draft-ietf-psamp-protocol-00.txt   draft-ietf-psamp-protocol-01.txt 
PSAMP working group PSAMP working group
Internet Draft EDITOR: B. Claise Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-00.txt Cisco Systems draft-ietf-psamp-protocol-01.txt Cisco Systems
Expires: April 2003 Otcober 2003 Expires: August 2004 February 2004
Packet Sampling (PSAMP) Protocol Specifications Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 31 skipping to change at page 1, line 31
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
This document specifies the export of packet information from a This document specifies the export of packet information from a
PSAMP exporting process to a PSAMP colleting process. For export of PSAMP Exporting Process to a PSAMP Colleting Process. For export of
packet information the IP Flow Information eXport (IPFIX) protocol packet information the IP Flow Information eXport (IPFIX) protocol
is used. It is shown that The IPFIX protocol is well suited for this is used. The IPFIX protocol is well suited for this purpose, because
purpose, because the IPFIX architecture matches the PSAMP the IPFIX architecture matches the PSAMP architecture very well and
architecture very well and the means provided by the IPFIX protocol the means provided by the IPFIX protocol are sufficient. The
are sufficient. The document specifies in detail how the IPFIX document specifies in detail how the IPFIX protocol is used for
protocol is used for PSAMP export of packet information. PSAMP export of packet information.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
Table of Contents Table of Contents
1. Open Issues.................................................2 1. Open Issues..................................................2
2. Introduction................................................2 1.1 Open Issues................................................2
3. Terminology.................................................3 1.2 Action Items...............................................3
4. Relationship between PSAMP and IPFIX........................3 2. Introduction.................................................3
4.1 IPFIX Overview............................................3 3. Terminology..................................................4
4.2 IPFIX and PSAMP Differences and Similarities..............4 4. Differences between PSAMP and IPFIX..........................4
4.2.1 Export Point of View....................................4 4.1 Architecture Point of View.................................4
4.2.2 Information Model Point of View.........................4 4.2 Protocol Point of View.....................................6
5. Using IPFIX for PSAMP.......................................5 4.3 Information Model Point of View............................6
5.1 High Level View of the Integration........................5 5. Using IPFIX for PSAMP........................................7
5.2 Partial or Entire IPFIX Protocol Specifications Support...6 5.1 High Level View of the Integration.........................7
6. PSAMP Requirements versus the IPFIX Solution................6 5.2 Partial or Entire IPFIX Protocol Specifications Support....7
6.1 IPFIX Solution for the PSAMP Requirements.................7 6. PSAMP Requirements versus the IPFIX Solution.................8
7. Low Level View of the Integration...........................9 6.1 IPFIX Solution for the PSAMP Requirements..................8
7.1 Sampling Case, PSAMP Base Level of Functionality..........9 7. Low Level View of the Integration...........................11
7.1.1 Example................................................10 7.1 Sampling Case, PSAMP Base Level of Functionality..........11
7.2 Sampling Case............................................10 7.1.1 Example..............................................11
7.2.1 Example................................................11 7.2 Sampling Case.............................................12
7.3 Filtering Case...........................................11 7.2.1 Example..............................................13
7.3.1 Example................................................11 7.3 Filtering Case............................................13
8. Security Considerations....................................12 7.3.1 Example..............................................13
9. References.................................................12 8. Security Considerations.....................................13
10. Acknowledgments...........................................12 9. IANA Considerations.........................................13
11. AuthorsÆ Addresses........................................13 10. References.................................................13
10.1 Normative References.....................................13
10.2 Informative References...................................14
11. Acknowledgments............................................14
1. Open Issues 1.
Open Issues
1.1
Open Issues
This section covers the open issues, still to be resolved/updated in This section covers the open issues, still to be resolved/updated in
this draft: this draft:
- For section 6 "PSAMP requirements versus the IPFIX solution",
check if there are any other requirements in the [PSAMP-FRAMEWORK].
2. Introduction PROTO-01 Do we want to distinguish an IPFIX Flow Record export with
one packet from a PSAMP export?
PROTO-02 Need to fill in the examples section 7.1.1, 7.1.2 and 7.1.3
PROTO-03 in packet interpretation.
Options Template FlowSet (SELECTOR_ID, SAMPLING_ALGO, SAMPLING
PARAM, TIMESTAMP, OBSERVATION POINT)
The packet reports MUST contain:
- the input sequence number(s), denoted the SEQUENCE-NUMBER in
[PSAMP-INFO]
- some number of contiguous bytes from the start of the
packet, denoted the PACKET-SAMPLE in [PSAMP-INFO]
- the destination BGP AS , denoted destinationAS in [IPFIX-
INFO]
- the input interface, denoted ingressPort in [IPFIX-INFO]
THIS IS NOT A GOOD EXAMPLE
PROTO-04 Extend security considerations by a discussion on exported
payload
The packet sampling (PSAMP) Working Group and the IP flow 1.2
information export (IPFIX) Working Group both aim at standardizing Action Items
technology for observing traffic from network devices and for
exporting some part of the observation. Also, both Working Groups
consider packet sampling as a component of their technology. While
for the IPFIX Working Group packet sampling is just one out of many
components considered, it is the focus of the PSAMP Working Group.
The PSAMP Working Group has agreed to use the IPFIX reporting This section covers the action items for this draft
protocol if it's suitable for the PSAMP requirements. Therefore, a
detailed analysis on the IPFIX protocol needs to be done and if
IPFIX is not suitable, then the reason should be stated exactly.
This document evaluates if the IPFIX protocol specifications could ACTION-01 For section 6 "PSAMP requirements versus the IPFIX
fit the export format requirements for PSAMP device, how PSAMP could solution", check if there are any other requirements in the [PSAMP-
use the IPFIX protocol, and whether the part of or the full IPFIX FRAMEWORK].
protocol specifications are actually required. As we will conclude ACTION-02 Update the terminology section
that the IPFIX protocol is suitable as export protocol for PSAMP, ACTION-03 A new section about the terminology comparison between
this document finally specifies in details how to use IPFIX. [PSAMP-PROTO] (hence [IPFIX-PROTO]) and [PSAMP-FRAMEWORK]
- Flow Data Records sent in Data FlowSet = packet report in
[PSAMP-FRAMEWORK]
- Options Data Record sent in Data FlowSet = packet interpretation
n [PSAMP-FRAMEWORK]
Exporting Process in IPFIX = Reporting Process in [PSAMP-
FRAMEWORK]
Note1: this is somehow explained in section 5.1
ACTION-04 Should briefly discuss the fact that PSAMP is OK with
IPFIX requirements in terms of time (uSec precision)
ACTION-05 Check for the existence of the Information Elements
defined here in [PSAMP-INFO] and modify if appropriate. Example:
Selector ID, packet-sample, sampling-algorithm, hash-value, etc…
For example, the section 7.1
ACTION-06 In section 6.1 ‘‘An Options Templates MUST be sent on
regular basis.’’ -> make the link with Metering Process Stats
currently discussed in the IPFIX mailing list and in [IPFIX-PROTO]
ACTION-07 Some text explanation the encoding of the new Information
Elements. For example, the ‘‘packet-fragment’’ will use the Variable
Length Data Type as described in [IPFIX-PROTO]
ACTION-08 Section 6 about ‘‘PSAMP requirements’’: check if any changes
with the version 5 of [PSAMP-FRAMEWORK]
3. Terminology 2.
Introduction
To be copied in from [PSAMP-FRAMEWORK4]. The IP Flow information export (IPFIX) protocol specified in [IPFIX-
PROTO] and [IPFIX-INFO] exports IP traffic information observed at
network devices. This matches the general protocol requirements
outlined in the Packet SAMPling (PSAMP) framework [PSAMP-FMWK].
However, there are some architectural differences between IPFIX and
PSAMP and in the requirements for an export protocol. While in the
IPFIX architecture [IPFIX-ARCH] packet sampling is just one out of
many components considered, it is the focus of the PSAMP framework
[PSAMP-FMWK]. This basic difference and a set of derived differences
in protocol requirements are outlined in Section 4. Despite these
differences, the IPFIX protocol is well suited as PSAMP protocol.
Section 5 specifies how the IPFIX protocol is used for the export of
packet samples. Required extensions of the IPFIX information model
are specified in the PSAMP information model [PSAMP-INFO].
4. Relationship between PSAMP and IPFIX 3.
Terminology
4.1 IPFIX Overview EDITOR’S NOTE:
- To be copied in from [PSAMP-FRAMEWORK].
- From [IPFIX-PROTO]:
- need Flow Record, Flow, Information Element, Metering Process,
Exporting Process, Collector, Scope
- need all terms from the table in section 5.2. That is:
FlowSet, Template Record, Data Record, Flow Data Record, Data
FlowSet, Options Data Record, Template FlowSet, Template
Record(s), Options Template FlowSet, Options Template Record
- need PSAMP device
- All the terms will have their initial letter in upper case
4.
Differences between PSAMP and IPFIX
The output of the IPFIX working group relevant for this draft, is The output of the IPFIX working group relevant for this draft, is
structured into three documents: structured into three documents:
- IP flow information architecture [IPFIX-ARCH] - IP Flow information architecture [IPFIX-ARCH]
- IPFIX Protocol Specifications [IPFIX-PROTO] - IPFIX Protocol Specifications [IPFIX-PROTO]
- IP flow information export information model [IPFIX-INFO] - IP Flow information export information model [IPFIX-INFO]
This table will help summarizing the IPFIX protocol specifications
[IPFIX-PROTO].
FlowSet Template Record Data Record
+----------------------------------------------------------------+
| | | Flow Data Record(s) |
| Data FlowSet | / | or |
| | | Options Data Record(s) |
+----------------------------------------------------------------+
| Template FlowSet | Template Record(s) | / |
+----------------------------------------------------------------+
| Options Template | Options Template | / |
| FlowSet | Record(s) | |
+----------------------------------------------------------------+
A Data FlowSet is composed of an Options Data Record(s) or Flow Data
Record(s); no Template Record is included.
The Flow Data Record is linked to a Template Record, and the Options
Data Record is linked to an Options Template Record.
A Template FlowSet is composed of Template Record(s); no Flow or
Options Data Record is included.
An Options Template FlowSet is composed of Options Template 4.1
Record(s); no Flow or Options Data Record is included. The Options Architecture Point of View
Template Record (and its corresponding Options Data Record) is used
to supply information about the metering process configuration or
specific data, rather than supplying information about IP flows.
The Options Data Records are sent on a regular basis, but not with
every Flow Data Record.
4.2 IPFIX and PSAMP Differences and Similarities Traffic Flow measurement as described in the IPFIX requirements
[IPFIX-REQ] and the IPFIX architecture [IPFIX-ARCH] can be separated
into two stages: packet processing and Flow processing.
The figure below illustrates these stages.
IPFIX achieves data reduction by aggregating per-packet IP layer On stage 1, all processing steps act on packets. Packets are
information into flow records. IPFIX produces and exports flow captured, time stamped, selected by one or more selection steps and
records containing information per flow. This information is created finally forwarded to packet classification that maps packets to
based on the observation of a potentially large number of packets. Flows. The packets selection steps may include filtering and
In contrast, PSAMP achieves data reduction by reducing the packet sampling functions.
population via sampling. PSAMP generates and exports information per
packet. For more details please see the [PSAMP-FRAMEWORK] and
[PSAMP-SAMPLE-TECH].
4.2.1 Export Point of View On stage 2, all processing steps act on Flows. After packets are
classified (mapped to Flows), Flows are generated or updated if they
exist already. Flow generation and update steps may be performed
repeatedly for aggregating Flows. Finally, Flows are exported.
From a pure export point of view, IPFIX will not distinguish a flow Packet sampling as described in the PSAMP framework [PSAMP-FMWK]
record composed of several packets aggregated together, from a flow covers only stage 1 of the IPFIX architecture with the packet
record composed of a single packet. classification replaced by packet record export.
As a conclusion, the PSAMP export can be seen as special IPFIX flow IPFIX architecture PSAMP framework
record containing information about a single packet.
PSAMP doesn't have the notion of flow. But in order to avoid any packet header packet header
duplication in the terminology and as a consequence a redefinition capturing \ capturing
of the IPFIX protocol specifications, the IPFIX terminology [IPFIX- | | |
PROTO] is kept unchanged, even if some obvious pointers to the timestamping | timestamping
notion of flow is made. For example: Flow Data Record, FlowSet, | | |
etc... v | v
+------>+ | stage 1: +------>+
| | > packet | |
| packet | processing | packet
| selection | | selection
| | | | |
+-------+ | +-------+
| | |
v | v
packet / packet record
classification \ export
| |
v |
+------>+ |
| | |
| Flow generation |
| and update | stage 2:
| | > Flow
| v | processing
| Flow |
| selection |
| | |
+-------+ |
| |
v |
Flow Record /
export
Comparison of IPFIX architecture and PSAMP framework
4.2.2 Information Model Point of View 4.2
Protocol Point of View
On one hand, the IPFIX export probably contains data types like Concerning the protocol, the major difference between IPFIX and
source IP address, destination IP address, ToS, etc. Refer to PSAMP is that the IPFIX protocol exports Flow Records while the
[IPFIX-INFO] for more details. On the other hand, the PSAMP export PSAMP protocol exports packet records. From a pure export point of
contains only the packet fragment in the base level of view, IPFIX will not distinguish a Flow Record composed of several
functionality. Refer to [PSAMP-INFO] for more details. packets aggregated together, from a Flow Record composed of a single
packet. So the PSAMP export can be seen as special IPFIX Flow Record
containing information about a single packet.
EDITOR’S NOTE: maybe we want to distinguish an IPFIX Flow Record
export with one packet from a PSAMP export?
As the templates are flexible, IPFIX will not distinguish from a Extensions of the IPFIX protocol needed by PSAMP are rather limited.
export point of view a flow record composed of several data types, A basic one is the need of a data type for protocol fields that has
from a flow record composed of just a few data types (for example: flexible length, such as an octet array. This is needed by the PSAMP
the packet fragment and the selector ID). protocol for reporting content of captured packets, for example the
first 40 octets of a packet.
The information model data types exported in an IPFIX device and a 4.3
PSAMP device are not completely different but most of the time Information Model Point of View
overlapping. Note that, according to [PSAMP-FRAMEWORK] section 5.2
"Recommended Contents for Packet Reports", the PSAMP reporting
process SHOULD also report fields relating to the protocols used in
the packets, to the packet treatment and to the selection state
associated with the packet.
Thus the PSAMP reporting process will not limit itself to the export However, the overlap between both protocols is still quite large.
the data types defined in [PSAMP-INFO], and can benefit from the Most of the data fields in the IPFIX protocol also apply to PSAMP,
data types already defined in [IPFIX-INFO]. for example all fields reporting packet header fields. Only a few
fields, such as flowCount, packetCount (whose value will always be
one) etc., cannot be used in a meaningful way by the PSAMP protocol.
Also, IPFIX protocol requirements concerning stage 2 do not apply to
the PSAMP protocol.
From the IPFIX point of view, the new PSAMP information model will Further required extensions apply to the information model. The
augment the data types that could be exported; for example, the hash IPFIX information model is rather poor concerning sampling. Just two
value, the selector ID or the packet-sampled. If a IPFIX metering fields, one for the sampling method and one for the sampling rate,
process create some flow records by sampling some packets, and if are not sufficient, as shown in [PSAMP-SLCT]. A set of several
both the IPFIX and PSAMP specifications are implemented on the additional fields is required for satisfying the requirements for a
device, the IPFIX flow records could be augmented with extra data PSAMP information model. Additional required extensions of the
types like the selector ID, the selector ID parameters, etc. information model concern packet filtering, and the a field
reporting content of a packet using the flexible length data type
mentioned above.
As the PSAMP information model is basically an extension to the Exploiting the extensibility of the IPFIX information model, the
IPFIX information model, a formal process must be in place for the required extension is covered by the PSAMP information model
addition of data types. The draft draft-bryant-ipfix-vendor-ie-00.tx specified in [PSAMP-INFO].
(not yet out) discusses some possibilities.
5. Using IPFIX for PSAMP 5.
Using IPFIX for PSAMP
5.1 High Level View of the Integration 5.1
High Level View of the Integration
The Template Record in the Template FlowSet is used to describe the The Template Record in the Template FlowSet is used to describe the
different PSAMP data types that will be exported to the Collector. different PSAMP Information Elements that will be exported to the
The Collector decodes the Template FlowSet and knows which data Collector. The Collector decodes the Template FlowSet and knows
types to expect when it receives the Flow Data Records in the Data which Information Elements to expect when it receives the Flow Data
FlowSet, i.e. the PSAMP Packet Reports. Typically, in the base level Records in the Data FlowSet, i.e. the PSAMP Packet Reports.
of the PSAMP functionality, the Template FlowSet will contain the Typically, in the base level of the PSAMP functionality, the
input sequence number, the packet fragment (some number of Template FlowSet will contain the input sequence number, the packet
contiguous bytes from the start of the packet) and the selector ID. fragment (some number of contiguous bytes from the start of the
packet) and the selector ID.
The Options Template Record in the Options Template FlowSet is used The Options Template Record in the Options Template FlowSet is used
to describe the different PSAMP data types that concern the metering to describe the different PSAMP Information Elements that concern
process itself: sampling and/or filtering functions, plus the the Metering Process itself: sampling and/or filtering functions,
associated parameters. The Collector decodes the Options Template plus the associated parameters. The Collector decodes the Options
FlowSet and knows which data types to expect when it receives the Template FlowSet and knows which Information Elements to expect when
Options Data Records in the Data FlowSet, i.e. the PSAMP Report it receives the Options Data Records in the Data FlowSet, i.e. the
Interpretation. Typically, the Options Template would contain the PSAMP Report Interpretation. Typically, the Options Template would
Selector ID, the sampling or filtering functions, and the sampling contain the Selector ID, the sampling or filtering functions, and
or filtering associated parameters. the sampling or filtering associated parameters.
5.2 Partial or Entire IPFIX Protocol Specifications Support 5.2
Partial or Entire IPFIX Protocol Specifications Support
The "High level view of the integration" section 5.1 concludes that The "High level view of the integration" section 5.1 concludes that
PSAMP requires all the different possibilities of the IPFIX protocol PSAMP requires all the different possibilities of the IPFIX protocol
specifications [IPFIX-PROTO]. That is the 3 types of FlowSet (Data specifications [IPFIX-PROTO]. That is the 3 types of FlowSet (Data
FlowSet, Template FlowSet and Options Templates FlowSet), the 2 FlowSet, Template FlowSet and Options Templates FlowSet), the 2
types of Templates Records (Template Record and Options Template types of Templates Records (Template Record and Options Template
Record), and the 2 types of Data Record (Flow Data Record, Options Record), and the 2 types of Data Record (Flow Data Record, Options
Data Record), as described again in the table below. Data Record), as described again in the table below.
FlowSet Template Record Data Record +------------------+---------------------------------------------+
+----------------------------------------------------------------+ | | Contents |
| +--------------------+------------------------+
| FlowSet | Template Record | Data Record |
+------------------+--------------------+------------------------+
| | | Flow Data Record(s) | | | | Flow Data Record(s) |
| Data FlowSet | / | or | | Data FlowSet | / | or |
| | | Options Data Record(s) | | | | Options Data Record(s) |
+----------------------------------------------------------------+ +------------------+--------------------+------------------------+
| Template FlowSet | Template Record(s) | / | | Template FlowSet | Template Record(s) | / |
+----------------------------------------------------------------+ +------------------+--------------------+------------------------+
| Options Template | Options Template | / | | Options Template | Options Template | / |
| FlowSet | Record(s) | | | FlowSet | Record(s) | |
+----------------------------------------------------------------+ +------------------+--------------------+------------------------+
As a consequence, PSAMP can't rely on a subset of the IPFIX protocol As a consequence, PSAMP can't rely on a subset of the IPFIX protocol
specifications are described in [IPFIX-PROTO]. The entire IPFIX specifications are described in [IPFIX-PROTO]. The entire IPFIX
protocol specifications MUST be implemented for the PSAMP export. protocol specifications MUST be implemented for the PSAMP export.
6. PSAMP Requirements versus the IPFIX Solution 6.
PSAMP Requirements versus the IPFIX Solution
[PSAMP-FRAMEWORK] describes some requirements that affect directly [PSAMP-FRAMEWORK] describes some requirements that affect directly
the export protocol. Refer to the following sections: the export protocol. Refer to the following sections:
section 3.2 "Reporting Process Requirements" section 3.2 "Reporting Process Requirements"
section 3.3 "Exporting Process Requirements" section 3.3 "Exporting Process Requirements"
section 5 "Reporting Process" section 5 "Reporting Process"
[PSAMP-FRAMEWORK] also describes in the section 3.1 one requirement [PSAMP-FRAMEWORK] also describes in the section 3.1 one requirement
that, if not directly related to the export protocol, will put some that, if not directly related to the export protocol, will put some
constraints on it: constraints on it:
Selection Process Requirements: Selection Process Requirements:
- Parallel Measurements: multiple independent measurement - Parallel Measurements: multiple independent measurement
processes at the same entity." processes at the same entity."
[PSAMP-FRAMEWORK] finally describes in the section 5 some [PSAMP-FRAMEWORK] finally describes in the section 5 some
requirements regarding the reporting process. This series of requirements regarding the reporting process. This series of
requirements specifies the different data types that MUST and SHOULD requirements specifies the different Information Elements that MUST
reported to the collector. Nevertheless IPFIX, being a generic and SHOULD reported to the collector. Nevertheless IPFIX, being a
export protocol, can export any data types as long as there are generic export protocol, can export any Information Elements as long
described in the information model. So these requirements are mainly as there are described in the information model. So these
targeted for the [PSAMP-INFO] document. requirements are mainly targeted for the [PSAMP-INFO] document.
6.1 IPFIX Solution for the PSAMP Requirements 6.1
IPFIX Solution for the PSAMP Requirements
Let's address the PSAMP requirements one by one. Let's address the PSAMP requirements one by one.
* Parallel Measurements: multiple independent measurement processes * Parallel Measurements: multiple independent measurement processes
at the same entity. Refer to [PSAMP-FRAMEWORK] section 3.1 "Selection at the same entity. Refer to [PSAMP-FRAMEWORK] section 3.1 "Selection
Process Requirements". Process Requirements".
This requirement is addressed by exporting the Selector ID data type This requirement is addressed by exporting the Selector ID
in every packet report, so part of every Flow Data Records. Note that Information Element in every packet report, so part of every Flow
without this requirement, exporting the Scope [IPFIX-PROTO] part of Data Records. Note that without this requirement, exporting the Scope
every single packet report could have been sufficient. part of every single packet report could have been sufficient.
* Transparency: allow transparent interpretation of measurements as * Transparency: allow transparent interpretation of measurements as
communicated by PSAMP reporting, without any need to obtain communicated by PSAMP reporting, without any need to obtain
additional information concerning the observed packet stream. Refer additional information concerning the observed packet stream. Refer
to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process Requirements". to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process Requirements".
This requirement is addressed by exporting the Selector ID in every This requirement is addressed by exporting the Selector ID
Flow Data Records (packet report) and exporting the associated Information Element in every Flow Data Records (packet report) and
SAMPLING_ALGORITHM and SAMPLING PARAMETERS in the Options Data Record exporting the associated SAMPLING_ALGORITHM and SAMPLING PARAMETERS
(packet interpretation). So the all the metering process parameters Information Elements in the Options Data Record (packet
are linked to the Flow Data Records. interpretation). So the all the Metering Process parameters are
linked to the Flow Data Records.
* Robustness to Information Loss: allow robust interpretation of * Robustness to Information Loss: allow robust interpretation of
measurements with respect to reports missing due to data loss, e.g. measurements with respect to reports missing due to data loss, e.g.
in transport, or within the measurement, reporting or exporting in transport, or within the measurement, reporting or Exporting
processes. Inclusion in reporting of information that enables the Processes. Inclusion in reporting of information that enables the
accuracy of measurements to be determined. Refer to [PSAMP-FRAMEWORK] accuracy of measurements to be determined. Refer to [PSAMP-FRAMEWORK]
section 3.2 "Reporting Process Requirements". section 3.2 "Reporting Process Requirements".
An Options Templates MUST be sent on regular basis. This Options An Options Templates MUST be sent on regular basis. This Options
Template contains for example the total number of packet report Template contains for example the total number of packet report
exported from the PSAMP device, the total number of packet observed, exported from the PSAMP device, the total number of packet observed,
etc... Thus the Collector can compare the number of packet report etc... Thus the Collector can compare the number of packet report
received per selector ID with the number actually metered and/or received per selector ID with the number actually metered and/or
sent. In case of discrepancy, a new sampling rate could be computed. sent. In case of discrepancy, a new sampling rate could be computed.
* Faithfulness: all reported quantities that relate to the packet * Faithfulness: all reported quantities that relate to the packet
treatment MUST reflect the router state and configuration encountered treatment MUST reflect the router state and configuration encountered
by the packet at the time it is received by the measurement process. by the packet at the time it is received by the measurement process.
Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process
Requirements". Requirements".
This requirement doesn't concern the export protocol itself but the This requirement doesn't concern the export protocol itself but the
metering process, even if described in the "Reporting Process Metering Process, even if described in the "Reporting Process
Requirements" section. Requirements" section.
* Privacy: selection of the content of packet reports will be * Privacy: selection of the content of packet reports will be
cognizant of privacy and anonymity issues while being responsive to cognizant of privacy and anonymity issues while being responsive to
the needs of measurement applications, and in accordance with RFC the needs of measurement applications, and in accordance with RFC
2804. Full packet capture of arbitrary packet streams is explicitly 2804. Full packet capture of arbitrary packet streams is explicitly
out of scope. Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting out of scope. Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting
Process Requirements". Process Requirements".
This requirement doesn't concern the export protocol itself, even if This requirement doesn't concern the export protocol itself, even if
described in the "Reporting Process Requirements" section. described in the "Reporting Process Requirements" section.
* Timeliness: reports on selected packets MUST be made available to * Timeliness: reports on selected packets MUST be made available to
the collector quickly enough to support near real time applications. the collector quickly enough to support near real time applications.
Specifically, any report on a packet MUST be dispatched within 1 Specifically, any report on a packet MUST be dispatched within 1
second of the time of receipt of the packet by the measurement second of the time of receipt of the packet by the measurement
process. Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process process. Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
Requirements". Requirements".
The IPFIX protocol specifications [IPFIX-PROTO] describe an The IPFIX protocol specifications [IPFIX-PROTO] describe an
inactivity timeout for the flow expiration. This inactivity timeout inactivity timeout for the Flow expiration. This inactivity timeout
is configurable, with a minimum value of 0 for immediate expiration. is configurable, with a minimum value of 0 for immediate expiration.
Note that this minimum value of 0 will force every single Flow Data Note that this minimum value of 0 will force every single Flow Data
Record to contain information about a single packet and not an Record to contain information about a single packet and not an
aggregation of packets. aggregation of packets.
* Congestion Avoidance: export of a report stream across a network * Congestion Avoidance: export of a report stream across a network
MUST be congestion avoiding in compliance with RFC 2914. Refer to MUST be congestion avoiding in compliance with RFC 2914. Refer to
[PSAMP-FRAMEWORK] section 3.3 "Export Process Requirements". [PSAMP-FRAMEWORK] section 3.3 "Export Process Requirements".
IPFIX, by its charter, MUST also respect this requirement. IPFIX, by its charter, MUST also respect this requirement.
skipping to change at page 9, line 30 skipping to change at page 11, line 5
provided. provided.
- integrity: alterations in transit to exported data MUST be - integrity: alterations in transit to exported data MUST be
detectable at the collector detectable at the collector
- authenticity: authenticity of exported data MUST be verifiable - authenticity: authenticity of exported data MUST be verifiable
by the collector in order to detect forged data. by the collector in order to detect forged data.
The motivation here is the same as for security in IPFIX export. The motivation here is the same as for security in IPFIX export.
Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
Requirements". Requirements".
7. Low Level View of the Integration 7.
Low Level View of the Integration
7.1 Sampling Case, PSAMP Base Level of Functionality 7.1
Sampling Case, PSAMP Base Level of Functionality
EDITORÆS NOTE: LET'S ASSUME THAT THE [PSAMP-INFO] DEFINES THE EDITORS NOTE: LET'S ASSUME THAT THE [PSAMP-INFO] DEFINES THE
FOLLOWING DATA TYPES FOLLOWING DATA TYPES
SEQUENCE-NUMBER: the input sequence number, SEQUENCE-NUMBER: the input sequence number,
PACKET-SAMPLE: some number of contiguous bytes from the start PACKET-SAMPLE: some number of contiguous bytes from the start
of the packet of the packet
SELECTOR-ID: SELECTOR-ID:
SAMPLING-ALGORITHM: SAMPLING-ALGORITHM:
SAMPLING-PARAMETER1, SAMPLING-PARAMETERS2, ETC... SAMPLING-PARAMETER1, SAMPLING-PARAMETERS2, ETC...
As described in the section 5.1 "Mandatory Contents of Packet As described in the section 5.1 "Mandatory Contents of Packet
Reports" of [PSAMP-FRAMEWORK], the packet reports must contain: Reports" of [PSAMP-FRAMEWORK], the packet reports must contain:
skipping to change at page 10, line 18 skipping to change at page 11, line 38
The report interpretation must contain: The report interpretation must contain:
- the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO] - the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO]
- the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING- - the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING-
PARAMETER2, etc... in [PSAMP-INFO] PARAMETER2, etc... in [PSAMP-INFO]
The Options Template FlowSet defines a Options Template Record The Options Template FlowSet defines a Options Template Record
composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS. composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
Finally the Data FlowSet is used to export the Flow Data Record(s) Finally the Data FlowSet is used to export the Flow Data Record(s)
containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and
SELECTOR-ID. The Data FlowSet is also used to export the SELECTOR-ID. The Data FlowSet is also used to export the Options
Options Data Record(s) containing the real values of SELECTOR-ID, Data Record(s) containing the real values of SELECTOR-ID, SAMPLING-
SAMPLING-ALGORITHM, SAMPLING-PARAMETERS. ALGORITHM, SAMPLING-PARAMETERS.
By means of the SELECTOR-ID, the Collector can link any Flow Data By means of the SELECTOR-ID, the Collector can link any Flow Data
Record to the corresponding Options Data Record. That is, any Flow Record to the corresponding Options Data Record. That is, any Flow
Data Record to the metering process funtion and parameters. Data Record to the Metering Process function and parameters.
7.1.1 Example 7.1.1 Example
EDITORÆS THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF [IPFIX- EDITORS THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF [IPFIX-
PROTO]. PROTO].
THE [PSAMP-INFO] MUST BE FIRST PUBLISHED. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
7.2 Sampling Case 7.2
Sampling Case
The PSAMP reporting process SHOULD also report fields relating to The PSAMP reporting process SHOULD also report fields relating to
the protocols used in the packets, to the packet treatment and to the protocols used in the packets, to the packet treatment and to
the selection state associated with the packet, as specified in the selection state associated with the packet, as specified in
[PSAMP-FRAMEWORK] section 5.2 "Recommended Contents for Packet [PSAMP-FRAMEWORK] section 5.2 "Recommended Contents for Packet
Reports". Reports".
Let's take the same example as in the section 7.1, but let's add the Let's take the same example as in the section 7.1, but let's add the
export of the destination BGP Autonomous System (AS) [1771] and of export of the destination BGP Autonomous System (AS) [1771] and of
the input interface the input interface
skipping to change at page 11, line 31 skipping to change at page 13, line 7
SELECTOR-ID, destinationAS and ingressPort. The Data FlowSet is also SELECTOR-ID, destinationAS and ingressPort. The Data FlowSet is also
used to export the Options Data Record(s) containing the real values used to export the Options Data Record(s) containing the real values
of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS. of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
As a consequence, the collector can link any Flow Data Record to the As a consequence, the collector can link any Flow Data Record to the
sampling algorithm and sampling parameters, by means of the sampling algorithm and sampling parameters, by means of the
SELECTOR-ID value. SELECTOR-ID value.
7.2.1 Example 7.2.1 Example
EDITORÆS NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF EDITORS NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
[IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED. [IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
7.3 Filtering Case 7.3
Filtering Case
EDITORÆS NOTE: ACTUALLY THE EXAMPLE WILL BE QUITE SIMILAR TO 7.1 AND EDITORS NOTE: ACTUALLY THE EXAMPLE WILL BE QUITE SIMILAR TO 7.1 AND
7.2 BUT WILL DEPEND A LOT ON HOW WE WILL DEFINE THE FILTERING IN 7.2 BUT WILL DEPEND A LOT ON HOW WE WILL DEFINE THE FILTERING IN
[IPFIX-INFO]. [IPFIX-INFO].
7.3.1 Example 7.3.1 Example
EDITORÆS NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF EDITOR’S NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
[IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED. [IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
8. Security Considerations 8.
Security Considerations
As IPFIX has been selected as the PSAMP export protocol and as the As IPFIX has been selected as the PSAMP export protocol and as the
PSAMP security requirements are not stricter than the IPFIX security PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security considerations. the security considerations.
9. References 9.
IANA Considerations
[PSAMP-FRAMEWORK] N. Duffield, D. Chiou, B. Claise, A. Greenber, M. The only IANA considerations in this document concerns the extension
Grossglauser "A Framework for Passive Packet Measurement" draft- of Information Elements, FlowSet ID and Scope. Refer to the IANA
ietf-psamp-framework-03.txt considerations section in [IPFIX-PROTO] where those possible new
assignments are specified.
[PSAMP-FRAMEWORK4] N. Duffield, D. Chiou, B. Claise, A. Greenber, M. 10.
Grossglauser "A Framework for Passive Packet Measurement" draft- References
ietf-psamp-framework-04.txt
10.1
Normative References
[PSAMP-SAMPLE-TECH] T. Zseby, M. Molina, F. Raspall, N. Duffield [PSAMP-SAMPLE-TECH] T. Zseby, M. Molina, F. Raspall, N. Duffield
"Sampling and Filtering Techniques for IP Packet Selection" draft- "Sampling and Filtering Techniques for IP Packet Selection" draft-
ietf-psamp-sample-tech-02.txt ietf-psamp-sample-tech-01.txt
[PSAMP-MIB] T. Dietz, D. Romascanu, B. Claise "Definitions of [PSAMP-MIB] T. Dietz, D. Romascanu, B. Claise "Definitions of
Managed Objects for Packet Sampling" draft-ietf-psamp-mib-00.txt Managed Objects for Packet Sampling" draft-ietf-psamp-mib-01.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise,
"Information Model for Packet Sampling Exports", draft-ietf-psamp- "Information Model for Packet Sampling Exports", draft-ietf-psamp-
info-00.txt info-00.txt
[IPFIX-ARCH] G. Sadasivan, N. Brownlee "Architecture Model for IP [IPFIX-ARCH] G. Sadasivan, N. Brownlee "Architecture Model for IP
Flow Information Export" draft-ietf-ipfix-arch-01.txt", June 2003 Flow Information Export" draft-ietf-ipfix-arch-02.txt", June 2003
[IPFIX-INFO] P. Calato, J. Meyer, J. Quittek, "Information Model for [IPFIX-INFO] P. Calato, J. Meyer, J. Quittek, "Information Model for
IP Flow Information Export" draft-ietf-ipfix-info-01, August 2003 IP Flow Information Export" draft-ietf-ipfix-info-02, August 2003
[IPFIX-PROTO] B. Claise, M. Fullmer, P. Calato, R. Penno, "IPFIX [IPFIX-PROTO] B. Claise, M. Fullmer, P. Calato, R. Penno, "IPFIX
Protocol Specifications", draft-ietf-ipfix-protocol-00.txt, June Protocol Specifications", draft-ietf-ipfix-protocol-02.txt, June
2003 2003
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP- [RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-
4)", RFC 1771, March 1995. 4)", RFC 1771, March 1995.
10. Acknowledgments 10.2
Informative References
[PSAMP-FRAMEWORK] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
Grossglauser "A Framework for Passive Packet Measurement" draft-
ietf-psamp-framework-04.txt
[IPFIX-REQ] J. Quittek, T. Zseby, B. Claise, S. Zander,
"Requirements for IP Flow Information Export" draft-ietf-ipfix-reqs-
10.txt, June 2003
11.
Acknowledgments
To be completed. To be completed.
11. AuthorsÆ Addresses Author’s Addresses
Benoit Claise Benoit Claise
Cisco Systems Cisco Systems
De Kleetlaan 6a b1 De Kleetlaan 6a b1
1831 Diegem 1831 Diegem
Belgium Belgium
Phone: +32 2 704 5622 Phone: +32 2 704 5622
E-mail: bclaise@cisco.com E-mail: bclaise@cisco.com
Juergen Quittek Juergen Quittek
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/