One document matched: draft-ietf-psamp-info-03.txt
Differences from draft-ietf-psamp-info-02.txt
Network Working Group T. Dietz
Internet-Draft NEC Europe Ltd.
Expires: April 27, 2006 F. Dressler
University of Erlangen-Nuremberg
G. Carle
University of Tuebingen
B. Claise
P. Aitken
Cisco Systems
October 24, 2005
Information Model for Packet Sampling Exports
<draft-ietf-psamp-info-03.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 27, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This memo defines an information model for the Packet Sampling
(PSAMP) protocol. It is used by the PSAMP protocol for encoding
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 1]
Internet-Draft PSAMP Information Model October 2005
sampled packet data and information related to the sampling process.
As the PSAMP protocol is based on the IPFIX protocol, this
information model is an extension to the IPFIX information model.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 2]
Internet-Draft PSAMP Information Model October 2005
Table of Contents
1. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1 PSAMP architecture/protocol related . . . . . . . . . . . 5
1.2 IPFIX related . . . . . . . . . . . . . . . . . . . . . . 6
1.3 NETFLOW v9 related . . . . . . . . . . . . . . . . . . . . 6
1.4 PSAMP number space for Information Elements . . . . . . . 6
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Relationship between PSAMP and IPFIX . . . . . . . . . . . . 7
4. Properties of a PSAMP Information Element . . . . . . . . . 8
5. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . 8
6. The PSAMP Information Elements . . . . . . . . . . . . . . . 8
6.1 PSAMP Usage of IPFIX Attributes . . . . . . . . . . . . . 8
6.2 Additional PSAMP Information Elements . . . . . . . . . . 9
6.2.1 selectorId . . . . . . . . . . . . . . . . . . . . . . 9
6.2.2 selectorInputSequenceNumber . . . . . . . . . . . . . 9
6.2.3 selectorAlgorithm . . . . . . . . . . . . . . . . . . 10
6.2.4 samplingPacketInterval . . . . . . . . . . . . . . . . 10
6.2.5 samplingPacketSpace . . . . . . . . . . . . . . . . . 11
6.2.6 samplingTimeInterval . . . . . . . . . . . . . . . . . 11
6.2.7 samplingTimeSpace . . . . . . . . . . . . . . . . . . 11
6.2.8 samplingPopulation . . . . . . . . . . . . . . . . . . 12
6.2.9 samplingSize . . . . . . . . . . . . . . . . . . . . . 12
6.2.10 samplingProbabilityN . . . . . . . . . . . . . . . . 12
6.2.11 samplingProbabilityM . . . . . . . . . . . . . . . . 12
6.2.12 ipHeaderPacketSection . . . . . . . . . . . . . . . 13
6.2.13 ipPayloadPacketSection . . . . . . . . . . . . . . . 13
6.2.14 l2HeaderPacketSection . . . . . . . . . . . . . . . 13
6.2.15 l2PayloadPacketSection . . . . . . . . . . . . . . . 14
6.2.16 mplsLabelStackSection . . . . . . . . . . . . . . . 14
6.2.17 mplsPayloadPacketSection . . . . . . . . . . . . . . 14
6.2.18 meteringProcesssId . . . . . . . . . . . . . . . . . 14
6.2.19 observationPointId . . . . . . . . . . . . . . . . . 15
6.2.20 associationsId . . . . . . . . . . . . . . . . . . . 15
6.2.21 selectorType . . . . . . . . . . . . . . . . . . . . 15
6.2.22 packetsObserved . . . . . . . . . . . . . . . . . . 15
6.2.23 packetsSelected . . . . . . . . . . . . . . . . . . 15
6.2.24 accuracy . . . . . . . . . . . . . . . . . . . . . . 15
7. Security Considerations . . . . . . . . . . . . . . . . . . 16
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 16
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 3]
Internet-Draft PSAMP Information Model October 2005
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
9.1 Normative References . . . . . . . . . . . . . . . . . . . 16
9.2 Informative References . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18
A. Formal Specification of PSAMP Information Elements . . . . . 19
Intellectual Property and Copyright Statements . . . . . . . 29
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 4]
Internet-Draft PSAMP Information Model October 2005
1. Open Issues
This section covers some open issues which have to be solved in a
future version of this draft.
1.1 PSAMP architecture/protocol related
o PROPOSAL: we won't overload Information Elements with multiple
meanings or re-use them for multiple purposes. We will allocate
different IE's for each requirement.
o PROPOSAL: although having different IE's for each requirement
allows us to infer the selection method, we will include a
separate IE for the method, e.g. for including in scope info and
depicting the contents of composites.
o We currently define the sampling/filtering algorithm and the hash
function Information Element as a simple 8-bit identifier. This
implies that an extension is very easy. Nevertheless, it might be
appropriate to have a single Information Element for each method
in order to integrate special information about the sampling/
filtering algorithm or the hash function directly into the
Information Element. PROPOSAL: special information will be
encoded in new Information Elements as necessary, and not be
encoded in the selection method.
o The flow state sampling, random non-uniform probabilistic
sampling, the mask filtering and the router state filtering are
currently not fully covered by the information model because the
Information Elements needed for these algorithms still need to be
specified.
o The PSAMP protocol [I-D.ietf-psamp-protocol] allows to define
multiple selection methods which are applied in a sequential
order. Therefore, the order of the Information Elements in a
template becomes important. This is a primary difference to the
semantics of the flow template in the IPFIX definition.
Currently, we do not have a proper definition for the ordering of
Information Elements. PROPOSAL: where the order of the elements
is important (according to the PSAMP protocol [I-D.ietf-psamp-
protocol]) they must be specified in the correct order.
o The unit property is currently optional, but we would like to have
information about units wherever possible. The unit property may
become mandatory in a future version of this document and we would
define the unit as "not applicable" when no unit can be given.
o We need to specify the "accuracy" Information Element.
o data type - variable length for packet fragment.
o How to export very long packets? An MTU of 1500 permits an
template of 350+ elements, but it may not be possible to transmit
all the desired elements in one packet since the 16-bit length
field in the IPFIX header only allows IPFIX packets up to 65535
bytes.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 5]
Internet-Draft PSAMP Information Model October 2005
o Clearly define "layer 2" and MPLS. PROPOSAL: discuss at the
Vancouver IETF.
o Rather than creating new header and payload sections for each
layer, protocol or application, should there only be one header
section and one payload section, with another IE describing what
it is? PROPOSAL: discuss at the Vancouver IETF.
1.2 IPFIX related
o This document only defines the Information Elements for exporting
PSAMP data that are not defined by the IPFIX information model.
Nevertheless, we should include a usage statement for the
Information Elements defined by IPFIX when used by the PSAMP
export protocol or include a special section discussing the usage
of IPFIX information elements by PSAMP.
o The export of sampled data may not need all information elements
defined by the IPFIX information model. Thus a section within
this document should give an overview of flow Information Elements
defined in the IPFIX information model and their usage in the
PSAMP environment.
o The observation point is currently not covered by the IPFIX
information model. It is not clear if we should include the
observation point by ourselves or if we should wait for IPFIX to
include it in their information model. PROPOSAL: We should define
it here, either in its own Information Element, or consider it to
be a particular kind of selector.
o Insert or cross reference the following sections from IPFIX-INFO:
* 2. Properties of IPFIX Protocol Information Elements
* 2.1 Information Elements Specification Template
* 2.2 Scope of Information Elements
* 2.3 Naming Conventions for Information Elements
* 3. Type Space
* 4. Information Element Identifiers
o Verify consistency with definitions in
* draft-ietf-psamp-sample-tech-07.txt
* draft-ietf-psamp-framework-10.txt
1.3 NETFLOW v9 related
o Align the Information Elements with the information elements
currently defined in NETFLOWv9 if possible. Currently Information
Elements types 34,35 as well as 48-50 are candidates. PROPOSAL:
Retain these Information Elements as RESERVED, and create new
Information Elements for PSAMP.
1.4 PSAMP number space for Information Elements
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 6]
Internet-Draft PSAMP Information Model October 2005
o The Information Element number space is not assigned by any
directory (IANA), yet. The IPFIX Information Model [I-D.ietf-
ipfix-info] defines Information Elements 1 through 214, so we
started the PSAMP Information Element numbering from 300.
2. Introduction
Packet sampling techniques are required for various measurement
scenarios. The packet sampling (PSAMP) protocol provides mechanisms
for the packet selection using different filtering and sampling
techniques. A standard way for the export and storage of such
sampled packet data is required. The definition of the PSAMP
information and data model is based on the IP Flow Information eXport
(IPFIX) protocol [I-D.ietf-ipfix-protocol]. The PSAMP protocol
document [I-D.ietf-psamp-protocol] describes how to use the IPFIX
protocol in the PSAMP context.
This document examines the IPFIX information model [I-D.ietf-ipfix-
info] and extends it to meet the PSAMP requirements. Therefore, the
structure of this document is strongly based on the IPFIX document.
It complements the PSAMP protocol specification by providing an
appropriate PSAMP information model. The main part of this document,
section 6, defines the list of Information Elements to be transmitted
by the PSAMP protocol. Sections 5 and 4 describe the data types and
Information Element properties used within this document and their
relationship to the IPFIX information model.
The main body of section 6 was generated from a XML document. The
XML-based specification of the PSAMP Information Elements can be used
for automatically checking syntactical correctness of the
specification. Furthermore it can be used - in combination with the
IPFIX information model - for an automated code generation. The
resulting code can be used in PSAMP protocol implementations to deal
with processing PSAMP information elements.
For that reason, the XML document that served as source for section 6
is attached to this document in Appendix A.
Note that although partially generated from the attached XML
documents, the main body of this document is normative while the
appendices are informational.
3. Relationship between PSAMP and IPFIX
As described in IETF working document
draft-quittek-psamp-ipfix-01.txt [I-D.quittek-psamp-ipfix], a PSAMP
data record can be seen as a very special IPFIX flow record. It
represents an IPFIX flow containing only a single packet. Therefore,
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 7]
Internet-Draft PSAMP Information Model October 2005
the IPFIX information model can be used as a basis for PSAMP reports.
Nevertheless, there are properties required in PSAMP reports which
cannot be modelled using the current IPFIX information model. This
document describes extensions to the IPFIX model which allow the
modelling of information and data required by PSAMP.
Some of these extensions allow the export of what may be considered
sensitive information. Refer to the Security Considerations section
for a fuller discussion.
4. Properties of a PSAMP Information Element
The PSAMP Information Elements are in accordance with the definitions
of IPFIX. Therefore we do not repeat the properties in this draft.
Nevertheless, we strongly recommend to define the optional "unit"
element for every information element (if applicable).
5. Type Space
The PSAMP Information Elements MUST be constructed from the basic
data types described in the IPFIX Information Model [I-D.ietf-ipfix-
info]. To avoid duplicated work and to keep consistency between
IPFIX and PSAMP the data types are not repeated in this document.
6. The PSAMP Information Elements
This sections describes the Information Elements used by the PSAMP
exporting functions. Basically, the Information Elements described
by the IPFIX information model [I-D.ietf-ipfix-info] are used by the
PSAMP export functions where applicable. To avoid inconsistencies
between the IPFIX and the PSAMP information and data models, only
those Information Elements are defined here that are not already
described by the IPFIX information model.
6.1 PSAMP Usage of IPFIX Attributes
Some Information Elements defined by the IPFIX information model are
not needed by the PSAMP protocol. Other Information Elements have a
different meaning or usage pattern than in IPFIX. This section lists
the IPFIX Information Elements that are needed in the PSAMP context
and introduces their usage.
EDITOR NOTE: this section needs to be finished once IPFIX as well as
PSAMP info model are stable.
List of additional PSAMP Information Elements:
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 8]
Internet-Draft PSAMP Information Model October 2005
o 300 - selectorId
o 301 - selectorInputSequenceNumber
o 302 - selectorAlgorithm
o 303 -
o 304 - samplingPacketInterval
o 305 - samplingPacketSpace
o 306 - samplingTimeInterval
o 307 - samplingTimeSpace
o 308 - samplingPopulation
o 309 - samplingSize
o 310 - samplingProbabilityN
o 311 - samplingProbabilityM
o 312 -
o 313 - ipHeaderPacketSection
o 314 - ipPayloadPacketSection
o 315 - l2HeaderPacketSection
o 316 - l2PayloadPacketSection
o 317 - mplsLabelStackSection
o 318 - mplsPayloadPacketSection
o 319 - meteringProcesssId
o 320 - ObservationPointID
o 321 - pathId
o 322 -
o 323 - selectorType
o 324 - packetsObserved
o 325 - packetsSelected
o 326 - accuracy
o 327 -
o 328 -
o 329 -
6.2 Additional PSAMP Information Elements
6.2.1 selectorId
Description:
The ID of a selector. Each selector instance must have a unique
ID in the observation domain.
Abstract Data Type: unsigned16
Data Type Semantics: identifier
ElementId: 300
Status: current
6.2.2 selectorInputSequenceNumber
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 9]
Internet-Draft PSAMP Information Model October 2005
Description:
The input sequence number of a packet at a selector.
Since each use of a selector is independent, each separate
selector instance must maintain its own
selectorInputSequenceNumber.
Abstract Data Type: unsigned32
ElementId: 301
Status: current
6.2.3 selectorAlgorithm
Description:
Specifies the selector algorithm (e.g., filter, sampler, hash)
that was used on a packet. It is exported in the options data
flow record to specify how a collector has to interpret a data
flow record.
The following selector algorithms are currently defined:
* 1 Systematic count-based sampling
* 2 Systematic time-based sampling
* 3 Random n-out-of-N sampling
* 4 Uniform probabilistic sampling
* 5 Non-uniform probabilistic sampling
* 6 Non-uniform flow state sampling
* 7 Match based filtering
* 8 Hash based filtering
* 9 Router state filtering
The parameters for most of these algorithms are defined in this
information model. Some parameters - especially those for
algorithms 5, 6 and 8 are not covered by this information model
since they depend very much on the underlying hardware.
Currently there are no hash functions defined.
EDITOR'S NOTE: This list may extend to the final version. The
"octet" data type is probably not the best choice but keeps the
list extensible.
Abstract Data Type: octet
Data Type Semantics: identifier
ElementId: 302
Status: current
6.2.4 samplingPacketInterval
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 10]
Internet-Draft PSAMP Information Model October 2005
Description:
Number of packets that are consecutively sampled. For example a
value of 100 means that 100 contiguous packets are sampled.
This information element is used for the systematic count-based
sampling.
Abstract Data Type: unsigned32
ElementId: 304
Status: current
Units: packets
6.2.5 samplingPacketSpace
Description:
The number of packets between two "samplingPacketInterval"s. A
value of 100 means that the next interval starts after 100 packets
(which are not sampled) when the current "samplingPacketInterval"
is over.
This information element is used for the systematic count-based
sampling.
Abstract Data Type: unsigned32
ElementId: 305
Status: current
Units: packets
6.2.6 samplingTimeInterval
Description:
Time interval in microseconds in which all arriving packets are
sampled.
This information element is used for the systematic time-based
sampling.
Abstract Data Type: dateTimeMicroSeconds
ElementId: 306
Status: current
Units: microseconds
6.2.7 samplingTimeSpace
Description:
The time interval in microseconds between two
"samplingTimeInterval"s. A value of 100 would mean that the next
interval would start after 100 microseconds (in which no packets
are sampled) when the current "samplingTimeInterval" is over.
This information element is used for the systematic time-based
sampling.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 11]
Internet-Draft PSAMP Information Model October 2005
Abstract Data Type: dateTimeMicroSeconds
ElementId: 307
Status: current
Units: microseconds
6.2.8 samplingPopulation
Description:
The number of elements in the parent population for random
sampling algorithms.
This information element is used for the random n-out-of-N
sampling algorithm.
Abstract Data Type: unsigned32
ElementId: 308
Status: current
Units: packets
6.2.9 samplingSize
Description:
The number of elements taken from the parent population for random
sampling algorithms.
This information element is used for the random n-out-of-N
sampling algorithm.
Abstract Data Type: unsigned32
ElementId: 309
Status: current
Units: packets
6.2.10 samplingProbabilityN
Description:
The probability that a packet is sampled. The probability is
equal for every packet. The sampling probability is
samplingProbabilityN / samplingProbabilityM. A value of 0 means
no packet was sampled (probability is 0). Any other value is
meaningless without a samplingProbabilityM.
This information element is used for the uniform probabilistic
sampling algorithm.
Abstract Data Type: unsigned32
ElementId: 310
Status: current
6.2.11 samplingProbabilityM
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 12]
Internet-Draft PSAMP Information Model October 2005
Description:
The probability that a packet is sampled. The probability is
equal for every packet. The sampling probability is
samplingProbabilityN / samplingProbabilityM. Any value is
meaningless without a samplingProbabilityN. The value MUST NOT be
zero and MUST NOT be greater than samplingProbabilityN.
This information element is used for the uniform probabilistic
sampling algorithm.
Abstract Data Type: unsigned32
ElementId: 311
Status: current
6.2.12 ipHeaderPacketSection
Description:
This information element carries the first n octets from the IP
header of a sampled packet. If insufficient octets are available,
the remainder of the data should be zero-filled and an additional
information element sent (e.g., ipPayloadLength) indicating how
much of the data is valid.
Abstract Data Type: octetArray
ElementId: 313
Status: current
6.2.13 ipPayloadPacketSection
Description:
This information element carries the first n octets from the IP
payload of a sampled packet. If insufficient octets are
available, the remainder of the data should be zero-filled and an
additional information element sent (e.g., ipPayloadLength)
indicating how much of the data is valid.
The IPv4 payload is that part of the packet which follows the IPv4
header and any options, which RFC 791 refers to as "data" or "data
octets". e.g., see the examples in RFC 791 APPENDIX A.
Abstract Data Type: octetArray
ElementId: 314
Status: current
6.2.14 l2HeaderPacketSection
Description:
This information element carries the first n octets from the layer
2 header of a sampled packet.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 13]
Internet-Draft PSAMP Information Model October 2005
EDITOR'S NOTE: TODO.
Abstract Data Type: octetArray
ElementId: 315
Status: current
6.2.15 l2PayloadPacketSection
Description:
This information element carries the first n octets from the layer
2 payload of a sampled packet.
EDITOR'S NOTE: TODO.
Abstract Data Type: octetArray
ElementId: 316
Status: current
6.2.16 mplsLabelStackSection
Description:
This information element carries the first n octets from the MPLS
label stack of a sampled packet. See RFC 3031 for the
specification of MPLS packets. See RFC 3032 for the specification
of the MPLS label stack.
EDITOR'S NOTE: TODO.
Abstract Data Type: octetArray
ElementId: 317
Status: current
6.2.17 mplsPayloadPacketSection
Description:
This information element carries the first n octets from the MPLS
payload of a sampled packet, being data that follows immediately
after the MPLS label stack. See RFC 3031 for the specification of
MPLS packets. See RFC 3032 for the specification of the MPLS
label stack.
EDITOR'S NOTE: TODO.
Abstract Data Type: octetArray
ElementId: 318
Status: current
6.2.18 meteringProcesssId
Description:
ID of the metering process. Unique in the observation domain.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 14]
Internet-Draft PSAMP Information Model October 2005
Abstract Data Type: octet
ElementId: 319
Status: current
6.2.19 observationPointId
Description:
ID of the observation process. Unique in the observation domain.
Abstract Data Type: octet
ElementId: 320
Status: current
6.2.20 associationsId
Description:
ID of the associations. Unique in the observation domain.
Abstract Data Type: octet
ElementId: 321
Status: current
6.2.21 selectorType
Description:
Type of a selector. Unique in the observation domain.
Abstract Data Type: octet
ElementId: 323
Status: current
6.2.22 packetsObserved
Description:
Number of packets observed by a selector.
Abstract Data Type: octet
ElementId: 324
Status: current
6.2.23 packetsSelected
Description:
Number of packets selected by a selector.
Abstract Data Type: octet
ElementId: 325
Status: current
6.2.24 accuracy
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 15]
Internet-Draft PSAMP Information Model October 2005
Description:
Describes the accuracy of a selector.
Abstract Data Type: octet
ElementId: 326
Status: current
7. Security Considerations
The PSAMP information model itself does not directly introduce
security issues. Rather it defines a set of attributes which may for
privacy or business issues be considered sensitive information.
Specifically, the Information Elements pertaining to packet sections
MUST target no more than the packet header, some subsequent bytes of
the packet, and encapsulating headers if present. Full packet
capture of arbitrary packet streams is explicitly out of scope, per
RFC 2804 and the PSAMP WG charter.
The underlying protocol used to exchange the information described
here must therefore apply appropriate procedures to guarantee the
integrity and confidentiality of the exported information. Such
protocols are defined in separate documents, specifically the IPFIX
protocol document [I-D.ietf-ipfix-protocol].
8. IANA Considerations
This document defines an initial set of PSAMP Information Elements,
as an extension to the IPFIX Information Elements [IPFIX-INFO]. New
assignments for PSAMP Information Elements will be administered
according to rules explained in the "IANA Consideration" section of
the IPFIX Information Model document [IPFIX-INFO]. Note that the
PSAMP Information Element IDs were initially started at the value
300, in order to leave a gap for any ongoing IPFIX work requiring new
Information Elements. It is expected that this gap in the
Information Element numbering will be filled in by IANA with new
IPFIX Information Elements. Appendix B defines an XML schema which
may be used to create consistent machine readable extensions to the
IPFIX information model. This schema introduces a new namespace,
which will be assigned by IANA according to RFC 3688.
9. References
9.1 Normative References
[I-D.ietf-psamp-sample-tech]
Zseby, T., Molina, M., Raspall, F., and N. Duffield,
"Sampling and Filtering Techniques for IP Packet
Selection", draft-ietf-psamp-sample-tech-07 (work in
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 16]
Internet-Draft PSAMP Information Model October 2005
progress), July 2005.
[I-D.ietf-psamp-protocol]
Claise, B., "Packet Sampling (PSAMP) Protocol
Specifications", draft-ietf-psamp-protocol-01 (work in
progress), February 2004.
[I-D.ietf-psamp-mib]
Dietz, T., "Definitions of Managed Objects for Packet
Sampling", draft-ietf-psamp-mib-02 (work in progress),
February 2004.
[I-D.ietf-ipfix-reqs]
Quittek, J., "Requirements for IP Flow Information
Export", draft-ietf-ipfix-reqs-16 (work in progress),
June 2004.
[I-D.ietf-ipfix-info]
Calato, P., "Information Model for IP Flow Information
Export", draft-ietf-ipfix-info-03 (work in progress),
February 2004.
[I-D.ietf-ipfix-protocol]
Claise, B., "IPFIX Protocol Specifications",
draft-ietf-ipfix-protocol-03 (work in progress),
February 2004.
9.2 Informative References
[I-D.ietf-ipfix-architecture]
Norseth, K. and G. Sadasivan, "Architecture Model for IP
Flow Information Export", draft-ietf-ipfix-architecture-02
(work in progress), June 2002.
[I-D.ietf-psamp-framework]
Duffield, N., "A Framework for Passive Packet
Measurement", draft-ietf-psamp-framework-05 (work in
progress), January 2004.
[I-D.quittek-psamp-ipfix]
Quittek, J. and B. Claise, "On the Relationship between
PSAMP and IPFIX", draft-quittek-psamp-ipfix-01 (work in
progress), March 2003.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999.
[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 17]
Internet-Draft PSAMP Information Model October 2005
Information Models and Data Models", RFC 3444,
January 2003.
[RFC3470] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for
the Use of Extensible Markup Language (XML) within IETF
Protocols", BCP 70, RFC 3470, January 2003.
Authors' Addresses
Thomas Dietz
NEC Europe Ltd.
Network Laboratories
Kurfuersten-Anlage 36
Heidelberg 69115
Germany
Phone: +49 6221 90511-28
Email: dietz@netlab.nec.de
URI: http://www.netlab.nec.de/
Falko Dressler
University of Erlangen-Nuremberg
Dept. of Computer Sciences
Martensstr. 3
Erlangen 91058
Germany
Phone: +49 9131 85-27914
Email: dressler@informatik.uni-erlangen.de
URI: http://www7.informatik.uni-erlangen.de/~dressler
Georg Carle
University of Tuebingen
Wilhelm-Schickard-Institute for Computer Science
Auf der Morgenstelle 10C
Tuebingen 71076
Germany
Phone: +49 7071 29-70505
Email: carle@informatik.uni-tuebingen.de
URI: http://net.informatik.uni-tuebingen.de/~carle/
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 18]
Internet-Draft PSAMP Information Model October 2005
Benoit Claise
Cisco Systems
De Kleetlaan 6a b1
Degem 1813
Belgium
Phone: +32 2 704 5622
Email: bclaise@cisco.com
Paul Aitken
Cisco Systems
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3616
Email: paitken@cisco.com
URI: http://www.cisco.com/
Appendix A. Formal Specification of PSAMP Information Elements
This appendix contains a formal description of the PSAMP information
model XML document. Note that this appendix is of informational
nature, while the text in section Section 6 generated from this
appendix is normative.
Using a formal and machine readable syntax for the information model
enables the creation of PSAMP aware tools which can automatically
adapt to extensions to the information model, by simply reading
updated information model specifications.
The wide availability of XML aware tools and libraries for client
devices is a primary consideration for this choice. In particular
libraries for parsing XML documents are readily available. Also
mechanisms such as the Extensible Stylesheet Language (XSL) allow for
transforming a source XML document into other documents. This draft
was authored in XML and transformed according to RFC2629.
It should be noted that the use of XML in exporters, collectors or
other tools is not mandatory for the deployment of PSAMP. In
particular, exporting processes do not produce or consume XML as part
of their operation. It is expected that PSAMP collectors MAY take
advantage of the machine readability of the information model vs.
hardcoding their behavior or inventing proprietary means for
accommodating extensions.
Using XML-based specifications does not currently address possible
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 19]
Internet-Draft PSAMP Information Model October 2005
IANA implications associated with XML Namespace URIs. The use of
Namespaces as an extension mechanism implies that an IANA registered
Namespace URI should be available and that directory names below this
base URI be assigned for relevant IETF specifications. The authors
are not aware of this mechanism today.
<?xml version="1.0" encoding="UTF-8"?>
<fieldDefinitions><!-- xmlns="http://www.ietf.org/ipfix"-->
<field name="selectorId" dataType="unsigned16"
dataTypeSemantics="identifier"
fieldId="300" applicability="data" status="current"
group="common">
<description>
<paragraph>
The ID of a selector. Each selector instance
must have a unique ID in the observation domain.
</paragraph>
</description>
</field>
<field name="selectorInputSequenceNumber" dataType="unsigned32"
fieldId="301" applicability="data" status="current"
group="common">
<description>
<paragraph>
The input sequence number of a packet at a selector.
</paragraph>
<paragraph>
Since each use of a selector is independent, each separate
selector instance must maintain its own
selectorInputSequenceNumber.
</paragraph>
</description>
</field>
<field name="selectorAlgorithm" dataType="octet"
dataTypeSemantics="identifier"
fieldId="302" applicability="option" status="current"
group="common">
<description>
<paragraph>
Specifies the selector algorithm (e.g., filter, sampler,
hash) that was used on a packet.
It is exported in the options data flow record to specify
how a collector has to interpret a data flow record.
</paragraph>
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 20]
Internet-Draft PSAMP Information Model October 2005
<paragraph>
</paragraph>
<paragraph>
The following selector algorithms are currently defined:
</paragraph>
<itemlist>
<item>1 Systematic count-based sampling</item>
<item>2 Systematic time-based sampling</item>
<item>3 Random n-out-of-N sampling</item>
<item>4 Uniform probabilistic sampling</item>
<item>5 Non-uniform probabilistic sampling</item>
<item>6 Non-uniform flow state sampling</item>
<item>7 Match based filtering</item>
<item>8 Hash based filtering</item>
<item>9 Router state filtering</item>
</itemlist>
<paragraph>
</paragraph>
<paragraph>
The parameters for most of these algorithms
are defined in this information model. Some parameters -
especially those for algorithms 5, 6 and 8
are not covered by this information model since they depend
very much on the underlying hardware.
</paragraph>
<paragraph>
Currently there are no hash functions defined.
</paragraph>
<paragraph>
</paragraph>
<paragraph>
EDITOR'S NOTE: This list may extend to the final
version. The "octet" data type is probably not the best
choice but keeps the list extensible.
</paragraph>
</description>
</field>
<field name="samplingPacketInterval" dataType="unsigned32"
fieldId="304" applicability="option" status="current"
group="common">
<description>
<paragraph>
Number of packets that are consecutively sampled.
For example a value of 100 means that 100 contiguous
packets are sampled.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 21]
Internet-Draft PSAMP Information Model October 2005
</paragraph>
<paragraph>
This information element is used for the systematic
count-based sampling.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingPacketSpace" dataType="unsigned32"
fieldId="305" applicability="option" status="current"
group="common">
<description>
<paragraph>
The number of packets between two
"samplingPacketInterval"s. A value of 100 means that the
next interval starts after 100 packets (which are not
sampled) when the current "samplingPacketInterval" is over.
</paragraph>
<paragraph>
This information element is used for the systematic
count-based sampling.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingTimeInterval" dataType="dateTimeMicroSeconds"
fieldId="306" applicability="option" status="current"
group="common">
<description>
<paragraph>
Time interval in microseconds in which all arriving
packets are sampled.
</paragraph>
<paragraph>
This information element is used for the systematic
time-based sampling.
</paragraph>
</description>
<units>microseconds</units>
</field>
<field name="samplingTimeSpace" dataType="dateTimeMicroSeconds"
fieldId="307" applicability="option" status="current"
group="common">
<description>
<paragraph>
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 22]
Internet-Draft PSAMP Information Model October 2005
The time interval in microseconds between two
"samplingTimeInterval"s. A value of 100 would mean that the
next interval would start after 100 microseconds (in which no
packets are sampled) when the current "samplingTimeInterval"
is over.
</paragraph>
<paragraph>
This information element is used for the systematic
time-based sampling.
</paragraph>
</description>
<units>microseconds</units>
</field>
<field name="samplingPopulation" dataType="unsigned32"
fieldId="308" applicability="option" status="current"
group="common">
<description>
<paragraph>
The number of elements in the parent population
for random sampling algorithms.
</paragraph>
<paragraph>
This information element is used for the random
n-out-of-N sampling algorithm.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingSize" dataType="unsigned32"
fieldId="309" applicability="option" status="current"
group="common">
<description>
<paragraph>
The number of elements taken from the parent
population for random sampling algorithms.
</paragraph>
<paragraph>
This information element is used for the random
n-out-of-N sampling algorithm.
</paragraph>
</description>
<units>packets</units>
</field>
<field name="samplingProbabilityN" dataType="unsigned32"
fieldId="310" applicability="option" status="current"
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 23]
Internet-Draft PSAMP Information Model October 2005
group="common">
<description>
<paragraph>
The probability that a packet is sampled.
The probability is equal for every packet.
The sampling probability is samplingProbabilityN /
samplingProbabilityM.
A value of 0 means no packet was sampled
(probability is 0).
Any other value is meaningless without
a samplingProbabilityM.
</paragraph>
<paragraph>
This information element is used for the uniform
probabilistic sampling algorithm.
</paragraph>
</description>
</field>
<field name="samplingProbabilityM" dataType="unsigned32"
fieldId="311" applicability="option" status="current"
group="common">
<description>
<paragraph>
The probability that a packet is sampled.
The probability is equal for every packet.
The sampling probability is samplingProbabilityN /
samplingProbabilityM.
Any value is meaningless without a samplingProbabilityN.
The value MUST NOT be zero and MUST NOT be greater than
samplingProbabilityN.
</paragraph>
<paragraph>
This information element is used for the uniform
probabilistic sampling algorithm.
</paragraph>
</description>
</field>
<field name="ipHeaderPacketSection" dataType="octetArray"
fieldId="313" applicability="data" status="current"
group="common">
<description>
<paragraph>
This information element carries the first n octets
from the IP header of a sampled packet.
If insufficient octets are available, the remainder of the
data should be zero-filled and an additional information
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 24]
Internet-Draft PSAMP Information Model October 2005
element sent (e.g., ipPayloadLength) indicating how much of
the data is valid.
</paragraph>
<paragraph>
</paragraph>
</description>
</field>
<field name="ipPayloadPacketSection" dataType="octetArray"
fieldId="314" applicability="data" status="current"
group="common">
<description>
<paragraph>
This information element carries the first n octets
from the IP payload of a sampled packet.
If insufficient octets are available, the remainder of the
data should be zero-filled and an additional information
element sent (e.g., ipPayloadLength) indicating how much of
the data is valid.
</paragraph>
<paragraph>
The IPv4 payload is that part of the packet which follows the
IPv4 header and any options, which RFC 791 refers to as
"data" or "data octets".
e.g., see the examples in RFC 791 APPENDIX A.
</paragraph>
</description>
</field>
<field name="l2HeaderPacketSection" dataType="octetArray"
fieldId="315" applicability="data" status="current"
group="common">
<description>
<paragraph>
This information element carries the first n octets
from the layer 2 header of a sampled packet.
</paragraph>
<paragraph>
EDITOR'S NOTE: TODO.
</paragraph>
</description>
</field>
<field name="l2PayloadPacketSection" dataType="octetArray"
fieldId="316" applicability="data" status="current"
group="common">
<description>
<paragraph>
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 25]
Internet-Draft PSAMP Information Model October 2005
This information element carries the first n octets
from the layer 2 payload of a sampled packet.
</paragraph>
<paragraph>
EDITOR'S NOTE: TODO.
</paragraph>
</description>
</field>
<field name="mplsLabelStackSection" dataType="octetArray"
fieldId="317" applicability="data" status="current"
group="common">
<description>
<paragraph>
This information element carries the first n octets
from the MPLS label stack of a sampled packet.
See RFC 3031 for the specification of MPLS packets.
See RFC 3032 for the specification of the MPLS label stack.
</paragraph>
<paragraph>
EDITOR'S NOTE: TODO.
</paragraph>
</description>
</field>
<field name="mplsPayloadPacketSection" dataType="octetArray"
fieldId="318" applicability="data" status="current"
group="common">
<description>
<paragraph>
This information element carries the first n octets
from the MPLS payload of a sampled packet, being data
that follows immediately after the MPLS label stack.
See RFC 3031 for the specification of MPLS packets.
See RFC 3032 for the specification of the MPLS label stack.
</paragraph>
<paragraph>
EDITOR'S NOTE: TODO.
</paragraph>
</description>
</field>
<field name="meteringProcesssId" dataType="octet"
fieldId="319" applicability="data" status="current"
group="common">
<description>
<paragraph>
ID of the metering process.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 26]
Internet-Draft PSAMP Information Model October 2005
Unique in the observation domain.
</paragraph>
</description>
</field>
<field name="observationPointId" dataType="octet"
fieldId="320" applicability="data" status="current"
group="common">
<description>
<paragraph>
ID of the observation process.
Unique in the observation domain.
</paragraph>
</description>
</field>
<field name="associationsId" dataType="octet"
fieldId="321" applicability="data" status="current"
group="common">
<description>
<paragraph>
ID of the associations.
Unique in the observation domain.
</paragraph>
</description>
</field>
<field name="selectorType" dataType="octet"
fieldId="323" applicability="data" status="current"
group="common">
<description>
<paragraph>
Type of a selector.
Unique in the observation domain.
</paragraph>
</description>
</field>
<field name="packetsObserved" dataType="octet"
fieldId="324" applicability="data" status="current"
group="common">
<description>
<paragraph>
Number of packets observed by a selector.
</paragraph>
</description>
</field>
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 27]
Internet-Draft PSAMP Information Model October 2005
<field name="packetsSelected" dataType="octet"
fieldId="325" applicability="data" status="current"
group="common">
<description>
<paragraph>
Number of packets selected by a selector.
</paragraph>
</description>
</field>
<field name="accuracy" dataType="octet"
fieldId="326" applicability="data" status="current"
group="common">
<description>
<paragraph>
Describes the accuracy of a selector.
</paragraph>
</description>
</field>
</fieldDefinitions>
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 28]
Internet-Draft PSAMP Information Model October 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Dietz, et al. draft-ietf-psamp-info-03.txt [Page 29]
| PAFTECH AB 2003-2026 | 2026-04-22 17:55:35 |