Internet Draft Elisa Boschi Document:draft-boschi-data-exchange-quest-00.txt Hitachi Europe/ Fraunhofer FOKUS Expires: January 2006 Lutz Mark Fraunhofer FOKUS Emile Stephan France Telecom July 2005 Inter-domain Data Exchange Questionnaire draft-boschi-data-exchange-quest-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Expires January 2006 [Page 1] Inter-domain Data Exchange Questionnaire July 2005 Abstract This document has been created to raise the question of inter- domain measurements and data exchange between ISPs. The goal of this questionnaire is to find out what the main concerns are, and whether and how an inter-domain collaboration would be beneficial for the community. Boschi, Mark, Stephan [Page 2] Inter-domain Data Exchange Questionnaire July 2005 Table of Contents 1. Introduction................................................3 2. Terminology.................................................4 3. Questionnaire...............................................4 3.1 Measurement.................................................5 3.1.1 Measurement techniques......................................6 3.2 Protocols and tools.........................................7 3.3 Trustworthiness of measurement information exchanged........8 3.4 Privacy.....................................................8 3.4.1 Customer Privacy............................................8 3.4.2 ISP Privacy.................................................9 3.5 Anonymisation..............................................10 3.6 General information (optional).............................12 4. Inforrmative References....................................12 5. Acknowledgements...........................................13 6. Author's Addresses.........................................13 7. Copyright Statement........................................14 8. Disclaimer.................................................14 1. Introduction Internet Service Providers (ISPs) usually monitor their own networks. They are interested in information on resource usage, traffic load, network quality, traffic anomalies for applications like QoS monitoring, fault diagnosis, anomaly or intrusion detection, and troubleshooting. Some applications like inter-provider SLA validation, or DDoS detection and prevention, need (or at least can greatly profit from) data measured in more than one administrative domain. Currently, ISPs have minimal or no information at all about the characteristics and performance of networks outside their own administrative domain. The question we try to address with this draft is to which extent different ISPs are willing to cooperate in order to provide results they cannot obtain by only monitoring their own network. We try to understand what is currently limiting the inter-domain exchange of measurements, and whether, or to which extent, this is linked with research or technical issues. Boschi, Mark, Stephan [Page 3] Inter-domain Data Exchange Questionnaire July 2005 2. Terminology Domain A domain is a group of computers and devices on a network that are administered as a unit with common rules and procedures. Observation Point An Observation Point is a location in the network where IP packets can be observed. Examples include: a line to which a probe is attached, a shared medium, such as an Ethernet- based LAN, a single port of a router, or a set of interfaces (physical or logical) of a router. Inter-domain measurement A measurement involving multiple Observation points that do not belong to the same domain. Active measurement An active measurement injects test traffic into the network in order to measure network or path characteristics. Passive measurement Passive measurement is based on already existing traffic. It provides information about characteristics of the real current traffic in the observed network. Interception Interception means a passive measurement where an ISP looks at characteristics derived from the content of traffic generated by customers. The content is the part of the datagram that is only of interest to the people/systems at the end of the communications. For example, to try to accurately identify peer-to-peer traffic by looking at header-data. 3. Questionnaire This section contains questions on inter-domain information exchange. They have been grouped with respect to the main area they refer to: measurement, security, privacy, and data anonymisation. The goal of this questionnaire is to collect information on the real needs of inter-domain cooperation and the feelings the ISPs have on the matter. The results should allow researchers to evaluate the feasibility of their approaches and standardization bodies to find out peopleÆs interest on this topic. Boschi, Mark, Stephan [Page 4] Inter-domain Data Exchange Questionnaire July 2005 3.1 Measurement - Are you in general interested in measurements across domains? o Yes o No - What kind of data (i.e. traffic metrics) from other ISPs are you interested in? ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- - Would you have a use for a protocol (or application) that would allow you to demonstrate to your customers that your network is performing well? o Yes o No - How do you handle the lack of precise methodology to attribute performances to specific path portions? ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- Boschi, Mark, Stephan [Page 5] Inter-domain Data Exchange Questionnaire July 2005 - Do you have a motivation for end-to-end measurements which span multiple domains and which can be reliably partitioned into segments of single domains? o Yes o No - Have you ever been blamed for problems that were out of your network (due to bad or non-existing measurements)? o Yes o No 3.1.1 Measurement techniques - From your point of view, for which application/reason would the use of passive measurement be most applicable? . Resource usage . Resource allocation . Traffic accounting . Security . Network Quality . Fault diagnosis . Troubleshooting . ISP Privacy . Long term network planning - From your point of view in which application would you consider active measurement the most applicable solution to use? . Resource usage Boschi, Mark, Stephan [Page 6] Inter-domain Data Exchange Questionnaire July 2005 . Resource allocation . Traffic accounting . Security . Network Quality . Fault diagnosis . Troubleshooting . ISP Privacy 3.2 Protocols and tools - Would you develop/use a (STANDARDIZED) tool for handling the inter-domain data exchange? o Yes o No - Would you like to participate in the development process of an inter-domain information exchange software/ platform/ framework? o Yes o No - Would you like to let other entities set up active measurements that originate/terminate in your domain by using tools under your administrative responsibility and control? o Yes o No Boschi, Mark, Stephan [Page 7] Inter-domain Data Exchange Questionnaire July 2005 3.3 Trustworthiness of measurement information exchanged - Which aspect of the information exchange is most important? o Access Control o Quality of the measurement result exchange: . Accuracy of the information . Prompt availability of the results . Information usability in contracts o Reliability of data exchange o Machine to machine communication . Communication between measurement systems and Network Operation Center applications involved in the management/monitoring of the network 3.4 Privacy 3.4.1 Customer Privacy - What information are you allowed, through measurements, to collect about your users? ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- - What information are you allowed, through measurements, to reveal to other ISPs about your users? ---------------------------------------------------------------- ---------------------------------------------------------------- Boschi, Mark, Stephan [Page 8] Inter-domain Data Exchange Questionnaire July 2005 ---------------------------------------------------------------- ---------------------------------------------------------------- 3.4.2 ISP Privacy - What information are you allowed to reveal to other ISPs about your network (e.g. topology)? ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- - To which data/information would you never grant others access? ---------------------------------------------------------------- ---------------------------------------------------------------- - Would you, using appropriate policies, allow researchers to collect data in your network (e.g. number of different flows, mean number of packets per flow, mean packet size), or would you share collected data with researchers? If yes, under which conditions? o Yes, under the following conditions: ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- ---------------------------------------------------------------- o No Boschi, Mark, Stephan [Page 9] Inter-domain Data Exchange Questionnaire July 2005 3.5 Anonymisation Do you use any kind of anonymisation on the collected data (e.g flow information, traffic traces, packet data)? o Yes o No - If not, why? o Anonymisation is still a research topic, not a mature field o It is not needed o Concerns on the vulnerabilities of some anonymisation tools to external attacks o Others: ------------------------------------------------- ----------------------------------------------------------- ----------------------------------------------------------- - If yes, what kind(s) of anonymisation do you use? o Hash functions (one-way hashing) o Masking o Truncation o Random permutations o Others: ------------------------------------------------ --------------------------------------------------------- --------------------------------------------------------- Boschi, Mark, Stephan [Page 10] Inter-domain Data Exchange Questionnaire July 2005 - Which items are targets of anonymisation? o IP (v4 or v6) source addresses o IP (v4 or v6) destination addresses o Source Port o Destination Port o Entire Application Level Payload o Part of Application Level Payload o Others: ------------------------------------------------- --------------------------------------------------------- --------------------------------------------------------- - Do you use an anonymisation tool? If yes which one? o Tcpdpriv _______________________ o Crypto-PaN _____________________ o Ip2anonip ______________________ o Ipsumdump o Anonymizer ______________________ o A proprietary one: ----------------------------------- o Others: ------------------------------------------------ Boschi, Mark, Stephan [Page 11] Inter-domain Data Exchange Questionnaire July 2005 3.6 General information (optional) - Have you started a business coalition with other ISPs? Why or why not? o Yes, because --------------------------------------------- ----------------------------------------------------------- ----------------------------------------------------------- o No, because --------------------------------------------- ----------------------------------------------------------- ----------------------------------------------------------- - Do you have close relationships or contracts with other ISPs? Of what nature are these contracts? o Yes, ------------------------------------------------ ------------------------------------------------------------ ------------------------------------------------------------ o No 4. Informative References [Anonymizer] Anonymizer homepage: http://sourceforge.net/projects/anonymizer [Crypto-Pan] Crypto-Pan homepage: http://www.cc.gatech.edu/computing/Telecomm/cryptop an/ [Ip2anonip] Ip2anonip homepage: http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html [Ipsumdump] ipsumdump homepage: http://www.cs.ucla.edu/~kohler/ipsumdump/ Boschi, Mark, Stephan [Page 12] Inter-domain Data Exchange Questionnaire July 2005 [Tcpdpriv] Tcpdpriv homepage: http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html 5. Acknowledgements We would like to thank Michael Kundt, Carsten Schmoll, Maurizio Molina, Andrew Cormack, Tanja Zseby, and Marcello Esposito for their contribution, and valuable comments. 6. Author's Addresses Elisa Boschi Hitachi Europe SAS Immeuble Le Theleme, 1503 Route des Dolines o6560 Valbonne, France Phone: +33 4 89874180 Email: elisa.boschi@hitachi-eu.com Lutz Mark Fraunhofer Institute for Open Communication Systems (FOKUS) Kaiserin-Augusta-Allee 31 10589 Berlin, Germany Phone: +49 30 3463 7306 Email: mark@fokus.fraunhofer.de Emile Stephan France Telecom Division R & D 2 avenue Pierre Marzin 22307 Lannion, France Fax: +33 2 96 05 18 52 Email: emile.stephan@francetelecom.com 7. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Boschi, Mark, Stephan [Page 13] Inter-domain Data Exchange Questionnaire July 2005 Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. 8. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. 9. Disclaimer This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Boschi, Mark, Stephan [Page 14]