Network Working Group T. Dietz Request for Comments: 5477 NEC Europe Ltd. Category: Standards Track B. Claise P. Aitken Cisco Systems, Inc. F. Dressler University of Erlangen-Nuremberg G. Carle Technical University of Munich March 2009 Information Model for Packet Sampling Exports Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Dietz, et al. Standards Track [Page 1] RFC 5477 PSAMP Information Model March 2009 Abstract This memo defines an information model for the Packet SAMPling (PSAMP) protocol. It is used by the PSAMP protocol for encoding sampled packet data and information related to the Sampling process. As the PSAMP protocol is based on the IP Flow Information eXport (IPFIX) protocol, this information model is an extension to the IPFIX information model. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. PSAMP Documents Overview . . . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Conventions Used in This Document . . . . . . . . . . . . 5 4. Relationship between PSAMP and IPFIX . . . . . . . . . . . . . 5 5. Properties of a PSAMP Information Element . . . . . . . . . . 5 6. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Overloading Information Elements . . . . . . . . . . . . . . . 6 8. The PSAMP Information Elements . . . . . . . . . . . . . . . . 6 8.1. Identifiers (301-303) . . . . . . . . . . . . . . . . . . 7 8.1.1. selectionSequenceId . . . . . . . . . . . . . . . . . 7 8.1.2. selectorId . . . . . . . . . . . . . . . . . . . . . . 8 8.1.3. informationElementId . . . . . . . . . . . . . . . . . 8 8.2. Sampling Configuration (304-311) . . . . . . . . . . . . . 9 8.2.1. selectorAlgorithm . . . . . . . . . . . . . . . . . . 9 8.2.2. samplingPacketInterval . . . . . . . . . . . . . . . . 11 8.2.3. samplingPacketSpace . . . . . . . . . . . . . . . . . 11 8.2.4. samplingTimeInterval . . . . . . . . . . . . . . . . . 12 8.2.5. samplingTimeSpace . . . . . . . . . . . . . . . . . . 12 8.2.6. samplingSize . . . . . . . . . . . . . . . . . . . . . 13 8.2.7. samplingPopulation . . . . . . . . . . . . . . . . . . 13 8.2.8. samplingProbability . . . . . . . . . . . . . . . . . 13 8.3. Hash Configuration (326-334) . . . . . . . . . . . . . . . 14 8.3.1. digestHashValue . . . . . . . . . . . . . . . . . . . 14 8.3.2. hashIPPayloadOffset . . . . . . . . . . . . . . . . . 15 8.3.3. hashIPPayloadSize . . . . . . . . . . . . . . . . . . 15 8.3.4. hashOutputRangeMin . . . . . . . . . . . . . . . . . . 15 8.3.5. hashOutputRangeMax . . . . . . . . . . . . . . . . . . 16 8.3.6. hashSelectedRangeMin . . . . . . . . . . . . . . . . . 16 8.3.7. hashSelectedRangeMax . . . . . . . . . . . . . . . . . 16 8.3.8. hashDigestOutput . . . . . . . . . . . . . . . . . . . 17 8.3.9. hashInitialiserValue . . . . . . . . . . . . . . . . . 17 8.4. Timestamps (322-325) . . . . . . . . . . . . . . . . . . . 18 8.4.1. observationTimeSeconds . . . . . . . . . . . . . . . . 18 8.4.2. observationTimeMilliseconds . . . . . . . . . . . . . 18 8.4.3. observationTimeMicroseconds . . . . . . . . . . . . . 19 8.4.4. observationTimeNanoseconds . . . . . . . . . . . . . . 19 Dietz, et al. Standards Track [Page 2] RFC 5477 PSAMP Information Model March 2009 8.5. Packet Data (313-314, 316-317) . . . . . . . . . . . . . . 19 8.5.1. ipHeaderPacketSection . . . . . . . . . . . . . . . . 20 8.5.2. ipPayloadPacketSection . . . . . . . . . . . . . . . . 20 8.5.3. mplsLabelStackSection . . . . . . . . . . . . . . . . 21 8.5.4. mplsPayloadPacketSection . . . . . . . . . . . . . . . 21 8.6. Statistics (318-321, 336-338) . . . . . . . . . . . . . . 22 8.6.1. selectorIdTotalPktsObserved . . . . . . . . . . . . . 22 8.6.2. selectorIdTotalPktsSelected . . . . . . . . . . . . . 23 8.6.3. absoluteError . . . . . . . . . . . . . . . . . . . . 23 8.6.4. relativeError . . . . . . . . . . . . . . . . . . . . 24 8.6.5. upperCILimit . . . . . . . . . . . . . . . . . . . . . 24 8.6.6. lowerCILimit . . . . . . . . . . . . . . . . . . . . . 25 8.6.7. confidenceLevel . . . . . . . . . . . . . . . . . . . 26 9. Security Considerations . . . . . . . . . . . . . . . . . . . 26 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 10.1. Related Considerations . . . . . . . . . . . . . . . . . . 27 10.2. PSAMP-Related Considerations . . . . . . . . . . . . . . . 27 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 11.1. Normative References . . . . . . . . . . . . . . . . . . . 27 11.2. Informative References . . . . . . . . . . . . . . . . . . 28 Appendix A. Formal Specification of PSAMP Information Elements . 29 1. Introduction Packet Sampling techniques are required for various measurement scenarios. The Packet Sampling (PSAMP) protocol provides mechanisms for packet selection using different Filtering and Sampling techniques. A standardized way for the export and storage of the Information Elements defined in Section 8 is required. The definition of the PSAMP information and data model is based on the IPFIX information model [RFC5102]. The PSAMP protocol document [RFC5476] specifies how to use the IPFIX protocol in the PSAMP context. This document examines the IPFIX information model [RFC5102] and extends it to meet the PSAMP requirements. Therefore, the structure of this document is strongly based on the IPFIX document. It complements the PSAMP protocol specification by providing an appropriate PSAMP information model. The main part of this document, Section 8, defines the list of Information Elements to be transmitted by the PSAMP protocol. Sections 5 and 6 describe the data types and Information Element properties used within this document and their relationship to the IPFIX information model. Although the PSAMP charter specified no requirements for measuring packet errors (such as drops, malformed, etc.), and this document does not cover such data, if there is need for collecting and exporting packet error information, the appropriate Information Dietz, et al. Standards Track [Page 3] RFC 5477 PSAMP Information Model March 2009 Elements can be requested from IANA, and exported with the PSAMP protocol. The main body of Section 8 was generated from an XML document. The XML-based specification of the PSAMP Information Elements can be used for automatically checking syntactical correctness of the specification. Furthermore it can be used -- in combination with the IPFIX information model -- for automated code generation. The resulting code can be used in PSAMP protocol implementations to deal with processing PSAMP information elements. For that reason, the XML document that served as the source for Section 8 is attached to this document in Appendix A. Note that although partially generated from the attached XML documents, the main body of this document is normative while the appendix is informational. 2. PSAMP Documents Overview This document is one out of a series of documents from the PSAMP group. [RFC5474]: "A Framework for Packet Selection and Reporting" describes the PSAMP framework for network elements to select subsets of packets by statistical and other methods, and to export a stream of reports on the selected packets to a Collector. [RFC5475]: "Sampling and Filtering Techniques for IP Packet Selection" describes the set of packet selection techniques supported by PSAMP. [RFC5476]: "Packet Sampling (PSAMP) Protocol Specifications" specifies the export of packet information from a PSAMP Exporting Process to a PSAMP Collecting Process. RFC 5477 (this document): "Information Model for Packet Sampling Exports" defines an information and data model for PSAMP. 3. Terminology IPFIX-specific terminology used in this document is defined in Section 2 of [RFC5101]. PSAMP-specific terminology used in this document is defined in Section 3.2 of [RFC5476]. In this document, as in [RFC5101] and [RFC5476], the first letter of each IPFIX- and PSAMP-specific term is capitalized. Dietz, et al. Standards Track [Page 4] RFC 5477 PSAMP Information Model March 2009 3.1. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 4. Relationship between PSAMP and IPFIX As described in the PSAMP protocol [RFC5476], a PSAMP Report can be seen as a very special IPFIX Data Record. It represents an IPFIX Flow containing only a single packet. Therefore, the IPFIX information model can be used as a basis for PSAMP Reports. Nevertheless, there are properties required in PSAMP Reports that cannot be modeled using the current IPFIX information model. This document describes extensions to the IPFIX information model that allow the modeling of information and data required by PSAMP. Some of these extensions allow the export of what may be considered sensitive information. Refer to the Security Considerations section for a fuller discussion. Note that the export of sampled or filtered PSAMP Reports may not need all the Information Elements defined by the IPFIX information model [RFC5102], as discussed in Sections 6.2 and 6.3 of the PSAMP Framework [RFC5474]. 5. Properties of a PSAMP Information Element The PSAMP Information Elements are defined in accordance with Sections 2.1 to 2.3 of the IPFIX information model [RFC5102] to which reference should be made for more information. Nevertheless, we strongly recommend defining the optional "units" property for every Information Element (if applicable). The Data Types defined in Section 3.1 of the IPFIX information model [RFC5102] are also used for the PSAMP Information Elements. 6. Type Space The PSAMP Information Elements MUST be constructed from the basic abstract data types and data type semantics described in Section 3 of the IPFIX information model [RFC5102]. To ensure consistency between IPFIX and PSAMP, the data types are not repeated in this document. The encoding of these data types is described in the IPFIX protocol [RFC5101]. Dietz, et al. Standards Track [Page 5] RFC 5477 PSAMP Information Model March 2009 7. Overloading Information Elements Information Elements SHOULD NOT be overloaded with multiple meanings or re-used for multiple purposes. Different Information Elements SHOULD be allocated for each requirement. Although the presence of certain other Information Elements allows the selection method to be inferred, a separate Information Element is provided for the selectorAlgorithm to include as scope for the Selector Report Interpretation [RFC5476]. Even if the Information Elements are specified with a specific selection method (i.e., a specific value of selectorAlgorithm) in mind, these Information Elements are not restricted to the selection method and MAY be used for different selection methods in the future. 8. The PSAMP Information Elements This section describes the Information Elements used by the PSAMP protocol. For each Information Element specified in Sections 8.1 - 8.6 below, a unique identifier is allocated in accordance with Section 4 of the IPFIX information model [RFC5102]. The assignments are controlled by IANA as an extension of the IPFIX information model. The Information Elements specified by the IPFIX information model [RFC5102] are used by the PSAMP protocol where applicable. To avoid inconsistencies between the IPFIX and the PSAMP information and data models, only those Information Elements that are not already described by the IPFIX information model are defined here. Dietz, et al. Standards Track [Page 6] RFC 5477 PSAMP Information Model March 2009 Below is the list of additional PSAMP Information Elements: +-----+----------------------------+-----+----------------------------+ | ID | Name | ID | Name | +-----+----------------------------+-----+----------------------------+ | 301 | selectionSequenceId | 321 | relativeError | | 302 | selectorId | 322 | observationTimeSeconds | | 303 | informationElementId | 323 | observationTimeMilliseconds| | 304 | selectorAlgorithm | 324 | observationTimeMicroseconds| | 305 | samplingPacketInterval | 325 | observationTimeNanoseconds | | 306 | samplingPacketSpace | 326 | digestHashValue | | 307 | samplingTimeInterval | 327 | hashIPPayloadOffset | | 308 | samplingTimeSpace | 328 | hashIPPayloadSize | | 309 | samplingSize | 329 | hashOutputRangeMin | | 310 | samplingPopulation | 330 | hashOutputRangeMax | | 311 | samplingProbability | 331 | hashSelectedRangeMin | | 313 | ipHeaderPacketSection | 332 | hashSelectedRangeMax | | 314 | ipPayloadPacketSection | 333 | hashDigestOutput | | 316 | mplsLabelStackSection | 334 | hashInitialiserValue | | 317 | mplsPayloadPacketSection | 336 | upperCILimit | | 318 | selectorIdTotalPktsObserved| 337 | lowerCILimit | | 319 | selectorIdTotalPktsSelected| 338 | confidenceLevel | | 320 | absoluteError | | | +-----+----------------------------+-----+----------------------------+ 8.1. Identifiers (301-303) Information Elements in this section serve as identifiers. All of them have an integral abstract data type and data type semantics "identifier". +-----+----------------------------+-----+----------------------------+ | ID | Name | ID | Name | +-----+----------------------------+-----+----------------------------+ | 301 | selectionSequenceId | 303 | informationElementId | | 302 | selectorId | | | +-----+----------------------------+-----+----------------------------+ 8.1.1. selectionSequenceId Description: From all the packets observed at an Observation Point, a subset of the packets is selected by a sequence of one or more Selectors. The selectionSequenceId is a unique value per Observation Domain, specifying the Observation Point and the sequence of Selectors through which the packets are selected. Dietz, et al. Standards Track [Page 7] RFC 5477 PSAMP Information Model March 2009 Abstract Data Type: unsigned64 Data Type Semantics: identifier ElementId: 301 Status: current 8.1.2. selectorId Description: The Selector ID is the unique ID identifying a Primitive Selector. Each Primitive Selector must have a unique ID in the Observation Domain. Abstract Data Type: unsigned16 Data Type Semantics: identifier ElementId: 302 Status: current 8.1.3. informationElementId Description: This Information Element contains the ID of another Information Element. Abstract Data Type: unsigned16 Data Type Semantics: identifier ElementId: 303 Status: current Dietz, et al. Standards Track [Page 8] RFC 5477 PSAMP Information Model March 2009 8.2. Sampling Configuration (304-311) Information Elements in this section can be used for describing the Sampling configuration of a Selection Process. +-----+----------------------------+-----+----------------------------+ | ID | Name | ID | Name | +-----+----------------------------+-----+----------------------------+ | 304 | selectorAlgorithm | 308 | samplingTimeSpace | | 305 | samplingPacketInterval | 309 | samplingSize | | 306 | samplingPacketSpace | 310 | samplingPopulation | | 307 | samplingTimeInterval | 311 | samplingProbability | +-----+----------------------------+-----+----------------------------+ 8.2.1. selectorAlgorithm Description: This Information Element identifies the packet selection methods (e.g., Filtering, Sampling) that are applied by the Selection Process. Most of these methods have parameters. Further Information Elements are needed to fully specify packet selection with these methods and all their parameters. The methods listed below are defined in [RFC5475]. For their parameters, Information Elements are defined in the information model document. The names of these Information Elements are listed for each method identifier. Further method identifiers may be added to the list below. It might be necessary to define new Information Elements to specify their parameters. The selectorAlgorithm registry is maintained by IANA. New assignments for the registry will be administered by IANA and are subject to Expert Review [RFC5226]. The registry can be updated when specifications of the new method(s) and any new Information Elements are provided. The group of experts must double check the selectorAlgorithm definitions and Information Elements with already defined selectorAlgorithms and Information Elements for completeness, accuracy, and redundancy. Those experts will initially be drawn from the Working Group Chairs and document editors of the IPFIX and PSAMP Working Groups. Dietz, et al. Standards Track [Page 9] RFC 5477 PSAMP Information Model March 2009 The following packet selection methods identifiers are defined here: +----+------------------------+------------------------+ | ID | Method | Parameters | +----+------------------------+------------------------+ | 1 | Systematic count-based | samplingPacketInterval | | | Sampling | samplingPacketSpace | +----+------------------------+------------------------+ | 2 | Systematic time-based | samplingTimeInterval | | | Sampling | samplingTimeSpace | +----+------------------------+------------------------+ | 3 | Random n-out-of-N | samplingSize | | | Sampling | samplingPopulation | +----+------------------------+------------------------+ | 4 | Uniform probabilistic | samplingProbability | | | Sampling | | +----+------------------------+------------------------+ | 5 | Property Match | no agreed parameters | | | Filtering | | +----+------------------------+------------------------+ | Hash-based Filtering | hashInitialiserValue | +----+------------------------+ hashIPPayloadOffset | | 6 | using BOB | hashIPPayloadSize | +----+------------------------+ hashSelectedRangeMin | | 7 | using IPSX | hashSelectedRangeMax | +----+------------------------+ hashOutputRangeMin | | 8 | using CRC | hashOutputRangeMax | +----+------------------------+------------------------+ There is a broad variety of possible parameters that could be used for Property match Filtering (5), but currently there are no agreed parameters specified. Abstract Data Type: unsigned16 Data Type Semantics: identifier ElementId: 304 Status: current Dietz, et al. Standards Track [Page 10]
Description: