IP Flow Information Export S. Kashima
Internet-Draft A. Kobayashi
Intended status: Standards Track NTT
Expires: April 21, 2010 October 18, 2009
Data Link Layer Monitoring with IPFIX/PSAMP
draft-kashima-ipfix-data-link-layer-monitoring-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 21, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Kashima & Kobayashi Expires April 21, 2010 [Page 1]
Internet-Draft Data Link Layer Monitoring October 2009
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document describes an efficient method for monitoring an
Ethernet network using the IP Flow Information Export (IPFIX)
protocol, adding Information Elements related to Ethernet header.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Wide-Area Ethernet Network Summary . . . . . . . . . . . . . . 3
3. Existing Traffic Measurement . . . . . . . . . . . . . . . . . 4
4. Future Traffic Measurement . . . . . . . . . . . . . . . . . . 4
5. Information Elements . . . . . . . . . . . . . . . . . . . . . 5
5.1. dataLinkFrameSize . . . . . . . . . . . . . . . . . . . . . 5
5.2. dataLinkFrameSection . . . . . . . . . . . . . . . . . . . 5
5.3. dataLinkFrameType . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
Kashima & Kobayashi Expires April 21, 2010 [Page 2]
Internet-Draft Data Link Layer Monitoring October 2009
1. Introduction
Ethernet [IEEE802.1D] and VLAN (Virtual LAN) [IEEE802.1Q]
technologies used to be used only in Local Area Networks. Recently,
they have been used in Wide Area Networks, e.g. L2-VPN services.
Accordingly, IEEE802.1Q standard has been enhanced to [IEEE802.1ad]
and [IEEE802.1ah].
Wide-area Ethernet networks will be renovated from IEEE802.1ad to
coexisting IEEE802.1ad and IEEE802.1ah in the near future.
IEEE802.1d will continuously be utilized in access networks, and
IEEE802.1ah will be introduced in provider backbone networks.
The IPFIX/PSAMP could play a role to help resolve these problems.
However, PSAMP Information Model [RFC5477] does not have Information
Elements related to Ethernet header from. In this document, we
propose Information Elements related to data link layer to allow a
more sophisticated traffic measurement method.
2. Wide-Area Ethernet Network Summary
[IEEE802.1ad] and [IEEE802.1ah], which are methods to support the
Wide-Area Ethernet, are described below.
o In IEEE802.1ad, there are two VLAN IDs: S-VID (Service VLAN
Identifier) and C-VID (Customer VLAN Identifier). S-VID is
assigned to an Ethernet frame by a service provider, while C-VID
is independently assigned to an Ethernet frame by a customer.
Frame switching in a service provider network is based on only
S-VID.
o In IEEE802.1ah, new Ethernet fields, such as B-VID (Backbone VLAN
Identifier) and I-SID (Backbone Service Instance Identifier), are
introduced in order to overcome the limitations on the VLAN
identifier space on IEEE802.1ad, isolate the service provider
identifier space and customer identifier space. Frame switching
is based on a 12bit B-VID, and customer identification is based on
a 24bit I-SID. A flexible network design has become possible
because network management is separated from customer management.
Other Ethernet fields which indicate QoS class are: B-PCP, B-DEI,
I- PCP, I-DEI.
IEEE802.1ah will be introduced into a back bone network in an actual
Ethernet network, and the wide-area Ethernet service is expected to
change from a flat network with IEEE802.1ad to hierarchical network
co-existing with IEEE802.1ad and IEEE802.1ah.
Kashima & Kobayashi Expires April 21, 2010 [Page 3]
Internet-Draft Data Link Layer Monitoring October 2009
3. Existing Traffic Measurement
In a wide-area Ethernet network, network administrators require to
measure traffic volume for each VPN customer and for each QoS class
in addition to interface-based traffic measurement. This measurement
makes it possible to provide the traffic report to network
administrators for capacity planing and traffic engineering, and to
customers.
At present, network administrators use a variety of special
measurement methods, such as an Enterprise MIB, from various vendors,
various device types (router, switch, or probe) in a single network
domain. It is difficult to mediate the differences. And it will
lead to limitation in the future network with [IEEE802.1ah].
4. Future Traffic Measurement
After installing [IEEE802.1ah] in a backbone network, more
sophisticated traffic measurement method than that used today will be
required because network administrators require to measure traffic
volume for each VPN customer and for each QoS class, without regard
for the distinction between IEEE802.1ah and [IEEE802.1ad]. In case
of IEEE802.1ah, traffic measurement for QoS class is more complicated
due to consideration for multiple parameters related to QoS. As the
use of multicast applications increases, it will be required to get
statistical data for each parameter and each frame type (unicast,
multicast and broadcast).
The requirements for the method are as follows:
o Flexible traffic measurement architecture, which can be applied to
[IEEE802.1D], [IEEE802.1Q], IEEE802.1ad and IEEE802.1ah.
o No software upgrade for a switching device, even when a network
administrator requires the traffic data based on new Ethernet
field.
The above means that it is possible to apply the architecture of
IPFIX/PSAMP. Therefore, in this document, we propose an Ethernet
traffic measurement method using IPFIX/PSAMP, as follows.
The device (Exporter) samples Ethernet frames using PSAMP, extracts
the header of the frame, and exports the header information extracted
via IPFIX to the Collector. The Collector sums up the number of
frames and the number of octets for each Ethernet type (e.g.
multicast or broadcast) and Ethernet header fields (e.g. I-SID).
Furthermore, the device (Exporter) filters and samples traffic for
Kashima & Kobayashi Expires April 21, 2010 [Page 4]
Internet-Draft Data Link Layer Monitoring October 2009
each VPN using a Composite Selector of PSAMP [RFC5475]. This makes
it possible to change the granularity of the traffic monitoring for
each VPN.
5. Information Elements
We propose adding the following Information Elements to [RFC5477] in
order to allow the above-mentioned method, which are not limited to
Ethernet because the method can be applied to other data link
protocols.
+-----+---------------------------+-----+---------------------------+
| ID | Name | ID | Name |
+-----+---------------------------+-----+---------------------------+
| XXX | dataLinkFrameSize | XXX | dataLinkFrameSection |
| XXX | dataLinkFrameType | | |
+-----+---------------------------+-----+---------------------------+
5.1. dataLinkFrameSize
Description:
This Information Element specifies the size of the sampled data
link frame, and SHOULD be checked before analyzing higher layer
protocols.
The data link layer is defined in [ISO_IEC.7498-1_1994].
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: XXX
Status: current
5.2. dataLinkFrameSection
Description:
This Information Element, which may have a variable length,
carries the first n octets from the data link frame of a sampled
packet.
The data link layer is defined in [ISO_IEC.7498-1_1994].
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
Kashima & Kobayashi Expires April 21, 2010 [Page 5]
Internet-Draft Data Link Layer Monitoring October 2009
The data for this field MUST NOT be padded. If insufficient
octets are available for the length specified in the Template,
then a new Template MUST be used.
Abstract Data Type: octetArray
Data Type Semantics: quantity
ElementId: XXX
Status: current
5.3. dataLinkFrameType
Description:
This Information Element specifies the type of the sampled data
link frame, and SHOULD be checked before analyzing higher layer
protocols. The following data link types are defined here.
- 0x01 ETHERNET - 0x02 PPP - 0x03 WiMAX
Further values may be assigned by IANA.
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: XXX
Status: current
6. Security Considerations
The recommendations in this document do not introduce any additional
security issues to those already mentioned in [RFC5101] and
[RFC5477].
7. IANA Considerations
This document requires an ElementId assignment to be made by IANA.
8. References
Kashima & Kobayashi Expires April 21, 2010 [Page 6]
Internet-Draft Data Link Layer Monitoring October 2009
8.1. Normative References
[ISO_IEC.7498-1_1994]
International Organization for Standardization,
"Information technology -- Open Systems Interconnection --
Basic Reference Model: The Basic Mode", ISO Standard 7498-
1:1994, June 1996.
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G.
Carle, "Information Model for Packet Sampling Exports",
RFC 5477, March 2009.
8.2. Informative References
[IEEE802.1D]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Media Access Control (MAC)
Bridges", IEEE Std 802.1D-2004, June 2004.
[IEEE802.1Q]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks", IEEE Std 802.1Q-2005, May 2006.
[IEEE802.1ad]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks Amendment 4: Provider Bridges", IEEE Std 802.1ad-
2005, May 2006.
[IEEE802.1ah]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks Amendment 7: Provider Backbone Bridges", IEEE
Std 802.1ah-2008, August 2008.
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F.
Raspall, "Sampling and Filtering Techniques for IP Packet
Selection", RFC 5475, March 2009.
Kashima & Kobayashi Expires April 21, 2010 [Page 7]
Internet-Draft Data Link Layer Monitoring October 2009
Authors' Addresses
Shingo Kashima
NTT PF Lab.
Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585
Japan
Phone: +81 422 59 3894
Email: kashima@nttv6.net
Atsushi Kobayashi
NTT PF Lab.
Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585
Japan
Phone: +81 422 59 3978
Email: akoba@nttv6.net
Kashima & Kobayashi Expires April 21, 2010 [Page 8]