draft-ietf-psamp-protocol-04.txt   draft-ietf-psamp-protocol-05.txt 
PSAMP working group PSAMP working group
Internet Draft EDITOR: B. Claise Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-04.txt Cisco Systems draft-ietf-psamp-protocol-05.txt Cisco Systems
Expires: September 2006 March 2006 Expires: September 2006 March 2006
Packet Sampling (PSAMP) Protocol Specifications Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
skipping to change at page 2, line 14 skipping to change at page 2, line 14
sufficient. The document specifies in detail how the IPFIX protocol sufficient. The document specifies in detail how the IPFIX protocol
is used for PSAMP export of packet information. is used for PSAMP export of packet information.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction................................................3 1. Introduction.................................................3
2. PSAMP Documents Overview....................................3 2. PSAMP Documents Overview.....................................3
3. Terminology.................................................4 3. Terminology..................................................4
3.1 IPFIX Terminology..........................................4 3.1 IPFIX Terminology..........................................4
3.2 PSAMP Terminology..........................................8 3.2 PSAMP Terminology..........................................8
3.2.1 Packet Streams and Packet Content.....................8 3.2.1 Packet Streams and Packet Content.......................8
3.2.2 Selection Process.....................................9 3.2.2 Selection Process.......................................9
3.2.3 Reporting............................................10 3.2.3 Reporting..............................................10
3.2.4 Exporting Process....................................11 3.2.4 Exporting Process......................................11
3.2.5 PSAMP Device.........................................11 3.2.5 PSAMP Device...........................................11
3.2.6 Selection Methods....................................11 3.2.6 Selection Methods......................................11
3.3 IPFIX and PSMAP Terminology Comparison....................13 3.3 IPFIX and PSMAP Terminology Comparison....................13
3.3.1 PSAMP and IPFIX Processes............................13 3.3.1 PSAMP and IPFIX Processes..............................13
3.3.2 Packet Report, Packet Interpretation, and Data Record14 3.3.2 Packet Report, Packet Interpretation, and Data Record..14
4. Differences between PSAMP and IPFIX........................14 4. Differences between PSAMP and IPFIX.........................14
4.1 Architecture Point of View................................14 4.1 Architecture Point of View................................14
4.2 Protocol Point of View....................................16 4.2 Protocol Point of View....................................16
4.3 Information Model Point of View...........................16 4.3 Information Model Point of View...........................16
5. PSAMP Requirements versus the IPFIX Solution...............16 5. PSAMP Requirements versus the IPFIX Solution................16
5.1 High Level View of the Integration........................17 5.1 High Level View of the Integration........................17
6. Using the IPFIX Protocol for PSAMP.........................18 6. Using the IPFIX Protocol for PSAMP..........................18
6.1 Selector ID...............................................18 6.1 Selector ID...............................................18
6.2 The Selection Sequence....................................18 6.2 The Selection Sequence....................................18
6.3 The Exporting Process.....................................18 6.3 The Exporting Process.....................................18
6.4 Packet Report.............................................18 6.4 Packet Report.............................................18
6.4.1 Basic Packet Report..................................19 6.4.1 Basic Packet Report....................................19
6.4.2 Extended Packet Report...............................21 6.4.2 Extended Packet Report.................................21
6.5 Report Interpretation.....................................23 6.5 Report Interpretation.....................................23
6.5.1 Selection Sequence Report Interpretation.............23 6.5.1 Selection Sequence Report Interpretation...............23
6.5.2 Selector Report Interpretation.......................25 6.5.2 Selector Report Interpretation.........................25
6.5.2.1 Systematic Count-Based Sampling......................25 6.5.2.1 Systematic Count-Based Sampling.......................25
6.5.2.2 Systematic Time-Based Sampling.......................27 6.5.2.2 Systematic Time-Based Sampling........................27
6.5.2.3 Random n-out-of-N Sampling...........................28 6.5.2.3 Random n-out-of-N Sampling............................28
6.5.2.4 Uniform Probabilistic Sampling.......................29 6.5.2.4 Uniform Probabilistic Sampling........................29
6.5.2.5 Property Match Filtering.............................30 6.5.2.5 Property Match Filtering..............................30
6.5.2.6 Hash-Based Filtering.................................32 6.5.2.6 Hash-Based Filtering..................................32
6.5.2.7 Other Selection Methods..............................35 6.5.2.7 Other Selection Methods...............................35
6.5.3 Selection Sequence Statistics Report Interpretation..35 6.5.3 Selection Sequence Statistics Report Interpretation....35
6.5.4 Accuracy Report Interpretation.......................38 6.5.4 Accuracy Report Interpretation.........................38
7. Security Considerations....................................41 7. Security Considerations.....................................41
8. IANA Considerations........................................41 8. IANA Considerations.........................................41
8.1 IPFIX Related Considerations..............................41 8.1 IPFIX Related Considerations..............................41
8.2 PSAMP Related Considerations..............................41 8.2 PSAMP Related Considerations..............................41
9. References.................................................42 9. References..................................................42
9.1 Normative References......................................42 9.1 Normative References......................................42
9.2 Informative References....................................42 9.2 Informative References....................................42
10. Acknowledgments...........................................43 10. Acknowledgments............................................43
1. 1. Introduction
Introduction
The name PSAMP is a contraction of the phrase Packet SAMPling. The The name PSAMP is a contraction of the phrase Packet SAMPling. The
word "sampling" captures the idea that only a subset of all packets word "sampling" captures the idea that only a subset of all packets
passing a network element will be selected for reporting. PSAMP passing a network element will be selected for reporting. PSAMP
selection operations include random selection, deterministic selection operations include random selection, deterministic
selection (filtering), and deterministic approximations to random selection (filtering), and deterministic approximations to random
selection (hash-based selection). selection (hash-based selection).
The IP Flow information export (IPFIX) protocol specified in [IPFIX- The IP Flow information export (IPFIX) protocol specified in [IPFIX-
PROTO] exports IP traffic information [IPFIX-INFO] observed at PROTO] exports IP traffic information [IPFIX-INFO] observed at
skipping to change at page 3, line 40 skipping to change at page 3, line 39
[IPFIX-ARCH] is focused on gathering and exporting IP traffic flow [IPFIX-ARCH] is focused on gathering and exporting IP traffic flow
information, the focus of the PSAMP framework [PSAMP-FMWK] is on information, the focus of the PSAMP framework [PSAMP-FMWK] is on
exporting information on individual packets. This basic difference exporting information on individual packets. This basic difference
and a set of derived differences in protocol requirements are and a set of derived differences in protocol requirements are
outlined in Section 4. Despite these differences, the IPFIX protocol outlined in Section 4. Despite these differences, the IPFIX protocol
is well suited as PSAMP protocol. Section 5 specifies how the IPFIX is well suited as PSAMP protocol. Section 5 specifies how the IPFIX
protocol is used for the export of packet samples. Required protocol is used for the export of packet samples. Required
extensions of the IPFIX information model are specified in the PSAMP extensions of the IPFIX information model are specified in the PSAMP
information model [PSAMP-INFO]. information model [PSAMP-INFO].
2. 2. PSAMP Documents Overview
PSAMP Documents Overview
[PSAMP-FMWK]: "A Framework for Packet Selection and Reporting", [PSAMP-FMWK]: "A Framework for Packet Selection and Reporting",
describes the PSAMP framework for network elements to select subsets describes the PSAMP framework for network elements to select subsets
of packets by statistical and other methods, and to export a stream of packets by statistical and other methods, and to export a stream
of reports on the selected packets to a collector. of reports on the selected packets to a collector.
[PSAMP-TECH]: "Sampling and Filtering Techniques for IP Packet [PSAMP-TECH]: "Sampling and Filtering Techniques for IP Packet
Selection", describes the set of packet selection techniques Selection", describes the set of packet selection techniques
supported by PSAMP. supported by PSAMP.
[PSAMP-PROTO]: "Packet Sampling (PSAMP) Protocol Specifications" [PSAMP-PROTO]: "Packet Sampling (PSAMP) Protocol Specifications"
(this document), specifies the export of packet information from a (this document), specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Collecting Process. PSAMP Exporting Process to a PSAMP Collecting Process.
[PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines [PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines
an information and data model for PSAMP. an information and data model for PSAMP.
[PSAMP-MIB]: "Definitions of Managed Objects for Packet Sampling" [PSAMP-MIB]: "Definitions of Managed Objects for Packet Sampling"
describes the PSAMP Management Information Base. describes the PSAMP Management Information Base.
3. 3. Terminology
Terminology
As the IPFIX export protocol is used to export the PSAMP information, As the IPFIX export protocol is used to export the PSAMP information,
the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in
this document. The terminology summary table in section 4.1 gives a this document. The terminology summary table in section 4.1 gives a
quick overview of the relationships between the different IPFIX quick overview of the relationships between the different IPFIX
terms. The PSAMP terminology defined here is fully consistent with terms. The PSAMP terminology defined here is fully consistent with
all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only
definitions that are only relevant to the PSAMP protocol appear here. definitions that are only relevant to the PSAMP protocol appear here.
Section 5.4 applies the PSAMP terminology to the IPFIX protocol Section 5.4 applies the PSAMP terminology to the IPFIX protocol
terminology. terminology.
3.1 3.1 IPFIX Terminology
IPFIX Terminology
The IPFIX terminology section has been entirely copied over from The IPFIX terminology section has been entirely copied over from
[IPFIX-PROTO], except for the IPFIX Exporting Process term, which is [IPFIX-PROTO], except for the IPFIX Exporting Process term, which is
defined more precisely in the PSAMP terminology section. defined more precisely in the PSAMP terminology section.
Observation Point Observation Point
An Observation Point is a location in the network where IP packets An Observation Point is a location in the network where IP packets
can be observed. Examples include: a line to which a probe is can be observed. Examples include: a line to which a probe is
attached, a shared medium, such as an Ethernet-based LAN, a single attached, a shared medium, such as an Ethernet-based LAN, a single
skipping to change at page 8, line 31 skipping to change at page 8, line 31
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
| Data Set | / | Data Record(s) | | Data Set | / | Data Record(s) |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
| Template Set | Template Record(s) | / | | Template Set | Template Record(s) | / |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
| Options Template | Options Template | / | | Options Template | Options Template | / |
| Set | Record(s) | | | Set | Record(s) | |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
Figure A: Terminology Summary Table Figure A: Terminology Summary Table
3.2 3.2 PSAMP Terminology
PSAMP Terminology
The PSAMP terminology section has been copied over from [PSAMP-TECH]. The PSAMP terminology section has been copied over from [PSAMP-TECH].
3.2.1 Packet Streams and Packet Content 3.2.1 Packet Streams and Packet Content
Observed Packet Stream Observed Packet Stream
The Observed Packet Stream is the set of all packets observed at the The Observed Packet Stream is the set of all packets observed at the
Observation Point. Observation Point.
skipping to change at page 13, line 44 skipping to change at page 13, line 44
The Attained Selection Fraction is the actual ratio of the The Attained Selection Fraction is the actual ratio of the
number of packets selected by a Selector from an input number of packets selected by a Selector from an input
Population, to the Population Size. For some Sampling methods the Population, to the Population Size. For some Sampling methods the
Attained Selection Fraction can differ from the Configured Selection Attained Selection Fraction can differ from the Configured Selection
Fraction due to, for example, the inherent statistical variability in Fraction due to, for example, the inherent statistical variability in
Sampling decisions of probabilistic Sampling and Hash-based Sampling decisions of probabilistic Sampling and Hash-based
Selection. Nevertheless, for large Population Sizes and properly Selection. Nevertheless, for large Population Sizes and properly
configured Selectors, the Attained Selection Fraction usually configured Selectors, the Attained Selection Fraction usually
approaches the Configured Selection Fraction. approaches the Configured Selection Fraction.
3.3 3.3 IPFIX and PSMAP Terminology Comparison
IPFIX and PSMAP Terminology Comparison
The PSAMP terminology has been specified with an IPFIX background, as The PSAMP terminology has been specified with an IPFIX background, as
PSAMP and IPFIX have similar terms. However, this section explains PSAMP and IPFIX have similar terms. However, this section explains
the non compatible terms between IPFIX and PSAMP. the non compatible terms between IPFIX and PSAMP.
3.3.1 PSAMP and IPFIX Processes 3.3.1 PSAMP and IPFIX Processes
The figure B indicates the sequence of the processes (selection and The figure B indicates the sequence of the processes (selection and
exporting) within the PSAMP Device. exporting) within the PSAMP Device.
+----------+ +-----------+ +----------+ +-----------+
skipping to change at page 14, line 30 skipping to change at page 14, line 30
The PSAMP terminology speaks of Packet Report and Packet The PSAMP terminology speaks of Packet Report and Packet
Interpretation, while the IPFIX terminology speaks of Data Record and Interpretation, while the IPFIX terminology speaks of Data Record and
(Option) Template Record. The PSAMP Packet Report, which comprises (Option) Template Record. The PSAMP Packet Report, which comprises
information about the observed packet, can be viewed as analogous to information about the observed packet, can be viewed as analogous to
the IPFIX Data Record defined by a Template Record. The PSAMP Packet the IPFIX Data Record defined by a Template Record. The PSAMP Packet
Interpretation, which comprises subsidiary information used for the Interpretation, which comprises subsidiary information used for the
interpretation of the Packet Reports, can be viewed as analogous to interpretation of the Packet Reports, can be viewed as analogous to
the IPFIX Data Record defined by an Option Template Record. the IPFIX Data Record defined by an Option Template Record.
4. 4. Differences between PSAMP and IPFIX
Differences between PSAMP and IPFIX
The output of the IPFIX working group relevant for this draft is The output of the IPFIX working group relevant for this draft is
structured into three documents: structured into three documents:
- IP Flow information architecture [IPFIX-ARCH] - IP Flow information architecture [IPFIX-ARCH]
- IPFIX protocol specifications [IPFIX-PROTO] - IPFIX protocol specifications [IPFIX-PROTO]
- IP Flow information export information model [IPFIX-INFO] - IP Flow information export information model [IPFIX-INFO]
4.1 4.1 Architecture Point of View
Architecture Point of View
Traffic Flow measurement as described in the IPFIX requirements Traffic Flow measurement as described in the IPFIX requirements
[RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated [RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated
into two stages: packet processing and Flow processing. into two stages: packet processing and Flow processing.
Figure C illustrates these stages. Figure C illustrates these stages.
In stage 1, all processing steps act on packets. Packets are In stage 1, all processing steps act on packets. Packets are
captured, time stamped, selected by one or more selection steps and captured, time stamped, selected by one or more selection steps and
finally forwarded to packet classification that maps packets to finally forwarded to packet classification that maps packets to
Flows. The packets selection steps may include Filtering and Flows. The packets selection steps may include Filtering and
skipping to change at page 16, line 4 skipping to change at page 16, line 4
| Flow | | Flow |
| selection | | selection |
| | | | | |
+-------+ | +-------+ |
| | | |
v | v |
Flow Record / Flow Record /
export export
Figure C: Comparison of IPFIX architecture and PSAMP framework Figure C: Comparison of IPFIX architecture and PSAMP framework
4.2 4.2 Protocol Point of View
Protocol Point of View
Concerning the protocol, the major difference between IPFIX and PSAMP Concerning the protocol, the major difference between IPFIX and PSAMP
is that the IPFIX protocol exports Flow Records while the PSAMP is that the IPFIX protocol exports Flow Records while the PSAMP
protocol exports Packet Records. From a pure export point of view, protocol exports Packet Records. From a pure export point of view,
IPFIX will not distinguish a Flow Record composed of several packets IPFIX will not distinguish a Flow Record composed of several packets
aggregated together from a Flow Record composed of a single packet. aggregated together from a Flow Record composed of a single packet.
So the PSAMP export can be seen as special IPFIX Flow Record So the PSAMP export can be seen as special IPFIX Flow Record
containing information about a single packet. containing information about a single packet.
All extensions of the IPFIX protocol that are required to satisfy the All extensions of the IPFIX protocol that are required to satisfy the
PSAMP requirements have already been incorporated in the IPFIX PSAMP requirements have already been incorporated in the IPFIX
protocol [IPFIX-PROTO], which was developed in parallel with the protocol [IPFIX-PROTO], which was developed in parallel with the
PSAMP protocol. An example is the need for a data type for protocol PSAMP protocol. An example is the need for a data type for protocol
fields that have flexible length, such as an octet array. This was fields that have flexible length, such as an octet array. This was
added to the IPFIX protocol specification in order to meet the added to the IPFIX protocol specification in order to meet the
requirement of the PSAMP protocol to report content of captured requirement of the PSAMP protocol to report content of captured
packets, for example the first octets of a packet. packets, for example the first octets of a packet.
4.3 4.3 Information Model Point of View
Information Model Point of View
From the information model point of view, the overlap between both From the information model point of view, the overlap between both
the IPFIX and PSAMP protocols is quite large. Most of the the IPFIX and PSAMP protocols is quite large. Most of the
Information Elements in the IPFIX protocol are also relevant for Information Elements in the IPFIX protocol are also relevant for
exporting packet information, for example all fields reporting packet exporting packet information, for example all fields reporting packet
header properties. Only a few Information Elements, such as header properties. Only a few Information Elements, such as
flowCount, packetCount (whose value will always be 1 for PSAMP) etc., flowCount, packetCount (whose value will always be 1 for PSAMP) etc.,
cannot be used in a meaningful way by the PSAMP protocol. Also, cannot be used in a meaningful way by the PSAMP protocol. Also,
IPFIX protocol requirements concerning stage 2 of figure C do not IPFIX protocol requirements concerning stage 2 of figure C do not
apply to the PSAMP metering process. apply to the PSAMP metering process.
skipping to change at page 16, line 48 skipping to change at page 16, line 46
the IPFIX charter speaks of Sampling, no Sampling related Information the IPFIX charter speaks of Sampling, no Sampling related Information
Elements are specified in [IPFIX-INFO]. The task of specifying them Elements are specified in [IPFIX-INFO]. The task of specifying them
was intentionally left for the PSAMP information model [PSAMP-INFO]. was intentionally left for the PSAMP information model [PSAMP-INFO].
A set of several additional fields is required for satisfying the A set of several additional fields is required for satisfying the
requirements for the PSAMP information model [PSAMP-TECH]. requirements for the PSAMP information model [PSAMP-TECH].
Exploiting the extensibility of the IPFIX information model, the Exploiting the extensibility of the IPFIX information model, the
required extension is covered by the PSAMP information model required extension is covered by the PSAMP information model
specified in [PSAMP-INFO]. specified in [PSAMP-INFO].
5. 5. PSAMP Requirements versus the IPFIX Solution
PSAMP Requirements versus the IPFIX Solution
In the "Generic Requirements for PSAMP" section, [PSAMP-FMWK] In the "Generic Requirements for PSAMP" section, [PSAMP-FMWK]
describes some requirements that affect directly the PSAMP export describes some requirements that affect directly the PSAMP export
protocol. protocol.
In the "Generic Selection Process Requirements" section, [PSAMP-FMWK] In the "Generic Selection Process Requirements" section, [PSAMP-FMWK]
describes one requirement that, if not directly related to the export describes one requirement that, if not directly related to the export
protocol, will put some constraints on it. Parallel Measurements: protocol, will put some constraints on it. Parallel Measurements:
multiple independent selection processes at the same entity. multiple independent selection processes at the same entity.
skipping to change at page 17, line 37 skipping to change at page 17, line 37
* Congestion avoidance * Congestion avoidance
* Secure export * Secure export
* Export rate limit * Export rate limit
* Microsecond timestamp resolution * Microsecond timestamp resolution
The only requirement that is not met is Export Packet compression. The only requirement that is not met is Export Packet compression.
With the choice of IPFIX as PSAMP export protocol, the export packet With the choice of IPFIX as PSAMP export protocol, the export packet
compression option mentioned in the section 8.5 of the framework compression option mentioned in the section 8.5 of the framework
document [PSAMP-FMWK] is not addressed. document [PSAMP-FMWK] is not addressed.
5.1 5.1 High Level View of the Integration
High Level View of the Integration
The Template Record in the Template Set is used to describe the The Template Record in the Template Set is used to describe the
different PSAMP Information Elements that will be exported to the different PSAMP Information Elements that will be exported to the
Collector. The Collector decodes the Template Record in the Template Collector. The Collector decodes the Template Record in the Template
Set and knows which Information Elements to expect when it receives Set and knows which Information Elements to expect when it receives
the Data Records in the Data Set, i.e. the PSAMP Packet Reports. the Data Records in the Data Set, i.e. the PSAMP Packet Reports.
Typically, in the base level of the PSAMP functionality, the Template Typically, in the base level of the PSAMP functionality, the Template
Set will contain the input sequence number, the packet fragment (some Set will contain the input sequence number, the packet fragment (some
number of contiguous bytes from the start of the packet or from the number of contiguous bytes from the start of the packet or from the
start of the payload) and the Selection Sequence. start of the payload) and the Selection Sequence.
skipping to change at page 18, line 20 skipping to change at page 18, line 20
PSAMP requires all the different possibilities of the IPFIX protocol PSAMP requires all the different possibilities of the IPFIX protocol
specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set, specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set,
Template Set and Options Templates Set) with the 2 types of Templates Template Set and Options Templates Set) with the 2 types of Templates
Records (Template Record and Options Template Record), as described Records (Template Record and Options Template Record), as described
in the figure A. As a consequence, PSAMP can't rely on a subset of in the figure A. As a consequence, PSAMP can't rely on a subset of
the IPFIX protocol specifications are described in [IPFIX-PROTO]. the IPFIX protocol specifications are described in [IPFIX-PROTO].
The entire IPFIX protocol specifications [IPFIX-PROTO] MUST be The entire IPFIX protocol specifications [IPFIX-PROTO] MUST be
implemented for the PSAMP protocol. implemented for the PSAMP protocol.
6. 6. Using the IPFIX Protocol for PSAMP
Using the IPFIX Protocol for PSAMP
6.1 6.1 Selector ID
Selector ID
The Selector ID is the unique ID identifying a Primitive Selector. The Selector ID is the unique ID identifying a Primitive Selector.
Each Primitive Selector MUST have a unique ID within the Observation Each Primitive Selector MUST have a unique ID within the Observation
Domain. The Selector ID is represented by the selectorId Information Domain. The Selector ID is represented by the selectorId Information
Element [PSAMP-INFO]. Element [PSAMP-INFO].
6.2 6.2 The Selection Sequence ID
The Selection Sequence ID
From all the packets observed at an Observation Point, a subset of From all the packets observed at an Observation Point, a subset of
packets is selected by one or more Selectors. The Selection Sequence packets is selected by one or more Selectors. The Selection Sequence
is the combination of an Observation Point and one or more is the combination of an Observation Point and one or more
Selector(s) through which the packets are selected. The Selection Selector(s) through which the packets are selected. The Selection
Sequence ID is a unique value representing that combination. The Sequence ID is a unique value representing that combination. The
Selection Sequence ID is represented by the selectionSequenceId Selection Sequence ID is represented by the selectionSequenceId
Information Element [PSAMP-INFO]. Information Element [PSAMP-INFO].
6.3 6.3 The Exporting Process
The Exporting Process
An Exporting Process MUST be able to limit the export rate according An Exporting Process MUST be able to limit the export rate according
to a configurable value. The Exporting Process MAY limit the export to a configurable value. The Exporting Process MAY limit the export
rate on a per Collecting Process basis. rate on a per Collecting Process basis.
6.4 6.4 Packet Report
Packet Report
For each Selection Sequences, for each selected packet, a Packet For each Selection Sequences, for each selected packet, a Packet
Report MUST be created. The format of the Packet Report is specified Report MUST be created. The format of the Packet Report is specified
in a Template Record contained in a Template Set. in a Template Record contained in a Template Set.
There are two types of Packet Report, as described in [PSAMP-FWMK]: There are two types of Packet Report, as described in [PSAMP-FWMK]:
the basic Packet Report and the extended Packet Report. the basic Packet Report and the extended Packet Report.
6.4.1 Basic Packet Report 6.4.1 Basic Packet Report
skipping to change at page 23, line 6 skipping to change at page 23, line 6
| 10.0.0.1 | | 10.0.0.1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10.0.1.106 | | 10.0.1.106 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 72 | 1372 | | 72 | 1372 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 80 | | 80 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure F: Example of an Extended Packet Report Figure F: Example of an Extended Packet Report
6.5 6.5 Report Interpretation
Report Interpretation
To make full sense of the Packet Reports there are a number of To make full sense of the Packet Reports there are a number of
additional pieces of information that must be communicated to the additional pieces of information that must be communicated to the
Collector: Collector:
- The details about which Selectors and Observation Points are being - The details about which Selectors and Observation Points are being
used within a Selection Sequences MUST be provided using the used within a Selection Sequences MUST be provided using the
Selection Sequence Report Interpretation. Selection Sequence Report Interpretation.
- The configuration details of each Selector MUST be provided using - The configuration details of each Selector MUST be provided using
the Selector Report Interpretation. the Selector Report Interpretation.
- The Selector ID statistics MUST be provided using the Selection - The Selector ID statistics MUST be provided using the Selection
skipping to change at page 41, line 19 skipping to change at page 41, line 19
| ...(encoded as a float32) | | ...(encoded as a float32) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure P: Example of the Selection Sequence Statistics Report Figure P: Example of the Selection Sequence Statistics Report
Interpretation Interpretation
Notes: Notes:
* relativeError is of type float64 but is compressed down to a * relativeError is of type float64 but is compressed down to a
float32 here. float32 here.
7. 7. Security Considerations
Security Considerations
As IPFIX has been selected as the PSAMP export protocol and as the As IPFIX has been selected as the PSAMP export protocol and as the
PSAMP security requirements are not stricter than the IPFIX security PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security considerations. the security considerations.
In the basic Packet Report, a PSAMP Device exports some number of In the basic Packet Report, a PSAMP Device exports some number of
contiguous bytes from the start of the packet, including the packet contiguous bytes from the start of the packet, including the packet
header (which includes link layer, network layer and other header (which includes link layer, network layer and other
encapsulation headers) and some subsequent bytes of the packet encapsulation headers) and some subsequent bytes of the packet
payload. The PSAMP Device SHOULD NOT export the full payload of payload. The PSAMP Device SHOULD NOT export the full payload of
conversations, as this would mean wiretapping [RFC2804]. conversations, as this would mean wiretapping [RFC2804].
8. 8. IANA Considerations
IANA Considerations
The PSAMP Protocol, as set out in this document, has two sets of The PSAMP Protocol, as set out in this document, has two sets of
assigned numbers. Considerations for assigning them are discussed in assigned numbers. Considerations for assigning them are discussed in
this section, using the example policies as set out in the this section, using the example policies as set out in the
"Guidelines for IANA Considerations" document IANA-RFC [RFC2434]. "Guidelines for IANA Considerations" document IANA-RFC [RFC2434].
8.1 8.1 IPFIX Related Considerations
IPFIX Related Considerations
As the PSAMP protocol uses the IPFIX protocol, refer to the IANA As the PSAMP protocol uses the IPFIX protocol, refer to the IANA
considerations section in [IPFIX-PROTO] for the assignments of considerations section in [IPFIX-PROTO] for the assignments of
numbers used in the protocol and for the numbers used in the numbers used in the protocol and for the numbers used in the
information model. information model.
8.2 8.2 PSAMP Related Considerations
PSAMP Related Considerations
Each new selection method MUST be assigned a unique value for the Each new selection method MUST be assigned a unique value for the
selectorAlgorithm Information Element. Its configuration selectorAlgorithm Information Element. Its configuration
parameter(s), along with the way to report it/them with an Options parameter(s), along with the way to report it/them with an Options
Template, MUST be clearly specified. Template, MUST be clearly specified.
New assignments for the PSAMP selection method will be administered New assignments for the PSAMP selection method will be administered
by IANA, on a First Come First Served basis [RFC 2434], subject to by IANA, on a First Come First Served basis [RFC 2434], subject to
Expert Review [RFC 2434], i.e. review by one of a group of experts Expert Review [RFC 2434], i.e. review by one of a group of experts
designated by an IETF Operations and Management Area Director. The designated by an IETF Operations and Management Area Director. The
group of experts must double check the Information Elements group of experts must double check the Information Elements
definitions with already defined Information Elements for definitions with already defined Information Elements for
completeness, accuracy and redundancy. Those experts will initially completeness, accuracy and redundancy. Those experts will initially
be drawn from the Working Group Chairs and document editors of the be drawn from the Working Group Chairs and document editors of the
IPFIX and PSAMP Working Groups. IPFIX and PSAMP Working Groups.
9. 9. References
References
9.1 9.1 Normative References
Normative References
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)", [RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)",
RFC 1771, March 1995 RFC 1771, March 1995
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997 Requirement Levels", BCP 14, RFC 2119, March 1997
[RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA [RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 2434, October 1998 Considerations Section in RFCs", RFC 2434, October 1998
skipping to change at page 42, line 49 skipping to change at page 42, line 47
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek, [IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix- "Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
arch-09.txt" arch-09.txt"
[IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information [IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information
Model for IP Flow Information Export" draft-ietf-ipfix-info-11.txt Model for IP Flow Information Export" draft-ietf-ipfix-info-11.txt
[IPFIX-PROTO] B. Claise (Editor) "IPFIX Protocol Specifications", [IPFIX-PROTO] B. Claise (Editor) "IPFIX Protocol Specifications",
draft-ietf-ipfix-protocol-19.txt draft-ietf-ipfix-protocol-19.txt
9.2 9.2 Informative References
Informative References
[PSAMP-MIB] T. Dietz, B. Claise "Definitions of Managed Objects for [PSAMP-MIB] T. Dietz, B. Claise "Definitions of Managed Objects for
Packet Sampling" draft-ietf-psamp-mib-05.txt Packet Sampling" draft-ietf-psamp-mib-05.txt
[PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M. [PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework
for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt
[RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements [RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements
for IP Flow Information Export", RFC 3917, October 2004 for IP Flow Information Export", RFC 3917, October 2004
10. 10. Acknowledgments
Acknowledgments
The authors would like to thank the PSAMP group, especially Paul The authors would like to thank the PSAMP group, especially Paul
Aitken for fruitful discussions and for proofreading the document Aitken for fruitful discussions and for proofreading the document
several times. several times.
Authors' Addresses Authors' Addresses
Benoit Claise Benoit Claise
Cisco Systems Cisco Systems
De Kleetlaan 6a b1 De Kleetlaan 6a b1
 End of changes. 36 change blocks. 
84 lines changed or deleted 58 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/