idnits 2.17.1 draft-ietf-psamp-protocol-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1958. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1933. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1933. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1939. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC2119]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 7 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) == Outdated reference: A later version (-11) exists of draft-ietf-psamp-sample-tech-10 == Outdated reference: A later version (-11) exists of draft-ietf-psamp-info-07 == Outdated reference: A later version (-13) exists of draft-ietf-psamp-framework-12 Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 PSAMP working group 2 Internet Draft EDITOR: B. Claise 3 draft-ietf-psamp-protocol-09.txt Cisco Systems, Inc. 4 Intended status: Proposed Standard December 10th 2007 5 Expires: June 2008 7 Packet Sampling (PSAMP) Protocol Specifications 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that 12 any applicable patent or other IPR claims of which he or she is 13 aware have been or will be disclosed, and any of which he or 14 she becomes aware will be disclosed, in accordance with Section 15 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet 18 Engineering Task Force (IETF), its areas, and its working 19 groups. Note that other groups may also distribute working 20 documents as Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six 23 months and may be updated, replaced, or obsoleted by other 24 documents at any time. It is inappropriate to use 25 Internet-Drafts as reference material or to cite them other 26 than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed 32 at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on June, 2008. 37 Copyright Notice 39 Copyright (C) The IETF Trust (2007). 41 Abstract 43 This document specifies the export of packet information from a 44 PSAMP Exporting Process to a PSAMP Collecting Process. For export 45 of packet information the IP Flow Information eXport (IPFIX) 46 protocol is used, as both the IPFIX and PSAMP architecture match 47 very well and the means provided by the IPFIX protocol are 48 sufficient. The document specifies in detail how the IPFIX protocol 49 is used for PSAMP export of packet information. 51 Conventions used in this document 53 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 54 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 55 document are to be interpreted as described in RFC 2119 [RFC2119]. 57 Table of Contents 59 1. Introduction.................................................3 60 2. PSAMP Documents Overview.....................................3 61 3. Terminology..................................................4 62 3.1 IPFIX Terminology..........................................4 63 3.2 PSAMP Terminology..........................................5 64 3.2.1 Packet Streams and Packet Content.......................5 65 3.2.2 Selection Process.......................................6 66 3.2.3 Reporting...............................................7 67 3.2.4 Metering Process........................................8 68 3.2.5 Exporting Process.......................................8 69 3.2.6 PSAMP Device............................................8 70 3.2.7 Collector...............................................8 71 3.2.8 Selection Methods.......................................8 72 3.3 IPFIX and PSAMP Terminology Comparison....................11 73 3.3.1 IPFIX and PSAMP Processes..............................11 74 3.3.2 Packet Report, Packet Interpretation, and Data Record..11 75 4. Differences between PSAMP and IPFIX.........................12 76 4.1 Architecture Point of View................................12 77 4.2 Protocol Point of View....................................13 78 4.3 Information Model Point of View...........................14 79 5. PSAMP Requirements versus the IPFIX Solution................14 80 5.1 High Level View of the Integration........................15 81 6. Using the IPFIX Protocol for PSAMP..........................16 82 6.1 Selector ID...............................................16 83 6.2 The Selection Sequence ID.................................16 84 6.3 The Exporting Process.....................................17 85 6.4 Packet Report.............................................17 86 6.4.1 Basic Packet Report....................................17 87 6.4.2 Extended Packet Report.................................20 88 6.5 Report Interpretation.....................................21 89 6.5.1 Selection Sequence Report Interpretation...............21 90 6.5.2 Selector Report Interpretation.........................23 91 6.5.2.1 Systematic Count-Based Sampling.......................24 92 6.5.2.2 Systematic Time-Based Sampling........................25 93 6.5.2.3 Random n-out-of-N Sampling............................26 94 6.5.2.4 Uniform Probabilistic Sampling........................27 95 6.5.2.5 Property Match Filtering..............................29 96 6.5.2.6 Hash-Based Filtering..................................30 97 6.5.2.7 Other Selection Methods...............................34 98 6.5.3 Selection Sequence Statistics Report Interpretation....34 99 6.5.4 Accuracy Report Interpretation.........................36 100 7. Security Considerations.....................................39 101 8. IANA Considerations.........................................40 102 8.1 IPFIX Related Considerations..............................40 103 8.2 PSAMP Related Considerations..............................40 104 9. References..................................................40 105 9.1 Normative References......................................40 106 9.2 Informative References....................................41 107 10. Acknowledgments............................................41 108 11. Intellectual Property Statement............................42 109 12. Copyright Statement........................................42 110 13. Disclaimer.................................................43 112 1. Introduction 114 The name PSAMP is a contraction of the phrase Packet SAMPling. The 115 word "sampling" captures the idea that only a subset of all packets 116 passing a network element will be selected for reporting. PSAMP 117 selection operations include random selection, deterministic 118 selection, and deterministic approximations to random selection 119 (hash-based selection). 121 The IP Flow information export (IPFIX) protocol specified in [IPFIX- 122 PROTO] exports IP traffic information [IPFIX-INFO] observed at 123 network devices. This matches the general protocol requirements 124 outlined in the PSAMP framework [PSAMP-FMWK]. However, there are 125 some architectural differences between IPFIX and PSAMP in the 126 requirements for an export protocol. While the IPFIX architecture 127 [IPFIX-ARCH] is focused on gathering and exporting IP traffic flow 128 information, the focus of the PSAMP framework [PSAMP-FMWK] is on 129 exporting information on individual packets. This basic difference 130 and a set of derived differences in protocol requirements are 131 outlined in Section 4. Despite these differences, the IPFIX protocol 132 is well suited as PSAMP protocol. Section 5 specifies how the IPFIX 133 protocol is used for the export of packet samples. Required 134 extensions of the IPFIX information model are specified in the PSAMP 135 information model [PSAMP-INFO]. 137 2. PSAMP Documents Overview 139 [PSAMP-FMWK]: "A Framework for Packet Selection and Reporting", 140 describes the PSAMP framework for network elements to select subsets 141 of packets by statistical and other methods, and to export a stream 142 of reports on the selected packets to a collector. 144 [PSAMP-TECH]: "Sampling and Filtering Techniques for IP Packet 145 Selection", describes the set of packet selection techniques 146 supported by PSAMP. 148 This document: "Packet Sampling (PSAMP) Protocol Specifications" 149 specifies the export of packet information from a PSAMP Exporting 150 Process to a PSAMP Collecting Process. 152 [PSAMP-INFO]: "Information Model for Packet Sampling Exports" defines 153 an information and data model for PSAMP. 155 3. Terminology 157 As the IPFIX export protocol is used to export the PSAMP information, 158 the relevant IPFIX terminology from [IPFIX-PROTO] is copied over in 159 this document. All terms defined in this section have their first 160 letter capitalized when used in this document. The terminology 161 summary table in section 3.1 gives a quick overview of the 162 relationships between the different IPFIX terms. The PSAMP 163 terminology defined here is fully consistent with all terms listed in 164 [PSAMP-TECH] and [PSAMP-FMWK] but only definitions that are relevant 165 to the PSAMP protocol appear here. Section 5.4 applies the PSAMP 166 terminology to the IPFIX protocol terminology. 168 3.1 IPFIX Terminology 170 IPFIX-specific terminology used in this document is defined in 171 section 2 of [IPFIX-PROTO]. The only exceptions are the Metering 172 Process, Exporting Process, and the Collector terms, which are 173 defined more precisely in the PSAMP terminology section. As in 174 [IPFIX-PROTO], these IPFIX-specific terms have the first letter of a 175 word capitalized when used in this document. 177 +------------------+---------------------------------------------+ 178 | | contents | 179 | +--------------------+------------------------+ 180 | Set | Template | record | 181 +------------------+--------------------+------------------------+ 182 | Data Set | / | Data Record(s) | 183 +------------------+--------------------+------------------------+ 184 | Template Set | Template Record(s) | / | 185 +------------------+--------------------+------------------------+ 186 | Options Template | Options Template | / | 187 | Set | Record(s) | | 188 +------------------+--------------------+------------------------+ 189 Figure A: Terminology Summary Table 191 3.2 PSAMP Terminology 193 The PSAMP terminology section has been copied over from [PSAMP-TECH]. 195 3.2.1 Packet Streams and Packet Content 197 Observed Packet Stream 199 The Observed Packet Stream is the set of all packets observed at the 200 Observation Point. 202 Packet Stream 204 A Packet Stream denotes a subset of the Observed Packet Stream that 205 flows past some specified point within the Selection Process. 206 An example of a Packet Stream is the output of the Selection Process. 207 Note that packets selected from a stream, e.g. by Sampling, do not 208 necessarily possess a property by which they can be distinguished 209 from packets that have not been selected. For this reason the term 210 "stream" is favored over "flow", which is defined as set of packets 211 with common properties [RFC3917]. 213 Packet Content 215 The Packet Content denotes the union of the packet header (which 216 includes link layer, network layer and other encapsulation headers) 217 and the packet payload. Note that, depending on the Observation 218 Point, the link layer information might not be available. 220 3.2.2 Selection Process 222 Selection Process 224 A Selection Process takes the Observed Packet Stream as its input and 225 selects a subset of that stream as its output. 227 Selection State 229 A Selection Process may maintain state information for use by the 230 Selection Process. At a given time, the Selection State may depend 231 on packets observed at and before that time, and other variables. 232 Examples include: 234 (i) sequence numbers of packets at the input of Selectors; 236 (ii) a timestamp of observation of the packet at the 237 Observation Point; 239 (iii) iterators for pseudorandom number generators; 241 (iv) hash values calculated during selection; 243 (v) indicators of whether the packet was selected by a 244 given Selector. 246 Selection Processes may change portions of the Selection State as a 247 result of processing a packet. Selection state for a packet is to 248 reflect the state after processing the packet. 250 Selector 252 A Selector defines the action of a Selection Process on a single 253 packet of its input. If selected, the packet becomes an element of 254 the output Packet Stream. 256 The Selector can make use of the following information in determining 257 whether a packet is selected: 259 (i) the Packet Content; 261 (ii) information derived from the packet's treatment at the 262 Observation Point; 264 (iii) any selection state that may be maintained by the 265 Selection Process. 267 Composite Selector 268 A Composite Selector is an ordered composition of Selectors, in which 269 the output Packet Stream issuing from one Selector forms the input 270 Packet Stream to the succeeding Selector. 272 Primitive Selector 274 A Selector is primitive if it is not a Composite Selector. 276 Selector ID 278 The Selector ID is the unique ID identifying a Primitive Selector. 279 The ID is unique within the Observation Domain. 281 Selection Sequence 283 From all the packets observed at an Observation Point, only a few 284 packets are selected by one or more Selectors. The Selection 285 Sequence is a unique value per Observation Domain describing the 286 Observation Point and the Selector IDs through which the packets are 287 selected. 289 3.2.3 Reporting 291 Packet Reports 293 Packet Reports comprise a configurable subset of a packet's input to 294 the Selection Process, including the Packet Content, information 295 relating to its treatment (for example, the output interface), and 296 its associated selection state (for example, a hash of the Packet 297 Content). 299 Report Interpretation 301 Report Interpretation comprises subsidiary information, relating to 302 one or more packets, that are used for interpretation of their Packet 303 Reports. Examples include configuration parameters of the Selection 304 Process. 306 Report Stream 308 The Report Stream is the output of a Metering Process, comprising two 309 distinguished types of information: Packet Reports, and Report 310 Interpretation. 312 3.2.4 Metering Process 314 Metering Process 316 A Metering Process selects packets from the Observed Packet Stream 317 using a Selection Process, and produces as output a Report Stream 318 concerning the selected packets. The PSAMP Metering Process can be 319 viewed as analogous to the IPFIX metering process [IPFIX-PROTO], 320 which produces flow records as its output. 322 3.2.5 Exporting Process 324 Exporting Process 326 An Exporting Process sends, in the form of Export Packets, the output 327 of one or more Metering Processes to one or more Collectors. 329 Export Packet 331 An Export Packet is a combination of Report Interpretation(s) and/or 332 one or more Packet Reports that are bundled by the Exporting Process 333 into a Export Packet for exporting to a Collector. 335 3.2.6 PSAMP Device 337 PSAMP Device 339 A PSAMP Device is a device hosting at least an Observation Point, a 340 Selection Process and an Exporting Process. Typically, corresponding 341 Observation Point(s), Selection Process(es) and Exporting Process(es) 342 are co-located at this device, for example at a router. 344 3.2.7 Collector 346 Collector 348 A Collector receives a Report Stream exported by one or more 349 Exporting Processes. In some cases, the host of the Metering and/or 350 Exporting Processes may also serve as the Collector. 352 3.2.8 Selection Methods 353 Filtering 355 A filter is a Selector that selects a packet deterministically based 356 on the Packet Content, or its treatment, or functions of these 357 occurring in the Selection State. Examples include property match 358 Filtering, and Hash-based Selection. 360 Sampling 362 A Selector that is not a filter is called a Sampling operation. This 363 reflects the intuitive notion that if the selection of a packet 364 cannot be determined from its content alone, there must be some type 365 of Sampling taking place. 367 Content-independent Sampling 369 A Sampling operation that does not use Packet Content (or quantities 370 derived from it) as the basis for selection is called a Content- 371 independent Sampling operation. Examples include systematic 372 Sampling, and uniform pseudorandom Sampling driven by a pseudorandom 373 number whose generation is independent of Packet Content. Note that 374 in Content-independent Sampling it is not necessary to access the 375 Packet Content in order to make the selection decision. 377 Content-dependent Sampling 379 A Sampling operation where selection is dependent on Packet Content 380 is called a Content-dependent Sampling operation. Examples include 381 pseudorandom selection according to a probability that depends on the 382 contents of a packet field. Note that this is not a filter, because 383 the selection is not deterministic. 385 Hash Domain 387 A subset of the Packet Content and the packet treatment, viewed as an 388 N-bit string for some positive integer N. 390 Hash Range 392 A set of M-bit strings for some positive integer M that define the 393 range of values the result of the hash operation can take. 395 Hash Function 397 A deterministic map from the Hash Domain into the Hash Range. 399 Hash Selection Range 400 A subset of the Hash Range. The packet is selected if the action of 401 the Hash Function on the Hash Domain for the packet yields a result 402 in the Hash Selection Range. 404 Hash-based Selection 406 Filtering specified by a Hash Domain, a Hash Function, a Hash Range 407 and a Hash Selection Range. 409 Approximative Selection 411 Selectors in any of the above categories may be approximated by 412 operations in the same or another category for the purposes of 413 implementation. For example, uniform pseudorandom Sampling may be 414 approximated by Hash-based Selection, using a suitable Hash Function 415 and Hash Domain. In this case, the closeness of the approximation 416 depends on the choice of Hash Function and Hash Domain. 418 Population 420 A Population is a Packet Stream, or a subset of a Packet Stream. A 421 Population can be considered as a base set from which packets are 422 selected. An example is all packets in the Observed Packet Stream 423 that are observed within some specified time interval. 425 Population Size 427 The Population Size is the number of all packets in the Population. 429 Sample Size 431 The number of packets selected from the Population by a Selector. 433 Configured Selection Fraction 435 The Configured Selection Fraction is the ratio of the number of 436 packets selected by a Selector from an input Population, to the 437 Population Size, as based on the configured selection parameters. 439 Attained Selection Fraction 441 The Attained Selection Fraction is the actual ratio of the 442 number of packets selected by a Selector from an input 443 Population, to the Population Size. For some Sampling methods the 444 Attained Selection Fraction can differ from the Configured Selection 445 Fraction due to, for example, the inherent statistical variability in 446 Sampling decisions of probabilistic Sampling and Hash-based 447 Selection. Nevertheless, for large Population Sizes and properly 448 configured Selectors, the Attained Selection Fraction usually 449 approaches the Configured Selection Fraction. 451 3.3 IPFIX and PSAMP Terminology Comparison 453 The PSAMP terminology has been specified with an IPFIX background, as 454 PSAMP and IPFIX have similar terms. However, this section clarifies 455 the terms between the IPFIX and PSAMP terminology. 457 3.3.1 IPFIX and PSAMP Processes 459 The figure B indicates the sequence of the processes (Metering and 460 Exporting) within the PSAMP Device. 462 +------------------+ 463 | Metering Process | 464 | +-----------+ | +-----------+ 465 Observed | | Selection | | | Exporting | 466 Packet--->| | Process |--------->| Process |--->Collector 467 Stream | +-----------+ | +-----------+ 468 +------------------+ 470 Figure B: PSAMP Processes 472 The Selection Process, which takes an Observed Packet Stream as its 473 input, is an integral part of the Metering Process. The Selection 474 Process chooses which packets from its input packet stream will be 475 reported on by the rest of the Metering Process. Note that a 476 "Process" is not necessarily implemented as a separate CPU thread. 478 3.3.2 Packet Report, Packet Interpretation, and Data Record 480 The PSAMP terminology speaks of Packet Report and Packet 481 Interpretation, while the IPFIX terminology speaks of Data Record and 482 (Option) Template Record. The PSAMP Packet Report, which comprises 483 information about the observed packet, can be viewed as analogous to 484 the IPFIX Data Record defined by a Template Record. The PSAMP Packet 485 Interpretation, which comprises subsidiary information used for the 486 interpretation of the Packet Reports, can be viewed as analogous to 487 the IPFIX Data Record defined by an Option Template Record. 489 4. Differences between PSAMP and IPFIX 491 The output of the IPFIX working group relevant for this draft is 492 structured into three documents: 493 - IP Flow information architecture [IPFIX-ARCH] 494 - IPFIX protocol specifications [IPFIX-PROTO] 495 - IP Flow information export information model [IPFIX-INFO] 497 In the following sections we investigate the differences between 498 IPFIX and PSAMP for each of those aspects. 500 4.1 Architecture Point of View 502 Traffic Flow measurement as described in the IPFIX requirements 503 [RFC3917] and the IPFIX architecture [IPFIX-ARCH] can be separated 504 into two stages: packet processing and Flow processing. 505 Figure C illustrates these stages. 507 In stage 1, all processing steps act on packets. Packets are 508 captured, time stamped, selected by one or more selection steps and 509 finally forwarded to packet classification that maps packets to 510 Flows. The packets selection steps may include Filtering and 511 Sampling functions. 513 In stage 2, all processing steps act on Flows. After packets are 514 classified (mapped to Flows), Flows are generated (or updated if they 515 exist already). Flow generation and update steps may be performed 516 repeatedly for aggregating Flows. Finally, Flows are exported. 518 Packet Sampling as described in the PSAMP framework [PSAMP-FMWK] 519 covers only stage 1 of the IPFIX architecture with the packet 520 classification replaced by packet record export. 522 IPFIX architecture PSAMP framework 524 packet header packet header 525 capturing \ capturing 526 | | | 527 timestamping | timestamping 528 | | | 529 v | v 530 +------>+ | stage 1: +------>+ 531 | | > packet | | 532 | packet | processing | packet 533 | selection | | selection 534 | | | | | 535 +-------+ | +-------+ 536 | | | 537 v | v 538 packet / packet record 539 classification \ export 540 | | 541 v | 542 +------>+ | 543 | | | 544 | Flow generation | 545 | and update | stage 2: 546 | | > Flow 547 | v | processing 548 | Flow | 549 | selection | 550 | | | 551 +-------+ | 552 | | 553 v | 554 Flow Record / 555 export 557 Figure C: Comparison of IPFIX architecture and PSAMP framework 559 4.2 Protocol Point of View 561 Concerning the protocol, the major difference between IPFIX and PSAMP 562 is that the IPFIX protocol exports Flow Records while the PSAMP 563 protocol exports Packet Records. From a pure export point of view, 564 IPFIX will not distinguish a Flow Record composed of several packets 565 aggregated together, from a Flow Record composed of a single packet. 567 So the PSAMP export can be seen as special IPFIX Flow Record 568 containing information about a single packet. 570 All extensions of the IPFIX protocol that are required to satisfy the 571 PSAMP requirements have already been incorporated in the IPFIX 572 protocol [IPFIX-PROTO], which was developed in parallel with the 573 PSAMP protocol. An example is the need for a data type for protocol 574 fields that have flexible length, such as an octet array. This was 575 added to the IPFIX protocol specification in order to meet the 576 requirement of the PSAMP protocol to report content of captured 577 packets, for example the first octets of a packet. 579 4.3 Information Model Point of View 581 From the information model point of view, the overlap between both 582 the IPFIX and PSAMP protocols is quite large. Most of the 583 Information Elements in the IPFIX protocol are also relevant for 584 exporting packet information, for example all fields reporting packet 585 header properties. Only a few Information Elements, such as 586 observedFlowTotalCount (whose value will always be 1 for PSAMP) etc., 587 cannot be used in a meaningful way by the PSAMP protocol. Also, 588 IPFIX protocol requirements concerning stage 2 of figure C do not 589 apply to the PSAMP metering process. 591 Further required extensions apply to the information model. Even if 592 the IPFIX charter speaks of Sampling, no Sampling related Information 593 Elements are specified in [IPFIX-INFO]. The task of specifying them 594 was intentionally left for the PSAMP information model [PSAMP-INFO]. 595 A set of several additional fields is required for satisfying the 596 requirements for the PSAMP information model [PSAMP-TECH]. 598 Exploiting the extensibility of the IPFIX information model, the 599 required extension is covered by the PSAMP information model 600 specified in [PSAMP-INFO]. 602 5. PSAMP Requirements versus the IPFIX Solution 604 In the "Generic Requirements for PSAMP" section, [PSAMP-FMWK] 605 describes some requirements that affect directly the PSAMP export 606 protocol. 608 In the "Generic Selection Process Requirements" section, [PSAMP-FMWK] 609 describes one requirement that, if not directly related to the export 610 protocol, will put some constraints on it. Parallel Measurements: 611 multiple independent selection processes at the same entity. 613 Finally, [PSAMP-FMWK] describes a series of requirements specifying 614 the different Information Elements that MUST and SHOULD be reported 615 to the Collector. Nevertheless IPFIX, being a generic export 616 protocol, can export any Information Elements as long as they are 617 described in the information model. So these requirements are mainly 618 targeted for the [PSAMP-INFO] document. 620 The PSAMP protocol specifications meets almost all the protocol 621 requirements stated in the PSAMP framework document [PSAMP-FMWK]: 623 * Extensibility 624 * Parallel selection processes 625 * Encrypted packets 626 * Indication of information loss 627 * Accuracy 628 * Privacy 629 * Timeliness 630 * Congestion avoidance 631 * Secure export 632 * Export rate limit 633 * Microsecond timestamp resolution 635 The only requirement that is not met is Export Packet compression. 636 With the choice of IPFIX as PSAMP export protocol, the export packet 637 compression option mentioned in the section 8.5 of the framework 638 document [PSAMP-FMWK] is not addressed. 640 5.1 High Level View of the Integration 642 The Template Record in the Template Set is used to describe the 643 different PSAMP Information Elements that will be exported to the 644 Collector. The Collector decodes the Template Record in the Template 645 Set and knows which Information Elements to expect when it receives 646 the Data Records in the PSAMP Packet Report Data Set. Typically, in 647 the base level of the PSAMP functionality, the Template Set will 648 contain the input sequence number, the packet fragment (some number 649 of contiguous bytes from the start of the packet or from the start of 650 the payload) and the Selection Sequence. 652 The Options Template Record in the Options Template Set is used to 653 describe the different PSAMP Information Elements that concern the 654 Metering Process itself: Sampling and/or Filtering functions, and the 655 associated parameters. The Collector decodes the Options Template 656 Records in the Option Template Set and knows which Information 657 Elements to expect when it receives the Data Records in the PSAMP 658 Report Interpretation Data Set. Typically, the Options Template 659 would contain the Selection Sequence, the Sampling or Filtering 660 functions, and the Sampling or Filtering associated parameters. 662 PSAMP requires all the different possibilities of the IPFIX protocol 663 specifications [IPFIX-PROTO]. That is the 3 types of Set (Data Set, 664 Template Set and Options Templates Set) with the 2 types of Templates 665 Records (Template Record and Options Template Record), as described 666 in the figure A. As a consequence, PSAMP can't rely on a subset of 667 the IPFIX protocol specifications described in [IPFIX-PROTO]. The 668 entire IPFIX protocol specifications [IPFIX-PROTO] MUST be 669 implemented for the PSAMP protocol. 671 6. Using the IPFIX Protocol for PSAMP 673 In this section, we describe the usage of the IPFIX protocol for 674 PSAMP. We describe the record formats and the additional 675 requirements that must be met. PSAMP uses two different types of 676 messages: 677 - Packet Reports 678 - Report Interpretation 680 The format of Packet Reports is defined in IPFIX Template Records. 681 The PSAMP data is transferred as Information Elements in IPFIX Data 682 Records as described by the Template Record. There are two different 683 types of Packet Reports. Basic Packet Reports contain only the basic 684 Information Elements required for PSAMP reporting. Extended Packet 685 Reports MAY contain further Information Elements. 686 The format of Report Interpretations is defined in IPFIX Option 687 Template Record. The Information Elements are transferred in IPFIX 688 Data Records as described by the Option Template Record. There are 689 four different types of Report Interpretation messages: 690 - Selection Sequence Report Interpretation 691 - Selector Report Interpretation 692 - Selection Sequence Statistics Report Interpretation 693 - Accuracy Report Interpretation 694 A description and examples about the usage of those reports is given 695 below. 697 6.1 Selector ID 699 The Selector ID is the unique ID identifying a Primitive Selector. 700 Each Primitive Selector MUST have a unique ID within the Observation 701 Domain. The Selector ID is represented by the selectorId Information 702 Element [PSAMP-INFO]. 704 6.2 The Selection Sequence ID 706 From all the packets observed at an Observation Point, a subset of 707 packets is selected by one or more Selectors. The Selection Sequence 708 is the combination of an Observation Point and one or more 709 Selector(s) through which the packets are selected. The Selection 710 Sequence ID is a unique value representing that combination. The 711 Selection Sequence ID is represented by the selectionSequenceId 712 Information Element [PSAMP-INFO]. 714 6.3 The Exporting Process 716 An Exporting Process MUST be able to limit the export rate according 717 to a configurable value. The Exporting Process MAY limit the export 718 rate on a per Collecting Process basis. 720 6.4 Packet Report 722 For each Selection Sequence, for each selected packet, a Packet 723 Report MUST be created. The format of the Packet Report is specified 724 in a Template Record contained in a Template Set. 726 There are two types of Packet Report, as described in [PSAMP-FMWK]: 727 the basic Packet Report and the extended Packet Report. 729 6.4.1 Basic Packet Report 731 For each selected packet, the Packet Report MUST contain the 732 following information: 733 - The selectionSequenceId Information Element 734 If there is a digest function in the selection sequence, the Packet 735 report MUST contain the hash value (digestHashValue Information 736 Element) generated by the digest hash function for each selected 737 packet. If there is more than one digest function then each hash 738 value MUST be included in the same order as they appear in the 739 selection sequence. If there are no digest functions in the 740 selection sequence no element for the digest needs to be sent. 741 - Some number of contiguous bytes from the start of the packet, 742 including the packet header (which includes link layer, network layer 743 and other encapsulation headers) and some subsequent bytes of the 744 packet payload. Alternatively, the number of contiguous bytes may 745 start at the beginning of the payload. The dataLinkFrameSection, 746 mplsLabelStackSection, mplsPayloadPacketSection, ipPacketSection, and 747 ipPayloadPacketSection PSAMP Information Elements are available for 748 this use. If one of those Information Elements that contain some 749 number of contiguous bytes has got a content with an insufficient 750 number of octets compared to its length specified in the Template, 751 then this Information Element MUST be sent with a new Template using 752 either a fixed length Information Element of the necessary size or a 753 variable length Information Element. 755 For each selected packet, the Packet Report SHOULD contain the 756 following information: 757 - the observationTimeMicroseconds Information Element 758 In the Packet Report, the PSAMP device MUST be capable of exporting 759 the number of observed packets and the number of packets selected by 760 each instance of its Primitive Selectors (as described by the non 761 scope Information Elements of the Selection Sequence Statistics 762 Report Interpretation) although it MAY be a configurable option not 763 to include them. If exported, the Attained Selection Fraction may 764 be calculated precisely for the Observed Packet Stream. The Packet 765 Report MAY include only the final selector packetSelected, to act as 766 an index for that selection sequence in the Selection Sequence 767 Statistics Report Interpretation, which also allows the calculation 768 of the Attained Selection Fraction. 770 The contiguous Information Elements (dataLinkFrameSection, 771 mplsLabelStackSection, mplsPayloadPacketSection, ipPacketSection, 772 and ipPayloadPacketSection) MAY be encoded with a fixed length field 773 or with a variable sized field. If one of these Information 774 Elements is encoded with a fixed length field whose length is too 775 long for the number of contiguous bytes in the selected packet, 776 padding MUST NOT be used. In this case, the Exporting Process MUST 777 export the information either in a new Template Record with the 778 correct fixed length field, or either in a new Template Record with 779 a variable length field. 781 Here is an example of a basic Packet Report, with a 782 SelectionSequenceId value of 9 and dataLinkFrameSection 783 Information Element of 12 bytes, 0x4500 005B A174 0000 FF11 832E, 784 encoded with a fixed length field. 786 IPFIX Template Record: 788 0 1 2 3 789 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 790 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 791 | Set ID = 2 | Length = 24 | 792 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 793 | Template ID = 260 | Field Count = 4 | 794 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 795 | selectionSequenceId = 301 | Field Length = 4 | 796 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 797 | digestHashValue = 326 | Field Length = 4 | 798 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 799 | dataLinkFrameSection = 315 | Field Length = 12 | 800 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 801 |observationTimeMicroseconds=324| Field Length = 4 | 802 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 804 The associated IPFIX Data Record: 806 0 1 2 3 807 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 808 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 809 | Set ID = 260 | Length = 28 | 810 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 811 | 9 | 812 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 813 | 0x9123 0613 | 814 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 815 | 0x4500 005B | 816 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 817 | 0xA174 0000 | 818 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 819 | 0xFF11 832E | 820 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 821 | observation time encoded as dateTimeSeconds [IPFIX-PROTO] | 822 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 824 Figure D: Example of a Basic Packet Report 826 Here is an example of a basic Packet Report, with a 827 SelectionSequenceId value of 9 and ipHeaderPacketSection Information 828 Element of 12 bytes, 0x4500 005B A174 0000 FF11 832E, encoded with a 829 variable sized field. 831 IPFIX Template Record: 833 0 1 2 3 834 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 836 | Set ID = 2 | Length = 16 | 837 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 838 | Template ID = 261 | Field Count = 2 | 839 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 840 | selectionSequenceId = 301 | Field Length = 4 | 841 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 842 | ipHeaderPacketSection = 313 | Field Length = 65535 | 843 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 845 The associated IPFIX Data Record: 847 0 1 2 3 848 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 849 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 850 | Set ID = 261 | Length = 21 | 851 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 852 | 9 | 853 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 854 | Length = 12 | 0x4500 ... | 855 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 856 | ... 005B | 0xA174 ... | 857 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 858 | ... 0000 | 0xFF11 ... | 859 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 860 | ... 832E | 861 +-+-+-+-+-+-+-+-+ 863 Figure E: Example of a Basic Packet Report, 864 with a variable sized field 866 6.4.2 Extended Packet Report 868 Alternatively to the basic Packet Report, the extended Packet Report 869 MAY contain other Information Elements related to the protocols used 870 in the packet (such as source and destination IP addresses), related 871 to the packet treatment (such as output interface, destination BGP 872 autonomous system [RFC4271]), or related to the Selection State 873 associated with the packet (such as timestamp, hash value). 875 It is envisaged that selection of fields for extended Packet Reports 876 may be used to reduce reporting bandwidth, in which case the option 877 to report some number of contiguous bytes from the start of the 878 packet, mandatory in the basic Packet Report, may not be exercised. 879 In this case, the Packet Content MAY be omitted. Note this 880 configuration is quite similar to an IPFIX Device for which a 881 Template Record containing information about a single packet is 882 reported. 884 Example of a detailed Extended Packet Report: 886 IPFIX Template Record: 888 0 1 2 3 889 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 890 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 891 | Set ID = 2 | Length = 32 | 892 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 893 | Template ID = 261 | Field Count = 6 | 894 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 895 |0| selectionSequenceId = 301 | Field Length = 4 | 896 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 897 |0| sourceIPv4Address = 44 | Field Length = 4 | 898 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 899 |0| destinationIPv4Address = 45 | Field Length = 4 | 900 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 901 |0| totalLengthIPv4 = 190 | Field Length = 2 | 902 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 903 |0| tcpSourcePort = 182 | Field Length = 2 | 904 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 905 |0| tcpDestinationPort = 183 | Field Length = 2 | 906 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 908 The associated IPFIX Data Record: 910 0 1 2 3 911 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 912 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 913 | Set ID = 261 | Length = 20 | 914 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 915 | 9 | 916 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 917 | 192.0.2.1 | 918 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 919 | 192.0.2.106 | 920 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 921 | 72 | 1372 | 922 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 923 | 80 | 924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 926 Figure F: Example of an Extended Packet Report 928 6.5 Report Interpretation 930 To make full sense of the Packet Reports there are a number of 931 additional pieces of information that must be communicated to the 932 Collector: 933 - The details about which Selectors and Observation Points are being 934 used within a Selection Sequences MUST be provided using the 935 Selection Sequence Report Interpretation. 936 - The configuration details of each Selector MUST be provided using 937 the Selector Report Interpretation. 938 - The Selector ID statistics MUST be provided using the Selection 939 Sequence Statistics Report Interpretation. 940 - The accuracies of the reported fields MUST be provided using the 941 Accuracy Report Interpretation. 943 6.5.1 Selection Sequence Report Interpretation 945 Each Packet Report contains a selectionSequenceId Information Element 946 that identifies the particular combination of Observation Point and 947 Selector(s) used for its selection. For every selectionSequenceId 948 Information Element in use, the PSAMP Device MUST export a Selection 949 Sequence Report Interpretation using an Options Template with the 950 following Information Elements: 952 Scope: selectionSequenceId 953 Non-Scope: one Information Element representing 954 the Observation Point 955 selectorId (one or more) 957 An Information Element representing the Observation Point would 958 typically be taken from the ingressInterface, egressInterface, 959 lineCardId, exporterIPv4Address, exporterIPv6Address Information 960 Elements (specified in [IPFIX-INFO]), but not limited to those: any 961 Information Element specified in [IPFIX-INFO] or [PSAMP-INFO] can 962 potentially be used. In case of more complex Observation Points 963 (such as a list of interfaces, a bus, etc..), a new Information 964 Element describing the new type of Observation Point must be 965 specified, along with an option template record describing it in more 966 details (if necessary). 968 If the packets are selected by a Composite Selector, the Selection 969 Sequence is composed of several Primitive Selectors. In such a case, 970 the Selection Sequence Report Interpretation MUST contain the list of 971 all the Primitive Selector IDs in the Selection Sequence. If 972 multiple Selectors are contained in the Selection Sequence Report 973 Interpretation, the selectorId's MUST be identified in the order they 974 are used. 976 Example of two Selection Sequences: 978 Selection Sequence 7 (Filter->Sampling): 979 ingressInterface 5 980 selectorId 5 (Filter, match IPV4SourceAddress 192.0.2.1) 981 selectorId 10 (Sampler, Random 1 out-of ten) 983 Selection Sequence 9 (Sampling->Filtering): 984 ingressInterface 5 985 selectorId 10 (Sampler, Random 1 out-of ten) 986 selectorId 5 (Filter, match IPV4SourceAddress 192.0.2.1) 988 IPFIX Options Template Record: 990 0 1 2 3 991 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 992 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 993 | Set ID = 3 | Length = 26 | 994 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 995 | Template ID = 262 | Field Count = 4 | 996 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 997 | Scope Field Count = 1 |0| selectionSequenceId = 301 | 998 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 999 | Scope 1 Length = 4 |0| ingressInterface = 10 | 1000 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1001 | Field Length = 4 |0| selectorId = 300 | 1002 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1003 | Field Length = 4 |0| selectorId = 300 | 1004 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1005 | Field Length = 4 | 1006 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1008 The associated IPFIX Data Record: 1010 0 1 2 3 1011 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1012 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1013 | Set ID = 262 | Length = 36 | 1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1015 | 7 | 1016 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1017 | 5 | 1018 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1019 | 5 | 1020 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1021 | 10 | 1022 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1023 | 9 | 1024 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1025 | 5 | 1026 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1027 | 10 | 1028 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1029 | 5 | 1030 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1032 Figure G: Example of a Selection Sequence Report Interpretation 1034 Notes: 1035 * There are two Records here in the same Data Set. Each record 1036 defines a different Selection Sequence. 1037 * If, for example, a different Selection Sequence is composed of 1038 three Selectors then a different Options Template with three 1039 selectorId Information Elements (instead of two) must be used. 1041 6.5.2 Selector Report Interpretation 1043 An IPFIX Data Record, defined by an Option Template Record, MUST be 1044 used to send the configuration details of every Selector in use. The 1045 Option Template Record MUST contain the selectorId Information 1046 Element as the Scope field and the SelectorAlgorithm Information 1047 Element followed by some specific configuration parameters: 1049 Scope: selectorId 1050 Non-scope: selectorAlgorithm 1051 algorithm specific Information Elements 1053 The algorithm specific Information Elements are specified in the 1054 following subsections, depending on the selection method represented 1055 by the value of the selectorAlgorithm [PSAMP-INFO]. 1057 6.5.2.1 Systematic Count-Based Sampling 1059 In systematic count-based Sampling, the start and stop triggers for 1060 the Sampling interval are defined in accordance with the spatial 1061 packet position (packet count) [PSAMP-TECH]. 1063 The REQUIRED algorithm specific Information Elements in the case of 1064 systematic count-based Sampling are: 1066 samplingPacketInterval: number of packets selected in a row 1067 samplingPacketSpace: number of packets between selections 1069 Example of a simple 1 out-of 10 systematic count-based Selector 1070 definition, where the samplingPacketInterval is 1 and the 1071 samplingPacketSpace is 9. 1073 IPFIX Options Template Record: 1075 0 1 2 3 1076 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1077 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1078 | Set ID = 3 | Length = 26 | 1079 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1080 | Template ID = 263 | Field Count = 4 | 1081 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1082 | Scope Field Count = 1 |0| selectorId = 302 | 1083 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1084 | Scope 1 Length = 4 |0| selectorAlgorithm = 304 | 1085 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1086 | Field Length = 1 |0|samplingPacketInterval = 305 | 1087 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1088 | Field Length = 1 |0| samplingPacketSpace = 306 | 1089 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1090 | Field Length = 1 | 1091 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1093 Associated IPFIX Data Record: 1095 0 1 2 3 1096 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1097 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1098 | Set ID = 263 | Length = 11 | 1099 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1100 | 15 | 1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1102 | 1 | 1 | 9 | 1103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1105 Figure H: Example of the Selector Report Interpretation, 1106 For Systematic Count-Based Sampling 1108 Notes: 1109 * A selectorAlgorithm value of 1 represents systematic count-based 1110 Sampling. 1111 * samplingPacketInterval and samplingPacketSpace are of type 1112 unsigned32 but are compressed down to one octet here, as allowed by 1113 the IPFIX protocol specifications [IPFIX-PROTO]. 1115 6.5.2.2 Systematic Time-Based Sampling 1117 In systematic time-based Sampling, the start and stop triggers are 1118 used to define the Sampling intervals [PSAMP-TECH]. The REQUIRED 1119 algorithm specific Information Elements in the case of systematic 1120 time-based Sampling are: 1122 samplingTimeInterval: time (in us) when packets are selected 1123 samplingTimeSpace: time (in us) between selections 1125 Example of a 100 us out-of 1000 us systematic time-based Selector 1126 definition, where the samplingTimeInterval is 100 and the 1127 samplingTimeSpace is 900 1129 IPFIX Options Template Record: 1131 0 1 2 3 1132 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1134 | Set ID = 3 | Length = 26 | 1135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1136 | Template ID = 264 | Field Count = 4 | 1137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1138 | Scope Field Count = 1 |0| selectorId = 302 | 1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1140 | Scope 1 Length = 4 |0| selectorAlgorithm = 304 | 1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1142 | Field Length = 1 |0| samplingTimeInterval = 307 | 1143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1144 | Field Length = 1 |0| samplingTimeSpace = 308 | 1145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1146 | Field Length = 2 | 1147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1149 Associated IPFIX Data Record: 1151 0 1 2 3 1152 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1154 | Set ID = 264 | Length = 12 | 1155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1156 | 16 | 1157 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1158 | 2 | 100 | 900 | 1159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1161 Figure I: Example of the Selector Report Interpretation, 1162 For Systematic Time-Based Sampling 1164 Notes: 1165 * A selectorAlgorithm value of 2 represents systematic time-based 1166 Sampling. 1167 * samplingTimeInterval and samplingTimeSpace are of type unsigned32 1168 but are compressed down here. 1170 6.5.2.3 Random n-out-of-N Sampling 1172 In random n-out-of-N Sampling, n elements are selected out of the 1173 parent population that consists of N elements [PSAMP-TECH]. The 1174 REQUIRED algorithm specific Information Elements in case of random n- 1175 out-of-N Sampling are: 1177 samplingSize: number of packets selected 1178 samplingPopulation: number of packets in selection population 1180 Example of a 1 out-of 10 random n-out-of-N Sampling Selector: 1182 IPFIX Options Template Record: 1184 0 1 2 3 1185 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1187 | Set ID = 3 | Length = 26 | 1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1189 | Template ID = 265 | Field Count = 4 | 1190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1191 | Scope Field Count = 1 |0| selectorId = 302 | 1192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1193 | Scope 1 Length = 4 |0| selectorAlgorithm = 304 | 1194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1195 | Field Length = 1 |0| samplingSize = 309 | 1196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1197 | Field Length = 1 |0| samplingPopulation = 310 | 1198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1199 | Field Length = 1 | 1200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1202 Associated IPFIX Data Record: 1204 0 1 2 3 1205 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1207 | Set ID = 265 | Length = 11 | 1208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1209 | 17 | 1210 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1211 | 3 | 1 | 10 | 1212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1214 Figure J: Example of the Selector Report Interpretation, 1215 For Random n-out-of-N Sampling 1217 Notes: 1218 * A selectorAlgorithm value of 3 represents Random n-out-of-N 1219 Sampling. 1220 * samplingSize and samplingPopulation are of type unsigned32 but are 1221 compressed down to one octet here. 1223 6.5.2.4 Uniform Probabilistic Sampling 1225 In uniform probabilistic Sampling, each element has the same 1226 probability p of being selected from the parent population [PSAMP- 1227 TECH]. The algorithm specific Information Element in case of uniform 1228 probabilistic Sampling is: 1230 samplingProbablility: a floating point number for the Sampling 1231 probability. 1233 Example of a 15% uniform probability Sampling Selector: 1235 IPFIX Options Template Record: 1237 0 1 2 3 1238 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1240 | Set ID = 3 | Length = 22 | 1241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1242 | Template ID = 271 | Field Count = 3 | 1243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1244 | Scope Field Count = 1 |0| selectorId = 302 | 1245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1246 | Field Length = 4 |0| selectorAlgorithm = 304 | 1247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1248 | Field Length = 1 |0| samplingProbabilility = 311 | 1249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1250 | Field Length = 4 | 1251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1253 Associated IPFIX Data Record: 1255 0 1 2 3 1256 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1258 | Set ID = 271 | Length = 11 | 1259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1260 | 20 | 1261 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1262 | 4 | 0.15 | 1263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1264 | | 1265 +-+-+-+-+-+-+-+-+ 1267 Figure K: Example of the Selector Report Interpretation, 1268 For Uniform Probabilistic Sampling 1270 Notes: 1271 * A selectorAlgorithm value of 4 represents Uniform Probabilistic 1272 Sampling. 1273 * samplingProbablility is of type float64 but is compressed down to a 1274 float32 here. 1276 6.5.2.5 Property Match Filtering 1278 This classification includes match(es) on field(s) within a packet 1279 and/or on properties of the router state. With this method, a packet 1280 is selected if a specific field in the packet equals a predefined 1281 value. 1283 The algorithm specific Information Elements defining configuration 1284 parameters for property match filtering are taken from the full range 1285 of available Information Elements. 1287 When multiple different Information Elements are defined, the filter 1288 acts as a logical AND. Note that the logical OR is not covered by 1289 these PSAMP specifications. The property match Filtering Options 1290 Template Record MUST NOT have multiple identical Information 1291 Elements. The result of the filter is independent from the order of 1292 the Information Elements in the Option Template Record, but the order 1293 may be important for implementation purposes, as the first filter 1294 will have to work at a higher rate. In any case, an implementation 1295 is not constrained to respect the filter ordering as long as the 1296 result is the same, and it may even implement the composite Filtering 1297 in Filtering in one single step. 1299 Since encryption alters the meaning of encrypted fields, when the 1300 Property Match Filtering classification is based on the encrypted 1301 field(s) in the packet, it MUST be able to recognize that the 1302 field(s) are not available and MUST NOT select those packets unless 1303 specifically directed by the Information Element description. 1304 Even if they are ignored, the encrypted packets MUST be accounted for 1305 in the Selector packetsObserved Information Element [PSAMP-INFO], 1306 part of the Selection Sequence Statistics Report Interpretation. 1308 Example of a match based filter Selector, whose rules are: 1309 IPv4 Source Address = 192.0.2.1 1310 IPv4 Next-Hop Address = 192.0.2.129 1312 IPFIX Options Template Record: 1314 0 1 2 3 1315 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1317 | Set ID = 3 | Length = 26 | 1318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1319 | Template ID = 266 | Field Count = 4 | 1320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1321 | Scope Field Count = 1 |0| selectorId = 302 | 1322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1323 | Scope 1 Length = 4 |0| selectorAlgorithm = 304 | 1324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1325 | Field Length = 1 |0| sourceIPv4Address = 8 | 1326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1327 | Field Length = 4 |0| ipNextHopIPv4Address = 15 | 1328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1329 | Field Length = 4 | 1330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1332 Associated IPFIX Data Record: 1334 0 1 2 3 1335 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1337 | Set ID = 266 | Length = 11 | 1338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1339 | 21 | 1340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1341 | 5 | 192.0.2 ... | 1342 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1343 | ... .1 | 192.0.2 ... | 1344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1345 | ... .129 | 1346 +-+-+-+-+-+-+-+-+ 1348 Figure L: Example of the Selector Report Interpretation, 1349 For match based and router state Filtering 1351 Notes: 1352 * A selectorAlgorithm value of 5 represents property match Filtering. 1353 * In this filter there is a mix of information from the packet and 1354 information from the router. 1356 6.5.2.6 Hash-Based Filtering 1358 In hash based selection a hash function is run on IPv4 traffic 1359 the following fields MUST be used as input to that hash function: 1360 - IP identification field 1361 - Flags field 1362 - Fragment offset 1363 - Source IP address 1364 - Destination IP address 1365 - A number of bytes from the IP payload. The number of bytes and 1366 starting offset MUST be configurable if the hash function supports 1367 it. 1369 For the bytes taken from the IP payload, IPSX has a fixed offset 1370 of 0 bytes and a fixed size of 8 bytes. The number and offset of 1371 payload bytes in the BOB function MUST be configurable. 1373 The minimum configuration ranges MUST be as follows: 1374 Number of bytes: from 8 to 32 1375 Offset: from 0 to 64 1377 If the selected payload bytes are not available and the hash function 1378 can take a variable sized input then the hash function MUST be run 1379 with the information which is available and a shorter size. Passing 1380 0 as a substitute for missing payload bytes is only acceptable if 1381 the hash function takes a fixed size as is the case with IPSX. 1383 If the hash function can take an initialization value then this 1384 value MUST be configurable. 1386 A hash-based selection function MAY be configurable as a digest 1387 function. Any selection process which is configured as a digest 1388 function MUST have the output value included in the basic packet 1389 report for any selected packet. 1391 Each hash function used as a hash-based selector requires its own 1392 value for the selectorAlgorithm. Currently we have BOB (6), IPSX (7) 1393 and CRC (8) defined and any MAY be used for either Filtering 1394 or creating a Packet Digest. Only BOB is recommended though and 1395 SHOULD be used. 1397 The REQUIRED algorithm specific Information Elements in case of hash 1398 based selection are: 1400 hashIPPayloadOffset - The payload offset used by a hash based 1401 Selector 1402 hashIPPayloadSize - The payload size used by a hash based 1403 Selector 1404 hashOutputRangeMin - One or more values for the beginning of 1405 each potential output range. 1406 hashOutputRangeMax - One or more values for the end of each 1407 potential output range. 1408 hashSelectedRangeMin - One or more values for the beginning of 1409 each selected range. 1410 hashSelectedRangeMax - One or more values for the end of each 1411 selected range. 1412 hashDigestOutput - A boolean value, TRUE if the output from 1413 this selector has been configured to be 1414 included in the packet report as a packet 1415 digest. 1417 NOTE: If more than one selection or output range needs to be sent 1418 then the minimum and maximum elements may be repeated as needed. 1419 These MUST make one or more non-overlapping ranges. The elements 1420 SHOULD be sent as pairs of minimum and maximum in ascending order, 1421 however if they are sent out of order then there will only be one 1422 way to interpret the ranges to produce a non-overlapping range and 1423 the Collecting Process MUST be prepared to accept and decode this. 1425 The following algorithm specific Information Element MAY be sent, 1426 but is optional for security considerations: 1427 hashInitialiserValue - The initialiser value to the hash function. 1429 Since encryption alters the meaning of encrypted fields, when the 1430 Hash-Based Filtering classification is based on the encrypted 1431 field(s) in the packet, it MUST be able to recognize that the 1432 field(s) are not available and MUST NOT select those packets. Even 1433 if they are ignored, the encrypted packets MUST be accounted in the 1434 Selector packetsObserved Information Element [PSAMP-INFO], part of 1435 the Selection Sequence Statistics Report Interpretation. 1437 Example of a hash based filter Selector, whose configuration is: 1438 Hash Function = BOB 1439 Hash IP Payload Offset = 0 1440 Hash IP Payload Size = 16 1441 Hash Initialiser Value = 0x9A3F9A3F 1442 Hash Output Range = 0 to 0xFFFFFFFF 1443 Hash Selected Range = 100 to 200 and 400 to 500 1445 IPFIX Options Template Record: 1447 0 1 2 3 1448 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1449 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1450 | Set ID = 3 | Length = 50 | 1451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1452 | Template ID = 269 | Field Count = 8 | 1453 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1454 | Scope Field Count = 1 |0| selectorId = 300 | 1455 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1456 | Scope 1 Length = 4 |0| selectorAlgorithm = 302 | 1457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1458 | Field Length = 1 |0| hashIPpayloadOffset = 327 | 1459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1460 | Field Length = 4 |0| hashIPpayloadSize = 328 | 1461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1462 | Field Length = 4 |0| hashInitialiserValue = 329 | 1463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1464 | Field Length = 4 |0| hashOutputRangeMin = 330 | 1465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1466 | Field Length = 4 |0| hashOutputRangeMax = 331 | 1467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1468 | Field Length = 4 |0| hashSeletionRangeMin = 332 | 1469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1470 | Field Length = 4 |0| hashSeletionRangeMax = 333 | 1471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1472 | Field Length = 4 |0| hashSeletionRangeMin = 332 | 1473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1474 | Field Length = 4 |0| hashSeletionRangeMax = 333 | 1475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1476 | Field Length = 4 | 1477 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1479 Associated IPFIX Data Record: 1481 0 1 2 3 1482 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1483 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1484 | Set ID = 266 | Length = 45 | 1485 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1486 | 22 | 1487 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1488 | 6 | ... | 1489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1490 | ... 0 | ... | 1491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1492 | ... 16 | 0x9A3F9A ... | 1493 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1494 | ... 3F | ... | 1495 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1496 | ... 0 | 0xFFFFFF ... | 1497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1498 | ... FF | ... 100 | 1499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1500 | ... | ... 200 | 1501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1502 | ... | ... 400 | 1503 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1504 | ... | ... 500 | 1505 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1506 | ... | 1507 +-+-+-+-+-+-+-+-+ 1509 Figure M: Example of the Selector Report Interpretation, 1510 for Hash Based Filtering 1512 Notes: 1513 * A selectorAlgorithm value of 6 represents hash-based Filtering 1514 using the BOB algorithm. 1516 6.5.2.7 Other Selection Methods 1518 Some potential new selection methods MAY be added. Some of the new 1519 selection methods, such as non-uniform probabilistic Sampling and 1520 flow state dependent Sampling, are described in [PSAMP-TECH], with 1521 further references. 1523 Each new selection method MUST be assigned a unique value for the 1524 selectorAlgorithm Information Element. Its configuration 1525 parameter(s), along with the way to report it/them with an Options 1526 Template, MUST be clearly specified. 1528 6.5.3 Selection Sequence Statistics Report Interpretation 1530 A Selector MAY be used in multiple Selection Sequences. However, 1531 each use of a Selector must be independent, so each separate logical 1532 instance of a Selector MUST maintain its own individual Selection 1533 State and statistics. 1535 The Selection Sequence Statistics Report Interpretation MUST include 1536 the number of observed packets (Population Size) and the number of 1537 packets selected (Sample Size) by each instance of its Primitive 1538 Selectors. 1540 Within a Selection Sequence composed of several Primitive Selectors, 1541 the number of packets selected for one Selector is equal to the 1542 number of packets seen by the next Selector. The order of the 1543 Selectors in the Selection Sequence Statistics Report Interpretation 1544 MUST match the order of the Selectors in the Selection Sequence. 1546 If the full set of statistics is not sent as part of the Basic Packet 1547 Reports, the PSAMP Device MUST export a Selection Sequence Statistics 1548 Report Interpretation for every Selection Sequence, using an Options 1549 Template containing the following Information Elements: 1551 Scope: selectionSequenceId 1552 Non-scope: packetsObserved 1553 packetsSelected (first) 1554 ... 1555 packetsSelected (last) 1557 The packetsObserved Information Element [PSAMP-INFO] MUST contain the 1558 number of packets seen at the Observation Point, and as a consequence 1559 passed to the first Selector in the Selection Sequence. The 1560 packetsSelected Information Element [PSAMP-INFO] contains the number 1561 of packets selected by a Selector in the Selection Sequence. 1563 The Attained Selection Fraction for the Selection Sequence is 1564 calculated by dividing the number of selected packets 1565 (packetsSelected Information Element) for the last Selector by the 1566 number of observed packets (packetsObserved Information Element). 1567 The Attained Selection Fraction can be calculated for each Selector 1568 by dividing the number of packets selected for that Selector by the 1569 value for the previous Selector. 1571 The statistics for the whole sequence SHOULD be taken at a single 1572 logical point in time; the input value for a Selector MUST equal the 1573 output value of the previous selector. 1575 The Selection Sequence Statistics Report Interpretation MUST be 1576 exported periodically. 1578 Example of Selection Sequence Statistics Report Interpretation: 1580 Selection Sequence 7 (Filter->Sampling): 1582 Observed 100 (observationPointId 1, Interface 5) 1583 Selected 50 (selectorId 5, match IPV4SourceAddress 192.0.2.1) 1584 Selected 6 (selectorId 10, Sampler: Random one out-of ten) 1586 Selection Sequence 9 (Sampling->Filtering): 1588 Observed 100 (observationPointId 1, Interface 5) 1589 Selected 10 (selectorId 10, Sampler: Random one out-of ten) 1590 Selected 3 (selectorId 5, match IPV4SourceAddress 192.0.2.1) 1592 IPFIX Options Template Record: 1594 0 1 2 3 1595 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1596 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1597 | Set ID = 3 | Length = 26 | 1598 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1599 | Template ID = 267 | Field Count = 4 | 1600 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1601 | Scope Field Count = 1 |0| selectionSequenceId = 301 | 1602 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1603 | Scope 1 Length = 4 |0| packetsObserved = 318 | 1604 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1605 | Field Length = 4 |0| packetsSelected = 319 | 1606 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1607 | Field Length = 4 |0| packetsSelected = 319 | 1608 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1609 | Field Length = 4 | 1610 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1611 The associated IPFIX Data Record: 1613 0 1 2 3 1614 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1615 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1616 | Set ID = 267 | Length = 36 | 1617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1618 | 7 | 1619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1620 | 100 | 1621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1622 | 50 | 1623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1624 | 6 | 1625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1626 | 9 | 1627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1628 | 100 | 1629 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1630 | 10 | 1631 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1632 | 3 | 1633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1635 Figure N: Example of the Selection Sequence Statistics Report 1636 Interpretation 1638 Notes: 1639 * The Attained Sampling Fractions for Selection Sequence 7 are: 1640 Filter 10: 50/100 1641 Sampler 5: 6/50 1642 Number of samples selected: 6 1644 * The Attained Sampling Fractions for Selection Sequence 9 are: 1645 Sampler 5: 10/100 1646 Filter 10: 3/10 1647 Number of samples selected: 3 1649 6.5.4 Accuracy Report Interpretation 1650 In order for the Collecting Process to determine the inherent 1651 accuracy of the reported quantities (for example timestamps), the 1652 PSAMP Device SHOULD send an Accuracy Report Interpretation. 1654 The Accuracy Report Interpretation MUST be exported by an Option 1655 Template Record with a scope that contains the Information Element 1656 for which the accuracy is required. In case the accuracy is specific 1657 to a template, a second scope containing the templateId value MUST be 1658 added to the Option Template Record. The accuracy SHOULD be reported 1659 either with the fixedError Information Element [PSAMP-INFO], or with 1660 the relativeError Information Element [PSAMP-INFO]. 1662 Accuracy Report Interpretation using the fixedError Information 1663 Element: 1664 Scope: informationElementId 1665 Non-scope: fixedError 1667 Accuracy Report Interpretation using the fixedError Information 1668 Element and a double scope: 1669 Scope: templateId 1670 informationElementId 1671 Non-scope: fixedError 1673 Accuracy Report Interpretation using the relativeError Information 1674 Element: 1675 Scope: informationElementId 1676 Non-scope: relativeError 1678 Accuracy Report Interpretation using the relativeError Information 1679 Element and a double scope: 1680 Scope: templateId 1681 informationElementId 1682 Non-scope: relativeError 1684 For example, the accuracy of an Information Element whose Abstract 1685 Data Type is dateTimeMilliseconds [IPFIX-INFO], for which the unit is 1686 specified as milliseconds, can be specified with the fixedError 1687 Information Element with the milliseconds units. In this case, the 1688 error interval is the Information Element value +/- the value 1689 reported in the fixedError. 1691 For example, the accuracy of an Information Element to estimate the 1692 accuracy of a sampled flow, for which the unit would be specified in 1693 octets, can be specified with the relativeError Information Element 1694 with the octet units. In this case, the error interval is the 1695 Information Element value +/- the value reported in the relativeError 1696 times the reported Information Element value. 1698 Alternatively to reporting either the fixedError Information Element 1699 or the relativeError Information Element in the Accuracy Report 1700 Interpretation, both Information Elements MAY be present. This 1701 scenario could help in more complex situations where the system clock 1702 drifts, on the top of having its own accuracy, during the duration of 1703 a measurement. 1705 If the accuracy of a reported quantity changes on the Metering 1706 Process, a new Accuracy Report Interpretation MUST be generated. The 1707 Collecting Process MUST keep the accuracy of the latest Accuracy 1708 Report Interpretation. 1710 Example of an Accuracy Report Interpretation using the fixedError 1711 Information Element and a double scope: the timeMicroseconds 1712 contained in the Template 5 has an accuracy of +/- 2 ms, represented 1713 by the fixedError Information Element. 1714 Scope: templateId = 6 1715 informationElementId = timeMicroseconds 1716 Non-scope: fixedError = 2 ms 1718 IPFIX Options Template Record: 1720 0 1 2 3 1721 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1722 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1723 | Set ID = 3 | Length = 22 | 1724 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1725 | Template ID = 267 | Field Count = 3 | 1726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1727 | Scope Field Count = 2 |0| templateId = 145 | 1728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1729 | Scope 1 Length = 2 |0| InformationElementId = 303 | 1730 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1731 | Scope 2 Length = 2 |0| fixedError = 320 | 1732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1733 | Field Length = 4 | 1734 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1736 The associated IPFIX Data Record: 1738 0 1 2 3 1739 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1741 | Set ID = 267 | Length = 12 | 1742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1743 | 5 | 324 | 1744 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1745 | 2 (encoded as a float32) | 1746 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1748 Figure O: Example of the Selection Sequence Statistics Report 1749 Interpretation 1751 Notes: 1752 * fixedError is of type float64 but is compressed down to a float32 1753 here. 1755 The second example displays an Accuracy Report Interpretation using 1756 the relativeError Information Element and a single scope: the 1757 timeMicroseconds has an error of 5 percents, represented by the 1758 proportionalAccuracy Information Element. 1759 Scope: informationElementId = timeMicroseconds 1760 Non-scope: relativeError = 0.05 1762 IPFIX Options Template Record: 1764 0 1 2 3 1765 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1767 | Set ID = 3 | Length = 18 | 1768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1769 | Template ID = 268 | Field Count = 2 | 1770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1771 | Scope Field Count = 1 |0| InformationElementId = 303 | 1772 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1773 | Scope 1 Length = 2 |0| relativeError= 321 | 1774 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1775 | Field Length = 4 | 1776 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1778 The associated IPFIX Data Record: 1780 0 1 2 3 1781 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1782 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1783 | Set ID = 267 | Length = 10 | 1784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1785 | 324 | 0.05 ... | 1786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1787 | ...(encoded as a float32) | 1788 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1790 Figure P: Example of the Selection Sequence Statistics Report 1791 Interpretation 1793 Notes: 1794 * relativeError is of type float64 but is compressed down to a 1795 float32 here. 1797 7. Security Considerations 1799 As IPFIX has been selected as the PSAMP export protocol and as the 1800 PSAMP security requirements are not stricter than the IPFIX security 1801 requirements, refer to the IPFIX export protocol [IPFIX-PROTO] for 1802 the security considerations. 1804 In the basic Packet Report, a PSAMP Device exports some number of 1805 contiguous bytes from the start of the packet, including the packet 1806 header (which includes link layer, network layer and other 1807 encapsulation headers) and some subsequent bytes of the packet 1808 payload. The PSAMP Device SHOULD NOT export the full payload of 1809 conversations, as this would mean wiretapping [RFC2804]. The PSAMP 1810 Device MUST respect local privacy laws. 1812 8. IANA Considerations 1814 The PSAMP Protocol, as set out in this document, has two sets of 1815 assigned numbers. Considerations for assigning them are discussed 1816 in this section, using the example policies as set out in the 1817 "Guidelines for IANA Considerations" document IANA-RFC [RFC2434]. 1819 8.1 IPFIX Related Considerations 1821 As the PSAMP protocol uses the IPFIX protocol, refer to the IANA 1822 considerations section in [IPFIX-PROTO] for the assignments of 1823 numbers used in the protocol and for the numbers used in the 1824 information model. 1826 8.2 PSAMP Related Considerations 1828 Each new selection method MUST be assigned a unique value for the 1829 selectorAlgorithm Information Element [PSAMP-INFO]. Initial 1830 contents of this registry are found section 8.2.4 in [PSAMP-INFO]. 1831 Its configuration parameter(s), along with the way to report it/them 1832 with an Options Template, MUST be clearly specified. 1834 New assignments for the PSAMP selection method will be administered 1835 by IANA, on a First Come First Served basis [RFC2434], subject to 1836 Expert Review [RFC2434]. The group of experts must double check the 1837 Information Elements definitions with already defined Information 1838 Elements for completeness, accuracy and redundancy. Those experts 1839 will initially be drawn from the Working Group Chairs and document 1840 editors of the IPFIX and PSAMP Working Groups. 1842 9. References 1844 9.1 Normative References 1846 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1847 Requirement Levels", BCP 14, RFC 2119, March 1997 1849 [RFC2434] H. Alvestrand, T. Narten, "Guidelines for Writing an IANA 1850 Considerations Section in RFCs", RFC 2434, October 1998 1852 [PSAMP-TECH] T. Zseby, M. Molina, N. Duffield, S. Niccolini, F. 1853 Raspall, "Sampling and Filtering Techniques for IP Packet Selection" 1854 draft-ietf-psamp-sample-tech-10.txt 1856 [PSAMP-INFO] T. Dietz, F. Dressler, G. Carle, B. Claise, "Information 1857 Model for Packet Sampling Exports", draft-ietf-psamp-info-07.txt 1859 [IPFIX-INFO] J. Quittek, S. Bryant, B. Claise, J. Meyer, "Information 1860 Model for IP Flow Information Export" draft-ietf-ipfix-info-15.txt 1862 [IPFIX-PROTO] B. Claise (Editor) "Specification of the IPFIX Protocol 1863 for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix- 1864 protocol-26.txt 1866 9.2 Informative References 1868 [IPFIX-ARCH] G. Sadasivan, N. Brownlee, B. Claise, J. Quittek, 1869 "Architecture Model for IP Flow Information Export" draft-ietf-ipfix- 1870 architecture-12.txt" 1872 [PSAMP-FMWK] D. Chiou, B. Claise, N. Duffield, A. Greenberg, M. 1873 Grossglauser, P. Marimuthu, J. Rexford, G. Sadasivan, "A Framework 1874 for Passive Packet Measurement" draft-ietf-psamp-framework-12.txt 1876 [RFC4271] Y. Rekhter, T. Li, Hares, S. "A Border Gateway Protocol 4 1877 (BGP-4)", RFC 4271, January 2006 1879 [RFC2804] IAB, IESG, "IETF Policy on Wiretapping", RFC 2804, May 2000 1881 [RFC3917] J. Quittek, T. Zseby, B. Claise, S. Zander, "Requirements 1882 for IP Flow Information Export", RFC 3917, October 2004 1884 10. Acknowledgments 1886 The authors would like to thank the PSAMP group, especially Paul 1887 Aitken for fruitful discussions and for proofreading the document 1888 several times. 1890 Authors' Addresses 1892 Benoit Claise 1893 Cisco Systems 1894 De Kleetlaan 6a b1 1895 1831 Diegem 1896 Belgium 1897 Phone: +32 2 704 5622 1898 E-mail: bclaise@cisco.com 1900 Juergen Quittek 1901 NEC Europe Ltd. 1902 Network Laboratories 1903 Kurfuersten-Anlage 36 1904 69115 Heidelberg 1905 Germany 1906 Phone: +49 6221 90511-15 1907 Email: quittek@nw.neclab.eu 1909 Andrew Johnson 1910 Cisco Systems 1911 96 Commercial Quay 1912 Edinburgh EH6 6LX 1913 Scotland 1914 Phone: +44 131 561 3641 1915 Email: andrjohn@cisco.com 1917 11. Intellectual Property Statement 1919 The IETF takes no position regarding the validity or scope of 1920 any Intellectual Property Rights or other rights that might be 1921 claimed to pertain to the implementation or use of the 1922 technology described in this document or the extent to which any 1923 license under such rights might or might not be available; nor 1924 does it represent that it has made any independent effort to 1925 identify any such rights. Information on the procedures with 1926 respect to rights in RFC documents can be found in BCP 78 and 1927 BCP 79. 1928 Copies of IPR disclosures made to the IETF Secretariat and any 1929 assurances of licenses to be made available, or the result of an 1930 attempt made to obtain a general license or permission for the 1931 use of such proprietary rights by implementers or users of this 1932 specification can be obtained from the IETF on-line IPR 1933 repository at http://www.ietf.org/ipr. 1935 The IETF invites any interested party to bring to its attention 1936 any copyrights, patents or patent applications, or other 1937 proprietary rights that may cover technology that may be 1938 required to implement this standard. Please address the 1939 information to the IETF at ietf-ipr@ietf.org. 1941 12. Copyright Statement 1943 Copyright (C) The IETF Trust (2007). 1945 This document is subject to the rights, licenses and 1946 restrictions contained in BCP 78, and except as set forth 1947 therein, the authors retain all their rights. 1949 13. Disclaimer 1951 This document and the information contained herein are provided 1952 on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 1953 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, 1954 THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM 1955 ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 1956 ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1957 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1958 OR FITNESS FOR A PARTICULAR PURPOSE.