PSAMP working group
   Internet Draft                                EDITOR:     B. Claise
   draft-ietf-psamp-protocol-00.txt
   draft-ietf-psamp-protocol-01.txt                       Cisco Systems
   Expires: April 2003                                     Otcober 2003 August 2004                                   February 2004

              Packet Sampling (PSAMP) Protocol Specifications

 Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts. Internet-Drafts are draft documents valid for a maximum of
   six months and may be updated, replaced, or obsolete by other
   documents at any time. It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

 Abstract

   This document specifies the export of packet information from a
   PSAMP exporting process Exporting Process to a PSAMP colleting process. Colleting Process. For export of
   packet information the IP Flow Information eXport (IPFIX) protocol
   is used. It is shown that The IPFIX protocol is well suited for this purpose, because
   the IPFIX architecture matches the PSAMP architecture very well and
   the means provided by the IPFIX protocol are sufficient. The
   document specifies in detail how the IPFIX protocol is used for
   PSAMP export of packet information.

  Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.

  Table of Contents

     1. Open Issues.................................................2 Issues..................................................2
      1.1 Open Issues................................................2
      1.2 Action Items...............................................3
     2. Introduction................................................2 Introduction.................................................3
     3. Terminology.................................................3 Terminology..................................................4
     4. Relationship Differences between PSAMP and IPFIX........................3 IPFIX..........................4
      4.1 IPFIX Overview............................................3 Architecture Point of View.................................4
      4.2 IPFIX and PSAMP Differences and Similarities..............4
     4.2.1  Export Protocol Point of View....................................4
     4.2.2 View.....................................6
      4.3 Information Model Point of View.........................4 View............................6
     5. Using IPFIX for PSAMP.......................................5 PSAMP........................................7
      5.1 High Level View of the Integration........................5 Integration.........................7
      5.2 Partial or Entire IPFIX Protocol Specifications Support...6 Support....7
     6. PSAMP Requirements versus the IPFIX Solution................6 Solution.................8
      6.1 IPFIX Solution for the PSAMP Requirements.................7 Requirements..................8
     7. Low Level View of the Integration...........................9 Integration...........................11
      7.1 Sampling Case, PSAMP Base Level of Functionality..........9 Functionality..........11
       7.1.1  Example................................................10   Example..............................................11
      7.2 Sampling Case............................................10 Case.............................................12
       7.2.1  Example................................................11   Example..............................................13
      7.3 Filtering Case...........................................11 Case............................................13
       7.3.1  Example................................................11   Example..............................................13
     8. Security Considerations....................................12 Considerations.....................................13
     9. References.................................................12 IANA Considerations.........................................13
     10. Acknowledgments...........................................12 References.................................................13
      10.1 Normative References.....................................13
      10.2 Informative References...................................14
     11. AuthorsÆ Addresses........................................13 Acknowledgments............................................14

 1.
   Open Issues

 1.1
    Open Issues

   This section covers the open issues, still to be resolved/updated in
   this draft:

   PROTO-01 Do we want to distinguish an IPFIX Flow Record export with
   one packet from a PSAMP export?
   PROTO-02 Need to fill in the examples section 7.1.1, 7.1.2 and 7.1.3
   PROTO-03 in packet interpretation.
          Options Template FlowSet (SELECTOR_ID, SAMPLING_ALGO, SAMPLING
          PARAM, TIMESTAMP, OBSERVATION POINT)
          The packet reports MUST contain:
          - the input sequence number(s), denoted the SEQUENCE-NUMBER in
          [PSAMP-INFO]
          - some number of contiguous bytes from the start of the
          packet, denoted the PACKET-SAMPLE in [PSAMP-INFO]
          - the destination BGP AS , denoted destinationAS in [IPFIX-
          INFO]
          - the input interface, denoted ingressPort in [IPFIX-INFO]
          THIS IS NOT A GOOD EXAMPLE
   PROTO-04 Extend security considerations by a discussion on exported
   payload

 1.2
    Action Items

   This section covers the action items for this draft

   ACTION-01 For section 6 "PSAMP requirements versus the IPFIX
   solution", check if there are any other requirements in the [PSAMP-FRAMEWORK].

 2. Introduction

   The packet sampling (PSAMP) Working Group and [PSAMP-
   FRAMEWORK].
   ACTION-02 Update the IP flow
   information export (IPFIX) Working Group both aim at standardizing
   technology for observing traffic from network devices and for
   exporting some part of terminology section
   ACTION-03 A new section about the observation. Also, both Working Groups
   consider terminology comparison between
   [PSAMP-PROTO] (hence [IPFIX-PROTO]) and [PSAMP-FRAMEWORK]
      - Flow Data Records sent in Data FlowSet = packet sampling as a component of their technology. While
   for the IPFIX Working Group report in
      [PSAMP-FRAMEWORK]
      - Options Data Record sent in Data FlowSet = packet sampling is just one out of many
   components considered, it interpretation
      n [PSAMP-FRAMEWORK]
      Exporting Process in IPFIX = Reporting Process in [PSAMP-
      FRAMEWORK]
      Note1: this is somehow explained in section 5.1
   ACTION-04 Should briefly discuss the focus of the PSAMP Working Group.

   The fact that PSAMP Working Group has agreed to use the is OK with
   IPFIX reporting
   protocol if it's suitable requirements in terms of time (uSec precision)
   ACTION-05 Check for the PSAMP requirements. Therefore, a
   detailed analysis on existence of the IPFIX protocol needs to be done Information Elements
   defined here in [PSAMP-INFO] and modify if
   IPFIX is not suitable, then appropriate. Example:
   Selector ID, packet-sample, sampling-algorithm, hash-value, etc…
   For example, the reason should section 7.1
   ACTION-06 In section 6.1 ‘‘An Options Templates MUST be stated exactly.

   This document evaluates if sent on
   regular basis.’’ -> make the IPFIX protocol specifications could
   fit link with Metering Process Stats
   currently discussed in the IPFIX mailing list and in [IPFIX-PROTO]
   ACTION-07 Some text explanation the encoding of the new Information
   Elements. For example, the ‘‘packet-fragment’’ will use the Variable
   Length Data Type as described in [IPFIX-PROTO]
   ACTION-08 Section 6 about ‘‘PSAMP requirements’’: check if any changes
   with the version 5 of [PSAMP-FRAMEWORK]

 2.
   Introduction

   The IP Flow information export format (IPFIX) protocol specified in [IPFIX-
   PROTO] and [IPFIX-INFO] exports IP traffic information observed at
   network devices. This matches the general protocol requirements for PSAMP device, how PSAMP could
   use
   outlined in the Packet SAMPling (PSAMP) framework [PSAMP-FMWK].
   However, there are some architectural differences between IPFIX protocol, and whether
   PSAMP and in the part of or requirements for an export protocol. While in the full
   IPFIX architecture [IPFIX-ARCH] packet sampling is just one out of
   many components considered, it is the focus of the PSAMP framework
   [PSAMP-FMWK]. This basic difference and a set of derived differences
   in protocol specifications requirements are actually required. As we will conclude
   that outlined in Section 4. Despite these
   differences, the IPFIX protocol is suitable well suited as export PSAMP protocol.
   Section 5 specifies how the IPFIX protocol is used for PSAMP,
   this document finally specifies the export of
   packet samples. Required extensions of the IPFIX information model
   are specified in details how to use IPFIX. the PSAMP information model [PSAMP-INFO].

 3.
   Terminology

   EDITOR’S NOTE:
   - To be copied in from [PSAMP-FRAMEWORK4]. [PSAMP-FRAMEWORK].
   - From [IPFIX-PROTO]:
       - need Flow Record, Flow, Information Element, Metering Process,
       Exporting Process, Collector, Scope
       - need all terms from the table in section 5.2. That is:
       FlowSet, Template Record, Data Record, Flow Data Record, Data
       FlowSet, Options Data Record, Template FlowSet, Template
       Record(s), Options Template FlowSet, Options Template Record
       - need PSAMP device
   - All the terms will have their initial letter in upper case

 4. Relationship
   Differences between PSAMP and IPFIX

 4.1 IPFIX Overview

   The output of the IPFIX working group relevant for this draft, is
   structured into three documents:
      - IP flow Flow information architecture [IPFIX-ARCH]
      - IPFIX Protocol Specifications [IPFIX-PROTO]
      - IP flow Flow information export information model [IPFIX-INFO]

   This table will help summarizing

 4.1
     Architecture Point of View

   Traffic Flow measurement as described in the IPFIX protocol specifications
   [IPFIX-PROTO].

        FlowSet        Template  Record        Data Record
  +----------------------------------------------------------------+
  |                  |                    | requirements
   [IPFIX-REQ] and the IPFIX architecture [IPFIX-ARCH] can be separated
   into two stages: packet processing and Flow Data Record(s) processing.
   The figure below illustrates these stages.

   On stage 1, all processing steps act on packets. Packets are
   captured, time stamped, selected by one or more selection steps and
   finally forwarded to packet classification that maps packets to
   Flows. The packets selection steps may include filtering and
   sampling functions.

   On stage 2, all processing steps act on Flows. After packets are
   classified (mapped to Flows), Flows are generated or updated if they
   exist already. Flow generation and update steps may be performed
   repeatedly for aggregating Flows. Finally, Flows are exported.

   Packet sampling as described in the PSAMP framework [PSAMP-FMWK]
   covers only stage 1 of the IPFIX architecture with the packet
   classification replaced by packet record export.

      IPFIX architecture                       PSAMP framework

        packet header                           packet header
           capturing     \                         capturing
              |          | Data FlowSet                            |          /
         timestamping    |          or                       timestamping
              |          |                            |
              v          | Options Data Record(s)                            v
      +------>+          |
  +----------------------------------------------------------------+  stage 1:          +------>+
      | Template FlowSet       | Template Record(s)           > packet            |           /       |
  +----------------------------------------------------------------+
      | Options Template    packet        | Options Template  processing        |    packet
      |   selection      |                    |   selection
      |       |          |                    |       |
      +-------+          |                    +-------+
              |          |                            |
              v          |                            v
           packet       /                       packet record
        classification  \                          export
              |          |
              v          |
      +------>+          |
      | FlowSet       | Record(s)          |
      |
  +----------------------------------------------------------------+

   A Data FlowSet is composed of an Options Data Record(s) or Flow Data
   Record(s); no Template Record is included.
   The Flow Data Record is linked to a Template Record, generation  |
      |   and the Options
   Data Record is linked to an Options Template Record.

   A Template FlowSet is composed of Template Record(s); no update     |  stage 2:
      |       |           > Flow or
   Options Data Record is included.

   An Options Template FlowSet is composed of Options Template
   Record(s); no
      |       v          |  processing
      |     Flow or Options Data Record is included. The Options
   Template Record (and its corresponding Options Data Record) is used
   to supply information about the metering process configuration or
   specific data, rather than supplying information about IP flows.
   The Options Data Records are sent on a regular basis, but not with
   every         |
      |   selection      |
      |       |          |
      +-------+          |
              |          |
              v          |
         Flow Data Record.

 4.2 Record    /
           export
           Comparison of IPFIX architecture and PSAMP Differences and Similarities

   IPFIX achieves data reduction by aggregating per-packet IP layer
   information into flow records. framework

 4.2
     Protocol Point of View

   Concerning the protocol, the major difference between IPFIX produces and exports flow
   records containing information per flow. This information
   PSAMP is created
   based on that the observation of a potentially large number of packets.
   In contrast, PSAMP achieves data reduction by reducing IPFIX protocol exports Flow Records while the packet
   population via sampling.
   PSAMP generates and protocol exports information per
   packet. For more details please see the [PSAMP-FRAMEWORK] and
   [PSAMP-SAMPLE-TECH].

 4.2.1   Export Point of View packet records. From a pure export point of
   view, IPFIX will not distinguish a flow
   record Flow Record composed of several
   packets aggregated together, from a flow
   record Flow Record composed of a single
   packet.

   As a conclusion, So the PSAMP export can be seen as special IPFIX flow
   record Flow Record
   containing information about a single packet.

   PSAMP doesn't have the notion of flow. But in order
   EDITOR’S NOTE: maybe we want to avoid any
   duplication in the terminology and as a consequence distinguish an IPFIX Flow Record
   export with one packet from a redefinition PSAMP export?

   Extensions of the IPFIX protocol specifications, the IPFIX terminology [IPFIX-
   PROTO] needed by PSAMP are rather limited.
   A basic one is kept unchanged, even if some obvious pointers to the
   notion of flow is made. For example: Flow Data Record, FlowSet,
   etc...

 4.2.2    Information Model Point need of View

   On one hand, the IPFIX export probably contains a data types like
   source IP address, destination IP address, ToS, etc. Refer to
   [IPFIX-INFO] type for more details. On the other hand, protocol fields that has
   flexible length, such as an octet array. This is needed by the PSAMP export
   contains only the packet fragment in the base level
   protocol for reporting content of
   functionality. Refer to [PSAMP-INFO] captured packets, for more details.

   As example the templates are flexible, IPFIX will not distinguish from a
   export point of view a flow record composed
   first 40 octets of several data types,
   from a flow record composed packet.

 4.3
     Information Model Point of just a few data types (for example: View

   However, the packet fragment and overlap between both protocols is still quite large.
   Most of the selector ID).

   The information model data types exported fields in an IPFIX device and a
   PSAMP device are not completely different but most of the time
   overlapping. Note that, according IPFIX protocol also apply to [PSAMP-FRAMEWORK] section 5.2
   "Recommended Contents PSAMP,
   for Packet Reports", the PSAMP reporting
   process SHOULD also report example all fields relating to the protocols used in
   the packets, to the packet treatment and to the selection state
   associated with the packet.

   Thus the PSAMP reporting process packet header fields. Only a few
   fields, such as flowCount, packetCount (whose value will not limit itself to the export
   the data types defined in [PSAMP-INFO], and can benefit from the
   data types already defined always be
   one) etc., cannot be used in [IPFIX-INFO].

   From a meaningful way by the PSAMP protocol.
   Also, IPFIX point of view, protocol requirements concerning stage 2 do not apply to
   the new PSAMP protocol.

   Further required extensions apply to the information model. The
   IPFIX information model will
   augment the data types that could be exported; is rather poor concerning sampling. Just two
   fields, one for example, the hash
   value, sampling method and one for the selector ID or sampling rate,
   are not sufficient, as shown in [PSAMP-SLCT]. A set of several
   additional fields is required for satisfying the packet-sampled. If requirements for a IPFIX metering
   process create some flow records by sampling some packets, and if
   both
   PSAMP information model. Additional required extensions of the IPFIX
   information model concern packet filtering, and PSAMP specifications are implemented on the
   device, a field
   reporting content of a packet using the IPFIX flow records could be augmented with extra flexible length data
   types like the selector ID, type
   mentioned above.

   Exploiting the selector ID parameters, etc.

   As extensibility of the PSAMP IPFIX information model is basically an model, the
   required extension to is covered by the
   IPFIX PSAMP information model, a formal process must be model
   specified in place for the
   addition of data types. The draft draft-bryant-ipfix-vendor-ie-00.tx
   (not yet out) discusses some possibilities. [PSAMP-INFO].

 5.
   Using IPFIX for PSAMP

 5.1
    High Level View of the Integration

   The Template Record in the Template FlowSet is used to describe the
   different PSAMP data types Information Elements that will be exported to the
   Collector. The Collector decodes the Template FlowSet and knows
   which data
   types Information Elements to expect when it receives the Flow Data
   Records in the Data FlowSet, i.e. the PSAMP Packet Reports.
   Typically, in the base level of the PSAMP functionality, the
   Template FlowSet will contain the input sequence number, the packet
   fragment (some number of contiguous bytes from the start of the
   packet) and the selector ID.

   The Options Template Record in the Options Template FlowSet is used
   to describe the different PSAMP data types Information Elements that concern
   the metering
   process Metering Process itself: sampling and/or filtering functions,
   plus the associated parameters. The Collector decodes the Options
   Template FlowSet and knows which data types Information Elements to expect when
   it receives the Options Data Records in the Data FlowSet, i.e. the
   PSAMP Report Interpretation. Typically, the Options Template would
   contain the Selector ID, the sampling or filtering functions, and
   the sampling or filtering associated parameters.

 5.2
    Partial or Entire IPFIX Protocol Specifications Support

   The "High level view of the integration" section 5.1 concludes that
   PSAMP requires all the different possibilities of the IPFIX protocol
   specifications [IPFIX-PROTO]. That is the 3 types of FlowSet (Data
   FlowSet, Template FlowSet and Options Templates FlowSet), the 2
   types of Templates Records (Template Record and Options Template
   Record), and the 2 types of Data Record (Flow Data Record, Options
   Data Record), as described again in the table below.

    +------------------+---------------------------------------------+
    |                  |                    Contents                 |
    |                  +--------------------+------------------------+
    |     FlowSet      | Template  Record   |    Data Record
  +----------------------------------------------------------------+         |
    +------------------+--------------------+------------------------+
    |                  |                    |  Flow Data Record(s)   |
    | Data FlowSet     |          /         |          or            |
    |                  |                    | Options Data Record(s) |
  +----------------------------------------------------------------+
    +------------------+--------------------+------------------------+
    | Template FlowSet | Template Record(s) |           /            |
  +----------------------------------------------------------------+
    +------------------+--------------------+------------------------+
    | Options Template | Options Template   |           /            |
    | FlowSet          | Record(s)          |                        |
  +----------------------------------------------------------------+
    +------------------+--------------------+------------------------+

   As a consequence, PSAMP can't rely on a subset of the IPFIX protocol
   specifications are described in [IPFIX-PROTO]. The entire IPFIX
   protocol specifications MUST be implemented for the PSAMP export.

 6.
   PSAMP Requirements versus the IPFIX Solution

   [PSAMP-FRAMEWORK] describes some requirements that affect directly
   the export protocol. Refer to the following sections:
   section 3.2 "Reporting Process Requirements"
   section 3.3 "Exporting Process Requirements"
   section 5 "Reporting Process"

   [PSAMP-FRAMEWORK] also describes in the section 3.1 one requirement
   that, if not directly related to the export protocol, will put some
   constraints on it:
       Selection Process Requirements:
       - Parallel Measurements: multiple independent measurement
       processes at the same entity."

   [PSAMP-FRAMEWORK] finally describes in the section 5 some
   requirements regarding the reporting process. This series of
   requirements specifies the different data types Information Elements that MUST
   and SHOULD reported to the collector. Nevertheless IPFIX, being a
   generic export protocol, can export any data types Information Elements as long
   as there are described in the information model. So these
   requirements are mainly targeted for the [PSAMP-INFO] document.

 6.1
    IPFIX Solution for the PSAMP Requirements

   Let's address the PSAMP requirements one by one.

   * Parallel Measurements: multiple independent measurement processes
   at the same entity. Refer to [PSAMP-FRAMEWORK] section 3.1 "Selection
   Process Requirements".

   This requirement is addressed by exporting the Selector ID data type
   Information Element in every packet report, so part of every Flow
   Data Records. Note that without this requirement, exporting the Scope [IPFIX-PROTO]
   part of every single packet report could have been sufficient.

   * Transparency: allow transparent interpretation of measurements as
   communicated by PSAMP reporting, without any need to obtain
   additional information concerning the observed packet stream. Refer
   to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process Requirements".

   This requirement is addressed by exporting the Selector ID
   Information Element in every Flow Data Records (packet report) and
   exporting the associated SAMPLING_ALGORITHM and SAMPLING PARAMETERS
   Information Elements in the Options Data Record (packet
   interpretation). So the all the metering process Metering Process parameters are
   linked to the Flow Data Records.

   * Robustness to Information Loss: allow robust interpretation of
   measurements with respect to reports missing due to data loss, e.g.
   in transport, or within the measurement, reporting or exporting
   processes. Exporting
   Processes. Inclusion in reporting of information that enables the
   accuracy of measurements to be determined. Refer to [PSAMP-FRAMEWORK]
   section 3.2 "Reporting Process Requirements".

   An Options Templates MUST be sent on regular basis. This Options
   Template contains for example the total number of packet report
   exported from the PSAMP device, the total number of packet observed,
   etc... Thus the Collector can compare the number of packet report
   received per selector ID with the number actually metered and/or
   sent. In case of discrepancy, a new sampling rate could be computed.

   * Faithfulness: all reported quantities that relate to the packet
   treatment MUST reflect the router state and configuration encountered
   by the packet at the time it is received by the measurement process.
   Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process
   Requirements".

   This requirement doesn't concern the export protocol itself but the
   metering process,
   Metering Process, even if described in the "Reporting Process
   Requirements" section.

   * Privacy: selection of the content of packet reports will be
   cognizant of privacy and anonymity issues while being responsive to
   the needs of measurement applications, and in accordance with RFC
   2804. Full packet capture of arbitrary packet streams is explicitly
   out of scope. Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting
   Process Requirements".

   This requirement doesn't concern the export protocol itself, even if
   described in the "Reporting Process Requirements" section.

   * Timeliness: reports on selected packets MUST be made available to
   the collector quickly enough to support near real time applications.
   Specifically, any report on a packet MUST be dispatched within 1
   second of the time of receipt of the packet by the measurement
   process. Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
   Requirements".

   The IPFIX protocol specifications [IPFIX-PROTO] describe an
   inactivity timeout for the flow Flow expiration. This inactivity timeout
   is configurable, with a minimum value of 0 for immediate expiration.
   Note that this minimum value of 0 will force every single Flow Data
   Record to contain information about a single packet and not an
   aggregation of packets.

   * Congestion Avoidance: export of a report stream across a network
   MUST be congestion avoiding in compliance with RFC 2914. Refer to
   [PSAMP-FRAMEWORK] section 3.3 "Export Process Requirements".

   IPFIX, by its charter, MUST also respect this requirement.

   * Secure Export:
       - confidentiality: the option to encrypt exported data MUST be
       provided.
       - integrity: alterations in transit to exported data MUST be
       detectable at the collector
       - authenticity: authenticity of exported data MUST be verifiable
       by the collector in order to detect forged data.

   The motivation here is the same as for security in IPFIX export.
   Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
   Requirements".

 7.
   Low Level View of the Integration

 7.1
    Sampling Case, PSAMP Base Level of Functionality

   EDITORÆS

   EDITOR’S NOTE: LET'S ASSUME THAT THE [PSAMP-INFO] DEFINES THE
   FOLLOWING DATA TYPES
        SEQUENCE-NUMBER: the input sequence number,
        PACKET-SAMPLE: some number of contiguous bytes from the start
        of the packet
        SELECTOR-ID:
        SAMPLING-ALGORITHM:
        SAMPLING-PARAMETER1, SAMPLING-PARAMETERS2, ETC...

   As described in the section 5.1 "Mandatory Contents of Packet
   Reports" of [PSAMP-FRAMEWORK], the packet reports must contain:
   - the input sequence number(s), denoted the SEQUENCE-NUMBER in
   [PSAMP-INFO]
   - some number of contiguous bytes from the start of the packet,
   denoted the PACKET-SAMPLE in [PSAMP-INFO].
   Thus the Template FlowSet defines a Template Record composed of
   SEQUENCE-NUMBER, PACKET-SAMPLE and SELECTOR-ID.

   The report interpretation must contain:
   - the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO]
   - the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING-
   PARAMETER2, etc... in [PSAMP-INFO]
   The Options Template FlowSet defines a Options Template Record
   composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.

   Finally the Data FlowSet is used to export the Flow Data Record(s)
   containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and
   SELECTOR-ID. The Data FlowSet is also used to export the  Options
   Data Record(s) containing the real values of SELECTOR-ID,
   SAMPLING-ALGORITHM, SAMPLING-
   ALGORITHM, SAMPLING-PARAMETERS.

   By means of the SELECTOR-ID, the Collector can link any Flow Data
   Record to the corresponding Options Data Record. That is, any Flow
   Data Record to the metering process funtion Metering Process function and parameters.

 7.1.1    Example

   EDITORÆS

   EDITOR’S THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF [IPFIX-
   PROTO].
   THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.

 7.2
    Sampling Case

   The PSAMP reporting process SHOULD also report fields relating to
   the protocols used in the packets, to the packet treatment and to
   the selection state associated with the packet, as specified in
   [PSAMP-FRAMEWORK] section 5.2 "Recommended Contents for Packet
   Reports".

   Let's take the same example as in the section 7.1, but let's add the
   export of the destination BGP Autonomous System (AS) [1771] and of
   the input interface

   The packet reports MUST contain:
   - the input sequence number(s), denoted the SEQUENCE-NUMBER in
   [PSAMP-INFO]
   - some number of contiguous bytes from the start of the packet,
   denoted the PACKET-SAMPLE in [PSAMP-INFO]
   - the destination BGP AS , denoted destinationAS in [IPFIX-INFO]
   - the input interface, denoted ingressPort in [IPFIX-INFO]
   Thus the Template FlowSet defines a Template Record composed of
   SEQUENCE-NUMBER, PACKET-SAMPLE and SELECTOR-ID, destinationAS and
   ingressPort.

   The report interpretation will remain unchanged and must contain:
   - the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO]
   - the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING-
   PARAMETER2, etc... in [PSAMP-INFO]
   The Options Template FlowSet is used to define this template
   composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.

   Finally Data FlowSet is used to export the Flow Data Record(s)
   containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and
   SELECTOR-ID, destinationAS and ingressPort. The Data FlowSet is also
   used to export the Options Data Record(s) containing the real values
   of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.

   As a consequence, the collector can link any Flow Data Record to the
   sampling algorithm and sampling parameters, by means of the
   SELECTOR-ID value.

 7.2.1    Example

   EDITORÆS

   EDITOR’S NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
   [IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.

 7.3
    Filtering Case

   EDITORÆS

   EDITOR’S NOTE: ACTUALLY THE EXAMPLE WILL BE QUITE SIMILAR TO 7.1 AND
   7.2 BUT WILL DEPEND A LOT ON HOW WE WILL DEFINE THE FILTERING IN
   [IPFIX-INFO].

 7.3.1    Example

   EDITORÆS

   EDITOR’S NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
   [IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.

 8.
   Security Considerations

   As IPFIX has been selected as the PSAMP export protocol and as the
   PSAMP security requirements are not stricter than the IPFIX security
   requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
   the security considerations.

 9.
   IANA Considerations

   The only IANA considerations in this document concerns the extension
   of Information Elements, FlowSet ID and Scope. Refer to the IANA
   considerations section in [IPFIX-PROTO] where those possible new
   assignments are specified.

 10.
    References

 10.1
      Normative References

   [PSAMP-FRAMEWORK] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
   Grossglauser "A Framework for Passive Packet Measurement" draft-
   ietf-psamp-framework-03.txt

   [PSAMP-FRAMEWORK4] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
   Grossglauser "A Framework for Passive Packet Measurement" draft-
   ietf-psamp-framework-04.txt

   [PSAMP-SAMPLE-TECH] T. Zseby, M. Molina, F. Raspall, N. Duffield
   "Sampling and Filtering Techniques for IP Packet Selection" draft-
   ietf-psamp-sample-tech-02.txt
   ietf-psamp-sample-tech-01.txt

   [PSAMP-MIB] T. Dietz, D. Romascanu, B. Claise "Definitions of
   Managed Objects for Packet Sampling" draft-ietf-psamp-mib-00.txt draft-ietf-psamp-mib-01.txt
   [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise,
   "Information Model for Packet Sampling Exports", draft-ietf-psamp-
   info-00.txt

   [IPFIX-ARCH] G. Sadasivan, N. Brownlee "Architecture Model for IP
   Flow Information Export" draft-ietf-ipfix-arch-01.txt", draft-ietf-ipfix-arch-02.txt", June 2003

   [IPFIX-INFO] P. Calato, J. Meyer, J. Quittek, "Information Model for
   IP Flow Information Export" draft-ietf-ipfix-info-01, draft-ietf-ipfix-info-02, August 2003

   [IPFIX-PROTO] B. Claise, M. Fullmer, P. Calato, R. Penno, "IPFIX
   Protocol Specifications", draft-ietf-ipfix-protocol-00.txt, draft-ietf-ipfix-protocol-02.txt, June
   2003

   [RFC1771]   Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-
   4)", RFC 1771, March 1995.

 10.

 10.2
     Informative References

   [PSAMP-FRAMEWORK] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
   Grossglauser "A Framework for Passive Packet Measurement" draft-
   ietf-psamp-framework-04.txt

   [IPFIX-REQ] J. Quittek, T. Zseby, B. Claise, S. Zander,
   "Requirements for IP Flow Information Export" draft-ietf-ipfix-reqs-
   10.txt, June 2003

 11.
    Acknowledgments

   To be completed.

 11. AuthorsÆ

   Author’s Addresses

   Benoit Claise
   Cisco Systems
   De Kleetlaan 6a b1
   1831 Diegem
   Belgium
   Phone: +32 2 704 5622
   E-mail: bclaise@cisco.com

   Juergen Quittek
   NEC Europe Ltd.
   Network Laboratories
   Kurfuersten-Anlage 36
   69115 Heidelberg
   Germany
   Phone: +49 6221 90511-15
   Email: quittek@ccrle.nec.de