< draft-quittek-psamp-ipfix-00.txt   draft-quittek-psamp-ipfix-01.txt >
Internet Draft J. Quittek Internet Draft J. Quittek
Document: draft-quittek-psamp-ipfix-00.txt NEC Europe Ltd. Document: draft-quittek-psamp-ipfix-01.txt NEC Europe Ltd.
Expires: April 2003 Expires: August 2003 B. Claise
October 2002 Cisco Systems
February 2003
On the Relationship between PSAMP and IPFIX On the Relationship between PSAMP and IPFIX
<draft-quittek-psamp-ipfix-00.txt> <draft-quittek-psamp-ipfix-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. Internet-Drafts are all provisions of Section 10 of RFC 2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its Working Groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six
and may be updated, replaced, or obsoleted by other documents at any months and may be updated, replaced, or obsoleted by other documents
time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as
material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Distribution of this document is unlimited. Distribution of this document is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
This memo discusses the relationship between the packet sampling This memo discusses the relationship between the packet sampling
(PSAMP) working group and the IP flow information export (IPFIX) (PSAMP) Working Group and the IP flow information export (IPFIX)
working group. The goals of writing this memo are: avoiding Working Group. The goals of writing this memo are: avoiding
duplication of work, increase mutual benefits between the groups, and duplication of work, increase mutual benefits between the groups,
harmonize the documents and standards developed by the groups. and harmonize the documents and standards developed by the groups.
Therefore, potential overlap of both group's activities is analyzed, Therefore, potential overlap of both group's activities is analyzed,
activities in both groups that potentially complement each other are activities in both groups that potentially complement each other are
pointed out, and common issues are listed that should be harmonized pointed out, and common issues are listed that should be harmonized
between the groups. between the groups.
Table of Contents Table of Contents
1 Introduction ................................................. 2 1. Introduction...................................................2
2 Working Group Goals .......................................... 3 2. Working Group Goals............................................3
2.1 IPFIX Goals ................................................ 3 2.1 IPFIX Goals................................................3
2.2 PSAMP Goals ................................................ 4 2.2 PSAMP Goals................................................4
3 Architectures ................................................ 4 3. Architecture...................................................5
3.1 IPFIX Architecture ......................................... 5 3.1 IPFIX Architecture.........................................5
3.2 PSAMP Architecture ......................................... 5 3.2 PSAMP Architecture.........................................6
3.3 Achitecture Comparison ..................................... 6 4. PSAMP and IPFIX Comparison.....................................7
4 Potential Overlap, Complement, and Harmonization ............. 7 4.1 Architectural Comparison...................................7
4.1 Terminology ................................................ 7 4.2 Conceptual Comparison......................................8
4.2 Packet selection and sampling model ........................ 7 5. Potential Overlap, Complement, and Harmonization...............9
4.3 PSAMP as IPFIX component ................................... 7 5.1 Terminology................................................9
4.3.1 Packet Sampling .......................................... 7 5.2 Packet selection and sampling model........................9
4.3.2 Packet Selection ......................................... 8 5.2.1 PSAMP as an IPFIX component: packet sampling.........9
4.4 IPFIX export for PSAMP ..................................... 8 5.2.2 PSAMP as an IPFIX component: packet selection.......10
4.4.1 Information Model ........................................ 8 5.3 IPFIX export for PSAMP....................................10
4.4.2 Export Protocol .......................................... 8 5.3.1 Information Model...................................11
4.5 Configuration .............................................. 9 5.3.2 Export Protocol.....................................11
5 Security Considerations ...................................... 9 5.4 Configuration.............................................11
6 References ................................................... 9 6. Security Considerations.......................................12
7 Author's Address ............................................. 10 7. References....................................................12
8 Full Copyright Statement ..................................... 10 8. Acknwoldgements...............................................13
9. AuthorÆs Addresses............................................13
1. Introduction 1. Introduction
The packet sampling (PSAMP) working group and the IP flow information The packet sampling (PSAMP) Working Group and the IP flow
export (IPFIX) working group both aim at standardizing technology for information export (IPFIX) Working Group both aim at standardizing
observing traffic a network devices and for exporting some part of technology for observing traffic from network devices and for
the observation to other devices. Also, both working groups consider exporting some part of the observation. Also, both Working Groups
packet sampling as a component of their technology. While for the consider packet sampling as a component of their technology. While
IPFIX WG packet sampling is just one out of many components for the IPFIX Working Group packet sampling is just one out of many
considered, it is the focus of the PSAMP WG. components considered, it is the focus of the PSAMP Working Group.
This memo discusses the relationship between the two WGs. The goals This memo discusses the relationship between the two Working Groups.
of writing this memo are: The goals of writing this memo are:
- avoiding duplication of work, - avoiding duplication of work,
- increase mutual benefits between the groups, - increase mutual benefits between the groups,
- harmonize the documents and standards developed by the groups. - harmonize the documents and standards developed by the groups.
In order to achive this, the following issues are analyzed: In order to achieve this, the following issues are analyzed:
- potential overlap of both group's activities, - potential overlap of both group's activities,
- potential mutual complements between the groups, - potential mutual complements between the groups,
- common issues that should be harmonized. - common issues that should be harmonized.
The analysis start with brief summaries of each WG's goal and a The analysis start with brief summaries of each Working Group's goal
comparison of the respective architectures. Then four ... and a comparison of the respective architectures.
2. Working Group Goals 2. Working Group Goals
The following is a brief summary of the goals of the two working The following is a brief summary of the goals of the two Working
groups. A more detailed description can be found in the respective Groups. A more detailed description can be found in the respective
working group charters at http://www.ietf.org/html.charters/psamp- Working Group charters at http://www.ietf.org/html.charters/psamp-
charter.html and http://www.ietf.org/html.charters/ipfix- charter.html and http://www.ietf.org/html.charters/ipfix-
charter.html. charter.html.
2.1. IPFIX Goals 2.1 IPFIX Goals
The IP flow information export (IPFIX) working group was estabished The IP flow information export (IPFIX) Working Group was established
in October 2001 with the goal to select a protocol for IP flow in October 2001 with the goal to select a protocol for IP flow
inforamtion export out of devices measuring network traffic. The information export out of devices measuring network traffic. The
working goup's charter lists the following steps: Working Group's charter lists the following steps:
- Define the notion of a "standard IP flow". - Define the notion of a "standard IP flow".
- Devise data encodings for IP flows. - Devise data encodings for IP flows.
- Consider the notion of IP flow information export based upon - Consider the notion of IP flow information export based upon
packet sampling. packet sampling.
- Identify and address any security privacy concerns affecting - Identify and address any security privacy concerns affecting
flow data. flow data.
- Specify the transport mapping for carrying IP flow information - Specify the transport mapping for carrying IP flow information
(IETF approved congestion-aware transport protocol)
- Ensure that the flow export system is reliable and efficient. - Ensure that the flow export system is reliable and efficient
(in that it will minimize the likelihood of flow data being
lost due to resource constraints in the exporter or receiver
and to accurately report such loss if it occurs)
The output of the group will be structured into four documents: The output of the group will be structured into four documents:
o Requirements for IP flow inforamtion export o Requirements for IP flow information export
o IP flow information architecture o IP flow information architecture
o IP flow information export information model o IP flow information export information model
o IP flow information export applicability o IP flow information export applicability
The protocol itself should not be developed by the working group but The protocol itself should not be developed by the Working Group but
selected out of already existing protocols or protocols developed for selected out of already existing protocols or protocols developed
this purpose externally of the IETF. for this purpose externally of the IETF. Once the protocol will be
selected out, small modifications will be brought to it to make it
fully compliant to the IPFIX requirement draft.
The focus of the working group is on improving and standardizing The focus of the Working Group is on improving and standardizing
existing state-of-the-art technology and common practise. existing state-of-the-art technology and common practice.
2.2. PSAMP Goals 2.2 PSAMP Goals
The packet sampling (PSAMP) working group was established in August The packet sampling (PSAMP) Working Group was established in August
2002 with the goals of 2002 with the goals of
- specifying a set of selection operations by which packets are - specifying a set of selection operations by which packets are
sampled sampled.
- specifying the information that is to be made available for - specifying the information that is to be made available for
reporting on sampled packets reporting on sampled packets.
- describing protocols by which information on sampled packets is - describing protocols by which information on sampled packets is
reported to applications reported to applications.
- describing protocols by which packet selection and reporting - describing protocols by which packet selection and reporting
configured. configured.
In contrast to IPFIX, the PSAMP WG is chartered to develop new In contrast to IPFIX, the PSAMP Working Group is chartered to
technology that is not already widely available and for which a develop new technology that is not already widely available and for
common practise does not exist, so far. which a common practice does not exist, so far.
The output of the group will be structured into four documents: The output of the group will be structured into five documents:
o Framework document o Framework document
o Packet selector and packet information document o Packet selector and packet information document
o Report format and report stream format document o Report format and report stream format document
o Export and requirements for collectors document o Export and requirements for collectors document
o MIB document o MIB document
3. Architectures 3. Architecture
For both working groups, architectures are still under definition. For both Working Groups, architectures are still under definition.
This memo tries to sketch the basic architectures as they ar This memo tries to sketch the basic architectures as they are
currently being discussed in [IPFIX-REQ],[IPFIX-ARCH],[PSAMP-FRM], currently being discussed in [IPFIX-REQ],[IPFIX-ARCH],[PSAMP-FRM],
and [PSAMP-PSS]. These architecture snapshots are used in the and [PSAMP-PSS]. These architecture snapshots are used in the
diuscussion of potential overlaps and complements furhter below. It discussion of potential overlaps and complements further below. It
should be noted that during architecture development, both should be noted that during architecture development, both
architectures might evolve such that some of the arguments stated architectures might evolve such that some of the arguments stated
below in this memo do not hold anymore. below in this memo do not hold anymore.
3.1. IPFIX Architecture 3.1 IPFIX Architecture
Please note that the [IPFIX-ARCH] draft has been put ôon holdö until
the [IPFIX-REQ] is finalized and the base IPFIX protocol has been
chosen amongst the candidate protocols. As a consequence, the IPIFX
architecture paragraph below is not based on [IPFIX-ARCH] but on
[IPFIX-REQ].
The IPFIX architecture contains six main components: observation The IPFIX architecture contains six main components: observation
point, metering process, flow records, exporting process, export point, metering process, flow records, exporting process, export
protocol, and collecting process [IPFIX-REQ]. protocol, and collecting process [IPFIX-REQ].
At the observation point, IP packets are observed. Observed packets At the observation point, IP packets are observed. Observed packets
are metered by the metering process. Metering results are stored in are metered by the metering process. Metering results are stored in
flow records. The exporting process exports information stored in flow records. The exporting process exports information stored in
flow records to the collecting process. flow records to the collecting process.
+------+ packet +-------+ flow +-------+ flow +-------+ +------+ packet +-------+ flow +-------+ flow +-------+
|obser-| headers|meter- | records|export-| records |collec-| |obser-| headers|meter- | records|export-| records |collec-|
|vation+------->|ing +------->|ing +-------->|ting | |vation+------->|ing +------->|ing +-------->|ting |
|point | |process| |process| IPFIX |process| |point | |process| |process| IPFIX |process|
+------+ +-------+ +-------+ protocol+-------+ +------+ +-------+ +-------+ protocol+-------+
Figure 1: Sketch of the basic IPFIX architecture Figure 1: Sketch of the basic IPFIX architecture
Possible entity relationships between these components are not Possible entity relationships between these components are not
completely defined, yet. However, in general the assumption holds completely defined, yet. However, in general the assumption holds
that each component may have several instances. that each component may have several instances.
According to [IPFIX-REQ], the metering process can be divided into According to [IPFIX-REQ], the metering process can be divided into
packet header capturing, timestamping, classifying, and maintaining packet header capturing, timestamping, classifying, and maintaining
flow records. Before any of these functions, sampling may be applied. flow records. Before any of these functions, sampling may be
applied.
packet header capturing packet header capturing
| |
timestamping timestamping
| |
v v
+----->+ +----->+
| | | |
| classifying | classifying
| | | |
+------+ +------+
| |
maintaining flow records maintaining flow records
| |
v v
Figure 2: Functions of the metering process, from [IPFIX-REQ] Figure 2: Functions of the metering process, from [IPFIX-REQ]
3.2. PSAMP Architecture 3.2 PSAMP Architecture
PSAMP architecture development is even at an earlier stage than the PSAMP architecture development is even at an earlier stage than the
IPFIX architecture. Therefore, the potential changes until IPFIX architecture. Therefore, the potential changes until
completion are potentially more significant. completion are potentially more significant.
Basically, the PSAMP architecture contains XX main components: Basically, the PSAMP architecture contains 6 main components, as
observation point, packet sampling and selecting process, packet defined in [PSAMP-FRM]: observation point, selection process, the
exporting process, collecting process, and packet sampling reporting process (packet reports and report information), the
configuration [PSAMP-FRM]. export process and the collector. On the top of these components,
the configuration management is clearly indicated as one of the
charter goals.
+--------------------------+ +------------------------------------------+
---->| Configuration +<-----------+ ---->| Configuration +<-----------+
+----+-----------------+---+ | +----+-----------------+---------------+---+ |
| | | | | | |
v v | v v v |
+------+ pack- +---------+ packet +-------+ packet +---+---+ +------+ +-------+ +-------+ packet +-------+ packet +---+---+
|obser-| ets |selecting| infor- |export-| infor- |collec-| |obser-| packet |select-| packet |report-| report |export | report |collec-|
|vation+------>|&sampling+------->|ing +------->|ting | |vation+------->|ion +------->|ing +------->|process|------->|tor |
|point | |process | mation |process| mation |process| |point | header |process| header |process| report | | report | |
+------+ +---------+ +-------+ +-------+ +------+ +-------+ +-------+ info. +-------+ info. +-------+
Figure 3: Sketch of the basic PSAMP architecture Figure 3: Sketch of the basic PSAMP architecture
Packets are observed at the observation point and selected and/or Packets headers (and some subsequent bytes of the packet, and
sampled by the selecting and sampling process [PSAMP-PSS]. The encapsulating headers if present) are observed at the observation
generated per packet information is exported by an exporting process point and selected and/or sampled by the selection process. The
to a collecting process. The selecting and sampling process and the selection process can be based on filtering, sampling, and/or
exporting process are configured either based on external input or by hashing functions and for selecting packets.
feedback from the collector. The generated per packet information, composed of the packet report
and report information is reported by the reporting process before
being exported by an export process to a collecting process. The
selection, reporting process and export process are configured
either based on external input or by feedback from the collector.
Again, entity relationships between these components are not clear, Again, entity relationships between these components are not clear,
yet, but it can be assumed that each component may have multiple yet, but it can be assumed that each component may have multiple
instances. instances.
3.3. Achitecture Comparison 4. PSAMP and IPFIX Comparison
The basic structure of both architectures is quite similar, but there 4.1 Architectural Comparison
are two significant architectural differences that can be observed.
The first one contains the information that is gathered and exported. The basic structure of both architectures is quite similar, but
IPFIX produces and exports flow records containing information per there are three significant architectural differences that can be
flow. This information is created based on the observation of a observed.
potentially large number of packets. In contrast, PSAMP generates
and exports information per packet. Consequently, the PSAMP
architecture contains a selecting and sampling process where the
IPFIX architecture uses a more complex metering process.
The second difference concerns configuration. It is an explicit goal The first one contains the information that is gathered and
of the PSAMP WG to define ways of configuring the packet selecting exported. IPFIX produces and exports flow records containing
and sampling process and the exporting process. For IPFIX, information per flow. This information is created based on the
observation of a potentially large number of packets. In contrast,
PSAMP generates and exports information per packet. Consequently,
the PSAMP architecture contains a selecting and sampling process
where the IPFIX architecture uses a more complex metering process.
The second difference concerns configuration. It is an explicit goal
of the PSAMP Working Group to define ways of configuring the packet
selecting and sampling process and the exporting process. For IPFIX,
configuration of metering process and exporting process is mentioned configuration of metering process and exporting process is mentioned
in the requirements document, but there are no plans yet for in the requirements document, but there are no plans yet for
standardizing IPFIX configuration. standardizing IPFIX configuration.
4. Potential Overlap, Complement, and Harmonization The next difference concerns the export(ing) process. The PSAMP
charter specifices ôNetwork elements shall support multiple parallel
packet samplers, each with independently configurable packet
selectors, reports, report streams, and export.ö. There is one
exporting process for all the metering process in most of the IPFIX,
cases: the exception comes the ôSpecial Device Considerations
sectionö. Anyway, this implies that a global congestion avoiding
protocol is sufficient per metering process for IPFIX, while PSAMP
requires this congestion avoiding protocol per packet sampler.
4.1. Terminology 4.2 Conceptual Comparison
The basic concept of IPFIX and PSAMP are quite similar: observing
traffic from network devices and exporting some part of this
observation. But there are three differences that can be observed.
Both IPFIX metering process and PSAMP selection process can select
observed packets based on packet header content and packet
treatement. Nevertheless, the difference is that the PSAMP selection
process can compute some values out of the observed packet, i.e a
hash value. This hash value can be used as a selector by the
selection process.
Another difference between IPFIX and PSAMP is that PSAMP might
report information about "subsequent bytes of the packet and
encapsulation headers if present" while IPFIX concentrates on
reporting information on the IP packet header only.
5. Potential Overlap, Complement, and Harmonization
5.1 Terminology
As the architecture sketches in Figures 1 and 3 show that there are As the architecture sketches in Figures 1 and 3 show that there are
several similarities between PSAMP and IPFIX. Both working groups several similarities between PSAMP and IPFIX. Both Working Groups
address the same general subject of observing IP traffic, processing address the same general subject of observing IP traffic, processing
the observation, and exporting the obtained information. the observation, and exporting the obtained information.
Therefore, it is desirable and appears to be quite feasible to agree Therefore, it is desirable and appears to be quite feasible to agree
on a common terminology to be used by both working groups. on a common terminology to be used by both Working Groups.
4.2. Packet selection and sampling model 5.2 Packet selection and sampling model
The PSAMP WG already started developing a model for packet selection The PSAMP Working Group already started developing a model for
and packet sampling [PSAMP-PSS]. In the IPFIX WG this issue will packet selection and packet sampling [PSAMP-PSS]. In the IPFIX
probably not be specified in detail in any of the documents. They Working Group this issue will probably not be specified in detail in
are mentioned implicitly or explicitly as functions of the IPFIX any of the documents. They are mentioned implicitly or explicitly as
metering process, but the model of seleting and sampling appears to functions of the IPFIX metering process, but the goal of IPFIX being
be vague. The IPFIX WG should consider using the PSAMP model when to standardize the Flow Information eXport, the metering process is
discussing packet selection and sampling. only briefly discussed; and only the metering process features that
could influence the export protocol or information model are
discussed (for example: metering process reliability or sampling).
The IPFIX Working Group should consider using the PSAMP model when
discussing packet selection and sampling. The PSAMP Working Group
specification of sampling functions [PSAMP-PSS] should be re-used by
the IPFIX Working Group for defining the sampling function of the
metering process.
4.3. PSAMP as IPFIX component 5.2.1 PSAMP as an IPFIX component: packet sampling
The metering process of IPFIX (shown in Figure 2) contains capturing The metering process of IPFIX (shown in Figure 2) contains capturing
packet headers as first step. This function could be provided by a packet headers as first step. In case sampling is required, this
component implementing the PSAMP architecture in two different ways. function could be provided by a component implementing the PSAMP
architecture.
The IPFIX metering process can serve as PSAMP collecting process.
Then packet information sampled by a PSAMP component could be send
from the PSAMP exporting process to the IPFIX metering process using
the PSAMP protocol. Alternatively, without using a standardized
protocol or API, the PSAMP selecting ans sampling process could
directly provide packet information to the IPFIX metering process.
In both cases, the PSAMP component would perform the packet header
capturing function and the sampling function of the IPFIX metering
process, and potenitlally also the timestamping function.
4.3.1. Packet Sampling
The IPFIX metering process considers the applicaton of a sampling sampled
function before each of its other functions. But so far, the IPFIX +------+ packet +-------+ flow +-------+ flow +-------+
working group has not made an effort to clearly specify the sampling | | headers |meter- | records|export-| records |collec-|
function. |PSAMP +-------->|ing +------->|ing +-------->|ting |
| | |process| |process| IPFIX |process|
+------+ +-------+ +-------+ protocol+-------+
The specification of sampling functions started already in the PSAMP So the PSAMP architecture could be used as input for the IPFIX
WG [PSAMP-PSS] should be re-used by the IPFIX WG for defining the metering process, the IPFIX metering process serving as PSAMP
sampling function of the metering process. collecting process. Whether we would use the export protocol itself
to send the sampled packets headers to the IPFIX metering process or
not (API for example), should be discussed. In both cases, the PSAMP
component would perform the packet header capturing function and the
sampling function of the IPFIX metering process, and potentially
also the timestamping function.
4.3.2. Packet Selection 5.2.2 PSAMP as an IPFIX component: packet selection
The IPFIX architecture does not explicitly talk about packet The IPFIX architecture does not explicitly talk about packet
selection, but the packet header classification function of the IPFIX selection, but the packet header classification function (for
metering process implicitly includes the option of packet selection: example filtering) of the IPFIX metering process implicitly includes
For packet headers that cannot be matched to already existing flow the option of packet selection: for packet headers that cannot be
records, a decision need to be made on whether or not to create a new matched to already existing flow records, a decision need to be made
flow record for this packet. on whether or not to create a new flow record for this packet.
An explicit packet selection performed by a PSAMP component could An explicit packet selection performed by a PSAMP component could
contribute to this function of the IPFIX metering process, for contribute to this function of the IPFIX metering process, for
example by already filtering all packets for which no flow record example by already filtering all packets for which no flow record
would be generated. would be generated.
4.4. IPFIX export for PSAMP filtered
+------+ packet +-------+ flow +-------+ flow +-------+
| | headers |meter- | records|export-| records |collec-|
|PSAMP +-------->|ing +------->|ing +-------->|ting |
| | |process| |process| IPFIX |process|
+------+ +-------+ +-------+ protocol+-------+
The PSAMP component would also potentially perform the timestamping
function.
5.3 IPFIX export for PSAMP
PSAMP needs to specify an information model, a data model, and a PSAMP needs to specify an information model, a data model, and a
protocol for exporting packet information. This is similar to the protocol for exporting packet information. This is similar to the
task of IPFIX, where the same kind of specifications is required for task of IPFIX, where the same kind of specifications is required for
the export of flow records. IPFIX already made good progress in the export of flow records. IPFIX already made good progress in
specifying an information model [IPFIX-INFO] and the selection of a specifying an information model [IPFIX-INFO] and the selection of a
protocol is progressing. protocol is progressing.
4.4.1. Information Model 5.3.1 Information Model
Therefore, the PSAMP WG should discuss, whether or not output of the Therefore, the PSAMP Working Group should discuss, whether or not
IPFIX WG can be used. The IPFIX flow information model may already output of the IPFIX Working Group can be used. The IPFIX flow
include all information required for modeling packet information. information model may already include all information required for
The PSAMP WG could perform data modeling by just aelectiing a subset modeling packet information. The PSAMP Working Group could perform
of the IPFIX data model to be used. If the IPFIX model would be fine data modeling by just selecting a subset of the IPFIX data model to
in general for PSAMP, but a few packet attributes are missing, then be used. If the IPFIX model would be fine in general for PSAMP, but
it should be prefered to the IPFIX WG should be asked to extend their a few packet attributes are missing, then it should be preferred to
data model by the missing attributes instead of defining PSAMP the IPFIX Working Group should be asked to extend their information
extensions of the model. model by the missing attributes instead of defining PSAMP extensions
of the model (for example a new data type for the hash key, if a
hash key is defined in the PSAMP Working Group).
4.4.2. Export Protocol 5.3.2 Export Protocol
If the IPFIX information model can be adopted by PSAMP, then there is If the IPFIX information model can be adopted by PSAMP, then there
potential to also use the IPFIX data model and protocol for PSAMP. is potential to also use the IPFIX data model and protocol for
PSAMP.
In general, this should be possible, because an extreme case of a In general, this should be possible, because an extreme case of a
flow is a flow containing just a single packet. This is supported by flow is a flow containing just a single packet. This is supported by
IPFIX. Furthermore, [IPFIX-REQ] requests the IPFIX protocol to be IPFIX. Furthermore, [IPFIX-REQ] requests the IPFIX protocol to be
flexible and extensible. The PSAMP WG should study the protocol flexible and extensible. The PSAMP Working Group should study the
selected as IPFIX protocol and discuss using it also as PSAMP protocol selected as IPFIX protocol and discuss using it also as
protocol. Of course, it should be investigated carefully, whether or PSAMP protocol. Of course, it should be investigated carefully,
not there are PSAMP requirements not met by the IPFIX protocol. whether or not there are PSAMP requirements not met by the IPFIX
protocol.
4.5. Configuration 5.4 Configuration
For the IPFIX working group, a configuration protocol or a MIB module For the IPFIX Working Group, a configuration protocol or a MIB
definition is out of scope. But for PSAMP, this is explicitly module definition is out of scope for now. But for PSAMP, this is
mentioned by the charter. It is not clear, whether in the future explicitly mentioned by the charter. It is not clear, whether in the
there will be a desire to standardize IPFIX configuration. There future there will be a desire to standardize IPFIX configuration, as
might be reason not to so, for example allowing implementors to have a second phase of the Working Group work. There might be reason not
differentiators for their products. However, if the IPFIX WG ever to so, for example allowing implementors to have differentiators for
considers standardizing consideration, it should make sure, that their products. However, if the IPFIX Working Group ever considers
IPFIX configuration will be consistent with PSAMP configuration. standardizing consideration, it should make sure, that IPFIX
This applies to the configuration of sampling and packet selection as configuration will be consistent with PSAMP configuration. This
applies to the configuration of sampling and packet selection as
well as to the selection of attributes to be exported, the well as to the selection of attributes to be exported, the
specification of data collectors to export information to, the export specification of data collectors to export information to, the
transmission rate, and the method of congestion handling (if export transmission rate, and the method of congestion handling (if
configurable). configurable).
5. Security Considerations 6. Security Considerations
If the PSAMP WG discusses to use the IPFIX protocol also for PSAMP, If the PSAMP Working Group discusses to use the IPFIX protocol also
it should study carefully, whether or not the PSAMP security for PSAMP, it should study carefully, whether or not the PSAMP
requirements are stricter than the IPFIX security requirements and security requirements are stricter than the IPFIX security
whether all PSAMP security requirements are covered by the IPFIX requirements and whether all PSAMP security requirements are covered
protocol. by the IPFIX protocol.
6. References 7. References
[IPFIX-REQ] Quittek, J., Zseby, T., Claise, B., Zander, S., Carle, G., [IPFIX-REQ]
Quittek, J., Zseby, T., Claise, B., Zander, S., Carle, G.,
Norseth, K.C., "Requirements for IP Flow Information Norseth, K.C., "Requirements for IP Flow Information
Export", work in progress, <draft-ietf-ipfix-reqs-06.txt>, Export", work in progress, <draft-ietf-ipfix-reqs-09.txt>,
September 2002. February 2003.
[IPFIX-ARCH] [IPFIX-ARCH]
Norseth, K.C., Sadasivan, G., "Architecture Model for IP Norseth, K.C., Sadasivan, G., "Architecture Model for IP
Flow Information Export", work in progress, <draft-ietf- Flow Information Export", work in progress, <draft-ietf-
ipfix-architecture-02.txt>, June 2002. ipfix-architecture-02.txt>, June 2002.
[IPFIX-INFO] [IPFIX-INFO]
Norseth, K.C., Sadasivan, G., "Data Model for IP Flow Norseth, K.C., Calato, P., "Data Model for IP Flow
Information Export", work in progress, <draft-ietf-ipfix- Information Export", work in progress, <draft-ietf-ipfix-
data-00.txt>, February 2002. data-00.txt>, February 2002.
[PSAMP-FRM] Duffield, N., "A Framework for Passive Packet Measurement", [PSAMP-FRM]
work in progress, <draft-ietf-psamp-framework-00.txt>, Duffield, N., Grossglauser, M., Rexford, J., Chiou, D.,
September 2002. Marimuthu, P., Sadasivan, G. "A Framework for Passive
Packet Measurement", work in progress,
<draft-ietf-psamp-framework-01.txt>, November 2002.
[PSAMP-PSS] Zseby, T., Molina, M., Raspall, F., "Sampling and Filtering [PSAMP-PSS]
Zseby, T., Molina, M., Raspall, F., "Sampling and Filtering
Techniques for IP Packet Selection", work in progress, Techniques for IP Packet Selection", work in progress,
<draft-ietf-psamp-sample-tech-00.txt>, October 2002. <draft-ietf-psamp-sample-tech-00.txt>, October 2002.
7. Author's Address 8. Acknowledgements
Juergen Quittek We would like to thank Tanja Zseby for her valuable technical
NEC Europe Ltd. feedback.
Network Laboratories
Adenauerplatz 6
69115 Heidelberg
Germany
Phone: +49 6221 90511-15 9. AuthorÆs Addresses
EMail: quittek@ccrle.nec.de
8. Full Copyright Statement Juergen Quittek
NEC Europe Ltd.
Network Laboratories
Adenauerplatz 6
69115 Heidelberg
Germany
Phone: +49 6221 90511-15
Email: quittek@ccrle.nec.de
Benoit Claise
Cisco Systems
De Kleetlaan 6a b1
1831 Diegem
Belgium
Phone: +32 2 704 5622
Email: bclaise@cisco.com
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain it toothers, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied, published it or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of any published and distributed, in whole or in part, without restriction
kind, provided that the above copyright notice and this paragraph are of any kind, provided that the above copyright notice and this
included on all such copies and derivative works. However, this paragraph are included on all such copies and derivative works.
document itself may not be modified in any way, such as by removing However, this document itself may not be modified in any way, such
the copyright notice or references to the Internet Society or other as by removing the copyright notice or references to the Internet
Internet organizations, except as needed for the purpose of Society or other Internet organizations, except as needed for the
developing Internet standards in which case the procedures for purpose of developing Internet standards in which case the
copyrights defined in the Internet Standards process must be procedures for copyrights defined in the Internet Standards process
followed, or as required to translate it into languages other than must be followed, or as required to translate it into languages
English. other than English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 86 change blocks. 
251 lines changed or deleted 337 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/