draft-ietf-psamp-protocol-06.txt   draft-ietf-psamp-protocol-07.txt 
PSAMP working group PSAMP working group
Internet Draft EDITOR: B. Claise Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-06.txt Cisco Systems draft-ietf-psamp-protocol-07.txt Cisco Systems
Expires: April 2006 October 2006
Packet Sampling (PSAMP) Protocol Specifications Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 29 skipping to change at page 1, line 31
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress". reference material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on December 26, 2006. This Internet-Draft will expire on April 23, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document specifies the export of packet information from a This document specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Collecting Process. For export PSAMP Exporting Process to a PSAMP Collecting Process. For export
of packet information the IP Flow Information eXport (IPFIX) of packet information the IP Flow Information eXport (IPFIX)
skipping to change at page 2, line 25 skipping to change at page 2, line 26
2. PSAMP Documents Overview.....................................3 2. PSAMP Documents Overview.....................................3
3. Terminology..................................................4 3. Terminology..................................................4
3.1 IPFIX Terminology..........................................4 3.1 IPFIX Terminology..........................................4
3.2 PSAMP Terminology..........................................8 3.2 PSAMP Terminology..........................................8
3.2.1 Packet Streams and Packet Content.......................8 3.2.1 Packet Streams and Packet Content.......................8
3.2.2 Selection Process.......................................9 3.2.2 Selection Process.......................................9
3.2.3 Reporting..............................................10 3.2.3 Reporting..............................................10
3.2.4 Exporting Process......................................11 3.2.4 Exporting Process......................................11
3.2.5 PSAMP Device...........................................11 3.2.5 PSAMP Device...........................................11
3.2.6 Selection Methods......................................11 3.2.6 Selection Methods......................................11
3.3 IPFIX and PSMAP Terminology Comparison....................13 3.3 IPFIX and PSAMP Terminology Comparison....................13
3.3.1 PSAMP and IPFIX Processes..............................13 3.3.1 IPFIX and PSAMP Processes..............................13
3.3.2 Packet Report, Packet Interpretation, and Data Record..14 3.3.2 Packet Report, Packet Interpretation, and Data Record..14
4. Differences between PSAMP and IPFIX.........................14 4. Differences between PSAMP and IPFIX.........................14
4.1 Architecture Point of View................................14 4.1 Architecture Point of View................................14
4.2 Protocol Point of View....................................16 4.2 Protocol Point of View....................................16
4.3 Information Model Point of View...........................16 4.3 Information Model Point of View...........................16
5. PSAMP Requirements versus the IPFIX Solution................16 5. PSAMP Requirements versus the IPFIX Solution................17
5.1 High Level View of the Integration........................17 5.1 High Level View of the Integration........................17
6. Using the IPFIX Protocol for PSAMP..........................18 6. Using the IPFIX Protocol for PSAMP..........................18
6.1 Selector ID...............................................18 6.1 Selector ID...............................................19
6.2 The Selection Sequence ID.................................18 6.2 The Selection Sequence ID.................................19
6.3 The Exporting Process.....................................18 6.3 The Exporting Process.....................................19
6.4 Packet Report.............................................18 6.4 Packet Report.............................................19
6.4.1 Basic Packet Report....................................19 6.4.1 Basic Packet Report....................................19
6.4.2 Extended Packet Report.................................21 6.4.2 Extended Packet Report.................................22
6.5 Report Interpretation.....................................23 6.5 Report Interpretation.....................................23
6.5.1 Selection Sequence Report Interpretation...............23 6.5.1 Selection Sequence Report Interpretation...............24
6.5.2 Selector Report Interpretation.........................25 6.5.2 Selector Report Interpretation.........................26
6.5.2.1 Systematic Count-Based Sampling.......................25 6.5.2.1 Systematic Count-Based Sampling.......................26
6.5.2.2 Systematic Time-Based Sampling........................27 6.5.2.2 Systematic Time-Based Sampling........................27
6.5.2.3 Random n-out-of-N Sampling............................28 6.5.2.3 Random n-out-of-N Sampling............................29
6.5.2.4 Uniform Probabilistic Sampling........................29 6.5.2.4 Uniform Probabilistic Sampling........................30
6.5.2.5 Property Match Filtering..............................30 6.5.2.5 Property Match Filtering..............................31
6.5.2.6 Hash-Based Filtering..................................32 6.5.2.6 Hash-Based Filtering..................................33
6.5.2.7 Other Selection Methods...............................35 6.5.2.7 Other Selection Methods...............................36
6.5.3 Selection Sequence Statistics Report Interpretation....35 6.5.3 Selection Sequence Statistics Report Interpretation....36
6.5.4 Accuracy Report Interpretation.........................38 6.5.4 Accuracy Report Interpretation.........................39
7. Security Considerations.....................................41 7. Security Considerations.....................................42
8. IANA Considerations.........................................41 8. IANA Considerations.........................................42
8.1 IPFIX Related Considerations..............................41 8.1 IPFIX Related Considerations..............................42
8.2 PSAMP Related Considerations..............................41 8.2 PSAMP Related Considerations..............................42
9. References..................................................42 9. References..................................................43
9.1 Normative References......................................42 9.1 Normative References......................................43
9.2 Informative References....................................42 9.2 Informative References....................................43
10. Acknowledgments............................................43 10. Acknowledgments............................................44
1. Introduction 1. Introduction
The name PSAMP is a contraction of the phrase Packet SAMPling. The The name PSAMP is a contraction of the phrase Packet SAMPling. The
word "sampling" captures the idea that only a subset of all packets word "sampling" captures the idea that only a subset of all packets
passing a network element will be selected for reporting. PSAMP passing a network element will be selected for reporting. PSAMP
selection operations include random selection, deterministic selection operations include random selection, deterministic
selection (filtering), and deterministic approximations to random selection, and deterministic approximations to random selection
selection (hash-based selection). (hash-based selection).
The IP Flow information export (IPFIX) protocol specified in [IPFIX- The IP Flow information export (IPFIX) protocol specified in [IPFIX-
PROTO] exports IP traffic information [IPFIX-INFO] observed at PROTO] exports IP traffic information [IPFIX-INFO] observed at
network devices. This matches the general protocol requirements network devices. This matches the general protocol requirements
outlined in the PSAMP framework [PSAMP-FMWK]. However, there are outlined in the PSAMP framework [PSAMP-FMWK]. However, there are
some architectural differences between IPFIX and PSAMP in the some architectural differences between IPFIX and PSAMP in the
requirements for an export protocol. While the IPFIX architecture requirements for an export protocol. While the IPFIX architecture
[IPFIX-ARCH] is focused on gathering and exporting IP traffic flow [IPFIX-ARCH] is focused on gathering and exporting IP traffic flow
information, the focus of the PSAMP framework [PSAMP-FMWK] is on information, the focus of the PSAMP framework [PSAMP-FMWK] is on
exporting information on individual packets. This basic difference exporting information on individual packets. This basic difference
skipping to change at page 4, line 12 skipping to change at page 4, line 12
Selection", describes the set of packet selection techniques Selection", describes the set of packet selection techniques
supported by PSAMP. supported by PSAMP.
This document: "Packet Sampling (PSAMP) Protocol Specifications" This document: "Packet Sampling (PSAMP) Protocol Specifications"
specifies the export of packet information from a PSAMP Exporting specifies the export of packet information from a PSAMP Exporting
Process to a PSAMP Collecting Process. Process to a PSAMP Collecting Process.
[PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines [PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines
an information and data model for PSAMP. an information and data model for PSAMP.
[PSAMP-MIB]: "Definitions of Managed Objects for Packet Sampling"
describes the PSAMP Management Information Base.
3. Terminology 3. Terminology
As the IPFIX export protocol is used to export the PSAMP information, As the IPFIX export protocol is used to export the PSAMP information,
the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in
this document. The terminology summary table in section 4.1 gives a this document. The terminology summary table in section 4.1 gives a
quick overview of the relationships between the different IPFIX quick overview of the relationships between the different IPFIX
terms. The PSAMP terminology defined here is fully consistent with terms. The PSAMP terminology defined here is fully consistent with
all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only
definitions that are only relevant to the PSAMP protocol appear here. definitions that are relevant to the PSAMP protocol appear here.
Section 5.4 applies the PSAMP terminology to the IPFIX protocol Section 5.4 applies the PSAMP terminology to the IPFIX protocol
terminology. terminology.
3.1 IPFIX Terminology 3.1 IPFIX Terminology
The IPFIX terminology section has been entirely copied over from The IPFIX terminology section has been entirely copied over from
[IPFIX-PROTO], except for the IPFIX Exporting Process term, which is [IPFIX-PROTO], except for the IPFIX Exporting Process term, which is
defined more precisely in the PSAMP terminology section. defined more precisely in the PSAMP terminology section.
Observation Point Observation Point
skipping to change at page 6, line 47 skipping to change at page 6, line 45
received Flow Records, but such actions are out of scope for this received Flow Records, but such actions are out of scope for this
document. document.
Collector Collector
A device which hosts one or more Collecting Processes is termed a A device which hosts one or more Collecting Processes is termed a
Collector. Collector.
Template Template
Template is an ordered sequence of <type, length> pairs, used to A Template is an ordered sequence of <type, length> pairs, used to
completely specify the structure and semantics of a particular set of completely specify the structure and semantics of a particular set of
information that needs to be communicated from an IPFIX Device to a information that needs to be communicated from an IPFIX Device to a
Collector. Each Template is uniquely identifiable by means of a Collector. Each Template is uniquely identifiable by means of a
Template ID. Template ID.
IPFIX Message IPFIX Message
An IPFIX Message is a message originating at the Exporting Process An IPFIX Message is a message originating at the Exporting Process
that carries the IPFIX records of this Exporting Process and whose that carries the IPFIX records of this Exporting Process and whose
destination is a Collecting Process. An IPFIX Message is destination is a Collecting Process. An IPFIX Message is
encapsulated at the transport layer. encapsulated at the transport layer.
Message Header Message Header
The Message Header is the first part of an IPFIX Message, which The Message Header is the first part of an IPFIX Message, which
provides basic information about the message such as the IPFIX provides basic information about the message such as the IPFIX
version, length of the message, message sequence number, etc. version, length of the message, message sequence number, etc.
skipping to change at page 8, line 44 skipping to change at page 8, line 44
3.2.1 Packet Streams and Packet Content 3.2.1 Packet Streams and Packet Content
Observed Packet Stream Observed Packet Stream
The Observed Packet Stream is the set of all packets observed at the The Observed Packet Stream is the set of all packets observed at the
Observation Point. Observation Point.
Packet Stream Packet Stream
A packet stream denotes a set of packets that flows past some A packet stream denotes a subset of the Observed Packet Stream that
specified point within the Selection Process. An example of a Packet flows past some specified point within the Selection Process.
Stream is the output of the Selection Process. Note that packets An example of a Packet Stream is the output of the Selection Process.
selected from a stream, e.g. by Sampling, do not necessarily possess Note that packets selected from a stream, e.g. by Sampling, do not
a property by which they can be distinguished from packets that have necessarily possess a property by which they can be distinguished
not been selected. For this reason the term "stream" is favored over from packets that have not been selected. For this reason the term
"flow", which is defined as set of packets with common properties "stream" is favored over "flow", which is defined as set of packets
[RFC3917]. with common properties [RFC3917].
Packet Content Packet Content
The packet content denotes the union of the packet header (which The packet content denotes the union of the packet header (which
includes link layer, network layer and other encapsulation headers) includes link layer, network layer and other encapsulation headers)
and the packet payload. and the packet payload.
3.2.2 Selection Process 3.2.2 Selection Process
Selection Process Selection Process
skipping to change at page 11, line 20 skipping to change at page 11, line 20
The Report Stream is the output of a Selection Process, comprising The Report Stream is the output of a Selection Process, comprising
two distinguished types of information: Packet Reports, and Report two distinguished types of information: Packet Reports, and Report
Interpretation. Interpretation.
3.2.4 Exporting Process 3.2.4 Exporting Process
Exporting Process Exporting Process
An Exporting Process sends, in the form of Export Packets, the output An Exporting Process sends, in the form of Export Packets, the output
of one or more Selection Processes to one or more Collectors. of one or more Metering Processes to one or more Collectors.
Export Packet Export Packet
An Export Packet is a combination of Report Interpretation(s) and/or An Export Packet is a combination of Report Interpretation(s) and/or
one or more Packet Reports that are bundled by the Exporting Process one or more Packet Reports that are bundled by the Exporting Process
into a Export Packet for exporting to a Collector. into a Export Packet for exporting to a Collector.
3.2.5 PSAMP Device 3.2.5 PSAMP Device
PSAMP Device PSAMP Device
skipping to change at page 13, line 44 skipping to change at page 13, line 44
The Attained Selection Fraction is the actual ratio of the The Attained Selection Fraction is the actual ratio of the
number of packets selected by a Selector from an input number of packets selected by a Selector from an input
Population, to the Population Size. For some Sampling methods the Population, to the Population Size. For some Sampling methods the
Attained Selection Fraction can differ from the Configured Selection Attained Selection Fraction can differ from the Configured Selection
Fraction due to, for example, the inherent statistical variability in Fraction due to, for example, the inherent statistical variability in
Sampling decisions of probabilistic Sampling and Hash-based Sampling decisions of probabilistic Sampling and Hash-based
Selection. Nevertheless, for large Population Sizes and properly Selection. Nevertheless, for large Population Sizes and properly
configured Selectors, the Attained Selection Fraction usually configured Selectors, the Attained Selection Fraction usually
approaches the Configured Selection Fraction. approaches the Configured Selection Fraction.
3.3 IPFIX and PSMAP Terminology Comparison 3.3 IPFIX and PSAMP Terminology Comparison
The PSAMP terminology has been specified with an IPFIX background, as The PSAMP terminology has been specified with an IPFIX background, as
PSAMP and IPFIX have similar terms. However, this section explains PSAMP and IPFIX have similar terms. However, this section clarifies
the non compatible terms between IPFIX and PSAMP. the terms between the IPFIX and PSAMP terminology.
3.3.1 PSAMP and IPFIX Processes 3.3.1 IPFIX and PSAMP Processes
The figure B indicates the sequence of the processes (selection and The figure B indicates the sequence of the processes (Metering and
exporting) within the PSAMP Device. Exporting) within the PSAMP Device.
+----------+ +-----------+ +------------------+
Observed | Metering | | Exporting | | Metering Process |
Packet--->| Process |----->| Process |--->Collector | +-----------+ | +-----------+
Stream +----------+ +-----------+ Observed | | Selection | | | Exporting |
Packet--->| | Process |--------->| Process |--->Collector
Stream | +-----------+ | +-----------+
+------------------+
Figure B: PSAMP Processes Figure B: PSAMP Processes
The Selection Process, which takes an Observed Packet Stream as its The Selection Process, which takes an Observed Packet Stream as its
input and produces Packet Reports as its output, is an integral part input, is an integral part of the Metering Process. The Selection
of the Metering Process, which by its definition produces Flow Process chooses which packets from its input packet stream will be
Records as its output. reported on by the rest of the Metering Process. Note that a
"Process" is not necessarily implemented as a separate CPU thread.
3.3.2 Packet Report, Packet Interpretation, and Data Record 3.3.2 Packet Report, Packet Interpretation, and Data Record
The PSAMP terminology speaks of Packet Report and Packet The PSAMP terminology speaks of Packet Report and Packet
Interpretation, while the IPFIX terminology speaks of Data Record and Interpretation, while the IPFIX terminology speaks of Data Record and
(Option) Template Record. The PSAMP Packet Report, which comprises (Option) Template Record. The PSAMP Packet Report, which comprises
information about the observed packet, can be viewed as analogous to information about the observed packet, can be viewed as analogous to
the IPFIX Data Record defined by a Template Record. The PSAMP Packet the IPFIX Data Record defined by a Template Record. The PSAMP Packet
Interpretation, which comprises subsidiary information used for the Interpretation, which comprises subsidiary information used for the
interpretation of the Packet Reports, can be viewed as analogous to interpretation of the Packet Reports, can be viewed as analogous to
the IPFIX Data Record defined by an Option Template Record. the IPFIX Data Record defined by an Option Template Record.
4. Differences between PSAMP and IPFIX 4. Differences between PSAMP and IPFIX
The output of the IPFIX working group relevant for this draft is The output of the IPFIX working group relevant for this draft is
structured into three documents: structured into three documents:
- IP Flow information architecture [IPFIX-ARCH] - IP Flow information architecture [IPFIX-ARCH]
- IPFIX protocol specifications [IPFIX-PROTO] - IPFIX protocol specifications [IPFIX-PROTO]
- IP Flow information export information model [IPFIX-INFO] - IP Flow information export information model [IPFIX-INFO]
4.1 Architecture Point of View In the following sections we investigate the differences between
IPFIX and PSAMP for each of those aspects.
4.1 Architecture Point of View
Traffic Flow measurement as described in the IPFIX requirements Traffic Flow measurement as described in the IPFIX requirements
[RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated [RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated
into two stages: packet processing and Flow processing. into two stages: packet processing and Flow processing.
Figure C illustrates these stages. Figure C illustrates these stages.
In stage 1, all processing steps act on packets. Packets are In stage 1, all processing steps act on packets. Packets are
captured, time stamped, selected by one or more selection steps and captured, time stamped, selected by one or more selection steps and
finally forwarded to packet classification that maps packets to finally forwarded to packet classification that maps packets to
Flows. The packets selection steps may include Filtering and Flows. The packets selection steps may include Filtering and
Sampling functions. Sampling functions.
In stage 2, all processing steps act on Flows. After packets are In stage 2, all processing steps act on Flows. After packets are
classified (mapped to Flows), Flows are generated or updated if they classified (mapped to Flows), Flows are generated (or updated if they
exist already. Flow generation and update steps may be performed exist already). Flow generation and update steps may be performed
repeatedly for aggregating Flows. Finally, Flows are exported. repeatedly for aggregating Flows. Finally, Flows are exported.
Packet Sampling as described in the PSAMP framework [PSAMP-FMWK] Packet Sampling as described in the PSAMP framework [PSAMP-FMWK]
covers only stage 1 of the IPFIX architecture with the packet covers only stage 1 of the IPFIX architecture with the packet
classification replaced by packet record export. classification replaced by packet record export.
IPFIX architecture PSAMP framework IPFIX architecture PSAMP framework
packet header packet header packet header packet header
capturing \ capturing capturing \ capturing
skipping to change at page 16, line 4 skipping to change at page 16, line 12
| Flow | | Flow |
| selection | | selection |
| | | | | |
+-------+ | +-------+ |
| | | |
v | v |
Flow Record / Flow Record /
export export
Figure C: Comparison of IPFIX architecture and PSAMP framework Figure C: Comparison of IPFIX architecture and PSAMP framework
4.2 Protocol Point of View 4.2 Protocol Point of View
Concerning the protocol, the major difference between IPFIX and PSAMP Concerning the protocol, the major difference between IPFIX and PSAMP
is that the IPFIX protocol exports Flow Records while the PSAMP is that the IPFIX protocol exports Flow Records while the PSAMP
protocol exports Packet Records. From a pure export point of view, protocol exports Packet Records. From a pure export point of view,
IPFIX will not distinguish a Flow Record composed of several packets IPFIX will not distinguish a Flow Record composed of several packets
aggregated together from a Flow Record composed of a single packet. aggregated together, from a Flow Record composed of a single packet.
So the PSAMP export can be seen as special IPFIX Flow Record So the PSAMP export can be seen as special IPFIX Flow Record
containing information about a single packet. containing information about a single packet.
All extensions of the IPFIX protocol that are required to satisfy the All extensions of the IPFIX protocol that are required to satisfy the
PSAMP requirements have already been incorporated in the IPFIX PSAMP requirements have already been incorporated in the IPFIX
protocol [IPFIX-PROTO], which was developed in parallel with the protocol [IPFIX-PROTO], which was developed in parallel with the
PSAMP protocol. An example is the need for a data type for protocol PSAMP protocol. An example is the need for a data type for protocol
fields that have flexible length, such as an octet array. This was fields that have flexible length, such as an octet array. This was
added to the IPFIX protocol specification in order to meet the added to the IPFIX protocol specification in order to meet the
requirement of the PSAMP protocol to report content of captured requirement of the PSAMP protocol to report content of captured
packets, for example the first octets of a packet. packets, for example the first octets of a packet.
4.3 Information Model Point of View 4.3 Information Model Point of View
From the information model point of view, the overlap between both From the information model point of view, the overlap between both
the IPFIX and PSAMP protocols is quite large. Most of the the IPFIX and PSAMP protocols is quite large. Most of the
Information Elements in the IPFIX protocol are also relevant for Information Elements in the IPFIX protocol are also relevant for
exporting packet information, for example all fields reporting packet exporting packet information, for example all fields reporting packet
header properties. Only a few Information Elements, such as header properties. Only a few Information Elements, such as
flowCount, packetCount (whose value will always be 1 for PSAMP) etc., observedFlowTotalCount (whose value will always be 1 for PSAMP) etc.,
cannot be used in a meaningful way by the PSAMP protocol. Also, cannot be used in a meaningful way by the PSAMP protocol. Also,
IPFIX protocol requirements concerning stage 2 of figure C do not IPFIX protocol requirements concerning stage 2 of figure C do not
apply to the PSAMP metering process. apply to the PSAMP metering process.
Further required extensions apply to the information model. Even if Further required extensions apply to the information model. Even if
the IPFIX charter speaks of Sampling, no Sampling related Information the IPFIX charter speaks of Sampling, no Sampling related Information
Elements are specified in [IPFIX-INFO]. The task of specifying them Elements are specified in [IPFIX-INFO]. The task of specifying them
was intentionally left for the PSAMP information model [PSAMP-INFO]. was intentionally left for the PSAMP information model [PSAMP-INFO].
A set of several additional fields is required for satisfying the A set of several additional fields is required for satisfying the
requirements for the PSAMP information model [PSAMP-TECH]. requirements for the PSAMP information model [PSAMP-TECH].
skipping to change at page 17, line 13 skipping to change at page 17, line 23
protocol. protocol.
In the "Generic Selection Process Requirements" section, [PSAMP-FMWK] In the "Generic Selection Process Requirements" section, [PSAMP-FMWK]
describes one requirement that, if not directly related to the export describes one requirement that, if not directly related to the export
protocol, will put some constraints on it. Parallel Measurements: protocol, will put some constraints on it. Parallel Measurements:
multiple independent selection processes at the same entity. multiple independent selection processes at the same entity.
Finally, [PSAMP-FMWK] describes a series of requirements specifying Finally, [PSAMP-FMWK] describes a series of requirements specifying
the different Information Elements that MUST and SHOULD be reported the different Information Elements that MUST and SHOULD be reported
to the Collector. Nevertheless IPFIX, being a generic export to the Collector. Nevertheless IPFIX, being a generic export
protocol, can export any Information Elements as long as there are protocol, can export any Information Elements as long as they are
described in the information model. So these requirements are mainly described in the information model. So these requirements are mainly
targeted for the [PSAMP-INFO] document. targeted for the [PSAMP-INFO] document.
The PSAMP protocol specifications meets almost all the protocol The PSAMP protocol specifications meets almost all the protocol
requirements stated in the PSAMP framework document [PSAMP-FMWK]: requirements stated in the PSAMP framework document [PSAMP-FMWK]:
* Extensibility * Extensibility
* Parallel measurement processes * Parallel selection processes
* Encrypted packets * Encrypted packets
* Indication of information loss * Indication of information loss
* Accuracy * Accuracy
* Privacy * Privacy
* Timeliness * Timeliness
* Congestion avoidance * Congestion avoidance
* Secure export * Secure export
* Export rate limit * Export rate limit
* Microsecond timestamp resolution * Microsecond timestamp resolution
skipping to change at page 17, line 43 skipping to change at page 18, line 4
With the choice of IPFIX as PSAMP export protocol, the export packet With the choice of IPFIX as PSAMP export protocol, the export packet
compression option mentioned in the section 8.5 of the framework compression option mentioned in the section 8.5 of the framework
document [PSAMP-FMWK] is not addressed. document [PSAMP-FMWK] is not addressed.
5.1 High Level View of the Integration 5.1 High Level View of the Integration
The Template Record in the Template Set is used to describe the The Template Record in the Template Set is used to describe the
different PSAMP Information Elements that will be exported to the different PSAMP Information Elements that will be exported to the
Collector. The Collector decodes the Template Record in the Template Collector. The Collector decodes the Template Record in the Template
Set and knows which Information Elements to expect when it receives Set and knows which Information Elements to expect when it receives
the Data Records in the Data Set, i.e. the PSAMP Packet Reports. the Data Records in the PSAMP Packet Report Data Set. Typically, in
Typically, in the base level of the PSAMP functionality, the Template the base level of the PSAMP functionality, the Template Set will
Set will contain the input sequence number, the packet fragment (some contain the input sequence number, the packet fragment (some number
number of contiguous bytes from the start of the packet or from the of contiguous bytes from the start of the packet or from the start of
start of the payload) and the Selection Sequence. the payload) and the Selection Sequence.
The Options Template Record in the Options Template Set is used to The Options Template Record in the Options Template Set is used to
describe the different PSAMP Information Elements that concern the describe the different PSAMP Information Elements that concern the
Metering Process itself: Sampling and/or Filtering functions, and the Metering Process itself: Sampling and/or Filtering functions, and the
associated parameters. The Collector decodes the Options Template associated parameters. The Collector decodes the Options Template
Records in the Option Template Set and knows which Information Records in the Option Template Set and knows which Information
Elements to expect when it receives the Data Records in the Data Set, Elements to expect when it receives the Data Records in the PSAMP
i.e. the PSAMP Report Interpretation. Typically, the Options Report Interpretation Data Set. Typically, the Options Template
Template would contain the Selection Sequence, the Sampling or would contain the Selection Sequence, the Sampling or Filtering
Filtering functions, and the Sampling or Filtering associated functions, and the Sampling or Filtering associated parameters.
parameters.
PSAMP requires all the different possibilities of the IPFIX protocol PSAMP requires all the different possibilities of the IPFIX protocol
specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set, specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set,
Template Set and Options Templates Set) with the 2 types of Templates Template Set and Options Templates Set) with the 2 types of Templates
Records (Template Record and Options Template Record), as described Records (Template Record and Options Template Record), as described
in the figure A. As a consequence, PSAMP can't rely on a subset of in the figure A. As a consequence, PSAMP can't rely on a subset of
the IPFIX protocol specifications are described in [IPFIX-PROTO]. the IPFIX protocol specifications described in [IPFIX-PROTO]. The
The entire IPFIX protocol specifications [IPFIX-PROTO] MUST be entire IPFIX protocol specifications [IPFIX-PROTO] MUST be
implemented for the PSAMP protocol. implemented for the PSAMP protocol.
6. Using the IPFIX Protocol for PSAMP 6. Using the IPFIX Protocol for PSAMP
In this section, we describe the usage of the IPFIX protocol for
PSAMP. We describe the record formats and the additional
requirements that must be met. PSAMP uses two different types of
messages:
- Packet Reports
- Report Interpretation
The format of Packet Reports is defined in IPFIX Template Records.
The PSAMP data is transferred as Information Elements in IPFIX Data
Records as described by the Template Record. There are two different
types of Packet Reports. Basic Packet Reports contain only the basic
Information Elements required for PSAMP reporting. Extended Packet
Reports MAY contain further Information Elements.
The format of Report Interpretations is defined in IPFIX Option
Template Record. The Information Elements are transferred in IPFIX
Data Records as described by the Option Template Record. There are
four different types of Report Interpretation messages:
- Selection Sequence Report Interpretation
- Selector Report Interpretation
- Selection Sequence Statistics Report Interpretation
- Accuracy Report Interpretation
A description and examples about the usage of those reports is given
below.
6.1 Selector ID 6.1 Selector ID
The Selector ID is the unique ID identifying a Primitive Selector. The Selector ID is the unique ID identifying a Primitive Selector.
Each Primitive Selector MUST have a unique ID within the Observation Each Primitive Selector MUST have a unique ID within the Observation
Domain. The Selector ID is represented by the selectorId Information Domain. The Selector ID is represented by the selectorId Information
Element [PSAMP-INFO]. Element [PSAMP-INFO].
6.2 The Selection Sequence ID 6.2 The Selection Sequence ID
From all the packets observed at an Observation Point, a subset of From all the packets observed at an Observation Point, a subset of
skipping to change at page 18, line 47 skipping to change at page 19, line 32
Information Element [PSAMP-INFO]. Information Element [PSAMP-INFO].
6.3 The Exporting Process 6.3 The Exporting Process
An Exporting Process MUST be able to limit the export rate according An Exporting Process MUST be able to limit the export rate according
to a configurable value. The Exporting Process MAY limit the export to a configurable value. The Exporting Process MAY limit the export
rate on a per Collecting Process basis. rate on a per Collecting Process basis.
6.4 Packet Report 6.4 Packet Report
For each Selection Sequences, for each selected packet, a Packet For each Selection Sequence, for each selected packet, a Packet
Report MUST be created. The format of the Packet Report is specified Report MUST be created. The format of the Packet Report is specified
in a Template Record contained in a Template Set. in a Template Record contained in a Template Set.
There are two types of Packet Report, as described in [PSAMP-FMWK]: There are two types of Packet Report, as described in [PSAMP-FMWK]:
the basic Packet Report and the extended Packet Report. the basic Packet Report and the extended Packet Report.
6.4.1 Basic Packet Report 6.4.1 Basic Packet Report
For each selected packet, the Packet Report MUST contain the For each selected packet, the Packet Report MUST contain the
following information: following information:
- The selectionSequenceId Information Element - The selectionSequenceId Information Element
- The hash value (digestHashValue) generated by the digest hash If there is a digest function in the selection sequence, the Packet
function. If there are no digest functions in the selection report MUST contain the hash value (digestHashValue Information
sequence then no element needs to be sent. If there is more than Element) generated by the digest hash function for each selected
one digest function then each hash value must be included in packet. If there is more than one digest function then each hash
the same order as they appear in the selection sequence. value MUST be included in the same order as they appear in the
selection sequence. If there are no digest functions in the
selection sequence no element for the digest needs to be sent.
- Some number of contiguous bytes from the start of the packet, - Some number of contiguous bytes from the start of the packet,
including the packet header (which includes link layer, network layer including the packet header (which includes link layer, network layer
and other encapsulation headers) and some subsequent bytes of the and other encapsulation headers) and some subsequent bytes of the
packet payload. Alternatively, the number of contiguous bytes may packet payload. Alternatively, the number of contiguous bytes may
start at the beginning of the payload. The dataLinkFrameSection, start at the beginning of the payload. The dataLinkFrameSection,
mplsLabelStackSection, mplsPayloadPacketSection, ipPacketSection, and mplsLabelStackSection, mplsPayloadPacketSection, ipPacketSection, and
ipPayloadPacketSection PSAMP Information Elements are available for ipPayloadPacketSection PSAMP Information Elements are available for
this use. this use. If one of those Information Elements that contain some
number of contiguous bytes has got a content with an insufficient
number of octets compared to its length specified in the Template,
then this Information Element MUST be sent with a new Template using
either a fixed length Information Element of the necessary size or a
variable length Information Element.
For each selected packet, the Packet Report SHOULD contain the For each selected packet, the Packet Report SHOULD contain the
following information: following information:
- the observationTimeMicroseconds Information Element - the observationTimeMicroseconds Information Element
In the Packet Report, the PSAMP device MUST be capable of exporting In the Packet Report, the PSAMP device MUST be capable of exporting
the number of observed packets and the number of packets selected by the number of observed packets and the number of packets selected by
each instance of its Primitive Selectors (as described by the non each instance of its Primitive Selectors (as described by the non
scope Information Elements of the Selection Sequence Statistics scope Information Elements of the Selection Sequence Statistics
Report Interpretation) although it MAY be a configurable option not Report Interpretation) although it MAY be a configurable option not
skipping to change at page 22, line 7 skipping to change at page 22, line 48
in the packet (such as source and destination IP addresses), related in the packet (such as source and destination IP addresses), related
to the packet treatment (such as output interface, destination BGP to the packet treatment (such as output interface, destination BGP
autonomous system [RFC1771]), or related to the Selection State autonomous system [RFC1771]), or related to the Selection State
associated with the packet (such as timestamp, hash value). associated with the packet (such as timestamp, hash value).
It is envisaged that selection of fields for extended Packet Reports It is envisaged that selection of fields for extended Packet Reports
may be used to reduce reporting bandwidth, in which case the option may be used to reduce reporting bandwidth, in which case the option
to report some number of contiguous bytes from the start of the to report some number of contiguous bytes from the start of the
packet, mandatory in the basic Packet Report, may not be exercised. packet, mandatory in the basic Packet Report, may not be exercised.
In this case, the Packet Content MAY be omitted. Note this In this case, the Packet Content MAY be omitted. Note this
configuration is quite similar to an IPFIX device for which a configuration is quite similar to an IPFIX Device for which a
Template Record containing information about a single packet is Template Record containing information about a single packet is
reported. reported.
Example of a detailed Extended Packet Report: Example of a detailed Extended Packet Report:
IPFIX Template Record: IPFIX Template Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 33, line 35 skipping to change at page 34, line 32
way to interpret the ranges to produce a non-overlapping range and way to interpret the ranges to produce a non-overlapping range and
the Collecting Process MUST be prepared to accept and decode this. the Collecting Process MUST be prepared to accept and decode this.
The following algorithm specific Information Element MAY be sent, The following algorithm specific Information Element MAY be sent,
but is optional for security considerations: but is optional for security considerations:
hashInitialiserValue - The initialiser value to the hash function. hashInitialiserValue - The initialiser value to the hash function.
Since encryption alters the meaning of encrypted fields, when the Since encryption alters the meaning of encrypted fields, when the
Hash-Based Filtering classification is based on the encrypted Hash-Based Filtering classification is based on the encrypted
field(s) in the packet, it MUST be able to recognize that the field(s) in the packet, it MUST be able to recognize that the
field(s) are not available and MUST NOT select those packets select field(s) are not available and MUST NOT select those packets. Even
those packets. Even if they are ignored, the encrypted packets MUST if they are ignored, the encrypted packets MUST be accounted in the
be accounted in the Selector packetsObserved Information Element Selector packetsObserved Information Element [PSAMP-INFO], part of
[PSAMP-INFO], part of the Selection Sequence Statistics Report the Selection Sequence Statistics Report Interpretation.
Interpretation.
Example of a hash based filter Selector, whose configuration is: Example of a hash based filter Selector, whose configuration is:
Hash Function = BOB Hash Function = BOB
Hash IP Payload Offset = 0 Hash IP Payload Offset = 0
Hash IP Payload Size = 16 Hash IP Payload Size = 16
Hash Initialiser Value = 0x9A3F9A3F Hash Initialiser Value = 0x9A3F9A3F
Hash Output Range = 0 to 0xFFFFFFFF Hash Output Range = 0 to 0xFFFFFFFF
Hash Selected Range = 100 to 200 and 400 to 500 Hash Selected Range = 100 to 200 and 400 to 500
IPFIX Options Template Record: IPFIX Options Template Record:
skipping to change at page 36, line 5 skipping to change at page 36, line 48
the number of observed packets (Population Size) and the number of the number of observed packets (Population Size) and the number of
packets selected (Sample Size) by each instance of its Primitive packets selected (Sample Size) by each instance of its Primitive
Selectors. Selectors.
Within a Selection Sequence composed of several Primitive Selectors, Within a Selection Sequence composed of several Primitive Selectors,
the number of packets selected for one Selector is equal to the the number of packets selected for one Selector is equal to the
number of packets seen by the next Selector. The order of the number of packets seen by the next Selector. The order of the
Selectors in the Selection Sequence Statistics Report Interpretation Selectors in the Selection Sequence Statistics Report Interpretation
MUST match the order of the Selectors in the Selection Sequence. MUST match the order of the Selectors in the Selection Sequence.
If the full set of statistics is not sent part of the Basic Packet If the full set of statistics is not sent as part of the Basic Packet
Reports, the PSAMP Device MUST export a Selection Sequence Statistics Reports, the PSAMP Device MUST export a Selection Sequence Statistics
Report Interpretation for every Selection Sequence, using an Options Report Interpretation for every Selection Sequence, using an Options
Template containing the following Information Elements: Template containing the following Information Elements:
Scope: selectionSequenceId Scope: selectionSequenceId
Non-scope: packetsObserved Non-scope: packetsObserved
packetsSelected (first) packetsSelected (first)
... ...
packetsSelected (last) packetsSelected (last)
The packetsObserved Information Element [PSAMP-INFO] MUST contain the The packetsObserved Information Element [PSAMP-INFO] MUST contain the
number of packets seen at the Observation Point, and as a consequence number of packets seen at the Observation Point, and as a consequence
passed to the first Selector in the Selection Sequence. The passed to the first Selector in the Selection Sequence. The
packetsSelected Information Element [PSAMP-INFO] contains the number packetsSelected Information Element [PSAMP-INFO] contains the number
of packets selected by a Selector in the Selection Sequence. of packets selected by a Selector in the Selection Sequence.
The Attained Selection Fraction for the Selection Sequence is The Attained Selection Fraction for the Selection Sequence is
calculated by dividing the number of observed packets calculated by dividing the number of selected packets
(packetsObserved Information Element) by the value of selected (packetsSelected Information Element) for the last Selector by the
packets (packetsSelected Information Element) for the last Selector. number of observed packets (packetsObserved Information Element).
The Attained Selection Fraction can be calculated for each Selector The Attained Selection Fraction can be calculated for each Selector
by dividing the number of packets selected for that Selector by the by dividing the number of packets selected for that Selector by the
value for the previous Selector. value for the previous Selector.
The statistics for the whole sequence SHOULD be taken at a single The statistics for the whole sequence SHOULD be taken at a single
logical point in time; the input value for a Selector MUST equal the logical point in time; the input value for a Selector MUST equal the
output value of the previous selector. output value of the previous selector.
The Selection Sequence Statistics Report Interpretation MUST be The Selection Sequence Statistics Report Interpretation MUST be
exported periodically. exported periodically.
skipping to change at page 39, line 12 skipping to change at page 40, line 10
specified as milliseconds, can be specified with the fixedError specified as milliseconds, can be specified with the fixedError
Information Element with the milliseconds units. In this case, the Information Element with the milliseconds units. In this case, the
error interval is the Information Element value +/- the value error interval is the Information Element value +/- the value
reported in the fixedError. reported in the fixedError.
For example, the accuracy of an Information Element to estimate the For example, the accuracy of an Information Element to estimate the
accuracy of a sampled flow, for which the unit would be specified in accuracy of a sampled flow, for which the unit would be specified in
octets, can be specified with the relativeError Information Element octets, can be specified with the relativeError Information Element
with the octet units. In this case, the error interval is the with the octet units. In this case, the error interval is the
Information Element value +/- the value reported in the relativeError Information Element value +/- the value reported in the relativeError
time the reported Information Element value. times the reported Information Element value.
Alternatively to reporting either the fixedError Information Element Alternatively to reporting either the fixedError Information Element
or the relativeError Information Element in the Accuracy Report or the relativeError Information Element in the Accuracy Report
Interpretation, both Information Elements MAY be present. This Interpretation, both Information Elements MAY be present. This
scenario could help in more complex situations where the system clock scenario could help in more complex situations where the system clock
drifts, on the top of having its own accuracy, during the duration of drifts, on the top of having its own accuracy, during the duration of
a measurement. a measurement.
If the accuracy of a reported quantity changes on the Metering If the accuracy of a reported quantity changes on the Metering
Process, a new Accuracy Report Interpretation MUST be generated. The Process, a new Accuracy Report Interpretation MUST be generated. The
skipping to change at page 41, line 28 skipping to change at page 42, line 25
As IPFIX has been selected as the PSAMP export protocol and as the As IPFIX has been selected as the PSAMP export protocol and as the
PSAMP security requirements are not stricter than the IPFIX security PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security considerations. the security considerations.
In the basic Packet Report, a PSAMP Device exports some number of In the basic Packet Report, a PSAMP Device exports some number of
contiguous bytes from the start of the packet, including the packet contiguous bytes from the start of the packet, including the packet
header (which includes link layer, network layer and other header (which includes link layer, network layer and other
encapsulation headers) and some subsequent bytes of the packet encapsulation headers) and some subsequent bytes of the packet
payload. The PSAMP Device SHOULD NOT export the full payload of payload. The PSAMP Device SHOULD NOT export the full payload of
conversations, as this would mean wiretapping [RFC2804]. conversations, as this would mean wiretapping [RFC2804]. The PSAMP
Device MUST respect local privacy laws.
8. IANA Considerations 8. IANA Considerations
The PSAMP Protocol, as set out in this document, has two sets of The PSAMP Protocol, as set out in this document, has two sets of
assigned numbers. Considerations for assigning them are discussed in assigned numbers. Considerations for assigning them are discussed in
this section, using the example policies as set out in the this section, using the example policies as set out in the
"Guidelines for IANA Considerations" document IANA-RFC [RFC2434]. "Guidelines for IANA Considerations" document IANA-RFC [RFC2434].
8.1 IPFIX Related Considerations 8.1 IPFIX Related Considerations
skipping to change at page 42, line 32 skipping to change at page 43, line 29
[PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F. [PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F.
Raspall, "Sampling and Filtering Techniques for IP Packet Selection" Raspall, "Sampling and Filtering Techniques for IP Packet Selection"
draft-ietf-psamp-sample-tech-07.txt draft-ietf-psamp-sample-tech-07.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information
Model for Packet Sampling Exports", draft-ietf-psamp-info-03.txt Model for Packet Sampling Exports", draft-ietf-psamp-info-03.txt
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek, [IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix- "Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
arch-09.txt" arch-12.txt"
[IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information [IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information
Model for IP Flow Information Export" draft-ietf-ipfix-info-11.txt Model for IP Flow Information Export" draft-ietf-ipfix-info-13.txt
[IPFIX-PROTO] B. Claise (Editor) "IPFIX Protocol Specifications", [IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol
draft-ietf-ipfix-protocol-19.txt for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix-
protocol-23.txt
9.2 Informative References 9.2 Informative References
[PSAMP-MIB] T. Dietz, B. Claise "Definitions of Managed Objects for
Packet Sampling" draft-ietf-psamp-mib-05.txt
[PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M. [PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework
for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)", [RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)",
[RFC1889] Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V., [RFC1889] Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.,
"RTP: A Transport Protocol for Real-Time Applications", RFC 1889, "RTP: A Transport Protocol for Real-Time Applications", RFC 1889,
January 1996 January 1996
[RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements [RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements
for IP Flow Information Export", RFC 3917, October 2004 for IP Flow Information Export", RFC 3917, October 2004
 End of changes. 45 change blocks. 
103 lines changed or deleted 137 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/