Network Working Group M. Bagnulo
Internet-Draft UC3M
Intended status: Standards Track B. Trammell
Expires: August 25, 2013 ETH Zurich
February 21, 2013
An LMAP application for IPFIX
draft-bagnulo-lmap-ipfix-01
Abstract
This document explores the possibility of using IPFIX to report test
results from a Measurement Agent to a Collector, in the context of a
large measurement platform.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 25, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Bagnulo & Trammell Expires August 25, 2013 [Page 1]
Internet-Draft LMAP-IPFIX February 2013
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. A quick introduction to IPFIX . . . . . . . . . . . . . . 3
1.2. Applying IPFIX to LMAP . . . . . . . . . . . . . . . . . . 4
2. Using IPFIX to report test results . . . . . . . . . . . . . . 5
3. Example: UDP latency test . . . . . . . . . . . . . . . . . . 7
4. Example: UDP latency test with Options . . . . . . . . . . . . 8
5. What standardization is needed for this? . . . . . . . . . . . 10
6. Security considerations . . . . . . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
9.1. Normative References . . . . . . . . . . . . . . . . . . . 11
9.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
Bagnulo & Trammell Expires August 25, 2013 [Page 2]
Internet-Draft LMAP-IPFIX February 2013
1. Introduction
A Large-scale Measurement Platform (LMP) is composed by the following
fundamental elements: a set of Measurement Agents (MAs), one or more
Controllers and one or more Collectors. There may be additional
elements in any given such of these platforms, but these three
elements are present in all of them. The MAs are pieces of code that
run in specialized hardware (hardware probes) or in general purpose
devices such as PCs, laptops or mobile phones (software probes). The
MA run the tests against other MAs distributed across the Internet.
Typically most of the MAs are located in end user networks and a few
MAs are located deep into the ISP network, and typically tests are
executed from the MAs in the periphery towards MAs located in the
core. The Controller is the element that controls the MAs and
informs the MAs about what tests to do and when to do them. The
protocol between the Controller and the MA is called the Control
protocol. After performing the tests, the MAs send the data about
the results of the tests performed to the Collector. The protocol
used to report test result data from the MA to the Collector is
called the Report protocol. In this document we explore the
possibility of using IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] as a
Report protocol for large scale measurement platforms.
1.1. A quick introduction to IPFIX
IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] is a unidirectional,
transport-independent export protocol for binary data records, with a
focus on network measurement and operations applications. The
structure of the data records is described in-band by Templates,
which refer to Information Elements (IEs) from a common information
model managed by IANA [ipfix-iana]. The basic IEs cover most Layer 3
and Layer 4 measurement needs, and the information model can be
extended [I-D.ietf-ipfix-ie-doctors] as well as supplemented by
private IEs.
IPFIX organizes data records into Messages. A Message is a sequence
of Sets preceded by a Message Header which, among other things,
includes an Observation Domain ID (roughly, identifying where the
records in the Message were measured) and an Export Time (when the
Message was originally sent).
A Set contains Records preceded by a Set Header, which contains a Set
ID identifying the type of the records the Set contains. Template
Sets, idenfied by a special Set ID, contain Templates, which are
sequences of IE identifiers and lengths; these define the fields of
the records they describe. A Template's ID matches the Set ID of the
Sets containing records described by the Template.
Bagnulo & Trammell Expires August 25, 2013 [Page 3]
Internet-Draft LMAP-IPFIX February 2013
On-wire data structures in IPFIX are fully discussed in section 3 of
[I-D.ietf-ipfix-protocol-rfc5101bis].
Since many records may be described by a single Template, IPFIX's
data representation is more efficient than those based on inline
record structures (e.g. XML, JSON). Additionally, this arrangement
implies that a device that only needs to export one or two fixed-
length record types can implement IPFIX with minimal code supporting
fixed message and set lengths with fixed-length templates.
IPFIX also supports a feature called Options Templates. An Options
Template allows a data record to be scoped to a set of values of
particular IEs (called its Scope). For example, a set of test
parameters could be scoped to a test identifier IE, and that test
identifier exported in a record together with the results. This
mechanism allows more efficient data export, as explored in Section 4
below; more information is available in [RFC5473].
1.2. Applying IPFIX to LMAP
In IPFIX terminology [RFC5470], the MA encompasses both the Metering
Process (MP) and the Exporting Process (EP), while the Collector is
the Collecting Process (CP). IPFIX is used between the EP/MA and the
Collector/CP. We propose LMA as an application of IPFIX per
[I-D.ietf-ipfix-ie-doctors].
Some considerations about the use of IPFIX for LMP:
o Separation between Control and Report Protocols: Within a single
measurement platform, different protocols can be used for Control
and Report, though they must share a common vocabulary
representing the measurements to be performed. In particular, if
a platform implements IPFIX as a Report protocol, it must
implement a different protocol (e.g. NETCONF or other) as a
Control protocol.
o Report protocol diversity: Some platforms may use IPFIX as a
Report protocol, while other platforms may decide to use other
protocols (e.g. the Broadband forum architecture may decide to use
a different one). We believe that it is important to support this
protocol diversity. A key element to support such diversity is an
independent metric registry (see
[I-D.bagnulo-ippm-new-registry-independent] ) where values for
metric identifiers are recorded independently of the Control
and/or Report protocol is used. This affects how we use IPFIX as
a Report protocol, as presented in this document.
o Minimal IPFIX implementation: The unidirectional nature of the
protocol and simple wire format make minimal implementations of
Exporting Processes possible. These minimal implementations are
well suited to small-scale MAs (such as a mobile app or a process
Bagnulo & Trammell Expires August 25, 2013 [Page 4]
Internet-Draft LMAP-IPFIX February 2013
running in a home router). These only need to know about the
specific Templates supporting the metric(s) to be reported.
2. Using IPFIX to report test results
In order to use IPFIX to report test results from the MA to the
Collector, we need first to understand what information needs to be
conveyed. The information transmitted by the MA to the Collector
when reporting test(s) results is the following:
o Information about the MA: in particular a MA identifier
o Information about the time of the report: when the report was sent
(not necessarily when the test was performed)
o Information describing the test. This includes:
* An identifier of the metric used for the test (see the Metric
registry of [I-D.bagnulo-ippm-new-registry-independent] )
* An identifier of the scheduling strategy used to perform the
test (see the Scheduling registry of
[I-D.bagnulo-ippm-new-registry-independent]) and potential
input parameters for the schedule, such as the rate.
* An identifier of the output format, (see the Output Type
registry of [I-D.bagnulo-ippm-new-registry-independent] )
* An identifier of the environment, notably, if cross traffic was
or not present during the execution of the test. (see the
Environment registry of
[I-D.bagnulo-ippm-new-registry-independent] )
* The input parameters for the test, such as source IP address,
destination IP address, source and destination ports and so on.
o Information describing the test results. This widely varies with
each test, but can include time each packet was sent and received,
number of sent and lost packets or other information.
We next explore how we can encode this information in IPFIX.
In order to convey test information using IPFIX we will naturally use
the IPFIX message format and we will define a Template describing the
records containing the test result data. We will re-use as many
already defined Information Elements (IEs) as possible and we will
identify new IEs that are needed.
Part of the information can be conveyed using the fields in the IPFIX
header, namely:
o Information about the MA: In order to convey the MA identifier we
can use the Observation Domain field present in the IPFIX header.
This would allow to have up to 2^32 MA, which seems sufficient.
o Information about the time of the report: The IPFIX header
contains an Export Time field that can be used to convey this
information.
Bagnulo & Trammell Expires August 25, 2013 [Page 5]
Internet-Draft LMAP-IPFIX February 2013
The information describing the test is included in a Template set
that contains multiple IEs for each of the different pieces of
information we need to convey. This includes:
o An identifier of the metric used for the test. In order to convey
that we need to define a new IE, let's call it metricIdentifier.
The values for this element will be the values registered in the
Metric registry of [I-D.bagnulo-ippm-new-registry-independent].
o An identifier of the scheduling strategy used to perform the test.
Again, this will be a new IE, called testSchedule and its values
will be the values defined in the Scheduling registry of
[I-D.bagnulo-ippm-new-registry-independent]. The potential input
parameters for the schedule, such as the rate, we probably need a
new IE for each of these. Usual scheduling distributions only
require a rate, so we can define a new IE called scheduleRate
which value will contain the rate for the requested distribution.
* NOTE: The distribution in some cases could be extracted from
the results, for example, if the results contain each packet
sent, it would be easy to spot a periodic scheduling. Probably
not so obvious for the Poisson one. Maybe this would be an
optional element to be carried when it is not possible to
extract it from the test results.
o An identifier of the output format. A new IE outputType is needed
for this and it would take values out of the ones in the Output
Type registry of [I-D.bagnulo-ippm-new-registry-independent].
Some of the output formats require an additional input, like the
percentile used to trim the outliers when performing means. There
are two approaches here. One approach is that the the Output Type
registry creates different entries for the different percentiles,
which would result in more entries in the Output Type registry
(e.g. one entry for the 95th percentile mean and another one for
the 90th percentile mean). This may cause an increase number of
entries in the Output Type registry, but since there are not too
many usual values, it is likely to be manageable. The other
approach is to define an additional IE, for instance, the
percentile IE that will have the values for the different
percentiles used in the output.
o An identifier of the environment, notably, if cross traffic was or
not present during the execution of the test. Again, a new IE is
needed for this testEnvironment. It will take values of the the
Environment registry of
[I-D.bagnulo-ippm-new-registry-independent].
o The input parameters for the test. Most of these can be expressed
using existing IEs, such as sourceIPv4Address,
destinationIPv4Address, etc.
Information describing the test results. This widely varies with
each test, but can include time each packet was sent and received,
number of sent and lost packets or other information. Again most of
Bagnulo & Trammell Expires August 25, 2013 [Page 6]
Internet-Draft LMAP-IPFIX February 2013
these can be expressed using existent IEs, and some new ones can be
defined if needed for a particular test.
3. Example: UDP latency test
Let's consider the example of UDP latency. Suppose a MA wants to
report the results of a UDP latency test, performed from its own IP
address (e.g. 192.0.2.1) to a destination IP address (e.g.
203.0.113.1), using source port 23677 and destination port 34567.
The test is performed using a periodic scheduling with a rate of 1
packet per second during 3 seconds and starts at 10:00 CEST. The
test was performed without cross-traffic and the output type is raw.
The Template for this would be:
metricIdentifier
testSchedule
scheduleRate
outputType
testEnvironment
sourceIPv4Address
destinationIPv4Address
sourceTransportPort
destinationTransportPort
flowStartMilliseconds
flowEndMilliseconds
The data set following this template for the example would be:
metricIdentifier = UDP_Latency as per
[I-D.bagnulo-ippm-new-registry-independent]
testSchedule = Periodic as per
[I-D.bagnulo-ippm-new-registry-independent]
scheduleRate = 1
outputType = Raw as per
[I-D.bagnulo-ippm-new-registry-independent]
testEnvironment = No-cross-traffic as per
[I-D.bagnulo-ippm-new-registry-independent]
sourceIPv4Address = 192.0.2.1
destinationIPv4Address = 203.0.113.1
sourceTransportPort = 23677
destinationTransportPort = 34567
flowStartMilliseconds = 08:00:00.000 UTC
flowEndMilliseconds = 08:00:00.001 UTC
---------------------------
metricIdentifier = UDP_Latency as per
[I-D.bagnulo-ippm-new-registry-independent]
Bagnulo & Trammell Expires August 25, 2013 [Page 7]
Internet-Draft LMAP-IPFIX February 2013
testSchedule = Periodic as per
[I-D.bagnulo-ippm-new-registry-independent]
scheduleRate = 1
outputType = Raw as per
[I-D.bagnulo-ippm-new-registry-independent]
testEnvironment = No-cross-traffic as per
[I-D.bagnulo-ippm-new-registry-independent]
sourceIPv4Address = 192.0.2.1
destinationIPv4Address = 203.0.113.1
sourceTransportPort = 23677
destinationTransportPort = 34567
flowStartMilliseconds = 08:00:01.000 UTC
flowEndMilliseconds = 08:00:01.002 UTC
---------------------------
metricIdentifier = UDP_Latency as per
[I-D.bagnulo-ippm-new-registry-independent]
testSchedule = Periodic as per
[I-D.bagnulo-ippm-new-registry-independent]
scheduleRate = 1
outputType = Raw as per
[I-D.bagnulo-ippm-new-registry-independent]
testEnvironment = No-cross-traffic as per
[I-D.bagnulo-ippm-new-registry-independent]
sourceIPv4Address = 192.0.2.1
destinationIPv4Address = 203.0.113.1
sourceTransportPort = 23677
destinationTransportPort = 34567
flowStartMilliseconds = 08:00:02.000 UTC
flowEndMilliseconds = 08:00:02.001 UTC
---------------------------
4. Example: UDP latency test with Options
In the previous example, the test description is exported together
with the results in the record. If a particular set of test
parameters will be repeated often by a given MA, the common
properties can be grouped into an Options record, described by an
Options Template and identified by a new Information Element, with
Data Records referring back to this identifier.
In this case, two templates are used: an Options Template to
The Options Template would be:
testParametersId {scope}
metricIdentifier
Bagnulo & Trammell Expires August 25, 2013 [Page 8]
Internet-Draft LMAP-IPFIX February 2013
testSchedule
scheduleRate
outputType
testEnvironment
sourceIPv4Address
destinationIPv4Address
sourceTransportPort
destinationTransportPort
The Template for each Data Record carrying results would be:
testParametersId {scope}
flowStartMilliseconds
flowEndMilliseconds
The data set carrying the common properties would be:
testParametersId = 1
metricIdentifier = UDP_Latency as per
[I-D.bagnulo-ippm-new-registry-independent]
testSchedule = Periodic as per
[I-D.bagnulo-ippm-new-registry-independent]
scheduleRate = 1
outputType = Raw as per
[I-D.bagnulo-ippm-new-registry-independent]
testEnvironment = No-cross-traffic as per
[I-D.bagnulo-ippm-new-registry-independent]
sourceIPv4Address = 192.0.2.1
destinationIPv4Address = 203.0.113.1
sourceTransportPort = 23677
destinationTransportPort = 34567
---------------------------
And the data set carrying results would be:
testParametersId = 1
flowStartMilliseconds = 08:00:00.000 UTC
flowEndMilliseconds = 08:00:00.001 UTC
---------------------------
testParametersId = 1
flowStartMilliseconds = 08:00:01.000 UTC
flowEndMilliseconds = 08:00:01.002 UTC
---------------------------
testParametersId = 1
flowStartMilliseconds = 08:00:02.000 UTC
flowEndMilliseconds = 08:00:02.001 UTC
---------------------------
This approach sacrifices some complexity at the MA (which must assign
testParametersIds and use multiple Templates) and the collector
(which must track testParametersId of each set of parameters to
Bagnulo & Trammell Expires August 25, 2013 [Page 9]
Internet-Draft LMAP-IPFIX February 2013
reassemble "complete" results) to gain export efficiency. A
quantitative measurement of efficiency gains and tradeoffs for a set
of specified result records will follow in a future version of this
draft.
5. What standardization is needed for this?
So, in order to enable the use of IPFIX for LMP, the following pieces
of standardization would be required.
o The definition of the metric registry. This is not specific for
IPFIX as any other Report protocol is likely to require this, but
having an independent registry enables multiple report protocols.
o The definition of new IEs. Some of them are identified above,
some other are likely to be needed as well.
o The definition of the Templates sets for each of the tests to be
performed. This is necessary to have a defined Template that
different vendors can implement and can use the IPFIX format in
the wire, but they don't need to fully implement IPFIX parsing to
read arbitrary Template sets, just the ones associated with the
relevant metrics.
6. Security considerations
The security requirements for the protocol between the MA and the
collector have been identified in [I-D.eardley-lmap-framework] and in
[I-D.schulzrinne-lmap-requirements]. The identified requirements
are:
o Mutual authentication and authorization between the MA and the
collector. This means that the collector must be able to verify
the identity of the MA and to also verify that the MA is
authorized to feed data into the collector and that the MA must be
able to verify the identity of the collector and recognize it as a
valid collector for the data it is reporting.
o The information flowing between the MA and the collector must be
confidential.
o The integrity of the information flowing from the MA and the
collector must be protected.
Not surprisingly these are exactly the same requirements imposed to
the design of the IPFIX protocol, in particular for the flow of data
between the EP and the CP. As described in the security
considerations of IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis], IPFIX
address these requirements by imposing the use of TLS or DTLS with
mutual authentication though certificates. The authorization relies
on having a list of authorized MAs in the collector and a list of
collectors in the MAs, identified by information in the Distinguished
Bagnulo & Trammell Expires August 25, 2013 [Page 10]
Internet-Draft LMAP-IPFIX February 2013
Name and/or Common Name of their certificate. Current IPFIX
specifications and implementations already support TLS and DTLS and
this covers the aforementioned requirements. We are aware that some
of the current platforms use ssh as a transport protocol between the
MAs and the collector. Using ssh allow avoiding the use of
certificates, but may result in a more complex key management (which
may not be an issue in certain deployments). We believe it would be
possible to define an ssh transport for IPFIX if deemed necessary.
IPFIX recommends the use DNS-IDs in the certificates, which applies
to EPs and CPs with relatively static addressing. This is probably
not a good fit for MAs, since they are likely to have a dynamic
address. In this draft we have proposed to use the Observation
domain as identifier for the MAs. While the Observation domain must
not be globally unique within IPFIX, it would be possible to make it
so in a particular measurement platform. The Observation Domain
Identifier could then appear in the Common Name of the certificate in
some form. Additionally, access control in very large deployments
could rely not on identifying specific MAs, but on ensuring that a
peer MA or collector had a certificate signed by one of a set of
specified authorized issuers.
7. IANA Considerations
TBD
8. Acknowledgements
We would like to thank Sam Crawford and Al Morton for input on early
discussions for this draft.
9. References
9.1. Normative References
[I-D.ietf-ipfix-protocol-rfc5101bis]
Claise, B. and B. Trammell, "Specification of the IP Flow
Information eXport (IPFIX) Protocol for the Exchange of
Flow Information", draft-ietf-ipfix-protocol-rfc5101bis-06
(work in progress), February 2013.
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture for IP Flow Information Export", RFC 5470,
March 2009.
Bagnulo & Trammell Expires August 25, 2013 [Page 11]
Internet-Draft LMAP-IPFIX February 2013
[I-D.bagnulo-ippm-new-registry-independent]
Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and
A. Morton, "A registry for commonly used metrics.
Independent registries",
draft-bagnulo-ippm-new-registry-independent-00 (work in
progress), January 2013.
[ipfix-iana]
Internet Assigned Numbers Authority, "IP Flow Information
Export (IPFIX) Entities", IANA IPFIX Registry ,
February 2013.
9.2. Informative References
[RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy
in IP Flow Information Export (IPFIX) and Packet Sampling
(PSAMP) Reports", RFC 5473, March 2009.
[I-D.ietf-ipfix-ie-doctors]
Trammell, B. and B. Claise, "Guidelines for Authors and
Reviewers of IPFIX Information Elements",
draft-ietf-ipfix-ie-doctors-07 (work in progress),
October 2012.
[I-D.eardley-lmap-framework]
Eardley, P., Burbridge, T., and A. Morton, "A framework
for large-scale measurements",
draft-eardley-lmap-framework-00 (work in progress),
February 2013.
[I-D.schulzrinne-lmap-requirements]
Schulzrinne, H., Johnston, W., and J. Miller, "Large-Scale
Measurement of Broadband Performance: Use Cases,
Architecture and Protocol Requirements",
draft-schulzrinne-lmap-requirements-00 (work in progress),
September 2012.
Bagnulo & Trammell Expires August 25, 2013 [Page 12]
Internet-Draft LMAP-IPFIX February 2013
Authors' Addresses
Marcelo Bagnulo
Universidad Carlos III de Madrid
Av. Universidad 30
Leganes, Madrid 28911
SPAIN
Phone: 34 91 6249500
Email: marcelo@it.uc3m.es
URI: http://www.it.uc3m.es
Brian Trammell
Swiss Federal Institute of Technology Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Email: trammell@tik.ee.ethz.ch
Bagnulo & Trammell Expires August 25, 2013 [Page 13]