idnits 2.17.1 draft-ietf-psamp-info-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 21. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1616. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1593. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1600. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1606. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 294: '...rmation Elements MUST be constructed f...' RFC 2119 keyword, line 795: '... MUST target no more than the packet...' RFC 2119 keyword, line 992: '...xpected that PSAMP collectors MAY take...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 6, 2006) is 6620 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I-D.ietf-psamp-info' is mentioned on line 209, but not defined == Unused Reference: 'RFC3917' is defined on line 873, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-ipfix-architecture' is defined on line 877, but no explicit reference was found in the text == Unused Reference: 'RFC3444' is defined on line 903, but no explicit reference was found in the text == Unused Reference: 'RFC3470' is defined on line 910, but no explicit reference was found in the text == Outdated reference: A later version (-11) exists of draft-ietf-psamp-sample-tech-07 == Outdated reference: A later version (-09) exists of draft-ietf-psamp-protocol-03 == Outdated reference: A later version (-06) exists of draft-ietf-psamp-mib-05 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-psamp-mib' == Outdated reference: A later version (-15) exists of draft-ietf-ipfix-info-11 == Outdated reference: A later version (-12) exists of draft-ietf-ipfix-architecture-09 == Outdated reference: A later version (-13) exists of draft-ietf-psamp-framework-10 -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 13 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Dietz 3 Internet-Draft NEC Europe Ltd. 4 Expires: September 7, 2006 F. Dressler 5 University of Erlangen-Nuremberg 6 G. Carle 7 University of Tuebingen 8 B. Claise 9 P. Aitken 10 Cisco Systems 11 March 6, 2006 13 Information Model for Packet Sampling Exports 14 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that any 19 applicable patent or other IPR claims of which he or she is aware 20 have been or will be disclosed, and any of which he or she becomes 21 aware will be disclosed, in accordance with Section 6 of BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on September 7, 2006. 41 Copyright Notice 43 Copyright (C) The Internet Society (2006). 45 Abstract 47 This memo defines an information model for the Packet Sampling 48 (PSAMP) protocol. It is used by the PSAMP protocol for encoding 49 sampled packet data and information related to the sampling process. 50 As the PSAMP protocol is based on the IPFIX protocol, this 51 information model is an extension to the IPFIX information model. 53 Table of Contents 55 1. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 4 56 1.1 IPFIX . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 1.2 PSAMP . . . . . . . . . . . . . . . . . . . . . . . . . . 4 59 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 61 3. PSAMP Documents Overview . . . . . . . . . . . . . . . . . . 5 63 4. Relationship between PSAMP and IPFIX . . . . . . . . . . . . 5 65 5. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 6 67 6. Properties of a PSAMP Information Element . . . . . . . . . 7 69 7. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . 7 71 8. Overloading Information Elements . . . . . . . . . . . . . . 7 73 9. The PSAMP Information Elements . . . . . . . . . . . . . . . 8 74 9.1 PSAMP Usage of IPFIX Attributes . . . . . . . . . . . . . 8 75 9.2 Additional PSAMP Information Elements . . . . . . . . . . 9 76 9.2.1 observationPointId . . . . . . . . . . . . . . . . . . 9 77 9.2.2 selectionSequenceId . . . . . . . . . . . . . . . . . 9 78 9.2.3 selectorId . . . . . . . . . . . . . . . . . . . . . . 9 79 9.2.4 informationElementId . . . . . . . . . . . . . . . . . 9 80 9.2.5 selectorAlgorithm . . . . . . . . . . . . . . . . . . 10 81 9.2.6 samplingPacketInterval . . . . . . . . . . . . . . . . 10 82 9.2.7 samplingPacketSpace . . . . . . . . . . . . . . . . . 11 83 9.2.8 samplingTimeInterval . . . . . . . . . . . . . . . . . 11 84 9.2.9 samplingTimeSpace . . . . . . . . . . . . . . . . . . 11 85 9.2.10 samplingSize . . . . . . . . . . . . . . . . . . . . 12 86 9.2.11 samplingPopulation . . . . . . . . . . . . . . . . . 12 87 9.2.12 samplingProbability . . . . . . . . . . . . . . . . 12 88 9.2.13 [unused] . . . . . . . . . . . . . . . . . . . . . . 13 89 9.2.14 ipHeaderPacketSection . . . . . . . . . . . . . . . 13 90 9.2.15 ipPayloadPacketSection . . . . . . . . . . . . . . . 13 91 9.2.16 dataLinkFrameSection . . . . . . . . . . . . . . . . 13 92 9.2.17 mplsLabelStackSection . . . . . . . . . . . . . . . 14 93 9.2.18 mplsPayloadPacketSection . . . . . . . . . . . . . . 14 94 9.2.19 packetsObserved . . . . . . . . . . . . . . . . . . 15 95 9.2.20 packetsSelected . . . . . . . . . . . . . . . . . . 15 96 9.2.21 fixedError . . . . . . . . . . . . . . . . . . . . . 15 97 9.2.22 relativeError . . . . . . . . . . . . . . . . . . . 15 98 9.2.23 observationTimeSeconds . . . . . . . . . . . . . . . 16 99 9.2.24 observationTimeMilliSeconds . . . . . . . . . . . . 16 100 9.2.25 observationTimeMicroSeconds . . . . . . . . . . . . 16 101 9.2.26 observationTimeNanoSeconds . . . . . . . . . . . . . 16 102 9.2.27 digestHashValue . . . . . . . . . . . . . . . . . . 16 103 9.2.28 hashIPPayloadOffset . . . . . . . . . . . . . . . . 17 104 9.2.29 hashIPPayloadSize . . . . . . . . . . . . . . . . . 17 105 9.2.30 hashInitialiserValue . . . . . . . . . . . . . . . . 17 106 9.2.31 hashOutputRangeMin . . . . . . . . . . . . . . . . . 17 107 9.2.32 hashOutputRangeMax . . . . . . . . . . . . . . . . . 17 108 9.2.33 hashSelectedRangeMin . . . . . . . . . . . . . . . . 17 109 9.2.34 hashSelectedRangeMax . . . . . . . . . . . . . . . . 18 110 9.2.35 hashDigestOutput . . . . . . . . . . . . . . . . . . 18 112 10. Security Considerations . . . . . . . . . . . . . . . . . . 18 114 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 18 116 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 117 12.1 Normative References . . . . . . . . . . . . . . . . . . 19 118 12.2 Informative References . . . . . . . . . . . . . . . . . 20 120 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 21 122 A. Formal Specification of PSAMP Information Elements . . . . . 22 124 Intellectual Property and Copyright Statements . . . . . . . 36 126 1. Open Issues 128 This section covers some open issues which have to be solved in a 129 future version of this draft. 131 1.1 IPFIX 133 o The export of sampled data may not need all information elements 134 defined by the IPFIX information model. Thus a section within 135 this document should give an overview of flow Information Elements 136 defined in the IPFIX information model and their usage in the 137 PSAMP environment. PROPOSAL: This is already covered by section 138 6.2 and 6.3 of draft-ietf-psamp-framework-10.txt Double check 139 whether it's covered by [I-D.ietf-psamp-sample-tech]. 140 o Insert or cross reference the following sections from IPFIX-INFO: 141 * 2. Properties of IPFIX Protocol Information Elements 142 * 2.1 Information Elements Specification Template 143 * 2.2 Scope of Information Elements 144 * 2.3 Naming Conventions for Information Elements 145 * 3. Type Space 146 * 4. Information Element Identifiers 147 o Verify consistency with definitions in 148 * draft-ietf-psamp-sample-tech-07.txt 149 * draft-ietf-psamp-framework-10.txt 151 1.2 PSAMP 153 o Should the ipHeaderPacketSection and mplsLabelStackSection also 154 report payload contents if the specified section length is longer 155 than the header or stack size, respectively? 157 2. Introduction 159 Packet sampling techniques are required for various measurement 160 scenarios. The packet sampling (PSAMP) protocol provides mechanisms 161 for the packet selection using different filtering and sampling 162 techniques. A standard way for the export and storage of such 163 sampled packet data is required. The definition of the PSAMP 164 information and data model is based on the IP Flow Information eXport 165 (IPFIX) protocol [I-D.ietf-ipfix-protocol]. The PSAMP protocol 166 document [I-D.ietf-psamp-protocol] describes how to use the IPFIX 167 protocol in the PSAMP context. 169 This document examines the IPFIX information model [I-D.ietf-ipfix- 170 info] and extends it to meet the PSAMP requirements. Therefore, the 171 structure of this document is strongly based on the IPFIX document. 172 It complements the PSAMP protocol specification by providing an 173 appropriate PSAMP information model. The main part of this document, 174 section 9, defines the list of Information Elements to be transmitted 175 by the PSAMP protocol. Sections 7 and 6 describe the data types and 176 Information Element properties used within this document and their 177 relationship to the IPFIX information model. 179 The main body of section 9 was generated from a XML document. The 180 XML-based specification of the PSAMP Information Elements can be used 181 for automatically checking syntactical correctness of the 182 specification. Furthermore it can be used - in combination with the 183 IPFIX information model - for an automated code generation. The 184 resulting code can be used in PSAMP protocol implementations to deal 185 with processing PSAMP information elements. 187 For that reason, the XML document that served as source for section 9 188 is attached to this document in Appendix A. 190 Note that although partially generated from the attached XML 191 documents, the main body of this document is normative while the 192 appendices are informational. 194 3. PSAMP Documents Overview 196 [I-D.ietf-psamp-framework]: "A Framework for Packet Selection and 197 Reporting", describes the PSAMP framework for network elements to 198 select subsets of packets by statistical and other methods, and to 199 export a stream of reports on the selected packets to a collector. 201 [I-D.ietf-psamp-sample-tech]: "Sampling and Filtering Techniques for 202 IP Packet Selection", describes the set of packet selection 203 techniques supported by PSAMP. 205 [I-D.ietf-psamp-protocol]: "Packet Sampling (PSAMP) Protocol 206 Specifications" specifies the export of packet information from a 207 PSAMP Exporting Process to a PSAMP Collecting Process. 209 [I-D.ietf-psamp-info]: "Information Model for Packet Sampling 210 Exports" (this document), defines an information and data model for 211 PSAMP. 213 [I-D.ietf-psamp-mib]: "Definitions of Managed Objects for Packet 214 Sampling" describes the PSAMP Management Information Base 216 4. Relationship between PSAMP and IPFIX 218 As described in the PSAMP protocol draft [I-D.ietf-psamp-protocol] a 219 PSAMP data record can be seen as a very special IPFIX flow record. 220 It represents an IPFIX flow containing only a single packet. 221 Therefore, the IPFIX information model can be used as a basis for 222 PSAMP reports. 224 Nevertheless, there are properties required in PSAMP reports which 225 cannot be modelled using the current IPFIX information model. This 226 document describes extensions to the IPFIX model which allow the 227 modelling of information and data required by PSAMP. 229 Some of these extensions allow the export of what may be considered 230 sensitive information. Refer to the Security Considerations section 231 for a fuller discussion. 233 5. Terminology 235 As the IPFIX export protocol is used to export the PSAMP information, 236 the relevant IPFIX terminology from [I-D.ietf-ipfix-protocol] is 237 copied over in this document. 239 IETF: The Internet Engineering Task Force 240 http://www.ietf.org 242 IPFIX: The IETF IP Flow Information eXport working group 243 http://www.ietf.org/html.charters/ipfix-charter.html 245 PSAMP: The IETF Packet SAMPling working group 246 http://www.ietf.org/html.charters/psamp-charter.html 248 IANA: Internet Assigned Numbers Authority 249 http://www.iana.org 251 RFC: Requests for Comments 252 http://www.rfc-editor.org 254 ISO: International Organisation for Stadardisation 255 http://www.iso.org 257 IEC: International Electrotechnical Commission 258 http://www.iec.ch 260 Information Element 261 An Information Element is a protocol and encoding independent 262 description of an attribute which may appear in an IPFIX Record. 264 Collecting Process 265 A Collecting Process receives Flow Records from one or more 266 Exporting Processes. 268 Observation Point 269 An Observation Point is a location in the network where IP packets 270 can be observed. 272 Selector 273 Observation Domain 274 An Observation Domain is the largest set of Observation Points for 275 which Flow information can be aggregated by a Metering Process. 277 A Selector defines the action of a Selection Process on a single 278 packet of its input. 280 Primitive Selector 281 A Selector is primitive if it is not a Composite Selector. 283 EDITORS NOTE: This section to be completed. 285 6. Properties of a PSAMP Information Element 287 The PSAMP Information Elements are in accordance with the definitions 288 of IPFIX. Therefore we do not repeat the properties in this draft. 289 Nevertheless, we strongly recommend to define the optional "unit" 290 element for every information element (if applicable). 292 7. Type Space 294 The PSAMP Information Elements MUST be constructed from the basic 295 data types described in the IPFIX Information Model [I-D.ietf-ipfix- 296 info]. To avoid duplicated work and to keep consistency between 297 IPFIX and PSAMP the data types are not repeated in this document. 299 8. Overloading Information Elements 301 Information Elements won't be overloaded with multiple meanings or 302 re-used for multiple purposes. Different Information Elements will 303 be allocated for each requirement. 305 In particular, special information will be encoded in new Information 306 Elements as necessary, and not be encoded in the selection method. 308 Although the prescence of certain other Information Elements allows 309 the selection method to be inferred, a separate Information Element 310 is provided for the selectorAlgorithm, e.g. for including in scope 311 info and depicting the contents of composites. 313 9. The PSAMP Information Elements 315 This section describes the Information Elements used by the PSAMP 316 exporting functions. Basically, the Information Elements described 317 by the IPFIX information model [I-D.ietf-ipfix-info] are used by the 318 PSAMP export functions where applicable. To avoid inconsistencies 319 between the IPFIX and the PSAMP information and data models, only 320 those Information Elements are defined here that are not already 321 described by the IPFIX information model. 323 9.1 PSAMP Usage of IPFIX Attributes 325 Some Information Elements defined by the IPFIX information model are 326 not needed by the PSAMP protocol. 328 This section lists additional Information Elements that are needed in 329 the PSAMP context and introduces their usage. 331 List of additional PSAMP Information Elements: 333 o 300 - observationPointId 334 o 301 - selectionSequenceId 335 o 302 - selectorId 336 o 303 - informationElementId 337 o 304 - selectorAlgorithm 338 o 305 - samplingPacketInterval 339 o 306 - samplingPacketSpace 340 o 307 - samplingTimeInterval 341 o 308 - samplingTimeSpace 342 o 309 - samplingSize 343 o 310 - samplingPopulation 344 o 311 - samplingProbability 345 o 312 - [unused] 346 o 313 - ipHeaderPacketSection 347 o 314 - ipPayloadPacketSection 348 o 315 - dataLinkFrameSection 349 o 316 - mplsLabelStackSection 350 o 317 - mplsPayloadPacketSection 351 o 318 - packetsObserved 352 o 319 - packetsSelected 353 o 320 - fixedError 354 o 321 - relativeError 355 o 322 - timeSeconds 356 o 323 - timeMilliSeconds 357 o 324 - timeMicroSeconds 358 o 325 - timeNanoSeconds 359 o 326 - digestHashValue 360 o 327 - hashIPPayloadOffset 361 o 328 - hashIPPayloadSize 362 o 329 - hashInitialiserValue 363 o 330 - hashOutputRangeMin 364 o 331 - hashOutputRangeMax 365 o 332 - hashSelectedRangeMin 366 o 333 - hashSelectedRangeMax 367 o 334 - hashDigestOutput 369 9.2 Additional PSAMP Information Elements 371 9.2.1 observationPointId 373 Description: 374 ID of the observation process. Unique in the observation domain. 375 Abstract Data Type: unsigned64 376 ElementId: 300 377 Status: current 379 9.2.2 selectionSequenceId 381 Description: 382 From all the packets observed at an Observation Point, a subset of 383 packets is selected by a sequence of one or more Selectors. The 384 selectionSequenceId is a unique value per Observation Domain, 385 describing the Observation Point and the sequence of Selectors 386 through which the packets are selected. 387 Abstract Data Type: unsigned64 388 ElementId: 301 389 Status: current 391 9.2.3 selectorId 393 Description: 394 The Selector ID is the unique ID identifying a Primitive Selector. 395 Each Primitive Selector must have a unique ID in the observation 396 domain. 397 Abstract Data Type: unsigned16 398 Data Type Semantics: identifier 399 ElementId: 302 400 Status: current 402 9.2.4 informationElementId 403 Description: 404 Contains the ID of another Information Element. 405 Abstract Data Type: unsigned16 406 Data Type Semantics: identifier 407 ElementId: 303 408 Status: current 410 9.2.5 selectorAlgorithm 412 Description: 413 Specifies the selector algorithm (e.g., filter, sampler, hash) 414 that was used on a packet. It is exported in the options data 415 flow record to specify how a collector has to interpret a data 416 flow record. 418 The following selector algorithms are currently defined: 420 * 1 Systematic count-based sampling 421 * 2 Systematic time-based sampling 422 * 3 Random n-out-of-N sampling 423 * 4 Uniform probabilistic sampling 424 * 5 Property match filtering 425 * 6 Hash based filtering using BOB 426 * 7 Hash based filtering using IPSX 427 * 8 Hash based filtering using CRC 429 EDITOR'S NOTE: This list may be extended in the final version. 431 The parameters for most of these algorithms are defined in this 432 information model. Some parameters for these algorithms are not 433 covered by this information model since they very much depend on 434 the underlying hardware. 436 In future, this list will be maintained by IANA. IANA can update 437 this information element as long as there's a new RFC specifying 438 the algorithm and any new Information Elements which are required. 439 Abstract Data Type: unsigned16 440 Data Type Semantics: identifier 441 ElementId: 304 442 Status: current 444 9.2.6 samplingPacketInterval 446 Description: 448 Number of packets that are consecutively sampled. For example a 449 value of 100 means that 100 contiguous packets are sampled. 451 This information element is used to describe the configuration of 452 a systematic count-based sampling selector. 453 Abstract Data Type: unsigned32 454 ElementId: 305 455 Status: current 456 Units: packets 458 9.2.7 samplingPacketSpace 460 Description: 461 The number of packets between two "samplingPacketInterval"s. A 462 value of 100 means that the next interval starts after 100 packets 463 (which are not sampled) when the current "samplingPacketInterval" 464 is over. 466 This information element is used to describe the configuration of 467 a systematic count-based sampling selector. 468 Abstract Data Type: unsigned32 469 ElementId: 306 470 Status: current 471 Units: packets 473 9.2.8 samplingTimeInterval 475 Description: 476 Time interval in microseconds in which all arriving packets are 477 sampled. 479 This information element is used to describe the configuration of 480 a systematic time-based sampling selector. 481 Abstract Data Type: dateTimeMicroSeconds 482 ElementId: 307 483 Status: current 484 Units: microseconds 486 9.2.9 samplingTimeSpace 488 Description: 489 The time interval in microseconds between two 490 "samplingTimeInterval"s. A value of 100 means that the next 491 interval starts after 100 microseconds (in which no packets are 492 sampled) when the current "samplingTimeInterval" is over. 494 This information element is used to describe the configuration of 495 a systematic time-based sampling selector. 496 Abstract Data Type: dateTimeMicroSeconds 497 ElementId: 308 498 Status: current 499 Units: microseconds 501 9.2.10 samplingSize 503 Description: 504 The number of elements taken from the parent population for random 505 sampling algorithms. 507 This information element is used to describe the configuration of 508 a random n-out-of-N sampling selector. 509 Abstract Data Type: unsigned32 510 ElementId: 309 511 Status: current 512 Units: packets 514 9.2.11 samplingPopulation 516 Description: 517 The number of elements in the parent population for random 518 sampling algorithms. 520 This information element is used to describe the configuration of 521 a random n-out-of-N sampling selector. 522 Abstract Data Type: unsigned32 523 ElementId: 310 524 Status: current 525 Units: packets 527 9.2.12 samplingProbability 529 Description: 530 The probability that a packet is sampled, expressed as a value 531 between 0 and 1. The probability is equal for every packet. A 532 value of 0 means no packet was sampled since the probability is 0. 534 This information element is used to describe the configuration of 535 a uniform probabilistic sampling selector. 536 Abstract Data Type: float64 537 ElementId: 311 538 Status: current 540 9.2.13 [unused] 542 Description: 543 This ID is not currently in use. 544 Abstract Data Type: 545 ElementId: 312 546 Status: unused 548 9.2.14 ipHeaderPacketSection 550 Description: 551 This information element carries a series of octets from the start 552 of the IP header of a sampled packet. 554 The size of the exported section may be constrained due to 555 limitations in the IPFIX protocol. 556 Abstract Data Type: variable length octetArray 557 ElementId: 313 558 Status: current 560 9.2.15 ipPayloadPacketSection 562 Description: 563 This information element carries a series of octets from the start 564 of the IP payload of a sampled packet. 566 The IPv4 payload is that part of the packet which follows the IPv4 567 header and any options, which [RFC0791] refers to as "data" or 568 "data octets". e.g., see the examples in [RFC0791] APPENDIX A. 570 The size of the exported section may be constrained due to 571 limitations in the IPFIX protocol. 573 If insufficient octets are available for the length specified in 574 the template, the packet section must be sent with a new template 575 using either a fixed length Information Element of the necessary 576 size or a variable length Information Element. It's not 577 permissible to pad a short packet section to a longer length. 578 Abstract Data Type: variable length octetArray 579 ElementId: 314 580 Status: current 582 9.2.16 dataLinkFrameSection 583 Description: 584 This information element carries the first n octets from the data 585 link frame of a sampled packet. 587 The data link layer is defined in [ISO/IEC.7498-1:1994]. 589 The size of the exported section may be constrained due to 590 limitations in the IPFIX protocol. 592 If insufficient octets are available for the length specified in 593 the template, the packet section must be sent with a new template 594 using either a fixed length Information Element of the necessary 595 size or a variable length Information Element. It's not 596 permissible to pad a short packet section to a longer length. 597 Abstract Data Type: variable length octetArray 598 ElementId: 315 599 Status: current 601 9.2.17 mplsLabelStackSection 603 Description: 604 This information element carries the first n octets from the MPLS 605 label stack of a sampled packet. 607 See [RFC3031] for the specification of MPLS packets. 608 See [RFC3032] for the specification of the MPLS label stack. 610 The size of the exported section may be constrained due to 611 limitations in the IPFIX protocol. 612 Abstract Data Type: variable length octetArray 613 ElementId: 316 614 Status: current 616 9.2.18 mplsPayloadPacketSection 618 Description: 619 This information element carries the first n octets from the MPLS 620 payload of a sampled packet, being data that follows immediately 621 after the MPLS label stack. 623 See [RFC3031] for the specification of MPLS packets. 624 See [RFC3032] for the specification of the MPLS label stack. 626 The size of the exported section may be constrained due to 627 limitations in the IPFIX protocol. 629 If insufficient octets are available for the length specified in 630 the template, the packet section must be sent with a new template 631 using either a fixed length Information Element of the necessary 632 size or a variable length Information Element. It's not 633 permissible to pad a short packet section to a longer length. 634 Abstract Data Type: variable length octetArray 635 ElementId: 317 636 Status: current 638 9.2.19 packetsObserved 640 Description: 641 Number of packets observed by a selector. 642 Abstract Data Type: unsigned64 643 ElementId: 318 644 Status: current 645 Units: packets 647 9.2.20 packetsSelected 649 Description: 650 Number of packets selected by a selector. 651 Abstract Data Type: unsigned64 652 ElementId: 319 653 Status: current 654 Units: packets 656 9.2.21 fixedError 658 Description: 659 Specifies the maximum possible positive or negative error interval 660 of the reported value for a given Information Element. 661 Abstract Data Type: float64 662 ElementId: 320 663 Status: current 664 Units: The units of the Information Element for which the error is 665 specified. 667 9.2.22 relativeError 669 Description: 670 Specifies the maximum possible positive or negative error ratio 671 for a given Information Element. 673 Abstract Data Type: float64 674 ElementId: 321 675 Status: current 677 9.2.23 observationTimeSeconds 679 Description: 680 The absolute time of an observation. 681 Abstract Data Type: dateTimeSeconds 682 ElementId: 322 683 Status: current 684 Units: seconds 686 9.2.24 observationTimeMilliSeconds 688 Description: 689 The absolute time of an observation. 690 Abstract Data Type: dateTimeSeconds 691 ElementId: 323 692 Status: current 693 Units: milliseconds 695 9.2.25 observationTimeMicroSeconds 697 Description: 698 The absolute time of an observation. 699 Abstract Data Type: dateTimeSeconds 700 ElementId: 324 701 Status: current 702 Units: microseconds 704 9.2.26 observationTimeNanoSeconds 706 Description: 707 The absolute time of an observation. 708 Abstract Data Type: dateTimeSeconds 709 ElementId: 325 710 Status: current 711 Units: nanoseconds 713 9.2.27 digestHashValue 715 Description: 716 The value from the digest hash function. 718 Abstract Data Type: unsigned64 719 ElementId: 326 720 Status: current 722 9.2.28 hashIPPayloadOffset 724 Description: 725 The IP payload offset used by a hash based selector. 726 Abstract Data Type: unsigned64 727 ElementId: 327 728 Status: current 730 9.2.29 hashIPPayloadSize 732 Description: 733 The IP payload size used by a hash based selector. 734 Abstract Data Type: unsigned64 735 ElementId: 328 736 Status: current 738 9.2.30 hashInitialiserValue 740 Description: 741 The initialiser value to the hash function. 742 Abstract Data Type: unsigned64 743 ElementId: 326 744 Status: current 746 9.2.31 hashOutputRangeMin 748 Description: 749 A value for the beginning of a hash function's potential output 750 range. 751 Abstract Data Type: unsigned64 752 ElementId: 329 753 Status: current 755 9.2.32 hashOutputRangeMax 757 Description: 758 A value for the end of a hash function's potential output range. 759 Abstract Data Type: unsigned64 760 ElementId: 330 761 Status: current 763 9.2.33 hashSelectedRangeMin 764 Description: 765 A value for the beginning of a hash function's selected range. 766 Abstract Data Type: unsigned64 767 ElementId: 331 768 Status: current 770 9.2.34 hashSelectedRangeMax 772 Description: 773 A value for the end of a hash function's selected range. 774 Abstract Data Type: unsigned64 775 ElementId: 332 776 Status: current 778 9.2.35 hashDigestOutput 780 Description: 781 A boolean value, TRUE if the output from this hash selector has 782 been configured to be included in the packet report as a packet 783 digest, else FALSE. 784 Abstract Data Type: boolean 785 ElementId: 333 786 Status: current 788 10. Security Considerations 790 The PSAMP information model itself does not directly introduce 791 security issues. Rather it defines a set of attributes which may for 792 privacy or business issues be considered sensitive information. 794 Specifically, the Information Elements pertaining to packet sections 795 MUST target no more than the packet header, some subsequent bytes of 796 the packet, and encapsulating headers if present. Full packet 797 capture of arbitrary packet streams is explicitly out of scope, per 798 [RFC2804] and the PSAMP WG charter. 800 The underlying protocol used to exchange the information described 801 here must therefore apply appropriate procedures to guarantee the 802 integrity and confidentiality of the exported information. Such 803 protocols are defined in separate documents, specifically the IPFIX 804 protocol document [I-D.ietf-ipfix-protocol]. 806 11. IANA Considerations 808 This document defines an initial set of PSAMP Information Elements as 809 specified in [I-D.ietf-psamp-sample-tech], as an extension to the 810 IPFIX Information Elements [I-D.ietf-ipfix-info]. New assignments 811 for PSAMP Information Elements will be administered according to 812 rules explained in the "IANA Consideration" section of the IPFIX 813 Information Model document [I-D.ietf-ipfix-info]. 815 Note that the PSAMP Information Element IDs were initially started at 816 the value 300, in order to leave a gap for any ongoing IPFIX work 817 requiring new Information Elements. It is expected that this gap in 818 the Information Element numbering will be filled in by IANA with new 819 IPFIX Information Elements. 821 Appendix B defines an XML schema which may be used to create 822 consistent machine readable extensions to the IPFIX information 823 model. This schema introduces a new namespace, which will be 824 assigned by IANA according to [RFC3688]. 826 In future the selectorAlgorithm registry will be maintained by IANA. 827 IANA can update this information element as long as there's a new RFC 828 specifying the algorithm and any new Information Elements which are 829 required. 831 12. References 833 12.1 Normative References 835 [I-D.ietf-psamp-sample-tech] 836 Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. 837 Raspall, "Sampling and Filtering Techniques for IP Packet 838 Selection", draft-ietf-psamp-sample-tech-07 (work in 839 progress), July 2005. 841 [I-D.ietf-psamp-protocol] 842 Claise, B., Quittek, J., and A. Johnson, "Packet Sampling 843 (PSAMP) Protocol Specifications", 844 draft-ietf-psamp-protocol-03 (work in progress), 845 December 2005. 847 [I-D.ietf-psamp-mib] 848 Dietz, T. and B. Claise, "Definitions of Managed Objects 849 for Packet Sampling", draft-ietf-psamp-mib-05 (work in 850 progress), October 2005. 852 [I-D.ietf-ipfix-info] 853 Quittek, J., Bryant, S., Claise, B., and J. Meyer, 854 "Information Model for IP Flow Information Export", 855 draft-ietf-ipfix-info-11 (work in progress), 856 September 2005. 858 [I-D.ietf-ipfix-protocol] 859 Claise, B., Bryant, S., Sadasivan, G., Leinen, S., and T. 861 Dietz, "IPFIX Protocol Specification", 862 draft-ietf-ipfix-protocol-19 (work in progress), 863 September 2005. 865 [ISO/IEC.7498-1:1994] 866 International Organization for Standardization, 867 "Information technology -- Open Systems Interconnection -- 868 Basic Reference Model: The Basic Mode", ISO Standard 7498- 869 1:1994, June 1996. 871 12.2 Informative References 873 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 874 "Requirements for IP Flow Information Export", RFC 3917, 875 October 2004. 877 [I-D.ietf-ipfix-architecture] 878 Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, 879 "Architecture for IP Flow Information Export", 880 draft-ietf-ipfix-architecture-09 (work in progress), 881 August 2005. 883 [I-D.ietf-psamp-framework] 884 Duffield, N., Chiou, D., Claise, B., Greenberg, A., 885 Grossglauser, M., Marimuthu, P., Rexford, J., and G. 886 Sadasivan, "A Framework for Packet Selection and 887 Reporting", draft-ietf-psamp-framework-10 (work in 888 progress), January 2005. 890 [RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, 891 May 2000. 893 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 894 September 1981. 896 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 897 Label Switching Architecture", RFC 3031, January 2001. 899 [RFC3032] Rosen, E., Tappan, D., Rekhter, Y., Fedorkow, G., 900 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 901 Encoding", RFC 3032, January 2001. 903 [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between 904 Information Models and Data Models", RFC 3444, 905 January 2003. 907 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 908 June 1999. 910 [RFC3470] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for 911 the Use of Extensible Markup Language (XML) within IETF 912 Protocols", BCP 70, RFC 3470, January 2003. 914 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 915 January 2004. 917 Authors' Addresses 919 Thomas Dietz 920 NEC Europe Ltd. 921 Network Laboratories 922 Kurfuersten-Anlage 36 923 Heidelberg 69115 924 Germany 926 Phone: +49 6221 90511-28 927 Email: dietz@netlab.nec.de 928 URI: http://www.netlab.nec.de/ 930 Falko Dressler 931 University of Erlangen-Nuremberg 932 Dept. of Computer Sciences 933 Martensstr. 3 934 Erlangen 91058 935 Germany 937 Phone: +49 9131 85-27914 938 Email: dressler@informatik.uni-erlangen.de 939 URI: http://www7.informatik.uni-erlangen.de/~dressler 941 Georg Carle 942 University of Tuebingen 943 Wilhelm-Schickard-Institute for Computer Science 944 Auf der Morgenstelle 10C 945 Tuebingen 71076 946 Germany 948 Phone: +49 7071 29-70505 949 Email: carle@informatik.uni-tuebingen.de 950 URI: http://net.informatik.uni-tuebingen.de/~carle/ 951 Benoit Claise 952 Cisco Systems 953 De Kleetlaan 6a b1 954 Degem 1813 955 Belgium 957 Phone: +32 2 704 5622 958 Email: bclaise@cisco.com 960 Paul Aitken 961 Cisco Systems 962 96 Commercial Quay 963 Edinburgh EH6 6LX 964 Scotland 966 Phone: +44 131 561 3616 967 Email: paitken@cisco.com 968 URI: http://www.cisco.com/ 970 Appendix A. Formal Specification of PSAMP Information Elements 972 This appendix contains a formal description of the PSAMP information 973 model XML document. Note that this appendix is of informational 974 nature, while the text in section Section 9 generated from this 975 appendix is normative. 977 Using a formal and machine readable syntax for the information model 978 enables the creation of PSAMP aware tools which can automatically 979 adapt to extensions to the information model, by simply reading 980 updated information model specifications. 982 The wide availability of XML aware tools and libraries for client 983 devices is a primary consideration for this choice. In particular 984 libraries for parsing XML documents are readily available. Also 985 mechanisms such as the Extensible Stylesheet Language (XSL) allow for 986 transforming a source XML document into other documents. This draft 987 was authored in XML and transformed according to [RFC2629]. 989 It should be noted that the use of XML in exporters, collectors or 990 other tools is not mandatory for the deployment of PSAMP. In 991 particular, exporting processes do not produce or consume XML as part 992 of their operation. It is expected that PSAMP collectors MAY take 993 advantage of the machine readability of the information model vs. 994 hardcoding their behavior or inventing proprietary means for 995 accommodating extensions. 997 Using XML-based specifications does not currently address possible 998 IANA implications associated with XML Namespace URIs. The use of 999 Namespaces as an extension mechanism implies that an IANA registered 1000 Namespace URI should be available and that directory names below this 1001 base URI be assigned for relevant IETF specifications. The authors 1002 are not aware of this mechanism today. 1004 1005 1006 1008 1009 1010 ID of the observation process. 1011 Unique in the observation domain. 1012 1013 1014 1016 1018 1019 1020 From all the packets observed at an Observation Point, a 1021 subset of packets is selected by a sequence of one or more 1022 Selectors. The selectionSequenceId is a unique value per 1023 Observation Domain, describing the Observation Point and the 1024 sequence of Selectors through which the packets are selected. 1025 1026 1027 1029 1032 1033 1034 The Selector ID is the unique ID identifying a Primitive 1035 Selector. Each Primitive Selector must have a unique ID 1036 in the observation domain. 1037 1038 1039 1041 1045 1046 1047 Contains the ID of another Information Element. 1048 1049 1050 1052 1055 1056 1057 Specifies the selector algorithm (e.g., filter, sampler, 1058 hash) that was used on a packet. 1059 It is exported in the options data flow record to specify 1060 how a collector has to interpret a data flow record. 1061 1062 1063 1064 1065 The following selector algorithms are currently defined: 1066 1067 1068 1070 1071 1 Systematic count-based sampling 1072 2 Systematic time-based sampling 1073 3 Random n-out-of-N sampling 1074 4 Uniform probabilistic sampling 1075 5 Property match filtering 1076 6 Hash based filtering using BOB 1077 7 Hash based filtering using IPSX 1078 8 Hash based filtering using CRC 1079 1081 1082 1083 1084 EDITOR'S NOTE: This list may be extended in the final 1085 version. 1086 1087 1088 1089 1090 The parameters for most of these algorithms 1091 are defined in this information model. Some parameters for 1092 these algorithms are not covered by this information model 1093 since they very much depend on the underlying hardware. 1094 1095 1096 1097 1098 In future, this list will be maintained by IANA. 1099 IANA can update this information element as long as 1100 there's a new RFC specifying the algorithm and 1101 any new Information Elements which are required. 1102 1103 1104 1106 1108 1109 1110 Number of packets that are consecutively sampled. 1111 For example a value of 100 means that 100 contiguous 1112 packets are sampled. 1113 1114 1115 1116 1117 This information element is used to describe the 1118 configuration of a systematic count-based sampling selector. 1119 1120 1121 packets 1122 1124 1126 1127 1128 The number of packets between two 1129 "samplingPacketInterval"s. A value of 100 means that the 1130 next interval starts after 100 packets (which are not 1131 sampled) when the current "samplingPacketInterval" is over. 1132 1133 1134 1135 1136 This information element is used to describe the 1137 configuration of a systematic count-based sampling selector. 1138 1139 1140 packets 1142 1144 1146 1147 1148 Time interval in microseconds in which all arriving 1149 packets are sampled. 1150 1151 1152 1153 1154 This information element is used to describe the 1155 configuration of a systematic time-based sampling selector. 1156 1157 1158 microseconds 1159 1161 1163 1164 1165 The time interval in microseconds between two 1166 "samplingTimeInterval"s. A value of 100 means that the 1167 next interval starts after 100 microseconds (in which no 1168 packets are sampled) when the current "samplingTimeInterval" 1169 is over. 1170 1171 1172 1173 1174 This information element is used to describe the 1175 configuration of a systematic time-based sampling selector. 1176 1177 1178 microseconds 1179 1181 1183 1184 1185 The number of elements taken from the parent 1186 population for random sampling algorithms. 1187 1188 1189 1190 1191 This information element is used to describe the 1192 configuration of a random n-out-of-N sampling selector. 1193 1194 1195 packets 1196 1198 1200 1201 1202 The number of elements in the parent population 1203 for random sampling algorithms. 1204 1205 1206 1207 1208 This information element is used to describe the 1209 configuration of a random n-out-of-N sampling selector. 1210 1211 1212 packets 1213 1215 1217 1218 1219 The probability that a packet is sampled, 1220 expressed as a value between 0 and 1. 1221 The probability is equal for every packet. 1222 A value of 0 means no packet was sampled 1223 since the probability is 0. 1224 1225 1226 1227 1228 This information element is used to describe the 1229 configuration of a uniform probabilistic sampling selector. 1230 1231 1232 1234 1236 1237 1238 This ID is not currently in use. 1239 1240 1241 1243 1246 1247 1248 This information element carries a series of octets 1249 from the start of the IP header of a sampled packet. 1250 1251 1252 1253 1254 The size of the exported section may be constrained 1255 due to limitations in the IPFIX protocol. 1256 1257 1258 1260 1263 1264 1265 This information element carries a series of octets 1266 from the start of the IP payload of a sampled packet. 1267 1268 1269 1270 1271 The IPv4 payload is that part of the packet which follows the 1272 IPv4 header and any options, which 1273 refers to as "data" or "data octets". 1274 e.g., see the examples in 1275 APPENDIX A. 1276 1277 1278 1279 1280 The size of the exported section may be constrained 1281 due to limitations in the IPFIX protocol. 1282 1283 1284 1285 1286 If insufficient octets are available for the length specified 1287 in the template, the packet section must be sent with a new 1288 template using either a fixed length Information Element of 1289 the necessary size or a variable length Information Element. 1290 It's not permissible to pad a short packet section to a 1291 longer length. 1292 1293 1294 1296 1299 1300 1301 This information element carries the first n octets 1302 from the data link frame of a sampled packet. 1303 1304 1305 1306 1307 The data link layer is defined in 1308 . 1309 1310 1311 1312 1313 The size of the exported section may be constrained 1314 due to limitations in the IPFIX protocol. 1315 1316 1317 1318 1319 If insufficient octets are available for the length specified 1320 in the template, the packet section must be sent with a new 1321 template using either a fixed length Information Element of 1322 the necessary size or a variable length Information Element. 1323 It's not permissible to pad a short packet section to a 1324 longer length. 1325 1326 1327 1329 1332 1333 1334 This information element carries the first n octets 1335 from the MPLS label stack of a sampled packet. 1336 1337 1338 1339 1340 See 1341 for the specification of MPLS packets. 1342 1343 See 1344 for the specification of the MPLS label stack. 1345 1346 1347 1348 1349 The size of the exported section may be constrained 1350 due to limitations in the IPFIX protocol. 1351 1352 1364 1365 1367 1370 1371 1372 This information element carries the first n octets 1373 from the MPLS payload of a sampled packet, being data 1374 that follows immediately after the MPLS label stack. 1375 1376 1377 1378 1379 See 1380 for the specification of MPLS packets. 1381 1382 See 1383 for the specification of the MPLS label stack. 1384 1385 1386 1387 1388 The size of the exported section may be constrained 1389 due to limitations in the IPFIX protocol. 1390 1391 1392 1393 1394 If insufficient octets are available for the length specified 1395 in the template, the packet section must be sent with a new 1396 template using either a fixed length Information Element of 1397 the necessary size or a variable length Information Element. 1398 It's not permissible to pad a short packet section to a 1399 longer length. 1400 1401 1402 1404 1406 1407 1408 Number of packets observed by a selector. 1409 1410 1411 packets 1412 1414 1416 1417 1418 Number of packets selected by a selector. 1419 1420 1421 packets 1422 1424 1426 1427 1428 Specifies the maximum possible positive or negative error 1429 interval of the reported value for a given Information 1430 Element. 1431 1432 1433 1434 The units of the Information Element 1435 for which the error is specified. 1436 1437 1439 1441 1442 1443 Specifies the maximum possible positive or negative 1444 error ratio for a given Information Element. 1445 1446 1447 1449 1452 1453 1454 The absolute time of an observation. 1455 1456 1457 seconds 1458 1460 1463 1464 1465 The absolute time of an observation. 1466 1467 1468 milliseconds 1469 1471 1474 1475 1476 The absolute time of an observation. 1477 1479 1480 microseconds 1481 1483 1486 1487 1488 The absolute time of an observation. 1489 1490 1491 nanoseconds 1492 1494 1496 1497 1498 The value from the digest hash function. 1499 1500 1501 1503 1505 1506 1507 The IP payload offset used by a hash based selector. 1508 1509 1510 1512 1514 1515 1516 The IP payload size used by a hash based selector. 1517 1518 1519 1521 1523 1524 1525 The initialiser value to the hash function. 1526 1528 1529 1531 1533 1534 1535 A value for the beginning of a hash function's 1536 potential output range. 1537 1538 1539 1541 1543 1544 1545 A value for the end of a hash function's 1546 potential output range. 1547 1548 1549 1551 1553 1554 1555 A value for the beginning of a hash function's 1556 selected range. 1557 1558 1559 1561 1563 1564 1565 A value for the end of a hash function's 1566 selected range. 1567 1568 1569 1571 1573 1574 1575 A boolean value, TRUE if the output from this hash selector 1576 has been configured to be included in the packet report as a 1577 packet digest, else FALSE. 1578 1579 1580 1582 1584 Intellectual Property Statement 1586 The IETF takes no position regarding the validity or scope of any 1587 Intellectual Property Rights or other rights that might be claimed to 1588 pertain to the implementation or use of the technology described in 1589 this document or the extent to which any license under such rights 1590 might or might not be available; nor does it represent that it has 1591 made any independent effort to identify any such rights. Information 1592 on the procedures with respect to rights in RFC documents can be 1593 found in BCP 78 and BCP 79. 1595 Copies of IPR disclosures made to the IETF Secretariat and any 1596 assurances of licenses to be made available, or the result of an 1597 attempt made to obtain a general license or permission for the use of 1598 such proprietary rights by implementers or users of this 1599 specification can be obtained from the IETF on-line IPR repository at 1600 http://www.ietf.org/ipr. 1602 The IETF invites any interested party to bring to its attention any 1603 copyrights, patents or patent applications, or other proprietary 1604 rights that may cover technology that may be required to implement 1605 this standard. Please address the information to the IETF at 1606 ietf-ipr@ietf.org. 1608 Disclaimer of Validity 1610 This document and the information contained herein are provided on an 1611 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1612 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1613 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1614 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1615 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1616 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1618 Copyright Statement 1620 Copyright (C) The Internet Society (2006). This document is subject 1621 to the rights, licenses and restrictions contained in BCP 78, and 1622 except as set forth therein, the authors retain all their rights. 1624 Acknowledgment 1626 Funding for the RFC Editor function is currently provided by the 1627 Internet Society.