| < draft-ietf-lmap-framework-11.txt | draft-ietf-lmap-framework-14.txt > | |||
|---|---|---|---|---|
| Network Working Group P. Eardley | Network Working Group P. Eardley | |||
| Internet-Draft BT | Internet-Draft BT | |||
| Intended status: Informational A. Morton | Intended status: Informational A. Morton | |||
| Expires: August 26, 2015 AT&T Labs | Expires: October 31, 2015 AT&T Labs | |||
| M. Bagnulo | M. Bagnulo | |||
| UC3M | UC3M | |||
| T. Burbridge | T. Burbridge | |||
| BT | BT | |||
| P. Aitken | P. Aitken | |||
| Brocade | Brocade | |||
| A. Akhter | A. Akhter | |||
| LiveAction | Consultant | |||
| February 22, 2015 | April 29, 2015 | |||
| A framework for Large-Scale Measurement of Broadband Performance (LMAP) | A framework for Large-Scale Measurement of Broadband Performance (LMAP) | |||
| draft-ietf-lmap-framework-11 | draft-ietf-lmap-framework-14 | |||
| Abstract | Abstract | |||
| Measuring broadband service on a large scale requires a description | Measuring broadband service on a large scale requires a description | |||
| of the logical architecture and standardisation of the key protocols | of the logical architecture and standardisation of the key protocols | |||
| that coordinate interactions between the components. The document | that coordinate interactions between the components. The document | |||
| presents an overall framework for large-scale measurements. It also | presents an overall framework for large-scale measurements. It also | |||
| defines terminology for LMAP (Large-Scale Measurement of Broadband | defines terminology for LMAP (Large-Scale Measurement of Broadband | |||
| Performance). | Performance). | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 26, 2015. | This Internet-Draft will expire on October 31, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Outline of an LMAP-based measurement system . . . . . . . . . 5 | 2. Outline of an LMAP-based measurement system . . . . . . . . . 5 | |||
| 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4. Constraints . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 4. Constraints . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 4.1. The measurement system is under the direction of a single | 4.1. The measurement system is under the direction of a single | |||
| organisation . . . . . . . . . . . . . . . . . . . . . . 13 | organisation . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 4.2. Each MA may only have a single Controller at any point in | 4.2. Each MA may only have a single Controller at any point in | |||
| time . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | time . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 5. Protocol Model . . . . . . . . . . . . . . . . . . . . . . . 13 | 5. Protocol Model . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 5.1. Bootstrapping process . . . . . . . . . . . . . . . . . . 14 | 5.1. Bootstrapping process . . . . . . . . . . . . . . . . . . 14 | |||
| 5.2. Control Protocol . . . . . . . . . . . . . . . . . . . . 15 | 5.2. Control Protocol . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.2.1. Configuration . . . . . . . . . . . . . . . . . . . . 15 | 5.2.1. Configuration . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.2.2. Instruction . . . . . . . . . . . . . . . . . . . . . 16 | 5.2.2. Instruction . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 5.2.3. Capabilities, Failure and Logging Information . . . . 20 | 5.2.3. Capabilities, Failure and Logging Information . . . . 20 | |||
| 5.3. Operation of Measurement Tasks . . . . . . . . . . . . . 21 | 5.3. Operation of Measurement Tasks . . . . . . . . . . . . . 22 | |||
| 5.3.1. Starting and Stopping Measurement Tasks . . . . . . . 22 | 5.3.1. Starting and Stopping Measurement Tasks . . . . . . . 22 | |||
| 5.3.2. Overlapping Measurement Tasks . . . . . . . . . . . . 23 | 5.3.2. Overlapping Measurement Tasks . . . . . . . . . . . . 23 | |||
| 5.4. Report Protocol . . . . . . . . . . . . . . . . . . . . . 23 | 5.4. Report Protocol . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 5.4.1. Reporting of Subscriber's service parameters . . . . 25 | 5.4.1. Reporting of Subscriber's service parameters . . . . 25 | |||
| 5.5. Operation of LMAP over the underlying packet transfer | 5.5. Operation of LMAP over the underlying packet transfer | |||
| mechanism . . . . . . . . . . . . . . . . . . . . . . . . 25 | mechanism . . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 5.6. Items beyond the scope of the initial LMAP work . . . . . 26 | 5.6. Items beyond the scope of the initial LMAP work . . . . . 27 | |||
| 5.6.1. End-user-controlled measurement system . . . . . . . 28 | 5.6.1. End-user-controlled measurement system . . . . . . . 28 | |||
| 6. Deployment considerations . . . . . . . . . . . . . . . . . . 28 | 6. Deployment considerations . . . . . . . . . . . . . . . . . . 28 | |||
| 6.1. Controller and the measurement system . . . . . . . . . . 28 | 6.1. Controller and the measurement system . . . . . . . . . . 28 | |||
| 6.2. Measurement Agent . . . . . . . . . . . . . . . . . . . . 29 | 6.2. Measurement Agent . . . . . . . . . . . . . . . . . . . . 29 | |||
| 6.2.1. Measurement Agent on a networked device . . . . . . . 30 | 6.2.1. Measurement Agent on a networked device . . . . . . . 30 | |||
| 6.2.2. Measurement Agent embedded in site gateway . . . . . 30 | 6.2.2. Measurement Agent embedded in site gateway . . . . . 30 | |||
| 6.2.3. Measurement Agent embedded behind site NAT /firewall 30 | 6.2.3. Measurement Agent embedded behind site NAT /firewall 30 | |||
| 6.2.4. Multi-homed Measurement Agent . . . . . . . . . . . . 30 | 6.2.4. Multi-homed Measurement Agent . . . . . . . . . . . . 31 | |||
| 6.2.5. Measurement Agent embedded in ISP network . . . . . . 31 | 6.2.5. Measurement Agent embedded in ISP network . . . . . . 31 | |||
| 6.3. Measurement Peer . . . . . . . . . . . . . . . . . . . . 31 | 6.3. Measurement Peer . . . . . . . . . . . . . . . . . . . . 32 | |||
| 6.4. Deployment examples . . . . . . . . . . . . . . . . . . . 32 | 6.4. Deployment examples . . . . . . . . . . . . . . . . . . . 32 | |||
| 7. Security considerations . . . . . . . . . . . . . . . . . . . 35 | 7. Security considerations . . . . . . . . . . . . . . . . . . . 35 | |||
| 8. Privacy considerations . . . . . . . . . . . . . . . . . . . 37 | 8. Privacy considerations . . . . . . . . . . . . . . . . . . . 37 | |||
| 8.1. Categories of entities with information of interest . . . 37 | 8.1. Categories of entities with information of interest . . . 38 | |||
| 8.2. Examples of sensitive information . . . . . . . . . . . . 38 | 8.2. Examples of sensitive information . . . . . . . . . . . . 38 | |||
| 8.3. Different privacy issues raised by different sorts of | 8.3. Different privacy issues raised by different sorts of | |||
| Measurement Methods . . . . . . . . . . . . . . . . . . . 39 | Measurement Methods . . . . . . . . . . . . . . . . . . . 39 | |||
| 8.4. Privacy analysis of the communication models . . . . . . 40 | 8.4. Privacy analysis of the communication models . . . . . . 40 | |||
| 8.4.1. MA Bootstrapping . . . . . . . . . . . . . . . . . . 40 | 8.4.1. MA Bootstrapping . . . . . . . . . . . . . . . . . . 40 | |||
| 8.4.2. Controller <-> Measurement Agent . . . . . . . . . . 41 | 8.4.2. Controller <-> Measurement Agent . . . . . . . . . . 41 | |||
| 8.4.3. Collector <-> Measurement Agent . . . . . . . . . . . 42 | 8.4.3. Collector <-> Measurement Agent . . . . . . . . . . . 42 | |||
| 8.4.4. Measurement Peer <-> Measurement Agent . . . . . . . 42 | 8.4.4. Measurement Peer <-> Measurement Agent . . . . . . . 42 | |||
| 8.4.5. Measurement Agent . . . . . . . . . . . . . . . . . . 44 | 8.4.5. Measurement Agent . . . . . . . . . . . . . . . . . . 44 | |||
| 8.4.6. Storage and reporting of Measurement Results . . . . 45 | 8.4.6. Storage and reporting of Measurement Results . . . . 45 | |||
| skipping to change at page 3, line 32 ¶ | skipping to change at page 3, line 32 ¶ | |||
| 8.5.2. Stored data compromise . . . . . . . . . . . . . . . 45 | 8.5.2. Stored data compromise . . . . . . . . . . . . . . . 45 | |||
| 8.5.3. Correlation and identification . . . . . . . . . . . 46 | 8.5.3. Correlation and identification . . . . . . . . . . . 46 | |||
| 8.5.4. Secondary use and disclosure . . . . . . . . . . . . 46 | 8.5.4. Secondary use and disclosure . . . . . . . . . . . . 46 | |||
| 8.6. Mitigations . . . . . . . . . . . . . . . . . . . . . . . 47 | 8.6. Mitigations . . . . . . . . . . . . . . . . . . . . . . . 47 | |||
| 8.6.1. Data minimisation . . . . . . . . . . . . . . . . . . 47 | 8.6.1. Data minimisation . . . . . . . . . . . . . . . . . . 47 | |||
| 8.6.2. Anonymity . . . . . . . . . . . . . . . . . . . . . . 48 | 8.6.2. Anonymity . . . . . . . . . . . . . . . . . . . . . . 48 | |||
| 8.6.3. Pseudonymity . . . . . . . . . . . . . . . . . . . . 49 | 8.6.3. Pseudonymity . . . . . . . . . . . . . . . . . . . . 49 | |||
| 8.6.4. Other mitigations . . . . . . . . . . . . . . . . . . 49 | 8.6.4. Other mitigations . . . . . . . . . . . . . . . . . . 49 | |||
| 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 50 | 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 50 | |||
| 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 50 | 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 50 | |||
| 11. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 | 11. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 | |||
| 11.1. From -00 to -01 . . . . . . . . . . . . . . . . . . . . 50 | 11.1. From -00 to -01 . . . . . . . . . . . . . . . . . . . . 51 | |||
| 11.2. From -01 to -02 . . . . . . . . . . . . . . . . . . . . 51 | 11.2. From -01 to -02 . . . . . . . . . . . . . . . . . . . . 51 | |||
| 11.3. From -02 to -03 . . . . . . . . . . . . . . . . . . . . 52 | 11.3. From -02 to -03 . . . . . . . . . . . . . . . . . . . . 52 | |||
| 11.4. From -03 to -04 . . . . . . . . . . . . . . . . . . . . 52 | 11.4. From -03 to -04 . . . . . . . . . . . . . . . . . . . . 52 | |||
| 11.5. From -04 to -05 . . . . . . . . . . . . . . . . . . . . 53 | 11.5. From -04 to -05 . . . . . . . . . . . . . . . . . . . . 53 | |||
| 11.6. From -05 to -06 . . . . . . . . . . . . . . . . . . . . 54 | 11.6. From -05 to -06 . . . . . . . . . . . . . . . . . . . . 54 | |||
| 11.7. From -06 to -07 . . . . . . . . . . . . . . . . . . . . 54 | 11.7. From -06 to -07 . . . . . . . . . . . . . . . . . . . . 54 | |||
| 11.8. From -07 to -08 . . . . . . . . . . . . . . . . . . . . 54 | 11.8. From -07 to -08 . . . . . . . . . . . . . . . . . . . . 54 | |||
| 11.9. From -08 to -09 . . . . . . . . . . . . . . . . . . . . 54 | 11.9. From -08 to -09 . . . . . . . . . . . . . . . . . . . . 55 | |||
| 11.10. From -09 to -10 . . . . . . . . . . . . . . . . . . . . 54 | 11.10. From -09 to -10 . . . . . . . . . . . . . . . . . . . . 55 | |||
| 11.11. From -10 to -11 . . . . . . . . . . . . . . . . . . . . 55 | 11.11. From -10 to -11 . . . . . . . . . . . . . . . . . . . . 55 | |||
| 11.12. From -11 to -12 . . . . . . . . . . . . . . . . . . . . 55 | ||||
| 11.13. From -12 to -13 . . . . . . . . . . . . . . . . . . . . 55 | ||||
| 11.14. From -13 to -14 . . . . . . . . . . . . . . . . . . . . 55 | ||||
| 12. Informative References . . . . . . . . . . . . . . . . . . . 55 | 12. Informative References . . . . . . . . . . . . . . . . . . . 55 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57 | |||
| 1. Introduction | 1. Introduction | |||
| There is a desire to be able to coordinate the execution of broadband | There is a desire to be able to coordinate the execution of broadband | |||
| measurements and the collection of measurement results across a large | measurements and the collection of measurement results across a large | |||
| scale set of Measurement Agents (MAs). These MAs could be software | scale set of Measurement Agents (MAs). These MAs could be software | |||
| based agents on PCs, embedded agents in consumer devices (such as TVs | based agents on PCs, embedded agents in consumer devices (such as TVs | |||
| or gaming consoles), embedded in service provider controlled devices | or gaming consoles), embedded in service provider controlled devices | |||
| skipping to change at page 5, line 19 ¶ | skipping to change at page 5, line 24 ¶ | |||
| measurements made of the same metric at different times and | measurements made of the same metric at different times and | |||
| places, and provides the operator of a Measurement System with | places, and provides the operator of a Measurement System with | |||
| criteria for evaluation of the different solutions that can be | criteria for evaluation of the different solutions that can be | |||
| used for various purposes including buying decisions (such as | used for various purposes including buying decisions (such as | |||
| buying the various components from different vendors). Today's | buying the various components from different vendors). Today's | |||
| systems are proprietary in some or all of these aspects. | systems are proprietary in some or all of these aspects. | |||
| o Large-scale - [I-D.ietf-lmap-use-cases] envisages Measurement | o Large-scale - [I-D.ietf-lmap-use-cases] envisages Measurement | |||
| Agents in every home gateway and edge device such as set-top boxes | Agents in every home gateway and edge device such as set-top boxes | |||
| and tablet computers, and located throughout the Internet as well | and tablet computers, and located throughout the Internet as well | |||
| [I-D.ietf-ippm-lmap-path]. It is expected that a Measurement | [RFC7398]. It is expected that a Measurement System could easily | |||
| System could easily encompass a few hundred thousand or even | encompass a few hundred thousand or even millions of Measurement | |||
| millions of Measurement Agents. Existing systems have up to a few | Agents. Existing systems have up to a few thousand MAs (without | |||
| thousand MAs (without judging how much further they could scale). | judging how much further they could scale). | |||
| o Diversity - a Measurement System should handle Measurement Agents | o Diversity - a Measurement System should handle Measurement Agents | |||
| from different vendors, that are in wired and wireless networks, | from different vendors, that are in wired and wireless networks, | |||
| can execute different sorts of Measurement Task, are on devices | can execute different sorts of Measurement Task, are on devices | |||
| with IPv4 or IPv6 addresses, and so on. | with IPv4 or IPv6 addresses, and so on. | |||
| o Privacy Respecting - the protocols and procedures should respect | ||||
| the sensitive information of all those involved in measurements. | ||||
| 2. Outline of an LMAP-based measurement system | 2. Outline of an LMAP-based measurement system | |||
| In this section we provide an overview of the whole Measurement | In this section we provide an overview of the whole Measurement | |||
| System. New LMAP-specific terms are capitalised; Section 3 provides | System. New LMAP-specific terms are capitalised; Section 3 provides | |||
| a terminology section with a compilation of all the LMAP terms and | a terminology section with a compilation of all the LMAP terms and | |||
| their definition. Section 4 onwards considers the LMAP components in | their definition. Section 4 onwards considers the LMAP components in | |||
| more detail. | more detail. | |||
| Other LMAP specifications will define an information model, the | Other LMAP specifications will define an information model, the | |||
| associated data models, and select/extend one or more protocols for | associated data models, and select/extend one or more protocols for | |||
| the secure communication: firstly, a Control Protocol, from a | the secure communication: firstly, a Control Protocol, from a | |||
| Controller to instruct Measurement Agents what performance metrics to | Controller to instruct Measurement Agents what performance metrics to | |||
| measure, when to measure them, how/when to report the measurement | measure, when to measure them, how/when to report the measurement | |||
| results to a Collector; secondly, a Report Protocol, for a | results to a Collector; secondly, a Report Protocol, for a | |||
| Measurement Agent to report the results to the Collector. | Measurement Agent to report the results to the Collector. | |||
| Figure 1 shows the main components of a Measurement System, and the | The Figure below shows the main components of a Measurement System, | |||
| interactions of those components. Some of the components are outside | and the interactions of those components. Some of the components are | |||
| the scope of initial LMAP work. | outside the scope of initial LMAP work. | |||
| The MA performs Measurement Tasks. In the example shown in Figure 1, | The MA performs Measurement Tasks. One possibility is that the MA is | |||
| the MA is observing existing traffic. Another possibility is for the | observes existing traffic. Another possibility is for the MA to | |||
| MA to generate (or receive) traffic specially created for the purpose | generate (or receive) traffic specially created for the purpose and | |||
| and measure some metric associated with its transfer. The | measure some metric associated with its transfer. The | |||
| Appendix shows some examples of possible arrangements of the | Figure includes both possibilities (in practice, it may be more usual | |||
| components. | for a MA to do one) whilst Section 6.4 shows some examples of | |||
| possible arrangements of the components. | ||||
| The MAs are pieces of code that can be executed in specialised | The MAs are pieces of code that can be executed in specialised | |||
| hardware (hardware probe) or on a general-purpose device (like a PC | hardware (hardware probe) or on a general-purpose device (like a PC | |||
| or mobile phone). A device with a Measurement Agent may have | or mobile phone). A device with a Measurement Agent may have | |||
| multiple physical interfaces (Wi-Fi, Ethernet, DSL (Digital | multiple physical interfaces (Wi-Fi, Ethernet, DSL (Digital | |||
| Subscriber Line); and non-physical interfaces such as PPPoE (Point- | Subscriber Line); and non-physical interfaces such as PPPoE (Point- | |||
| to-Point Protocol over Ethernet) or IPsec) and the Measurement Tasks | to-Point Protocol over Ethernet) or IPsec) and the Measurement Tasks | |||
| may specify any one of these. | may specify any one of these. | |||
| The Controller manages a MA through use of the Control Protocol, | The Controller manages a MA through use of the Control Protocol, | |||
| skipping to change at page 7, line 39 ¶ | skipping to change at page 7, line 49 ¶ | |||
| Channel. A Control Channel is between the Controller and a MA; the | Channel. A Control Channel is between the Controller and a MA; the | |||
| Control Protocol delivers Instruction Messages to the MA and | Control Protocol delivers Instruction Messages to the MA and | |||
| Capabilities, Failure and Logging Information in the reverse | Capabilities, Failure and Logging Information in the reverse | |||
| direction. A Report Channel is between a MA and Collector, and the | direction. A Report Channel is between a MA and Collector, and the | |||
| Report Protocol delivers Reports to the Collector. | Report Protocol delivers Reports to the Collector. | |||
| Finally we introduce several components that are outside the scope of | Finally we introduce several components that are outside the scope of | |||
| initial LMAP work and will be provided through existing protocols or | initial LMAP work and will be provided through existing protocols or | |||
| applications. They affect how the Measurement System uses the | applications. They affect how the Measurement System uses the | |||
| Measurement Results and how it decides what set of Measurement Tasks | Measurement Results and how it decides what set of Measurement Tasks | |||
| to perform. As shown in Figure 1, these components are: the | to perform. As shown in the Figure, these components are: the | |||
| bootstrapper, Subscriber parameter database, data analysis tools, and | bootstrapper, Subscriber parameter database, data analysis tools, and | |||
| Results repository. | Results repository. | |||
| The MA needs to be bootstrapped with initial details about its | The MA needs to be bootstrapped with initial details about its | |||
| Controller, including authentication credentials. The LMAP work | Controller, including authentication credentials. The LMAP work | |||
| considers the bootstrap process, since it affects the Information | considers the bootstrap process, since it affects the Information | |||
| Model. However, LMAP does not define a bootstrap protocol, since it | Model. However, LMAP does not define a bootstrap protocol, since it | |||
| is likely to be technology specific and could be defined by the | is likely to be technology specific and could be defined by the | |||
| Broadband Forum, CableLabs or IEEE depending on the device. Possible | Broadband Forum, CableLabs or IEEE depending on the device. Possible | |||
| protocols are SNMP (Simple Network Management Protocol), NETCONF | protocols are SNMP (Simple Network Management Protocol), NETCONF | |||
| skipping to change at page 9, line 5 ¶ | skipping to change at page 9, line 5 ¶ | |||
| that they can easily be accessed by the data analysis tools. | that they can easily be accessed by the data analysis tools. | |||
| The data analysis tools receive the results from the Collector or via | The data analysis tools receive the results from the Collector or via | |||
| the Results repository. They might visualise the data or identify | the Results repository. They might visualise the data or identify | |||
| which component or link is likely to be the cause of a fault or | which component or link is likely to be the cause of a fault or | |||
| degradation. This information could help the Controller decide what | degradation. This information could help the Controller decide what | |||
| follow-up Measurement Task to perform in order to diagnose a fault. | follow-up Measurement Task to perform in order to diagnose a fault. | |||
| The data analysis tools also need to understand the Subscriber's | The data analysis tools also need to understand the Subscriber's | |||
| service information, for example the broadband contract. | service information, for example the broadband contract. | |||
| +-----------+ +-----------+ ^ | +--------+ +-----------+ +-----------+ ^ | |||
| |End user or| |End user or| | | |End user| | | Observed | End user | | | |||
| |Measurement| |Measurement| Non-LMAP | | |<-----|-----------|---traffic--->| | | | |||
| | Peer | | Peer | Scope | | | | | flow | | | | |||
| +-----------+ +-----------+ v | | | | | | | Non-LMAP | |||
| ^ Observed ^ ^ | | | | | Measurement | | Scope | |||
| \ traffic flow +-------------+ / / ^ | | | | |<--traffic--->| | | | |||
| \...............|.............|..../ / | | +--------+ | | +-----------+ | | |||
| | Measurement |........../ | | .............|...........|.................................V | |||
| +----------------->| Agent | Measurement traffic | | <MP> |Measurement| <MP> ^ | |||
| | +-------------+ | | |Agent: | | | |||
| | ^ | | | |LMAP | | | |||
| | Instruction | | Report | | +----------->|interface | | | |||
| | (over Control | | (over Report Channel) | | | +-----------+ | | |||
| | Channel) | +---------------+ | | | ^ | LMAP | |||
| | | | | | | Instruction | | Report Scope | |||
| | | | | | | (over Control | | (over Report Channel) | | |||
| | | v LMAP | | Channel) | +-----------------------+ | | |||
| | +------------+ +------------+ Scope | | | | | | |||
| | | Controller | | Collector | | | | | | | | |||
| | +------------+ +------------+ v | | | v | | |||
| | ^ ^ | ^ | | +------------+ +------------+ | | |||
| | | | | | | | | Controller | | Collector | | | |||
| | | +-------+ | | | | +------------+ +------------+ v | |||
| | | | v | | | ^ ^ | ^ | |||
| +------------+ +----------+ +--------+ +----------+ | | | | | | | | |||
| |Bootstrapper| |Subscriber|--->| data |<---| Results | Out | | | +--------+ | | | |||
| +------------+ |parameter | |analysis| |repository| of | | | | v | | |||
| |database | | tools | +----------+ Scope | +------------+ +----------+ +--------+ +----------+ | | |||
| +----------+ +--------+ | | |Bootstrapper| |Subscriber|--->| data |<---| Results | Non- | |||
| | | +------------+ |parameter | |analysis| |repository| LMAP | |||
| v | |database | | tools | +----------+ Scope | |||
| +----------+ +--------+ | | ||||
| | | ||||
| v | ||||
| Schematic of main elements of an LMAP-based Measurement System | Schematic of main elements of an LMAP-based Measurement System | |||
| (showing the elements in and out of the scope of initial LMAP work) | (showing the elements in and out of the scope of initial LMAP work) | |||
| 3. Terminology | 3. Terminology | |||
| This section defines terminology for LMAP. Please note that defined | This section defines terminology for LMAP. Please note that defined | |||
| terms are capitalized. | terms are capitalized. | |||
| Bootstrap: A process that integrates a Measurement Agent into a | Bootstrap: A process that integrates a Measurement Agent into a | |||
| Measurement System. | Measurement System. | |||
| Capabilities: Information about the performance measurement | Capabilities: Information about the performance measurement | |||
| skipping to change at page 11, line 23 ¶ | skipping to change at page 11, line 26 ¶ | |||
| and the details of the Report for it to send. It is the collective | and the details of the Report for it to send. It is the collective | |||
| description of the Measurement Task configurations, the configuration | description of the Measurement Task configurations, the configuration | |||
| of the Measurement Schedules, the configuration of the Report | of the Measurement Schedules, the configuration of the Report | |||
| Channel(s), the configuration of Report Schedule(s), and the details | Channel(s), the configuration of Report Schedule(s), and the details | |||
| of any suppression. | of any suppression. | |||
| Instruction Message: The message that carries an Instruction from a | Instruction Message: The message that carries an Instruction from a | |||
| Controller to a Measurement Agent. | Controller to a Measurement Agent. | |||
| Logging Information: Information about the operation of the | Logging Information: Information about the operation of the | |||
| Measurement Agent and which may be useful for debugging. | Measurement Agent, which may be useful for debugging. | |||
| Measurement Agent (MA): The function that receives Instruction | Measurement Agent (MA): The function that receives Instruction | |||
| Messages from a Controller and operates the Instruction by executing | Messages from a Controller and operates the Instruction by executing | |||
| Measurement Tasks (using protocols outside the initial LMAP work | Measurement Tasks (using protocols outside the initial LMAP work | |||
| scope and perhaps in concert with one or more other Measurement | scope and perhaps in concert with one or more other Measurement | |||
| Agents or Measurement Peers) and (if part of the Instruction) by | Agents or Measurement Peers) and (if part of the Instruction) by | |||
| reporting Measurement Results to a Collector or Collectors. | reporting Measurement Results to a Collector or Collectors. | |||
| Measurement Agent Identifier (MA-ID): a UUID [RFC4122] that | Measurement Agent Identifier (MA-ID): a UUID [RFC4122] that | |||
| identifies a particular MA and is configured as part of the | identifies a particular MA and is configured as part of the | |||
| skipping to change at page 13, line 39 ¶ | skipping to change at page 13, line 39 ¶ | |||
| specific types of MA before deployment to ensure that the end user | specific types of MA before deployment to ensure that the end user | |||
| experience is not impacted (due to CPU, memory or broadband-product | experience is not impacted (due to CPU, memory or broadband-product | |||
| constraints). However, a Measurement System may have several | constraints). However, a Measurement System may have several | |||
| Controllers. | Controllers. | |||
| 5. Protocol Model | 5. Protocol Model | |||
| A protocol model [RFC4101] presents an architectural model for how | A protocol model [RFC4101] presents an architectural model for how | |||
| the protocol operates and needs to answer three basic questions: | the protocol operates and needs to answer three basic questions: | |||
| 1. What problem is the protocol trying to achieve? | 1. What problem is the protocol trying to address? | |||
| 2. What messages are being transmitted and what do they mean? | 2. What messages are being transmitted and what do they mean? | |||
| 3. What are the important, but unobvious, features of the protocol? | 3. What are the important, but unobvious, features of the protocol? | |||
| An LMAP system goes through the following phases: | An LMAP system goes through the following phases: | |||
| o a Bootstrapping process before the MA can take part in the other | o a Bootstrapping process before the MA can take part in the other | |||
| three phases. | three phases. | |||
| skipping to change at page 17, line 4 ¶ | skipping to change at page 17, line 4 ¶ | |||
| <- Response(details) | <- Response(details) | |||
| The Instruction defines information with the following aims | The Instruction defines information with the following aims | |||
| ([I-D.ietf-lmap-information-model] defines the consequent list of | ([I-D.ietf-lmap-information-model] defines the consequent list of | |||
| information elements): | information elements): | |||
| o the Measurement Task configurations, each of which needs: | o the Measurement Task configurations, each of which needs: | |||
| * the Metric, specified as a URI to a registry entry; it includes | * the Metric, specified as a URI to a registry entry; it includes | |||
| the specification of a Measurement Method. The registry could | the specification of a Measurement Method. The registry could | |||
| be defined by the IETF [I-D.ietf-ippm-metric-registry], locally | be defined by a standards organisation or locally by the | |||
| by the operator of the Measurement System or perhaps by another | operator of the Measurement System. Note that, at the time of | |||
| standards organisation. | writing, the IETF works on such a registry specification | |||
| [I-D.ietf-ippm-metric-registry]. | ||||
| * the Measurement Method role. For some Measurement Methods, | * the Measurement Method role. For some Measurement Methods, | |||
| different parties play different roles; for example (figure A3 | different parties play different roles; for example (see | |||
| in the Appendix) an iperf sender and receiver. Each Metric and | Section 6.4) an iperf sender and receiver. Each Metric and its | |||
| its associated Measurement Method will describe all measurement | associated Measurement Method will describe all measurement | |||
| roles involved in the process. | roles involved in the process. | |||
| * a boolean flag (suppress or do-not-suppress) indicating if such | * a boolean flag (suppress or do-not-suppress) indicating if such | |||
| a Measurement Task is impacted by a Suppression message (see | a Measurement Task is impacted by a Suppression message (see | |||
| Section 5.2.2.1). Thus, the flag is an Input Parameter. | Section 5.2.2.1). Thus, the flag is an Input Parameter. | |||
| * any Input Parameters that need to be set for the Metric and the | * any Input Parameters that need to be set for the Metric and the | |||
| Measurement Method. For example, the address of a Measurement | Measurement Method. For example, the address of a Measurement | |||
| Peer (or other Measurement Agent) that may be involved in a | Peer (or other Measurement Agent) that may be involved in a | |||
| Measurement Task , or traffic filters associated with the | Measurement Task , or traffic filters associated with the | |||
| Observed Traffic Flow. | Observed Traffic Flow. | |||
| * if the device with the MA has multiple interfaces, then the | * if the device with the MA has multiple interfaces, then the | |||
| interface to use (if not defined, then the default interface is | interface to use (if not defined, then the default interface is | |||
| used). | used). | |||
| * optionally, a Cycle-ID. | * optionally, a Cycle-ID. | |||
| * optionally, the measurement point designation | * optionally, the measurement point designation [RFC7398] of the | |||
| [I-D.ietf-ippm-lmap-path] of the MA and, if applicable, of the | MA and, if applicable, of the MP or other MA. This can be | |||
| MP or other MA. This can be useful for reporting. | useful for reporting. | |||
| o configuration of the Schedules, each of which needs: | o configuration of the Schedules, each of which needs: | |||
| * the timing of when the Measurement Tasks are to be performed, | * the timing of when the Measurement Tasks are to be performed, | |||
| or the Measurement Reports are to be sent. Possible types of | or the Measurement Reports are to be sent. Possible types of | |||
| timing are periodic, calendar-based periodic, one-off immediate | timing are periodic, calendar-based periodic, one-off immediate | |||
| and one-off at a future time | and one-off at a future time | |||
| o configuration of the Report Channel(s), each of which needs: | o configuration of the Report Channel(s), each of which needs: | |||
| skipping to change at page 24, line 38 ¶ | skipping to change at page 24, line 44 ¶ | |||
| o the details of the Measurement Task (to avoid the Collector having | o the details of the Measurement Task (to avoid the Collector having | |||
| to ask the Controller for this information later). For example, | to ask the Controller for this information later). For example, | |||
| the interface used for the measurements. | the interface used for the measurements. | |||
| o the Cycle-ID, if one was included in the Instruction. | o the Cycle-ID, if one was included in the Instruction. | |||
| o perhaps the Subscriber's service parameters (see Section 5.4.1). | o perhaps the Subscriber's service parameters (see Section 5.4.1). | |||
| o the measurement point designation of the MA and, if applicable, | o the measurement point designation of the MA and, if applicable, | |||
| the MP or other MA, if the information was included in the | the MP or other MA, if the information was included in the | |||
| Instruction. This numbering system is defined in | Instruction. This numbering system is defined in [RFC7398] and | |||
| [I-D.ietf-ippm-lmap-path] and allows a Measurement Report to | allows a Measurement Report to describe abstractly the path | |||
| describe abstractly the path measured (for example, "from a MA at | measured (for example, "from a MA at a home gateway to a MA at a | |||
| a home gateway to a MA at a DSLAM"). Also, the MA can anonymise | DSLAM"). Also, the MA can anonymise results by including | |||
| results by including measurement point designations instead of IP | measurement point designations instead of IP addresses | |||
| addresses (Section 8.6.2). | (Section 8.6.2). | |||
| The MA sends Reports as defined by the Instruction. It is possible | The MA sends Reports as defined by the Instruction. It is possible | |||
| that the Instruction tells the MA to report the same Results to more | that the Instruction tells the MA to report the same Results to more | |||
| than one Collector, or to report a different subset of Results to | than one Collector, or to report a different subset of Results to | |||
| different Collectors. It is also possible that a Measurement Task | different Collectors. It is also possible that a Measurement Task | |||
| may create two (or more) Measurement Results, which could be reported | may create two (or more) Measurement Results, which could be reported | |||
| differently (for example, one Result could be reported periodically, | differently (for example, one Result could be reported periodically, | |||
| whilst the second Result could be an alarm that is created as soon as | whilst the second Result could be an alarm that is created as soon as | |||
| the measured value of the Metric crosses a threshold and that is | the measured value of the Metric crosses a threshold and that is | |||
| reported immediately). | reported immediately). | |||
| skipping to change at page 31, line 39 ¶ | skipping to change at page 31, line 46 ¶ | |||
| particular network, whereas using the default is better if the | particular network, whereas using the default is better if the | |||
| Measurement System wants to include the impact of the MA's interface | Measurement System wants to include the impact of the MA's interface | |||
| selection algorithm. In any case, the Measurement Result should | selection algorithm. In any case, the Measurement Result should | |||
| include the network that was measured. | include the network that was measured. | |||
| 6.2.5. Measurement Agent embedded in ISP network | 6.2.5. Measurement Agent embedded in ISP network | |||
| A MA may be embedded on a device that is part of an ISP's network, | A MA may be embedded on a device that is part of an ISP's network, | |||
| such as a router or switch. Usually the network devices with an | such as a router or switch. Usually the network devices with an | |||
| embedded MA will be strategically located, such as a Carrier Grade | embedded MA will be strategically located, such as a Carrier Grade | |||
| NAT or ISP Gateway. [I-D.ietf-ippm-lmap-path] gives many examples | NAT or ISP Gateway. [RFC7398] gives many examples where a MA might | |||
| where a MA might be located within a network to provide an | be located within a network to provide an intermediate measurement | |||
| intermediate measurement point on the end-to-end path. Other | point on the end-to-end path. Other examples include a network | |||
| examples include a network device whose primary role is to host MA | device whose primary role is to host MA functions and the necessary | |||
| functions and the necessary measurement protocol. | measurement protocol. | |||
| 6.3. Measurement Peer | 6.3. Measurement Peer | |||
| A Measurement Peer participates in some Measurement Methods. It may | A Measurement Peer participates in some Measurement Methods. It may | |||
| have specific functionality to enable it to participate in a | have specific functionality to enable it to participate in a | |||
| particular Measurement Method. On the other hand, other Measurement | particular Measurement Method. On the other hand, other Measurement | |||
| Methods may require no special functionality. For example if the | Methods may require no special functionality. For example if the | |||
| Measurement Agent sends a ping to example.com then the server at | Measurement Agent sends a ping to example.com then the server at | |||
| example.com plays the role of a Measurement Peer; or if the MA | example.com plays the role of a Measurement Peer; or if the MA | |||
| monitors existing traffic, then the existing end points are | monitors existing traffic, then the existing end points are | |||
| skipping to change at page 32, line 30 ¶ | skipping to change at page 32, line 38 ¶ | |||
| 6.4. Deployment examples | 6.4. Deployment examples | |||
| In this section we describe some deployment scenarios that are | In this section we describe some deployment scenarios that are | |||
| feasible within the LMAP framework defined in this document. | feasible within the LMAP framework defined in this document. | |||
| A very simple example of a Measurement Peer (MP) is a web server that | A very simple example of a Measurement Peer (MP) is a web server that | |||
| the MA is downloading a web page from (such as www.example.com) in | the MA is downloading a web page from (such as www.example.com) in | |||
| order to perform a speed test. The web server is a MP and from its | order to perform a speed test. The web server is a MP and from its | |||
| perspective, the MA is just another client; the MP doesn't have a | perspective, the MA is just another client; the MP doesn't have a | |||
| specific function for assisting measurements. This is described in | specific function for assisting measurements. This is described in | |||
| the figure A1. | the figure below. | |||
| ^ | ^ | |||
| +----------------+ Web Traffic +----------------+ non-LMAP | +------------------+ Web Traffic +----------------+ non-LMAP | |||
| |MA: Web Client |<------------>| MP: Web Server | Scope | | Web Client |<------------>| Web Server | Scope | |||
| | | +----------------+ | | | | +----------------+ | | |||
| ...|................|....................................V... | ...|..................|....................................V... | |||
| | LMAP interface | ^ | |MA:LMAP interface | <MP:> ^ | |||
| +----------------+ | | +------------------+ | | |||
| ^ | | | ^ | | | |||
| Instruction | | Report | | Instruction | | Report | | |||
| | +-----------------+ | | | +-----------------+ | | |||
| | | | | | | | | |||
| | v LMAP | | v LMAP | |||
| +------------+ +------------+ Scope | +------------+ +------------+ Scope | |||
| | Controller | | Collector | | | | Controller | | Collector | | | |||
| +------------+ +------------+ V | +------------+ +------------+ V | |||
| Schematic of LMAP-based Measurement System, | Schematic of LMAP-based Measurement System, | |||
| with Web server as Measurement Peer | with Web server as Measurement Peer | |||
| Another case that is slightly different than this would be the one of | Another case that is slightly different than this would be the one of | |||
| a TWAMP-responder. This is also a MP, with a helper function, the | a TWAMP-responder. This is also a MP, with a helper function, the | |||
| TWAMP server, which is specially deployed to assist the MAs that | TWAMP server, which is specially deployed to assist the MAs that | |||
| perform TWAMP tests. Another example is with a ping server, as | perform TWAMP tests. Another example is with a ping server, as | |||
| described in Section 2. | described in Section 2. | |||
| A further example is the case of a traceroute like measurement. In | A further example is the case of a traceroute like measurement. In | |||
| this case, for each packet sent, the router where the TTL expires is | this case, for each packet sent, the router where the TTL expires is | |||
| performing the MP function. So for a given Measurement Task, there | performing the MP function. So for a given Measurement Task, there | |||
| is one MA involved and several MPs, one per hop. | is one MA involved and several MPs, one per hop. | |||
| In figure A2 we depict the case of an OWAMP (One-Way Active | In the figure below we depict the case of an OWAMP (One-Way Active | |||
| Measurement Protocol) responder acting as an MP. In this case, the | Measurement Protocol) responder acting as an MP. In this case, the | |||
| helper function in addition reports results back to the MA. So it | helper function in addition reports results back to the MA. So it | |||
| has both a data plane and control interface with the MA. | has both a data plane and control interface with the MA. | |||
| +----------------+ OWAMP +----------------+ ^ | +------------------+ OWAMP +----------------+ ^ | |||
| | MA: OWAMP |<--control--->| MP: | | | | OWAMP |<--control--->| | | | |||
| | control-client |-test-traffic>| OWAMP server & | non-LMAP | | control-client |-test-traffic>| OWAMP server & | non-LMAP | |||
| | fetch-client & |<----fetch----| session-rec'ver| Scope | | fetch-client & |<----fetch----| session-rec'ver| Scope | |||
| | session-sender | | | | | | session-sender | | | | | |||
| | | +----------------+ | | | | +----------------+ | | |||
| ...|................|....................................v... | ...|..................|....................................v... | |||
| | LMAP interface | ^ | |MA:LMAP interface | <MP:> ^ | |||
| +----------------+ | | +------------------+ | | |||
| ^ | | | ^ | | | |||
| Instruction | | Report | | Instruction | | Report | | |||
| | +-----------------+ | | | +-----------------+ | | |||
| | | | | | | | | |||
| | v LMAP | | v LMAP | |||
| +------------+ +------------+ Scope | +------------+ +------------+ Scope | |||
| | Controller | | Collector | | | | Controller | | Collector | | | |||
| +------------+ +------------+ v | +------------+ +------------+ v | |||
| Schematic of LMAP-based Measurement System, | Schematic of LMAP-based Measurement System, | |||
| with OWAMP server as Measurement Peer | with OWAMP server as Measurement Peer | |||
| However, it is also possible to use two Measurement Agents when | However, it is also possible to use two Measurement Agents when | |||
| performing one way Measurement Tasks, as described in figure A3 | performing one way Measurement Tasks, as described in the figure | |||
| below. Both MAs are instructed by the Controller: MA-1 to send the | below. Both MAs are instructed by the Controller: MA-1 to send the | |||
| traffic and MA-2 to measure the received traffic and send Reports to | traffic and MA-2 to measure the received traffic and send Reports to | |||
| the Collector. Note that the Measurement Task at MA-2 can listen for | the Collector. Note that the Measurement Task at MA-2 can listen for | |||
| traffic from MA-1 and respond multiple times without having to be | traffic from MA-1 and respond multiple times without having to be | |||
| rescheduled. | rescheduled. | |||
| +----------------+ +----------------+ ^ | +----------------+ +----------------+ ^ | |||
| | MA-1: | | MA-2: | non-LMAP | | | | | non-LMAP | |||
| | iperf -u sender|-UDP traffic->| iperf -u recvr | Scope | | iperf -u sender|-UDP traffic->| iperf -u recvr | Scope | |||
| | | | | v | | | | | v | |||
| ...|................|..............|................|....v... | ...|................|..............|................|........ | |||
| | LMAP interface | | LMAP interface | ^ | | MA-1: | | MA-2: | ^ | |||
| +----------------+ +----------------+ | | | LMAP interface | | LMAP interface | | | |||
| ^ ^ | | | +----------------+ +----------------+ | | |||
| Instruction | Instruction{Report} | | Report | | ^ ^ | | | |||
| {task, | +-------------------+ | | | Instruction | Instruction{Report} | | Report | | |||
| schedule} | | | | | {task, | +-------------------+ | | | |||
| | | v LMAP | schedule} | | | | | |||
| +------------+ +------------+ Scope | | | v LMAP | |||
| | Controller | | Collector | | | +------------+ +------------+ Scope | |||
| +------------+ +------------+ v | | Controller | | Collector | | | |||
| +------------+ +------------+ v | ||||
| Schematic of LMAP-based Measurement System, with two | ||||
| Measurement Agents cooperating to measure UDP traffic | ||||
| Schematic of LMAP-based Measurement System, with two | ||||
| Measurement Agents cooperating to measure UDP traffic | ||||
| Next, we consider Measurement Methods that meter the Observed Traffic | Next, we consider Measurement Methods that meter the Observed Traffic | |||
| Flow. Traffic generated in one point in the network flowing towards | Flow. Traffic generated in one point in the network flowing towards | |||
| a given destination and the traffic is observed in some point along | a given destination and the traffic is observed in some point along | |||
| the path. One way to implement this is that the endpoints generating | the path. One way to implement this is that the endpoints generating | |||
| and receiving the traffic are not instructed by the Controller; hence | and receiving the traffic are not instructed by the Controller; hence | |||
| they are MPs. The MA is located along the path with a monitor | they are MPs. The MA is located along the path with a monitor | |||
| function that measures the traffic. The MA is instructed by the | function that measures the traffic. The MA is instructed by the | |||
| Controller to monitor that particular traffic and to send the Report | Controller to monitor that particular traffic and to send the Report | |||
| to the Collector. It is depicted in figure A4 below. | to the Collector. It is depicted in the figure below. | |||
| +--------+ +----------------+ +--------+ ^ | +--------+ +------------------+ +--------+ ^ | |||
| |End user| | MA: Monitor | Observed |End user| | | |End user| | Monitor | Observed |End user| | | |||
| | or MP |<--|----------------|--traffic-->| or MP | non-LMAP | | |<--|------------------|--traffic-->| | non-LMAP | |||
| | | | | flow | | Scope | | | | | flow | | Scope | |||
| +--------+ | | +--------+ | | +--------+ | | +--------+ | | |||
| ...|................|............................v.. | ...|..................|............................v.. | |||
| | LMAP interface | ^ | |MA:LMAP interface | <MP:> ^ | |||
| +----------------+ | | +------------------+ | | |||
| ^ | | | ^ | | | |||
| Instruction | | Report | | Instruction | | Report | | |||
| | +-----------------+ | | | +-----------------+ | | |||
| | | | | | | | | |||
| | v LMAP | | v LMAP | |||
| +------------+ +------------+ Scope | +------------+ +------------+ Scope | |||
| | Controller | | Collector | | | | Controller | | Collector | | | |||
| +------------+ +------------+ v | +------------+ +------------+ v | |||
| Schematic of LMAP-based Measurement System, | Schematic of LMAP-based Measurement System, | |||
| with a Measurement Agent monitoring traffic | with a Measurement Agent monitoring traffic | |||
| 7. Security considerations | 7. Security considerations | |||
| The security of the LMAP framework should protect the interests of | The security of the LMAP framework should protect the interests of | |||
| the measurement operator(s), the network user(s) and other actors who | the measurement operator(s), the network user(s) and other actors who | |||
| could be impacted by a compromised measurement deployment. The | could be impacted by a compromised measurement deployment. The | |||
| Measurement System must secure the various components of the system | Measurement System must secure the various components of the system | |||
| from unauthorised access or corruption. Much of the general advice | from unauthorised access or corruption. Much of the general advice | |||
| contained in section 6 of [RFC4656] is applicable here. | contained in section 6 of [RFC4656] is applicable here. | |||
| The process to upgrade the firmware in an MA is outside the scope of | The process to upgrade the firmware in an MA is outside the scope of | |||
| the initial LMAP work, similar to the protocol to bootstrap the MAs | the initial LMAP work, just as is the protocol to bootstrap the MAs. | |||
| (as specified in the charter). However, systems which provide remote | However, systems which provide remote upgrade must secure authorised | |||
| upgrade must secure authorised access and integrity of the process. | access and integrity of the process. | |||
| We assume that each Measurement Agent (MA) will receive its | We assume that each Measurement Agent (MA) will receive its | |||
| Instructions from a single organisation, which operates the | Instructions from a single organisation, which operates the | |||
| Controller. These Instructions must be authenticated (to ensure that | Controller. These Instructions must be authenticated (to ensure that | |||
| they come from the trusted Controller), checked for integrity (to | they come from the trusted Controller), checked for integrity (to | |||
| ensure no-one has tampered with them) and not vulnerable to replay | ensure no-one has tampered with them) and not vulnerable to replay | |||
| attacks. If a malicious party can gain control of the MA they can | attacks. If a malicious party can gain control of the MA they can | |||
| use it to launch DoS attacks at targets, create a platform for | use it to launch DoS attacks at targets, create a platform for | |||
| pervasive monitoring [RFC7258], reduce the end user's quality of | pervasive monitoring [RFC7258], reduce the end user's quality of | |||
| experience and corrupt the Measurement Results that are reported to | experience and corrupt the Measurement Results that are reported to | |||
| skipping to change at page 38, line 24 ¶ | skipping to change at page 38, line 34 ¶ | |||
| o Regulators: Public authorities responsible for exercising | o Regulators: Public authorities responsible for exercising | |||
| supervision of the electronic communications sector, and which may | supervision of the electronic communications sector, and which may | |||
| have access to sensitive information of individuals who | have access to sensitive information of individuals who | |||
| participate in a measurement campaign. Similarly, regulators | participate in a measurement campaign. Similarly, regulators | |||
| desire to protect the participants and their own sensitive | desire to protect the participants and their own sensitive | |||
| information. | information. | |||
| o Other LMAP system operators: Organisations who operate Measurement | o Other LMAP system operators: Organisations who operate Measurement | |||
| Systems or participate in measurements in some way. | Systems or participate in measurements in some way. | |||
| Although privacy is a protection extended to individuals, we include | Although privacy is a protection extended to individuals, we discuss | |||
| discussion of ISPs and other LMAP system operators in this section. | data protection by ISPs and other LMAP system operators in this | |||
| These organisations have sensitive information involved in the LMAP | section. These organisations have sensitive information involved in | |||
| system, and many of the same dangers and mitigations are applicable. | the LMAP system, and many of the same dangers and mitigations are | |||
| Further, the ISPs store information on their Subscribers beyond that | applicable. Further, the ISPs store information on their Subscribers | |||
| used in the LMAP system (for instance billing information), and there | beyond that used in the LMAP system (for instance billing | |||
| should be a benefit in considering all the needs and potential | information), and there should be a benefit in considering all the | |||
| solutions coherently. | needs and potential solutions coherently. | |||
| 8.2. Examples of sensitive information | 8.2. Examples of sensitive information | |||
| This section gives examples of sensitive information which may be | This section gives examples of sensitive information which may be | |||
| measured or stored in a Measurement System, and which is to be kept | measured or stored in a Measurement System, and which is to be kept | |||
| private by default in the LMAP core protocols. | private by default in the LMAP core protocols. | |||
| Examples of Subscriber or authorised Internet user sensitive | Examples of Subscriber or authorised Internet user sensitive | |||
| information: | information: | |||
| skipping to change at page 39, line 47 ¶ | skipping to change at page 40, line 10 ¶ | |||
| or whether they measure user traffic. | or whether they measure user traffic. | |||
| Measurement Tasks conducted on user traffic store sensitive | Measurement Tasks conducted on user traffic store sensitive | |||
| information, however briefly this storage may be. We note that some | information, however briefly this storage may be. We note that some | |||
| authorities make a distinction on time of storage, and information | authorities make a distinction on time of storage, and information | |||
| that is kept only temporarily to perform a communications function is | that is kept only temporarily to perform a communications function is | |||
| not subject to regulation (for example, active queue management, deep | not subject to regulation (for example, active queue management, deep | |||
| packet inspection). Such Measurement Tasks could reveal all the | packet inspection). Such Measurement Tasks could reveal all the | |||
| websites a Subscriber visits and the applications and/or services | websites a Subscriber visits and the applications and/or services | |||
| they use. This issue is not specific to LMAP. For instance, IPFIX | they use. This issue is not specific to LMAP. For instance, IPFIX | |||
| has addressed similar issues (see section 11.8 of [RFC7011]). | has discussed similar issues (see section 11.8 of [RFC7011]), but | |||
| mitigations described in the sections below were considered beyond | ||||
| their scope. | ||||
| Other types of Measurement Task are conducted on traffic which is | Other types of Measurement Task are conducted on traffic which is | |||
| created specifically for the purpose. Even if a user host generates | created specifically for the purpose. Even if a user host generates | |||
| Measurement Traffic, there is limited sensitive information about the | Measurement Traffic, there is limited sensitive information about the | |||
| Subscriber present and stored in the Measurement System: | Subscriber present and stored in the Measurement System: | |||
| o IP address in use (and possibly sub-IP addresses and names) | o IP address in use (and possibly sub-IP addresses and names) | |||
| o Status as a study volunteer and Schedule of Measurement Tasks | o Status as a study volunteer and Schedule of Measurement Tasks | |||
| skipping to change at page 42, line 34 ¶ | skipping to change at page 42, line 45 ¶ | |||
| communications model below illustrates the various exchanges to | communications model below illustrates the various exchanges to | |||
| execute such a Measurement Method and store the Results. | execute such a Measurement Method and store the Results. | |||
| We note the potential for additional observers in the figures below | We note the potential for additional observers in the figures below | |||
| by indicating the possible presence of a NAT, which has additional | by indicating the possible presence of a NAT, which has additional | |||
| significance to the protocols and direction of initiation. | significance to the protocols and direction of initiation. | |||
| The various messages are optional, depending on the nature of the | The various messages are optional, depending on the nature of the | |||
| Measurement Method. It may involve sending Measurement Traffic from | Measurement Method. It may involve sending Measurement Traffic from | |||
| the Measurement Peer to MA, MA to Measurement Peer, or both. | the Measurement Peer to MA, MA to Measurement Peer, or both. | |||
| Similarly, a second (or more) MAs may be involved. | Similarly, a second (or more) MAs may be involved. (Note: For | |||
| simplicity, the Figure and description don't show the non-LMAP | ||||
| functionality that is associated with the transfer of the Measurement | ||||
| Traffic and is located at the devices with the MA and MP.) | ||||
| _________________ _________________ | _________________ _________________ | |||
| | | | | | | | | | | |||
| |Measurement Peer |=========== NAT ? ==========|Measurement Agent| | |Measurement Peer |=========== NAT ? ==========|Measurement Agent| | |||
| |_________________| |_________________| | |_________________| |_________________| | |||
| <- (Key Negotiation & | <- (Key Negotiation & | |||
| Encryption Setup) | Encryption Setup) | |||
| (Encrypted Channel -> | (Encrypted Channel -> | |||
| Established) | Established) | |||
| (Announce capabilities -> | (Announce capabilities -> | |||
| skipping to change at page 44, line 16 ¶ | skipping to change at page 44, line 16 ¶ | |||
| Some Measurement Methods only involve a single Measurement Agent | Some Measurement Methods only involve a single Measurement Agent | |||
| observing existing traffic. They raise potential privacy issues, | observing existing traffic. They raise potential privacy issues, | |||
| although the specification of the mechanisms is beyond the scope of | although the specification of the mechanisms is beyond the scope of | |||
| the initial LMAP work. | the initial LMAP work. | |||
| The high-level communications model below illustrates the collection | The high-level communications model below illustrates the collection | |||
| of user information of interest with the Measurement Agent performing | of user information of interest with the Measurement Agent performing | |||
| the monitoring and storage of the Results. This particular exchange | the monitoring and storage of the Results. This particular exchange | |||
| is for measurement of DNS Response Time, which most frequently uses | is for measurement of DNS Response Time, which most frequently uses | |||
| UDP transport. | UDP transport. (Note: For simplicity, the Figure and description | |||
| don't show the non-LMAP functionality that is associated with the | ||||
| transfer of the Measurement Traffic and is located at the devices | ||||
| with the MA.) | ||||
| _________________ ____________ | _________________ ____________ | |||
| | | | | | | | | | | |||
| | DNS Server |=========== NAT ? ==========*=======| User client| | | DNS Server |=========== NAT ? ==========*=======| User client| | |||
| |_________________| ^ |____________| | |_________________| ^ |____________| | |||
| ______|_______ | ______|_______ | |||
| | | | | | | |||
| | Measurement | | | Measurement | | |||
| | Agent | | | Agent | | |||
| |______________| | |______________| | |||
| skipping to change at page 46, line 37 ¶ | skipping to change at page 46, line 37 ¶ | |||
| characteristics of an individual, and Identification as using this | characteristics of an individual, and Identification as using this | |||
| combination to infer identity. | combination to infer identity. | |||
| The main risk is that the LMAP system could unwittingly provide a key | The main risk is that the LMAP system could unwittingly provide a key | |||
| piece of the correlation chain, starting with an unknown Subscriber's | piece of the correlation chain, starting with an unknown Subscriber's | |||
| IP address and another piece of information. For example, a | IP address and another piece of information. For example, a | |||
| Subscriber utilised Internet access from 2000 to 2310 UTC, because | Subscriber utilised Internet access from 2000 to 2310 UTC, because | |||
| the Measurement Tasks were deferred, or sent a name resolution for | the Measurement Tasks were deferred, or sent a name resolution for | |||
| www.example.com at 2300 UTC. | www.example.com at 2300 UTC. | |||
| If a user's access with another system already gave away sensitive | ||||
| info, correlation is clearly easier and can result in re- | ||||
| identification, even when an LMAP conserves sensitive information to | ||||
| great extent. | ||||
| 8.5.4. Secondary use and disclosure | 8.5.4. Secondary use and disclosure | |||
| Sections 5.2.3 and 5.2.4 of [RFC6973] describes Secondary Use as | Sections 5.2.3 and 5.2.4 of [RFC6973] describes Secondary Use as | |||
| unauthorised utilisation of an individual's information for a purpose | unauthorised utilisation of an individual's information for a purpose | |||
| the individual did not intend, and Disclosure is when such | the individual did not intend, and Disclosure is when such | |||
| information is revealed causing other's notions of the individual to | information is revealed causing other's notions of the individual to | |||
| change, or confidentiality to be violated. | change, or confidentiality to be violated. | |||
| Measurement Methods that measure user traffic are a form of Secondary | Measurement Methods that measure user traffic are a form of Secondary | |||
| Use, and the Subscribers' permission should be obtained beforehand. | Use, and the Subscribers' permission should be obtained beforehand. | |||
| skipping to change at page 48, line 46 ¶ | skipping to change at page 48, line 51 ¶ | |||
| Protocol and injecting Measurement Results (known fingerprint, see | Protocol and injecting Measurement Results (known fingerprint, see | |||
| section 3.2 of [RFC6973]) for inclusion with the shared and | section 3.2 of [RFC6973]) for inclusion with the shared and | |||
| anonymised results, then fingerprinting those records to ascertain | anonymised results, then fingerprinting those records to ascertain | |||
| the anonymisation process. | the anonymisation process. | |||
| Beside anonymisation of measured Results for a specific user or | Beside anonymisation of measured Results for a specific user or | |||
| provider, the value of sensitive information can be further diluted | provider, the value of sensitive information can be further diluted | |||
| by summarising the results over many individuals or areas served by | by summarising the results over many individuals or areas served by | |||
| the provider. There is an opportunity enabled by forming anonymity | the provider. There is an opportunity enabled by forming anonymity | |||
| sets [RFC6973] based on the reference path measurement points in | sets [RFC6973] based on the reference path measurement points in | |||
| [I-D.ietf-ippm-lmap-path]. For example, all measurements from the | [RFC7398]. For example, all measurements from the Subscriber device | |||
| Subscriber device can be identified as "mp000", instead of using the | can be identified as "mp000", instead of using the IP address or | |||
| IP address or other device information. The same anonymisation | other device information. The same anonymisation applies to the | |||
| applies to the Internet Service Provider, where their Internet | Internet Service Provider, where their Internet gateway would be | |||
| gateway would be referred to as "mp190". | referred to as "mp190". | |||
| Another anonymisation technique is for the MA to include its Group-ID | Another anonymisation technique is for the MA to include its Group-ID | |||
| instead of its MA-ID in its Measurement Reports, with several MAs | instead of its MA-ID in its Measurement Reports, with several MAs | |||
| sharing the same Group-ID. | sharing the same Group-ID. | |||
| 8.6.3. Pseudonymity | 8.6.3. Pseudonymity | |||
| Section 6.1.2 of [RFC6973] indicates that pseudonyms, or nicknames, | Section 6.1.2 of [RFC6973] indicates that pseudonyms, or nicknames, | |||
| are a possible mitigation to revealing one's true identity, since | are a possible mitigation to revealing one's true identity, since | |||
| there is no requirement to use real names in almost all protocols. | there is no requirement to use real names in almost all protocols. | |||
| skipping to change at page 50, line 12 ¶ | skipping to change at page 50, line 16 ¶ | |||
| reduction and temporary storage mitigations as appropriate and | reduction and temporary storage mitigations as appropriate and | |||
| certified through code review. | certified through code review. | |||
| LMAP protocols, devices, and the information they store clearly need | LMAP protocols, devices, and the information they store clearly need | |||
| to be secure from unauthorised access. This is the hand-off between | to be secure from unauthorised access. This is the hand-off between | |||
| privacy and security considerations (Section 7). The Data Controller | privacy and security considerations (Section 7). The Data Controller | |||
| has the (legal) responsibility to maintain data protections described | has the (legal) responsibility to maintain data protections described | |||
| in the Subscriber's agreement and agreements with other | in the Subscriber's agreement and agreements with other | |||
| organisations. | organisations. | |||
| Finally, it is recommended that each entity in section 8.1, | ||||
| (individuals, ISPs, Regulators, others) assess the risks of LMAP data | ||||
| collection by conducting audits of their data protection methods. | ||||
| 9. IANA considerations | 9. IANA considerations | |||
| There are no IANA considerations in this memo. | There are no IANA considerations in this memo. | |||
| 10. Acknowledgments | 10. Acknowledgments | |||
| This document originated as a merger of three individual drafts: | This document originated as a merger of three individual drafts: | |||
| draft-eardley-lmap-terminology-02, draft-akhter-lmap-framework-00, | draft-eardley-lmap-terminology-02, draft-akhter-lmap-framework-00, | |||
| and draft-eardley-lmap-framework-02. | and draft-eardley-lmap-framework-02. | |||
| skipping to change at page 55, line 9 ¶ | skipping to change at page 55, line 18 ¶ | |||
| security directorate review (Radia Perlman). | security directorate review (Radia Perlman). | |||
| 11.10. From -09 to -10 | 11.10. From -09 to -10 | |||
| o More changes from the AD review (Benoit Claise). | o More changes from the AD review (Benoit Claise). | |||
| 11.11. From -10 to -11 | 11.11. From -10 to -11 | |||
| o More changes from the AD review (Benoit Claise). | o More changes from the AD review (Benoit Claise). | |||
| 11.12. From -11 to -12 | ||||
| o Fixing nits from IETF Last call and authors. | ||||
| 11.13. From -12 to -13 | ||||
| o IESG changes. | ||||
| 11.14. From -13 to -14 | ||||
| o Fixing Figure 1. | ||||
| 12. Informative References | 12. Informative References | |||
| [Bur10] Burkhart, M., Schatzmann, D., Trammell, B., and E. Boschi, | [Bur10] Burkhart, M., Schatzmann, D., Trammell, B., and E. Boschi, | |||
| "The Role of Network Trace anonymisation Under Attack", | "The Role of Network Trace anonymisation Under Attack", | |||
| January 2010. | January 2010. | |||
| [TR-069] TR-069, , "CPE WAN Management Protocol", | [TR-069] TR-069, , "CPE WAN Management Protocol", | |||
| http://www.broadband-forum.org/technical/trlist.php, | http://www.broadband-forum.org/technical/trlist.php, | |||
| November 2013. | November 2013. | |||
| skipping to change at page 56, line 21 ¶ | skipping to change at page 56, line 42 ¶ | |||
| Multiple-Interface Hosts", RFC 6419, November 2011. | Multiple-Interface Hosts", RFC 6419, November 2011. | |||
| [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. | [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. | |||
| Selkirk, "Port Control Protocol (PCP)", RFC 6887, April | Selkirk, "Port Control Protocol (PCP)", RFC 6887, April | |||
| 2013. | 2013. | |||
| [I-D.ietf-lmap-information-model] | [I-D.ietf-lmap-information-model] | |||
| Burbridge, T., Eardley, P., Bagnulo, M., and J. | Burbridge, T., Eardley, P., Bagnulo, M., and J. | |||
| Schoenwaelder, "Information Model for Large-Scale | Schoenwaelder, "Information Model for Large-Scale | |||
| Measurement Platforms (LMAP)", draft-ietf-lmap- | Measurement Platforms (LMAP)", draft-ietf-lmap- | |||
| information-model-03 (work in progress), January 2015. | information-model-05 (work in progress), April 2015. | |||
| [RFC6235] Boschi, E. and B. Trammell, "IP Flow Anonymization | [RFC6235] Boschi, E. and B. Trammell, "IP Flow Anonymization | |||
| Support", RFC 6235, May 2011. | Support", RFC 6235, May 2011. | |||
| [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., | |||
| Morris, J., Hansen, M., and R. Smith, "Privacy | Morris, J., Hansen, M., and R. Smith, "Privacy | |||
| Considerations for Internet Protocols", RFC 6973, July | Considerations for Internet Protocols", RFC 6973, July | |||
| 2013. | 2013. | |||
| [I-D.ietf-ippm-lmap-path] | ||||
| Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and | ||||
| A. Morton, "A Reference Path and Measurement Points for | ||||
| Large-Scale Measurement of Broadband Performance", draft- | ||||
| ietf-ippm-lmap-path-07 (work in progress), October 2014. | ||||
| [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. | [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. | |||
| Zekauskas, "A One-way Active Measurement Protocol | Zekauskas, "A One-way Active Measurement Protocol | |||
| (OWAMP)", RFC 4656, September 2006. | (OWAMP)", RFC 4656, September 2006. | |||
| [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. | [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. | |||
| Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", | Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", | |||
| RFC 5357, October 2008. | RFC 5357, October 2008. | |||
| [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between | [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between | |||
| Information Models and Data Models", RFC 3444, January | Information Models and Data Models", RFC 3444, January | |||
| 2003. | 2003. | |||
| [RFC7398] Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and | ||||
| A. Morton, "A Reference Path and Measurement Points for | ||||
| Large-Scale Measurement of Broadband Performance", RFC | ||||
| 7398, February 2015. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Philip Eardley | Philip Eardley | |||
| BT | BT | |||
| Adastral Park, Martlesham Heath | Adastral Park, Martlesham Heath | |||
| Ipswich | Ipswich | |||
| ENGLAND | ENGLAND | |||
| Email: philip.eardley@bt.com | Email: philip.eardley@bt.com | |||
| skipping to change at page 57, line 32 ¶ | skipping to change at page 58, line 4 ¶ | |||
| Marcelo Bagnulo | Marcelo Bagnulo | |||
| Universidad Carlos III de Madrid | Universidad Carlos III de Madrid | |||
| Av. Universidad 30 | Av. Universidad 30 | |||
| Leganes, Madrid 28911 | Leganes, Madrid 28911 | |||
| SPAIN | SPAIN | |||
| Phone: 34 91 6249500 | Phone: 34 91 6249500 | |||
| Email: marcelo@it.uc3m.es | Email: marcelo@it.uc3m.es | |||
| URI: http://www.it.uc3m.es | URI: http://www.it.uc3m.es | |||
| Trevor Burbridge | Trevor Burbridge | |||
| BT | BT | |||
| Adastral Park, Martlesham Heath | Adastral Park, Martlesham Heath | |||
| Ipswich | Ipswich | |||
| ENGLAND | ENGLAND | |||
| Email: trevor.burbridge@bt.com | Email: trevor.burbridge@bt.com | |||
| Paul Aitken | Paul Aitken | |||
| Brocade | Brocade | |||
| Edinburgh, Scotland EH6 6LX | Edinburgh, Scotland | |||
| UK | UK | |||
| Email: paitken@brocade.com | Email: paitken@brocade.com | |||
| Aamer Akhter | Aamer Akhter | |||
| LiveAction | Consultant | |||
| 118 Timber Hitch | 118 Timber Hitch | |||
| Cary, NC | Cary, NC | |||
| USA | USA | |||
| Email: aakhter@gmail.com | Email: aakhter@gmail.com | |||
| End of changes. 56 change blocks. | ||||
| 193 lines changed or deleted | 231 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||