idnits 2.17.1 

draft-zhou-ipfix-variance-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

  -- The document date (March 13, 2017) is 2600 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Missing Reference: 'RFC2119' is mentioned on line 96, but not defined

  == Missing Reference: 'RFC 7013' is mentioned on line 102, but not defined

  == Missing Reference: 'RFC7011' is mentioned on line 134, but not defined

  == Unused Reference: 'RFC7013' is defined on line 146, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC5226' is defined on line 150, but no explicit
     reference was found in the text

  ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126)


     Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET-DRAFT                                                   C. Zhou
3	Intended Status: Informational                                  H. Zheng
4	Expires: September 14, 2017                                       Huawei
5	                                                          March 13, 2017

7	   IP Flow Information Export (IPFIX) Information Elements Extension
8	                     for Flow Variance Information
9	                      draft-zhou-ipfix-variance-00

11	Abstract

13	   This document proposes several new Information Elements for the IP
14	   Flow Information Export (IPFIX) protocol, which are used to export
15	   variance information about the flow, regarding the sizes of the
16	   packets sampled. This kind of information is helpful to form a
17	   statistical view of the flow.

19	Status of this Memo

21	   This Internet-Draft is submitted to IETF in full conformance with the
22	   provisions of BCP 78 and BCP 79.

24	   Internet-Drafts are working documents of the Internet Engineering
25	   Task Force (IETF), its areas, and its working groups.  Note that
26	   other groups may also distribute working documents as
27	   Internet-Drafts.

29	   Internet-Drafts are draft documents valid for a maximum of six months
30	   and may be updated, replaced, or obsoleted by other documents at any
31	   time.  It is inappropriate to use Internet-Drafts as reference
32	   material or to cite them other than as "work in progress."

34	   The list of current Internet-Drafts can be accessed at
35	   http://www.ietf.org/1id-abstracts.html

37	   The list of Internet-Draft Shadow Directories can be accessed at
38	   http://www.ietf.org/shadow.html

40	Copyright and License Notice

42	   Copyright (c) 2017 IETF Trust and the persons identified as the
43	   document authors. All rights reserved.

45	   This document is subject to BCP 78 and the IETF Trust's Legal
46	   Provisions Relating to IETF Documents
47	   (http://trustee.ietf.org/license-info) in effect on the date of
48	   publication of this document. Please review these documents
49	   carefully, as they describe your rights and restrictions with respect
50	   to this document. Code Components extracted from this document must
51	   include Simplified BSD License text as described in Section 4.e of
52	   the Trust Legal Provisions and are provided without warranty as
53	   described in the Simplified BSD License.

55	Table of Contents

57	   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  3
58	     1.1  Terminology . . . . . . . . . . . . . . . . . . . . . . . .  3
59	   2  Information Elements  . . . . . . . . . . . . . . . . . . . . .  3
60	   3  Security Considerations . . . . . . . . . . . . . . . . . . . .  4
61	   4  IANA Considerations . . . . . . . . . . . . . . . . . . . . . .  4
62	   5  References  . . . . . . . . . . . . . . . . . . . . . . . . . .  4
63	     5.1  Normative References  . . . . . . . . . . . . . . . . . . .  4
64	     5.2  Informative References  . . . . . . . . . . . . . . . . . .  4
65	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .  5

67	1  Introduction

69	   The current set of IP Flow Information Export (IPFIX) Information
70	   Elements [IANA-IPFIX] is extensive.  However, it contains no means to
71	   export information about the average size of packets in a flow, as
72	   well as the variance of the pack sizes.  Having those information not
73	   only helps gain more insight of the flow from a statistical view, but
74	   also facilitates the detection of any anomaly traffic.

76	   Below are the new Information Elements being introduced:

78	      o  ipTotalLengthSampleMean
79	      o  ipTotalLengthSampleVariance

81	   The definitions of the Information Elements are given in Section 2.
82	   Another reason to add these Information Elements is that it may not
83	   be practical to export every sampled packet's size and then calculate
84	   the mean and variance offline.  For the sake of saving the data size
85	   to export, it is better to calculate mean and variance at the
86	   Observation Point and export only the calculated values.  Algorithms
87	   such as [RunningVariance] exist to calculate mean and variance
88	   online, in a single pass, without having to save sizes of the sampled
89	   packets.

91	1.1  Terminology

93	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
94	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
95	   document are to be interpreted as described in RFC 2119 [RFC2119].

97	   This document also makes use of the same terminology and definitions
98	   as Section 2 of [RFC5470].

100	2  Information Elements

102	   Following the guidelines provided by [RFC 7013], the definitions of
103	   the new Information Elements are given below:

105	   Name: ipTotalLengthSampleMean
106	   Description:
107	      The calculated mean of the ipTotalLength values of the sampled
108	      packets in a flow.
109	   Abstract Data Type: unsigned64
110	   ElementId: TBD
111	   Status: current
112	   Units: octets
113	   Reference:

115	      See RFC 5102 for the definition of ipTotalLength.

117	   Name: ipTotalLengthSampleVariance
118	      The calculated variance of the ipTotalLength values of the sampled
119	      packets in a flow.

121	      The result of the calculation should be converted to unsigned64.
122	      If the result is too large to be contained in an unsigned64, then
123	      0xFFFFFFFFFFFFFFFF should be set as the value instead.
124	   Description:
125	   Abstract Data Type: unsigned64
126	   ElementId: TBD
127	   Status: current
128	   Reference:
129	      See RFC 5102 for the definition of ipTotalLength.

131	3  Security Considerations

133	   For this extension to the IPFIX protocol, the same security
134	   considerations as for the IPFIX protocol apply [RFC7011].

136	4  IANA Considerations

138	   The Information Elements defined Section 2 are expected to be added
139	   to the IANA's IPFIX registry [IANA-IPFIX]. The 'TBD' values of the
140	   ElementIds should be replaced by IANA for assigned numbers.

142	5  References

144	5.1  Normative References

146	   [RFC7013]  Trammell, B. and B. Claise, "Guidelines for Authors and
147	              Reviewers of IP Flow Information Export (IPFIX)
148	              Information Elements", BCP 184, RFC 7013, September 2013.

150	   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
151	              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
152	              May 2008.

154	   [RFC5470]  Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
155	              "Architecture for IP Flow Information Export", RFC 5470,
156	              March 2009.

158	5.2  Informative References

160	   [IANA-IPFIX]
161	              IANA, "IP Flow Information Export (IPFIX) Entities",
162	              <http://www.iana.org/assignments/ipfix>.

164	   [RunningVariance]
165	              John D. Cook, Accurately computing running variance
166	              <https://www.johndcook.com/blog/standard_deviation/>.

168	Authors' Addresses

170	   Chong Zhou
171	   Huawei
172	   156 Beiqing Road, M06 Shichuang Technology Demonstration Park
173	   Haidian, Beijing  100094
174	   China

176	   Email: mr.zhouchong@huawei.com

178	   Hui Zheng (Marvin)
179	   Huawei
180	   101 Ruanjian Avenue, Nanjing, China

182	   EMail: marvin.zhenghui@huawei.com