Network Working Group T. Dietz
Internet-Draft NEC Europe Ltd.
Expires: Mrz 31, 2004 F. Dressler
G. Carle
University of Tuebingen
B. Claise
Cisco Systems
October 2003
Information Model for Packet Sampling Exports
<draft-ietf-psamp-info-00.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on Mrz 31, 2004.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document defines an information and data model for the Packet
Sampling (PSAMP) protocol. It is used by the PSAMP protocol for
encoding sampled packet data and information related to the sampling
process. The model is an extension to IPFIX information model.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 1]
Internet-Draft PSAMP Information Model October 2003
Table of Contents
1. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Relationship between PSAMP and IPFIX . . . . . . . . . . . . 4
4. Properties of a PSAMP Information Element . . . . . . . . . 4
5. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . 5
5.1 byteArray . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2 Comparison of types in IPFIX and PSAMP . . . . . . . . . . . 6
6. The PSAMP Attributes . . . . . . . . . . . . . . . . . . . . 6
6.1 PSAMP Usage of IPFIX Attributes . . . . . . . . . . . . . . 7
6.2 Flow Attributes . . . . . . . . . . . . . . . . . . . . . . 7
6.2.1 selectorId . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.2.2 sequenceNumber . . . . . . . . . . . . . . . . . . . . . . . 7
6.2.3 packetStart . . . . . . . . . . . . . . . . . . . . . . . . 8
6.2.4 samplingMethod . . . . . . . . . . . . . . . . . . . . . . . 8
6.2.5 intervalCount . . . . . . . . . . . . . . . . . . . . . . . 9
6.2.6 spacingCount . . . . . . . . . . . . . . . . . . . . . . . . 9
6.2.7 intervalTime . . . . . . . . . . . . . . . . . . . . . . . . 10
6.2.8 spacingTime . . . . . . . . . . . . . . . . . . . . . . . . 10
6.2.9 samplingRate . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Using XML Schema for Information Models . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . 11
Normative References . . . . . . . . . . . . . . . . . . . . 12
Informative References . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 13
A. XML Namespace Issues . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . 15
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 2]
Internet-Draft PSAMP Information Model October 2003
1. Open Issues
This draft covers some open issues which have to be solved in a
future version of this draft:
We currently define the filtering method attribute as an enumeration.
This implies that an extension is very easy. Nevertheless, it might
be appropriate to have single attributes for each method in order to
integrate special information about the filtering/sampling method
directly into the attribute.
The PSAMP protocol allows to define more than one sampling or
filtering method which are applied in a sequential order. Therfore,
the order of the attributes in a template becomes important. This is
a primary difference to the semantics of the flow template in the
IPFIX definition. Currently, we do not have a proper definition for
the ordering of flow attributes.
We introduced a usage property for each attribute. It is not clear if
the meaning of this property falls into the domain of the reference
property. Thus the usage property may vanish in the future and the
reference property will replace it and become mandatory.
The unit property is currently optional, but we would like to have
information about units wherever possible. The units property may
become mandatory in a future version of this document and we would
define the unit as "not applicable" when no unit can be given.
This document only defines the attributes for exporting PSAMP data
that are not defined by the IPFIX information model. Nevertheless, we
should include a usage statement for the attributes defined by IPFIX
when used by the PSAMP export protocol.
The export of sampled data may not need all attributes defined by the
IPFIX information model. Thus a section within this document should
give an overview of flow attributes defined in the IPFIX information
model and their usage in the PSAMP environment.
2. Introduction
Packet sampling techniques are required for various measurement
scenarios. The packet sampling (PSAMP) protocol provides mechanisms
for the packet selection using different filtering and sampling
techniques. A standard way for the export and storage of such sampled
packet data is required. The definition of the PSAMP information and
data model is based on the IP Flow Information eXport (IPFIX)
protocol.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 3]
Internet-Draft PSAMP Information Model October 2003
This document examines the IPFIX information model
[I-D.ietf-ipfix-info] and extends it for the PSAMP requirements.
Therefore, the structure of this document is strongly based on the
IPFIX document.
3. Relationship between PSAMP and IPFIX
As described in IETF working document
draft-quittek-psamp-ipfix-01.txt [I-D.quittek-psamp-ipfix], a PSAMP
data record can be seen as a very special IPFIX flow record. It
represents an IPFIX flow containing just a single packet. Therefore,
the IPFIX information model can be used as a basis for PSAMP reports.
Nevertheless, there are properties required by PSAMP reports which
cannot be modeled using the IPFIX information model. This Document
describes an extension to the IPFIX model which allows the modeling
of information and date required by PSAMP.
4. Properties of a PSAMP Information Element
The PSAMP information elements are in accordance with the definitions
of IPFIX. Nevertheless, we have two additional properties -
applicability and usage - that must be defined for the PSAMP
attributes. Furthermore, we strongly recommend to define the optional
"unit" element for every attribute if applicable. Therefore, the list
is slightly modified to comply with this suggestion.
Information elements defined in this specification, or by extension
MUST have the following properties defined:
Name - a unique and meaningful name for the field. The preferred
spelling for the name is to use mixed case if the name is
compound, with an initial lower case letter. (E.g.
"sourceAddress").
Description - the semantics of this information element. It
describes how this field is derived from the flow or other
information available to the observer.
Type - the type space for attributes is constrained to facilitate
implementation. The existing type space does however encompass
most basic types used in modern programming languages, as well as
some derived types (such as IP Address types) which are common to
this domain and useful to distinguish.
Field Id - a numeric identifier administered by IANA. This is used
for compact identification of an information item when encoding
templates in the protocol.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 4]
Internet-Draft PSAMP Information Model October 2003
Applicability - a statement in which flow records the attribute is
used. An attribute can be exported in a data flow record, a
options data flow record or both.
Usage - a description in which context this attribute could be
used. Some attributes are only meaningful within the context of a
specific data flow e.g., some sampling method parameters only make
sense when they are exported for a specific sampling method or a
small range of sampling methods.
Information elements defined in this specification, or by extension
MAY have the following properties defined:
Vendor ID - when extension is done outside of the scope of the
IANA IPFIX fieldId range, a vendorId MUST be provided. This
identifier is based on IANA assigned enterprise identifiers.
Units - if the field is a measure of some kind, the units identify
what the measure is.
Reference - identifies additional specifications which more
precisely define this item or provide additional context for its
use.
Enumerated range - some items may have a specific set of numeric
identifiers associated with a set of discrete values this element
may take. The meaning of each discrete value and a human readable
name should be assigned.
Range - some elements may only be able to take on a restricted set
of values which can be expressed as a range (e.g. 0 through 511
inclusive). If this is the case, the valid inclusive range should
be specified.
5. Type Space
The following subsections describe the basic types from which most
PSAMP information elements should be constructed. The elements are
mostly taken from the IPFIX information model. Nevertheless, there
are a few differences to the type space defined by the IPFIX
information model: the removal of the type double and the addition of
the type byteArray. We anticipate that the next version of the IPFIX
information model draft will contain a matching type, which will then
be used by this draft.
Since this draft only adds the byteArray data type to the type space
it will not duplicate the corresponding section of the IPFIX
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 5]
Internet-Draft PSAMP Information Model October 2003
Information Model [I-D.ietf-ipfix-info].
As in the IPFIX information model, by describing Information Elements
in terms of a well defined type space, versus describing these
details in each Element declaration, greater consistency of the
existing Information Model is expected. This should also simplify the
process of extending the Information Model over time, and maintain
this consistency.
5.1 byteArray
The type "byteArray" represents an array of binary data. Typically,
it is to be used to encode a portion of a data packet. The length of
the array is encoded in the first 4 byte, in particular, the first 4
byte represent a length value of type "unsignedInt".
5.2 Comparison of types in IPFIX and PSAMP
+-------------------+-------+-------+
| Type | IPFIX | PSAMP |
+-------------------+-------+-------+
| int | x | x |
| unsingedInt | x | x |
| long | x | x |
| unsignedLong | x | x |
| float | x | x |
| double | x | - |
| byteArray | - | x |
| hexBinary | x | x |
| string | x | x |
| boolean | x | x |
| byte | x | x |
| unsignedByte | x | x |
| short | x | x |
| unsignedShort | x | x |
| dateTime | x | x |
| ipdr:dateTimeMsec | x | x |
| ipdr:ipV4Addr | x | x |
| ipdr:ipV6Addr | x | x |
| ipdr:UUID | x | x |
| ipdr:dateTimeUsec | x | x |
+-------------------+-------+-------+
6. The PSAMP Attributes
This sections describes the attributes used by the PSAMP exporting
functions. In addition the attributes described by the IPFIX
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 6]
Internet-Draft PSAMP Information Model October 2003
information model [I-D.ietf-ipfix-info] are used by the PSAMP export
functions where applicable. Thus, only those attributes are defined
here that are not already defined by the IPFIX information model.
6.1 PSAMP Usage of IPFIX Attributes
Not all attributes defined by the IPFIX information model may be
needed by the PSAMP protocol. This section should give an overview of
the IPFIX attributes that are used in the PSAMP context. TBD.
6.2 Flow Attributes
6.2.1 selectorId
Description:
The unique Id of a selector which defines the sampling instance.
Type: The selectorId element is of type UUID.
Field Id: ?
Applicability: This attribute is used in the data flow record and the
options data flow record.
Usage:
The attribute is used to specify which options data flow record was
used to sample the arriving data record. It must be present in each
data flow record and each options data flow record.
6.2.2 sequenceNumber
Description:
The sequence number of a sample packet.
Type: The sequenceNumber element is of type unsignedInt.
Field Id: ?
Applicability: This attribute is used in the data flow record.
Usage:
The attribute is used to specify the sequence number of a sample
packet to record loss of packets while exporting data flow records.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 7]
Internet-Draft PSAMP Information Model October 2003
6.2.3 packetStart
Description:
The first n bytes of the sampled packet.
NOTE: We anticipate that a data type that matches the requirements
here will be introduced by the IPFIX Info Model (REFERENCE HERE)
really soon. So we decided not to specify an applicable data type
within this document.
Type: The packetStart element is of type byteArray.
Field Id: ?
Applicability: This attribute is used in the data flow record.
Usage:
6.2.4 samplingMethod
Description:
The sampling or filtering method used to sample a packet.
TBD: The available sampling methods have to get a fixed value. We
currently have the following:
+------------------------+-------+
| Method | Value |
+------------------------+-------+
| Select All | 1 |
| Systematic Count Based | 2 |
| Systematic Time Based | 3 |
| Random n-out-of-N | 4 |
| Random Probabilistic | 5 |
+------------------------+-------+
The filtering methods are still missing.
We are not sure if the data type is appropriate but in order to make
the method list extensible it is the only alternative.
Type: The samplingMethod element is of type unsignedInt.
Field Id: ?
Applicability: This attribute is used in the options data flow
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 8]
Internet-Draft PSAMP Information Model October 2003
record.
Usage:
The attribute is used to specify the sampling or filtering method
that was used to sample a packet. It is exported in the options data
flow record to specify how a collector has to interpret a data flow
record.
6.2.5 intervalCount
Description:
This attribute is used to specify the interval for count based
sampling methods.
Type: The intervalCount element is of type unsignedInt.
Field Id: ?
Applicability: This attribute is used in the options data flow
record.
Units: The unit of measure is packets.
Usage:
The attribute is used to specify the number of consecutive packets
that are sampled by the Systematic Count Based sampling method.
6.2.6 spacingCount
Description:
This attribute is used to specify the spacing for count based
sampling methods.
Type: The spacingCount element is of type unsignedInt.
Field Id: ?
Applicability: This attribute is used in the options data flow
record.
Units: The unit of measure is packets.
Usage:
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 9]
Internet-Draft PSAMP Information Model October 2003
The attribute is used to specify the interval between two consecutive
sampling intervals in packets. It is specified for the Systematic
Count Based sampling method.
6.2.7 intervalTime
Description:
This attribute is used to specify the interval for time based
sampling methods.
Type: The intervalTime element is of type dateTimeUsec.
Field Id: ?
Applicability: This attribute is used in the options data flow
record.
Units: The unit of measure is microseconds.
Usage:
The attribute is used to specify the time in microseconds while
packets are sampled consecutively by the Systematic Time Based
sampling method.
6.2.8 spacingTime
Description:
This attribute is used to specify the spacing for time based sampling
methods.
Type: The spacingTime element is of type dateTimeUsec.
Field Id: ?
Applicability: This attribute is used in the options data flow
record.
Units: The unit of measure is microseconds.
Usage:
The attribute is used to specify the interval between two consecutive
sampling intervals in microseconds. It is specified for the
Systematic Time Based sampling method.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 10]
Internet-Draft PSAMP Information Model October 2003
6.2.9 samplingRate
Description:
This attribute is used to specify the sampling rate for the
n-out-of-N and the Probabilistic sampling methods.
Type: The samplingRate element is of type unsignedInt.
Field Id: ?
Applicability: This attribute is used in the options data flow
record.
Units: The unit of measure is probability * 1000000.
Usage:
The attribute is used to specify the sampling rate for the n-out-of-N
and the Probabilistic sampling methods. The probability is given as
an unsigned integer value which must be divided by 1000000.
7. Using XML Schema for Information Models
The wide availability of XML aware tools is a primary consideration
for this choice. In particular libraries for parsing XML documents
are readily available. Also mechanisms such as the Extensible Style
Sheet Language (XSL) allow for transforming a source XML document
into other documents. This draft was initially authored in XML and
transformed according to RFC2629.
It should be noted that the use of XML processors is not mandatory
for the deployment of PSAMP. In particular exporting processes which
may run on constrained platforms do not produce or consume XML as
part of their operation. It is expected that IPFIX/PSAMP collectors
MAY take advantage of the machine readability of the Information
Model vs. hardcoding their behavior or inventing proprietary means
for accommodating extensions.
8. Security Considerations
The PSAMP information model itself does not directly introduce
security issues. Rather it defines a set of attributes which may for
privacy or business issues be considered sensitive information.
The underlying protocol used to exchange the information described
here must therefore apply appropriate procedures to guarantee the
integrity and confidentiality of the exported information. Such
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 11]
Internet-Draft PSAMP Information Model October 2003
protocols are defined in separate documents, specifically the IPFIX
Protocol document [I-D.ietf-ipfix-protocol].
Normative References
[I-D.ietf-ipfix-reqs]
Quittek, J., "Requirements for IP Flow Information
Export", draft-ietf-ipfix-reqs-10 (work in progress), June
2003.
[I-D.ietf-ipfix-info]
Calato, P., "Information Model for IP Flow Information
Export", draft-ietf-ipfix-info-01 (work in progress),
August 2003.
[I-D.ietf-ipfix-protocol]
Claise, B., "IPFIX Protocol Specifications",
draft-ietf-ipfix-protocol-00 (work in progress), June
2003.
Informative References
[I-D.ietf-ipfix-architecture]
Sadasivan, G. and K. Norseth, "Architecture Model for IP
Flow Information Export", draft-ietf-ipfix-architecture-02
(work in progress), June 2002.
[I-D.ietf-psamp-framework]
Duffield, N., "A Framework for Passive Packet
Measurement", draft-ietf-psamp-framework-03 (work in
progress), July 2003.
[I-D.ietf-psamp-sample-tech]
Zseby, T., Molina, M., Raspall, F. and N. Duffield,
"Sampling and Filtering Techniques for IP Packet
Selection", draft-ietf-psamp-sample-tech-02 (work in
progress), June 2003.
[I-D.quittek-psamp-ipfix]
Quittek, J. and B. Claise, "On the Relationship between
PSAMP and IPFIX", draft-quittek-psamp-ipfix-01 (work in
progress), March 2003.
[I-D.ietf-psamp-mib]
Dietz, T., "Definitions of Managed Objects for Packet
Sampling", draft-ietf-psamp-mib-00 (work in progress),
June 2003.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 12]
Internet-Draft PSAMP Information Model October 2003
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999.
[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between
Information Models and Data Models", RFC 3444, January
2003.
[RFC3470] Hollenbeck, S., Rose, M. and L. Masinter, "Guidelines for
the Use of Extensible Markup Language (XML) within IETF
Protocols", BCP 70, RFC 3470, January 2003.
Authors' Addresses
Thomas Dietz
NEC Europe Ltd.
Network Laboratories
Kurfuersten-Anlage 36
Heidelberg 69115
Germany
Phone: +49 6221 90511-28
EMail: dietz@ccrle.nec.de
URI: http://www.ccrle.nec.de/
Falko Dressler
University of Tuebingen
Wilhelm-Schickard-Institute for Computer Science
Auf der Morgenstelle 10C
Tuebingen 71076
Germany
Phone: +49 7071 29-70522
EMail: dressler@informatik.uni-tuebingen.de
URI: http://net.informatik.uni-tuebingen.de/
Georg Carle
University of Tuebingen
Wilhelm-Schickard-Institute for Computer Science
Auf der Morgenstelle 10C
Tuebingen 71076
Germany
Phone: +49 7071 29-70505
EMail: carle@informatik.uni-tuebingen.de
URI: http://net.informatik.uni-tuebingen.de/
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 13]
Internet-Draft PSAMP Information Model October 2003
Benoit Claise
Cisco Systems
De Kleetlaan 6a b1
Degem 1813
Belgium
Phone: +32 2 704 5622
EMail: bclaise@cisco.com
Appendix A. XML Namespace Issues
This proposal does not currently address possible IANA implications
associated with XML Namespace URIs. The use of Namespaces as an
extension mechanism implies that an IANA registered Namespace URI
should be available and that directory names below this base URI be
assigned for relevant IETF specifications. The author is not aware of
this mechanism today.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 14]
Internet-Draft PSAMP Information Model October 2003
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 15]
Internet-Draft PSAMP Information Model October 2003
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Dietz, et al. draft-ietf-psamp-info-00.txt [Page 16]
