draft-ietf-psamp-protocol-08.txt   draft-ietf-psamp-protocol-09.txt 
PSAMP working group PSAMP working group
Internet Draft EDITOR: B. Claise Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-08.txt Cisco Systems, Inc. draft-ietf-psamp-protocol-09.txt Cisco Systems, Inc.
Intended status: Proposed Standard December 10th 2007
Packet Sampling (PSAMP) Protocol Specifications Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that By submitting this Internet-Draft, each author represents that
any applicable patent or other IPR claims of which he or she is any applicable patent or other IPR claims of which he or she is
aware have been or will be disclosed, and any of which he or aware have been or will be disclosed, and any of which he or
she becomes aware will be disclosed, in accordance with Section she becomes aware will be disclosed, in accordance with Section
6 of BCP 79. 6 of BCP 79.
skipping to change at page 1, line 35 skipping to change at page 1, line 34
Internet-Drafts as reference material or to cite them other Internet-Drafts as reference material or to cite them other
than as "work in progress." than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed The list of Internet-Draft Shadow Directories can be accessed
at at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June, 2007. This Internet-Draft will expire on June, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document specifies the export of packet information from a This document specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Collecting Process. For export PSAMP Exporting Process to a PSAMP Collecting Process. For export
of packet information the IP Flow Information eXport (IPFIX) of packet information the IP Flow Information eXport (IPFIX)
skipping to change at page 2, line 15 skipping to change at page 2, line 15
is used for PSAMP export of packet information. is used for PSAMP export of packet information.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Introduction..................................................3 1. Introduction.................................................3
2. PSAMP Documents Overview......................................3 2. PSAMP Documents Overview.....................................3
3. Terminology...................................................4 3. Terminology..................................................4
3.1 IPFIX Terminology...........................................4 3.1 IPFIX Terminology..........................................4
3.2 PSAMP Terminology...........................................8 3.2 PSAMP Terminology..........................................5
3.2.1 Packet Streams and Packet Content......................8 3.2.1 Packet Streams and Packet Content.......................5
3.2.2 Selection Process......................................9 3.2.2 Selection Process.......................................6
3.2.3 Reporting.............................................10 3.2.3 Reporting...............................................7
3.2.4 Exporting Process.....................................11 3.2.4 Metering Process........................................8
3.2.5 PSAMP Device .........................................11 3.2.5 Exporting Process.......................................8
3.2.6 Selection Methods.....................................11 3.2.6 PSAMP Device............................................8
3.3 IPFIX and PSAMP Terminology Comparison.....................13 3.2.7 Collector...............................................8
3.3.1 IPFIX and PSAMP Processes.............................14 3.2.8 Selection Methods.......................................8
3.3.2 Packet Report, Packet Interpretation, and Data Record.14 3.3 IPFIX and PSAMP Terminology Comparison....................11
4. Differences between PSAMP and IPFIX..........................14 3.3.1 IPFIX and PSAMP Processes..............................11
4.1 Architecture Point of View.................................15 3.3.2 Packet Report, Packet Interpretation, and Data Record..11
4.2 Protocol Point of View.....................................16 4. Differences between PSAMP and IPFIX.........................12
4.3 Information Model Point of View............................16 4.1 Architecture Point of View................................12
5. PSAMP Requirements versus the IPFIX Solution.................17 4.2 Protocol Point of View....................................13
5.1 High Level View of the Integration.........................17 4.3 Information Model Point of View...........................14
6. Using the IPFIX Protocol for PSAMP...........................18 5. PSAMP Requirements versus the IPFIX Solution................14
6.1 Selector ID................................................19 5.1 High Level View of the Integration........................15
6.2 The Selection Sequence ID..................................19 6. Using the IPFIX Protocol for PSAMP..........................16
6.3 The Exporting Process......................................19 6.1 Selector ID...............................................16
6.4 Packet Report..............................................19 6.2 The Selection Sequence ID.................................16
6.4.1 Basic Packet Report...................................19 6.3 The Exporting Process.....................................17
6.4.2 Extended Packet Report................................22 6.4 Packet Report.............................................17
6.5 Report Interpretation......................................23 6.4.1 Basic Packet Report....................................17
6.5.1 Selection Sequence Report Interpretation..............24 6.4.2 Extended Packet Report.................................20
6.5.2 Selector Report Interpretation........................26 6.5 Report Interpretation.....................................21
6.5.2.1 Systematic Count-Based Sampling.....................26 6.5.1 Selection Sequence Report Interpretation...............21
6.5.2.2 Systematic Time-Based Sampling .....................27 6.5.2 Selector Report Interpretation.........................23
6.5.2.3 Random n-out-of-N Sampling..........................29 6.5.2.1 Systematic Count-Based Sampling.......................24
6.5.2.4 Uniform Probabilistic Sampling .....................30 6.5.2.2 Systematic Time-Based Sampling........................25
6.5.2.5 Property Match Filtering............................31 6.5.2.3 Random n-out-of-N Sampling............................26
6.5.2.6 Hash-Based Filtering................................33 6.5.2.4 Uniform Probabilistic Sampling........................27
6.5.2.7 Other Selection Methods.............................36 6.5.2.5 Property Match Filtering..............................29
6.5.3 Selection Sequence Statistics Report Interpretation...36 6.5.2.6 Hash-Based Filtering..................................30
6.5.4 Accuracy Report Interpretation........................39 6.5.2.7 Other Selection Methods...............................34
7. Security Considerations......................................42 6.5.3 Selection Sequence Statistics Report Interpretation....34
8. IANA Considerations..........................................42 6.5.4 Accuracy Report Interpretation.........................36
8.1 IPFIX Related Considerations ..............................42 7. Security Considerations.....................................39
8.2 PSAMP Related Considerations ..............................42 8. IANA Considerations.........................................40
9. References...................................................43 8.1 IPFIX Related Considerations..............................40
9.1 Normative References ......................................43 8.2 PSAMP Related Considerations..............................40
9.2 Informative References.....................................43 9. References..................................................40
10. Acknowledgments.............................................44 9.1 Normative References......................................40
11. Intellectual Property Statement.............................44 9.2 Informative References....................................41
12. Copyright Statement.........................................45 10. Acknowledgments............................................41
13. Disclaimer..................................................45 11. Intellectual Property Statement............................42
12. Copyright Statement........................................42
13. Disclaimer.................................................43
1. Introduction 1. Introduction
The name PSAMP is a contraction of the phrase Packet SAMPling. The The name PSAMP is a contraction of the phrase Packet SAMPling. The
word "sampling" captures the idea that only a subset of all packets word "sampling" captures the idea that only a subset of all packets
passing a network element will be selected for reporting. PSAMP passing a network element will be selected for reporting. PSAMP
selection operations include random selection, deterministic selection operations include random selection, deterministic
selection, and deterministic approximations to random selection selection, and deterministic approximations to random selection
(hash-based selection). (hash-based selection).
skipping to change at page 4, line 20 skipping to change at page 4, line 22
specifies the export of packet information from a PSAMP Exporting specifies the export of packet information from a PSAMP Exporting
Process to a PSAMP Collecting Process. Process to a PSAMP Collecting Process.
[PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines [PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines
an information and data model for PSAMP. an information and data model for PSAMP.
3. Terminology 3. Terminology
As the IPFIX export protocol is used to export the PSAMP information, As the IPFIX export protocol is used to export the PSAMP information,
the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in
this document. The terminology summary table in section 3.1 gives a this document. All terms defined in this section have their first
quick overview of the relationships between the different IPFIX letter capitalized when used in this document. The terminology
terms. The PSAMP terminology defined here is fully consistent with summary table in section 3.1 gives a quick overview of the
all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only relationships between the different IPFIX terms. The PSAMP
definitions that are relevant to the PSAMP protocol appear here. terminology defined here is fully consistent with all terms listed in
Section 5.4 applies the PSAMP terminology to the IPFIX protocol [PSAMP-TECH] and [PSAMP-FMWK] but only definitions that are relevant
terminology. to the PSAMP protocol appear here. Section 5.4 applies the PSAMP
terminology to the IPFIX protocol terminology.
3.1 IPFIX Terminology 3.1 IPFIX Terminology
The IPFIX terminology section has been entirely copied over from IPFIX-specific terminology used in this document is defined in
[IPFIX-PROTO], except for the IPFIX Exporting Process term, which is section 2 of [IPFIX-PROTO]. The only exceptions are the Metering
defined more precisely in the PSAMP terminology section. Process, Exporting Process, and the Collector terms, which are
defined more precisely in the PSAMP terminology section. As in
Observation Point [IPFIX-PROTO], these IPFIX-specific terms have the first letter of a
word capitalized when used in this document.
An Observation Point is a location in the network where IP packets
can be observed. Examples include: a line to which a probe is
attached, a shared medium, such as an Ethernet-based LAN, a single
port of a router, or a set of interfaces (physical or logical) of a
router.
Note that every Observation Point is associated with an Observation
Domain (defined below), and that one Observation Point may be a
superset of several other Observation Points. For example one
Observation Point can be an entire line card. That would be the
superset of the individual Observation Points at the line card's
interfaces.
Observation Domain
An Observation Domain is the largest set of Observation Points for
which Flow information can be aggregated by a Metering Process.
Each Observation Domain presents itself using a unique ID to the
Collecting Process to identify the IPFIX Messages it generates. For
example, a router line card may be an observation domain if it is
composed of several interfaces, each of which is an Observation
Point. Every Observation Point is associated with an Observation
Domain.
IP Traffic Flow or Flow
There are several definitions of the term 'flow' being used by the
Internet community. Within the context of IPFIX we use the following
definition:
A Flow is defined as a set of IP packets passing an Observation Point
in the network during a certain time interval. All packets belonging
to a particular Flow have a set of common properties. Each property
is defined as the result of applying a function to the values of:
1. one or more packet header field (e.g. destination IP address),
transport header field (e.g. destination port number), or
application header field (e.g. RTP header fields [RFC3550])
2. one or more characteristics of the packet itself (e.g. number
of MPLS labels, etc...)
3. one or more of fields derived from packet treatment (e.g. next
hop IP address, the output interface, etc...)
A packet is defined to belong to a Flow if it completely satisfies
all the defined properties of the Flow.
This definition covers the range from a Flow containing all packets
observed at a network interface to a Flow consisting of just a single
packet between two applications. It includes packets selected by a
sampling mechanism.
Flow Key
Each of the fields which
1. Belong to the packet header (e.g. destination IP address)
2. Are a property of the packet itself (e.g. packet length)
3. Are derived from packet treatment (e.g. AS number)
and which are used to define a Flow are termed Flow Keys.
Flow Record
A Flow Record contains information about a specific Flow that was
observed at an Observation Point. A Flow Record contains measured
properties of the Flow (e.g. the total number of bytes for all the
Flow's packets) and usually characteristic properties of the Flow
(e.g. source IP address).
Metering Process
The Metering Process generates Flow Records. Inputs to the process
are packet headers and characteristics observed at an Observation
Point, and packet treatment at the Observation Point (for example the
selected output interface).
The Metering Process consists of a set of functions that includes
packet header capturing, timestamping, sampling, classifying, and
maintaining Flow Records.
The maintenance of Flow Records may include creating new records,
updating existing ones, computing Flow statistics, deriving further
Flow properties, detecting Flow expiration, passing Flow Records to
the Exporting Process, and deleting Flow Records.
Exporter
A device which hosts one or more Exporting Processes is termed an
Exporter.
IPFIX Device
An IPFIX Device hosts at least one Observation Point, a Metering
Process and an Exporting Process.
Collecting Process
A Collecting Process receives Flow Records from one or more
Exporting Processes. The Collecting Process might process or store
received Flow Records, but such actions are out of scope for this
document.
Collector
A device which hosts one or more Collecting Processes is termed a
Collector.
Template
A Template is an ordered sequence of <type, length> pairs, used to
completely specify the structure and semantics of a particular set of
information that needs to be communicated from an IPFIX Device to a
Collector. Each Template is uniquely identifiable by means of a
Template ID.
IPFIX Message
An IPFIX Message is a message originating at the Exporting Process
that carries the IPFIX records of this Exporting Process and whose
destination is a Collecting Process. An IPFIX Message is
encapsulated at the transport layer.
Message Header
The Message Header is the first part of an IPFIX Message, which
provides basic information about the message such as the IPFIX
version, length of the message, message sequence number, etc.
Template Record
A Template Record defines the structure and interpretation of fields
in a Data Record.
Data Record
A Data Record is a record that contains values of the parameters
corresponding to a Template Record.
Options Template Record
An Options Template Record is a Template Record that defines the
structure and interpretation of fields in a Data Record, including
defining how to scope the applicability of the Data Record.
Set
Set is a generic term for a collection of records that have a similar
structure. In an IPFIX Message, one or more Sets follow the Message
Header.
There are three different types of Sets: Template Set, Options
Template Set, and Data Set.
Template Set
A Template Set is a collection of one or more Template Records that
have been grouped together in an IPFIX Message.
Options Template Set
An Options Template Set is a collection of one or more Options
Template Records that have been grouped together in an IPFIX Message.
Data Set
A Data Set is one or more Data Records, of the same type, that are
grouped together in an IPFIX Message. Each Data Record is previously
defined by a Template Record or an Options Template Record.
Information Element
An Information Element is a protocol and encoding independent
description of an attribute which may appear in an IPFIX Record. The
IPFIX information model [IPFIX-INFO] defines the base set of
Information Elements for IPFIX. The type associated with an
Information Element indicates constraints on what it may contain and
also determines the valid encoding mechanisms for use in IPFIX.
+------------------+---------------------------------------------+ +------------------+---------------------------------------------+
| | contents | | | contents |
| +--------------------+------------------------+ | +--------------------+------------------------+
| Set | Template | record | | Set | Template | record |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
| Data Set | / | Data Record(s) | | Data Set | / | Data Record(s) |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
| Template Set | Template Record(s) | / | | Template Set | Template Record(s) | / |
+------------------+--------------------+------------------------+ +------------------+--------------------+------------------------+
skipping to change at page 9, line 17 skipping to change at page 5, line 45
Note that packets selected from a stream, e.g. by Sampling, do not Note that packets selected from a stream, e.g. by Sampling, do not
necessarily possess a property by which they can be distinguished necessarily possess a property by which they can be distinguished
from packets that have not been selected. For this reason the term from packets that have not been selected. For this reason the term
"stream" is favored over "flow", which is defined as set of packets "stream" is favored over "flow", which is defined as set of packets
with common properties [RFC3917]. with common properties [RFC3917].
Packet Content Packet Content
The Packet Content denotes the union of the packet header (which The Packet Content denotes the union of the packet header (which
includes link layer, network layer and other encapsulation headers) includes link layer, network layer and other encapsulation headers)
and the packet payload. and the packet payload. Note that, depending on the Observation
Point, the link layer information might not be available.
3.2.2 Selection Process 3.2.2 Selection Process
Selection Process Selection Process
A Selection Process takes the Observed Packet Stream as its input and A Selection Process takes the Observed Packet Stream as its input and
selects a subset of that stream as its output. selects a subset of that stream as its output.
Selection State Selection State
skipping to change at page 11, line 18 skipping to change at page 8, line 5
one or more packets, that are used for interpretation of their Packet one or more packets, that are used for interpretation of their Packet
Reports. Examples include configuration parameters of the Selection Reports. Examples include configuration parameters of the Selection
Process. Process.
Report Stream Report Stream
The Report Stream is the output of a Metering Process, comprising two The Report Stream is the output of a Metering Process, comprising two
distinguished types of information: Packet Reports, and Report distinguished types of information: Packet Reports, and Report
Interpretation. Interpretation.
3.2.4 Exporting Process 3.2.4 Metering Process
Metering Process
A Metering Process selects packets from the Observed Packet Stream
using a Selection Process, and produces as output a Report Stream
concerning the selected packets. The PSAMP Metering Process can be
viewed as analogous to the IPFIX metering process [IPFIX-PROTO],
which produces flow records as its output.
3.2.5 Exporting Process
Exporting Process Exporting Process
An Exporting Process sends, in the form of Export Packets, the output An Exporting Process sends, in the form of Export Packets, the output
of one or more Metering Processes to one or more Collectors. of one or more Metering Processes to one or more Collectors.
Export Packet Export Packet
An Export Packet is a combination of Report Interpretation(s) and/or An Export Packet is a combination of Report Interpretation(s) and/or
one or more Packet Reports that are bundled by the Exporting Process one or more Packet Reports that are bundled by the Exporting Process
into a Export Packet for exporting to a Collector. into a Export Packet for exporting to a Collector.
3.2.5 PSAMP Device 3.2.6 PSAMP Device
PSAMP Device PSAMP Device
A PSAMP Device is a device hosting at least an Observation Point, a A PSAMP Device is a device hosting at least an Observation Point, a
Selection Process and an Exporting Process. Typically, corresponding Selection Process and an Exporting Process. Typically, corresponding
Observation Point(s), Selection Process(es) and Exporting Process(es) Observation Point(s), Selection Process(es) and Exporting Process(es)
are co-located at this device, for example at a router. are co-located at this device, for example at a router.
3.2.6 Selection Methods 3.2.7 Collector
Collector
A Collector receives a Report Stream exported by one or more
Exporting Processes. In some cases, the host of the Metering and/or
Exporting Processes may also serve as the Collector.
3.2.8 Selection Methods
Filtering Filtering
A filter is a Selector that selects a packet deterministically based A filter is a Selector that selects a packet deterministically based
on the Packet Content, or its treatment, or functions of these on the Packet Content, or its treatment, or functions of these
occurring in the Selection State. Examples include property match occurring in the Selection State. Examples include property match
Filtering, and Hash-based Selection. Filtering, and Hash-based Selection.
Sampling Sampling
A Selector that is not a filter is called a Sampling operation. This A Selector that is not a filter is called a Sampling operation. This
reflects the intuitive notion that if the selection of a packet reflects the intuitive notion that if the selection of a packet
cannot be determined from its content alone, there must be some type cannot be determined from its content alone, there must be some type
of Sampling taking place. of Sampling taking place.
Content-independent Sampling Content-independent Sampling
A Sampling operation that does not use Packet Content (or quantities A Sampling operation that does not use Packet Content (or quantities
derived from it) as the basis for selection is called a Content- derived from it) as the basis for selection is called a Content-
independent Sampling operation. Examples include systematic independent Sampling operation. Examples include systematic
skipping to change at page 20, line 47 skipping to change at page 18, line 28
and ipPayloadPacketSection) MAY be encoded with a fixed length field and ipPayloadPacketSection) MAY be encoded with a fixed length field
or with a variable sized field. If one of these Information or with a variable sized field. If one of these Information
Elements is encoded with a fixed length field whose length is too Elements is encoded with a fixed length field whose length is too
long for the number of contiguous bytes in the selected packet, long for the number of contiguous bytes in the selected packet,
padding MUST NOT be used. In this case, the Exporting Process MUST padding MUST NOT be used. In this case, the Exporting Process MUST
export the information either in a new Template Record with the export the information either in a new Template Record with the
correct fixed length field, or either in a new Template Record with correct fixed length field, or either in a new Template Record with
a variable length field. a variable length field.
Here is an example of a basic Packet Report, with a Here is an example of a basic Packet Report, with a
SelectionSequenceId value of 9 and ipHeaderPacketSection Information SelectionSequenceId value of 9 and dataLinkFrameSection
Element of 12 bytes, 0x4500 005B A174 0000 FF11 832E, encoded with a Information Element of 12 bytes, 0x4500 005B A174 0000 FF11 832E,
fixed length field. encoded with a fixed length field.
IPFIX Template Record: IPFIX Template Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 2 | Length = 24 | | Set ID = 2 | Length = 24 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 260 | Field Count = 4 | | Template ID = 260 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| selectionSequenceId = 301 | Field Length = 4 | | selectionSequenceId = 301 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| digestHashValue = 326 | Field Length = 4 | | digestHashValue = 326 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ipHeaderPacketSection = 313 | Field Length = 12 | | dataLinkFrameSection = 315 | Field Length = 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|observationTimeMicroseconds=324| Field Length = 4 | |observationTimeMicroseconds=324| Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The associated IPFIX Data Record: The associated IPFIX Data Record:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 260 | Length = 28 | | Set ID = 260 | Length = 28 |
skipping to change at page 26, line 33 skipping to change at page 24, line 15
Option Template Record MUST contain the selectorId Information Option Template Record MUST contain the selectorId Information
Element as the Scope field and the SelectorAlgorithm Information Element as the Scope field and the SelectorAlgorithm Information
Element followed by some specific configuration parameters: Element followed by some specific configuration parameters:
Scope: selectorId Scope: selectorId
Non-scope: selectorAlgorithm Non-scope: selectorAlgorithm
algorithm specific Information Elements algorithm specific Information Elements
The algorithm specific Information Elements are specified in the The algorithm specific Information Elements are specified in the
following subsections, depending on the selection method represented following subsections, depending on the selection method represented
by the value of the selectorAlgorithm. by the value of the selectorAlgorithm [PSAMP-INFO].
6.5.2.1 Systematic Count-Based Sampling 6.5.2.1 Systematic Count-Based Sampling
In systematic count-based Sampling, the start and stop triggers for In systematic count-based Sampling, the start and stop triggers for
the Sampling interval are defined in accordance with the spatial the Sampling interval are defined in accordance with the spatial
packet position (packet count) [PSAMP-TECH]. packet position (packet count) [PSAMP-TECH].
The REQUIRED algorithm specific Information Elements in the case of The REQUIRED algorithm specific Information Elements in the case of
systematic count-based Sampling are: systematic count-based Sampling are:
skipping to change at page 42, line 31 skipping to change at page 40, line 18
contiguous bytes from the start of the packet, including the packet contiguous bytes from the start of the packet, including the packet
header (which includes link layer, network layer and other header (which includes link layer, network layer and other
encapsulation headers) and some subsequent bytes of the packet encapsulation headers) and some subsequent bytes of the packet
payload. The PSAMP Device SHOULD NOT export the full payload of payload. The PSAMP Device SHOULD NOT export the full payload of
conversations, as this would mean wiretapping [RFC2804]. The PSAMP conversations, as this would mean wiretapping [RFC2804]. The PSAMP
Device MUST respect local privacy laws. Device MUST respect local privacy laws.
8. IANA Considerations 8. IANA Considerations
The PSAMP Protocol, as set out in this document, has two sets of The PSAMP Protocol, as set out in this document, has two sets of
assigned numbers. Considerations for assigning them are discussed in assigned numbers. Considerations for assigning them are discussed
this section, using the example policies as set out in the in this section, using the example policies as set out in the
"Guidelines for IANA Considerations" document IANA-RFC [RFC2434]. "Guidelines for IANA Considerations" document IANA-RFC [RFC2434].
8.1 IPFIX Related Considerations 8.1 IPFIX Related Considerations
As the PSAMP protocol uses the IPFIX protocol, refer to the IANA As the PSAMP protocol uses the IPFIX protocol, refer to the IANA
considerations section in [IPFIX-PROTO] for the assignments of considerations section in [IPFIX-PROTO] for the assignments of
numbers used in the protocol and for the numbers used in the numbers used in the protocol and for the numbers used in the
information model. information model.
8.2 PSAMP Related Considerations 8.2 PSAMP Related Considerations
Each new selection method MUST be assigned a unique value for the Each new selection method MUST be assigned a unique value for the
selectorAlgorithm Information Element. Its configuration selectorAlgorithm Information Element [PSAMP-INFO]. Initial
parameter(s), along with the way to report it/them with an Options contents of this registry are found section 8.2.4 in [PSAMP-INFO].
Template, MUST be clearly specified. Its configuration parameter(s), along with the way to report it/them
with an Options Template, MUST be clearly specified.
New assignments for the PSAMP selection method will be administered New assignments for the PSAMP selection method will be administered
by IANA, on a First Come First Served basis [RFC2434], subject to by IANA, on a First Come First Served basis [RFC2434], subject to
Expert Review [RFC2434], i.e. review by one of a group of experts Expert Review [RFC2434]. The group of experts must double check the
designated by an IETF Operations and Management Area Director. The Information Elements definitions with already defined Information
group of experts must double check the Information Elements Elements for completeness, accuracy and redundancy. Those experts
definitions with already defined Information Elements for will initially be drawn from the Working Group Chairs and document
completeness, accuracy and redundancy. Those experts will initially editors of the IPFIX and PSAMP Working Groups.
be drawn from the Working Group Chairs and document editors of the
IPFIX and PSAMP Working Groups.
9. References 9. References
9.1 Normative References 9.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
[RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA [RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 2434, October 1998 Considerations Section in RFCs", RFC 2434, October 1998
[PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F. [PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F.
Raspall, "Sampling and Filtering Techniques for IP Packet Selection" Raspall, "Sampling and Filtering Techniques for IP Packet Selection"
draft-ietf-psamp-sample-tech-10.txt draft-ietf-psamp-sample-tech-10.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information
Model for Packet Sampling Exports", draft-ietf-psamp-info-06.txt Model for Packet Sampling Exports", draft-ietf-psamp-info-07.txt
[IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information [IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information
Model for IP Flow Information Export" draft-ietf-ipfix-info-15.txt Model for IP Flow Information Export" draft-ietf-ipfix-info-15.txt
[IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol [IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol
for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix- for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix-
protocol-24.txt protocol-26.txt
9.2 Informative References 9.2 Informative References
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek, [IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix- "Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
architecture-12.txt" architecture-12.txt"
[PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M. [PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework
for Passive Packet Measurement" draft-ietf-psamp-framework-11.txt for Passive Packet Measurement" draft-ietf-psamp-framework-12.txt
[RFC4271] Y. Rekhter, T. Li, Hares, S. "A Border Gateway Protocol 4 [RFC4271] Y. Rekhter, T. Li, Hares, S. "A Border Gateway Protocol 4
(BGP-4)", RFC 4271, January 2006 (BGP-4)", RFC 4271, January 2006
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.,
"RTP: A Transport Protocol for Real-Time Applications", RFC 3550,
[RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements [RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements
for IP Flow Information Export", RFC 3917, October 2004 for IP Flow Information Export", RFC 3917, October 2004
10. Acknowledgments 10. Acknowledgments
The authors would like to thank the PSAMP group, especially Paul The authors would like to thank the PSAMP group, especially Paul
Aitken for fruitful discussions and for proofreading the document Aitken for fruitful discussions and for proofreading the document
several times. several times.
Authors' Addresses Authors' Addresses
skipping to change at page 44, line 30 skipping to change at page 42, line 14
Phone: +32 2 704 5622 Phone: +32 2 704 5622
E-mail: bclaise@cisco.com E-mail: bclaise@cisco.com
Juergen Quittek Juergen Quittek
NEC Europe Ltd. NEC Europe Ltd.
Network Laboratories Network Laboratories
Kurfuersten-Anlage 36 Kurfuersten-Anlage 36
69115 Heidelberg 69115 Heidelberg
Germany Germany
Phone: +49 6221 90511-15 Phone: +49 6221 90511-15
Email: quittek@ccrle.nec.de Email: quittek@nw.neclab.eu
Andrew Johnson Andrew Johnson
Cisco Systems Cisco Systems
96 Commercial Quay 96 Commercial Quay
Edinburgh EH6 6LX Edinburgh EH6 6LX
Scotland Scotland
Phone: +44 131 561 3641 Phone: +44 131 561 3641
Email: andrjohn@cisco.com Email: andrjohn@cisco.com
11. Intellectual Property Statement 11. Intellectual Property Statement
 End of changes. 23 change blocks. 
269 lines changed or deleted 112 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/