draft-ietf-psamp-protocol-07.txt   draft-ietf-psamp-protocol-08.txt 
PSAMP working group PSAMP working group
Internet Draft EDITOR: B. Claise Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-07.txt Cisco Systems draft-ietf-psamp-protocol-08.txt Cisco Systems, Inc.
Expires: April 2006 October 2006
Packet Sampling (PSAMP) Protocol Specifications Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering By submitting this Internet-Draft, each author represents that
Task Force (IETF), its areas, and its working groups. Note that any applicable patent or other IPR claims of which he or she is
other groups may also distribute working documents as Internet- aware have been or will be disclosed, and any of which he or
Drafts. she becomes aware will be disclosed, in accordance with Section
6 of BCP 79.
Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas, and its working
groups. Note that other groups may also distribute working
documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other
at any time. It is inappropriate to use Internet-Drafts as documents at any time. It is inappropriate to use
reference material or to cite them other than as "work in progress". Internet-Drafts as reference material or to cite them other
than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 23, 2006. The list of Internet-Draft Shadow Directories can be accessed
at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document specifies the export of packet information from a This document specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Collecting Process. For export PSAMP Exporting Process to a PSAMP Collecting Process. For export
of packet information the IP Flow Information eXport (IPFIX) of packet information the IP Flow Information eXport (IPFIX)
protocol is used, as both the IPFIX and PSAMP architecture match protocol is used, as both the IPFIX and PSAMP architecture match
very well and the means provided by the IPFIX protocol are very well and the means provided by the IPFIX protocol are
sufficient. The document specifies in detail how the IPFIX protocol sufficient. The document specifies in detail how the IPFIX protocol
is used for PSAMP export of packet information. is used for PSAMP export of packet information.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction.................................................3 1. Introduction..................................................3
2. PSAMP Documents Overview.....................................3 2. PSAMP Documents Overview......................................3
3. Terminology..................................................4 3. Terminology...................................................4
3.1 IPFIX Terminology..........................................4 3.1 IPFIX Terminology...........................................4
3.2 PSAMP Terminology..........................................8 3.2 PSAMP Terminology...........................................8
3.2.1 Packet Streams and Packet Content.......................8 3.2.1 Packet Streams and Packet Content......................8
3.2.2 Selection Process.......................................9 3.2.2 Selection Process......................................9
3.2.3 Reporting..............................................10 3.2.3 Reporting.............................................10
3.2.4 Exporting Process......................................11 3.2.4 Exporting Process.....................................11
3.2.5 PSAMP Device...........................................11 3.2.5 PSAMP Device .........................................11
3.2.6 Selection Methods......................................11 3.2.6 Selection Methods.....................................11
3.3 IPFIX and PSAMP Terminology Comparison....................13 3.3 IPFIX and PSAMP Terminology Comparison.....................13
3.3.1 IPFIX and PSAMP Processes..............................13 3.3.1 IPFIX and PSAMP Processes.............................14
3.3.2 Packet Report, Packet Interpretation, and Data Record..14 3.3.2 Packet Report, Packet Interpretation, and Data Record.14
4. Differences between PSAMP and IPFIX.........................14 4. Differences between PSAMP and IPFIX..........................14
4.1 Architecture Point of View................................14 4.1 Architecture Point of View.................................15
4.2 Protocol Point of View....................................16 4.2 Protocol Point of View.....................................16
4.3 Information Model Point of View...........................16 4.3 Information Model Point of View............................16
5. PSAMP Requirements versus the IPFIX Solution................17 5. PSAMP Requirements versus the IPFIX Solution.................17
5.1 High Level View of the Integration........................17 5.1 High Level View of the Integration.........................17
6. Using the IPFIX Protocol for PSAMP..........................18 6. Using the IPFIX Protocol for PSAMP...........................18
6.1 Selector ID...............................................19 6.1 Selector ID................................................19
6.2 The Selection Sequence ID.................................19 6.2 The Selection Sequence ID..................................19
6.3 The Exporting Process.....................................19 6.3 The Exporting Process......................................19
6.4 Packet Report.............................................19 6.4 Packet Report..............................................19
6.4.1 Basic Packet Report....................................19 6.4.1 Basic Packet Report...................................19
6.4.2 Extended Packet Report.................................22 6.4.2 Extended Packet Report................................22
6.5 Report Interpretation.....................................23 6.5 Report Interpretation......................................23
6.5.1 Selection Sequence Report Interpretation...............24 6.5.1 Selection Sequence Report Interpretation..............24
6.5.2 Selector Report Interpretation.........................26 6.5.2 Selector Report Interpretation........................26
6.5.2.1 Systematic Count-Based Sampling.......................26 6.5.2.1 Systematic Count-Based Sampling.....................26
6.5.2.2 Systematic Time-Based Sampling........................27 6.5.2.2 Systematic Time-Based Sampling .....................27
6.5.2.3 Random n-out-of-N Sampling............................29 6.5.2.3 Random n-out-of-N Sampling..........................29
6.5.2.4 Uniform Probabilistic Sampling........................30 6.5.2.4 Uniform Probabilistic Sampling .....................30
6.5.2.5 Property Match Filtering..............................31 6.5.2.5 Property Match Filtering............................31
6.5.2.6 Hash-Based Filtering..................................33 6.5.2.6 Hash-Based Filtering................................33
6.5.2.7 Other Selection Methods...............................36 6.5.2.7 Other Selection Methods.............................36
6.5.3 Selection Sequence Statistics Report Interpretation....36 6.5.3 Selection Sequence Statistics Report Interpretation...36
6.5.4 Accuracy Report Interpretation.........................39 6.5.4 Accuracy Report Interpretation........................39
7. Security Considerations.....................................42 7. Security Considerations......................................42
8. IANA Considerations.........................................42 8. IANA Considerations..........................................42
8.1 IPFIX Related Considerations..............................42 8.1 IPFIX Related Considerations..............................42
8.2 PSAMP Related Considerations..............................42 8.2 PSAMP Related Considerations..............................42
9. References..................................................43 9. References...................................................43
9.1 Normative References......................................43 9.1 Normative References......................................43
9.2 Informative References....................................43 9.2 Informative References.....................................43
10. Acknowledgments............................................44 10. Acknowledgments.............................................44
11. Intellectual Property Statement.............................44
12. Copyright Statement.........................................45
13. Disclaimer..................................................45
1. Introduction 1. Introduction
The name PSAMP is a contraction of the phrase Packet SAMPling. The The name PSAMP is a contraction of the phrase Packet SAMPling. The
word "sampling" captures the idea that only a subset of all packets word "sampling" captures the idea that only a subset of all packets
passing a network element will be selected for reporting. PSAMP passing a network element will be selected for reporting. PSAMP
selection operations include random selection, deterministic selection operations include random selection, deterministic
selection, and deterministic approximations to random selection selection, and deterministic approximations to random selection
(hash-based selection). (hash-based selection).
skipping to change at page 4, line 16 skipping to change at page 4, line 20
specifies the export of packet information from a PSAMP Exporting specifies the export of packet information from a PSAMP Exporting
Process to a PSAMP Collecting Process. Process to a PSAMP Collecting Process.
[PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines [PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines
an information and data model for PSAMP. an information and data model for PSAMP.
3. Terminology 3. Terminology
As the IPFIX export protocol is used to export the PSAMP information, As the IPFIX export protocol is used to export the PSAMP information,
the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in
this document. The terminology summary table in section 4.1 gives a this document. The terminology summary table in section 3.1 gives a
quick overview of the relationships between the different IPFIX quick overview of the relationships between the different IPFIX
terms. The PSAMP terminology defined here is fully consistent with terms. The PSAMP terminology defined here is fully consistent with
all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only
definitions that are relevant to the PSAMP protocol appear here. definitions that are relevant to the PSAMP protocol appear here.
Section 5.4 applies the PSAMP terminology to the IPFIX protocol Section 5.4 applies the PSAMP terminology to the IPFIX protocol
terminology. terminology.
3.1 IPFIX Terminology 3.1 IPFIX Terminology
The IPFIX terminology section has been entirely copied over from The IPFIX terminology section has been entirely copied over from
skipping to change at page 5, line 22 skipping to change at page 5, line 26
Internet community. Within the context of IPFIX we use the following Internet community. Within the context of IPFIX we use the following
definition: definition:
A Flow is defined as a set of IP packets passing an Observation Point A Flow is defined as a set of IP packets passing an Observation Point
in the network during a certain time interval. All packets belonging in the network during a certain time interval. All packets belonging
to a particular Flow have a set of common properties. Each property to a particular Flow have a set of common properties. Each property
is defined as the result of applying a function to the values of: is defined as the result of applying a function to the values of:
1. one or more packet header field (e.g. destination IP address), 1. one or more packet header field (e.g. destination IP address),
transport header field (e.g. destination port number), or transport header field (e.g. destination port number), or
application header field (e.g. RTP header fields [RFC1889]) application header field (e.g. RTP header fields [RFC3550])
2. one or more characteristics of the packet itself (e.g. number 2. one or more characteristics of the packet itself (e.g. number
of MPLS labels, etc...) of MPLS labels, etc...)
3. one or more of fields derived from packet treatment (e.g. next 3. one or more of fields derived from packet treatment (e.g. next
hop IP address, the output interface, etc...) hop IP address, the output interface, etc...)
A packet is defined to belong to a Flow if it completely satisfies A packet is defined to belong to a Flow if it completely satisfies
all the defined properties of the Flow. all the defined properties of the Flow.
skipping to change at page 8, line 43 skipping to change at page 9, line 4
The PSAMP terminology section has been copied over from [PSAMP-TECH]. The PSAMP terminology section has been copied over from [PSAMP-TECH].
3.2.1 Packet Streams and Packet Content 3.2.1 Packet Streams and Packet Content
Observed Packet Stream Observed Packet Stream
The Observed Packet Stream is the set of all packets observed at the The Observed Packet Stream is the set of all packets observed at the
Observation Point. Observation Point.
Packet Stream Packet Stream
A Packet Stream denotes a subset of the Observed Packet Stream that
A packet stream denotes a subset of the Observed Packet Stream that
flows past some specified point within the Selection Process. flows past some specified point within the Selection Process.
An example of a Packet Stream is the output of the Selection Process. An example of a Packet Stream is the output of the Selection Process.
Note that packets selected from a stream, e.g. by Sampling, do not Note that packets selected from a stream, e.g. by Sampling, do not
necessarily possess a property by which they can be distinguished necessarily possess a property by which they can be distinguished
from packets that have not been selected. For this reason the term from packets that have not been selected. For this reason the term
"stream" is favored over "flow", which is defined as set of packets "stream" is favored over "flow", which is defined as set of packets
with common properties [RFC3917]. with common properties [RFC3917].
Packet Content Packet Content
The packet content denotes the union of the packet header (which The Packet Content denotes the union of the packet header (which
includes link layer, network layer and other encapsulation headers) includes link layer, network layer and other encapsulation headers)
and the packet payload. and the packet payload.
3.2.2 Selection Process 3.2.2 Selection Process
Selection Process Selection Process
A Selection Process takes the Observed Packet Stream as its input and A Selection Process takes the Observed Packet Stream as its input and
selects a subset of that stream as its output. selects a subset of that stream as its output.
skipping to change at page 10, line 47 skipping to change at page 10, line 50
selected. selected.
3.2.3 Reporting 3.2.3 Reporting
Packet Reports Packet Reports
Packet Reports comprise a configurable subset of a packet's input to Packet Reports comprise a configurable subset of a packet's input to
the Selection Process, including the Packet Content, information the Selection Process, including the Packet Content, information
relating to its treatment (for example, the output interface), and relating to its treatment (for example, the output interface), and
its associated selection state (for example, a hash of the Packet its associated selection state (for example, a hash of the Packet
Content) Content).
Report Interpretation Report Interpretation
Report Interpretation comprises subsidiary information, relating to Report Interpretation comprises subsidiary information, relating to
one or more packets, that are used for interpretation of their Packet one or more packets, that are used for interpretation of their Packet
Reports. Examples include configuration parameters of the Selection Reports. Examples include configuration parameters of the Selection
Process. Process.
Report Stream Report Stream
The Report Stream is the output of a Selection Process, comprising The Report Stream is the output of a Metering Process, comprising two
two distinguished types of information: Packet Reports, and Report distinguished types of information: Packet Reports, and Report
Interpretation. Interpretation.
3.2.4 Exporting Process 3.2.4 Exporting Process
Exporting Process Exporting Process
An Exporting Process sends, in the form of Export Packets, the output An Exporting Process sends, in the form of Export Packets, the output
of one or more Metering Processes to one or more Collectors. of one or more Metering Processes to one or more Collectors.
Export Packet Export Packet
skipping to change at page 11, line 43 skipping to change at page 11, line 46
Selection Process and an Exporting Process. Typically, corresponding Selection Process and an Exporting Process. Typically, corresponding
Observation Point(s), Selection Process(es) and Exporting Process(es) Observation Point(s), Selection Process(es) and Exporting Process(es)
are co-located at this device, for example at a router. are co-located at this device, for example at a router.
3.2.6 Selection Methods 3.2.6 Selection Methods
Filtering Filtering
A filter is a Selector that selects a packet deterministically based A filter is a Selector that selects a packet deterministically based
on the Packet Content, or its treatment, or functions of these on the Packet Content, or its treatment, or functions of these
occurring in the Selection State. Examples include field match occurring in the Selection State. Examples include property match
Filtering, and Hash-based Selection. Filtering, and Hash-based Selection.
Sampling Sampling
A Selector that is not a filter is called a Sampling operation. This A Selector that is not a filter is called a Sampling operation. This
reflects the intuitive notion that if the selection of a packet reflects the intuitive notion that if the selection of a packet
cannot be determined from its content alone, there must be some type cannot be determined from its content alone, there must be some type
of Sampling taking place. of Sampling taking place.
Content-independent Sampling Content-independent Sampling
A Sampling operation that does not use Packet Content (or quantities A Sampling operation that does not use Packet Content (or quantities
derived from it) as the basis for selection is called a Content- derived from it) as the basis for selection is called a Content-
independent Sampling operation. Examples include systematic independent Sampling operation. Examples include systematic
skipping to change at page 22, line 40 skipping to change at page 22, line 40
Figure E: Example of a Basic Packet Report, Figure E: Example of a Basic Packet Report,
with a variable sized field with a variable sized field
6.4.2 Extended Packet Report 6.4.2 Extended Packet Report
Alternatively to the basic Packet Report, the extended Packet Report Alternatively to the basic Packet Report, the extended Packet Report
MAY contain other Information Elements related to the protocols used MAY contain other Information Elements related to the protocols used
in the packet (such as source and destination IP addresses), related in the packet (such as source and destination IP addresses), related
to the packet treatment (such as output interface, destination BGP to the packet treatment (such as output interface, destination BGP
autonomous system [RFC1771]), or related to the Selection State autonomous system [RFC4271]), or related to the Selection State
associated with the packet (such as timestamp, hash value). associated with the packet (such as timestamp, hash value).
It is envisaged that selection of fields for extended Packet Reports It is envisaged that selection of fields for extended Packet Reports
may be used to reduce reporting bandwidth, in which case the option may be used to reduce reporting bandwidth, in which case the option
to report some number of contiguous bytes from the start of the to report some number of contiguous bytes from the start of the
packet, mandatory in the basic Packet Report, may not be exercised. packet, mandatory in the basic Packet Report, may not be exercised.
In this case, the Packet Content MAY be omitted. Note this In this case, the Packet Content MAY be omitted. Note this
configuration is quite similar to an IPFIX Device for which a configuration is quite similar to an IPFIX Device for which a
Template Record containing information about a single packet is Template Record containing information about a single packet is
reported. reported.
skipping to change at page 23, line 38 skipping to change at page 23, line 38
The associated IPFIX Data Record: The associated IPFIX Data Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 261 | Length = 20 | | Set ID = 261 | Length = 20 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | | 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10.0.0.1 | | 192.0.2.1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10.0.1.106 | | 192.0.2.106 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 72 | 1372 | | 72 | 1372 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 80 | | 80 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure F: Example of an Extended Packet Report Figure F: Example of an Extended Packet Report
6.5 Report Interpretation 6.5 Report Interpretation
To make full sense of the Packet Reports there are a number of To make full sense of the Packet Reports there are a number of
skipping to change at page 25, line 7 skipping to change at page 25, line 7
the Selection Sequence Report Interpretation MUST contain the list of the Selection Sequence Report Interpretation MUST contain the list of
all the Primitive Selector IDs in the Selection Sequence. If all the Primitive Selector IDs in the Selection Sequence. If
multiple Selectors are contained in the Selection Sequence Report multiple Selectors are contained in the Selection Sequence Report
Interpretation, the selectorId's MUST be identified in the order they Interpretation, the selectorId's MUST be identified in the order they
are used. are used.
Example of two Selection Sequences: Example of two Selection Sequences:
Selection Sequence 7 (Filter->Sampling): Selection Sequence 7 (Filter->Sampling):
ingressInterface 5 ingressInterface 5
selectorId 5 (Filter, match IPV4SourceAddress 10.0.0.1) selectorId 5 (Filter, match IPV4SourceAddress 192.0.2.1)
selectorId 10 (Sampler, Random 1 out-of ten) selectorId 10 (Sampler, Random 1 out-of ten)
Selection Sequence 9 (Sampling->Filtering): Selection Sequence 9 (Sampling->Filtering):
ingressInterface 5 ingressInterface 5
selectorId 10 (Sampler, Random 1 out-of ten) selectorId 10 (Sampler, Random 1 out-of ten)
selectorId 5 (Filter, match IPV4SourceAddress 10.0.0.1) selectorId 5 (Filter, match IPV4SourceAddress 192.0.2.1)
IPFIX Options Template Record: IPFIX Options Template Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 | | Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 262 | Field Count = 4 | | Template ID = 262 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 32, line 6 skipping to change at page 32, line 6
Since encryption alters the meaning of encrypted fields, when the Since encryption alters the meaning of encrypted fields, when the
Property Match Filtering classification is based on the encrypted Property Match Filtering classification is based on the encrypted
field(s) in the packet, it MUST be able to recognize that the field(s) in the packet, it MUST be able to recognize that the
field(s) are not available and MUST NOT select those packets unless field(s) are not available and MUST NOT select those packets unless
specifically directed by the Information Element description. specifically directed by the Information Element description.
Even if they are ignored, the encrypted packets MUST be accounted for Even if they are ignored, the encrypted packets MUST be accounted for
in the Selector packetsObserved Information Element [PSAMP-INFO], in the Selector packetsObserved Information Element [PSAMP-INFO],
part of the Selection Sequence Statistics Report Interpretation. part of the Selection Sequence Statistics Report Interpretation.
Example of a match based filter Selector, whose rules are: Example of a match based filter Selector, whose rules are:
IPv4 Source Address = 10.0.0.1 IPv4 Source Address = 192.0.2.1
IPv4 Next-Hop Address = 10.0.1.1 IPv4 Next-Hop Address = 192.0.2.129
IPFIX Options Template Record: IPFIX Options Template Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 | | Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 266 | Field Count = 4 | | Template ID = 266 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 32, line 38 skipping to change at page 32, line 38
Associated IPFIX Data Record: Associated IPFIX Data Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 266 | Length = 11 | | Set ID = 266 | Length = 11 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 21 | | 21 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 10.0.0 ... | | 5 | 192.0.2 ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... .1 | 10.0.1 ... | | ... .1 | 192.0.2 ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... .1 | | ... .129 |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure L: Example of the Selector Report Interpretation, Figure L: Example of the Selector Report Interpretation,
For match based and router state Filtering For match based and router state Filtering
Notes: Notes:
* A selectorAlgorithm value of 5 represents property match Filtering. * A selectorAlgorithm value of 5 represents property match Filtering.
* In this filter there is a mix of information from the packet and * In this filter there is a mix of information from the packet and
information from the router. information from the router.
skipping to change at page 37, line 39 skipping to change at page 37, line 39
output value of the previous selector. output value of the previous selector.
The Selection Sequence Statistics Report Interpretation MUST be The Selection Sequence Statistics Report Interpretation MUST be
exported periodically. exported periodically.
Example of Selection Sequence Statistics Report Interpretation: Example of Selection Sequence Statistics Report Interpretation:
Selection Sequence 7 (Filter->Sampling): Selection Sequence 7 (Filter->Sampling):
Observed 100 (observationPointId 1, Interface 5) Observed 100 (observationPointId 1, Interface 5)
Selected 50 (selectorId 5, match IPV4SourceAddress 10.0.0.1) Selected 50 (selectorId 5, match IPV4SourceAddress 192.0.2.1)
Selected 6 (selectorId 10, Sampler: Random one out-of ten) Selected 6 (selectorId 10, Sampler: Random one out-of ten)
Selection Sequence 9 (Sampling->Filtering): Selection Sequence 9 (Sampling->Filtering):
Observed 100 (observationPointId 1, Interface 5) Observed 100 (observationPointId 1, Interface 5)
Selected 10 (selectorId 10, Sampler: Random one out-of ten) Selected 10 (selectorId 10, Sampler: Random one out-of ten)
Selected 3 (selectorId 5, match IPV4SourceAddress 10.0.0.1) Selected 3 (selectorId 5, match IPV4SourceAddress 192.0.2.1)
IPFIX Options Template Record: IPFIX Options Template Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 | | Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 267 | Field Count = 4 | | Template ID = 267 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 43, line 22 skipping to change at page 43, line 22
9. References 9. References
9.1 Normative References 9.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
[RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA [RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 2434, October 1998 Considerations Section in RFCs", RFC 2434, October 1998
[PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F. [PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F.
Raspall, "Sampling and Filtering Techniques for IP Packet Selection" Raspall, "Sampling and Filtering Techniques for IP Packet Selection"
draft-ietf-psamp-sample-tech-07.txt draft-ietf-psamp-sample-tech-10.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information
Model for Packet Sampling Exports", draft-ietf-psamp-info-03.txt Model for Packet Sampling Exports", draft-ietf-psamp-info-06.txt
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
arch-12.txt"
[IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information [IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information
Model for IP Flow Information Export" draft-ietf-ipfix-info-13.txt Model for IP Flow Information Export" draft-ietf-ipfix-info-15.txt
[IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol [IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol
for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix- for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix-
protocol-23.txt protocol-24.txt
9.2 Informative References 9.2 Informative References
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
architecture-12.txt"
[PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M. [PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework
for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt for Passive Packet Measurement" draft-ietf-psamp-framework-11.txt
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)", [RFC4271] Y. Rekhter, T. Li, Hares, S. "A Border Gateway Protocol 4
[RFC1889] Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V., (BGP-4)", RFC 4271, January 2006
"RTP: A Transport Protocol for Real-Time Applications", RFC 1889,
January 1996 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.,
"RTP: A Transport Protocol for Real-Time Applications", RFC 3550,
[RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements [RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements
for IP Flow Information Export", RFC 3917, October 2004 for IP Flow Information Export", RFC 3917, October 2004
10. Acknowledgments 10. Acknowledgments
The authors would like to thank the PSAMP group, especially Paul The authors would like to thank the PSAMP group, especially Paul
Aitken for fruitful discussions and for proofreading the document Aitken for fruitful discussions and for proofreading the document
several times. several times.
Authors' Addresses Authors' Addresses
skipping to change at page 44, line 40 skipping to change at page 44, line 40
Email: quittek@ccrle.nec.de Email: quittek@ccrle.nec.de
Andrew Johnson Andrew Johnson
Cisco Systems Cisco Systems
96 Commercial Quay 96 Commercial Quay
Edinburgh EH6 6LX Edinburgh EH6 6LX
Scotland Scotland
Phone: +44 131 561 3641 Phone: +44 131 561 3641
Email: andrjohn@cisco.com Email: andrjohn@cisco.com
Intellectual Property Statement 11. Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
The IETF takes no position regarding the validity or scope of
any Intellectual Property Rights or other rights that might be
claimed to pertain to the implementation or use of the
technology described in this document or the extent to which any
license under such rights might or might not be available; nor
does it represent that it has made any independent effort to
identify any such rights. Information on the procedures with
respect to rights in RFC documents can be found in BCP 78 and
BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the
such proprietary rights by implementers or users of this use of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR
http://www.ietf.org/ipr. repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
Disclaimer of Validity The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be
required to implement this standard. Please address the
information to the IETF at ietf-ipr@ietf.org.
This document and the information contained herein are provided on an 12. Copyright Statement
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright (C) The IETF Trust (2007).
Copyright (C) The Internet Society (2006). This document is subject This document is subject to the rights, licenses and
to the rights, licenses and restrictions contained in BCP 78, and restrictions contained in BCP 78, and except as set forth
except as set forth therein, the authors retain all their rights. therein, the authors retain all their rights.
Acknowledgment 13. Disclaimer
Funding for the RFC Editor function is currently provided by the This document and the information contained herein are provided
Internet Society on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY,
THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM
ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 46 change blocks. 
135 lines changed or deleted 129 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/