idnits 2.17.1 draft-mizrahi-ippm-compact-alternate-marking-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 29, 2017) is 2361 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-14) exists of draft-ietf-ippm-alt-mark-13 == Outdated reference: A later version (-04) exists of draft-fioccola-ippm-multipoint-alt-mark-00 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Mizrahi 3 Internet-Draft C. Arad 4 Intended status: Informational Marvell 5 Expires: May 2, 2018 G. Fioccola 6 M. Cociglio 7 Telecom Italia 8 M. Chen 9 L. Zheng 10 Huawei Technologies 11 G. Mirsky 12 ZTE Corp. 13 October 29, 2017 15 Compact Alternate Marking Methods for Passive Performance Monitoring 16 draft-mizrahi-ippm-compact-alternate-marking-00 18 Abstract 20 This memo introduces new alternate marking methods that require a 21 compact overhead of either a single bit per packet, or zero bits per 22 packet. This memo also presents a summary of alternate marking 23 methods, and discusses the tradeoffs among them. The target audience 24 of this document is network protocol designers; this document is 25 intended to help protocol designers choose the best alternate marking 26 method(s) based on the protocol's constraints and requirements. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on May 2, 2018. 45 Copyright Notice 47 Copyright (c) 2017 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (https://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.2. The Scope of This Document . . . . . . . . . . . . . . . 4 65 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 5 67 2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 5 68 3. Marking Abstractions . . . . . . . . . . . . . . . . . . . . 5 69 4. Double Marking . . . . . . . . . . . . . . . . . . . . . . . 7 70 5. Single-bit Marking . . . . . . . . . . . . . . . . . . . . . 8 71 5.1. Single Marking Using the First Packet . . . . . . . . . . 8 72 5.2. Single Marking using the Mean Delay . . . . . . . . . . . 8 73 5.3. Alternate Marking using a Multiplexed Marking Bit . . . . 8 74 5.3.1. Overview . . . . . . . . . . . . . . . . . . . . . . 8 75 5.3.2. Timing and Synchronization Aspects . . . . . . . . . 9 76 5.4. Pulse Marking . . . . . . . . . . . . . . . . . . . . . . 11 77 6. Zero-bit Marking . . . . . . . . . . . . . . . . . . . . . . 12 78 6.1. Hash-based Sampling . . . . . . . . . . . . . . . . . . . 12 79 6.2. Hashed Pulse Marking . . . . . . . . . . . . . . . . . . 13 80 6.3. Hashed Double Marking . . . . . . . . . . . . . . . . . . 13 81 6.4. Mixed Hashed Marking . . . . . . . . . . . . . . . . . . 14 82 7. Summary of Marking Methods . . . . . . . . . . . . . . . . . 15 83 8. Alternate Marking using Reserved Values . . . . . . . . . . . 17 84 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 85 10. Security Considerations . . . . . . . . . . . . . . . . . . . 18 86 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 87 11.1. Normative References . . . . . . . . . . . . . . . . . . 18 88 11.2. Informative References . . . . . . . . . . . . . . . . . 19 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 91 1. Introduction 93 1.1. Background 95 Alternate marking, defined in [I-D.ietf-ippm-alt-mark], is a method 96 for measuring packet loss, packet delay, and packet delay variation. 97 Typical delay measurement protocols require the two measurement 98 points (MPs) to exchange timestamped test packets. In contrast, the 99 alternate marking method does not require control packets to be 100 exchanged. Instead, every data packet carries a color indicator, 101 which divides the traffic into consecutive blocks of packets. 103 The color value is toggled periodically, as illustrated in Figure 1. 105 A: packet with color 0 106 B: packet with color 1 108 Packets AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA 109 Time ----------------------------------------------------------> 110 | | | | | 111 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 112 | | | | | 113 Color 0000000000 1111111111 0000000000 1111111111 0000000000 115 Figure 1: Alternate marking: packets are monitored on a per-color 116 basis. 118 Alternate marking is used between two MPs, the initiating MP, and the 119 monitoring MP. The initiating MP incorporates the marking field into 120 en-route packets, allowing the monitoring MP to use the marking field 121 in order to bind each packet to the corresponding block. 123 Each of the MPs maintains two counters, one per color. At the end of 124 each block the counter values can be collected by a central 125 management system, and analyzed; the packet loss can be computed by 126 comparing the counter values of the two MPs. 128 When using alternate marking delay measurement can be performed in 129 one of three ways (as per [I-D.ietf-ippm-alt-mark]): 131 o Single marking using the first packet: in this method each packet 132 uses a single marking bit, used as a color indicator. The first 133 packet of each block is used by both MPs as a reference for delay 134 measurement. The timestamp of this packet is measured by the two 135 measurement points, and can be collected by the mangement system 136 from each of the measurement points, which can compute the path 137 delay by comparing the two timestamps. The drawback of this 138 approach is that it is not accurate when packets arrive out-of- 139 order, as the two MPs may have a different view of which packet 140 was the first in the block. 142 o Single marking using the mean delay: as in the previous method, 143 each packet uses a single marking method, indicating the color. 144 Each of the MPs computes the average packet timestamp of each 145 block. The management system can then compute the delay by 146 comparing the average times of the two MPs. The drawback of this 147 approach is that it may be computationally heavy, or difficult to 148 implement at the data plane. 150 o Double marking: each packet uses two marking bits. One bit is 151 used as a color indicator, and one is used as a timestamping 152 indicator. This method resolves the drawbacks raised for the two 153 previous methods, at the expense of an extra bit in the packet 154 header. 156 The double marking method is the most straightforward approach. It 157 allows for accurate measurement without incurring expensive 158 computational load. However, in some cases allocating two bits for 159 passive measurement is not possible. For example, if alternate 160 marking is implemented over IPv4, allocating 2 marking bits in the 161 IPv4 header is challenging, as every bit in the 20-octet header is 162 costly; one of the possible approaches discussed in 163 [I-D.ietf-ippm-alt-mark] is to reserve one or two bits from the DSCP 164 field for remarking. In this case every marking bit comes at the 165 expense of reducing the DSCP range by a factor of two. 167 1.2. The Scope of This Document 169 This memo extends the marking methods of [I-D.ietf-ippm-alt-mark], 170 and introduces methods that require a single marking bit, or zero 171 marking bits. 173 Two single-bit marking methods are proposed, multiplexed marking and 174 pulse marking. In multiplexed marking the color indicator and the 175 timestamp indicator are multiplexed into a single bit, providing the 176 advantages of the double marking method while using a single bit in 177 the packet header. In pulse marking both delay and loss measurement 178 are triggered by a 'pulse' value in a single marking field. 180 This document also discusses zero-bit marking methods that leverage 181 well-known hash-based selection approaches ([RFC5474], [RFC5475]). 183 Alternate marking is discussed in this memo as a single-bit or a two- 184 bit marking method. However, these methods can similarly be applied 185 to larger fields, such as an IPv6 Flow Label or an MPLS Label; 186 single-bit marking can be applied using two reserved values, and two- 187 bit marking can be applied using four reserved values. Marking based 188 on reserved values is further discussed in this document, including 189 its application to MPLS and IPv6. 191 Finally, this memo summarizes the alternate marking methods, and 192 discusses the tradeoffs among them. It is expected that different 193 network protocols will have different constraints, and therefore may 194 choose to use different alternate marking methods. In some cases it 195 may be preferable to support more than one marking method; in this 196 case the particular marking method may be signaled through the 197 control plane. 199 2. Terminology 201 2.1. Requirements Language 203 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 204 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 205 document are to be interpreted as described in RFC 2119 [RFC2119]. 207 2.2. Abbreviations 209 The following abbreviations are used in this document: 211 DSCP Differentiated Services Code Point 213 DM Delay Measurement 215 LM Loss Measurement 217 LSP Label Switched Path 219 MP Measurement Point 221 MPLS Multiprotocol Label Switching 223 SFL Synonymous Flow Label [I-D.bryant-mpls-sfl-framework] 225 3. Marking Abstractions 227 The marking methods that were discussed in Section 1, as well as the 228 methods introduced in this document, use two basic abstractions, 229 pulse detection, and step detection. 231 The common thread along the various marking methods is that one or 232 two marking bits are used by the MPs to signal a measurement event. 234 The value of the marking bit indicates when the event takes place, in 235 one of two ways: 237 Pulse An event is detected when the value of the marking bit 238 is toggled in a single packet. 240 Step An event is detected when the value of the marking bit 241 is toggled, and remains at the new value. 243 The double marking method (Section 1) uses pulse-based detection for 244 DM, and step-based detection for LM. 246 Pulse-based detection affects the processing of a single packet; the 247 packet that indicates the pulse is processed differently than the 248 packets around it. For example, in the double marking method, the 249 marked packet is timestamped for DM, without affecting the packets 250 before or after it. Note that if the marked packet is lost, no pulse 251 is detected, yielding a missing measurement (see Figure 2). 253 P: indicates a packet 255 Packets PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP 256 Time ----------------------------------------------------------> 257 Marking bit 0000010000 0000010000 0000010000 0000010000 00000 0000 258 ^ ^ ^ ^ ^ 259 Pulse-based | | | | | 260 detection | | | | | 261 Dropped packet: 262 no detection 264 Figure 2: Pulse-based Detection. 266 In step-based detection the event is detected by observing a value 267 change in stream of packets. Specifically, when the step approach is 268 used for LM (as in the double marking method), two counters are used 269 per flow; each MP decides which counter to use based on the value of 270 the marking bit. Thus, the step-based approach allows accurate 271 counting even when packets arrive out-of-order (see Figure 3). When 272 the step approach is used for DM (e.g., single marking using the 273 first packet), out-of-order causes the delay measurement to be false, 274 without any indication to the management system. 276 P: indicates a packet 278 Packets PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP 279 Time ----------------------------------------------------------> 280 Marking bit 0000000000 1111111111 000000000 10111111111 0000000000 281 ^ ^ ^ ^ 282 Step-based | | | | 283 detection | | | | 284 out-of-order 286 Figure 3: Step-based Detection. 288 4. Double Marking 290 The two-bit marking method of [I-D.ietf-ippm-alt-mark] uses two 291 marking bits: a color indicator, and a delay measurement indicator. 292 The color bit is used for step-based LM, while the delay bit is used 293 as a pulse-based DM trigger. This double marking approach is the 294 most straightforward of the approaches discussed in this memo, as it 295 allows accurate measurement, it is resilient to out-of-order 296 delivery, and is relatively simple to implement. The main drawback 297 is that it requires two bits, which are not always available. 299 Figure 4 illustrates the double marking method: each block of packets 300 includes a packet that is marked for timestamping, and therefore has 301 its delay bit set. 303 A: packet with color 0 304 B: packet with color 1 306 Packets AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA 307 Time ----------------------------------------------------------> 308 | | | | | 309 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 310 | | | | | 311 Color bit 0000000000 1111111111 0000000000 1111111111 0000000000 312 Delay bit 0000100000 0000100000 0000100000 0000100000 0001000000 313 ^ ^ ^ ^ ^ 314 Packets | | | | | 315 marked for | | | | | 316 timestamping | | | | | 318 Figure 4: The double marking method. 320 5. Single-bit Marking 322 5.1. Single Marking Using the First Packet 324 This method uses a single marking bit that indicates the color, as 325 described in [I-D.ietf-ippm-alt-mark]. Both LM and DM are 326 implemented using a step-based approach; LM is implemented using two 327 color-based counters per flow. The first packet of every period is 328 used by the two MPs as the reference for measuring the delay. As 329 denoted above, the delay computed in this method may be erroneous 330 when packets are delivered out-of-order. 332 A: packet with color 0 333 B: packet with color 1 335 Packets AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA 336 Time ----------------------------------------------------------> 337 | | | | | 338 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 339 | | | | | 340 Color bit 0000000000 1111111111 0000000000 1111111111 0000000000 341 ^ ^ ^ ^ ^ 342 Packets | | | | | 343 used for DM | | | | | 345 Figure 5: Single marking using the first packet of the block. 347 5.2. Single Marking using the Mean Delay 349 As in the first-packet approach, in the mean delay approach 350 ([I-D.ietf-ippm-alt-mark]) a single marking bit is used to indicate 351 the color, enabling step-based loss measurement. Delay is measured 352 in each period by averaging the measured delay over all the packets 353 in the period. As discussed above, this approach is not sensitive to 354 out-of-order delivery, but may be heavy from a computational 355 perspective. 357 5.3. Alternate Marking using a Multiplexed Marking Bit 359 5.3.1. Overview 361 This section introduces a method that uses a single marking bit that 362 serves two purposes: a color indicator, and a timestamp indicator. 363 The double marking method that was discussed in the previous section 364 uses two 1-bit values: a color indicator C, and a timestamp indicator 365 T. The multiplexed marking bit, denoted by M, is an exclusive or 366 between these two values: M = C XOR T. 368 An example of the use of the multiplexed marking bit is depicted in 369 Figure 6. The example considers two routers, R1 and R2, that use the 370 multiplexed bit method to measure traffic from R1 to R2. In each 371 block R1 designates one of the packets for delay measurement. In 372 each of these designated packets the value of the multiplexed bit is 373 reversed compared to the other packets in the same block, allowing R2 374 to distinguish the designated packets from the other packets. 376 A: packet with color 0 377 B: packet with color 1 379 Packets AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA 380 Time ----------------------------------------------------------> 381 | | | | | 382 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 383 | | | | | 384 Color 0000000000 1111111111 0000000000 1111111111 0000000000 385 ^ ^ ^ ^ ^ 386 Packets | | | | | 387 marked for | | | | | 388 timestamping | | | | | 389 v v v v v 390 Muxed bit 0000100000 1111011111 0000100000 1111101111 0001000000 392 Figure 6: Alternate marking with multiplexed bit. 394 5.3.2. Timing and Synchronization Aspects 396 It is assumed that all MPs are synchronized to a common reference 397 time with an accuracy of +/- A/2. Thus, the difference between the 398 clock values of any two MPs is bounded by A. Clocks can be 399 synchronized for example using NTP [RFC5905], PTP [IEEE1588], or by 400 other means. The common reference time is used for dividing the time 401 domain into equal-sized measurement periods, such that all packets 402 forwarded during a measurement period have the same color, and 403 consecutive periods have alternating colors. 405 The single marking bit incorporates two multiplexed values. From the 406 monitoring MP's perspective, the two values are Time-Division 407 Multiplexed (TDM), as depicted in Figure 7. It is assumed that the 408 start time of every measurement period is known to both the 409 initiating MP and the monitoring MP. If the measurement period is L, 410 then during the first and the last L/4 time units of each block the 411 marking bit is interpreted by the monitoring MP as a color indicator. 412 During the middle part of the block, the marking bit is interpreted 413 as a timestamp indicator; if the value of this bit is different than 414 the color value, the corresponding packet is used as a reference for 415 delay measurement. 417 +--- Beginning of measurement period 418 | 419 v 421 ...BBBBBBBBB | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | BBBBBBBBB... 422 |<======================================>| 423 | L | 424 <========>|<========><==================><========>|<========> 425 L/4 L/4 L/2 L/4 L/4 427 <===================><==================><===================> 428 Detect color Detect timestamping Detect color 429 change indication change 431 Figure 7: Multiplexed marking field interpretation at the receiving 432 measurement point. 434 In order to prevent ambiguity in the receiver's interpretation of the 435 marking field, the initiating MP is permitted to set the timestamp 436 indication only during a specific interval, as depicted in Figure 8. 437 Since the receiver is willing to receive the timestamp indication 438 during the middle L/2 time units of the block, the sender refrains 439 from sending the timestamp indication during a guardband interval of 440 d time units at the beginning and end of the L/2-period. 442 +--- Beginning of measurement period 443 | 444 v 446 ...BBBBBBBBB | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | BBBBBBBBB... 447 |<======================================>| 448 | L | 449 <========>|<========>|<================>|<========>| 450 L/4 L/4 | L/2 | L/4 451 <=>|<=> <=>|<=> 452 d d d d 453 <==========> 454 permissible 455 timestamping 456 indication 457 interval 459 Figure 8: A time domain view. 461 The guardband d is given by d = A + D_max - D_min, where A is the 462 clock accuracy, D_max is an upper bound on the network delay between 463 the MPs, and D_min is a lower bound on the delay. It is 464 straightforward from Figure 8 that d < L/4 must be satisfied. The 465 latter implies a minimal requirement on the synchronization accuracy. 467 All MPs must be synchronized to the same reference time with an 468 accuracy of +/- L/8. Depending on the system topology, in some 469 systems the accuracy requirement will be even more stringent, subject 470 to d < L/4. Note that the accuracy requirement of the conventional 471 alternate marking method [I-D.ietf-ippm-alt-mark] is +/- L/2, while 472 the multiplexed marking method requires an accuracy of +/- L/8. 474 Note that we assume that the middle L/2-period is designated as the 475 timestamp indication period, allowing a sufficiently long guardband 476 between the transitions. However, a system may be configured to use 477 a longer timestamp indication period or a shorter one, if it is 478 guaranteed that the synchronization accuracy meets the guardband 479 requirements (i.e., the constraints on d). 481 5.4. Pulse Marking 483 Pulse marking uses a single marking bit that is used as a trigger for 484 both LM and DM. In this method the two MPs maintain a single per- 485 flow counter for LM, in contrast to the color-based methods which 486 require two counters per flow. In each block one of the packets is 487 marked. The marked packet triggers two actions in each of MPs: 489 o The timestamp is captured for DM. 491 o The value of the counter is captured for LM. 493 In each period, each of the MPs exports the timestamp and counter- 494 stamp to the management system, which can then compute the loss and 495 delay in that period. It should be noted that as in 496 [I-D.ietf-ippm-alt-mark], if the length of the measurement period is 497 L time units, then all network devices must be synchronized to the 498 same clock reference with an accuracy of +/- L/2 time units. 500 The pulse marking approach is illustrated in Figure 9. Since both LM 501 and DM use a pulse-based trigger, if the marked packet is lost then 502 no measurement is available in this period. Moreover, the LM 503 accuracy may be affected by out-of-order delivery. 505 P: packet - all packets have the same color 507 Packets PPPPPPPPPP PPPPPPPPP PPPPPPPPPP PPPPPPPPPP PPPPPPPPPP 508 Time ----------------------------------------------------------> 509 | | | | | 510 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 511 | | | | | 512 ^ ^ ^ ^ ^ 513 Packets | | | | | 514 marked for | | | | | 515 DM and LM | | | | | 516 v v v v v 517 Marking bit 0000100000 0000100000 0000100000 0000010000 0001000000 519 Figure 9: Pulse marking method. 521 6. Zero-bit Marking 523 6.1. Hash-based Sampling 525 Hash based selection [RFC5475] is a well-known method for sampling a 526 subset of packets. As defined in [RFC5475]: 528 A Hash Function h maps the Packet Content c, or some portion of 529 it, onto a Hash Range R. The packet is selected if h(c) is an 530 element of S, which is a subset of R called the Hash Selection 531 Range. 533 Hash-based selection can be leveraged as a marking method, allowing a 534 zero-bit marking approach. Specifically, the pulse and step 535 abstractions can be implemented using hashed selection: 537 o Hashed pulse-based trigger: in this approach, a packet is selected 538 if h(c) is an element of S, which is a strict subset of the hash 539 range R. When |S|<<|R|, the average sampling period is long, 540 reducing the probability of ambiguity between consecutive 541 packets. |S| and |R| denote the number of elements in S and R, 542 respectively. 544 o Hashed step-based trigger: the hash values of a given traffic flow 545 are said to be monotonically increasing if for two packets p1 and 546 p2, if p1 is sent before p2 then h(p1)<=h(p2). If it is 547 guaranteed that the hash values of a flow are monotonically 548 increasing, then a step-based approach can be used on the range R. 549 For example, in an IPv4 flow the Identification field can be used 550 as the hash value of each packet. Since the Identification field 551 is monotonically increasing, the step-based trigger can be 552 implemented using consecutive ranges of the Identification value. 553 For example, the fourth bit of the Identification field is toggled 554 every 8 packets. Thus, a possible hash function simply takes the 555 fourth bit of the Identification field as the hash value. This 556 hash value is toggled every 8 packets, simulating the alternate 557 marking behavior of Section 4. 559 Note that as opposed to the double marking and single marking 560 methods, hashed sampling is not based on fixed time intervals, as the 561 duration between sampled packets depends only on the hash value. 563 It is also important to note that all methods that use hash-based 564 marking require the hash function and the set S to be configured 565 consistently across the MPs. 567 6.2. Hashed Pulse Marking 569 In this approach a hash is computed over the packet content, and both 570 LM and DM are triggered based on the pulse-based trigger 571 (Section 6.1). A pulse is detected when the hash value h(c) is equal 572 to one of the values in S. The hash function h and the set S 573 determine the probability (or frequency) of the pulse event. 575 6.3. Hashed Double Marking 577 As in the previous approach, hashed double marking also uses a hash 578 that is computed over the packet content. In this approach DM is 579 performed using a pulse-based trigger, whereas the LM trigger is 580 step-based (Section 6.1). The main drawback of this method is that 581 the step-based trigger is possible only under the assumption that the 582 hash function is monotonically increasing, which is not necessarily 583 possible in all cases. Specifically, a measured flow is not 584 necessarily an IPv4 5-tuple. For example, a measured flow may 585 include multiple IPv4 5-tuple flows, and in this case the 586 Identification field is not monotonically increasing. 588 6.4. Mixed Hashed Marking 590 Mixed hashed marking combines the single marking approach with hash- 591 based sampling. A single marking bit is used in the packet header as 592 a color indicator, while a hash-based pulse is used to trigger DM. 593 Although this method requires a single bit, it is described in this 594 section as it is closely related to the other hash-based methods that 595 require zero marking bits. 597 The hash-based selection for DM can be applied in one of two possible 598 approaches: the basic approach, and the dynamic approach. In the 599 basic approach, packets forwarded between two MPs, MP1 and MP2, are 600 selected using a hash function, as described above. One of the 601 challenges is that the frequency of the sampled packets may vary 602 considerably, making it difficult for the management system to 603 correlate samples from the two MPs. Thus, the dynamic approach can 604 be used. 606 In the dynamic hash-based sampling, alternate marking is used to 607 create divide time into periods, so that hash-based samples are 608 divided into batches, allowing to anchor the selected samples to 609 their period. Moreover, by dynamically adapting the length of the 610 hash value, the number of samples is bounded in each marking period. 611 This can be realized by choosing first the maximum number of samples 612 (NMAX) to be used with the initial hash length. The algorithm starts 613 with only few hash bits, that permit to select a greater percentage 614 of packets (e.g. with 1 bit of hash half of the packets are sampled). 615 When the number of selected packets reaches NMAX, a hashing bit is 616 added. As a consequence, the sampling proceeds at half of the 617 original rate and the packets already selected that do not match the 618 new hash are discarded. This step can be repeated iteratively. It 619 is assumed that each sample includes the timestamp (used for DM) and 620 the hash value, allowing the management system to match the samples 621 received from the two MPs. 623 The dynamic process statistically converges at the end of a marking 624 period and the number of selected samples beyond the initial NMAX 625 samples mentioned above is between NMAX/2 and NMAX. Therefore, the 626 dynamic approach paces the sampling rate, allowing to bound the 627 number of sampled packets per sampling period. 629 7. Summary of Marking Methods 631 This section summarizes the marking methods described in this memo. 632 Each row in the table of Figure 10 represents a marking method. For 633 each method the table specifies the number of bits required in the 634 header, the number of counters per flow for LM, the methods used for 635 LM and DM (pulse or step), and also the resilience to disturbances. 637 +--------------+----+----+------+------+-------------+-------------+ 638 | Method |# of|# of|LM |DM |Resilience to|Resilience to| 639 | |bits|coun|Method|Method|Reordering |packet drops | 640 | | |ters| | +------+------+------+------+ 641 | | | | | | LM | DM | LM | DM | 642 +--------------+----+----+------+------+------+------+------+------+ 643 |Double marking| 2 | 2 |Step |Pulse | + | + | + | - | 644 +--------------+----+----+------+------+------+------+------+------+ 645 |Single marking| 1 | 2 |Step |Step | + | -- | + | -- | 646 |- 1st packet | | | | | | | | | 647 +--------------+----+----+------+------+------+------+------+------+ 648 |Single marking| 1 | 2 |Step |Mean | + | + | + | - | 649 |- mean delay | | | | | | | | | 650 +--------------+----+----+------+------+------+------+------+------+ 651 |Multiplexed | 1 | 2 |Step |Pulse | + | + | + | - | 652 |marking | | | | | | | | | 653 +--------------+----+----+------+------+------+------+------+------+ 654 |Pulse marking | 1 | 1 |Pulse |Pulse | -- | + | - | - | 655 +--------------+----+----+------+------+------+------+------+------+ 656 |Hashed pulse | 0 | 1 |Hashed|Hashed| -- | + | - | - | 657 |marking | | |pulse |pulse | | | | | 658 +--------------+----+----+------+------+------+------+------+------+ 659 |Hashed double | 0 | 2 |Hashed|Hashed| + | + | + | - | 660 |marking | | |step* |pulse | | | | | 661 +--------------+----+----+------+------+------+------+------+------+ 662 |Mixed hashed | 1 | 2 |Step |Hashed| + | + | + | - | 663 |marking | | | |pulse | | | | | 664 +--------------+----+----+------+------+------+------+------+------+ 666 + Accurate measurement. 667 - No measurement in case of disturbance (detectable). 668 -- False measurement in case of disturbance (not detectable). 669 * Hashed step works only when the hash is monotonically increasing. 671 Figure 10: Summary of Marking Methods 673 In the context of this comparison two possible disturbances are 674 considered: out-of-order delivery, and packet drops. Generally 675 speaking, pulse based methods are sensitive to packet drops, since if 676 the marked packet is dropped no measurement is recorded in the 677 current period. Notably, a missing measurement is detectable by the 678 management system, and is not as severe as a false measurement. 679 Step-based triggers are generally resilient to out-of-order delivery 680 for LM, but are not resilient to out-of-order delivery for DM. 681 Notably, a step-based trigger may yield a false delay measurement 682 when packets are delivered out-of-order, and this inaccuracy is not 683 detectable. 685 As mentioned above, the double marking method is the most 686 straightforward approach, and is resilient to most of the 687 disturbances that were analyzed. Its obvious drawback is that it 688 requires two marking bits. 690 Several single marking methods are discussed in this memo. In this 691 case there is no clear verdict which method is the optimal one. The 692 first packet method may be simple to implement, but may present 693 erroneous delay measurements in case of dropped or reordered packets. 694 Arguably, the mean delay approach and the multiplexed approach may be 695 more difficult to implement (depending on the underlying platform), 696 but are more resilient to the disturbances that were considered here. 697 Note that the computational complexity of the mean delay approach can 698 be reduced by combining it with a hashed approach, i.e., by computing 699 the mean delay over a hash-based subset of the packets. The pulse 700 marking method requires only a single counter per flow, while the 701 other methods require two counters per flow. 703 The hash-based sampling approaches reduce the overhead to zero bits, 704 which is a significant advantage. However, the sampling period in 705 these approaches is not associated with a fixed time interval. 706 Therefore, in some cases adjacent packets may be selected for the 707 sampling, potentially causing measurement errors. Furthermore, when 708 the traffic rate is low, measurements may become signifcantly 709 infrequent. 711 It should be noted that most of the marking methods that were 712 presented in this memo are intended for point-to-point measurements, 713 e.g., from MP1 to MP2 in Figure 11. In point-to-multipoint 714 measurements, the mean delay method can be used to measure the loss 715 and delay of the entire point-to-multipoint flow (which includes all 716 the traffic from MP3 to either MP4 or MP5), while other methods such 717 as double marking can be used to measure the point-to-point 718 performance, for example from MP3 to MP5. Alternate marking in 719 multipoint scenarios is discussed in detail in 720 [I-D.fioccola-ippm-multipoint-alt-mark]. 722 MP1 MP2 MP3 MP4 723 +--+ +--+ +--+ +--+ +--+ 724 | |---------->| | | |----->| |----->| | 725 +--+ +--+ +--+ +--+ +--+ 726 | 727 | MP5 728 | +--+ 729 +------>| | 730 +--+ 732 Point-to-point measurement Point-to-multipoint measurement 734 Figure 11: Point-to-point and point-to-multipoint measurements. 736 8. Alternate Marking using Reserved Values 738 As mentioned in Section 1, a marking bit is not necessarily a single 739 bit, but may be implemented by using two well-known values in one of 740 the header fields. Similarly, two-bit marking can be implemented 741 using four reserved values. 743 A notable example is MPLS Synonymous Flow Labels (SFL), as defined in 744 [I-D.bryant-mpls-rfc6374-sfl]. Two MPLS Label values can be used to 745 indicate the two colors of a given LSP: the original Label value, and 746 an SFL value. A similar approach can be applied to IPv6 using the 747 Flow Label field. 749 The following example illustrates how alternate marking can be 750 implemented using reserved values. The bit multiplexing approach of 751 Section 5.3 is applicable not only to single-bit color indicators, 752 but also to two-value indicators; instead of using a single bit that 753 is toggled between '0' and '1', two values of the indicator field, U 754 and W, can be used in the same manner, allowing both loss and delay 755 measurement to be performed using only two reserved values. Thus, 756 the multiplexing approach of Figure 6 can be illustrated more 757 generally with two values, U and W, as depicted in Figure 12. 759 A: packet with color 0 760 B: packet with color 1 762 Packets AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA BBBBBBBBBB AAAAAAAAAA 763 Time ----------------------------------------------------------> 764 | | | | | 765 | Block 1 | Block 2 | Block 3 | Block 4 | Block 5 ... 766 | | | | | 767 Color 0000000000 1111111111 0000000000 1111111111 0000000000 768 ^ ^ ^ ^ ^ 769 Packets | | | | | 770 marked for | | | | | 771 timestamping | | | | | 772 v v v v v 773 Muxed UUUUWUUUUU WWWWUWWWWW UUUUWUUUUU WWWWWUWWWW UUUWUUUUUU 774 marking 775 values 777 Figure 12: Alternate marking with two multiplexed marking values, U 778 and W. 780 9. IANA Considerations 782 This memo includes no requests from IANA. 784 10. Security Considerations 786 The security considerations of the alternate marking method are 787 discussed in [I-D.ietf-ippm-alt-mark]. The analysis of Section 7 788 emphasizes the sensitivity of some of the alternate marking methods 789 to packet drops and to packet reordering. Thus, a malicious attacker 790 may attempt to tamper with the measurements by either selectively 791 dropping packets, or by selectively reordering specific packets. The 792 multiplexed marking method Section 5.3 that is defined in this 793 document requires slightly more stringent synchronization than the 794 conventional marking method, potentially making the method more 795 vulnerable to attacks on the time synchronization protocol. A 796 detailed discussion about the threats against time protocols and how 797 to mitigate them is presented in [RFC7384]. 799 11. References 801 11.1. Normative References 803 [I-D.ietf-ippm-alt-mark] 804 Fioccola, G., Capello, A., Cociglio, M., Castaldelli, L., 805 Chen, M., Zheng, L., Mirsky, G., and T. Mizrahi, 806 "Alternate Marking method for passive and hybrid 807 performance monitoring", draft-ietf-ippm-alt-mark-13 (work 808 in progress), October 2017. 810 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 811 Requirement Levels", BCP 14, RFC 2119, 812 DOI 10.17487/RFC2119, March 1997, 813 . 815 11.2. Informative References 817 [I-D.bryant-mpls-rfc6374-sfl] 818 Bryant, S., Chen, M., Li, Z., Swallow, G., Sivabalan, S., 819 Mirsky, G., and G. Fioccola, "RFC6374 Synonymous Flow 820 Labels", draft-bryant-mpls-rfc6374-sfl-04 (work in 821 progress), April 2017. 823 [I-D.bryant-mpls-sfl-framework] 824 Bryant, S., Chen, M., Li, Z., Swallow, G., Sivabalan, S., 825 and G. Mirsky, "Synonymous Flow Label Framework", draft- 826 bryant-mpls-sfl-framework-05 (work in progress), June 827 2017. 829 [I-D.fioccola-ippm-multipoint-alt-mark] 830 Fioccola, G., Cociglio, M., Sapio, A., and R. Sisto, 831 "Multipoint Alternate Marking method for passive and 832 hybrid performance monitoring", draft-fioccola-ippm- 833 multipoint-alt-mark-00 (work in progress), June 2017. 835 [IEEE1588] 836 IEEE, "IEEE 1588 Standard for a Precision Clock 837 Synchronization Protocol for Networked Measurement and 838 Control Systems Version 2", 2008. 840 [RFC5474] Duffield, N., Ed., Chiou, D., Claise, B., Greenberg, A., 841 Grossglauser, M., and J. Rexford, "A Framework for Packet 842 Selection and Reporting", RFC 5474, DOI 10.17487/RFC5474, 843 March 2009, . 845 [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. 846 Raspall, "Sampling and Filtering Techniques for IP Packet 847 Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009, 848 . 850 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 851 "Network Time Protocol Version 4: Protocol and Algorithms 852 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 853 . 855 [RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in 856 Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384, 857 October 2014, . 859 Authors' Addresses 861 Tal Mizrahi 862 Marvell 863 6 Hamada st. 864 Yokneam 865 Israel 867 Email: talmi@marvell.com 869 Carmi Arad 870 Marvell 871 6 Hamada st. 872 Yokneam 873 Israel 875 Email: carmi@marvell.com 877 Giuseppe Fioccola 878 Telecom Italia 879 Via Reiss Romoli, 274 880 Torino 10148 881 Italy 883 Email: giuseppe.fioccola@telecomitalia.it 885 Mauro Cociglio 886 Telecom Italia 887 Via Reiss Romoli, 274 888 Torino 10148 889 Italy 891 Email: mauro.cociglio@telecomitalia.it 892 Mach(Guoyi) Chen 893 Huawei Technologies 895 Email: mach.chen@huawei.com 897 Lianshu Zheng 898 Huawei Technologies 900 Email: vero.zheng@huawei.com 902 Greg Mirsky 903 ZTE Corp. 905 Email: gregimirsky@gmail.com