One document matched: draft-ietf-psamp-protocol-00.txt
PSAMP working group
Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-00.txt Cisco Systems
Expires: April 2003 Otcober 2003
Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of
six months and may be updated, replaced, or obsolete by other
documents at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document specifies the export of packet information from a
PSAMP exporting process to a PSAMP colleting process. For export of
packet information the IP Flow Information eXport (IPFIX) protocol
is used. It is shown that The IPFIX protocol is well suited for this
purpose, because the IPFIX architecture matches the PSAMP
architecture very well and the means provided by the IPFIX protocol
are sufficient. The document specifies in detail how the IPFIX
protocol is used for PSAMP export of packet information.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
Claise, et. al Standard Track [Page 1]
PSAMP Protocol Specifications October 2003
Table of Contents
1. Open Issues.................................................2
2. Introduction................................................2
3. Terminology.................................................3
4. Relationship between PSAMP and IPFIX........................3
4.1 IPFIX Overview............................................3
4.2 IPFIX and PSAMP Differences and Similarities..............4
4.2.1 Export Point of View....................................4
4.2.2 Information Model Point of View.........................4
5. Using IPFIX for PSAMP.......................................5
5.1 High Level View of the Integration........................5
5.2 Partial or Entire IPFIX Protocol Specifications Support...6
6. PSAMP Requirements versus the IPFIX Solution................6
6.1 IPFIX Solution for the PSAMP Requirements.................7
7. Low Level View of the Integration...........................9
7.1 Sampling Case, PSAMP Base Level of Functionality..........9
7.1.1 Example................................................10
7.2 Sampling Case............................................10
7.2.1 Example................................................11
7.3 Filtering Case...........................................11
7.3.1 Example................................................11
8. Security Considerations....................................12
9. References.................................................12
10. Acknowledgments...........................................12
11. AuthorsĘ Addresses........................................13
1. Open Issues
This section covers the open issues, still to be resolved/updated in
this draft:
- For section 6 "PSAMP requirements versus the IPFIX solution",
check if there are any other requirements in the [PSAMP-FRAMEWORK].
2. Introduction
The packet sampling (PSAMP) Working Group and the IP flow
information export (IPFIX) Working Group both aim at standardizing
technology for observing traffic from network devices and for
exporting some part of the observation. Also, both Working Groups
consider packet sampling as a component of their technology. While
for the IPFIX Working Group packet sampling is just one out of many
components considered, it is the focus of the PSAMP Working Group.
The PSAMP Working Group has agreed to use the IPFIX reporting
protocol if it's suitable for the PSAMP requirements. Therefore, a
Claise, et. al Standard Track [Page 2]
PSAMP Protocol Specifications October 2003
detailed analysis on the IPFIX protocol needs to be done and if
IPFIX is not suitable, then the reason should be stated exactly.
This document evaluates if the IPFIX protocol specifications could
fit the export format requirements for PSAMP device, how PSAMP could
use the IPFIX protocol, and whether the part of or the full IPFIX
protocol specifications are actually required. As we will conclude
that the IPFIX protocol is suitable as export protocol for PSAMP,
this document finally specifies in details how to use IPFIX.
3. Terminology
To be copied in from [PSAMP-FRAMEWORK4].
4. Relationship between PSAMP and IPFIX
4.1 IPFIX Overview
The output of the IPFIX working group relevant for this draft, is
structured into three documents:
- IP flow information architecture [IPFIX-ARCH]
- IPFIX Protocol Specifications [IPFIX-PROTO]
- IP flow information export information model [IPFIX-INFO]
This table will help summarizing the IPFIX protocol specifications
[IPFIX-PROTO].
FlowSet Template Record Data Record
+----------------------------------------------------------------+
| | | Flow Data Record(s) |
| Data FlowSet | / | or |
| | | Options Data Record(s) |
+----------------------------------------------------------------+
| Template FlowSet | Template Record(s) | / |
+----------------------------------------------------------------+
| Options Template | Options Template | / |
| FlowSet | Record(s) | |
+----------------------------------------------------------------+
A Data FlowSet is composed of an Options Data Record(s) or Flow Data
Record(s); no Template Record is included.
The Flow Data Record is linked to a Template Record, and the Options
Data Record is linked to an Options Template Record.
Claise, et. al Standard Track [Page 3]
PSAMP Protocol Specifications October 2003
A Template FlowSet is composed of Template Record(s); no Flow or
Options Data Record is included.
An Options Template FlowSet is composed of Options Template
Record(s); no Flow or Options Data Record is included. The Options
Template Record (and its corresponding Options Data Record) is used
to supply information about the metering process configuration or
specific data, rather than supplying information about IP flows.
The Options Data Records are sent on a regular basis, but not with
every Flow Data Record.
4.2 IPFIX and PSAMP Differences and Similarities
IPFIX achieves data reduction by aggregating per-packet IP layer
information into flow records. IPFIX produces and exports flow
records containing information per flow. This information is created
based on the observation of a potentially large number of packets.
In contrast, PSAMP achieves data reduction by reducing the packet
population via sampling. PSAMP generates and exports information per
packet. For more details please see the [PSAMP-FRAMEWORK] and
[PSAMP-SAMPLE-TECH].
4.2.1 Export Point of View
From a pure export point of view, IPFIX will not distinguish a flow
record composed of several packets aggregated together, from a flow
record composed of a single packet.
As a conclusion, the PSAMP export can be seen as special IPFIX flow
record containing information about a single packet.
PSAMP doesn't have the notion of flow. But in order to avoid any
duplication in the terminology and as a consequence a redefinition
of the IPFIX protocol specifications, the IPFIX terminology [IPFIX-
PROTO] is kept unchanged, even if some obvious pointers to the
notion of flow is made. For example: Flow Data Record, FlowSet,
etc...
4.2.2 Information Model Point of View
On one hand, the IPFIX export probably contains data types like
source IP address, destination IP address, ToS, etc. Refer to
Claise, et. al Standard Track [Page 4]
PSAMP Protocol Specifications October 2003
[IPFIX-INFO] for more details. On the other hand, the PSAMP export
contains only the packet fragment in the base level of
functionality. Refer to [PSAMP-INFO] for more details.
As the templates are flexible, IPFIX will not distinguish from a
export point of view a flow record composed of several data types,
from a flow record composed of just a few data types (for example:
the packet fragment and the selector ID).
The information model data types exported in an IPFIX device and a
PSAMP device are not completely different but most of the time
overlapping. Note that, according to [PSAMP-FRAMEWORK] section 5.2
"Recommended Contents for Packet Reports", the PSAMP reporting
process SHOULD also report fields relating to the protocols used in
the packets, to the packet treatment and to the selection state
associated with the packet.
Thus the PSAMP reporting process will not limit itself to the export
the data types defined in [PSAMP-INFO], and can benefit from the
data types already defined in [IPFIX-INFO].
From the IPFIX point of view, the new PSAMP information model will
augment the data types that could be exported; for example, the hash
value, the selector ID or the packet-sampled. If a IPFIX metering
process create some flow records by sampling some packets, and if
both the IPFIX and PSAMP specifications are implemented on the
device, the IPFIX flow records could be augmented with extra data
types like the selector ID, the selector ID parameters, etc.
As the PSAMP information model is basically an extension to the
IPFIX information model, a formal process must be in place for the
addition of data types. The draft draft-bryant-ipfix-vendor-ie-00.tx
(not yet out) discusses some possibilities.
5. Using IPFIX for PSAMP
5.1 High Level View of the Integration
The Template Record in the Template FlowSet is used to describe the
different PSAMP data types that will be exported to the Collector.
The Collector decodes the Template FlowSet and knows which data
types to expect when it receives the Flow Data Records in the Data
FlowSet, i.e. the PSAMP Packet Reports. Typically, in the base level
Claise, et. al Standard Track [Page 5]
PSAMP Protocol Specifications October 2003
of the PSAMP functionality, the Template FlowSet will contain the
input sequence number, the packet fragment (some number of
contiguous bytes from the start of the packet) and the selector ID.
The Options Template Record in the Options Template FlowSet is used
to describe the different PSAMP data types that concern the metering
process itself: sampling and/or filtering functions, plus the
associated parameters. The Collector decodes the Options Template
FlowSet and knows which data types to expect when it receives the
Options Data Records in the Data FlowSet, i.e. the PSAMP Report
Interpretation. Typically, the Options Template would contain the
Selector ID, the sampling or filtering functions, and the sampling
or filtering associated parameters.
5.2 Partial or Entire IPFIX Protocol Specifications Support
The "High level view of the integration" section 5.1 concludes that
PSAMP requires all the different possibilities of the IPFIX protocol
specifications [IPFIX-PROTO]. That is the 3 types of FlowSet (Data
FlowSet, Template FlowSet and Options Templates FlowSet), the 2
types of Templates Records (Template Record and Options Template
Record), and the 2 types of Data Record (Flow Data Record, Options
Data Record), as described again in the table below.
FlowSet Template Record Data Record
+----------------------------------------------------------------+
| | | Flow Data Record(s) |
| Data FlowSet | / | or |
| | | Options Data Record(s) |
+----------------------------------------------------------------+
| Template FlowSet | Template Record(s) | / |
+----------------------------------------------------------------+
| Options Template | Options Template | / |
| FlowSet | Record(s) | |
+----------------------------------------------------------------+
As a consequence, PSAMP can't rely on a subset of the IPFIX protocol
specifications are described in [IPFIX-PROTO]. The entire IPFIX
protocol specifications MUST be implemented for the PSAMP export.
6. PSAMP Requirements versus the IPFIX Solution
Claise, et. al Standard Track [Page 6]
PSAMP Protocol Specifications October 2003
[PSAMP-FRAMEWORK] describes some requirements that affect directly
the export protocol. Refer to the following sections:
section 3.2 "Reporting Process Requirements"
section 3.3 "Exporting Process Requirements"
section 5 "Reporting Process"
[PSAMP-FRAMEWORK] also describes in the section 3.1 one requirement
that, if not directly related to the export protocol, will put some
constraints on it:
Selection Process Requirements:
- Parallel Measurements: multiple independent measurement
processes at the same entity."
[PSAMP-FRAMEWORK] finally describes in the section 5 some
requirements regarding the reporting process. This series of
requirements specifies the different data types that MUST and SHOULD
reported to the collector. Nevertheless IPFIX, being a generic
export protocol, can export any data types as long as there are
described in the information model. So these requirements are mainly
targeted for the [PSAMP-INFO] document.
6.1 IPFIX Solution for the PSAMP Requirements
Let's address the PSAMP requirements one by one.
* Parallel Measurements: multiple independent measurement processes
at the same entity. Refer to [PSAMP-FRAMEWORK] section 3.1 "Selection
Process Requirements".
This requirement is addressed by exporting the Selector ID data type
in every packet report, so part of every Flow Data Records. Note that
without this requirement, exporting the Scope [IPFIX-PROTO] part of
every single packet report could have been sufficient.
* Transparency: allow transparent interpretation of measurements as
communicated by PSAMP reporting, without any need to obtain
additional information concerning the observed packet stream. Refer
to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process Requirements".
This requirement is addressed by exporting the Selector ID in every
Flow Data Records (packet report) and exporting the associated
SAMPLING_ALGORITHM and SAMPLING PARAMETERS in the Options Data Record
Claise, et. al Standard Track [Page 7]
PSAMP Protocol Specifications October 2003
(packet interpretation). So the all the metering process parameters
are linked to the Flow Data Records.
* Robustness to Information Loss: allow robust interpretation of
measurements with respect to reports missing due to data loss, e.g.
in transport, or within the measurement, reporting or exporting
processes. Inclusion in reporting of information that enables the
accuracy of measurements to be determined. Refer to [PSAMP-FRAMEWORK]
section 3.2 "Reporting Process Requirements".
An Options Templates MUST be sent on regular basis. This Options
Template contains for example the total number of packet report
exported from the PSAMP device, the total number of packet observed,
etc... Thus the Collector can compare the number of packet report
received per selector ID with the number actually metered and/or
sent. In case of discrepancy, a new sampling rate could be computed.
* Faithfulness: all reported quantities that relate to the packet
treatment MUST reflect the router state and configuration encountered
by the packet at the time it is received by the measurement process.
Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting Process
Requirements".
This requirement doesn't concern the export protocol itself but the
metering process, even if described in the "Reporting Process
Requirements" section.
* Privacy: selection of the content of packet reports will be
cognizant of privacy and anonymity issues while being responsive to
the needs of measurement applications, and in accordance with RFC
2804. Full packet capture of arbitrary packet streams is explicitly
out of scope. Refer to [PSAMP-FRAMEWORK] section 3.2 "Reporting
Process Requirements".
This requirement doesn't concern the export protocol itself, even if
described in the "Reporting Process Requirements" section.
* Timeliness: reports on selected packets MUST be made available to
the collector quickly enough to support near real time applications.
Specifically, any report on a packet MUST be dispatched within 1
second of the time of receipt of the packet by the measurement
process. Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
Requirements".
Claise, et. al Standard Track [Page 8]
PSAMP Protocol Specifications October 2003
The IPFIX protocol specifications [IPFIX-PROTO] describe an
inactivity timeout for the flow expiration. This inactivity timeout
is configurable, with a minimum value of 0 for immediate expiration.
Note that this minimum value of 0 will force every single Flow Data
Record to contain information about a single packet and not an
aggregation of packets.
* Congestion Avoidance: export of a report stream across a network
MUST be congestion avoiding in compliance with RFC 2914. Refer to
[PSAMP-FRAMEWORK] section 3.3 "Export Process Requirements".
IPFIX, by its charter, MUST also respect this requirement.
* Secure Export:
- confidentiality: the option to encrypt exported data MUST be
provided.
- integrity: alterations in transit to exported data MUST be
detectable at the collector
- authenticity: authenticity of exported data MUST be verifiable
by the collector in order to detect forged data.
The motivation here is the same as for security in IPFIX export.
Refer to [PSAMP-FRAMEWORK] section 3.3 "Export Process
Requirements".
7. Low Level View of the Integration
7.1 Sampling Case, PSAMP Base Level of Functionality
EDITORĘS NOTE: LET'S ASSUME THAT THE [PSAMP-INFO] DEFINES THE
FOLLOWING DATA TYPES
SEQUENCE-NUMBER: the input sequence number,
PACKET-SAMPLE: some number of contiguous bytes from the start
of the packet
SELECTOR-ID:
SAMPLING-ALGORITHM:
SAMPLING-PARAMETER1, SAMPLING-PARAMETERS2, ETC...
As described in the section 5.1 "Mandatory Contents of Packet
Reports" of [PSAMP-FRAMEWORK], the packet reports must contain:
- the input sequence number(s), denoted the SEQUENCE-NUMBER in
[PSAMP-INFO]
Claise, et. al Standard Track [Page 9]
PSAMP Protocol Specifications October 2003
- some number of contiguous bytes from the start of the packet,
denoted the PACKET-SAMPLE in [PSAMP-INFO].
Thus the Template FlowSet defines a Template Record composed of
SEQUENCE-NUMBER, PACKET-SAMPLE and SELECTOR-ID.
The report interpretation must contain:
- the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO]
- the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING-
PARAMETER2, etc... in [PSAMP-INFO]
The Options Template FlowSet defines a Options Template Record
composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
Finally the Data FlowSet is used to export the Flow Data Record(s)
containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and
SELECTOR-ID. The Data FlowSet is also used to export the
Options Data Record(s) containing the real values of SELECTOR-ID,
SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
By means of the SELECTOR-ID, the Collector can link any Flow Data
Record to the corresponding Options Data Record. That is, any Flow
Data Record to the metering process funtion and parameters.
7.1.1 Example
EDITORĘS THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF [IPFIX-
PROTO].
THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
7.2 Sampling Case
The PSAMP reporting process SHOULD also report fields relating to
the protocols used in the packets, to the packet treatment and to
the selection state associated with the packet, as specified in
[PSAMP-FRAMEWORK] section 5.2 "Recommended Contents for Packet
Reports".
Let's take the same example as in the section 7.1, but let's add the
export of the destination BGP Autonomous System (AS) [1771] and of
the input interface
The packet reports MUST contain:
- the input sequence number(s), denoted the SEQUENCE-NUMBER in
[PSAMP-INFO]
Claise, et. al Standard Track [Page 10]
PSAMP Protocol Specifications October 2003
- some number of contiguous bytes from the start of the packet,
denoted the PACKET-SAMPLE in [PSAMP-INFO]
- the destination BGP AS , denoted destinationAS in [IPFIX-INFO]
- the input interface, denoted ingressPort in [IPFIX-INFO]
Thus the Template FlowSet defines a Template Record composed of
SEQUENCE-NUMBER, PACKET-SAMPLE and SELECTOR-ID, destinationAS and
ingressPort.
The report interpretation will remain unchanged and must contain:
- the sampling algorithm, denoted SAMPLING-ALGORITHM in [PSAMP-INFO]
- the sampling parameters denoted SAMPLING-PARAMETER1, SAMPLING-
PARAMETER2, etc... in [PSAMP-INFO]
The Options Template FlowSet is used to define this template
composed of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
Finally Data FlowSet is used to export the Flow Data Record(s)
containing the real values of SEQUENCE-NUMBER, PACKET-SAMPLE and
SELECTOR-ID, destinationAS and ingressPort. The Data FlowSet is also
used to export the Options Data Record(s) containing the real values
of SELECTOR-ID, SAMPLING-ALGORITHM, SAMPLING-PARAMETERS.
As a consequence, the collector can link any Flow Data Record to the
sampling algorithm and sampling parameters, by means of the
SELECTOR-ID value.
7.2.1 Example
EDITORĘS NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
[IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
7.3 Filtering Case
EDITORĘS NOTE: ACTUALLY THE EXAMPLE WILL BE QUITE SIMILAR TO 7.1 AND
7.2 BUT WILL DEPEND A LOT ON HOW WE WILL DEFINE THE FILTERING IN
[IPFIX-INFO].
7.3.1 Example
EDITORĘS NOTE: THIS MUST BE A FULL EXAMPLE LIKE IN SECTION 13 OF
[IPFIX-PROTO]. THE [PSAMP-INFO] MUST BE FIRST PUBLISHED.
Claise, et. al Standard Track [Page 11]
PSAMP Protocol Specifications October 2003
8. Security Considerations
As IPFIX has been selected as the PSAMP export protocol and as the
PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security considerations.
9. References
[PSAMP-FRAMEWORK] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
Grossglauser "A Framework for Passive Packet Measurement" draft-
ietf-psamp-framework-03.txt
[PSAMP-FRAMEWORK4] N. Duffield, D. Chiou, B. Claise, A. Greenber, M.
Grossglauser "A Framework for Passive Packet Measurement" draft-
ietf-psamp-framework-04.txt
[PSAMP-SAMPLE-TECH] T. Zseby, M. Molina, F. Raspall, N. Duffield
"Sampling and Filtering Techniques for IP Packet Selection" draft-
ietf-psamp-sample-tech-02.txt
[PSAMP-MIB] T. Dietz, D. Romascanu, B. Claise "Definitions of
Managed Objects for Packet Sampling" draft-ietf-psamp-mib-00.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise,
"Information Model for Packet Sampling Exports", draft-ietf-psamp-
info-00.txt
[IPFIX-ARCH] G. Sadasivan, N. Brownlee "Architecture Model for IP
Flow Information Export" draft-ietf-ipfix-arch-01.txt", June 2003
[IPFIX-INFO] P. Calato, J. Meyer, J. Quittek, "Information Model for
IP Flow Information Export" draft-ietf-ipfix-info-01, August 2003
[IPFIX-PROTO] B. Claise, M. Fullmer, P. Calato, R. Penno, "IPFIX
Protocol Specifications", draft-ietf-ipfix-protocol-00.txt, June
2003
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-
4)", RFC 1771, March 1995.
10. Acknowledgments
To be completed.
Claise, et. al Standard Track [Page 12]
PSAMP Protocol Specifications October 2003
11. AuthorsĘ Addresses
Benoit Claise
Cisco Systems
De Kleetlaan 6a b1
1831 Diegem
Belgium
Phone: +32 2 704 5622
E-mail: bclaise@cisco.com
Juergen Quittek
NEC Europe Ltd.
Network Laboratories
Kurfuersten-Anlage 36
69115 Heidelberg
Germany
Phone: +49 6221 90511-15
Email: quittek@ccrle.nec.de
Claise, et. al Standard Track [Page 13]
| PAFTECH AB 2003-2026 | 2026-04-23 08:50:11 |