
transmission or generation of the logging file appears to be a
synchronous process from a protocol standpoint. The implementation
algorithm can choose to enforce a maximum size for the logging file
beyound
beyond which the transmission is automatically triggered (and thus
allow for an asynchrounous asynchronous transmission process).

2.2.2. Logging Collection

This is the process that continuously collects logs generated by the
log-generating entities within a CDN.

In a CDNI environment, in addition to collecting logging information
from log-generating entities within the local CDN, the Collection
process also collects logging information provided by another CDN, or
other CDNs, through the CDNI Logging interface. This is illustrated
in Figure 2 where we see that the Collection process of the uCDN
collects logging information from log-generating entities within the
uCDN as well as logging information coming through CDNI Logging
exchange with the dCDN through the CDNI Logging interface.

2.2.3. Logging Filtering
A CDN may require to only present different subset of the whole
logging information collected to various log-consuming applications.
This is achieved by the Filtering process.

In particular, the Filtering process can also filter the right subset
of information that needs to be provided to a given interconnected
CDN. For example, the filtering process in the dCDN can be used to
ensure that only the logging information related to tasks performed
on behalf of a given uCDN are made available to that uCDN (thereby
filtering all the logging information related to deliveries by the
dCDN of content for its own CSPs). Similarly, the Filtering process
may filter or partially mask some fields, for example, to protect End
Users' privacy when communicating CDNI Logging information to another
CDN. Filtering of logging information prior to communication of this
information to other CDNs via the CDNI Logging interface requires
that the downstream CDN can recognize the set of log records that
relate to each interconnected CDN.

The CDN will also filter some internal scope information such as
information related to its internal alarms (security, failures, load,
etc).

In some use cases described in [RFC6770], the interconnected CDNs do
not want to disclose details on their internal topology. The
filtering process can then also filter confidential data on the
dCDNs' topology (number of servers, location, etc.). In particular,
information about the requests served by every Surrogate may be
confidential. Therefore, the Logging information must be protected
so that data such as Surrogates' hostnames is not disclosed to the
uCDN. In the "Inter-Affiliates Interconnection" use case, this
information may be disclosed to the uCDN because both the dCDN and
the uCDN are operated by entities of the same group.

2.2.4. Logging Rectification and Post-Generation Aggregation

If Logging is generated periodically, it is important that the
sessions that start in one Logging period and end in another are
correctly reported. If they are reported in the starting period,
then the Logging of this period will be available only after the end
of the session, which delays the Logging generation.

A Logging rectification/update mechanism could be useful to reach a
good trade-off between the Logging generation delay and the Logging
accuracy. Depending on the selected Logging protocol(s), such
mechanism may be invaluable for real time Logging, which must be
provided rapidly and cannot wait for the end of operations in
progress.

In the presence of HAS, some log-consuming applications can benefit
from aggregate per-session logs. For example, for analytics, per-
session logs allow display of session-related trends which are much
more meaningful for some types of analysis than chunk-related trends.
In the case where the log-generating entities have generated during-
generation aggregate logs, those can be used by the applications. In
the case where aggregate logs have not been generated, the
Rectification process can be extended with a Post-Generation
Aggregation process that generates per-session logs from the per-
chunk logs, possibly leveraging the information included in the per-
chunk logs for that purpose (Content Collection IDentifier and a
Session IDentifier). However, in accordance with
[I-D.brandenburg-cdni-has], this document does not define exchange of
such aggregate logs on the CDNI Logging interface. We note that this
may be revisited in future versions of this document.

2.2.5. Log-Consuming Applications

2.2.5.1. Maintenance/Debugging

Logging is useful to permit the detection (and limit the risk) of
content delivery failures. In particular, Logging facilitates the
resolution of configuration issues.

To detect faults, Logging must enable the reporting of any CDN
operation success and failure, such as request redirection, content
acquisition, etc. The uCDN can summarize such information into KPIs.
For instance, Logging format should allow the computation of the
number of times during a given epoch that content delivery related to
a specific service succeeds/fails.

Logging enables the CDN providers to identify and troubleshoot
performance degradations. In particular, Logging enables the
communication of traffic data (e.g., the amount of traffic that has
been forwarded by a dCDN on behalf of an uCDN over a given period of
time), which is particularly useful for CDN and network planning
operations.

2.2.5.2. Accounting

Logging is essential for accounting, to permit inter-CDN billing and
CSP billing by uCDNs. For instance, Logging information provided by
dCDNs enables the uCDN to
check compute the total amount of traffic
delivered by every dCDN and for
every Delivery Service, a particular Content Provider, as well
as, the associated bandwidth usage (e.g., peak, 95th percentile), and
the maximum number of simultaneous sessions over a given period of
time.

2.2.5.3. Analytics and Reporting

The goal of analytics is to gather any relevant information to track
audience, analyze user behavior, and monitor the performance and
quality of content delivery. For instance, Logging enables the CDN
providers to report on content consumption (e.g., delivered sessions
per content) in a specific geographic area.

The goal of reporting is to gather any relevant information to
monitor the performance and quality of content delivery and allow
detection of delivery issues. For instance, reporting could track
the average delivery throughput experienced by End-Users in a given
region for a specific CSP or content set over a period of time.

2.2.5.4. Security

The goal of security is to prevent and monitor unauthorized access,
misuse, modification, and denial of access of a service. A set of
information is logged for security purposes. In particular, a record
of access to content is usually collected to permit the CSP to detect
infringements of content delivery policies and other abnormal End
User behaviors.

2.2.5.5. Legal Logging Duties

Depending on the country considered, the CDNs may have to retain
specific Logging information during a legal retention period, to
comply with judicial requisitions.

2.2.5.6. Notions common to multiple Log Consuming Applications

2.2.5.6.1. Logging Information Views

Within a given log-consuming application, different views may be
provided to different users depending on privacy, business, and
scalability constraints.

For example, an analytics tool run by the uCDN can provide one view
to an uCDN operator that exploits all the logging information
available to the uCDN, while the tool may provide a different view to
each CSP exploiting only the logging information related to the
content of the given CSP.

As another example, maintenance and debugging tools may provide
different views to different CDN operators, based on their
operational role.

2.2.5.6.2. Key Performance Indicators (KPIs)

This section presents, for explanatory purposes, a non-exhaustive
list of Key Performance Indicators (KPIs) that can be extracted/
produced from logs.

Multiple log-consuming applications, such as analytics, monitoring,
and maintenance applications, often compute and track such KPIs.

In a CDNI environment, depending on the situation, these KPIs may be
computed by the uCDN or by the dCDN. But it is usually the uCDN that
computes KPIs, because uCDN and dCDN may have different definitions
of the KPIs and the computation of some KPIs requires a vision of all
the deliveries performed by the uCDN and all its dCDNs.

Here is a list of important examples of KPIs:

o Number of delivery requests received from End-Users in a given
region for each piece of content, during a given period of time
(e.g., hour/day/week/month)

o Percentage of delivery successes/failures among the aforementioned
requests

o Number of failures listed by failure type (e.g., HTTP error code)
for requests received from End Users in a given region and for
each piece of content, during a given period of time (e.g., hour/
day/week/month)

o Number and cause of premature delivery termination for End Users
in a given region and for each piece of content, during a given
period of time (e.g., hour/day/week/month)

o Maximum and mean number of simultaneous sessions established by
End Users in a given region, for a given Delivery Service, Content Provider, and
during a given period of time (e.g., hour/day/week/month)

o Volume of traffic delivered for sessions established by End Users
in a given region, for a given Delivery Service, Content Provider, and during a
given period of time (e.g., hour/day/week/month)

o Maximum, mean, and minimum delivery throughput for sessions
established by End Users in a given region, for a given Delivery
Service, Content
Provider, and during a given period of time (e.g., hour/day/week/
month)

o Cache-hit and byte-hit ratios for requests received from End Users
in a given region for each piece of content, during a given period
of time (e.g., hour/day/week/month)

o Top 10 of the most popularly requested content (during a given
day/week/month), day
/week/month),

o Terminal type (mobile, PC, STB, if this information can be
acquired from the browser type header, for example).

Additional KPIs can be computed from other sources of information
than the Logging, for instance, data collected by a content portal or
by specific client-side APIs. application programming interfaces. Such
KPIs are out of scope for the present memo.

The KPIs used depend strongly on the considered log-consuming
application -- the CDN operator may be interested in different
metrics than the CSP is. In particular, CDN operators are often
interested in delivery and acquisition performance KPIs, information
related to Surrogates' performance, caching information to evaluate
the cache-hit ratio, information about the delivered file size to
compute the volume of content delivered during peak hour, etc.

Some of the KPIs, for instance those providing an instantaneous
vision of the active sessions for a given CSP's content, are useful
essentially if they are provided in real-time. By contrast, some
other KPIs, such as the one averaged on a long period of time, can be
provided in non-real time.

3. CDNI Logging Transport Requirements
3.1. Timeliness

Some applications consuming File Format

As defined in Section 1.1 a CDNI Logging information, such logging field is as
accounting or trend analytics, only require an atomic
logging information to be
available with element and a timeliness of the order of CDNI Logging Record is a day or the hour. This
document focuses on addressing this requirement.

Some applications consuming collection
of CDNI Logging information, such as real-
time analytics, require Fields containing all logging information
corresponding to be available in real-
time (i.e. of the order of a second after the corresponding event). single logging event. This document leaves this requirement out of scope.

3.2. Reliability

CDNI logging information must be transmitted reliably. The transport
protocol should contain an anti-replay mechanism.

3.3. Security

CDNI logging information exchange must allow authentication,
integrity protection, and confidentiality protection. Also, defines a non-
repudiation mechanism is mandatory,
third level of structure, the transport protocol should
support it.

3.4. Scalability CDNI logging information exchange must support large scale
information exchange, particularly so in the presence of HTTP
Adaptive Streaming.

For example, if we consider Logging File, that is a client pulling HTTP Progressive
Download content with an average duration collection
of 10 minutes, this
represents 1/600 CDNI delivery Logging Records per second. If we
assume the dCDN Records. This structure is simultaneously serving 100,000 such clients on
behalf of the uCDN, the dCDN will be generating 167 illustrated in Figure 3.
The CDNI Logging Records
per second to be communicated to the uCDN over the CDNI Logging
interface. Or equivalently, if we assume an average delivery rate of
2Mb/s, the dCDN generates 0.83 CDNI Logging Records per second for
every Gb/s of streaming on behalf of the uCDN.

For example, if we consider a client pulling HAS content and
receiving a video chunk every 2 seconds, a separate audio chunck
every 2 seconds and a refreshed manifest every 10 seconds, this
represents 1.1 delivery Logging Record per second. If we assume the
dCDN is simultaneously serving 100,000 such clients on behalf of the
uCDN, the dCDN will be generating 110,000 Logging Records per second
to be communicated to the uCDN over the CDNI Logging interface. Or
equivalently, if we assume an average delivery rate of 2Mb/s, the
dCDN generates 550 CDNI Logging Records per second for every Gb/s of
streaming on behalf of the uCDN.

3.5. Consistency between CDNI Logging and CDN Logging

There are benefits in using a CDNI logging format as close as
possible to intra-CDN logging format commonly used in CDNs tody in
order to minimize systematic translation at CDN/CDNI boundary.

3.6. Dispatching/Filtering

When a CDN is acting as a dCDN for multiple uCDNs, the dCDN needs to
dispatch each CDNI Logging Record to the uCDN that redirected the
corresponding request. The CDNI Logging format need to allow, and
possibly facilitate, such a dispatching.

4. CDNI Logging Information Structure and Transport

As defined in Section 1.1 a CDNI logging field is as an atomic
logging information element and a CDNI Logging Record is a collection
of CDNI Logging Fields containing all logging information
corresponding to a single logging event.

This document defines non-real-time transport of CDNI Logging
information over the CDNI interface. For such non-real-time
transport, this documents defines a third level of structure, the
CDNI Logging File, that is a collection of CDNI Logging Records.
This File structure and encoding is described in Figure 3. This document then
specifies how to transport such CDNI Logging Files across
interconnected CDNs. We observe that this approach can be tuned specified in a
real deployment to achieve near-real time exchange of CDNI Logging
information, e.g., by increasing the frequency of logging file
creation and distribution throughout the Logging chain, but it is not
expected that this approach can support real time transport (e.g.,
sub-second) of CDNI logging information.
present section.

Figure 3: Structure of Logging Files

The CDNI Logging File format is expected that future version of this inspired from the W3C Extended Log
File Format [ELF]. However, it is fully specified by the present
document. Where the present document will also specify
real time transport differs from the W3C Extended
Log File Format, an implementation of CDNI Logging information over MUST comply with
the present document.

A CDNI
interface. We note that this might involve direct transport Logging File MUST contain a sequence of lines containing US-
ASCII characters [CHAR_SET] terminated by either the sequence LF or
CRLF. A CDNI Logging Records without prior grouping into implementation consuming CDNI Logging Files
MUST accept lines terminated by either LF or CRLF.

Each line of a file structure to avoid
the latency associated with creating and transporting such CDNI Logging File MUST contain either a file
structure throughout the logging chain.

The semantics and encoding of directive or a
CDNI Logging Record.

Directives record information about the CDNI Logging fields process itself.
Lines containing directives MUST begin with the "#" character.
Directives are specified in Section 5. The semantics and encoding 3.1.

Logging Records provide actual details of CDNI the logged event. Logging
Records are specified in Section 6. The 3.2.

3.1. CDNI Logging File Directives
An implementation of the CDNI Logging File format is interface MUST support the
following directives (formats specified in the form <...> are
specified in Section 7. The protocol for transport 3.3):

o Version:

* format: <digit>.<digit>

* semantic: indicates the version of the CDNI Logging File is
format. The value MUST be "1.0" for the version specified in Section 8.

5. CDNI Logging Fields

Existing CDNs Logging functions collect and consolidate logs
performed by their Surrogates. Surrogates usually store
the logs
using a format derived from Web servers' present document.

* occurrence: there MUST be one and caching proxies' log
standards such as W3C, NCSA [ELF] [CLF], or Squid format [squid]. In
practice, these formats are adapted to cope with CDN specifics.
Appendix A presents examples of commonly used log formats.

5.1. Semantics only one instance of CDNI Logging Fields

This section specifies this
directive. It MUST be the semantics first line of the CDNI Logging Fields. The
specific subset of file.

o UUID:

* format: <string>

* semantic: this is Universally Unique IDentifier for the CDNI
Logging fields that can be found in each type
of Logging Record is File as specified in Section 6.

The semantics [RFC4122].

* occurrence: there MUST be one and only one instance of this
directive.

o Origin:

* format: <host>

* semantic: this identifies the entity transmitting the CDNI
Logging Fields are specified File (e.g. the host in Table 1.

+--------------+----------------------------------------------------+
| Name | Description |
+--------------+----------------------------------------------------+
| Start-time | A start date and time associated with a logged |
| | event; for instance, dCDN supporting the time at which a Surrogate |
| | received a content delivery request CDNI
Logging interface) or the time at |
| | which an origin server received a content |
| | acquisition request. |
| End-time | An end date and time associated with a logged |
| | event. For instance, the time at which a |
| | Surrogate completed the handling of a content |
| | delivery request (e.g., end of delivery entity responsible for transmitting
the CDNI Logging File (e.g. the dCDN).

* occurrence: there MUST be zero or error). |
| Duration | The duration one instance of an operation in milliseconds. For |
| | instance, this field could
directive. This directive MAY be used to provide the |
| | time it took included by the Surrogate to send
implementation transmitting the requested |
| | file to CDNI Logging file. When
included by the End-User transmitting side, it MUST be validated or
over-written by the time receiving side. When, it is not included
by the transmitting side, it took MAY be added locally by the |
| | Surrogate
receiving side. [Editor's Note if we include a non-repudiation
mechanism: discuss the fact that this will provide incentive to acquire
dCDN to not cheat , as it can be detected]

o Record-Type:

* format: <string>
* semantic: indicates the file on a cache-miss |
| | event. In type of the case where Start-time, End-time, |
| | and Duration appear in a CDNI Logging Record, Records that
follow this directive, until another Record-Type directive (or
the |
| | Duration is to end of the CDNI Logging File). "cdni_http_request_v1" MUST
be interpreted indicated in the Record-Type directive for CDNI Logging
records corresponding to HTTP request (e.g. a HTTP delivery
request) as specified in Section 3.2.1.

* occurrence: there MUST be at least one instance of this
directive. The first instance of this directive MUST precede a total activity |
| | time related to
Fields directive and precede any CDNI Logging Record.

o Fields:

* format: <field-name>[ <field-name>], where the logged operation. |
| Client-IP | The IP address allowed list of
<field-name> are specified for each Record-Type in Section 3.2.

* semantic: this lists the User Agent names of all the fields for which a
value is to appear in the CDNI Logging Records that issued are after
this directive. The names of the |
| | logged request or fields, as well as their
possible occurrences, are specified for each type of CDNI
Logging Records in Section 3.2. The field names listed in this
directive MUST be separated by a proxy, for whitespace (" ").

* occurrence: there MUST be at least one instance |
| | "203.0.113.1". |
| Client-port | The source port of the logged request (e.g., 9542) |
| Destination- | this
directive per Record-Type directive. The IP address first instance of
this directive for a given Record-Type MUST precede any CDNI
Logging Record for this Record-Type.

o Integrity-Hash:

* format: <string>

* semantic: This directive permits the host that received the |
| IP | logged request (e.g., 192.0.2.2). |
| Destination- | The hostname detection of a corrupted
CDNI Logging File. This can be useful, for instance, if a
problem occurs on the host that received the logged |
| hostname | request (e.g., Surrogate1.cdna.com). |
| Destination- | The destination port filesystem of the logged request (e.g., |
| port | 80). |
| Operation | The kind dCDN Logging system and
leads to a truncation of operation that is logged; for instance |
| | Delivery or Purging. |
| URI_full | a logging file. The full requested URL (e.g., |
| | "http://node1.peer-a.op-b.net/cdn.csp.com/movies/p |
| | otter.avi?param=11&user=toto"). When HTTP request |
| | redirection Integrity-Hash
value is used, computed, and included in this URI includes directive by the |
| | Surrogate FQDN. If entity
that transmits the association of requests t |
| | oSurrogates is confidential, CDNI Logging File, by applying the dCDN can present |
| | only URI_part to uCDN. |
| URI_part | The requested URL path (e.g., |
| | /cdn.csp.com/movies/potter.avi?param=11&user=toto |
| | if MD5
([RFC1321]) cryptographic hash function on the full request URL was |
| | "http://node1.peer-a.op-b.net/cdn.csp.com/movies/p |
| | otter.avi?param=11&user=toto"). The URI without |
| | host-name typically includes CDNI Logging
File, including all the "CDN domain" |
| | (ex.cdn.csp.com) - cf. [I-D.ietf-cdni-framework]: |
| | it enables directives and logging records, up to
the identification of Intergrity-Hash directive itself, excluding the CSP service |
| | agreed between Integrity-
Hash directive itself and, when present, also excluding the
Non-Repudiation-Hash directive. The Integrity-Hash value is
represented as a US-ASCII encoded hexadecimal number, 32 digits
long (representing a 128 bit hash value). The entity receiving
the CSP and CDNI Logging File also computes in a similar way the CDNP operating MD5
hash on the |
| | uCDN. |
| Protocol | The protocol received CDNI Logging File and protocol version compares this hash
to the value of the message |
| | that triggered Integrity-Hash directive. If the two
values are equal, then the received CDNI Logging entry (e.g., HTTP/1.1). |
| Request-meth | The protocol method of File MUST be
considered non-corrupted. If the request message that |
| od | triggered two values are different, the
received CDNI Logging entry. |
| Status | File MUST be considered corrupted. The protocol status
behavior of the reply message related |
| | to the entity that received a corrupted CDNI Logging entry |
| Bytes-Sent | The number of bytes at application-layer |
| | protocol-level (e.g., HTTP)
File is outside the scope of this specification; we note that
the reply message |
| | related entity MAY attempt to pull again the same CDNI Logging entry. It includes file
from the |
| | size transmitting entity.

o Non-Repudiation-Hash:

* format: <string>

* semantic: This hash field permits the non-repudiation of the User Agent header in an HTTP |
| | request. |
| Cookie | The value
CDNI Logging File by the entity that transmitted the CDNI
Logging File. [Editor's Note: I need help for specifying the
appropriate hash - ie hash must be signed with private-key of
entity transmitting the Cookie header in an HTTP request. |
| Byte-Range | [Ed. note: to CDNI Logging File]

3.2. Logging Records. |
| CCID | Records

CDNI Logging Fields MUST be separated by the operator "horizontal tabulation
(TAB)" character.

Some CDNI Logging field names use a prefix scheme similar to the one
used in W3C Extended Log File Format [ELF] to facilitate readability.
The semantics of the uCDN |
| | as prefix in the present document is:

o s: refers to the Delivering CDN. The |
| | Delivering-CDN-ID might be considered as |
| | confidential by dCDN Surrogate that serves the dCDN. In such case, request
(corresponds to the "server" of W3C Extended Log Format)

o cs: refers to communication from the dCDN |
| | could either not provide this field Surrogate towards the
User-Agent

o sc: refers to communication from the uCDN or |
| | overwrite User-Agent towards the Delivering-CDN-ID dCDN
Surrogate

An implementation of body bytes served from caches. This |
| | quantity permits the computation CDNI Logging interface as per the present
specification MUST support the CDNI HTTP Delivery Records as
specified in Section 3.2.1. [Editor's Note": other types of delivery
records will be listed here if we specify other types for this
version eg Request Routing].

3.2.1. HTTP Request Logging Record

The Action describes how a given request was |
| | treated locally: through HTTP Request Logging Record contains the following CDNI Logging
Fields, listed by their field name:

o date:

* format: <date>

* semantic: the date at which transport protocol, |
| | with or without content revalidation, with a cache |
| | hit or cache miss, with fresh or stale content, |
| | the processing of request started
on the Surrogate.

* occurrence: there MUST be one and (if relevant) with which error. Example with |
| | Squid format [squid]: "TCP_REFRESH_FAIL_HIT" means |
| | that an expired copy only one instance of an object requested |
| | through TCP was in this
field.

o time:

* format: <time>

* occurrence: there MUST be one and only one instance of this
field.

o time-taken:

* format: <fixed>

* occurrence: there MUST be one and only one instance of all headers related to content validity: |
| ders | Pragma this
field.

o c-ip:

* format: <address>

* occurrence: there MUST be one and only one instance of this
field.

o c-port:

* format: <integer>

* semantic: the operations from source TCP port (i.e. the sending of "client" port) in the |
| st_bit | content acquisition
request to received by the reception Surrogate.

* occurrence: there MUST be zero or exactly one instance of |
| | this
field.

o s-ip:

* format: <address>

* semantic: the first bit IPv4 or IPv6 address of the requested content. |
| Delay_to_las | Duration of Surrogate that served
the operations from request (i.e. the sending "server" address).

* occurrence: there MUST be zero or exactly one instance of this
field.

o s-hostname:

* format: <host>

* semantic: the hostname of the Surrogate that served the |
| t_bit | content acquisition request to
(i.e. the reception "server" hostname).

* occurrence: there MUST be zero or exactly one instance of |
| | this
field.

o s-port:

* format: <integer>
* semantic: the last bit of destination TCP port (i.e. the requested content. |
+--------------+----------------------------------------------------+

Table 1: Semantics of CDNI Logging Fields

NB: we define three fields related to "server" port) in
the request received by the timing Surrogate.

* occurrence: there MUST be zero or exactly one instance of logged
operations: Start-time, End-time, and Duration. Start-time this
field.

o cs-method:

* format: <string>

* semantic: this is
typically useful for human readers (e.g., while debugging), however,
some servers log the operation's End-time which corresponds to the
time of log record generation. In absence HTTP method of Logging summarization, the HTTP request received
by the Surrogate.

* occurrence: There MUST be one and only two one instance of these three fields are required to obtain relevant timing
information on this
field.

o cs-uri: [Editor's note: rename "sr-uri" ?]

* format: <uri>

* semantic: this is the operation. However, when some kind absolute-URI of Logging
aggregation/summarization is used, it can be advantageous to keep the
three fields: for instance, in request received by
the case Surrogate. [Editor's Note: do we agree this should be an
absolute-URI even if teh request uses a relative-URI?]

* occurrence: there MUST be zero or exactly one instance of HAS, keeping the three
fields permits computing this
field.

o ucdn-centric-uri:

* format: <uri>

* semantic: this is an average delivery bitrate absolute URI derived from a single
Logging Record aggregating information on the delivery absolute-URI
of multiple
consecutive video chunks.

Multiple header fields, in addition to the ones explicitly listed in request received by the table could be reproduced in Surrogate but modified by the
entity generating or transmitting the CDNI Logging records.

Note Record, in a
way that uCDN may want to filter Logging data by user (and not by IP
address) to provide more relevant information to is agreed upon between the CSP. In such
case, a user may be identified as a combination of several pieces two ends of
information such as the client IP and User Agent or through CDNI
Logging interface. For example, the SID.

The URI_full provides information on two ends of the Surrogate CDNI
Logging interface could agree that provided the
content. This information can be relevant, for instance, for ucdn-centric-uri strips
the
Inter-Affiliates use case described in [RFC6770]. However, in some
cases it may be considered as confidential and part of the dCDN may provide
URI_part instead.

Other information that could be logged include operations delivery-uri that refer
to exposes which individual
Surrogate actually performed the general state delivery. The details of
modification performed to generate the request, before it gets processed
locally. Such information is related ucdn-centric-uri, as
well as the mechanism to agree on these modifications between
the authorization two sides of the
requests, URL rewriting rules enforced, the X-FORWARDED-FOR non
standard HTTP header...

[Editor's Note: CDNI Logging information may be used for debugging.
Therefore, various CDN operations might be logged, depending on interface are outside the
agreement between
scope of the dCDN and present document. [Editor's Note: do we agree
this should be an absolute-URI even if the uCDN, such as operations related
to Request Routing and Metadata. These may call for request uses a few additional
Fields to
relative-URI?]

* occurrence: there MUST be defined].

5.2. Syntax one and only one instance of CDNI Logging Fields

This section this
field.

o protocol:

* format: <string>

* semantic: this is intended to contain the specification for the syntax
and encoding value of the CDNI Logging fields. For now, Table 2
illustrates the definition HTTP-Version field as specified
in [RFC2616] of some information elements. It provides
examples using Apache log format strings [apache] when they exist.

[Ed. note: specify for all Logging Fields the type (e.g., varchar,
int, float, ...) and Request-Line of the maximum size (e.g., varchar(200))]
+----------+-------------------+------------------------------------+
| Name | String | Example |
+----------+-------------------+------------------------------------+
| Time | %t | [10/Oct/2000:13:55:36-0700] |
| Duration | %D | - |
| Client-I | %a | 203.0.113.45 |
| P | | |
| Operatio | - | - |
| n | | |
| URI_full | %U | - |
| Protocol | %H | HTTP/1.0 |
| Request | %m | GET |
| method | | |
| Status | %>s | 200 |
| Bytes | %O | 2326 |
| Sent | | |
| Bytes | %I | 432 |
| request received | | |
| Header | \"%{Referrer}i\" | "http://www.example.com/start.html |
| | \"%{User-agent}i\ | ""Mozilla/4.08 [en] (Win98; I |
| | " | ;Nav)" |
+----------+-------------------+------------------------------------+

Table 2: Examples using Apache format

6. CDNI Logging Records

[Ed. note: we need to specify by the encoding
Surrogate (e.g. "HTTP/1.1").

* occurrence: there MUST be one and only one instance of this
field.

o sc-status:

* format: <digit><digit><digit>

* semantic: this is the file, HTTP Status-Code in the
separation character, etc...]

This section defines HTTP response
from the events for which a CDNI Logging record can Surrogate.

* occurrence: There MUST be exchanged over the CDNI Logging interafce one and for each type only one instance of
Logging Record indicates this
field.

o sc-total-bytes:

* format: <integer>

* semantic: this is the allowed set total number of bytes of CDNI Information
Elements.

We classify the logged events depending on HTTP
response sent by the CDN operation Surrogate in response to which
they relate: Content Delivery, Content Acquisition, Content
Invalidation/Purging, etc.

6.1. Content Delivery

The content delivery event triggering the generation of a Logging
Record include:

o Reception by a dCDN Surrogate of a content request

The Logging Record for Content Delivery contains request.
This includes the following set bytes of
CDNI Logging Elements:

Table 3: CDNI Logging Fields in Delivery Logging Record

In Table 3, "Mandatory" means that
headers) and of the message-body.

* occurrence: There MUST be one and only one instance of this field
field.

o sc-entity-bytes:

* format: <integer>

* semantic: this is the number of bytes of the message-body in
the HTTP response sent by the Surrogate in response to the
request. This does not include the bytes of the Status-Line
(and therefore does not include the bytes of the HTTP headers).

* occurrence: there MUST be included zero or exactly one instance of this
field.

o cs(<HTTP-header>):

* format: <string>
* semantic: the value of the HTTP header identified in
each Delivery Record and "Optional" means that the field
name as it can appears in the request processed by the Surrogate.

* occurrence: there MUST be included
based on zero, one or any number of instance
of this field.

o sc(<HTTP-header>):

* format: <string>

* semantic: the agreement between value of the dCDN and HTTP header identified in the uCDN field
name as established
via mechanism outside it appears in the scope of this document (e.g., response issued by human
agreement).

6.2. Content Invalidation and Purging

Given that the Purge interface is expected to contain a mechanism Surrogate to
report on completion of
serve the Invalidation/purge request, request.

* occurrence: there is no
need to specify separate Log Records for these events.

6.3. Request Routing MUST be zero, one or any number of instance
of this field.

o s-ccid:

* format: [Editor's Note: Is there a requirement for the dCDN to provide logs
for request routing events?]

6.4. Logging Extensibility

Future usages might introduce be based on cdni-metadata or
relevant companion I-D]

* semantic: this contains the need for additional Logging fields.
In addition, some use-cases such as an Inter-Affiliate
Interconnection [RFC6770], might take advantage value of extended Logging
exchanges. Therefore, it is important the Content Collection
IDentifier specified in [I-D.ietf-cdni-metadata] and associated
to permit CDNs the content served by the Surrogate through the CDNI
Metadata interface.

* occurrence: there MUST be zero or exactly one instance of this
field.

o s-sid:

* format: [Editor's Note: add reference to use
additional Logging fields besides the standard ones, if they want.
For instance, an "Account-name" identifying I-D defining the contract enforced by
format of Session ID>?]

* semantic: this contains the dCDN for a given value of the Session IDentifier
specified in ??? and associated to the served request could by the
Surrogate.

* occurrence: there MUST be provided in extended fields. zero or exactly one instance of this
field.

o s-cached: [Editor's Note: W3C uses "cached" . is "s-cached"
better?]

* format: <string>
* semantic: this characterises whether the Surrogate could serve
the request using content already stored on its local cache.
The required Logging Records may depend allowed values are "0" (for miss) and "1" for hit). "1"
MUST be used when the Surrogate could serve the request using
exclusively content already stored on its local cache. "0"
MUST be used otherwise (including cases where the considered services.
For instance, static file delivery (e.g., pictures) typically does Surrogate
served the request using some, but not include any delivery restrictions. By contrast, video delivery
typically implies strong all, content delivery restrictions, as explained already
stored on its local cache). Note that a "0" only means a cache
miss in [RFC6770], the Surrogate and Logging could include does not provide any information about on
whether the
enforcement content was already stored, or not, in another
device of these restrictions. Therefore, to ease the support of
varied services as well as dCDN i.e. whether this was a "dCDN hit" or "dCDN
miss".

* occurrence: there MUST be zero or exactly one instance of future services, this
field.

o s-uri-signing:

* format: <string>

* semantic: this characterises the Logging interface
should support optional Logging Records.

7. CDNI Logging File Format

Interconnected CDNs may support various Logging formats. However,
they must support at least uri signing validation
performed by the default Logging File format described
here.

7.1. Logging Files

[Ed. Note: How many files (one per type of Delivery Service (e.g.,
HTTP, WMP) and per type of Event (e.g., Errors, Delivery,
Acquisition,...?)and what would be inside... These aspects needs to Surrogate on the request. The allowed values
are:

+ "0" : no uri signature validation performed

+ "1" : uri signature validation performed and validated

+ "2" : uri signature validation performed and rejected

* occurrence: there MUST be detailed...]

7.2. File Format zero or exactly one instance of this
field.

The Logging file format should be independent from the selected
transport protocol, "Fields" directive corresponding to guarantee a flexible choice of transport
protocols. [Ed. note: for the real time HTTP Request Logging exchanges, Record
MUST list all the fields whose occurrence is specified above as
"There MUST be one and only one instance of this
might field". These
fields MUST be hard]

All Logging Records present in every HTTP Request Logging Record.

The "Fields" directive corresponding to a HTTP Request Logging File must share Record
MAY list all the same format
(same fields whose occurrence is specified above as "there
MUST be zero or exactly one instance of this field" or "there MUST be
zero, one or any number of instance of this field". The set of Logging Fields, such
fields actually listed in the same order, with the same
semantics, separated "Fields" directive is selected by the same Separator Character), to ease
implementation generating the CDNI Logging File based on agreements
between the interconnected CDNs established through mechanisms
outside the
parsing scope of this specification (e.g. contractual
agreements) . When such a field is not listed in the "Fields"
directive, it MUST NOT be included in the Logging data by Record. When such
a field is listed in the CDN that receives "Fields" directive, it MUST be included in
the Logging
File. The CDN Record; in that provides case, if the Logging data value for the field is responsible not
available, this MUST be conveyed via a dash character ("-").

The fields listed in the "Fields" directive can be listed in the
order in which they are listed in Section 3.2.1 or in any other
order.

[Editor's Note: discuss private fields ]

3.2.2. CDNI Logging File Example

#Version: 1.0

#UUID: urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6???

#Origin: cdni-logging-entity.dcdn.example.com

#Record-Type: cdni_http_request_v1

#Fields: date time time-taken c-ip cs-method ucdn-centric-uri
protocol sc-status sc-total-bytes cs(User-Agent) cs(Referer) s-cached

2013-05-17 00:38:06.825 88.958 10.5.7.1 GET http://cdni-
ucdn.dcdn.example.com/video/movie100.mp4 HTTP/1.1 200 672989 Mozilla/
5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML,
like Gecko) Chrome/5.0.375.127 Safari /533.4 host1.example.com 1

2013-05-17 00:39:09.145 169.790 10.5.10.5 GET http://cdni-
ucdn.dcdn.example.com/video/movie118.mp4 HTTP/1.1200 1579920 Mozilla/
5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML,
like Gecko) Chrome/5.0.375.127 Safari /533.4 host1.example.com 1

2013-05-17 00:42:53.437 2.879 10.5.10.5 GET http://cdni-
ucdn.dcdn.example.com/video/picture11.mp4 HTTP/1.0 200 17724 Mozilla/
5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML,
like Gecko) Chrome/5.0.375.127 Safari /533.4 host5.example.com 0

#Integrity-Hash: 9e107d9d372bb6826bd81d3542a419d6 [Editor's Note:
include the correct MD5-hash value for
guaranteeing the consistency actual example]

3.3. Fields and Directives Formats

[Editor's Note: still needs work to minimise the number of the Logging records' formats,
typically via its log filtering types
defined across this section and aggregation processes (see
Section 2.2.3).

7.2.1. Headers

Logging files must include a header with specific types defined inside the information described in
Figure 4.

o <digit> = "0" | CDNI Log format. "1" | "2" | "3" | Fields "4" | A description of "5" | "6" | "7" | "8" |
"9"

o <integer> = 1*<digit>

o <address> = <integer> [ "." *<integer> ] [ ":" <integer> ]

o <host> = as specified in [RFC3986].

o <date> = 4<digit> "-" 2<digit> "-" 2<digit>

o <time> = 2<digit> ":" 2<digit> ":" 2<digit> ["." *<digit>]

* Times are recorded in | [20/Feb/2012:00:29.510+0200] |
| | milliseconds, the | |
| | form HH:MM:SS or HH:MM:SS.S where HH
is the hour in 24 hour format, MM is minutes and SS is seconds.
All times are specified in Universal Time Coordinated (UTC).

o <uri> = <string> containing a URI as specified in [RFC3986].

o <fixed> = Fixed Format Float = 1*<digit> [. *<digit>]

o <HTTP-header> = <string> containing a HTTP header field name (e.g.
"User-Agent", "Referer") as specified in [RFC2616].

This document specifies a protocol for the exchange of CDNI Logging
Files as specified in Section 3.

This protocol comprises:

o a CDNI Logging feed, allowing the | cdn1.cdni.example.com |
| | authority (e.g., | |
| | dCDN or uCDN) | |
| | providing to notify the uCDN about
the CDNI Logging files that can be retrieved by that uCDN from the
dCDN, as well as all the Log-| |
| | -ging | |
+----------------+-------------------+------------------------------+

Figure 4: information necessary for retrieving each
of these CDNI Logging Headers

All time-related File. The CDNI Logging Fields and data feed is specified in the
Section 4.1.

o a CDNI Logging File headers/
footers must provide pull mechanism, allowing the uCDN to obtain
from the dCDN a time zone and be at least given CDNI Logging File at millisecond (ms)
accuracy. The accuracy must be consistent to permit the computation uCDN convenience.
The CDNI Logging File pull mechanisms is specified in Section 4.2.

An implementation of KPIs involving operations realized the CDNI Logging interface as per the present
document generating CDNI Logging file (i.e. on several CDNs.

[Ed. note: would it make sense to add a kind the dCDN side) MUST
support the server side of "example the CDNI Logging
Record" in feed and the server side
of the CDNI Logging pull mechanism.

An implementation of the CDNI Logging interface as per the present
document consuming CDNI Logging file (i.e. on the uCDN side) MUST
support the client side of the CDNI Logging feed and associated semantic (e.g., in a
structure data format) ?]

7.2.2. Body (Logging Records) Format

[Ed. the client side
of the CDNI Logging pull mechanism.

[Editor's note: verify that the W3C extended log format is a good base candidate to
look at. ]

Since records for real time information client side and non-real time information
could use different formats, we do not yet solve server side are well
defined in the problem respective sections]

We note that implementations of real
time logging exchanges in this version.

7.2.3. Footer Format the CDNI Logging files must include a footer interface MAY also
support other mechanisms to exchange CDNI Logging Files, for example
in view of exchanging logging information with minimum time-lag (e.g.
sub-minute or sub-second) between when the information described event occurred in
Figure 5.

Figure 5: Logging footers

This digest field permits dCDN
and when the detection corresponding Logging Record is made available to the
uCDN (e.g. for log-consuming applications requiring extremely fresh
logging information such as near-real-time content delivery
monitoring). Such mechanism might be defined in future version of corrupted
the present document.

4.1. CDNI Logging files.
This can Feed

[Editor's Note: text to be useful, added. Feed is based on ATOM and contains
a UUID + URI for instance, each CDNI Logging File in "window" - if a problem occurs on appropriate
the
filesystem of text should refer to the dCDN side generating the CDNI Logging system Feed
"as server-side", and leads to a truncation of a
logging file. Additional mechanisms to avoid corrupted the side consuming the Feed as the client-
side].

4.2. CDNI Logging files
are expected to be provided by File Pull

A client-side implementation of the CDNI Logging transport protocol, cf.
Section 8.

8. interface MAY pull
at its convenience any CDNI Logging File Transport Protocol

As presented in [RFC6707], several protocols already exist that could
potentially be used is advertised by the
server-side in the CDNI Logging Feed. To do so, the client-side:

o MUST use HTTP v1.1

o SHOULD use TLS (i.e. use what is loosely referred to exchange as "HTTPS")

o MUST use the URI associated to the CDNI Logging between interconnected
CDNs.

The offline exchange of non real-time File in the CDNI
Logging could rely on several
protocols. In particular, Feed

o SHOULD indicate the dCDN could publish compression schemes it supports

Note that a client-side implementation of the CDNI Logging on interface
MAY pull a
server where CDNI Logging File that it has already pulled, as long as
the uCDN would retrieve them using a secure protocol.

For managed file transfer, the recommended protocol is SSH File
Transfer Protocol (SFTP) [I-D.ietf-secsh-filexfer]. SFTP is widely
deployed and it guarantees still advertised by the respect of server-side in the criteria expressed CDNI Logging
Feed.

The server-side implementation MUST respond to any valid pull request
by a client-side implementation for a CDNI Logging File advertised by
the server-side in the CDNI Logging Transport Requirements: timeliness, reliability,
security and scalability.

[Ed note: include options for lossless compression]

9. Open Issues Feed. The main remaining tasks on this ID are server-side
implementation:

o MUST handle the following: client-side request as per HTTP v1.1

o Finalise MUST include the list of CDNI Logging Fields

o Finalise File identified by the encoding request URI
inside the body of CDNI Logging Fields, Records the HTTP response

o MUST support the gzip and File. deflate compression schemes

o Identify what can be done (if anything) MAY support other compression schemes

o when the client-side request indicates client-supported
compression schemes, SHOULD use a compression scheme that it
supports and is supported by the client-side

[Editor's Note: discuss Non-Repudiation : it is a nice to maximise reuse of
Logging Fields have and Logging Records encoding
how it could be supported, via a different digest than the one for future support of
real-time CDNI Logging exchange

[Ed. Note:
integrity]

5. Open Issues

o The proposed format for Date and Time is still to be agreed on. based on W3C and is only
in UTC. Is this all OK? RFC 5322 (Section 3.3) format could be
used or ISO 8601 formatted date and time in UTC (same format as
proposed in [draft-caulfield-cdni-metadata-core-00]). Also see
RFC5424 Section
6.2.3.]

[Ed. note: 6.2.3. We currently use same field names as W3C
since we have same definition.

o (comment from Kevin) how are errors handled ? If the client gets
handed a bunch of 403s and 404s, but still gets the content
eventually, without triggering an event, are those still logged?
For Bytes-Sent, if there were aborted requests, do those get
counted as well? Not all client behavior can be correlated with the
simplified log]

10. IANA Considerations

TBD

11. Security Considerations
11.1. Privacy

CDNs have correlated with
the simplified log

o Do we need to specify Logs for Request Routing performed by dCDN?
Observation: Probably can be generalized to the requirement for
"event" logging (e.g. dCDN request Router not able to redirect,
dCDN cannot acquire metadata, dCDN cannot aquire content, "dCDN
Busy Tone" ) Recommendation: Try first specify what events and
what information needs to be exchanged. Depending on progress
include in initial logging spec or not i.e. handle as a [MED]
requirement.

o Privacy: do we need some explicit support of IP address masking by
dCDN to uCDN, or is it OK to assume that uCDN is to keep this info
confidential (like dCDN is assumed to do already)?

o definition of field prefixes: add "r" is uCDN. This one is less
clear to me. I need to see how you propose to use "r" below,
before I can agree. (Just for my own notes, I thought "r" could
be used if the dCDN Surrogate was going to Log something related
to acquisition of content by the dCDN Surrogate from some content
source. Also, in a delivery log generated by a dCDN Surrogate ,
how can it know about acquisition from uCDN that can be done by
other devices than the opportunity dCDN Surrogate). "ucdn-centric-uri": ROB>
going back to collect detailed information about the
downloads performed by End-Users. The provision definitions of this information
to another CDN introduces End-Users privacy protection concerns.

11.2. Non Repudiation

Logging provides the raw material s/c/r suggested above, for charging. It permits the dCDN a CDNI
logfile field would then just be "sr-uri". So we don't need to bill the uCDN
invent a new prefix for CDNI, we can use the content deliveries basic w3c naming?
FRANCOIS: I am OK to use "sr-uri" as long as we feel confident
that we will never need Surrogate to log information about how it
acquires from within the dCDN makes on
behalf (ie regular use of "r" prefix). Are
we confident?

o Do we need Record-Type as File Directive?: ROB> Is this needed -
would a record type per file do the uCDN. It also permits job? ... if we don't allow
mixed record types, we can include the uCDN to bill record type in the CSP for ATOM
feed (to allow the
content Delivery Service. Therefore, non-repudiation reader to decide whether there might be records
it's interested in without getting the logfile). I can't think of Logging data
is essential.

12. Acknowledgments

The authors would like
a reason to thank Sebastien Cubaud, Anne Marrec,
Yannick Le Louedec, and Christian Jacquenet mix, (for example) http/rtmp records, or delivery/req-
routing. Different things are likely to be generating those
records anyway. A version change can always be done by starting a
new file. <Francois> Here are a couple potential use cases for detailed feedback on
early versions
mixing record types in a single file: * we later define
"cdni_has_delivery_v1" record types for HTTP Adaptive BitRate
sessions. Then a dCDN Surrogate will be generating a continuous
mixture of this document "cdni_http_request_v1" records for PDL requests and
"cdni_has_request_v1" records for their input on existing Log
formats.

The authors would like also HAS sessions. Why should we be
forced to thank Fabio Costa, Sara Oueslati, Yvan
Massot, Renaud Edel, and Joel Favier break those? * we later define some record types for their input and comments.

Finally, they thank
events taking place on Surrogates , which can happen any time in
the contributors middle of sessions. Why shoudl we be forced to break those
into separate files. It seems wise to keep the EU FP7 OCEAN project for
valuable inputs.

13. References

13.1. Normative References

[RFC2119] Bradner, S., "Key words for use flexibility in RFCs the
File structure to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.

13.2. Informative References

[CLF] A. Luotonen, "The Common Log-file Format, W3C (work allow the mix in
progress)", 1995, <http://www.w3.org/pub/WWW/Daemon/User/
Config/Logging.html>.

[ELF] Phillip M. Hallam-Baker and Brian Behlendorf, "Extended
Log File Format, W3C (work the future. And the overhead
is very small since it is encoded in progress), WD-logfile-
960323", <http://www.w3.org/TR/WD-logfile.html>.

[I-D.brandenburg-cdni-has]
Brandenburg, R., Deventer, O., Faucheur, F., and K. Leung,
"Models for adaptive-streaming-aware CDN Interconnection",
draft-brandenburg-cdni-has-04 (work a Directive.

o Integrity-Hash:ROB> draft-snell-atompub-link-extensions adds a
hash of the resource to the ATOM feed (not sure about the status
of that doc, looks like it's stalled a bit). But if we include
that in progress),
January 2013.

[I-D.ietf-cdni-framework]
Peterson, L. and B. Davie, "Framework for CDN
Interconnection", draft-ietf-cdni-framework-03 (work the ATOM feed, the value in
progress), February 2013.

[I-D.ietf-cdni-requirements]
Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements",
draft-ietf-cdni-requirements-04 (work the feed would need to include
this Integrity-Hash in progress),
December 2012.

[I-D.ietf-secsh-filexfer]
Galbraith, J. and O. Saarenmaa, "SSH File Transfer
Protocol", draft-ietf-secsh-filexfer-13 (work the log file itself, which might mean re-
calculating the hash (especially if the feed is not generated in
progress), July 2006.

[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, September 2012.

[RFC6770] Bertrand, G., Stephan, E., Burbridge, T., Eardley, P., Ma,
K.,
the same place as the logfile). So we probably only want one of
the two? I think my preference would be to keep it in the feed,
saves any complications about what to hash (just running "md5sum"
on a downloaded logfile would work, rather than needing to remove
the last line). The draft-snell also allows other hashes, "sha1"
and G. Watson, "Use Cases so on - for Content Delivery Network
Interconnection", RFC 6770, November 2012.

[apache] "Apache 2.2 log files documentation", Feb. 2012,
<http://httpd.apache.org/docs/current/logs.html>.

[squid] "Squid Log-Format documentation", Feb. 2012,
<http://wiki.squid-cache.org/SquidFaq/SquidLogs>.

Appendix A. Examples Log Format

This section provides example cdni interoperability, we could limit it to md5 or
stick with draft-snell's base set. <Francois> Very good point. I
agree we should probably want one of log formats implemented the two in existing
CDNs, web servers, a typical
deployment. Leveraging draft-snell-atompub-link-extensions is
attractive because it leverages generic ATOM features and caching proxies.

Web servers (e.g., Apache) maintain at least one log
expertise. It has the potential drawback of introducing a
dependency on a document that may be published later (or
potentially never since it is not even a WG doc). Defining our
own hash in the file for logging
accesses to content (the Access Log). They is attractive because we can typically be
configured done right
away, and there could be simple short term implementation that
start using the CDNI Logging File without relying on the ATOM
Feed. At the same time we don't want to log errors in end up with two redundant
hashes eventually. How about an approach where : * we define a separate log file (the Error Log). The
log formats
simple MD5 has only, and make it optional * when there is no other
mechanism to get the hash, it can be specified included in the file * when
there are other mechanism (e.g. draft-snell-atompub-link-
extensions), it is not included in the server's configuration files.
However, webmasters often use standard log formats file.

o Compression: <Ben>When we say the server MUST support gzip &
deflate we probably need to think through whether we mean content-
encoding, transfer-encoding or both. The semantics get a little
confusing so we probably just need to think them through to ensure
we allow a server to store compressed logs as transmit them
compressed.

6. IANA Considerations

TBD

7. Security Considerations

7.1. Authentication, Confidentiality, Integrity Protection

The use of TLS for transport of the CDNI Logging feed mechanism
(Section 4.1) and CDNI Logging File pull mechanism (Section 4.2)
allows:

o the dCDN and uCDN to authenticate each other (to ensure they are
transmitting/receiving CDNI Logging File from an authenticated
CDN)

o the CDNI Logging information to be transmitted with
confidentiality

o the integrity of the CDNI Logging information to ease be protected
during the log
processing with available log analysis tools.

A.1. W3C Common Log File (CLF) Format exchange.

The Common Log Integrity-Hash directive inside the CDNI Logging File (CLF) format defined by provides
additional integrity protection, this time targeting potential
corruption of the World Wide Web
Consortium (W3C) working group is compatible with many log analysis
tools and is supported by CDNI logging information during the main web servers (e.g., Apache) Access
Logs.

According CDNI Logging
File generation. This mechanism does not allow restoration of the
corrupted CDNI Logging information, but it allows detection of such
corruption and therefore triggering of appropraite correcting actions
(e.g. discard of corrupted information, attempt to [CLF], re-obtain the common log-file format is as follows:
remotehost rfc931 authuser [date] "request" status bytes.

Example (from [apache]): 127.0.0.1 - frank [10/Oct/2000:13:55:36
-0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

The fields are defined as follows [CLF]:

7.2. Non Repudiation

The remote logname Non-Repudiation-Hash directive in the CDNI Logging File allows
support of non-repudiation of the user. |
| authuser | CDNI Logging File by the dCDN. The username that
optional Non-Repudiation-Hash can be used on the user employed CDNI Logging
interface where needed.

7.3. Privacy

CDNs have the opportunity to authenticate |
| | himself. |
| [date] | Date and time of collect detailed information about the request. |
| "request" | An exact copy
downloads performed by End-Users. The provision of the request line that came this information
to another CDN introduces End-Users privacy protection concerns.
[Editor's Note: see list of open questions]

8. Acknowledgments

The status code authors would like to thank Sebastien Cubaud, Pawel Grochocki,
Christian Jacquenet, Yannick Le Louedec, Anne Marrec and Emile
Stephan for their contributions on early versions of the HTTP reply returned this document.

The authors would like also to thank Rob Murray, Fabio Costa, Sara
Oueslati, Yvan Massot, Renaud Edel, and Joel Favier for their input
and comments.

Table 4: Information elements EU FP7 OCEAN project for
valuable inputs.

9. References

9.1. Normative References

[I-D.ietf-cdni-metadata]
Niven-Jenkins, B., Murray, R., Watson, G., Caulfield, M.,
Leung, K., and K. Ma, "CDN Interconnect Metadata", draft-
ietf-cdni-metadata-01 (work in CLF format

A.2. W3C Extended Log File (ELF) Format

The Extended progress), February 2013.

[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005.

[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, July
2005.

[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.

9.2. Informative References

[CHAR_SET]
, "IANA Character Sets registry", , <http://www.iana.org/
assignments/character-sets/character-sets.xml>.

[ELF] Phillip M. Hallam-Baker, and Brian Behlendorf, "Extended
Log File (ELF) format defined by Format, W3C extends the CLF
with new fields. This format is supported by Microsoft IIS 4.0 (work in progress), WD-
logfile-960323", , <http://www.w3.org/TR/WD-logfile.html>.

[I-D.brandenburg-cdni-has]
Brandenburg, R., Deventer, O., Faucheur, F., and
5.0.

The supported fields are listed below [ELF].

[I-D.ietf-cdni-framework]
Peterson, L. and B. Davie, "Framework for CDN
Interconnection", draft-ietf-cdni-framework-03 (work in
progress), February 2013.

[I-D.ietf-cdni-requirements]
Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements", draft-ietf-cdni-
requirements-06 (work in progress), April 2013.

[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, September 2012.

Appendix A. Requirements

Table 5: Information elements cdni-requirements

This section checks that all the identified requirements in ELF format

Some fields start with a prefix (e.g., "c-", "s-"), which explains
which host (client/server/proxy) the field refers to.

o Prefix Description

o c- Client

o s- Server

o r- Remote

o cs- Client to Server.

o sc- Server to Client.

o sr- Server to Remote Server (used
Section 7 of [I-D.ietf-cdni-requirements] are fulfilled by proxies)

o rs- Remote Server this
document.

[Editor's node: to Server (used by proxies)

Example: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-
username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
time-taken

2011-11-23 15:22:01 x.x.x.x GET /file 80 y.y.y.y Mozilla/
5.0+(Windows;+U;+Windows+NT+6.1;+en-US;+rv:1.9.1.6)+Gecko/
20091201+Firefox/3.5.6+GTB6 200 0 0 2137

A.3. National Center for Supercomputing Applications (NCSA) Common Log
Format be written later]

A.2. Additional Requirements

This format for Access Logs offers the following fields:

o host rfc931 date:time "request" statuscode bytes

o x.x.x.x userfoo [10/Jan/2010:21:15:05 +0500] "GET /index.html
HTTP/1.0" 200 1043

A.4. NCSA Combined Log Format

The NCSA Combined log format is an extension of the NCSA Common log
format with three (optional) section identies additional fields: the referral field,
the user_agent field, and the cookie field.

o host rfc931 username date:time request statuscode bytes referrer
user_agent cookie

o Example: x.x.x.x - userfoo [21/Jan/2012:12:13:56 +0500] "GET
/index.html HTTP/1.0" 200 1043 "http://www.example.com/" "Mozilla/
4.05 [en] (WinNT; I)" "USERID=CustomerA;IMPID=01234"

A.5. NCSA Separate Log Format

The NCSA Separate log format refers to a log format in which the
information gathered is separated requirements that must also be met.

[Editor's node: How do we incorporate this info into three separate files. This
way, every entry in the Access Log (in the NCSA Common log format) is
complemented with an entry I-D: in a Referral log and another one
appendix? in an
Agent log. These three records can be correlated easily thanks to
the date:time value. The format of the Referral log main body? does it remain after publication or is
temporary?]

A.2.1. Timeliness

Some applications consuming CDNI Logging information, such as follows:

o date:time referrer

o Example: [21/Jan/2012:12:13:56 +0500]
"http://www.example.com/index.html"

The format
accounting or trend analytics, only require logging information to be
available with a timeliness of the Agent log is as follows:

o date:time agent

o [21/Jan/2012:12:13:56 +0500] "Microsoft Internet Explorer - 5.0"

A.6. Squid 2.0 Native Log Format for Access Logs

Squid [squid] is a popular piece order of open-source software for
transforming a Linux host into a caching proxy. Variations of Squid
log format are supported by some CDNs.

Squid common access log format is day or the hour. This
document focuses on addressing this requirement.

Some applications consuming CDNI Logging information, such as follow: real-
time elapsed remotehost
code/status bytes method URL rfc931 peerstatus/peerhost type.

Squid also supports a more detailed native access log format:
Timestamp Elapsed Client Action/Code Size Method URI Ident Hierarchy/
From Content

According analytics, require logging information to Squid 2.0 documentation [squid], these fields are
defined as follows:

A.2.2. Reliability

CDNI logging information must be transmitted reliably. The requested URL. |
| rfc931 | may transport
protocol should contain the ident lookups for the requesting |
| | client (turned off by default) |
| hierarchy | The hierarchy information provides an anti-replay mechanism.

A.2.3. Security

CDNI logging information on how |
| code | the request was handled (forwarding it to another |
| | cache, or requesting the content to the Origin |
| | Server). |
| type | The content type of exchange must allow authentication,
integrity protection, and confidentiality protection. Also, a non-
repudiation mechanism is mandatory, the object as seen transport protocol should
support it.

A.2.4. Scalability

CDNI logging information exchange must support large scale
information exchange, particularly so in the presence of HTTP |
| | reply header. |
+-----------+-------------------------------------------------------+

Table 6: Information elements in Squid format

Squid also uses
Adaptive Streaming.

For example, if we consider a "store log", which covers client pulling HTTP Progressive
Download content with an average duration of 10 minutes, this
represents 1/600 CDNI delivery Logging Records per second. If we
assume the objects currently
kept dCDN is simultaneously serving 100,000 such clients on disk or removed ones, for debugging purposes typically.

Appendix B. Requirements

B.1. Additional Requirements

Section 7 of [I-D.ietf-cdni-requirements], already specifies a set
behalf of
requirements for the uCDN, the dCDN will be generating 167 Logging (LOG-1 Records
per second to LOG-16). Some security
requirements also affect Logging (e.g., SEC-4).

This section is a placeholder for requirements identified in the work
on logging, before they are proposed be communicated to the requirements draft
authors. uCDN over the CDNI Logging data is sensitive as it provides
interface. Or equivalently, if we assume an average delivery rate of
2Mb/s, the raw material dCDN generates 0.83 CDNI Logging Records per second for
producing bills etc. Therefore, the protocol delivering
every Gb/s of streaming on behalf of the uCDN.

For example, if we consider a client pulling HAS content and
receiving a video chunk every 2 seconds, a separate audio chunck
every 2 seconds and a refreshed manifest every 10 seconds, this
represents 1.1 delivery Logging
data must be reliable to avoid information loss. In addition, the
protocol must scale to support Record per second. If we assume the transport of large amounts
dCDN is simultaneously serving 100,000 such clients on behalf of the
uCDN, the dCDN will be generating 110,000 Logging data.

CDNs need Records per second
to trust Logging information, thus, they want be communicated to know:

o who issued the uCDN over the CDNI Logging (authentication), and

o interface. Or
equivalently, if we assume an average delivery rate of 2Mb/s, the
dCDN generates 550 CDNI Logging has been modified by a third party (integrity).

Logging also contains confidential data, and therefore, it should be
protected from eavesdropping.

All these needs translate into security requirements Records per second for every Gb/s of
streaming on both behalf of the uCDN.

A.2.5. Consistency between CDNI Logging data format and on the CDN Logging protocol.

Finally, this protocol must comply with the requirements identified

There are benefits in [I-D.ietf-cdni-requirements].

[Ed. note: cf. requirements draft: "SEC-4 [MED] The CDNI solution
should be able to ensure that the Downstream CDN cannot spoof using a
transaction log attempting to appear CDNI logging format as if it corresponds close as
possible to intra-CDN logging format commonly used in CDNs today in
order to minimize systematic translation at CDN/CDNI boundary.

A.2.6. Dispatching/Filtering
When a
request redirected by a given Upstream CDN when that request has not
been redirected by this Upstream CDN. This ensures non-repudiation
by the Upstream CDN of transaction logs generated by the Downstream CDN is acting as a dCDN for deliveries performed by multiple uCDNs, the Downstream CDN on behalf of dCDN needs to
dispatch each CDNI Logging Record to the
Upstream CDN."]

B.2. Compliancy with Requirements draft

This section checks uCDN that all the identified requirements in redirected the
Requirements draft are fulfilled by this document.

[Ed. node:
corresponding request. The CDNI Logging format need to be written later] allow, and
possibly facilitate, such a dispatching.

Appendix C. B. Analysis of candidate protocols for Logging Transport

This section will be expanded later with an analysis of alternative
candidate protocols for transport of CDNI Logging in non-real-time as
well as real-time.

C.1.

B.1. Syslog

[Ed. node: to be written later]

C.2.

B.2. XMPP

[Ed. node: to be written later]

C.3.

B.3. SNMP

Authors' Addresses

Gilles Bertrand (editor)
France Telecom - Orange
38-40 rue du General Leclerc
Issy les Moulineaux, Moulineaux 92130
FR

Phone: +33 1 45 29 89 46
Email: gilles.bertrand@orange.com

Iuniana Oprescu (editor)
France Telecom - Orange
38-40 rue du General Leclerc
Issy les Moulineaux, Moulineaux 92130
FR

Phone: +33 6 89 06 92 72
Email: iuniana.oprescu@orange.com

Stephan Emile
France Telecom
Francois Le Faucheur (editor)
Cisco Systems
E.Space Park - Orange
2 avenue Pierre Marzin
Lannion F-22307
France Batiment D
6254 Allee des Ormes - BP 1200
Mougins cedex 06254
FR

Phone: +33 4 97 23 26 19
Email: emile.stephan@orange.com flefauch@cisco.com

Roy Peterkofsky
Skytide, Inc.
One Kaiser Plaza, Suite 785
Oakland CA 94612
USA

Phone: +01 510 250 4284
Email: roy@skytide.com

Francois Le Faucheur (editor)
Cisco Systems
Greenside, 400 Avenue de Roumanille
Sophia Antipolis 06410
FR

Phone: +33 4 97 23 26 19
Email: flefauch@cisco.com

Pawel Grochocki
Orange Polska
ul. Obrzezna 7
Warsaw 02-691
Poland

Email: pawel.grochocki@orange.com