One document matched: draft-ietf-psamp-protocol-03.txt
Differences from draft-ietf-psamp-protocol-02.txt
PSAMP working group
Internet Draft EDITOR: B. Claise
draft-ietf-psamp-protocol-03.txt Cisco Systems
Expires: April 2006 October 2005
Packet Sampling (PSAMP) Protocol Specifications
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 23, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Colleting Process. For export of
packet information the IP Flow Information eXport (IPFIX) protocol
is used, as both the IPFIX and PSAMP architecture match very well
and the means provided by the IPFIX protocol are sufficient. The
Claise, et. al Standard Track [Page 1]
PSAMP Protocol Specifications December 2005
document specifies in detail how the IPFIX protocol is used for
PSAMP export of packet information.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
Table of Contents
1. Points of Discussion.........................................3
1.1 Open Issues................................................3
1.2 Action Items...............................................4
2. Introduction.................................................4
3. PSAMP Documents Overview.....................................5
4. Terminology..................................................5
4.1 IPFIX Terminology..........................................6
4.2 PSAMP Terminology.........................................10
4.2.1 Packet Streams and Packet Content......................10
4.2.2 Selection Process......................................11
4.2.3 Reporting..............................................12
4.2.4 Exporting Process......................................13
4.2.5 PSAMP Device...........................................13
4.2.6 Selection Methods......................................13
4.3 IPFIX and PSMAP Terminology Comparison....................15
4.3.1 PSAMP and IPFIX Processes..............................16
4.3.2 Packet Report, Packet Interpretation, and Data Record..16
5. Differences between PSAMP and IPFIX.........................16
5.1 Architecture Point of View................................16
5.2 Protocol Point of View....................................18
5.3 Information Model Point of View...........................18
6. PSAMP Requirements versus the IPFIX Solution................19
6.1 IPFIX Solution for the PSAMP Requirements.................19
6.2 High Level View of the Integration........................21
7. Using the IPFIX Protocol for PSAMP..........................22
7.1 Selector ID...............................................22
7.2 The Associations..........................................22
7.3 Packet Reports............................................22
7.3.1 Basic Packet Reports...................................22
7.3.2 Extended Packet Reports................................24
7.4 Report Interpretation.....................................25
7.4.1 Associations Report Interpretation.....................25
7.4.2 Selector Report Interpretation.........................27
7.4.2.1 Systematic Count-Based Sampling.......................28
7.4.2.2 Systematic Time-Based Sampling........................29
7.4.2.3 Random n-out-of-N Sampling............................30
7.4.2.4 Uniform Probabilistic Sampling........................31
7.4.2.5 Property Match Filtering..............................32
Claise, et. al Standard Track [Page 2]
PSAMP Protocol Specifications December 2005
7.4.2.6 Hash-Based Filtering..................................34
7.4.2.7 Other Selection Methods...............................34
7.4.3 Associations Statistics Report Interpretation..........34
7.4.4 Accuracy Report Interpretation.........................37
7.4.5 Observation Point Report Interpretation................37
8. Security Considerations.....................................37
9. IANA Considerations.........................................37
9.1 IPFIX Related Considerations..............................37
9.2 PSAMP Related Considerations..............................37
10. References.................................................38
10.1 Normative References.....................................38
10.2 Informative References...................................38
11. Acknowledgments............................................39
1. Points of Discussion
1.1 Open Issues
This section covers the open issues, still to be resolved/updated in
this draft:
PROTO-04 Should probably have a separate section for the examples?
PROTO-08 Instead of sending the input sequence number for each
selector ID, a counter64 value, associated with every packet, the
working group should discuss the possibility to send the information
on regular basis with an option template record. Specifically in the
case of Composite Selector, we would send multiple times a 64-bit
counter in each packet.
PROTO-11 Discuss how to implement the accuracy report interpretation
PROTO-12 Discuss how to implement the observation point report
interpretation (if we need one)
PROTO-16 IANA considerations section to be completed.
Two questions:
1. I'm not too sure whether we should mandate a new IETF RFC for the
new selection method description?
2. I'm not too sure whether we should mandate new IANA-registered
information elements for the new selection method?
In other words, can we have proprietary selection method in the
selectorAlgorithm Information Element?
PROTO-17 "Encrypted Packets: Selectors that interpret packet fields
must be configurable to ignore (i.e. not select) encrypted packets,
when they are detected". "Since packet encryption alters the meaning
of encrypted fields, field match filtering must be configurable to
Claise, et. al Standard Track [Page 3]
PSAMP Protocol Specifications December 2005
ignore encrypted packets, when detected." I guess we will need extra
text for this.
PROTO-18 "The exporting process must have an export rate limit,
configurable per Exporting Process". I guess we need extra text for
this.
PROTO-19 "the timestamp of observation of the packet at the
Observation Point. The timestamp should be reported to microsecond
resolution." Nothing is mentioned in this draft regarding this issue.
PROTO-20 Hash based filtering to be completed.
1.2 Action Items
PROTO-101 See EDITOR'S NOTE
PROTO-104 Fix the terminology sections, as a last step before
publication
PROTO-106 Extend security considerations by a discussion on exported
Payload. Consider whether [PSAMP-INFO] or [PSAMP-PROTO] or both
is/are the place(s).
PROTO-107 Provide the equivalent for variable length I.E.
Here is an example of a basic Packet Report, with a SelectionPath
value of 9 (will be explained later on) and ipPacketSection
Information Element of 12 bytes, encoded with a fixed length.
This is an example of PROTO-15, to be put in section 7.3.1
PROTO-108 Have a statement that this protocol specification
meets all requirements for the PSAMP protocol stated in the framework
except ... An then have a list of bullets, where at minimum there is
stated "not yet covered" or a longer explanation why it is not
covered. This would be replacement for the long list of requirements
in section 6.1
2. Introduction
The name PSAMP is a contraction of the phrase Packet SAMPling. The
word "sampling" captures the idea that only a subset of all packets
passing a network element will be selected for reporting. PSAMP
selection operations include random selection, deterministic
selection (filtering), and deterministic approximations to random
selection (hash-based selection).
The IP Flow information export (IPFIX) protocol specified in [IPFIX-
PROTO] exports IP traffic information [IPFIX-INFO] observed at
Claise, et. al Standard Track [Page 4]
PSAMP Protocol Specifications December 2005
network devices. This matches the general protocol requirements
outlined in the PSAMP framework [PSAMP-FMWK]. However, there are
some architectural differences between IPFIX and PSAMP in the
requirements for an export protocol. While the IPFIX architecture
[IPFIX-ARCH] is focused on gathering and exporting IP traffic flow
information, the focus of the PSAMP framework [PSAMP-FMWK] is on
exporting information on individual packets. This basic difference
and a set of derived differences in protocol requirements are
outlined in Section 5. Despite these differences, the IPFIX protocol
is well suited as PSAMP protocol. Section 5 specifies how the IPFIX
protocol is used for the export of packet samples. Required
extensions of the IPFIX information model are specified in the PSAMP
information model [PSAMP-INFO].
3. PSAMP Documents Overview
[PSAMP-FMWK]: "A Framework for Packet Selection and Reporting",
describes the PSAMP framework for network elements to select subsets
of packets by statistical and other methods, and to export a stream
of reports on the selected packets to a collector.
[PSAMP-TECH]: "Sampling and Filtering Techniques for IP Packet
Selection", describes the set of packet selection techniques
supported by PSAMP.
[PSAMP-PROTO]: "Packet Sampling (PSAMP) Protocol Specifications"
(this document), specifies the export of packet information from a
PSAMP Exporting Process to a PSAMP Colleting Process
[PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines
an information and data model for PSAMP.
[PSAMP-MIB]: "Definitions of Managed Objects for Packet Sampling"
describes the PSAMP Management Information Base
4. Terminology
As the IPFIX export protocol is used to export the PSAMP information,
the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in
this document. The terminology summary table in section 4.1 gives a
quick overview of the relationships between the different IPFIX
terms. The PSAMP terminology defined here is fully consistent with
all terms listed in [PSAMP-TECH] and [PSAMP-FMWK] but only
definitions that are only relevant to the PSAMP protocol appear here.
The section 5.4 applies the PSAMP terminology to the IPFIX protocol
terminology.
Claise, et. al Standard Track [Page 5]
PSAMP Protocol Specifications December 2005
4.1 IPFIX Terminology
EDITOR'S NOTE: The terminology has been entirely copied over from
[IPFIX-PROTO]. Before publication, we should evaluate which terms
should be kept, if not all. The ones required for sure so far are:
Flow Record, Flow, Information Element, Metering Process, Collector,
Scope, Set, Template Record, Data Record, Data Set, Template Set,
Template Record(s), Options Template Set, Options Template Record.
Note: the IPFIX Exporting Process was not used, as the PSAMP
Exporting Process is more specific.
Observation Point
An Observation Point is a location in the network where IP packets
can be observed. Examples include: a line to which a probe is
attached, a shared medium, such as an Ethernet-based LAN, a single
port of a router, or a set of interfaces (physical or logical) of a
router.
Note that every Observation Point is associated with an Observation
Domain (defined below), and that one Observation Point may be a
superset of several other Observation Points. For example one
Observation Point can be an entire line card. That would be the
superset of the individual Observation Points at the line card's
interfaces.
Observation Domain
An Observation Domain is the largest set of Observation Points for
which Flow information can be aggregated by a Metering Process.
Each Observation Domain presents itself using a unique ID to the
Collecting Process to identify the IPFIX Messages it generates. For
example, a router line card may be an observation domain if it is
composed of several interfaces, each of which is an Observation
Point. Every Observation Point is associated with an Observation
Domain.
IP Traffic Flow or Flow
There are several definitions of the term 'flow' being used by the
Internet community. Within the context of IPFIX we use the following
definition:
A Flow is defined as a set of IP packets passing an Observation Point
in the network during a certain time interval. All packets belonging
to a particular Flow have a set of common properties. Each property
is defined as the result of applying a function to the values of:
Claise, et. al Standard Track [Page 6]
PSAMP Protocol Specifications December 2005
1. one or more packet header field (e.g. destination IP address),
transport header field (e.g. destination port number), or
application header field (e.g. RTP header fields [RFC1889])
2. one or more characteristics of the packet itself (e.g. number
of MPLS labels, etc...)
3. one or more of fields derived from packet treatment (e.g. next
hop IP address, the output interface, etc...)
A packet is defined to belong to a Flow if it completely satisfies
all the defined properties of the Flow.
This definition covers the range from a Flow containing all packets
observed at a network interface to a Flow consisting of just a single
packet between two applications. It includes packets selected by a
sampling mechanism.
Flow Key
Each of the fields which
1. Belong to the packet header (e.g. destination IP address)
2. Are a property of the packet itself (e.g. packet length)
3. Are derived from packet treatment (e.g. AS number)
and which are used to define a Flow are termed Flow Keys.
Flow Record
A Flow Record contains information about a specific Flow that was
observed at an Observation Point. A Flow Record contains measured
properties of the Flow (e.g. the total number of bytes for all the
Flow's packets) and usually characteristic properties of the Flow
(e.g. source IP address).
Metering Process
The Metering Process generates Flow Records. Inputs to the process
are packet headers and characteristics observed at an Observation
Point, and packet treatment at the Observation Point (for example the
selected output interface).
The Metering Process consists of a set of functions that includes
packet header capturing, timestamping, sampling, classifying, and
maintaining Flow Records.
The maintenance of Flow Records may include creating new records,
updating existing ones, computing Flow statistics, deriving further
Claise, et. al Standard Track [Page 7]
PSAMP Protocol Specifications December 2005
Flow properties, detecting Flow expiration, passing Flow Records to
the Exporting Process, and deleting Flow Records.
Exporter
A device which hosts one or more Exporting Processes is termed an
Exporter.
IPFIX Device
An IPFIX Device hosts at least one Observation Point, a Metering
Process and an Exporting Process.
Collecting Process
A Collecting Process receives Flow Records from one or more
Exporting Processes. The Collecting Process might process or store
received Flow Records, but such actions are out of scope for this
document.
Collector
A device which hosts one or more Collecting Processes is termed a
Collector.
Template
Template is an ordered sequence of <type, length> pairs, used to
completely specify the structure and semantics of a particular set of
information that needs to be communicated from an IPFIX Device to a
Collector. Each Template is uniquely identifiable by means of a
Template ID.
IPFIX Message
An IPFIX Message is a message originating at the Exporting Process
that carries the IPFIX records of this Exporting Process and whose
destination is a Collecting Process. An IPFIX Message is
encapsulated at the transport layer.
Message Header
The Message Header is the first part of an IPFIX Message, which
provides basic information about the message such as the IPFIX
version, length of the message, message sequence number, etc.
Template Record
Claise, et. al Standard Track [Page 8]
PSAMP Protocol Specifications December 2005
A Template Record defines the structure and interpretation of fields
in a Data Record.
Data Record
A Data Record is a record that contains values of the parameters
corresponding to a Template Record.
Options Template Record
An Options Template Record is a Template Record that defines the
structure and interpretation of fields in a Data Record, including
defining how to scope the applicability of the Data Record.
Set
Set is a generic term for a collection of records that have a similar
structure. In an IPFIX Message, one or more Sets follow the Message
Header.
There are three different types of Sets: Template Set, Options
Template Set, and Data Set.
Template Set
A Template Set is a collection of one or more Template Records that
have been grouped together in an IPFIX Message.
Options Template Set
An Options Template Set is a collection of one or more Options
Template Records that have been grouped together in an IPFIX Message.
Data Set
A Data Set is one or more Data Records, of the same type, that are
grouped together in an IPFIX Message. Each Data Record is previously
defined by a Template Record or an Options Template Record.
Information Element
An Information Element is a protocol and encoding independent
description of an attribute which may appear in an IPFIX Record. The
IPFIX information model [IPFIX-INFO] defines the base set of
Information Elements for IPFIX. The type associated with an
Information Element indicates constraints on what it may contain and
also determines the valid encoding mechanisms for use in IPFIX.
Claise, et. al Standard Track [Page 9]
PSAMP Protocol Specifications December 2005
+------------------+---------------------------------------------+
| | Contents |
| +--------------------+------------------------+
| Set | Template | Record |
+------------------+--------------------+------------------------+
| Data Set | / | Data Record(s) |
+------------------+--------------------+------------------------+
| Template Set | Template Record(s) | / |
+------------------+--------------------+------------------------+
| Options Template | Options Template | / |
| Set | Record(s) | |
+------------------+--------------------+------------------------+
Figure A: Terminology Summary Table
4.2 PSAMP Terminology
EDITOR'S NOTE: The terminology has been entirely copied over from
[PSAMP-TECH], except for some (almost) similar terms where only the
IPFIX terms were kept (for example, observation point). Before
publication, we should evaluate which terms should be kept. The ones
required for sure so far are: Selector, Composite Selector, Packet
Reports, Packet Interpretation, PSAMP device, Collector, Filtering,
Sampling. Note that the terms Selector ID and Association ID, coming
from [PSAMP-FMWK], has been added in the Selection Process section.
4.2.1 Packet Streams and Packet Content
Observed Packet Stream
The Observed Packet Stream is the set of all packets observed at the
Observation Point.
Packet Stream
A packet stream denotes a set of packets that flows past some
specified point within the Selection Process. An example of a Packet
Stream is the output of the selection process. Note that packets
selected from a stream, e.g. by Sampling, do not necessarily possess
a property by which they can be distinguished from packets that have
not been selected. For this reason the term "stream" is favored over
"flow", which is defined as set of packets with common properties
[IPFIX-REQ].
Packet Content
Claise, et. al Standard Track [Page 10]
PSAMP Protocol Specifications December 2005
The packet content denotes the union of the packet header (which
includes link layer, network layer and other encapsulation headers)
and the packet payload.
4.2.2 Selection Process
Selection Process
A Selection Process takes the Observed Packet Stream as its input and
selects a subset of that stream as its output.
Selection State
A Selection Process may maintain state information for use by the
Selection Process. At a given time, the Selection State may depend
on packets observed at and before that time, and other variables.
Examples include:
(i) sequence numbers of packets at the input of Selectors;
(ii) a timestamp of observation of the packet at the
Observation Point;
(iii) iterators for pseudorandom number generators;
(iv) hash values calculated during selection;
(v) indicators of whether the packet was selected by a
given Selector;
Selection Processes may change portions of the Selection State as a
result of processing a packet. Selection state for a packet is to
reflect the state after processing the packet.
Selector
A Selector defines the action of a Selection Process on a single
packet of its input. If selected, the packet becomes an element of
the output Packet Stream.
The Selector can make use of the following information in determining
whether a packet is selected:
(i) the Packet Content;
(ii) information derived from the packet's treatment at the
Claise, et. al Standard Track [Page 11]
PSAMP Protocol Specifications December 2005
Observation Point;
(iii) any selection state that may be maintained by the
Selection Process.
Composite Selector
A Composite Selector is an ordered composition of Selectors, in which
the output Packet Stream issuing from one Selector forms the input
Packet Stream to the succeeding Selector.
Primitive Selector
A Selector is primitive if it is not a Composite Selector.
Selector ID
The Selector ID is the unique ID identifying a Primitive Selector.
The ID is unique within the Observation Domain.
Selection Path
From all the packets observed at an Observation Point, only a few
packets are selected by one or more Selectors. The Selection Path is
a unique value describing the Observation Point and the Selector IDs
through which the packets are selected. The Selection Path is unique
per Observation Domain. The Selection Path is represented by the
selectionPath Information Element [PSAMP-INFO].
4.2.3 Reporting
Packet Reports
Packet Reports comprise a configurable subset of a packet's input to
the Selection Process, including the Packet Content, information
relating to its treatment (for example, the output interface), and
its associated selection state (for example, a hash of the Packet
Content)
Report Interpretation:
Report Interpretation comprises subsidiary information, relating to
one or more packets, that are used for interpretation of their Packet
Reports. Examples include configuration parameters of the Selection
Process.
Report Stream:
Claise, et. al Standard Track [Page 12]
PSAMP Protocol Specifications December 2005
The Report Stream is the output of a Selection Process, comprising
two distinguished types of information: Packet Reports, and Report
Interpretation.
4.2.4 Exporting Process
Exporting Process:
An Exporting Process sends, in the form of Export Packet, the output
of one or more Selection Processes to one or more Collectors.
Export Packet:
An Export Packet is a combination of Report Interpretation and/or one
or more Packet Reports are bundled by the Exporting Process into a
Export Packet for exporting to a Collector.
4.2.5 PSAMP Device
PSAMP Device
A PSAMP Device is a device hosting at least an Observation Point, a
Selection Process and an Exporting Process. Typically, corresponding
Observation Point(s), Selection Process(es) and Exporting Process(es)
are co-located at this device, for example at a router.
4.2.6 Selection Methods
Filtering
A filter is a Selector that selects a packet deterministically based
on the Packet Content, or its treatment, or functions of these
occurring in the Selection State. Examples include field match
Filtering, and Hash-based Selection.
Sampling
A Selector that is not a filter is called a Sampling operation. This
reflects the intuitive notion that if the selection of a packet
cannot be determined from its content alone, there must be some type
of Sampling taking place.
Content-independent Sampling
A Sampling operation that does not use Packet Content (or quantities
derived from it) as the basis for selection is called a Content-
Claise, et. al Standard Track [Page 13]
PSAMP Protocol Specifications December 2005
independent Sampling operation. Examples include systematic
Sampling, and uniform pseudorandom Sampling driven by a pseudorandom
number whose generation is independent of Packet Content. Note that
in Content-independent Sampling it is not necessary to access the
Packet Content in order to make the selection decision.
Content-dependent Sampling
A Sampling operation where selection is dependent on Packet Content
is called a Content-dependent Sampling operation. Examples include
pseudorandom selection according to a probability that depends on the
contents of a packet field. Note that this is not a filter, because
the selection is not deterministic.
Hash Domain
A subset of the Packet Content and the packet treatment, viewed as an
N-bit string for some positive integer N.
Hash Range
A set of M-bit strings for some positive integer M that define the
range of values the result of the hash operation can take.
Hash Function
A deterministic map from the Hash Domain into the Hash Range.
Hash Selection Range
A subset of the Hash Range. The packet is selected if the action of
the Hash Function on the Hash Domain for the packet yields a result
in the Hash Selection Range.
Hash-based Selection
Filtering specified by a Hash Domain, a Hash Function, and Hash Range
and a Hash Selection Range.
Approximative Selection
Selectors in any of the above categories may be approximated by
operations in the same or another category for the purposes of
implementation. For example, uniform pseudorandom Sampling may be
approximated by Hash-based Selection, using a suitable Hash Function
and Hash Domain. In this case, the closeness of the approximation
depends on the choice of Hash Function and Hash Domain.
Population
Claise, et. al Standard Track [Page 14]
PSAMP Protocol Specifications December 2005
A Population is a Packet Stream, or a subset of a Packet Stream. A
Population can be considered as a base set from which packets are
selected. An example is all packets in the Observed Packet Stream
that are observed within some specified time interval.
Population Size
The Population Size is the number of all packets in the Population.
Sample Size
The number of packets selected from the Population by a Selector.
Configured Selection Fraction
The Configured Selection Fraction is the ratio of the number of
packets selected by a Selector from an input Population, to the
Population Size, as based on the configured selection parameters.
Attained Selection Fraction
The Attained Selection Fraction is the actual ratio of the
number of packets selected by a Selector from an input
Population, to the Population Size. For some Sampling methods the
Attained Selection Fraction can differ from the Configured Selection
Fraction due to, for example, the inherent statistical variability in
Sampling decisions of probabilistic Sampling and Hash-based
Selection. Nevertheless, for large Population Sizes and properly
configured Selectors, the Attained Selection Fraction usually
approaches the Configured Selection Fraction.
4.3 IPFIX and PSMAP Terminology Comparison
EDITOR'S NOTE:
Some terms between IPFIX and PSAMP were almost similar but not
quite:
- observation point. I kept the one from IPFIX. However, if the
PSAMP/IPFIX definitons would be aligned, it would better.
- exporting process. I kept the one from PSAMP.
- Collector: I kept the one from IPFIX, which implies that I used
the Collecting Process defined in IPFIX (it speaks about flows, but
there is no PSAMP Collecting Process definition)
The PSAMP terminology has been specified with an IPFIX background, as
PSAMP and IPFIX have similar terms. However, this section explains a
couple of non compatible terms between IPFIX and PSAMP.
Claise, et. al Standard Track [Page 15]
PSAMP Protocol Specifications December 2005
4.3.1 PSAMP and IPFIX Processes
The figure B indicates the sequence of the processes (selection and
exporting) within the PSAMP Device.
+----------+ +-----------+
Observed | Metering | | Exporting |
Packet--->| Process |----->| Process |--->Collector
Stream +----------+ +-----------+
Figure B: PSAMP Processes
The Selection Process, which takes an Observed Packet Stream as its
input, and produces Packet Reports as its output, is an integral part
of the Metering Process, which by its definition, produces Flow
Records as its output.
4.3.2 Packet Report, Packet Interpretation, and Data Record
The PSAMP terminology speaks of Packet Report and Packet
Interpretation, while the IPFIX terminology speaks of Data Record and
(Option) Template Record. The Packet Report, which comprises
information about the observed packet, can be viewed as analogous to
the Data Record defined by a Template Record. The Packet
Interpretation, which comprises subsidiary information used for the
interpretation of the Packet Reports, can be viewed as analogous to
the Data Record defined by an Option Template Record.
5.
Differences between PSAMP and IPFIX
The output of the IPFIX working group relevant for this draft is
structured into three documents:
- IP Flow information architecture [IPFIX-ARCH]
- IPFIX protocol specifications [IPFIX-PROTO]
- IP Flow information export information model [IPFIX-INFO]
5.1
Architecture Point of View
Traffic Flow measurement as described in the IPFIX requirements
[RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated
into two stages: packet processing and Flow processing.
The figure C illustrates these stages.
On stage 1, all processing steps act on packets. Packets are
captured, time stamped, selected by one or more selection steps and
finally forwarded to packet classification that maps packets to
Claise, et. al Standard Track [Page 16]
PSAMP Protocol Specifications December 2005
Flows. The packets selection steps may include Filtering and
Sampling functions.
On stage 2, all processing steps act on Flows. After packets are
classified (mapped to Flows), Flows are generated, or updated if they
exist already. Flow generation and update steps may be performed
repeatedly for aggregating Flows. Finally, Flows are exported.
Packet Sampling as described in the PSAMP framework [PSAMP-FMWK]
covers only stage 1 of the IPFIX architecture with the packet
classification replaced by packet record export.
IPFIX architecture PSAMP framework
packet header packet header
capturing \ capturing
| | |
timestamping | timestamping
| | |
v | v
+------>+ | stage 1: +------>+
| | > packet | |
| packet | processing | packet
| selection | | selection
| | | | |
+-------+ | +-------+
| | |
v | v
packet / packet record
classification \ export
| |
v |
+------>+ |
| | |
| Flow generation |
| and update | stage 2:
| | > Flow
| v | processing
| Flow |
| selection |
| | |
+-------+ |
| |
v |
Flow Record /
export
Figure C: Comparison of IPFIX architecture and PSAMP framework
Claise, et. al Standard Track [Page 17]
PSAMP Protocol Specifications December 2005
5.2 Protocol Point of View
Concerning the protocol, the major difference between IPFIX and PSAMP
is that the IPFIX protocol exports Flow Records while the PSAMP
protocol exports Packet Records. From a pure export point of view,
IPFIX will not distinguish a Flow Record composed of several packets
aggregated together, from a Flow Record composed of a single packet.
So the PSAMP export can be seen as special IPFIX Flow Record
containing information about a single packet.
All extensions of the IPFIX protocol that are required to satisfy the
PSAMP requirements, have already been incorporated in the IPFIX
protocol [IPFIX-PROTO], which was developed in parallel with the
PSAMP protocol. An example is the need of a data type for protocol
fields that have flexible length, such as an octet array. This was
added to the IPFIX protocol specification in order to meet the
requirement of the PSAMP protocol to report content of captured
packets, for example the first octets of a packet.
5.3 Information Model Point of View
From the information model point of view, the overlap between both
the IPFIX and PSAMP protocols is quite large. Most of the
Information Elements in the IPFIX protocol are also relevant for
exporting packet information, for example all fields reporting packet
header properties. Only a few Information Elements, such as
flowCount, packetCount (whose value will always be 1 for PSAMP) etc.,
cannot be used in a meaningful way by the PSAMP protocol. Also,
IPFIX protocol requirements concerning stage 2 of figure C do not
apply to the PSAMP metering process.
Further required extensions apply to the information model. Even if
the IPFIX charter speaks of sampling, no Sampling related Information
Elements are specified in [IPFIX-INFO]. The task of specifying them
was intentionally left for the PSAMP information model [PSAMP-INFO].
A set of several additional fields is required for satisfying the
requirements for the PSAMP information model [PSAMP-TECH].
Additional required extensions of the information model concern
packet filtering, and the field reporting content of a packet using
the flexible length data type mentioned above.
Exploiting the extensibility of the IPFIX information model, the
required extension is covered by the PSAMP information model
specified in [PSAMP-INFO].
Claise, et. al Standard Track [Page 18]
PSAMP Protocol Specifications December 2005
6. PSAMP Requirements versus the IPFIX Solution
In the "Generic Requirements for PSAMP" section, [PSAMP-FMWK]
describes some requirements that affect directly the PSAMP export
protocol.
In the "Generic Selection Process Requirements" section, [PSAMP-FMWK]
describes one requirement that, if not directly related to the export
protocol, will put some constraints on it. Parallel Measurements:
multiple independent selection processes at the same entity.
In the "Reporting Process" section, [PSAMP-FMWK] finally describes a
series of requirements specifying the different Information Elements
that MUST and SHOULD reported to the Collector. Nevertheless IPFIX,
being a generic export protocol, can export any Information Elements
as long as there are described in the information model. So these
requirements are mainly targeted for the [PSAMP-INFO] document.
6.1 IPFIX Solution for the PSAMP Requirements
Let's address the PSAMP requirements that influence the export
protocol.
* Extensibility: the protocol must be able to accommodate additional
packet selectors not currently defined.
This requirement is addressed by the IPFIX information model, which
is extensible.
* Parallel Measurement Processes: the protocol must support
simultaneous operation of multiple independent Measurement Processes
at the same host.
This requirement is addressed by exporting the selectionPath
Information Element in every Packet Report. Note that without this
requirement, exporting the Selector ID in a Scope part of every
single Packet Report could have been sufficient.
* Encrypted Packets: Selectors that interpret packet fields must be
configurable to ignore (i.e. not select) encrypted packets, when they
are detected.
EDITOR'S NOTE: I guess we will need extra text for this.
* Indication of Information Loss: the Report Stream must include
sufficient information to indicate or allow the detection of loss
occurring within the Selection, Reporting or Exporting Processes, or
in transport. This may be achieved by the use of sequence numbers.
Claise, et. al Standard Track [Page 19]
PSAMP Protocol Specifications December 2005
An Options Template, with updated statistics, MUST be sent on regular
basis. This Options Template contains for example the total number
of Packet Report exported from the PSAMP device, the total number of
packet observed, etc... Thus the Collector can compare the number of
Packet Report received per selector ID with the number actually
metered and/or sent. In case of discrepancy, a new Sampling rate
could be computed.
* Accuracy: the Report Stream must include information that enables
the accuracy of measurements to be determined.
This requirement is address with the accuracy report interpretation,
that sends the accuracy of the measurements.
EDITOR'S NOTE: is this the accuracy or the precision?
* Privacy: selection of the content of Packet Reports will be
cognizant of privacy and anonymity issues while being responsive to
the needs of measurement applications, and in accordance with RFC
2804. Full packet capture of arbitrary packet streams is explicitly
out of scope.
This requirement doesn't concern the export protocol itself.
* Timeliness: configuration must allow for limiting of buffering
delays for the formation and transmission for Export Packets.
The IPFIX protocol specifications [IPFIX-PROTO] describe an
inactivity timeout for the Flow expiration. This inactivity timeout
is configurable, with a minimum value of 0 for immediate expiration.
Note that this minimum value of 0 will force every single Data Record
to contain information about a single packet and not an aggregation
of packets.
* Congestion Avoidance: export of a report stream across a network
MUST be congestion avoiding in compliance with RFC 2914.
IPFIX, by its charter, MUST also respect this requirement.
* Secure Export:
- confidentiality: the option to encrypt exported data must be
provided.
- integrity: alterations in transit to exported data must be
detectable at the Collector
- authenticity: authenticity of exported data must be verifiable by
the Collector in order to detect forged data.
Claise, et. al Standard Track [Page 20]
PSAMP Protocol Specifications December 2005
The motivation here is the same as for security in IPFIX export.
* Compression: to conserve network bandwidth and resources at the
Collector, the Export Packets may be compressed before export.
With the choice of IPFIX as PSAMP export protocol, the compression
option mentioned in the framework is not addressed.
* The exporting process must have an export rate limit, configurable
per Exporting Process.
EDITOR'S NOTE: this is an open issue.
* The timestamp of observation of the packet at the Observation
Point. The timestamp should be reported to microsecond resolution.
EDITOR'S NOTE: this is an open issue.
6.2 High Level View of the Integration
The Template Record in the Template Set is used to describe the
different PSAMP Information Elements that will be exported to the
Collector. The Collector decodes the Template Record in the Template
Set and knows which Information Elements to expect when it receives
the Data Records in the Data Set, i.e. the PSAMP Packet Reports.
Typically, in the base level of the PSAMP functionality, the Template
Set will contain the input sequence number, the packet fragment (some
number of contiguous bytes from the start of the packet or from the
start of the payload) and the Selection Path.
The Options Template Record in the Options Template Set is used to
describe the different PSAMP Information Elements that concern the
Metering Process itself: Sampling and/or Filtering functions, plus
the associated parameters. The Collector decodes the Options
Template Records in the Option Template Set and knows which
Information Elements to expect when it receives the Data Records in
the Data Set, i.e. the PSAMP Report Interpretation. Typically, the
Options Template would contain the Selection Path, the Sampling or
Filtering functions, and the Sampling or Filtering associated
parameters.
PSAMP requires all the different possibilities of the IPFIX protocol
specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set,
Template Set and Options Templates Set) with the 2 types of Templates
Records (Template Record and Options Template Record), as described
in the figure A. As a consequence, PSAMP can't rely on a subset of
the IPFIX protocol specifications are described in [IPFIX-PROTO].
The entire IPFIX protocol specifications [IPFIX-PROTO] MUST be
implemented for the PSAMP export.
Claise, et. al Standard Track [Page 21]
PSAMP Protocol Specifications December 2005
7. Using the IPFIX Protocol for PSAMP
7.1 Selector ID
The Selector ID is the unique ID identifying a Primitive Selector.
Each Primitive Selector MUST have a unique ID within the Observation
Domain.
7.2 The Associations
From all the packets observed at an Observation Point, a subset of
packets is selected by one or more Selectors. The Selection Path is
a unique value describing the Observation Point and the Selector
ID(s) through which the packets are selected. The Selection Path is
represented by the selectionPath Information Element [PSAMP-INFO].
7.3 Packet Reports
For each Associations, for each selected packet, a Packet Report MUST
be created. The format of the Packet Report is specified in a
Template Record contained in a Template Set.
There are two types of Packet Report, as described in [PSAMP-FWMK]:
the basic Packet Report and the extended Packet Report.
7.3.1 Basic Packet Reports
For each selected packet, the Packet Report MUST contain the
following information:
- The selectionPath Information Element
- Some number of contiguous bytes from the start of the packet,
including the packet header (which includes link layer, network layer
and other encapsulation headers) and some subsequent bytes of the
packet payload. Alternatively, the number of contiguous bytes may
start at the beginning of the payload. The Layer2PacketSection,
l2PayloadPacketSection, mplsLabelStackSection,
mplsPayloadPacketSection, ipPacketSection, and ipPayloadPacketSection
PSAMP Information Elements are available for this use.
- The input sequence number(s) of any Selectors that acted on the
packet, represented by the selectorInputSequenceNumber Information
Element.
The contiguous Information Elements (Layer2PacketSection,
l2PayloadPacketSection, mplsLabelStackSection,
mplsPayloadPacketSection, ipPacketSection, and
ipPayloadPacketSection) MAY be encoded with a fixed length field or
with a variable sized field. If one of these Information Elements is
Claise, et. al Standard Track [Page 22]
PSAMP Protocol Specifications December 2005
encoded with a fixed length field whose length is too long for the
number of contiguous bytes in the selected packet, padding MUST NOT
be used. In this case, the Exporting Process MUST export the
information either in a new Template Record with the correct fixed
length field, or either in a new Template Record with a variable
length field.
EDITOR'S NOTE: instead of sending the input sequence number for each
selector ID, a counter64 value, associated with every packet, the
working group should discuss the possibility to send the information
on regular basis with an option template record. Specifically in the
case of Composite Selector, we would send multiple times a 64-bit
counter in each packet. The example below doesn't contain the input
sequence number.
Here is an example of a basic Packet Report, with a SelectionPath
value of 9 and ipHeaderPacketSection Information Element of 12 bytes,
0x4500 005B A174 0000 FF11 832E, encoded with a fixed length field.
IPFIX Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 2 | Length = 16 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 260 | Field Count = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| selectionPath = 321 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ipHeaderPacketSection = 313 | Field Length = 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 260 | Length = 20 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x4500 005B |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0xA174 0000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0xFF11 832E |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 23]
PSAMP Protocol Specifications December 2005
Figure D: Example of a Basic Packet Report
Here is an example of a basic Packet Report, with a SelectionPath
value of 9 (will be explained later on) and ipPacketSection
Information Element of 12 bytes, encoded with a variable length.
EDITOR'S NOTE: to be added
7.3.2 Extended Packet Reports
Alternatively to the basic Packet Report, the extended Packet Report
MAY contain extra Information Elements related to the protocols used
in the packet (such as source and destination IP addresses), related
to the packet treatment (such as output interface, destination BGP
autonomous system), related to the Selection State associated with
the packet (such as timestamp, hash value).
It is envisaged that selection of fields for extended Packet Reports
may be used to reduce reporting bandwidth, in which case the option
to report some number of contiguous bytes from the start of the
packet, mandatory in the basic Packet Report, may not be exercised.
In this case, the Packet Content MAY be omitted. Note this
configuration is quite similar to an IPFIX device for which a
Template Record containing information about a single packet is
reported.
Example of a detailed Extended Packet Report:
IPFIX Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 2 | Length = 32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 261 | Field Count = 6 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| selectionPath = 321 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| sourceIPv4Address = 44 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| destinationIPv4Address = 45 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| totalLengthIPv4 = 190 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| tcpSourcePort = 182 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| tcpDestinationPort = 183 | Field Length = 2 |
Claise, et. al Standard Track [Page 24]
PSAMP Protocol Specifications December 2005
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 261 | Length = 20 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10.0.0.1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10.0.1.106 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 72 | 1372 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 80 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure E: Example of an Extended Packet Report
7.4 Report Interpretation
To make full sense of the Packet Reports there are a number of
additional pieces of information that must be communicated to the
Collector:
- The details about which Selectors and Observation Points are being
used within an Associations MUST be provided using the Associations
Report Interpretation.
- The configuration details of each Selector MUST be provided using
the Selector Report Interpretation.
- The Selector ID statistics MUST be provided using the
AssociationsStatistics Report Interpretation.
- The accuracies of the reported fields MUST be provided using the
Accuracy Report Interpretation.
- Further information about each Observation Point MAY be provided
using the Observation Point Report Interpretation.
EDITOR'S NOTE: to be discussed on the mailing list.
7.4.1 Associations Report Interpretation
Each Packet Report contains a selectionPath Information Element that
identifies the particular combination of Observation Point and
Selector(s) used for its selection. For every selectionPath
Information Element in use, the PSAMP Device MUST export an
Claise, et. al Standard Track [Page 25]
PSAMP Protocol Specifications December 2005
Associations Report Interpretation using an Options Template with the
following Information Element:
Scope: selectionPath
Non-Scope: observationPointId
selectorId (one or more)
If the packets are selected by a Composite Selector, the Selection
Path field is composed of several Primitive Selectors. In such a
case, the Associations Report Interpretation MUST contain the list of
all the Primitive Selector IDs in the Selection Path. If multiple
Selectors are contained in the Associations Report Interpretation,
the Selectors ID MUST be identified in the order they are used.
The observationPointID SHOULD be first Information Element and the
optional processes SHOULD be last ones so that the path of the
selected Packet is provided in the logical order.
Example of a Two Selection Path:
Selection Path 7 (Filter->Sampling):
observationPointID 1 (Interface 5),
selectorId 5 (Filter, match IPV4SourceAddress 10.0.0.1),
selectorId 10 (Sampler, Random 1 out-of ten),
meteringProcessID 15 (IPFIX Metering Process)
Selection Path 9 (Sampling->Filtering):
observationPointID 1 (Interface 5),
selectorId 10 (Sampler, Random 1 out-of ten),
selectorId 5 (Filter, match IPV4SourceAddress 10.0.0.1),
meteringProcessID 15 (IPFIX Metering Process)
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 262 | Field Count = 5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 4 |0| selectionPath = 321 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope 1 Length = 4 |0| observationPointId = 320 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 26]
PSAMP Protocol Specifications December 2005
| Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
EDITOR'S NOTE: check the observationPointId
The associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 262 | Length = 36 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 7 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure F: Example of an Associations Report Interpretation
Notes:
* There are two Records here in the same Data Set. Each record
defines a different Selection Path.
* If a different Selection Path used three Selectors then a different
Options Template would have to be used.
7.4.2 Selector Report Interpretation
An IPFIX Data Record, defined by an Option Template Record, MUST be
used to send the configuration details of every Selector in use. The
Option Template Record MUST contain the selectorId Information
Element as the Scope field and the SelectorAlgorithm Information
Element followed by some specific configuration parameters:
Scope: selectorId
Non-scope: selectorAlgorithm
algorithm specific Information Elements
Claise, et. al Standard Track [Page 27]
PSAMP Protocol Specifications December 2005
The algorithm specific Information Elements are specified in the
following subsections, depending on the selection method represented
by the value of the selectorAlgorithm.
The Associations statistics MUST be exported periodically.
7.4.2.1 Systematic Count-Based Sampling
In systematic count-based Sampling, the start and stop triggers for
the Sampling interval are defined in accordance to the spatial packet
position (packet count) [PSAMP-TECH].
The REQUIRED algorithm specific Information Elements in case of
systematic count-based Sampling are:
samplingPacketInterval: number of packets selected in a row
samplingPacketSpace: number of packets between selections
Example of a simple 1 out-of 10 systematic count-based Selector
definition, where the samplingPacketInterval is 1 and the
samplingPacketSpace is 9.
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 263 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope 1 Length = 4 |0| selectorAlgorithm = 302 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0|samplingPacketInterval = 304 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingPacketSpace = 305 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 263 | Length = 11 |
Claise, et. al Standard Track [Page 28]
PSAMP Protocol Specifications December 2005
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 15 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 1 | 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure G: Example of the Selector Report Interpretation,
For Systematic Count-Based Sampling
Notes:
* A selectorAlgorithm value of 1 represents systematic count-based
Sampling.
* samplingPacketInterval and samplingPacketSpace are of type
unsigned32 but are compressed down to one octet here, as allowed by
the IPFIX protocol specifications [IPFIX-PROTO].
7.4.2.2 Systematic Time-Based Sampling
In systematic time-based Sampling, the start and stop triggers are
used to define the Sampling intervals [PSAMP-TECH]. The REQUIRED
algorithm specific Information Elements in case of systematic time-
based Sampling are:
samplingTimeInterval: time (in ms) when packets are selected
samplingTimeSpace: time (in ms) between selections
Example of a 100 ms out-of 1000 ms systematic time-based Selector
definition, where the samplingTimeInterval is 100 and the
samplingTimeSpace is 900
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 264 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope 1 Length = 4 |0| selectorAlgorithm = 302 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingTimeInterval = 306 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingTimeSpace = 307 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 29]
PSAMP Protocol Specifications December 2005
| Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 264 | Length = 16 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 16 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 2 | 100 | 900 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure H: Example of the Selector Report Interpretation,
For Systematic Time-Based Sampling
Notes:
* A selectorAlgorithm value of 2 represents systematic time-based
Sampling.
* samplingTimeInterval and samplingTimeSpace are of type unsigned32
but are compressed down here.
7.4.2.3 Random n-out-of-N Sampling
In random n-out-of-N Sampling, n elements are selected out of the
parent population that consists of N elements [PSAMP-TECH]. The
REQUIRED algorithm specific Information Elements in case of random n-
out-of-N Sampling are:
samplingSize: number of packets selected
samplingPopulation: number of packets in selection population
Example of a 1 out-of 10 random n-out-of-N Sampling Selector:
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 265 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 30]
PSAMP Protocol Specifications December 2005
| Scope 1 Length = 4 |0| selectorAlgorithm = 302 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingSize = 309 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingPopulation = 308 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 265 | Length = 11 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 17 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 3 | 1 | 10 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure I: Example of the Selector Report Interpretation,
For Random n-out-of-N Sampling
Notes:
* A selectorAlgorithm value of 3 represents Random n-out-of-N
sampling.
* samplingSize and samplingPopulation are of type unsigned32 but are
compressed down to one octet here.
7.4.2.4 Uniform Probabilistic Sampling
In uniform probabilistic Sampling, each element has the same
probability p of beings are selected from the parent population
[PSAMP-TECH]. The algorithm specific Information Element in case of
uniform probabilistic Sampling is:
samplingProbablility: a floating point number for the Sampling
probability.
Example of a 15% uniform probability Sampling Selector:
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 31]
PSAMP Protocol Specifications December 2005
| Set ID = 3 | Length = 22 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 271 | Field Count = 3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| selectorAlgorithm = 302 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| samplingProbablility = X |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
EDITOR'S NOTE: check the value of samplingProbablility in [PSAMP-
INFO]
Associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 271 | Length = 11 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 20 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4 | 0.15 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+
Figure I: Example of the Selector Report Interpretation,
For Uniform Probabilistic Sampling
Notes:
* A selectorAlgorithm value of 4 represents Uniform Probabilistic
Sampling.
7.4.2.5 Property Match Filtering
This classification includes match(es) on field(s) within a packet
and/or on properties of the router state. With this method, a packet
is selected if a specific field in the packet equals a predefined
value.
The algorithm specific Information Elements, defining configuration
parameters for property match filtering, are taken from the full
range of available Information Elements.
Claise, et. al Standard Track [Page 32]
PSAMP Protocol Specifications December 2005
When multiple different Information Elements are defined, the filter
acts as a logical AND. Note that the logical OR is not covered by
these PSAMP specifications. The property match Filtering Options
Template Record MUST NOT have multiple identical Information
Elements. The result of the filter is independent from the order of
the Information Elements in the Option Template Record, but the order
may be important for implementation purposes, as the first filter
will have to work at a higher rate. In any case, an implementation
is not constrained to respect the filter ordering, as long as the
result is the same, and it may even implement the composite Filtering
in Filtering in one single step.
Example of a match based filter Selector, whose rules are:
IPv4 Source Address = 10.0.0.1
IPv4 Next-Hop Address = 10.0.1.1
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 266 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectorId = 300 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope 1 Length = 4 |0| selectorAlgorithm = 302 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| sourceIPv4Address = 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| ipNextHopIPv4Address = 15 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Associated IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 266 | Length = 11 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 21 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 10.0.0 ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... .1 | 10.0.1 ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 33]
PSAMP Protocol Specifications December 2005
| ... .1 |
+-+-+-+-+-+-+-+-+
Figure J: Example of the Selector Report Interpretation,
For match based and router state Filtering
Notes:
* A selectorAlgorithm value of 5 represents property match Filtering.
* In this filter there is a mix of information from the packet and
information from the router.
7.4.2.6 Hash-Based Filtering
EDITOR'S NOTE: to be completed
Notes:
* A selectorAlgorithm value of 6 represents hash-based Filtering.
7.4.2.7 Other Selection Methods
Some potential new selection methods MAY be added. Some of the new
selection methods, such as non-uniform probabilistic Sampling and
flow state dependent Sampling, are described in [PSAMP-TECH], with
further references.
Each new selection method MUST be assigned a unique value for the
selectorAlgorithm Information Element. Its configuration
parameter(s), along with the way to report it/them with an Options
Template, MUST be clearly specified.
7.4.3 Associations Statistics Report Interpretation
A Selector MAY be used in multiple Associations. However, each use
of a Selector must be independent, so each separate logical instances
of a Selector MUST maintain its separate Selection State and
statistics.
The Associations Statistics Report Interpretation MUST include the
number of packets seen (Population Size) and the number of packets
selected (Sample Size) by each instance of its Primitive Selector.
Within an Association composed of several Primitive Selectors, the
number of packets selected for one Selector is equal to the number of
packets seen by the next Selector. The order of the Selectors in the
Associations Statistics Report Interpretation MUST match the order of
the Selectors in the Association, as defined in the Associations
Claise, et. al Standard Track [Page 34]
PSAMP Protocol Specifications December 2005
Report Interpretation.
The Associations Statistics Report Interpretation MUST also contain
the number of packets observed at the Observation.
For every Selection Path, the PSAMP Device MUST export an
Associations statistics Report Interpretation using an Options
Template with the following Information Element:
Scope: SelectionPath
Non-scope: packetsObserved
packetsSelected (one or more)
The packetsObserved Information Element contains the number of
packets seen at the Observation Point, and as a consequence passed to
the first Selector in the Association. The packetsSelected
Information Element contains the number of packets selected by the
various Selectors in the Associations.
The Attained Selection Fraction can be calculated for each Selector
by dividing the number of packets selected for that Selector by the
previous value.
The statistics for the whole sequence SHOULD be taken at a single
logical point in time, the input value for a Selector MUST equal the
output value of the previous selector.
Example of Associations Statistics Report Interpretation:
Associations set 7 (Filter->Sampling):
Observed 100 (observationPointID 1, Interface 5)
Selected 50 (selectorId 5, match IPV4SourceAddress 10.0.0.1)
Selected 6 (selectorId 10, Sampler: Random one out-of ten)
Associations set 9 (Sampling->Filtering):
Observed 100 (observationPointID 1, Interface 5)
Selected 10 (selectorId 10, Sampler: Random one out-of ten)
Selected 3 (selectorId 5, match IPV4SourceAddress 10.0.0.1)
IPFIX Options Template Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 30 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Claise, et. al Standard Track [Page 35]
PSAMP Protocol Specifications December 2005
| Template ID = 267 | Field Count = 5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 1 |0| selectionPath = 321 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope 1 Length = 4 |0| packetsObserved = 324 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| packetsSelected = 325 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| packetsSelected = 325 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| packetsSelected = 325 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The associate IPFIX Data Record:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 267 | Length = 24 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 7 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 100 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 50 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 6 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 100 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 10 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure K: Example of the Association Statistics Report
Interpretation
Notes:
* The Attained Packet Fractions for the first set of Associations
are:
Filter 10: 50/100
Sampler 5: 6/50
Number of samples sent to Metering Process: 6
* The Attained Packet Fractions for the second set of Associations
Claise, et. al Standard Track [Page 36]
PSAMP Protocol Specifications December 2005
are:
Sampler 5: 10/100
Filter 10: 3/10
Number of samples sent to Metering Process: 3
7.4.4 Accuracy Report Interpretation
The inherent accuracy of the Information Elements in the Packet
Report MUST be reported in order to enable the Collector to determine
the accuracy of the measurements.
EDITOR'S NOTE: to be completed
7.4.5 Observation Point Report Interpretation
For each Observation Point, an Observation Option Report
Interpretation MAY be sent.
EDITOR'S NOTE: to be completed
8. Security Considerations
As IPFIX has been selected as the PSAMP export protocol and as the
PSAMP security requirements are not stricter than the IPFIX security
requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for
the security considerations.
9. IANA Considerations
The PSAMP Protocol, as set out in this document, has two sets of
assigned numbers. Considerations for assigning them are discussed in
this section, using the example policies as set out in the
"Guidelines for IANA Considerations" document IANA-RFC [RFC2434].
9.1 IPFIX Related Considerations
As the PSAMP protocol uses the IPFIX protocol, refer to the IANA
considerations section in [IPFIX-PROTO] for the assignments of
numbers used in the protocol and for the numbers used in the
information model.
9.2 PSAMP Related Considerations
Each new selection method MUST be assigned a unique value for the
selectorAlgorithm Information Element. Its configuration
Claise, et. al Standard Track [Page 37]
PSAMP Protocol Specifications December 2005
parameter(s), along with the way to report it/them with an Options
Template, MUST be clearly specified.
Each new selection method MUST be assigned a unique value for the
selectorAlgorithm Information Element. New assignments for the PSAMP
selection method will be administered by IANA, on a First Come First
Served basis [RFC 2434], subject to Expert Review [RFC 2434], i.e.
review by one of a group of experts designated by an IETF Operations
and Management Area Director. The group of experts must double check
the Information Elements definitions with already defined Information
Elements for completeness, accuracy and redundancy. Those experts
will initially be drawn from the Working Group Chairs and document
editors of the IPFIX and PSAMP Working Groups.
10. References
10.1 Normative References
[PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F.
Raspall, "Sampling and Filtering Techniques for IP Packet Selection"
draft-ietf-psamp-sample-tech-07.txt
[PSAMP-MIB] T. Dietz, B. Claise "Definitions of Managed Objects for
Packet Sampling" draft-ietf-psamp-mib-05.txt
[PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information
Model for Packet Sampling Exports", draft-ietf-psamp-info-03.txt
[IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek,
"Architecture Model for IP Flow Information Export" draft-ietf-ipfix-
arch-09.txt"
[IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information
Model for IP Flow Information Export" draft-ietf-ipfix-info-11.txt
[IPFIX-PROTO] B. Claise (Editor) "IPFIX Protocol Specifications",
draft-ietf-ipfix-protocol-19.txt
[RFC1771] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)",
RFC 1771, March 1995.
[RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 2434, October 1998.
10.2 Informative References
Claise, et. al Standard Track [Page 38]
PSAMP Protocol Specifications December 2005
[PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M.
Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework
for Passive Packet Measurement" draft-ietf-psamp-framework-10.txt
[RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements
for IP Flow Information Export", RFC 3917, October 2004
11. Acknowledgments
The authors would like to thank the PSAMP group, especially Paul
Aitken for fruitful discussions and for proofreading the document.
Authors' Addresses
Benoit Claise
Cisco Systems
De Kleetlaan 6a b1
1831 Diegem
Belgium
Phone: +32 2 704 5622
E-mail: bclaise@cisco.com
Juergen Quittek
NEC Europe Ltd.
Network Laboratories
Kurfuersten-Anlage 36
69115 Heidelberg
Germany
Phone: +49 6221 90511-15
Email: quittek@ccrle.nec.de
Andrew Johnson
Cisco Systems
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3641
Email: andrjohn@cisco.com
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
Claise, et. al Standard Track [Page 39]
PSAMP Protocol Specifications December 2005
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society
Claise, et. al Standard Track [Page 40]
| PAFTECH AB 2003-2026 | 2026-04-23 08:44:28 |