draft-ietf-ippm-6man-pdm-option-12.txt   draft-ietf-ippm-6man-pdm-option-13.txt 
INTERNET-DRAFT N. Elkins INTERNET-DRAFT N. Elkins
Inside Products Inside Products
R. Hamilton R. Hamilton
Chemical Abstracts Service Chemical Abstracts Service
M. Ackermann M. Ackermann
Intended Status: Proposed Standard BCBS Michigan Intended Status: Proposed Standard BCBS Michigan
Expires: December 10, 2017 June 8, 2017 Expires: December 28, 2017 June 26, 2017
IPv6 Performance and Diagnostic Metrics (PDM) Destination Option IPv6 Performance and Diagnostic Metrics (PDM) Destination Option
draft-ietf-ippm-6man-pdm-option-12 draft-ietf-ippm-6man-pdm-option-13
Abstract Abstract
To assess performance problems, this document describes optional To assess performance problems, this document describes optional
headers embedded in each packet that provide sequence numbers and headers embedded in each packet that provide sequence numbers and
timing information as a basis for measurements. Such measurements timing information as a basis for measurements. Such measurements
may be interpreted in real-time or after the fact. An implementation may be interpreted in real-time or after the fact. This document
of the existing IPv6 Destination Options extension header, the specifies the Performance and Diagnostic Metrics (PDM) destination
Performance and Diagnostic Metrics (PDM) Destination Options options extension header. The field limits, calculations, and usage
extension header as well as the field limits, calculations, and usage in measurement of PDM are included in this document.
of the PDM in measurement are included in this document.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 3, line 18 skipping to change at page 3, line 18
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2 Rationale for defined solution . . . . . . . . . . . . . . . 5 1.2 Rationale for defined solution . . . . . . . . . . . . . . . 5
1.3 IPv6 Transition Technologies . . . . . . . . . . . . . . . . 6 1.3 IPv6 Transition Technologies . . . . . . . . . . . . . . . . 6
2 Measurement Information Derived from PDM . . . . . . . . . . . . 6 2 Measurement Information Derived from PDM . . . . . . . . . . . . 6
2.1 Round-Trip Delay . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Round-Trip Delay . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Server Delay . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Server Delay . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Performance and Diagnostic Metrics Destination Option Layout . . 7 3 Performance and Diagnostic Metrics Destination Option Layout . . 7
3.1 Destination Options Header . . . . . . . . . . . . . . . . . 7 3.1 Destination Options Header . . . . . . . . . . . . . . . . . 7
3.2 Performance and Diagnostic Metrics Destination Option . . . 7 3.2 Performance and Diagnostic Metrics Destination Option . . . 7
3.2.1 PDM Layout . . . . . . . . . . . . . . . . . . . . . . . 7 3.2.1 PDM Layout . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.2 Base Unit for Time Measurement . . . . . . . . . . . . . 9 3.2.2 Base Unit for Time Measurement . . . . . . . . . . . . . 10
3.3 Header Placement . . . . . . . . . . . . . . . . . . . . . . 10 3.3 Header Placement . . . . . . . . . . . . . . . . . . . . . . 11
3.4 Header Placement Using IPSec ESP Mode . . . . . . . . . . . 10 3.4 Header Placement Using IPSec ESP Mode . . . . . . . . . . . 11
3.4.1 Using ESP Transport Mode . . . . . . . . . . . . . . . . 10 3.4.1 Using ESP Transport Mode . . . . . . . . . . . . . . . . 11
3.4.2 Using ESP Tunnel Mode . . . . . . . . . . . . . . . . . 10 3.4.2 Using ESP Tunnel Mode . . . . . . . . . . . . . . . . . 12
3.5 Implementation Considerations . . . . . . . . . . . . . . . 11 3.5 Implementation Considerations . . . . . . . . . . . . . . . 12
3.5.1 PDM Activation . . . . . . . . . . . . . . . . . . . . . 11 3.5.1 PDM Activation . . . . . . . . . . . . . . . . . . . . . 12
3.5.2 PDM Timestamps . . . . . . . . . . . . . . . . . . . . . 11 3.5.2 PDM Timestamps . . . . . . . . . . . . . . . . . . . . . 12
3.6 Dynamic Configuration Options . . . . . . . . . . . . . . . 11 3.6 Dynamic Configuration Options . . . . . . . . . . . . . . . 12
3.7 Information Access and Storage . . . . . . . . . . . . . . . 11 3.7 Information Access and Storage . . . . . . . . . . . . . . . 13
4 Security Considerations . . . . . . . . . . . . . . . . . . . . 12 4 Security Considerations . . . . . . . . . . . . . . . . . . . . 13
4.1 Resource Consumption and Resource Consumption Attacks . . . 12 4.1 Resource Consumption and Resource Consumption Attacks . . . 13
4.2 Pervasive monitoring . . . . . . . . . . . . . . . . . . . . 12 4.2 Pervasive monitoring . . . . . . . . . . . . . . . . . . . . 13
4.3 PDM as a Covert Channel . . . . . . . . . . . . . . . . . . 13 4.3 PDM as a Covert Channel . . . . . . . . . . . . . . . . . . 14
4.4 Timing Attacks . . . . . . . . . . . . . . . . . . . . . . . 13 4.4 Timing Attacks . . . . . . . . . . . . . . . . . . . . . . . 14
5 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 14 5 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 15
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.1 Normative References . . . . . . . . . . . . . . . . . . . . 14 6.1 Normative References . . . . . . . . . . . . . . . . . . . . 15
6.2 Informative References . . . . . . . . . . . . . . . . . . . 15 6.2 Informative References . . . . . . . . . . . . . . . . . . . 16
Appendix A: Context for PDM . . . . . . . . . . . . . . . . . . . 15 Appendix A: Context for PDM . . . . . . . . . . . . . . . . . . . 16
A.1 End User Quality of Service (QoS) . . . . . . . . . . . . . 15 A.1 End User Quality of Service (QoS) . . . . . . . . . . . . . 16
A.2 Need for a Packet Sequence Number (PSN) . . . . . . . . . . 15 A.2 Need for a Packet Sequence Number (PSN) . . . . . . . . . . 17
A.3 Rationale for Defined Solution . . . . . . . . . . . . . . . 16 A.3 Rationale for Defined Solution . . . . . . . . . . . . . . . 17
A.4 Use PDM with Other Headers . . . . . . . . . . . . . . . . . 16 A.4 Use PDM with Other Headers . . . . . . . . . . . . . . . . . 17
Appendix B : Timing Considerations . . . . . . . . . . . . . . . . 17 Appendix B : Timing Considerations . . . . . . . . . . . . . . . . 19
B.1 Timing Differential Calculations . . . . . . . . . . . . . . 17 B.1 Timing Differential Calculations . . . . . . . . . . . . . . 19
B.2 Considerations of this time-differential representation . . 18 B.2 Considerations of this time-differential representation . . 20
B.2.1 Limitations with this encoding method . . . . . . . . . 18 B.2.1 Limitations with this encoding method . . . . . . . . . 20
B.2.2 Loss of precision induced by timer value truncation . . 19 B.2.2 Loss of precision induced by timer value truncation . . 21
Appendix C: Sample Packet Flows . . . . . . . . . . . . . . . . . 20 Appendix C: Sample Packet Flows . . . . . . . . . . . . . . . . . 22
C.1 PDM Flow - Simple Client Server . . . . . . . . . . . . . . 20 C.1 PDM Flow - Simple Client Server . . . . . . . . . . . . . . 22
C.1.1 Step 1 . . . . . . . . . . . . . . . . . . . . . . . . . 21 C.1.1 Step 1 . . . . . . . . . . . . . . . . . . . . . . . . . 23
C.1.2 Step 2 . . . . . . . . . . . . . . . . . . . . . . . . . 21 C.1.2 Step 2 . . . . . . . . . . . . . . . . . . . . . . . . . 23
C.1.3 Step 3 . . . . . . . . . . . . . . . . . . . . . . . . . 22 C.1.3 Step 3 . . . . . . . . . . . . . . . . . . . . . . . . . 24
C.1.4 Step 4 . . . . . . . . . . . . . . . . . . . . . . . . . 23 C.1.4 Step 4 . . . . . . . . . . . . . . . . . . . . . . . . . 25
C.1.5 Step 5 . . . . . . . . . . . . . . . . . . . . . . . . . 24 C.1.5 Step 5 . . . . . . . . . . . . . . . . . . . . . . . . . 26
C.2 Other Flows . . . . . . . . . . . . . . . . . . . . . . . . 24 C.2 Other Flows . . . . . . . . . . . . . . . . . . . . . . . . 26
C.2.1 PDM Flow - One Way Traffic . . . . . . . . . . . . . . . 24 C.2.1 PDM Flow - One Way Traffic . . . . . . . . . . . . . . . 26
C.2.2 PDM Flow - Multiple Send Traffic . . . . . . . . . . . . 26 C.2.2 PDM Flow - Multiple Send Traffic . . . . . . . . . . . . 28
C.2.3 PDM Flow - Multiple Send with Errors . . . . . . . . . . 27 C.2.3 PDM Flow - Multiple Send with Errors . . . . . . . . . . 29
Appendix D: Potential Overhead Considerations . . . . . . . . . . 28 Appendix D: Potential Overhead Considerations . . . . . . . . . . 30
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 29 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 31
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32
1 Background 1 Background
To assess performance problems, measurements based on optional To assess performance problems, measurements based on optional
sequence numbers and timing may be embedded in each packet. Such sequence numbers and timing may be embedded in each packet. Such
measurements may be interpreted in real-time or after the fact. measurements may be interpreted in real-time or after the fact.
As defined in RFC2460 [RFC2460], destination options are carried by As defined in RFC2460 [RFC2460], destination options are carried by
the IPv6 Destination Options extension header. Destination options the IPv6 Destination Options extension header. Destination options
include optional information that need be examined only by the IPv6 include optional information that need be examined only by the IPv6
node given as the destination address in the IPv6 header, not by node given as the destination address in the IPv6 header, not by
routers or other "middle boxes". This document specifies a new routers or other "middle boxes". This document specifies the
destination option, the Performance and Diagnostic Metrics (PDM) Performance and Diagnostic Metrics (PDM) destination option. The
destination option. This document specifies the layout, field field limits, calculations, and usage in measurement of the PDM
limits, calculations, and usage of the PDM in measurement. destination options extension header are included in this document.
1.1 Terminology 1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
1.2 Rationale for defined solution 1.2 Rationale for defined solution
The current IPv6 specification does not provide timing nor a similar The current IPv6 specification does not provide timing nor a similar
field in the IPv6 main header or in any extension header. The IPv6 field in the IPv6 main header or in any extension header. The IPv6
Performance and Diagnostic Metrics destination option (PDM) provides Performance and Diagnostic Metrics destination option (PDM) provides
such fields. such fields.
Advantages include: Advantages include:
1. Real measure of actual transactions. 1. Real measure of actual transactions.
2. Independence from transport layer protocols. 2. Ability to span organizational boundaries with consistent
3. Ability to span organizational boundaries with consistent
instrumentation. instrumentation.
4. No time synchronization needed between session partners 3. No time synchronization needed between session partners
5. Ability to handle all transport protocols (TCP, UDP, SCTP, etc) in 4. Ability to handle all transport protocols (TCP, UDP, SCTP, etc) in
a uniform way a uniform way
The PDM provides the ability to determine quickly if the (latency) The PDM provides the ability to determine quickly if the (latency)
problem is in the network or in the server (application). That is, problem is in the network or in the server (application). That is,
it is a fast way to do triage. For more information on background it is a fast way to do triage. For more information on background
and usage of PDM, see Appendix A. and usage of PDM, see Appendix A.
1.3 IPv6 Transition Technologies 1.3 IPv6 Transition Technologies
In the path to full implementation of IPv6, transition technologies In the path to full implementation of IPv6, transition technologies
such as translation or tunneling may be employed. It is possible such as translation or tunneling may be employed. It is possible
that an IPv6 packet containing PDM may be dropped if using IPv6 that an IPv6 packet containing PDM may be dropped if using IPv6
transition technologies. For example, an implementation using a transition technologies. For example, an implementation using a
translation technique (IPv6 to IPv4) which does not support or translation technique (IPv6 to IPv4) which does not support or
recognize the IPv6 Destination Options extension header may simply recognize the IPv6 Destination Options extension header may simply
drop the packet rather than translating it without the extension drop the packet rather than translating it without the extension
header. header.
It is also possible that some devices in the network may not
correctly handle multiple IPv6 Extension Headers, including the IPv6
Destination Option. For example, adding the PDM header to a packet
may push the layer 4 information to a point in the packet where it is
not visible to filtering logic, and may be dropped. This kind of
situation is expected to become rare over time.
2 Measurement Information Derived from PDM 2 Measurement Information Derived from PDM
Each packet contains information about the sender and receiver. In IP Each packet contains information about the sender and receiver. In IP
protocol, the identifying information is called a "5-tuple". protocol, the identifying information is called a "5-tuple".
The 5-tuple consists of: The 5-tuple consists of:
SADDR : IP address of the sender SADDR : IP address of the sender
SPORT : Port for sender SPORT : Port for sender
DADDR : IP address of the destination DADDR : IP address of the destination
skipping to change at page 10, line 40 skipping to change at page 11, line 40
3.4 Header Placement Using IPSec ESP Mode 3.4 Header Placement Using IPSec ESP Mode
IPSec Encapsulating Security Payload (ESP) is defined in [RFC4303] IPSec Encapsulating Security Payload (ESP) is defined in [RFC4303]
and is widely used. Section 3.1.1 of [RFC4303] discusses placement and is widely used. Section 3.1.1 of [RFC4303] discusses placement
of Destination Options Headers. of Destination Options Headers.
The placement of PDM is different depending on if ESP is used in The placement of PDM is different depending on if ESP is used in
tunnel or transport mode. tunnel or transport mode.
In ESP case, no 5-tuple is available, as there are no port numbers.
ESP flow should be identified only by using SADDR, DADDR and PROTOC.
The SPI numbers SHOULD be ignored when considering the flow over
which PDM information is measured.
3.4.1 Using ESP Transport Mode 3.4.1 Using ESP Transport Mode
Note that Destination Options may be placed before or after ESP or Note that Destination Options may be placed before or after ESP or
both. If using PDM in ESP transport mode, PDM MUST be placed after both. If using PDM in ESP transport mode, PDM MUST be placed after
the ESP header so as not to leak information. the ESP header so as not to leak information.
3.4.2 Using ESP Tunnel Mode 3.4.2 Using ESP Tunnel Mode
Note that Destination Options may be placed before or after ESP or Note that Destination Options may be placed before or after ESP or
both in both the outer set of IP headers and the inner set of IP both in both the outer set of IP headers and the inner set of IP
headers. A tunnel endpoint that creates a new packet may decide to headers. A tunnel endpoint that creates a new packet may decide to
use PDM independent of the use of PDM of the original packet to use PDM independent of the use of PDM of the original packet to
enable delay measurements between the two tunnel endpoints enable delay measurements between the two tunnel endpoints.
3.5 Implementation Considerations 3.5 Implementation Considerations
3.5.1 PDM Activation 3.5.1 PDM Activation
An implementation should provide an interface to enable or disable An implementation should provide an interface to enable or disable
the use of PDM. This specification recommends having PDM off by the use of PDM. This specification recommends having PDM off by
default. default.
PDM MUST NOT be turned on merely if a packet is received with a PDM PDM MUST NOT be turned on merely if a packet is received with a PDM
skipping to change at page 12, line 50 skipping to change at page 14, line 9
Let us discuss fingerprinting of the end host first. It is possible Let us discuss fingerprinting of the end host first. It is possible
that seeing the pattern of deltas or the absolute values could give that seeing the pattern of deltas or the absolute values could give
some information as to the speed of the end host - that is, if it is some information as to the speed of the end host - that is, if it is
a very fast system or an older, slow device. This may be useful to a very fast system or an older, slow device. This may be useful to
the attacker. However, if the attacker has access to PDM, the the attacker. However, if the attacker has access to PDM, the
attacker also has access to the entire packet and could make such a attacker also has access to the entire packet and could make such a
deduction based merely on the time frames elapsed between packets deduction based merely on the time frames elapsed between packets
WITHOUT PDM. WITHOUT PDM.
As far as deducing the content of the payload, it is conceivable that As far as deducing the content of the payload, in terms of the
an attacker could attempt to deduce the type of application in use by application level information such as web page, user name, user
noting the server time and payload length. Having said that, some password and so on, it appears to us that PDM is quite unhelpful in
encryption algorithms attempt to obfuscate the packet length to avoid this regard. Having said that, the ability to separate wire-time
just such vulnerabilities. In the future, encryption algorithms may from processing time may potentially provide an attacker with
wish to obfuscate the server time as well. additional information. It is conceivable that an attacker could
attempt to deduce the type of application in use by noting the server
time and payload length. Some encryption algorithms attempt to
obfuscate the packet length to avoid just such vulnerabilities. In
the future, encryption algorithms may wish to obfuscate the server
time as well.
4.3 PDM as a Covert Channel 4.3 PDM as a Covert Channel
PDM provides a set of fields in the packet which could be used to PDM provides a set of fields in the packet which could be used to
leak data. But, there is no real reason to suspect that PDM would leak data. But, there is no real reason to suspect that PDM would be
be chosen rather than another part of the payload or another chosen rather than another part of the payload or another Extension
Extension Header. Header.
A firewall or another device could sanity check the fields within the A firewall or another device could sanity check the fields within the
PDM but randomly assigned sequence numbers and delta times might be PDM but randomly assigned sequence numbers and delta times might be
expected to vary widely. The biggest problem though is how an expected to vary widely. The biggest problem though is how an
attacker would get access to PDM in the first place to leak data. attacker would get access to PDM in the first place to leak data.
The attacker would have to either compromise the end host or have Man The attacker would have to either compromise the end host or have Man
in the Middle (MitM). It is possible that either one could change in the Middle (MitM). It is possible that either one could change
the fields. But, then the other end host would get sequence numbers the fields. But, then the other end host would get sequence numbers
and deltas that don't make any sense. and deltas that don't make any sense.
It is conceivable that someone could compromise an end host and make It is conceivable that someone could compromise an end host and make
it start sending packets with PDM without the knowledge of the host. it start sending packets with PDM without the knowledge of the host.
But, again, the bigger problem is the compromise of the end host. But, again, the bigger problem is the compromise of the end host.
Once that is done, the attacker probably has better ways to leak Once that is done, the attacker probably has better ways to leak
data. data.
Having said that, if a PDM aware middle box or an implementation Having said that, if a PDM aware middle box or an implementation
detects some number of "nonsensical" sequence numbers it could take (destination host) detects some number of "nonsensical" sequence
action to block to block, discard, or alert on this traffic. numbers or timing information, it could take action to block,
discard, or alert on this traffic.
4.4 Timing Attacks 4.4 Timing Attacks
The fact that PDM can help in the separation of node processing time The fact that PDM can help in the separation of node processing time
from network latency brings value to performance monitoring. Yet, it from network latency brings value to performance monitoring. Yet, it
is this very characteristic of PDM which may be misused to make is this very characteristic of PDM which may be misused to make
certain new type of timing attacks against protocols and certain new type of timing attacks against protocols and
implementations possible. implementations possible.
Depending on the nature of the cryptographic protocol used, it may be Depending on the nature of the cryptographic protocol used, it may be
possible to leak the long term credentials of the device. For possible to leak the credentials of the device. For example, if an
example, if an attacker is able to create an attack which causes the attacker can see that PDM is being used, then the attacker might use
enterprise to turn on PDM to diagnose the attack, then the attacker PDM to launch a timing attack against the keying material used by the
might use PDM during that debugging time to launch a timing attack cryptographic protocol.
against the keying material used by the cryptographic protocol.
An implementation may want to be sure that PDM is enabled only for An implementation may want to be sure that PDM is enabled only for
certain ip addresses, or only for some ports. Additionally, the certain ip addresses, or only for some ports. Additionally, the
implementation SHOULD require an explicit restart of monitoring after implementation SHOULD require an explicit restart of monitoring after
a certain time period (for example for 1 hour), to make sure that PDM a certain time period (for example for 1 hour), to make sure that PDM
is not accidentally left on after debugging has been done etc. is not accidentally left on after debugging has been done etc.
Even so, if using PDM, a user "Consent to be Measured" SHOULD be a Even so, if using PDM, a user "Consent to be Measured" SHOULD be a
pre-requisite for using PDM. Consent is common in enterprises and pre-requisite for using PDM. Consent is common in enterprises and
with some subscription services. The actual content of "Consent to with some subscription services. The actual content of "Consent to
be Measured" will differ by site but it SHOULD make clear that the be Measured" will differ by site but it SHOULD make clear that the
traffic is being measured for quality of service and to assist in traffic is being measured for quality of service and to assist in
diagnostics as well as to make clear that there may be potential diagnostics as well as to make clear that there may be potential
risks of certain vulnerabilities if the traffic is captured during a risks of certain vulnerabilities if the traffic is captured during a
diagnostic session diagnostic session.
5 IANA Considerations 5 IANA Considerations
This draft requests an Destination Option Type assignment with the This draft requests an Destination Option Type assignment with the
act bits set to 00 and the chg bit set to 0 from the Destination act bits set to 00 and the chg bit set to 0 from the Destination
Options and Hop-by-Hop Options sub-registry of Internet Protocol Options and Hop-by-Hop Options sub-registry of Internet Protocol
Version 6 (IPv6) Parameters [ref to RFCs and URL below]. Version 6 (IPv6) Parameters [ref to RFCs and URL below].
http://www.iana.org/assignments/ipv6-parameters/ipv6- http://www.iana.org/assignments/ipv6-parameters/ipv6-
parameters.xhtml#ipv6-parameters-2 parameters.xhtml#ipv6-parameters-2
skipping to change at page 16, line 19 skipping to change at page 17, line 31
ensure uniqueness. ensure uniqueness.
This method of data collection along the path is of special use to This method of data collection along the path is of special use to
determine where packet loss or packet corruption is happening. determine where packet loss or packet corruption is happening.
The packet sequence number needs to be unique in the context of the The packet sequence number needs to be unique in the context of the
session (5-tuple). session (5-tuple).
A.3 Rationale for Defined Solution A.3 Rationale for Defined Solution
One of the important functions of PDM is to allow you to do quickly One of the important functions of PDM is to allow you to quickly
dispatch the right set of diagnosticians. Within network or server dispatch the right set of diagnosticians. Within network or server
latency, there may be many components. The job of the diagnostician latency, there may be many components. The job of the diagnostician
is to rule each one out until the culprit is found. is to rule each one out until the culprit is found.
How PDM fits into this diagnostic picture is that PDM will quickly How PDM fits into this diagnostic picture is that PDM will quickly
tell you how to escalate. PDM will point to either the network area tell you how to escalate. PDM will point to either the network area
or the server area. Within the server latency, PDM does not tell or the server area. Within the server latency, PDM does not tell
you if the bottleneck is in the IP stack or the application or buffer you if the bottleneck is in the IP stack or the application or buffer
allocation. Within the network latency, PDM does not tell you which allocation. Within the network latency, PDM does not tell you which
of the network segments or middle boxes is at fault. of the network segments or middle boxes is at fault.
 End of changes. 18 change blocks. 
79 lines changed or deleted 93 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/