idnits 2.17.1 draft-ietf-psamp-info-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 21. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 2130. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 2141. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 2148. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 2154. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 20, 2008) is 5667 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5101 (Obsoleted by RFC 7011) ** Obsolete normative reference: RFC 5102 (Obsoleted by RFC 7012) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Dietz 3 Internet-Draft NEC Europe Ltd. 4 Intended status: Standards Track B. Claise 5 Expires: April 23, 2009 P. Aitken 6 Cisco Systems, Inc. 7 F. Dressler 8 University of Erlangen-Nuremberg 9 G. Carle 10 Technical University of Munich 11 October 20, 2008 13 Information Model for Packet Sampling Exports 14 16 Status of this Memo 18 By submitting this Internet-Draft, each author represents that any 19 applicable patent or other IPR claims of which he or she is aware 20 have been or will be disclosed, and any of which he or she becomes 21 aware will be disclosed, in accordance with Section 6 of BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as Internet- 26 Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/ietf/1id-abstracts.txt. 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 This Internet-Draft will expire on April 23, 2009. 41 Abstract 43 This memo defines an information model for the Packet Sampling 44 (PSAMP) protocol. It is used by the PSAMP protocol for encoding 45 sampled packet data and information related to the Sampling process. 46 As the PSAMP protocol is based on the IPFIX protocol, this 47 information model is an extension to the IPFIX information model. 49 Conventions used in this document 51 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 52 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 53 document are to be interpreted as described in RFC 2119 [RFC2119]. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 2. PSAMP Documents Overview . . . . . . . . . . . . . . . . . . . 6 61 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 63 4. Relationship between PSAMP and IPFIX . . . . . . . . . . . . . 8 65 5. Properties of a PSAMP Information Element . . . . . . . . . . 9 67 6. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . . 10 69 7. Overloading Information Elements . . . . . . . . . . . . . . . 11 71 8. The PSAMP Information Elements . . . . . . . . . . . . . . . . 12 72 8.1. Identifiers (301-303) . . . . . . . . . . . . . . . . . . 12 73 8.1.1. selectionSequenceId . . . . . . . . . . . . . . . . . 13 74 8.1.2. selectorId . . . . . . . . . . . . . . . . . . . . . . 13 75 8.1.3. informationElementId . . . . . . . . . . . . . . . . . 13 76 8.2. Sampling Configuration (304-311) . . . . . . . . . . . . . 14 77 8.2.1. selectorAlgorithm . . . . . . . . . . . . . . . . . . 14 78 8.2.2. samplingPacketInterval . . . . . . . . . . . . . . . . 16 79 8.2.3. samplingPacketSpace . . . . . . . . . . . . . . . . . 16 80 8.2.4. samplingTimeInterval . . . . . . . . . . . . . . . . . 17 81 8.2.5. samplingTimeSpace . . . . . . . . . . . . . . . . . . 17 82 8.2.6. samplingSize . . . . . . . . . . . . . . . . . . . . . 18 83 8.2.7. samplingPopulation . . . . . . . . . . . . . . . . . . 18 84 8.2.8. samplingProbability . . . . . . . . . . . . . . . . . 19 85 8.3. Hash Configuration (326-334) . . . . . . . . . . . . . . . 19 86 8.3.1. digestHashValue . . . . . . . . . . . . . . . . . . . 19 87 8.3.2. hashIPPayloadOffset . . . . . . . . . . . . . . . . . 20 88 8.3.3. hashIPPayloadSize . . . . . . . . . . . . . . . . . . 20 89 8.3.4. hashOutputRangeMin . . . . . . . . . . . . . . . . . . 21 90 8.3.5. hashOutputRangeMax . . . . . . . . . . . . . . . . . . 21 91 8.3.6. hashSelectedRangeMin . . . . . . . . . . . . . . . . . 21 92 8.3.7. hashSelectedRangeMax . . . . . . . . . . . . . . . . . 22 93 8.3.8. hashDigestOutput . . . . . . . . . . . . . . . . . . . 22 94 8.3.9. hashInitialiserValue . . . . . . . . . . . . . . . . . 23 95 8.4. Time Stamps (322-325) . . . . . . . . . . . . . . . . . . 23 96 8.4.1. observationTimeSeconds . . . . . . . . . . . . . . . . 23 97 8.4.2. observationTimeMilliseconds . . . . . . . . . . . . . 24 98 8.4.3. observationTimeMicroseconds . . . . . . . . . . . . . 24 99 8.4.4. observationTimeNanoseconds . . . . . . . . . . . . . . 24 100 8.5. Packet Data (312-317) . . . . . . . . . . . . . . . . . . 25 101 8.5.1. ipHeaderPacketSection . . . . . . . . . . . . . . . . 25 102 8.5.2. ipPayloadPacketSection . . . . . . . . . . . . . . . . 26 103 8.5.3. mplsLabelStackSection . . . . . . . . . . . . . . . . 26 104 8.5.4. mplsPayloadPacketSection . . . . . . . . . . . . . . . 27 105 8.6. Statistics (318-321) . . . . . . . . . . . . . . . . . . . 27 106 8.6.1. selectorIdTotalPktsObserved . . . . . . . . . . . . . 28 107 8.6.2. selectorIdTotalPktsSelected . . . . . . . . . . . . . 28 108 8.6.3. absoluteError . . . . . . . . . . . . . . . . . . . . 29 109 8.6.4. relativeError . . . . . . . . . . . . . . . . . . . . 29 110 8.6.5. upperCILimit . . . . . . . . . . . . . . . . . . . . . 30 111 8.6.6. lowerCILimit . . . . . . . . . . . . . . . . . . . . . 31 112 8.6.7. confidenceLevel . . . . . . . . . . . . . . . . . . . 31 114 9. Security Considerations . . . . . . . . . . . . . . . . . . . 33 116 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 117 10.1. Related Considerations . . . . . . . . . . . . . . . . . . 34 118 10.2. PSAMP Related Considerations . . . . . . . . . . . . . . . 34 120 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 121 11.1. Normative References . . . . . . . . . . . . . . . . . . . 35 122 11.2. Informative References . . . . . . . . . . . . . . . . . . 35 124 Appendix A. Formal Specification of PSAMP Information Elements . 37 126 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 53 127 Intellectual Property and Copyright Statements . . . . . . . . . . 55 129 1. Introduction 131 Packet Sampling techniques are required for various measurement 132 scenarios. The Packet Sampling (PSAMP) protocol provides mechanisms 133 for packet selection using different Filtering and Sampling 134 techniques. A standardized way for the export and storage of the 135 Information Elements defined in section 8 is required. The 136 definition of the PSAMP information and data model is based on the 137 IPFIX Information Model [RFC5102]. The PSAMP protocol document 138 [I-D.ietf-psamp-protocol] specifies how to use the IPFIX protocol in 139 the PSAMP context. 141 This document examines the IPFIX Information Model [RFC5102] and 142 extends it to meet the PSAMP requirements [RFC3917]. Therefore, the 143 structure of this document is strongly based on the IPFIX document. 144 It complements the PSAMP protocol specification by providing an 145 appropriate PSAMP information model. The main part of this document, 146 section 8, defines the list of Information Elements to be transmitted 147 by the PSAMP protocol. Sections 5 and 6 describe the data types and 148 Information Element properties used within this document and their 149 relationship to the IPFIX information model. 151 The main body of section 8 was generated from an XML document. The 152 XML-based specification of the PSAMP Information Elements can be used 153 for automatically checking syntactical correctness of the 154 specification. Furthermore it can be used - in combination with the 155 IPFIX information model - for automated code generation. The 156 resulting code can be used in PSAMP protocol implementations to deal 157 with processing PSAMP information elements. 159 For that reason, the XML document that served as the source for 160 section 8 is attached to this document in Appendix A. 162 Note that although partially generated from the attached XML 163 documents, the main body of this document is normative while the 164 appendices are informational. 166 2. PSAMP Documents Overview 168 [I-D.ietf-psamp-framework]: "A Framework for Packet Selection and 169 Reporting" describes the PSAMP framework for network elements to 170 select subsets of packets by statistical and other methods, and to 171 export a stream of reports on the selected packets to a collector. 173 [I-D.ietf-psamp-sample-tech]: "Sampling and Filtering Techniques for 174 IP Packet Selection" describes the set of packet selection techniques 175 supported by PSAMP. 177 [I-D.ietf-psamp-protocol]: "Packet Sampling (PSAMP) Protocol 178 Specifications" specifies the export of packet information from a 179 PSAMP Exporting Process to a PSAMP Collecting Process. 181 This document, "Information Model for Packet Sampling Exports", 182 defines an information and data model for PSAMP. 184 3. Terminology 186 IPFIX-specific terminology used in this document is defined in 187 Section 2 of [RFC5101]. PSAMP-specific terminology used in this 188 document is defined in Section 3.2 of [I-D.ietf-psamp-protocol]. As 189 in [RFC5101] and [I-D.ietf-psamp-protocol], these IPFIX- and PSAMP- 190 specific terms have the first letter of a word capitalized when used 191 in this document. 193 4. Relationship between PSAMP and IPFIX 195 As described in the PSAMP protocol [I-D.ietf-psamp-protocol] a PSAMP 196 Report can be seen as a very special IPFIX Data Record. It 197 represents an IPFIX Flow containing only a single packet. Therefore, 198 the IPFIX information model can be used as a basis for PSAMP Reports. 200 Nevertheless, there are properties required in PSAMP Reports which 201 cannot be modelled using the current IPFIX information model. This 202 document describes extensions to the IPFIX information model which 203 allow the modelling of information and data required by PSAMP. 205 Some of these extensions allow the export of what may be considered 206 sensitive information. Refer to the Security Considerations section 207 for a fuller discussion. 209 Note that the export of sampled or filtered PSAMP Reports may not 210 need all the Information Elements defined by the IPFIX information 211 model [RFC5102], as discussed in sections 6.2 and 6.3 of the PSAMP 212 Framework [I-D.ietf-psamp-framework]. 214 5. Properties of a PSAMP Information Element 216 The PSAMP Information Elements are defined in accordance with 217 sections 2.1 to 2.3 of the IPFIX Information Model [RFC5102] to which 218 reference should be made for more information. Nevertheless, we 219 strongly recommend defining the optional "units" property for every 220 information element (if applicable). 222 The Data Types defined in section 3.1 of the IPFIX Information Model 223 [RFC5102] are also used for the PSAMP Information Elements. 225 6. Type Space 227 The PSAMP Information Elements MUST be constructed from the basic 228 abstract data types and data type semantics described in section 3 of 229 the IPFIX Information Model [RFC5102]. To ensure consistency between 230 IPFIX and PSAMP, the data types are not repeated in this document. 231 The encoding of these data types is described in the IPFIX Protocol 232 [RFC5101]. 234 7. Overloading Information Elements 236 Information Elements SHOULD NOT be overloaded with multiple meanings 237 or re-used for multiple purposes. Different Information Elements 238 SHOULD be allocated for each requirement. 240 Although the presence of certain other Information Elements allows 241 the selection method to be inferred, a separate Information Element 242 is provided for the selectorAlgorithm to include as scope for the 243 Selector Report Interpretation [I-D.ietf-psamp-protocol]. 245 Even if the Information Elements are specified with a specific 246 selection method (i.e. a specific value of selectorAlgorithm) in 247 mind, these Information Elements are not restricted to the selection 248 method and MAY be used for different selection methods in the future. 250 8. The PSAMP Information Elements 252 This section describes the Information Elements used by the PSAMP 253 protocol. 255 For each Information Element specified in sections 8.1 - 8.6 below a 256 unique identifier is allocated in accordance with section 4 of the 257 IPFIX information model [RFC5102]. The assignments are controlled by 258 IANA as an extension of the IPFIX Information Model. 260 The Information Elements specified by the IPFIX information model 261 [RFC5102] are used by the PSAMP protocol where applicable. To avoid 262 inconsistencies between the IPFIX and the PSAMP information and data 263 models, only those Information Elements that are not already 264 described by the IPFIX information model are defined here. 266 List of additional PSAMP Information Elements: 268 +-----+----------------------------+-----+----------------------------+ 269 | ID | Name | ID | Name | 270 +-----+----------------------------+-----+----------------------------+ 271 | 301 | selectionSequenceId | 321 | relativeError | 272 | 302 | selectorId | 322 | observationTimeSeconds | 273 | 303 | informationElementId | 323 | observationTimeMilliseconds| 274 | 304 | selectorAlgorithm | 324 | observationTimeMicroseconds| 275 | 305 | samplingPacketInterval | 325 | observationTimeNanoseconds | 276 | 306 | samplingPacketSpace | 326 | digestHashValue | 277 | 307 | samplingTimeInterval | 327 | hashIPPayloadOffset | 278 | 308 | samplingTimeSpace | 328 | hashIPPayloadSize | 279 | 309 | samplingSize | 329 | hashOutputRangeMin | 280 | 310 | samplingPopulation | 330 | hashOutputRangeMax | 281 | 311 | samplingProbability | 331 | hashSelectedRangeMin | 282 | 313 | ipHeaderPacketSection | 332 | hashSelectedRangeMax | 283 | 314 | ipPayloadPacketSection | 333 | hashDigestOutput | 284 | 316 | mplsLabelStackSection | 334 | hashInitialiserValue | 285 | 317 | mplsPayloadPacketSection | 336 | upperCILimit | 286 | 318 | selectorIdTotalPktsObserved| 337 | lowerCILimit | 287 | 319 | selectorIdTotalPktsSelected| 338 | confidenceLevel | 288 | 320 | absoluteError | | | 289 +-----+----------------------------+-----+----------------------------+ 291 8.1. Identifiers (301-303) 293 Information Elements in this section serve as identifiers. All of 294 them have an integral abstract data type and data type semantics 295 "identifier". 297 +-----+----------------------------+-----+----------------------------+ 298 | ID | Name | ID | Name | 299 +-----+----------------------------+-----+----------------------------+ 300 | 301 | selectionSequenceId | 303 | informationElementId | 301 | 302 | selectorId | | | 302 +-----+----------------------------+-----+----------------------------+ 304 8.1.1. selectionSequenceId 306 Description: 308 From all the packets observed at an Observation Point, a subset of 309 the packets is selected by a sequence of one or more Selectors. 310 The selectionSequenceId is a unique value per Observation Domain, 311 specifying the Observation Point and the sequence of Selectors 312 through which the packets are selected. 314 Abstract Data Type: unsigned64 316 Data Type Semantics: identifier 318 ElementId: 301 320 Status: current 322 8.1.2. selectorId 324 Description: 326 The Selector ID is the unique ID identifying a Primitive Selector. 327 Each Primitive Selector must have a unique ID in the Observation 328 Domain. 330 Abstract Data Type: unsigned16 332 Data Type Semantics: identifier 334 ElementId: 302 336 Status: current 338 8.1.3. informationElementId 340 Description: 342 This Information Element contains the ID of another Information 343 Element. 345 Abstract Data Type: unsigned16 347 Data Type Semantics: identifier 349 ElementId: 303 351 Status: current 353 8.2. Sampling Configuration (304-311) 355 Information Elements in this section can be used for describing the 356 sampling configuration of a Selection Process. 358 +-----+----------------------------+-----+----------------------------+ 359 | ID | Name | ID | Name | 360 +-----+----------------------------+-----+----------------------------+ 361 | 304 | selectorAlgorithm | 308 | samplingTimeSpace | 362 | 305 | samplingPacketInterval | 309 | samplingSize | 363 | 306 | samplingPacketSpace | 310 | samplingPopulation | 364 | 307 | samplingTimeInterval | 311 | samplingProbability | 365 +-----+----------------------------+-----+----------------------------+ 367 8.2.1. selectorAlgorithm 369 Description: 371 This Information Element identifies the packet selection methods 372 (e.g., Filtering, Sampling) that are applied by the Selection 373 Process. 375 Most of these methods have parameters. Further Information 376 Elements are needed to fully specify packet selection with these 377 methods and all their parameters. 379 The methods listed below are defined in [I-D.ietf-psamp-sample- 380 tech]. For their parameters, Information Elements are defined in 381 the Information Model Document. The names of these Information 382 Elements are listed for each method identifier. 384 Further method identifiers may be added to the list below. It 385 might be necessary to define new Information Elements to specify 386 their parameters. 388 The selectorAlgorithm registry is maintained by IANA. New 389 assignments for the registry will be administered by IANA, and 390 subject to Expert Review [RFC5226]. 392 The registry can be updated when specifications of the new 393 method(s) and any new Information Elements are provided. 395 The group of experts must double check the selectorAlgorithm 396 definitions and Information Elements with already defined 397 selectorAlgorithms and Information Elements for completeness, 398 accuracy and redundancy. Those experts will initially be drawn 399 from the Working Group Chairs and document editors of the IPFIX 400 and PSAMP Working Groups. 402 The following packet selection methods identifiers are defined 403 here: 405 +----+------------------------+------------------------+ 406 | ID | Method | Parameters | 407 +----+------------------------+------------------------+ 408 | 1 | Systematic count-based | samplingPacketInterval | 409 | | Sampling | samplingPacketSpace | 410 +----+------------------------+------------------------+ 411 | 2 | Systematic time-based | samplingTimeInterval | 412 | | Sampling | samplingTimeSpace | 413 +----+------------------------+------------------------+ 414 | 3 | Random n-out-of-N | samplingSize | 415 | | Sampling | samplingPopulation | 416 +----+------------------------+------------------------+ 417 | 4 | Uniform probabilistic | samplingProbability | 418 | | Sampling | | 419 +----+------------------------+------------------------+ 420 | 5 | Property match | no agreed parameters | 421 | | Filtering | | 422 +----+------------------------+------------------------+ 423 | Hash based Filtering | hashInitialiserValue | 424 +----+------------------------+ hashIPPayloadOffset | 425 | 6 | using BOB | hashIPPayloadSize | 426 +----+------------------------+ hashSelectedRangeMin | 427 | 7 | using IPSX | hashSelectedRangeMax | 428 +----+------------------------+ hashOutputRangeMin | 429 | 8 | using CRC | hashOutputRangeMax | 430 +----+------------------------+------------------------+ 432 There is a broad variety of possible parameters that could be used 433 for Property match Filtering (5) but currently there are no agreed 434 parameters specified. 436 Abstract Data Type: unsigned16 438 Data Type Semantics: identifier 440 ElementId: 304 442 Status: current 444 8.2.2. samplingPacketInterval 446 Description: 448 This Information Element specifies the number of packets that are 449 consecutively sampled. For example a value of 100 means that 100 450 consecutive packets are sampled. 452 For example, this Information Element may be used to describe the 453 configuration of a systematic count-based Sampling Selector. 455 Abstract Data Type: unsigned32 457 Data Type Semantics: quantity 459 ElementId: 305 461 Status: current 463 Units: packets 465 8.2.3. samplingPacketSpace 467 Description: 469 This Information Element specifies the number of packets between 470 two "samplingPacketInterval"s. A value of 100 means that the next 471 interval starts 100 packets (which are not sampled) after the 472 current "samplingPacketInterval" is over. 474 For example, this Information Element may be used to describe the 475 configuration of a systematic count-based Sampling Selector. 477 Abstract Data Type: unsigned32 479 Data Type Semantics: quantity 481 ElementId: 306 483 Status: current 485 Units: packets 487 8.2.4. samplingTimeInterval 489 Description: 491 This Information Element specifies the time interval in 492 microseconds during which all arriving packets are sampled. 494 For example, this Information Element may be used to describe the 495 configuration of a systematic time-based Sampling Selector. 497 Abstract Data Type: dateTimeMicroseconds 499 Data Type Semantics: quantity 501 ElementId: 307 503 Status: current 505 Units: microseconds 507 8.2.5. samplingTimeSpace 509 Description: 511 This Information Element specifies the time interval in 512 microseconds between two "samplingTimeInterval"s. A value of 100 513 means that the next interval starts 100 microseconds (during which 514 no packets are sampled) after the current "samplingTimeInterval" 515 is over. 517 For example, this Information Element may used to describe the 518 configuration of a systematic time-based Sampling Selector. 520 Abstract Data Type: dateTimeMicroseconds 521 Data Type Semantics: quantity 523 ElementId: 308 525 Status: current 527 Units: microseconds 529 8.2.6. samplingSize 531 Description: 533 This Information Element specifies the number of elements taken 534 from the parent Population for random Sampling methods. 536 For example, this Information Element may be used to describe the 537 configuration of a random n-out-of-N Sampling Selector. 539 Abstract Data Type: unsigned32 541 Data Type Semantics: quantity 543 ElementId: 309 545 Status: current 547 Units: packets 549 8.2.7. samplingPopulation 551 Description: 553 This Information Element specifies the number of elements in the 554 parent Population for random Sampling methods. 556 For example, this Information Element may be used to describe the 557 configuration of a random n-out-of-N Sampling Selector. 559 Abstract Data Type: unsigned32 561 Data Type Semantics: quantity 563 ElementId: 310 565 Status: current 566 Units: packets 568 8.2.8. samplingProbability 570 Description: 572 This Information Element specifies the probability that a packet 573 is sampled, expressed as a value between 0 and 1. The probability 574 is equal for every packet. A value of 0 means no packet was 575 sampled since the probability is 0. 577 For example, this Information Element may be used to describe the 578 configuration of a uniform probabilistic Sampling Selector. 580 Abstract Data Type: float64 582 Data Type Semantics: quantity 584 ElementId: 311 586 Status: current 588 8.3. Hash Configuration (326-334) 590 The following Information Elements can be used for describing the 591 sampling configuration of a Selection Process. The individual 592 parameters are explained in more detail in the 593 [I-D.ietf-psamp-sample-tech] in section 6.2 as well as in sections 594 3.8 and 7.1. 596 +-----+----------------------------+-----+----------------------------+ 597 | ID | Name | ID | Name | 598 +-----+----------------------------+-----+----------------------------+ 599 | 326 | digestHashValue | 331 | hashSelectedRangeMin | 600 | 327 | hashIPPayloadOffset | 332 | hashSelectedRangeMax | 601 | 328 | hashIPPayloadSize | 333 | hashDigestOutput | 602 | 329 | hashOutputRangeMin | 334 | hashInitialiserValue | 603 | 330 | hashOutputRangeMax | | | 604 +-----+----------------------------+-----+----------------------------+ 606 8.3.1. digestHashValue 608 Description: 610 This Information Element specifies the value from the digest hash 611 function. 613 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 614 tech]. 616 Abstract Data Type: unsigned64 618 Data Type Semantics: quantity 620 ElementId: 326 622 Status: current 624 8.3.2. hashIPPayloadOffset 626 Description: 628 This Information Element specifies the IP payload offset used by a 629 hash based Selector. 631 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 632 tech]. 634 Abstract Data Type: unsigned64 636 Data Type Semantics: quantity 638 ElementId: 327 640 Status: current 642 8.3.3. hashIPPayloadSize 644 Description: 646 This Information Element specifies the IP payload size used by a 647 hash based Selector. See also sections 6.2, 3.8 and 7.1 of 648 [I-D.ietf-psamp-sample-tech]. 650 Abstract Data Type: unsigned64 652 Data Type Semantics: quantity 654 ElementId: 328 656 Status: current 658 8.3.4. hashOutputRangeMin 660 Description: 662 This Information Element specifies the value for the beginning of 663 a hash function's potential output range. 665 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 666 tech]. 668 Abstract Data Type: unsigned64 670 Data Type Semantics: quantity 672 ElementId: 329 674 Status: current 676 8.3.5. hashOutputRangeMax 678 Description: 680 This Information Element specifies the value for the end of a hash 681 function's potential output range. 683 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 684 tech]. 686 Abstract Data Type: unsigned64 688 Data Type Semantics: quantity 690 ElementId: 330 692 Status: current 694 8.3.6. hashSelectedRangeMin 696 Description: 698 This Information Element specifies the value for the beginning of 699 a hash function's selected range. 701 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 702 tech]. 704 Abstract Data Type: unsigned64 706 Data Type Semantics: quantity 708 ElementId: 331 710 Status: current 712 8.3.7. hashSelectedRangeMax 714 Description: 716 This Information Element specifies the value for the end of a hash 717 function's selected range. 719 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 720 tech]. 722 Abstract Data Type: unsigned64 724 Data Type Semantics: quantity 726 ElementId: 332 728 Status: current 730 8.3.8. hashDigestOutput 732 Description: 734 This Information Element contains a boolean value which is TRUE if 735 the output from this hash Selector has been configured to be 736 included in the packet report as a packet digest, else FALSE. 738 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 739 tech]. 741 Abstract Data Type: boolean 743 Data Type Semantics: quantity 745 ElementId: 333 747 Status: current 749 8.3.9. hashInitialiserValue 751 Description: 753 This Information Element specifies the initialiser value to the 754 hash function. 756 See also sections 6.2, 3.8 and 7.1 of [I-D.ietf-psamp-sample- 757 tech]. 759 Abstract Data Type: unsigned64 761 Data Type Semantics: quantity 763 ElementId: 334 765 Status: current 767 8.4. Time Stamps (322-325) 769 The Information Elements listed below contain time stamps. They can 770 be used for reporting the observation time of a single packet. 772 +-----+----------------------------+-----+----------------------------+ 773 | ID | Name | ID | Name | 774 +-----+----------------------------+-----+----------------------------+ 775 | 322 | observationTimeSeconds | 324 | observationTimeMicroseconds| 776 | 323 | observationTimeMilliseconds| 325 | observationTimeNanoseconds | 777 +-----+----------------------------+-----+----------------------------+ 779 8.4.1. observationTimeSeconds 781 Description: 783 This Information Element specifies the absolute time in seconds of 784 an observation. 786 Abstract Data Type: dateTimeSeconds 788 Data Type Semantics: quantity 790 ElementId: 322 792 Status: current 793 Units: seconds 795 8.4.2. observationTimeMilliseconds 797 Description: 799 This Information Element specifies the absolute time in 800 milliseconds of an observation. 802 Abstract Data Type: dateTimeMilliseconds 804 Data Type Semantics: quantity 806 ElementId: 323 808 Status: current 810 Units: milliseconds 812 8.4.3. observationTimeMicroseconds 814 Description: 816 This Information Element specifies the absolute time in 817 microseconds of an observation. 819 Abstract Data Type: dateTimeMicroseconds 821 Data Type Semantics: quantity 823 ElementId: 324 825 Status: current 827 Units: microseconds 829 8.4.4. observationTimeNanoseconds 831 Description: 833 This Information Element specifies the absolute time in 834 nanoseconds of an observation. 836 Abstract Data Type: dateTimeNanoseconds 837 Data Type Semantics: quantity 839 ElementId: 325 841 Status: current 843 Units: nanoseconds 845 8.5. Packet Data (312-317) 847 The following Information Elements are all used for reporting raw 848 content of a packet. The only exception is dataLinkFrameSize that 849 reports the size of the related data link frame. All other 850 Information Elements contain sections of the raw packet. All 851 Information Elements containing sections of the observed packet can 852 also be used in IPFIX [RFC5101]. If the values for those sections 853 vary for different packets in a Flow then the Flow Report will 854 contain the value observed in the first packet of the Flow. 856 +-----+----------------------------+-----+----------------------------+ 857 | ID | Name | ID | Name | 858 +-----+----------------------------+-----+----------------------------+ 859 | 313 | ipHeaderPacketSection | 316 | mplsLabelStackSection | 860 | 314 | ipPayloadPacketSection | 317 | mplsPayloadPacketSection | 861 +-----+----------------------------+-----+----------------------------+ 863 8.5.1. ipHeaderPacketSection 865 Description: 867 This Information Element, which may have a variable length, 868 carries a series of octets from the start of the IP header of a 869 sampled packet. 871 With sufficient length, this element also reports octets from the 872 IP payload, subject to [RFC2804]. See the Security Considerations 873 section. 875 The size of the exported section may be constrained due to 876 limitations in the IPFIX protocol. 878 The data for this field MUST NOT be padded. 880 Abstract Data Type: octetArray 881 Data Type Semantics: quantity 883 ElementId: 313 885 Status: current 887 8.5.2. ipPayloadPacketSection 889 Description: 891 This Information Element, which may have a variable length, 892 carries a series of octets from the start of the IP payload of a 893 sampled packet. 895 The IPv4 payload is that part of the packet which follows the IPv4 896 header and any options, which [RFC0791] refers to as "data" or 897 "data octets". e.g., see the examples in [RFC0791] APPENDIX A. 899 The IPv6 payload is the rest of the packet following the 40 octet 900 IPv6 header. Note that any extension headers present are 901 considered part of the payload. See [RFC2460] for the IPv6 902 specification. 904 The size of the exported section may be constrained due to 905 limitations in the IPFIX protocol. 907 The data for this field MUST NOT be padded. 909 Abstract Data Type: octetArray 911 Data Type Semantics: quantity 913 ElementId: 314 915 Status: current 917 8.5.3. mplsLabelStackSection 919 Description: 921 This Information Element, which may have a variable length, 922 carries the first n octets from the MPLS label stack of a sampled 923 packet. 925 With sufficient length, this element also reports octets from the 926 MPLS payload, subject to [RFC2804]. See the Security 927 Considerations section. 929 See [RFC3031] for the specification of MPLS packets. 931 See [RFC3032] for the specification of the MPLS label stack. 933 The size of the exported section may be constrained due to 934 limitations in the IPFIX protocol. 936 The data for this field MUST NOT be padded. 938 Abstract Data Type: octetArray 940 Data Type Semantics: quantity 942 ElementId: 316 944 Status: current 946 8.5.4. mplsPayloadPacketSection 948 Description: 950 This Information Element, which may have a variable length, 951 carries the first n octets from the MPLS payload of a sampled 952 packet, being data that follows immediately after the MPLS label 953 stack. 955 See [RFC3031] for the specification of MPLS packets. 957 See [RFC3032] for the specification of the MPLS label stack. 959 The size of the exported section may be constrained due to 960 limitations in the IPFIX protocol. 962 The data for this field MUST NOT be padded. 964 Abstract Data Type: octetArray 966 Data Type Semantics: quantity 968 ElementId: 317 970 Status: current 972 8.6. Statistics (318-321) 974 Information Elements in this section can be used for reporting 975 statistics from the Metering Process. 977 +-----+----------------------------+-----+----------------------------+ 978 | ID | Name | ID | Name | 979 +-----+----------------------------+-----+----------------------------+ 980 | 318 | selectorIdTotalPktsObserved| 336 | upperCILimit | 981 | 319 | selectorIdTotalPktsSelected| 337 | lowerCILimit | 982 | 320 | absoluteError | 338 | confidenceLevel | 983 | 321 | relativeError | | | 984 +-----+----------------------------+-----+----------------------------+ 986 8.6.1. selectorIdTotalPktsObserved 988 Description: 990 This Information Element specifies the total number of packets 991 observed by a Selector, for a specific value of SelectorId. 993 This Information Element should be used in an option template 994 scoped to the observation to which it refers. See section 3.4.2.1 995 of the IPFIX Information Model [RFC5102]. 997 Abstract Data Type: unsigned64 999 Data Type Semantics: totalCounter 1001 ElementId: 318 1003 Status: current 1005 Units: packets 1007 8.6.2. selectorIdTotalPktsSelected 1009 Description: 1011 This Information Element specifies the total number of packets 1012 selected by a Selector, for a specific value of SelectorId. 1014 This Information Element should be used in an option template 1015 scoped to the observation to which it refers. See section 3.4.2.1 1016 of the IPFIX Information Model [RFC5102]. 1018 Abstract Data Type: unsigned64 1020 Data Type Semantics: totalCounter 1021 ElementId: 319 1023 Status: current 1025 Units: packets 1027 8.6.3. absoluteError 1029 Description: 1031 This Information Element specifies the maximum possible 1032 measurement error of the reported value for a given Information 1033 Element. The absoluteError has the same unit as the Information 1034 Element it is associated with. The real value of the metric can 1035 differ by absoluteError (positive or negative) from the measured 1036 value. 1038 This Information Element provides only the error for measured 1039 values. If an Information Element contains an estimated value 1040 (from sampling), the confidence boundaries and confidence level 1041 have to be provided instead, using the upperCILimit, lowerCILimit 1042 and confidenceLevel Information Elements. 1044 This Information Element should be used in an option template 1045 scoped to the observation to which it refers. See section 3.4.2.1 1046 of the IPFIX Information Model [RFC5102]. 1048 Abstract Data Type: float64 1050 Data Type Semantics: quantity 1052 ElementId: 320 1054 Status: current 1056 Units: The units of the Information Element for which the error is 1057 specified. 1059 8.6.4. relativeError 1061 Description: 1063 This Information Element specifies the maximum possible positive 1064 or negative error ratio for the reported value for a given 1065 Information Element as percentage of the measured value. The real 1066 value of the metric can differ by relativeError percent (positive 1067 or negative) from the measured value. 1069 This Information Element provides only the error for measured 1070 values. If an Information Element contains an estimated value 1071 (from sampling), the confidence boundaries and confidence level 1072 have to be provided instead, using the upperCILimit, lowerCILimit 1073 and confidenceLevel Information Elements. 1075 This Information Element should be used in an option template 1076 scoped to the observation to which it refers. See section 3.4.2.1 1077 of the IPFIX Information Model [RFC5102]. 1079 Abstract Data Type: float64 1081 Data Type Semantics: quantity 1083 ElementId: 321 1085 Status: current 1087 8.6.5. upperCILimit 1089 Description: 1091 This Information Element specifies the upper limit of a confidence 1092 interval. It is used to provide an accuracy statement for an 1093 estimated value. The confidence limits define the range in which 1094 the real value is assumed to be with a certain probability p. 1095 Confidence limits always need to be associated with a confidence 1096 level that defines this probability p. Please note that a 1097 confidence interval only provides a probability that the real 1098 values lies within the limits. That means the real value can lie 1099 outside the confidence limits. 1101 The upperCILimit, lowerCILimit and confidenceLevel Information 1102 Elements should all be used in an option template scoped to the 1103 observation to which they refer. See section 3.4.2.1 of the IPFIX 1104 Information Model [RFC5102]. 1106 Note that the upperCILimit, lowerCILimit and confidenceLevel are 1107 all required to specify confidence, and should be disregarded 1108 unless all three are specified together. 1110 Abstract Data Type: float64 1112 Data Type Semantics: quantity 1113 ElementId: 336 1115 Status: current 1117 8.6.6. lowerCILimit 1119 Description: 1121 This Information Element specifies the lower limit of a confidence 1122 interval. For further information see the description of 1123 upperCILimit. 1125 The upperCILimit, lowerCILimit and confidenceLevel Information 1126 Elements should all be used in an option template scoped to the 1127 observation to which they refer. See section 3.4.2.1 of the IPFIX 1128 Information Model [RFC5102]. 1130 Note that the upperCILimit, lowerCILimit and confidenceLevel are 1131 all required to specify confidence, and should be disregarded 1132 unless all three are specified together. 1134 Abstract Data Type: float64 1136 Data Type Semantics: quantity 1138 ElementId: 337 1140 Status: current 1142 8.6.7. confidenceLevel 1144 Description: 1146 This Information Element specifies the confidence level. It is 1147 used to provide an accuracy statement for estimated values. The 1148 confidence level provides the probability p with which the real 1149 value lies within a given range. A confidence level always needs 1150 to be associated with confidence limits that define the range in 1151 which the real value is assumed to be. 1153 The upperCILimit, lowerCILimit and confidenceLevel Information 1154 Elements should all be used in an option template scoped to the 1155 observation to which they refer. See section 3.4.2.1 of the IPFIX 1156 Information Model [RFC5102]. 1158 Note that the upperCILimit, lowerCILimit and confidenceLevel are 1159 all required to specify confidence, and should be disregarded 1160 unless all three are specified together. 1162 Abstract Data Type: float64 1164 Data Type Semantics: quantity 1166 ElementId: 338 1168 Status: current 1170 9. Security Considerations 1172 The PSAMP information model itself does not directly introduce 1173 security issues. Rather it defines a set of attributes which may for 1174 privacy or business issues be considered sensitive information. 1176 For example, exporting values of header fields may make attacks 1177 possible for the receiver of this information, which would otherwise 1178 only be possible for direct observers of the reported Flows along the 1179 data path. Specifically, the Information Elements pertaining to 1180 packet sections MUST target no more than the packet header, some 1181 subsequent bytes of the packet, and encapsulating headers if present. 1182 Full packet capture of arbitrary packet streams is explicitly out of 1183 scope, per [RFC2804]. 1185 The underlying protocol used to exchange the information described 1186 here MUST therefore apply appropriate procedures to guarantee the 1187 integrity and confidentiality of the exported information. Such 1188 procedures are defined in separate documents, specifically the IPFIX 1189 protocol document [RFC5101]. 1191 10. IANA Considerations 1193 The PSAMP Information Model, as set out in this document, has two 1194 sets of assigned numbers. Considerations for assigning them are 1195 discussed in this section, using the example policies as set out in 1196 the "Guidelines for IANA Considerations" document [RFC5226] 1198 10.1. Related Considerations 1200 As the PSAMP protocol uses the IPFIX protocol, refer to the IANA 1201 considerations section in [RFC5102] for the assignments of numbers 1202 used in the protocol and for the numbers used in the information 1203 model. 1205 10.2. PSAMP Related Considerations 1207 This document specifies an initial set of PSAMP Information Elements 1208 fulfilling the needs specified in [I-D.ietf-psamp-sample-tech], as an 1209 extension to the IPFIX Information Elements [RFC5102]. 1211 Note that the PSAMP Information Element IDs were initially started at 1212 the value 301, in order to leave a gap for any ongoing IPFIX work 1213 requiring new Information Elements. It is expected that this gap in 1214 the Information Element numbering will be filled in by IANA with new 1215 IPFIX Information Elements. 1217 Each new selection method MUST be assigned a unique value in the 1218 selectorAlgorithm registry. Its configuration parameter(s), along 1219 with the way to report it/them with an Options Template, MUST be 1220 clearly specified. The initial content of the selectorAlgorithm 1221 registry is found in section 8.2.1. 1223 New assignments for the PSAMP selection method will be administered 1224 by IANA and subject to Expert Review [RFC5226]. The group of experts 1225 must double check the Information Elements definitions with already 1226 defined Information Elements for completeness, accuracy and 1227 redundancy. Those experts will initially be drawn from the Working 1228 Group Chairs and document editors of the IPFIX and PSAMP Working 1229 Groups. The selectorAlgorithm registry is maintained by IANA and can 1230 be updated as long as specifications of the new method(s) and any new 1231 Information Elements are provided. 1233 11. References 1235 11.1. Normative References 1237 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1238 Requirement Levels", BCP 14, RFC 2119, March 1997. 1240 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1241 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1242 May 2008. 1244 [RFC5101] Claise, B., "Specification of the IP Flow Information 1245 Export (IPFIX) Protocol for the Exchange of IP Traffic 1246 Flow Information", RFC 5101, January 2008. 1248 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 1249 Meyer, "Information Model for IP Flow Information Export", 1250 RFC 5102, January 2008. 1252 [I-D.ietf-psamp-sample-tech] 1253 Zseby, T., "Sampling and Filtering Techniques for IP 1254 Packet Selection", draft-ietf-psamp-sample-tech-11 (work 1255 in progress), July 2008. 1257 [I-D.ietf-psamp-protocol] 1258 Claise, B., "Packet Sampling (PSAMP) Protocol 1259 Specifications", draft-ietf-psamp-protocol-09 (work in 1260 progress), December 2007. 1262 11.2. Informative References 1264 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 1265 September 1981. 1267 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1268 (IPv6) Specification", RFC 2460, December 1998. 1270 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1271 June 1999. 1273 [RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, 1274 May 2000. 1276 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 1277 Label Switching Architecture", RFC 3031, January 2001. 1279 [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., 1280 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 1281 Encoding", RFC 3032, January 2001. 1283 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 1284 "Requirements for IP Flow Information Export (IPFIX)", 1285 RFC 3917, October 2004. 1287 [I-D.ietf-psamp-framework] 1288 Chiou, D., Claise, B., Duffield, N., Greenberg, A., 1289 Grossglauser, M., Rexford, J., and S. Goldberg, "A 1290 Framework for Packet Selection and Reporting", 1291 draft-ietf-psamp-framework-13 (work in progress), 1292 June 2008. 1294 Appendix A. Formal Specification of PSAMP Information Elements 1296 This appendix contains a formal description of the PSAMP information 1297 model XML document. Note that this appendix is of informational 1298 nature, while the text in section Section 8 generated from this 1299 appendix is normative. 1301 Using a formal and machine readable syntax for the information model 1302 enables the creation of PSAMP aware tools which can automatically 1303 adapt to extensions to the information model, by simply reading 1304 updated information model specifications. 1306 The wide availability of XML aware tools and libraries for client 1307 devices is a primary consideration for this choice. In particular 1308 libraries for parsing XML documents are readily available. Also 1309 mechanisms such as the Extensible Stylesheet Language (XSL) allow for 1310 transforming a source XML document into other documents. This draft 1311 was authored in XML and transformed according to [RFC2629]. 1313 It should be noted that the use of XML in exporters, collectors or 1314 other tools is not mandatory for the deployment of PSAMP. In 1315 particular, exporting processes do not produce or consume XML as part 1316 of their operation. It is expected that PSAMP collectors MAY take 1317 advantage of the machine readability of the information model vs. 1318 hardcoding their behavior or inventing proprietary means for 1319 accommodating extensions. 1321 Using XML-based specifications does not currently address possible 1322 IANA implications associated with XML Namespace URIs. The use of 1323 Namespaces as an extension mechanism implies that an IANA registered 1324 Namespace URI should be available and that directory names below this 1325 base URI be assigned for relevant IETF specifications. The authors 1326 are not aware of this mechanism today. 1328 1329 1401 1405 1408 1409 1410 From all the packets observed at an Observation Point, a subset 1411 of the packets is selected by a sequence of one or more 1412 Selectors. The selectionSequenceId is a unique value per 1413 Observation Domain, specifying the Observation Point and the 1414 sequence of Selectors through which the packets are selected. 1415 1416 1417 1419 1422 1423 1424 The Selector ID is the unique ID identifying a Primitive 1425 Selector. Each Primitive Selector must have a unique ID in the 1426 Observation Domain. 1427 1428 1429 1431 1434 1435 1436 This Information Element contains the ID of another Information 1437 Element. 1438 1439 1440 1442 1445 1446 1447 This Information Element identifies the packet selection 1448 methods (e.g., Filtering, Sampling) that are applied by 1449 the Selection Process. 1451 Most of these methods have parameters. Further 1452 Information Elements are needed to fully specify packet 1453 selection with these methods and all their parameters. 1455 The methods listed below are defined in 1456 [I-D.ietf-psamp-sample-tech]. For their parameters, 1457 Information Elements are defined in the Information Model 1458 Document. The names of these Information Elements are 1459 listed for each method identifier. 1461 Further method identifiers may be added to the list 1462 below. It might be necessary to define new Information 1463 Elements to specify their parameters. 1465 The selectorAlgorithm registry is maintained by IANA. New 1466 assignments for the registry will be administered by IANA, 1467 and subject to Expert Review [RFC5226]. 1469 The registry can be updated when specifications of the new 1470 method(s) and any new Information Elements are provided. 1472 The group of experts must double check the selectorAlgorithm 1473 definitions and Information Elements with already defined 1474 selectorAlgorithms and Information Elements for completeness, 1475 accuracy and redundancy. Those experts will initially be drawn 1476 from the Working Group Chairs and document editors of the IPFIX 1477 and PSAMP Working Groups. 1479 The following packet selection methods identifiers are 1480 defined here: 1482 +----+------------------------+------------------------+ 1483 | ID | Method | Parameters | 1484 +----+------------------------+------------------------+ 1485 | 1 | Systematic count-based | samplingPacketInterval | 1486 | | Sampling | samplingPacketSpace | 1487 +----+------------------------+------------------------+ 1488 | 2 | Systematic time-based | samplingTimeInterval | 1489 | | Sampling | samplingTimeSpace | 1490 +----+------------------------+------------------------+ 1491 | 3 | Random n-out-of-N | samplingSize | 1492 | | Sampling | samplingPopulation | 1493 +----+------------------------+------------------------+ 1494 | 4 | Uniform probabilistic | samplingProbability | 1495 | | Sampling | | 1496 +----+------------------------+------------------------+ 1497 | 5 | Property match | no agreed parameters | 1498 | | Filtering | | 1499 +----+------------------------+------------------------+ 1500 | Hash based Filtering | hashInitialiserValue | 1501 +----+------------------------+ hashIPPayloadOffset | 1502 | 6 | using BOB | hashIPPayloadSize | 1503 +----+------------------------+ hashSelectedRangeMin | 1504 | 7 | using IPSX | hashSelectedRangeMax | 1505 +----+------------------------+ hashOutputRangeMin | 1506 | 8 | using CRC | hashOutputRangeMax | 1507 +----+------------------------+------------------------+ 1509 There is a broad variety of possible parameters that could be 1510 used for Property match Filtering (5) but currently there are no 1511 agreed parameters specified. 1512 1513 1514 1516 1519 1520 1521 This Information Element specifies the number of packets that 1522 are consecutively sampled. For example a value of 100 means that 1523 100 consecutive packets are sampled. 1525 For example, this Information Element may be used to describe 1526 the configuration of a systematic count-based Sampling Selector. 1527 1528 1529 packets 1531 1533 1536 1537 1538 This Information Element specifies the number of packets between 1539 two "samplingPacketInterval"s. A value of 100 means that the 1540 next interval starts 100 packets (which are not sampled) 1541 after the current "samplingPacketInterval" is over. 1543 For example, this Information Element may be used to describe 1544 the configuration of a systematic count-based Sampling Selector. 1545 1546 1547 packets 1548 1550 1553 1554 1555 This Information Element specifies the time interval in 1556 microseconds during which all arriving packets are sampled. 1558 For example, this Information Element may be used to describe 1559 the configuration of a systematic time-based Sampling Selector. 1560 1561 1562 microseconds 1563 1565 1568 1569 1570 This Information Element specifies the time interval in 1571 microseconds between two "samplingTimeInterval"s. A value of 100 1572 means that the next interval starts 100 microseconds 1573 (during which no packets are sampled) after the current 1574 "samplingTimeInterval" is over. 1576 For example, this Information Element may used to describe the 1577 configuration of a systematic time-based Sampling Selector. 1578 1580 1581 microseconds 1582 1584 1587 1588 1589 This Information Element specifies the number of elements taken 1590 from the parent Population for random Sampling methods. 1592 For example, this Information Element may be used to describe 1593 the configuration of a random n-out-of-N Sampling Selector. 1594 1595 1596 packets 1597 1599 1602 1603 1604 This Information Element specifies the number of elements in the 1605 parent Population for random Sampling methods. 1607 For example, this Information Element may be used to describe 1608 the configuration of a random n-out-of-N Sampling Selector. 1609 1610 1611 packets 1612 1614 1617 1618 1619 This Information Element specifies the probability that a packet 1620 is sampled, expressed as a value between 0 and 1. The 1621 probability is equal for every packet. A value of 0 means no 1622 packet was sampled since the probability is 0. 1624 For example, this Information Element may be used to describe 1625 the configuration of a uniform probabilistic Sampling Selector. 1626 1627 1629 1631 1634 1635 1636 This Information Element, which may have a variable length, 1637 carries a series of octets from the start of the IP header of a 1638 sampled packet. 1640 With sufficient length, this element also reports octets from 1641 the IP payload, subject to [RFC2804]. See the Security 1642 Considerations section. 1644 The size of the exported section may be constrained due to 1645 limitations in the IPFIX protocol. 1647 The data for this field MUST NOT be padded. 1648 1649 1650 1652 1655 1656 1657 This Information Element, which may have a variable length, 1658 carries a series of octets from the start of the IP payload of a 1659 sampled packet. 1661 The IPv4 payload is that part of the packet which follows the 1662 IPv4 header and any options, which [RFC0791] refers to as "data" 1663 or "data octets". e.g., see the examples in [RFC0791] APPENDIX 1664 A. 1666 The IPv6 payload is the rest of the packet following the 40 1667 octet IPv6 header. Note that any extension headers present are 1668 considered part of the payload. See [RFC2460] for the IPv6 1669 specification. 1671 The size of the exported section may be constrained due to 1672 limitations in the IPFIX protocol. 1674 The data for this field MUST NOT be padded. 1675 1676 1678 1680 1683 1684 1685 This Information Element, which may have a variable length, 1686 carries the first n octets from the MPLS label stack of a 1687 sampled packet. 1689 With sufficient length, this element also reports octets from 1690 the MPLS payload, subject to [RFC2804]. See the Security 1691 Considerations section. 1693 See [RFC3031] for the specification of MPLS packets. 1695 See [RFC3032] for the specification of the MPLS label stack. 1697 The size of the exported section may be constrained due to 1698 limitations in the IPFIX protocol. 1700 The data for this field MUST NOT be padded. 1701 1702 1703 1705 1708 1709 1710 This Information Element, which may have a variable length, 1711 carries the first n octets from the MPLS payload of a sampled 1712 packet, being data that follows immediately after the MPLS label 1713 stack. 1715 See [RFC3031] for the specification of MPLS packets. 1717 See [RFC3032] for the specification of the MPLS label stack. 1719 The size of the exported section may be constrained due to 1720 limitations in the IPFIX protocol. 1722 The data for this field MUST NOT be padded. 1723 1724 1725 1726 1729 1730 1731 This Information Element specifies the total number of packets 1732 observed by a Selector, for a specific value of SelectorId. 1734 This Information Element should be used in an option template 1735 scoped to the observation to which it refers. 1736 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 1737 1738 1739 packets 1740 1742 1745 1746 1747 This Information Element specifies the total number of packets 1748 selected by a Selector, for a specific value of SelectorId. 1750 This Information Element should be used in an option template 1751 scoped to the observation to which it refers. 1752 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 1753 1754 1755 packets 1756 1758 1761 1762 1763 This Information Element specifies the maximum possible 1764 measurement error of the reported value for a given Information 1765 Element. The absoluteError has the same unit as the Information 1766 Element it is associated with. The real value of the metric can 1767 differ by absoluteError (positive or negative) from the 1768 measured value. 1770 This Information Element provides only the 1771 error for measured values. If an Information Element contains 1772 an estimated value (from sampling), the confidence boundaries 1773 and confidence level have to be provided instead, using the 1774 upperCILimit, lowerCILimit and confidenceLevel Information 1775 Elements. 1777 This Information Element should be used in an option template 1778 scoped to the observation to which it refers. 1779 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 1780 1781 1782 1783 The units of the Information Element for which the error is 1784 specified. 1785 1786 1788 1791 1792 1793 This Information Element specifies the maximum possible positive 1794 or negative error ratio for the reported value for a given 1795 Information Element as percentage of the measured value. 1796 The real value of the metric can differ by relativeError percent 1797 (positive or negative) from the measured value. 1799 This Information Element 1800 provides only the error for measured values. If an Information 1801 Element contains an estimated value (from sampling), the 1802 confidence boundaries and confidence level have to be provided 1803 instead, using the upperCILimit, lowerCILimit and 1804 confidenceLevel Information Elements. 1806 This Information Element should be used in an option template 1807 scoped to the observation to which it refers. 1808 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 1809 1810 1811 1813 1816 1817 1818 This Information Element specifies the absolute time in seconds 1819 of an observation. 1820 1821 1822 seconds 1823 1825 1828 1829 1830 This Information Element specifies the absolute time in 1831 milliseconds of an observation. 1832 1833 1834 milliseconds 1835 1837 1840 1841 1842 This Information Element specifies the absolute time in 1843 microseconds of an observation. 1844 1845 1846 microseconds 1847 1849 1852 1853 1854 This Information Element specifies the absolute time in 1855 nanoseconds of an observation. 1856 1857 1858 nanoseconds 1859 1861 1864 1865 1866 This Information Element specifies the value from the digest 1867 hash function. 1869 See also sections 6.2, 3.8 and 7.1 of 1871 [I-D.ietf-psamp-sample-tech]. 1872 1873 1874 1876 1879 1880 1881 This Information Element specifies the IP payload offset used by 1882 a hash based Selector. 1884 See also sections 6.2, 3.8 and 7.1 of 1885 [I-D.ietf-psamp-sample-tech]. 1886 1887 1888 1890 1893 1894 1895 This Information Element specifies the IP payload size used by a 1896 hash based Selector. 1897 See also sections 6.2, 3.8 and 7.1 of 1898 [I-D.ietf-psamp-sample-tech]. 1899 1900 1901 1903 1906 1907 1908 This Information Element specifies the value for the beginning 1909 of a hash function's potential output range. 1911 See also sections 6.2, 3.8 and 7.1 of 1912 [I-D.ietf-psamp-sample-tech]. 1913 1914 1915 1917 1920 1921 1922 This Information Element specifies the value for the end of a 1923 hash function's potential output range. 1925 See also sections 6.2, 3.8 and 7.1 of 1926 [I-D.ietf-psamp-sample-tech]. 1927 1928 1929 1931 1934 1935 1936 This Information Element specifies the value for the beginning 1937 of a hash function's selected range. 1939 See also sections 6.2, 3.8 and 7.1 of 1940 [I-D.ietf-psamp-sample-tech]. 1941 1942 1943 1945 1948 1949 1950 This Information Element specifies the value for the end of a 1951 hash function's selected range. 1953 See also sections 6.2, 3.8 and 7.1 of 1954 [I-D.ietf-psamp-sample-tech]. 1955 1956 1957 1959 1962 1963 1964 This Information Element contains a boolean value which is TRUE 1965 if the output from this hash Selector has been configured to be 1966 included in the packet report as a packet digest, else FALSE. 1968 See also sections 6.2, 3.8 and 7.1 of 1969 [I-D.ietf-psamp-sample-tech]. 1970 1971 1972 1974 1977 1978 1979 This Information Element specifies the initialiser value to the 1980 hash function. 1982 See also sections 6.2, 3.8 and 7.1 of 1983 [I-D.ietf-psamp-sample-tech]. 1984 1985 1986 1988 1991 1992 1993 This Information Element specifies the upper limit of a 1994 confidence interval. It is used to provide an accuracy 1995 statement for an estimated value. The confidence limits 1996 define the range in which the real value is assumed to be 1997 with a certain probability p. Confidence limits always need 1998 to be associated with a confidence level that defines this 1999 probability p. Please note that a confidence interval only 2000 provides a probability that the real values lies within the 2001 limits. That means the real value can lie outside the 2002 confidence limits. 2004 The upperCILimit, lowerCILimit and confidenceLevel 2005 Information Elements should all be used in an option template 2006 scoped to the observation to which they refer. 2007 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 2009 Note that the upperCILimit, lowerCILimit and confidenceLevel 2010 are all required to specify confidence, and should be 2011 disregarded unless all three are specified together. 2012 2013 2014 2016 2019 2020 2021 This Information Element specifies the lower limit of a 2022 confidence interval. For further information see the 2023 description of upperCILimit. 2025 The upperCILimit, lowerCILimit and confidenceLevel 2026 Information Elements should all be used in an option template 2027 scoped to the observation to which they refer. 2028 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 2030 Note that the upperCILimit, lowerCILimit and confidenceLevel 2031 are all required to specify confidence, and should be 2032 disregarded unless all three are specified together. 2033 2034 2035 2037 2040 2041 2042 This Information Element specifies the confidence level. It is 2043 used to provide an accuracy statement for estimated values. 2044 The confidence level provides the probability p with which the 2045 real value lies within a given range. A confidence level 2046 always needs to be associated with confidence limits that 2047 define the range in which the real value is assumed to be. 2049 The upperCILimit, lowerCILimit and confidenceLevel 2050 Information Elements should all be used in an option template 2051 scoped to the observation to which they refer. 2052 See section 3.4.2.1 of the IPFIX Information Model [RFC5102]. 2054 Note that the upperCILimit, lowerCILimit and confidenceLevel 2055 are all required to specify confidence, and should be 2056 disregarded unless all three are specified together. 2057 2058 2059 2061 2062 Authors' Addresses 2064 Thomas Dietz 2065 NEC Europe Ltd. 2066 NEC Laboratories Europe 2067 Network Research Division 2068 Kurfuersten-Anlage 36 2069 Heidelberg 69115 2070 Germany 2072 Phone: +49 6221 4342-128 2073 Email: Thomas.Dietz@nw.neclab.eu 2074 URI: http://www.nw.neclab.eu/ 2076 Benoit Claise 2077 Cisco Systems, Inc. 2078 De Kleetlaan 6a b1 2079 Degem 1813 2080 Belgium 2082 Phone: +32 2 704 5622 2083 Email: bclaise@cisco.com 2085 Paul Aitken 2086 Cisco Systems, Inc. 2087 96 Commercial Quay 2088 Edinburgh EH6 6LX 2089 Scotland 2091 Phone: +44 131 561 3616 2092 Email: paitken@cisco.com 2093 URI: http://www.cisco.com/ 2095 Falko Dressler 2096 University of Erlangen-Nuremberg 2097 Dept. of Computer Sciences 2098 Martensstr. 3 2099 Erlangen 91058 2100 Germany 2102 Phone: +49 9131 85-27914 2103 Email: dressler@informatik.uni-erlangen.de 2104 URI: http://www7.informatik.uni-erlangen.de/~dressler 2105 Georg Carle 2106 Technical University of Munich 2107 Institute for Informatics 2108 Boltzmannstr. 3 2109 Garching bei Muenchen 85737 2110 Germany 2112 Phone: +49 89 289-18030 2113 Email: carle@in.tum.de 2114 URI: http://www.net.in.tum.de/~carle/ 2116 Full Copyright Statement 2118 Copyright (C) The IETF Trust (2008). 2120 This document is subject to the rights, licenses and restrictions 2121 contained in BCP 78, and except as set forth therein, the authors 2122 retain all their rights. 2124 This document and the information contained herein are provided on an 2125 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 2126 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 2127 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 2128 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 2129 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 2130 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2132 Intellectual Property 2134 The IETF takes no position regarding the validity or scope of any 2135 Intellectual Property Rights or other rights that might be claimed to 2136 pertain to the implementation or use of the technology described in 2137 this document or the extent to which any license under such rights 2138 might or might not be available; nor does it represent that it has 2139 made any independent effort to identify any such rights. Information 2140 on the procedures with respect to rights in RFC documents can be 2141 found in BCP 78 and BCP 79. 2143 Copies of IPR disclosures made to the IETF Secretariat and any 2144 assurances of licenses to be made available, or the result of an 2145 attempt made to obtain a general license or permission for the use of 2146 such proprietary rights by implementers or users of this 2147 specification can be obtained from the IETF on-line IPR repository at 2148 http://www.ietf.org/ipr. 2150 The IETF invites any interested party to bring to its attention any 2151 copyrights, patents or patent applications, or other proprietary 2152 rights that may cover technology that may be required to implement 2153 this standard. Please address the information to the IETF at 2154 ietf-ipr@ietf.org.