1 / 13

PSAMP Information Model IPFIX IETF-64 November 10th, 2005 <draft-ietf-psamp-info.txt>

Thomas Dietz < dietz@netlab.nec.de > Falko Dressler < dressler@informatik.uni-erlangen.de > Georg Carle < carle@informatik.uni-tuebingen.de > Benoit Claise < bclaise@cisco.com > Paul Aitken < paitken@cisco.com >.

raymiller
Download Presentation

PSAMP Information Model IPFIX IETF-64 November 10th, 2005 <draft-ietf-psamp-info.txt>

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thomas Dietz <dietz@netlab.nec.de> Falko Dressler <dressler@informatik.uni-erlangen.de> Georg Carle <carle@informatik.uni-tuebingen.de> Benoit Claise <bclaise@cisco.com> Paul Aitken <paitken@cisco.com> PSAMP Information ModelIPFIX IETF-64 November 10th, 2005<draft-ietf-psamp-info.txt>

  2. Guidelines for version 3 We won't overload Information Elements with multiple meanings or re-use them for multiple purposes. We will allocate different IE's for each requirement. A single Information Element for all the selection methods: selectorAlgorithm. The number space for Information Elements now starts at 300. It started at 1024 in version 2.

  3. New from version 2 to version 3:Information Element cleanup Removed: optionTemplateId, packetSample, headerType Changed: selectorInputSequenceNumber selectorAlgorithm samplingProbabilityN, samplingProbabilityM New: optionTemplateId, selectorId, associationsId, packetsObserved, packetsSelected, accuracy

  4. New from version 2 to version 3:New “chunk” Information Elements ipHeaderPacketSection ipPayloadPacketSection l2HeaderPacketSection l2PayloadPacketSection mplsLabelStackSection mplsPayloadPacketSection

  5. Open issue:Layer 2 is not defined PROPOSAL: Remove: l2HeaderPacketSection, l2PayloadPacketSection, Add: dataLinkFrameSection: Description: This information element carries the first n octets from the data link frame of a sampled packet. The data link layer is defined in [ISO/IEC 7498-1:1994].

  6. Open issue:Units The unit property is currently optional, but we would like to have information about units wherever possible. The unit property may become mandatory in a future version of this document and we would define the unit as "not applicable" when no unit can be given. PROPOSAL: do as IPFIX does: units are “MAY” - we don't want to be more specific in PSAMP.

  7. Open issue:What if the chunk is not long enough? For example, ipHeaderPacketSection: “If insufficient octets are available, the remainder of the data should be zero-filled and an additional information element sent (e.g., ipPayloadLength) indicating how much of the data is valid.” Collector will never know what is padding and what is not. Adding an additional IE is not the right way. PROPOSAL: to be solved in PSAMP PROTO.

  8. Open issues: Rather than creating new header and payload sections for each layer, protocol or application, should there only be one header section and one payload section, with another IE describing what it is? PROPOSAL: There is no requirement for layer 4 IE's, so there's no need for application level IE's. PROPOSAL: we want as generic information elements as possible. eg, we don't want IPv4HeaderPacketSection and IPv6HeaderPacketSection because the protocol information is already in the header. Also we don't want IPv4PayloadPacketSection and IPv6PayloadPacketSection because the payload is independant of the protocol.

  9. Open issue:Sampled data Information Elements The export of sampled data may not need all fields defined by the IPFIX information model. Thus a section within this document should give an overview of flow fields defined in the IPFIX information model and their usage in the PSAMP environment. PROPOSAL: This is already covered by section 6.2 and 6.3 of draft-ietf-psamp-framework-10.txt Double check whether it's covered by [I-D.ietf-psamp-sample-tech].

  10. Open issue:Observation Point The observation point is currently not covered by the IPFIX information model. It is not clear if we should include the observation point by ourselves or if we should wait for IPFIX to include it in their information model.

  11. Open issue:Reuse of NetFlow v9 Information Elements Align field types with the field types currently defined in NETFLOWv9 if possible. Currently field types 34,35 as well as 48-50 are candidates. PROPOSAL: Retain these Information Elements as RESERVED, and create new Information Elements for PSAMP.

  12. Open issues:Miscellaneous We need to specify the description of the "accuracy" Information Element. How to export very long packets? An MTU of 1500 permits an template of 350+ elements, but it may not be possible to transmit all the desired elements in one packet since the 16-bit length field in the IPFIX header only allows IPFIX packets up to 65535 bytes. The flow state sampling, random non-uniform probabilistic sampling, the mask filtering and the router state filtering are currently not fully covered by the information model because the fields needed for these algorithm still need to be specified.

  13. Thomas Dietz <dietz@netlab.nec.de> Falko Dressler <dressler@informatik.uni-erlangen.de> Georg Carle <carle@informatik.uni-tuebingen.de> Benoit Claise <bclaise@cisco.com> Paul Aitken <paitken@cisco.com> PSAMP Information ModelIPFIX IETF-64 November 10th, 2005<draft-ietf-psamp-info.txt>

More Related