idnits 2.17.1 draft-ietf-ippm-delay-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-16) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Abstract section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 1998) is 9437 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '3' is defined on line 597, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 2330 (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' ** Obsolete normative reference: RFC 1305 (ref. '3') (Obsoleted by RFC 5905) -- Possible downref: Non-RFC (?) normative reference: ref. '4' Summary: 11 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Almes 3 Internet Draft S. Kalidindi 4 Expiration Date: December 1998 M. Zekauskas 5 Advanced Network & Services 6 June 1998 8 A One-way Delay Metric for IPPM 9 11 1. Status of this Memo 13 This document is an Internet-Draft. Internet-Drafts are working 14 documents of the Internet Engineering Task Force (IETF), its areas, 15 and its working groups. Note that other groups may also distribute 16 working documents as Internet Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six 19 months, and may be updated, replaced, or obsoleted by other documents 20 at any time. It is inappropriate to use Internet- Drafts as 21 reference material or to cite them other than as "work in progress." 23 To view the entire list of current Internet-Drafts, please check the 24 "1id-abstracts.txt" listing contained in the Internet-Drafts shadow 25 directories on ftp.is.co.za (Africa), nic.nordu.net (Northern 26 Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific 27 Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 29 This memo provides information for the Internet community. This memo 30 does not specify an Internet standard of any kind. Distribution of 31 this memo is unlimited. 33 2. Introduction 35 This memo defines a metric for one-way delay of packets across 36 Internet paths. It builds on notions introduced and discussed in the 37 IPPM Framework document, RFC 2223 [1]; the reader is assumed to be 38 familiar with that document. 40 This memo is intended to be parallel in structure to a companion 41 document for Packet Loss ("A Packet Loss Metric for IPPM" 42 ) [2]. 44 The structure of the memo is as follows: 46 + A 'singleton' analytic metric, called Type-P-One-way-Delay, will 47 be introduced to measure a single observation of one-way delay. 49 + Using this singleton metric, a 'sample', called Type-P-One-way- 50 Delay-Poisson-Stream, will be introduced to measure a sequence of 51 singleton delays measured at times taken from a Poisson process. 53 + Using this sample, several 'statistics' of the sample will be 54 defined and discussed. 56 This progression from singleton to sample to statistics, with clear 57 separation among them, is important. 59 Whenever a technical term from the IPPM Framework document is first 60 used in this memo, it will be tagged with a trailing asterisk. For 61 example, "term*" indicates that "term" is defined in the Framework. 63 2.1. Motivation: 65 One-way delay of a type-P packet from a source host* to a destination 66 host is useful for several reasons: 68 + Some applications do not perform well (or at all) if end-to-end 69 delay between hosts is large relative to some threshold value. 71 + Erratic variation in delay makes it difficult (or impossible) to 72 support many real-time applications. 74 + The larger the value of delay, the more difficult it is for 75 transport-layer protocols to sustain high bandwidths. 77 + The minimum value of this metric provides an indication of the 78 delay due only to propagation and transmission delay. 80 + The minimum value of this metric provides an indication of the 81 delay that will likely be experienced when the path* traversed is 82 lightly loaded. 84 + Values of this metric above the minimum provide an indication of 85 the congestion present in the path. 87 It is outside the scope of this document to say precisely how delay 88 metrics would be applied to specific problems. 90 2.2. General Issues Regarding Time 92 Whenever a time (i.e., a moment in history) is mentioned here, it is 93 understood to be measured in seconds (and fractions) relative to UTC. 95 As described more fully in the Framework document, there are four 96 distinct, but related notions of clock uncertainty: 98 synchronization* 100 measures the extent to which two clocks agree on what time it 101 is. For example, the clock on one host might be 5.4 msec ahead 102 of the clock on a second host. 104 accuracy* 106 measures the extent to which a given clock agrees with UTC. For 107 example, the clock on a host might be 27.1 msec behind UTC. 109 resolution* 111 measures the precision of a given clock. For example, the clock 112 on an old Unix host might tick only once every 10 msec, and thus 113 have a resolution of only 10 msec. 115 skew* 117 measures the change of accuracy, or of synchronization, with 118 time. For example, the clock on a given host might gain 1.3 119 msec per hour and thus be 27.1 msec behind UTC at one time and 120 only 25.8 msec an hour later. In this case, we say that the 121 clock of the given host has a skew of 1.3 msec per hour relative 122 to UTC, and this threatens accuracy. We might also speak of the 123 skew of one clock relative to another clock, and this threatens 124 synchronization. 126 3. A Singleton Definition for One-way Delay 128 3.1. Metric Name: 130 Type-P-One-way-Delay 132 3.2. Metric Parameters: 134 + Src, the IP address of a host 136 + Dst, the IP address of a host 138 + T, a time 140 3.3. Metric Units: 142 The value of a type-P-One-way-Delay is either a non-negative real 143 number or an undefined (informally, infinite) number of seconds. 145 3.4. Definition: 147 For a non-negative real number dT, >>the *Type-P-One-way-Delay* from 148 Src to Dst at T is dT<< means that Src sent the first bit of a type-P 149 packet to Dst at wire-time* T and that Dst received the last bit of 150 that packet at wire-time T+dT. 152 >>The *Type-P-One-way-Delay* from Src to Dst at T is undefined 153 (informally, infinite)<< means that Src sent the first bit of a type- 154 P packet to Dst at wire-time T and that Dst did not receive that 155 packet. 157 3.5. Discussion: 159 Type-P-One-way-Delay is a relatively simple analytic metric, and one 160 that we believe will afford effective methods of measurement. 162 The following issues are likely to come up in practice: 164 + Since delay values will often be as low as the 100 usec to 10 msec 165 range, it will be important for Src and Dst to synchronize very 166 closely. GPS systems afford one way to achieve synchronization to 167 within several 10s of usec. Ordinary application of NTP may allow 168 synchronization to within several msec, but this depends on the 169 stability and symmetry of delay properties among those NTP agents 170 used, and this delay is what we are trying to measure. A 171 combination of some GPS-based NTP servers and a conservatively 172 designed and deployed set of other NTP servers should yield good 173 results, but this is yet to be tested. 175 + A given methodology will have to include a way to determine 176 whether a delay value is infinite or whether it is merely very 177 large (and the packet is yet to arrive at Dst). As noted by 178 Mahdavi and Paxson [4], simple upper bounds (such as the 255 179 seconds theoretical upper bound on the lifetimes of IP 180 packets [5]) could be used, but good engineering, including an 181 understanding of packet lifetimes, will be needed in practice. 182 {Comment: Note that, for many applications of these metrics, the 183 harm in treating a large delay as infinite might be zero or very 184 small. A TCP data packet, for example, that arrives only after 185 several multiples of the RTT may as well have been lost.} 187 + The context in which the metric is measured must be carefully 188 considered, and should always be reported along with metric 189 results. 191 As noted in the Framework document [1], the value of the metric 192 may depend on the type of IP packets used to make the measurement, 193 or "type-P". The value of Type-P-One-way-Delay could change if 194 the protocol (UDP or TCP), port number, size, or arrangement for 195 special treatment (e.g., IP precedence or RSVP) changes. The 196 exact Type-P used to make the measurements must be accurately 197 reported. 199 In addition, the threshold (or methodology to distinguish) between 200 a large finite delay and loss should be reported. 202 Finally, the path traversed by the packet should be reported, if 203 possible. In general it is impractical to know the precise path a 204 given packet takes through the network. The precise path may be 205 known for certain Type-P on short or stable paths. If Type-P 206 includes the record route (or loose-source route) option in the IP 207 header, and the path is short enough, and all routers* on the path 208 support record (or loose-source) route, then the path will be 209 precisely recorded. This is impractical because the route must be 210 short enough, many routers do not support (or are not configured 211 for) record route, and use of this feature would often 212 artificially worsen the performance observed by removing the 213 packet from common-case processing. However, partial information 214 is still valuable context. For example, if a host can choose 215 between two links* (and hence two separate routes from src to 216 dst), then the initial link used is valuable context. {Comment: 217 For example, with Merit's NetNow setup, a Src on one NAP can reach 218 a Dst on another NAP by either of several different backbone 219 networks.} 221 The above list is not exhaustive; any additional information that 222 could be useful in interpreting applications of the metrics should 223 be reported. 225 + If the packet is duplicated along the path (or paths) so that 226 multiple non-corrupt copies arrive at the destination, then the 227 packet is counted as received, and the first copy to arrive 228 determines the packet's one-way delay. 230 + If the packet is fragmented and if, for whatever reason, 231 reassembly does not occur, then the packet will be deemed lost. 233 3.6. Methodologies: 235 As with other Type-P-* metrics, the detailed methodology will depend 236 on the Type-P (e.g., protocol number, UDP/TCP port number, size, 237 precedence). 239 Generally, for a given Type-P, the methodology would proceed as 240 follows: 242 + Arrange that Src and Dst are synchronized; that is, that they have 243 clocks that are very closely synchronized with each other and each 244 fairly close to the actual time. 246 + At the Src host, select Src and Dst IP addresses, and form a test 247 packet of Type-P with these addresses. Any 'padding' portion of 248 the packet needed only to make the test packet a given size should 249 be filled with randomized bits to avoid a situation in which the 250 measured delay is lower than it would otherwise be due to 251 compression techniques along the path. 253 + At the Dst host, arrange to receive the packet. 255 + At the Src host, place a timestamp in the prepared Type-P packet, 256 and send it towards Dst. 258 + If the packet arrives within a reasonable period of time, take a 259 timestamp as soon as possible upon the receipt of the packet. By 260 subtracting the two timestamps, an estimate of one-way delay can 261 be computed. Error analysis of a given implementation of the 262 method must take into account the closeness of synchronization 263 between Src and Dst. If the delay between Src's timestamp and the 264 actual sending of the packet is known, then the estimate could be 265 adjusted by subtracting this amount; uncertainty in this value 266 must be taken into account in error analysis. Similarly, if the 267 delay between the actual receipt of the packet and Dst's timestamp 268 is known, then the estimate could be adjusted by subtracting this 269 amount; uncertainty in this value must be taken into account in 270 error analysis. 272 + If the packet fails to arrive within a reasonable period of time, 273 the one-way delay is taken to be undefined (informally, infinite). 274 Note that the threshold of 'reasonable' here is a parameter of the 275 methodology. 277 Issues such as the packet format, the means by which Dst knows when 278 to expect the test packet, and the means by which Src and Dst are 279 synchronized are outside the scope of this document. {Comment: We 280 plan to document elsewhere our own work in describing such more 281 detailed implementation techniques and we encourage others to as 282 well.} 284 3.7. Errors and Uncertainties: 286 The description of any specific measurement method should include an 287 accounting and analysis of various sources of error/uncertainty. The 288 Framework document provides general guidence on this point, but we 289 note here the following specifics related to delay metrics: 291 + Errors/uncertainties due to uncertainties in the clocks of the Src 292 and Dst hosts. 294 + Errors/uncertainties due to the difference between 'wire time' and 295 'host time'. 297 Each of these are discussed in more detail below. 299 3.7.1. Errors/uncertainties related to Clocks 301 The uncertainty in a measurement of one-way delay is related, in 302 part, to uncertainties in the clocks of the Src and Dst hosts. In 303 the following, we refer to the clock used to measure when the packet 304 was sent from Src as the source clock, we refer to the clock used to 305 measure when the packet was received by Dst as the dest clock, we 306 refer to the observed time when the packet was sent by the source 307 clock as Tsource, and the observed time when the packet was received 308 by the dest clock as Tdest. Alluding to the notions of 309 synchronization, accuracy, resolution, and skew mentioned in the 310 Introduction, we note the following: 312 + Any error in the synchronization between the source clock and the 313 dest clock will contribute to error in the delay measurement. We 314 say that the source clock and the dest clock have a 315 synchronization error of Tsynch if the source clock is Tsynch 316 ahead of the dest clock. Thus, if we know the value of Tsynch 317 exactly, we could correct for clock synchronization by adding 318 Tsynch to the uncorrected value of Tdest-Tsource. 320 + The accuracy of a clock is important only in identifying the time 321 at which a given delay was measured. Accuracy, per se, has no 322 importance to the accuracy of the measurement of delay. This is 323 because, when computing delays, we are interested only in the 324 differences between clock values. 326 + The resolution of a clock adds to uncertainty about any time 327 measured with it. Thus, if the source clock has a resolution of 328 10 msec, then this adds 10 msec of uncertainty to any time value 329 measured with it. We will denote the resolution of the source 330 clock and the dest clock as Rsource and Rdest, respectively. 332 + The skew of a clock is not so much an additional issue as it is a 333 realization of the fact that Tsynch is itself a function of time. 334 Thus, if we attempt to measure or to bound Tsynch, this needs to 335 be done periodically. Over some periods of time, this function 336 can be approximated as a linear function plus some higher order 337 terms; in these cases, one option is to use knowledge of the 338 linear component to correct the clock. Using this correction, the 339 residual Tsynch is made smaller, but remains a source of 340 uncertainty that must be accounted for. We use the function 341 Esynch(t) to denote an upper bound on the uncertainty in 342 synchronization. Thus, |Tsynch(t)| <= Esynch(t). 344 Taking these items together, we note that naive computation Tdest- 345 Tsource will be off by Tsynch(t) +/- (|Rsource|+|Rdest|). Using the 346 notion of Esynch(t), we note that these clock-related problems 347 introduce a total uncertainty of Esynch(t)+|Rsource|+|Rdest|. This 348 estimate of total clock-related uncertainty should be included in the 349 error/uncertainty analysis of any measurement implementation. 351 3.7.2. Errors/uncertainties related to Wire-time vs Host-time 353 As we've defined one-way delay, we'd like to measure the time between 354 when the test packet leaves the network interface of Src and when it 355 (completely) arrives at the network interface of Dst, and we refer to 356 this as 'wire time'. If the timings are themselves performed by 357 software on Src and Dst, however, then this software can only 358 directly measure the time between when Src grabs a timestamp just 359 prior to sending the test packet and when Dst grabs a timestamp just 360 after having received the test packet, and we refer to this as 'host 361 time'. 363 To the extent that the difference between wire time and host time is 364 accurately known, this knowledge can be used to correct for host time 365 measurements and the corrected value more accurately estimates the 366 desired (wire time) metric. 368 To the extent, however, that the difference between wire time and 369 host time is uncertain, this uncertainty must be accounted for in an 370 analysis of a given measurement method. We denote by Hsource an 371 upper bound on the uncertainty in the difference between wire time 372 and host time on the Src host, and similarly define Hdest for the Dst 373 host. We then note that these problems introduce a total uncertainty 374 of Hsource+Hdest. This estimate of total wire-vs-host uncertainty 375 should be included in the error/uncertainty analysis of any 376 measurement implementation. 378 4. A Definition for Samples of One-way Delay 380 Given the singleton metric Type-P-One-way-Delay, we now define one 381 particular sample of such singletons. The idea of the sample is to 382 select a particular binding of the parameters Src, Dst, and Type-P, 383 then define a sample of values of parameter T. The means for 384 defining the values of T is to select a beginning time T0, a final 385 time Tf, and an average rate lambda, then define a pseudo-random 386 Poisson arrival process of rate lambda, whose values fall between T0 387 and Tf. The time interval between successive values of T will then 388 average 1/lambda. 390 4.1. Metric Name: 392 Type-P-One-way-Delay-Poisson-Stream 394 4.2. Metric Parameters: 396 + Src, the IP address of a host 398 + Dst, the IP address of a host 400 + T0, a time 402 + Tf, a time 404 + lambda, a rate in reciprocal seconds 406 4.3. Metric Units: 408 A sequence of pairs; the elements of each pair are: 410 + T, a time, and 412 + dT, either a non-negative real number or an undefined number of 413 seconds. 415 The values of T in the sequence are monotonic increasing. Note that 416 T would be a valid parameter to Type-P-One-way-Delay, and that dT 417 would be a valid value of Type-P-One-way-Delay. 419 4.4. Definition: 421 Given T0, Tf, and lambda, we compute a pseudo-random Poisson process 422 beginning at or before T0, with average arrival rate lambda, and 423 ending at or after Tf. Those time values greater than or equal to T0 424 and less than or equal to Tf are then selected. At each of the times 425 in this process, we obtain the value of Type-P-One-way-Delay at this 426 time. The value of the sample is the sequence made up of the 427 resulting pairs. If there are no such pairs, the 428 sequence is of length zero and the sample is said to be empty. 430 4.5. Discussion: 432 Note first that, since a pseudo-random number sequence is employed, 433 the sequence of times, and hence the value of the sample, is not 434 fully specified. Pseudo-random number generators of good quality 435 will be needed to achieve the desired qualities. 437 The sample is defined in terms of a Poisson process both to avoid the 438 effects of self-synchronization and also capture a sample that is 439 statistically as unbiased as possible. {Comment: there is, of 440 course, no claim that real Internet traffic arrives according to a 441 Poisson arrival process.} 443 All the singleton Type-P-One-way-Delay metrics in the sequence will 444 have the same values of Src, Dst, and Type-P. 446 Note also that, given one sample that runs from T0 to Tf, and given 447 new time values T0' and Tf' such that T0 <= T0' <= Tf' <= Tf, the 448 subsequence of the given sample whose time values fall between T0' 449 and Tf' are also a valid Type-P-One-way-Delay-Poisson-Stream sample. 451 4.6. Methodologies: 453 The methodologies follow directly from: 455 + the selection of specific times, using the specified Poisson 456 arrival process, and 458 + the methodologies discussion already given for the singleton Type- 459 P-One-way-Delay metric. 461 Care must, of course, be given to correctly handle out-of-order 462 arrival of test packets; it is possible that the Src could send one 463 test packet at TS[i], then send a second one (later) at TS[i+1], 464 while the Dst could receive the second test packet at TR[i+1], and 465 then receive the first one (later) at TR[i]. 467 4.7. Errors and Uncertainties: 469 In addition to sources of errors and uncertainties associated with 470 methods employed to measure the singleton values that make up the 471 sample, care must be given to analyze the accuracy of the Poisson 472 arrival process of the wire-time of the sending of the test packets. 473 Problems with this process could be caused by either of several 474 things, including problems with the pseudo-random number techniques 475 used to generate the Poisson arrival process, or with jitter in the 476 value of Hsource (mentioned above as uncertainty in the singleton 477 delay metric). The Framework document shows how to use an Anderson- 478 Darling test for this. 480 5. Some Statistics Definitions for One-way Delay 482 Given the sample metric Type-P-One-way-Delay-Poisson-Stream, we now 483 offer several statistics of that sample. These statistics are 484 offered mostly to be illustrative of what could be done. 486 5.1. Type-P-One-way-Delay-Percentile 488 Given a Type-P-One-way-Delay-Poisson-Stream and a percent X between 489 0% and 100%, the Xth percentile of all the dT values in the Stream. 490 In computing this percentile, undefined values are treated as 491 infinitely large. Note that this means that the percentile could 492 thus be undefined (informally, infinite). In addition, the Type-P- 493 One-way-Delay-Percentile is undefined if the sample is empty. 495 Example: suppose we take a sample and the results are: 496 Stream1 = < 497 498 499 500 501 502 > 503 Then the 50th percentile would be 110 msec, since 90 msec and 100 504 msec are smaller and 110 msec and 'undefined' are larger. 506 5.2. Type-P-One-way-Delay-Median 508 Given a Type-P-One-way-Delay-Poisson-Stream, the median of all the dT 509 values in the Stream. In computing the median, undefined values are 510 treated as infinitely large. 512 As noted in the Framework document, the median differs from the 50th 513 percentile only when the sample contains an even number of values, in 514 which case the mean of the two central values is used. 516 Example: suppose we take a sample and the results are: 517 Stream2 = < 518 519 520 521 522 > 523 Then the median would be 105 msec, the mean of 100 msec and 110 msec, 524 the two central values. 526 5.3. Type-P-One-way-Delay-Minumum 528 Given a Type-P-One-way-Delay-Poisson-Stream, the minimum of all the 529 dT values in the Stream. In computing this, undefined values are 530 treated as infinitely large. Note that this means that the minimum 531 could thus be undefined (informally, infinite) if all the dT values 532 are undefined. In addition, the Type-P-One-way-Delay-Minimum is 533 undefined if the sample is empty. 535 In the above example, the minimum would be 90 msec. 537 5.4. Type-P-One-way-Delay-Inverse-Percentile 539 Given a Type-P-One-way-Delay-Poisson-Stream and a non-negative time 540 duration threshold, the fraction of all the dT values in the Stream 541 less than or equal to the threshold. The result could be as low as 542 0% (if all the dT values exceed threshold) or as high as 100%. 544 In the above example, the Inverse-Percentile of 103 msec would be 545 50%. 547 6. Security Considerations 549 Conducting Internet measurements raises both security and privacy 550 concerns. This memo does not specify an implementation of the 551 metrics, so it does not directly affect the security of the Internet 552 nor of applications which run on the Internet. However, 553 implementations of these metrics must be mindful of security and 554 privacy concerns. 556 There are two types of security concerns: potential harm caused by 557 the measurements, and potential harm to the measurements. The 558 measurements could cause harm because they are active, and inject 559 packets into the network. The measurement parameters must be 560 carefully selected so that the measurements inject trivial amounts of 561 additional traffic into the networks they measure. If they inject 562 "too much" traffic, they can skew the results of the measurement, and 563 in extreme cases cause congestion and denial of service. 565 The measurements themselves could be harmed by routers giving 566 measurement traffic a different priority than "normal" traffic, or by 567 an attacker injecting artificial measurement traffic. If routers can 568 recognize measurement traffic and treat it separately, the 569 measurements will not reflect actual user traffic. If an attacker 570 injects artificial traffic that is accepted as legitimate, the loss 571 rate will be artificially lowered. Therefore, the measurement 572 methodologies should include appropriate techniques to reduce the 573 probability measurement traffic can be distinguished from "normal" 574 traffic. Authentication techniques, such as digital signatures, may 575 be used where appropriate to guard against injected traffic attacks. 577 The privacy concerns of network measurement are limited by the active 578 measurements described in this memo. Unlike passive measurements, 579 there can be no release of existing user data. 581 7. Acknowledgements 583 Special thanks are due to Vern Paxson of Lawrence Berkeley Labs for 584 his helpful comments on issues of clock uncertainty and statistics. 585 Thanks also to Sean Shapira and to Roland Wittig for several useful 586 suggestions. 588 8. References 590 [1] V. Paxson, G. Almes, J. Mahdavi, and M. Mathis, "Framework for 591 IP Performance Metrics", RFC 2330, May 1998. 593 [2] G. Almes, S. Kalidindi, and M. Zekauskas, "A One-way Delay 594 Metric for IPPM", Internet-Draft , 595 June 1998. 597 [3] D. Mills, "Network Time Protocol (v3)", RFC 1305, April 1992. 599 [4] J. Mahdavi and V. Paxson, "Connectivity", Work in Progress, 600 November 1997. 602 [5] J. Postel, "Internet Protocol", RFC 791, September 1981. 604 9. Authors' Addresses 606 Guy Almes 607 Advanced Network & Services, Inc. 608 200 Business Park Drive 609 Armonk, NY 10504 610 USA 612 Phone: +1 914 765 1120 613 EMail: almes@advanced.org 615 Sunil Kalidindi 616 Advanced Network & Services, Inc. 617 200 Business Park Drive 618 Armonk, NY 10504 619 USA 621 Phone: +1 914 765 1128 622 EMail: kalidindi@advanced.org 623 Matthew J. Zekauskas 624 Advanced Network & Services, Inc. 625 200 Buisiness Park Drive 626 Armonk, NY 10504 627 USA 629 Phone: +1 914 765 1112 630 EMail: matt@advanced.org 632 Expiration date: December, 1998