Network Working Group T. Dietz Internet-Draft NEC Europe Ltd. Expires: April 27, 2006 F. Dressler University of Erlangen-Nuremberg G. Carle University of Tuebingen B. Claise P. Aitken Cisco Systems October 24, 2005 Information Model for Packet Sampling Exports Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 27, 2006. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This memo defines an information model for the Packet Sampling (PSAMP) protocol. It is used by the PSAMP protocol for encoding Dietz, et al. draft-ietf-psamp-info-03.txt [Page 1] Internet-Draft PSAMP Information Model October 2005 sampled packet data and information related to the sampling process. As the PSAMP protocol is based on the IPFIX protocol, this information model is an extension to the IPFIX information model. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 2] Internet-Draft PSAMP Information Model October 2005 Table of Contents 1. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1 PSAMP architecture/protocol related . . . . . . . . . . . 5 1.2 IPFIX related . . . . . . . . . . . . . . . . . . . . . . 6 1.3 NETFLOW v9 related . . . . . . . . . . . . . . . . . . . . 6 1.4 PSAMP number space for Information Elements . . . . . . . 6 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Relationship between PSAMP and IPFIX . . . . . . . . . . . . 7 4. Properties of a PSAMP Information Element . . . . . . . . . 8 5. Type Space . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. The PSAMP Information Elements . . . . . . . . . . . . . . . 8 6.1 PSAMP Usage of IPFIX Attributes . . . . . . . . . . . . . 8 6.2 Additional PSAMP Information Elements . . . . . . . . . . 9 6.2.1 selectorId . . . . . . . . . . . . . . . . . . . . . . 9 6.2.2 selectorInputSequenceNumber . . . . . . . . . . . . . 9 6.2.3 selectorAlgorithm . . . . . . . . . . . . . . . . . . 10 6.2.4 samplingPacketInterval . . . . . . . . . . . . . . . . 10 6.2.5 samplingPacketSpace . . . . . . . . . . . . . . . . . 11 6.2.6 samplingTimeInterval . . . . . . . . . . . . . . . . . 11 6.2.7 samplingTimeSpace . . . . . . . . . . . . . . . . . . 11 6.2.8 samplingPopulation . . . . . . . . . . . . . . . . . . 12 6.2.9 samplingSize . . . . . . . . . . . . . . . . . . . . . 12 6.2.10 samplingProbabilityN . . . . . . . . . . . . . . . . 12 6.2.11 samplingProbabilityM . . . . . . . . . . . . . . . . 12 6.2.12 ipHeaderPacketSection . . . . . . . . . . . . . . . 13 6.2.13 ipPayloadPacketSection . . . . . . . . . . . . . . . 13 6.2.14 l2HeaderPacketSection . . . . . . . . . . . . . . . 13 6.2.15 l2PayloadPacketSection . . . . . . . . . . . . . . . 14 6.2.16 mplsLabelStackSection . . . . . . . . . . . . . . . 14 6.2.17 mplsPayloadPacketSection . . . . . . . . . . . . . . 14 6.2.18 meteringProcesssId . . . . . . . . . . . . . . . . . 14 6.2.19 observationPointId . . . . . . . . . . . . . . . . . 15 6.2.20 associationsId . . . . . . . . . . . . . . . . . . . 15 6.2.21 selectorType . . . . . . . . . . . . . . . . . . . . 15 6.2.22 packetsObserved . . . . . . . . . . . . . . . . . . 15 6.2.23 packetsSelected . . . . . . . . . . . . . . . . . . 15 6.2.24 accuracy . . . . . . . . . . . . . . . . . . . . . . 15 7. Security Considerations . . . . . . . . . . . . . . . . . . 16 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 16 Dietz, et al. draft-ietf-psamp-info-03.txt [Page 3] Internet-Draft PSAMP Information Model October 2005 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 9.1 Normative References . . . . . . . . . . . . . . . . . . . 16 9.2 Informative References . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 18 A. Formal Specification of PSAMP Information Elements . . . . . 19 Intellectual Property and Copyright Statements . . . . . . . 29 Dietz, et al. draft-ietf-psamp-info-03.txt [Page 4] Internet-Draft PSAMP Information Model October 2005 1. Open Issues This section covers some open issues which have to be solved in a future version of this draft. 1.1 PSAMP architecture/protocol related o PROPOSAL: we won't overload Information Elements with multiple meanings or re-use them for multiple purposes. We will allocate different IE's for each requirement. o PROPOSAL: although having different IE's for each requirement allows us to infer the selection method, we will include a separate IE for the method, e.g. for including in scope info and depicting the contents of composites. o We currently define the sampling/filtering algorithm and the hash function Information Element as a simple 8-bit identifier. This implies that an extension is very easy. Nevertheless, it might be appropriate to have a single Information Element for each method in order to integrate special information about the sampling/ filtering algorithm or the hash function directly into the Information Element. PROPOSAL: special information will be encoded in new Information Elements as necessary, and not be encoded in the selection method. o The flow state sampling, random non-uniform probabilistic sampling, the mask filtering and the router state filtering are currently not fully covered by the information model because the Information Elements needed for these algorithms still need to be specified. o The PSAMP protocol [I-D.ietf-psamp-protocol] allows to define multiple selection methods which are applied in a sequential order. Therefore, the order of the Information Elements in a template becomes important. This is a primary difference to the semantics of the flow template in the IPFIX definition. Currently, we do not have a proper definition for the ordering of Information Elements. PROPOSAL: where the order of the elements is important (according to the PSAMP protocol [I-D.ietf-psamp- protocol]) they must be specified in the correct order. o The unit property is currently optional, but we would like to have information about units wherever possible. The unit property may become mandatory in a future version of this document and we would define the unit as "not applicable" when no unit can be given. o We need to specify the "accuracy" Information Element. o data type - variable length for packet fragment. o How to export very long packets? An MTU of 1500 permits an template of 350+ elements, but it may not be possible to transmit all the desired elements in one packet since the 16-bit length field in the IPFIX header only allows IPFIX packets up to 65535 bytes. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 5] Internet-Draft PSAMP Information Model October 2005 o Clearly define "layer 2" and MPLS. PROPOSAL: discuss at the Vancouver IETF. o Rather than creating new header and payload sections for each layer, protocol or application, should there only be one header section and one payload section, with another IE describing what it is? PROPOSAL: discuss at the Vancouver IETF. 1.2 IPFIX related o This document only defines the Information Elements for exporting PSAMP data that are not defined by the IPFIX information model. Nevertheless, we should include a usage statement for the Information Elements defined by IPFIX when used by the PSAMP export protocol or include a special section discussing the usage of IPFIX information elements by PSAMP. o The export of sampled data may not need all information elements defined by the IPFIX information model. Thus a section within this document should give an overview of flow Information Elements defined in the IPFIX information model and their usage in the PSAMP environment. o The observation point is currently not covered by the IPFIX information model. It is not clear if we should include the observation point by ourselves or if we should wait for IPFIX to include it in their information model. PROPOSAL: We should define it here, either in its own Information Element, or consider it to be a particular kind of selector. o Insert or cross reference the following sections from IPFIX-INFO: * 2. Properties of IPFIX Protocol Information Elements * 2.1 Information Elements Specification Template * 2.2 Scope of Information Elements * 2.3 Naming Conventions for Information Elements * 3. Type Space * 4. Information Element Identifiers o Verify consistency with definitions in * draft-ietf-psamp-sample-tech-07.txt * draft-ietf-psamp-framework-10.txt 1.3 NETFLOW v9 related o Align the Information Elements with the information elements currently defined in NETFLOWv9 if possible. Currently Information Elements types 34,35 as well as 48-50 are candidates. PROPOSAL: Retain these Information Elements as RESERVED, and create new Information Elements for PSAMP. 1.4 PSAMP number space for Information Elements Dietz, et al. draft-ietf-psamp-info-03.txt [Page 6] Internet-Draft PSAMP Information Model October 2005 o The Information Element number space is not assigned by any directory (IANA), yet. The IPFIX Information Model [I-D.ietf- ipfix-info] defines Information Elements 1 through 214, so we started the PSAMP Information Element numbering from 300. 2. Introduction Packet sampling techniques are required for various measurement scenarios. The packet sampling (PSAMP) protocol provides mechanisms for the packet selection using different filtering and sampling techniques. A standard way for the export and storage of such sampled packet data is required. The definition of the PSAMP information and data model is based on the IP Flow Information eXport (IPFIX) protocol [I-D.ietf-ipfix-protocol]. The PSAMP protocol document [I-D.ietf-psamp-protocol] describes how to use the IPFIX protocol in the PSAMP context. This document examines the IPFIX information model [I-D.ietf-ipfix- info] and extends it to meet the PSAMP requirements. Therefore, the structure of this document is strongly based on the IPFIX document. It complements the PSAMP protocol specification by providing an appropriate PSAMP information model. The main part of this document, section 6, defines the list of Information Elements to be transmitted by the PSAMP protocol. Sections 5 and 4 describe the data types and Information Element properties used within this document and their relationship to the IPFIX information model. The main body of section 6 was generated from a XML document. The XML-based specification of the PSAMP Information Elements can be used for automatically checking syntactical correctness of the specification. Furthermore it can be used - in combination with the IPFIX information model - for an automated code generation. The resulting code can be used in PSAMP protocol implementations to deal with processing PSAMP information elements. For that reason, the XML document that served as source for section 6 is attached to this document in Appendix A. Note that although partially generated from the attached XML documents, the main body of this document is normative while the appendices are informational. 3. Relationship between PSAMP and IPFIX As described in IETF working document draft-quittek-psamp-ipfix-01.txt [I-D.quittek-psamp-ipfix], a PSAMP data record can be seen as a very special IPFIX flow record. It represents an IPFIX flow containing only a single packet. Therefore, Dietz, et al. draft-ietf-psamp-info-03.txt [Page 7] Internet-Draft PSAMP Information Model October 2005 the IPFIX information model can be used as a basis for PSAMP reports. Nevertheless, there are properties required in PSAMP reports which cannot be modelled using the current IPFIX information model. This document describes extensions to the IPFIX model which allow the modelling of information and data required by PSAMP. Some of these extensions allow the export of what may be considered sensitive information. Refer to the Security Considerations section for a fuller discussion. 4. Properties of a PSAMP Information Element The PSAMP Information Elements are in accordance with the definitions of IPFIX. Therefore we do not repeat the properties in this draft. Nevertheless, we strongly recommend to define the optional "unit" element for every information element (if applicable). 5. Type Space The PSAMP Information Elements MUST be constructed from the basic data types described in the IPFIX Information Model [I-D.ietf-ipfix- info]. To avoid duplicated work and to keep consistency between IPFIX and PSAMP the data types are not repeated in this document. 6. The PSAMP Information Elements This sections describes the Information Elements used by the PSAMP exporting functions. Basically, the Information Elements described by the IPFIX information model [I-D.ietf-ipfix-info] are used by the PSAMP export functions where applicable. To avoid inconsistencies between the IPFIX and the PSAMP information and data models, only those Information Elements are defined here that are not already described by the IPFIX information model. 6.1 PSAMP Usage of IPFIX Attributes Some Information Elements defined by the IPFIX information model are not needed by the PSAMP protocol. Other Information Elements have a different meaning or usage pattern than in IPFIX. This section lists the IPFIX Information Elements that are needed in the PSAMP context and introduces their usage. EDITOR NOTE: this section needs to be finished once IPFIX as well as PSAMP info model are stable. List of additional PSAMP Information Elements: Dietz, et al. draft-ietf-psamp-info-03.txt [Page 8] Internet-Draft PSAMP Information Model October 2005 o 300 - selectorId o 301 - selectorInputSequenceNumber o 302 - selectorAlgorithm o 303 - o 304 - samplingPacketInterval o 305 - samplingPacketSpace o 306 - samplingTimeInterval o 307 - samplingTimeSpace o 308 - samplingPopulation o 309 - samplingSize o 310 - samplingProbabilityN o 311 - samplingProbabilityM o 312 - o 313 - ipHeaderPacketSection o 314 - ipPayloadPacketSection o 315 - l2HeaderPacketSection o 316 - l2PayloadPacketSection o 317 - mplsLabelStackSection o 318 - mplsPayloadPacketSection o 319 - meteringProcesssId o 320 - ObservationPointID o 321 - pathId o 322 - o 323 - selectorType o 324 - packetsObserved o 325 - packetsSelected o 326 - accuracy o 327 - o 328 - o 329 - 6.2 Additional PSAMP Information Elements 6.2.1 selectorId Description: The ID of a selector. Each selector instance must have a unique ID in the observation domain. Abstract Data Type: unsigned16 Data Type Semantics: identifier ElementId: 300 Status: current 6.2.2 selectorInputSequenceNumber Dietz, et al. draft-ietf-psamp-info-03.txt [Page 9] Internet-Draft PSAMP Information Model October 2005 Description: The input sequence number of a packet at a selector. Since each use of a selector is independent, each separate selector instance must maintain its own selectorInputSequenceNumber. Abstract Data Type: unsigned32 ElementId: 301 Status: current 6.2.3 selectorAlgorithm Description: Specifies the selector algorithm (e.g., filter, sampler, hash) that was used on a packet. It is exported in the options data flow record to specify how a collector has to interpret a data flow record. The following selector algorithms are currently defined: * 1 Systematic count-based sampling * 2 Systematic time-based sampling * 3 Random n-out-of-N sampling * 4 Uniform probabilistic sampling * 5 Non-uniform probabilistic sampling * 6 Non-uniform flow state sampling * 7 Match based filtering * 8 Hash based filtering * 9 Router state filtering The parameters for most of these algorithms are defined in this information model. Some parameters - especially those for algorithms 5, 6 and 8 are not covered by this information model since they depend very much on the underlying hardware. Currently there are no hash functions defined. EDITOR'S NOTE: This list may extend to the final version. The "octet" data type is probably not the best choice but keeps the list extensible. Abstract Data Type: octet Data Type Semantics: identifier ElementId: 302 Status: current 6.2.4 samplingPacketInterval Dietz, et al. draft-ietf-psamp-info-03.txt [Page 10] Internet-Draft PSAMP Information Model October 2005 Description: Number of packets that are consecutively sampled. For example a value of 100 means that 100 contiguous packets are sampled. This information element is used for the systematic count-based sampling. Abstract Data Type: unsigned32 ElementId: 304 Status: current Units: packets 6.2.5 samplingPacketSpace Description: The number of packets between two "samplingPacketInterval"s. A value of 100 means that the next interval starts after 100 packets (which are not sampled) when the current "samplingPacketInterval" is over. This information element is used for the systematic count-based sampling. Abstract Data Type: unsigned32 ElementId: 305 Status: current Units: packets 6.2.6 samplingTimeInterval Description: Time interval in microseconds in which all arriving packets are sampled. This information element is used for the systematic time-based sampling. Abstract Data Type: dateTimeMicroSeconds ElementId: 306 Status: current Units: microseconds 6.2.7 samplingTimeSpace Description: The time interval in microseconds between two "samplingTimeInterval"s. A value of 100 would mean that the next interval would start after 100 microseconds (in which no packets are sampled) when the current "samplingTimeInterval" is over. This information element is used for the systematic time-based sampling. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 11] Internet-Draft PSAMP Information Model October 2005 Abstract Data Type: dateTimeMicroSeconds ElementId: 307 Status: current Units: microseconds 6.2.8 samplingPopulation Description: The number of elements in the parent population for random sampling algorithms. This information element is used for the random n-out-of-N sampling algorithm. Abstract Data Type: unsigned32 ElementId: 308 Status: current Units: packets 6.2.9 samplingSize Description: The number of elements taken from the parent population for random sampling algorithms. This information element is used for the random n-out-of-N sampling algorithm. Abstract Data Type: unsigned32 ElementId: 309 Status: current Units: packets 6.2.10 samplingProbabilityN Description: The probability that a packet is sampled. The probability is equal for every packet. The sampling probability is samplingProbabilityN / samplingProbabilityM. A value of 0 means no packet was sampled (probability is 0). Any other value is meaningless without a samplingProbabilityM. This information element is used for the uniform probabilistic sampling algorithm. Abstract Data Type: unsigned32 ElementId: 310 Status: current 6.2.11 samplingProbabilityM Dietz, et al. draft-ietf-psamp-info-03.txt [Page 12] Internet-Draft PSAMP Information Model October 2005 Description: The probability that a packet is sampled. The probability is equal for every packet. The sampling probability is samplingProbabilityN / samplingProbabilityM. Any value is meaningless without a samplingProbabilityN. The value MUST NOT be zero and MUST NOT be greater than samplingProbabilityN. This information element is used for the uniform probabilistic sampling algorithm. Abstract Data Type: unsigned32 ElementId: 311 Status: current 6.2.12 ipHeaderPacketSection Description: This information element carries the first n octets from the IP header of a sampled packet. If insufficient octets are available, the remainder of the data should be zero-filled and an additional information element sent (e.g., ipPayloadLength) indicating how much of the data is valid. Abstract Data Type: octetArray ElementId: 313 Status: current 6.2.13 ipPayloadPacketSection Description: This information element carries the first n octets from the IP payload of a sampled packet. If insufficient octets are available, the remainder of the data should be zero-filled and an additional information element sent (e.g., ipPayloadLength) indicating how much of the data is valid. The IPv4 payload is that part of the packet which follows the IPv4 header and any options, which RFC 791 refers to as "data" or "data octets". e.g., see the examples in RFC 791 APPENDIX A. Abstract Data Type: octetArray ElementId: 314 Status: current 6.2.14 l2HeaderPacketSection Description: This information element carries the first n octets from the layer 2 header of a sampled packet. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 13] Internet-Draft PSAMP Information Model October 2005 EDITOR'S NOTE: TODO. Abstract Data Type: octetArray ElementId: 315 Status: current 6.2.15 l2PayloadPacketSection Description: This information element carries the first n octets from the layer 2 payload of a sampled packet. EDITOR'S NOTE: TODO. Abstract Data Type: octetArray ElementId: 316 Status: current 6.2.16 mplsLabelStackSection Description: This information element carries the first n octets from the MPLS label stack of a sampled packet. See RFC 3031 for the specification of MPLS packets. See RFC 3032 for the specification of the MPLS label stack. EDITOR'S NOTE: TODO. Abstract Data Type: octetArray ElementId: 317 Status: current 6.2.17 mplsPayloadPacketSection Description: This information element carries the first n octets from the MPLS payload of a sampled packet, being data that follows immediately after the MPLS label stack. See RFC 3031 for the specification of MPLS packets. See RFC 3032 for the specification of the MPLS label stack. EDITOR'S NOTE: TODO. Abstract Data Type: octetArray ElementId: 318 Status: current 6.2.18 meteringProcesssId Description: ID of the metering process. Unique in the observation domain. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 14] Internet-Draft PSAMP Information Model October 2005 Abstract Data Type: octet ElementId: 319 Status: current 6.2.19 observationPointId Description: ID of the observation process. Unique in the observation domain. Abstract Data Type: octet ElementId: 320 Status: current 6.2.20 associationsId Description: ID of the associations. Unique in the observation domain. Abstract Data Type: octet ElementId: 321 Status: current 6.2.21 selectorType Description: Type of a selector. Unique in the observation domain. Abstract Data Type: octet ElementId: 323 Status: current 6.2.22 packetsObserved Description: Number of packets observed by a selector. Abstract Data Type: octet ElementId: 324 Status: current 6.2.23 packetsSelected Description: Number of packets selected by a selector. Abstract Data Type: octet ElementId: 325 Status: current 6.2.24 accuracy Dietz, et al. draft-ietf-psamp-info-03.txt [Page 15] Internet-Draft PSAMP Information Model October 2005 Description: Describes the accuracy of a selector. Abstract Data Type: octet ElementId: 326 Status: current 7. Security Considerations The PSAMP information model itself does not directly introduce security issues. Rather it defines a set of attributes which may for privacy or business issues be considered sensitive information. Specifically, the Information Elements pertaining to packet sections MUST target no more than the packet header, some subsequent bytes of the packet, and encapsulating headers if present. Full packet capture of arbitrary packet streams is explicitly out of scope, per RFC 2804 and the PSAMP WG charter. The underlying protocol used to exchange the information described here must therefore apply appropriate procedures to guarantee the integrity and confidentiality of the exported information. Such protocols are defined in separate documents, specifically the IPFIX protocol document [I-D.ietf-ipfix-protocol]. 8. IANA Considerations This document defines an initial set of PSAMP Information Elements, as an extension to the IPFIX Information Elements [IPFIX-INFO]. New assignments for PSAMP Information Elements will be administered according to rules explained in the "IANA Consideration" section of the IPFIX Information Model document [IPFIX-INFO]. Note that the PSAMP Information Element IDs were initially started at the value 300, in order to leave a gap for any ongoing IPFIX work requiring new Information Elements. It is expected that this gap in the Information Element numbering will be filled in by IANA with new IPFIX Information Elements. Appendix B defines an XML schema which may be used to create consistent machine readable extensions to the IPFIX information model. This schema introduces a new namespace, which will be assigned by IANA according to RFC 3688. 9. References 9.1 Normative References [I-D.ietf-psamp-sample-tech] Zseby, T., Molina, M., Raspall, F., and N. Duffield, "Sampling and Filtering Techniques for IP Packet Selection", draft-ietf-psamp-sample-tech-07 (work in Dietz, et al. draft-ietf-psamp-info-03.txt [Page 16] Internet-Draft PSAMP Information Model October 2005 progress), July 2005. [I-D.ietf-psamp-protocol] Claise, B., "Packet Sampling (PSAMP) Protocol Specifications", draft-ietf-psamp-protocol-01 (work in progress), February 2004. [I-D.ietf-psamp-mib] Dietz, T., "Definitions of Managed Objects for Packet Sampling", draft-ietf-psamp-mib-02 (work in progress), February 2004. [I-D.ietf-ipfix-reqs] Quittek, J., "Requirements for IP Flow Information Export", draft-ietf-ipfix-reqs-16 (work in progress), June 2004. [I-D.ietf-ipfix-info] Calato, P., "Information Model for IP Flow Information Export", draft-ietf-ipfix-info-03 (work in progress), February 2004. [I-D.ietf-ipfix-protocol] Claise, B., "IPFIX Protocol Specifications", draft-ietf-ipfix-protocol-03 (work in progress), February 2004. 9.2 Informative References [I-D.ietf-ipfix-architecture] Norseth, K. and G. Sadasivan, "Architecture Model for IP Flow Information Export", draft-ietf-ipfix-architecture-02 (work in progress), June 2002. [I-D.ietf-psamp-framework] Duffield, N., "A Framework for Passive Packet Measurement", draft-ietf-psamp-framework-05 (work in progress), January 2004. [I-D.quittek-psamp-ipfix] Quittek, J. and B. Claise, "On the Relationship between PSAMP and IPFIX", draft-quittek-psamp-ipfix-01 (work in progress), March 2003. [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Dietz, et al. draft-ietf-psamp-info-03.txt [Page 17] Internet-Draft PSAMP Information Model October 2005 Information Models and Data Models", RFC 3444, January 2003. [RFC3470] Hollenbeck, S., Rose, M., and L. Masinter, "Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols", BCP 70, RFC 3470, January 2003. Authors' Addresses Thomas Dietz NEC Europe Ltd. Network Laboratories Kurfuersten-Anlage 36 Heidelberg 69115 Germany Phone: +49 6221 90511-28 Email: dietz@netlab.nec.de URI: http://www.netlab.nec.de/ Falko Dressler University of Erlangen-Nuremberg Dept. of Computer Sciences Martensstr. 3 Erlangen 91058 Germany Phone: +49 9131 85-27914 Email: dressler@informatik.uni-erlangen.de URI: http://www7.informatik.uni-erlangen.de/~dressler Georg Carle University of Tuebingen Wilhelm-Schickard-Institute for Computer Science Auf der Morgenstelle 10C Tuebingen 71076 Germany Phone: +49 7071 29-70505 Email: carle@informatik.uni-tuebingen.de URI: http://net.informatik.uni-tuebingen.de/~carle/ Dietz, et al. draft-ietf-psamp-info-03.txt [Page 18] Internet-Draft PSAMP Information Model October 2005 Benoit Claise Cisco Systems De Kleetlaan 6a b1 Degem 1813 Belgium Phone: +32 2 704 5622 Email: bclaise@cisco.com Paul Aitken Cisco Systems 96 Commercial Quay Edinburgh EH6 6LX Scotland Phone: +44 131 561 3616 Email: paitken@cisco.com URI: http://www.cisco.com/ Appendix A. Formal Specification of PSAMP Information Elements This appendix contains a formal description of the PSAMP information model XML document. Note that this appendix is of informational nature, while the text in section Section 6 generated from this appendix is normative. Using a formal and machine readable syntax for the information model enables the creation of PSAMP aware tools which can automatically adapt to extensions to the information model, by simply reading updated information model specifications. The wide availability of XML aware tools and libraries for client devices is a primary consideration for this choice. In particular libraries for parsing XML documents are readily available. Also mechanisms such as the Extensible Stylesheet Language (XSL) allow for transforming a source XML document into other documents. This draft was authored in XML and transformed according to RFC2629. It should be noted that the use of XML in exporters, collectors or other tools is not mandatory for the deployment of PSAMP. In particular, exporting processes do not produce or consume XML as part of their operation. It is expected that PSAMP collectors MAY take advantage of the machine readability of the information model vs. hardcoding their behavior or inventing proprietary means for accommodating extensions. Using XML-based specifications does not currently address possible Dietz, et al. draft-ietf-psamp-info-03.txt [Page 19] Internet-Draft PSAMP Information Model October 2005 IANA implications associated with XML Namespace URIs. The use of Namespaces as an extension mechanism implies that an IANA registered Namespace URI should be available and that directory names below this base URI be assigned for relevant IETF specifications. The authors are not aware of this mechanism today. The ID of a selector. Each selector instance must have a unique ID in the observation domain. The input sequence number of a packet at a selector. Since each use of a selector is independent, each separate selector instance must maintain its own selectorInputSequenceNumber. Specifies the selector algorithm (e.g., filter, sampler, hash) that was used on a packet. It is exported in the options data flow record to specify how a collector has to interpret a data flow record. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 20] Internet-Draft PSAMP Information Model October 2005 The following selector algorithms are currently defined: 1 Systematic count-based sampling 2 Systematic time-based sampling 3 Random n-out-of-N sampling 4 Uniform probabilistic sampling 5 Non-uniform probabilistic sampling 6 Non-uniform flow state sampling 7 Match based filtering 8 Hash based filtering 9 Router state filtering The parameters for most of these algorithms are defined in this information model. Some parameters - especially those for algorithms 5, 6 and 8 are not covered by this information model since they depend very much on the underlying hardware. Currently there are no hash functions defined. EDITOR'S NOTE: This list may extend to the final version. The "octet" data type is probably not the best choice but keeps the list extensible. Number of packets that are consecutively sampled. For example a value of 100 means that 100 contiguous packets are sampled. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 21] Internet-Draft PSAMP Information Model October 2005 This information element is used for the systematic count-based sampling. packets The number of packets between two "samplingPacketInterval"s. A value of 100 means that the next interval starts after 100 packets (which are not sampled) when the current "samplingPacketInterval" is over. This information element is used for the systematic count-based sampling. packets Time interval in microseconds in which all arriving packets are sampled. This information element is used for the systematic time-based sampling. microseconds Dietz, et al. draft-ietf-psamp-info-03.txt [Page 22] Internet-Draft PSAMP Information Model October 2005 The time interval in microseconds between two "samplingTimeInterval"s. A value of 100 would mean that the next interval would start after 100 microseconds (in which no packets are sampled) when the current "samplingTimeInterval" is over. This information element is used for the systematic time-based sampling. microseconds The number of elements in the parent population for random sampling algorithms. This information element is used for the random n-out-of-N sampling algorithm. packets The number of elements taken from the parent population for random sampling algorithms. This information element is used for the random n-out-of-N sampling algorithm. packets The probability that a packet is sampled. The probability is equal for every packet. The sampling probability is samplingProbabilityN / samplingProbabilityM. A value of 0 means no packet was sampled (probability is 0). Any other value is meaningless without a samplingProbabilityM. This information element is used for the uniform probabilistic sampling algorithm. The probability that a packet is sampled. The probability is equal for every packet. The sampling probability is samplingProbabilityN / samplingProbabilityM. Any value is meaningless without a samplingProbabilityN. The value MUST NOT be zero and MUST NOT be greater than samplingProbabilityN. This information element is used for the uniform probabilistic sampling algorithm. This information element carries the first n octets from the IP header of a sampled packet. If insufficient octets are available, the remainder of the data should be zero-filled and an additional information Dietz, et al. draft-ietf-psamp-info-03.txt [Page 24] Internet-Draft PSAMP Information Model October 2005 element sent (e.g., ipPayloadLength) indicating how much of the data is valid. This information element carries the first n octets from the IP payload of a sampled packet. If insufficient octets are available, the remainder of the data should be zero-filled and an additional information element sent (e.g., ipPayloadLength) indicating how much of the data is valid. The IPv4 payload is that part of the packet which follows the IPv4 header and any options, which RFC 791 refers to as "data" or "data octets". e.g., see the examples in RFC 791 APPENDIX A. This information element carries the first n octets from the layer 2 header of a sampled packet. EDITOR'S NOTE: TODO. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 25] Internet-Draft PSAMP Information Model October 2005 This information element carries the first n octets from the layer 2 payload of a sampled packet. EDITOR'S NOTE: TODO. This information element carries the first n octets from the MPLS label stack of a sampled packet. See RFC 3031 for the specification of MPLS packets. See RFC 3032 for the specification of the MPLS label stack. EDITOR'S NOTE: TODO. This information element carries the first n octets from the MPLS payload of a sampled packet, being data that follows immediately after the MPLS label stack. See RFC 3031 for the specification of MPLS packets. See RFC 3032 for the specification of the MPLS label stack. EDITOR'S NOTE: TODO. ID of the metering process. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 26] Internet-Draft PSAMP Information Model October 2005 Unique in the observation domain. ID of the observation process. Unique in the observation domain. ID of the associations. Unique in the observation domain. Type of a selector. Unique in the observation domain. Number of packets observed by a selector. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 27] Internet-Draft PSAMP Information Model October 2005 Number of packets selected by a selector. Describes the accuracy of a selector. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 28] Internet-Draft PSAMP Information Model October 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Dietz, et al. draft-ietf-psamp-info-03.txt [Page 29]