Packet Sampling (psamp) Charter

2.4.12 Packet Sampling (psamp)

NOTE: This charter is a snapshot of the 62nd IETF Meeting in Minneapolis, MN USA. It may now be out-of-date.

Last Modified: 2005-02-02

Chair(s):

Andy Bierman <ietf@andybierman.com>
Juergen Quittek <quittek@netlab.nec.de>

Operations and Management Area Director(s):

Bert Wijnen <bwijnen@lucent.com>
David Kessens <david.kessens@nokia.com>

Operations and Management Area Advisor:

David Kessens <david.kessens@nokia.com>

Mailing Lists:

General Discussion: psamp@ops.ietf.org
To Subscribe: psamp-request@ops.ietf.org
In Body: subscribe
Archive: https://ops.ietf.org/lists/psamp/

Description of Working Group:

The Packet Sampling working group is chartered to define a standard
set of capabilities for network elements to sample subsets of packets
by statistical and other methods. The capabilities should be simple
enough that they can be implemented ubiquitously at maximal line
rate. They should be rich enough to support a range of existing and
emerging measurement-based applications, and other IETF working groups
where appropriate.

The focus of the WG will be to (i) specify a set of selection
operations by which packets are sampled (ii) specify the information
that is to be made available for reporting on sampled packets; (iii)
describe protocols by which information on sampled packets is reported
to applications; (iv) describe protocols by which packet selection and
reporting configured.

Packet reports must be communicable in a timely manner, to
applications either on-board of off-board the sampling network
element. The streams of packet reports produced by a packet sampling
must (i) allow consistent interpretation, independent of the
particular network element that produced them; (ii) be self-defining,
in that their interpretation does not require additional information
to be supplied by the network element; (iii) allow robustness of
interpretation with respect to missing reports or part of reports;

Network elements shall support multiple parallel packet samplers, each
with independently configurable packet selectors, reports, report
streams, and export. Network elements must allow easy and secure
reconfiguration of these packet samplers by on-board or external
applications.

Export of a report stream across a network must be congestion avoiding
in compliance with RFC 2914. Unreliable transport is permitted because
the requirements at the exporter for reliable transport (state
maintenance, addressibilty, acknowledgment processing, buffering
unacknowledged data) would prevent ubiquitous deployment. Congestion
avoidance with unreliable export is to be accomplished by the
following measures, which shall be mandatory to implement and use. The
maximum export rate of a report stream must be configurable at the
exporter. A report stream must contain sufficient information for
transmission loss to be detected a collector. Then the collector must
run a congestion control algorithm to compute a new sending rate, and
reconfigure the exporter with this rate. In order to maintain report
collection during periods of congestion, PSAMP report streams may
claim more than a fair share of link bandwidth, provided the number of
report streams in competition with fair sharing traffic is limited.

Selection of the content of packet reports will be cognizant of
privacy and anonymity issues while being responsive to the needs of
measurement applications, and in accordance with RFC 2804.

Re-use of existing protocols will be encouraged provided the protocol
capabilities are compatible with PSAMP requirements.

Specifically, the PSAMP WG will perform the following tasks, in
accordance with the principles stated above:

1. Selectors for packet sampling. Define the set of primitive packet
selection operations for network elements, the parameters by which
they may be configured, and the ways in which they can be combined.

2. Packet Information. Specify extent of packet that is to be made
available for reporting. Target for inclusion the packet's IP
header, some subsequent bytes of the packet, and encapsulating
headers if present. Full packet capture of arbitrary packet
streams is explicitly out of scope. Specify variants for IPv4 and
IPv6, extent of IP packet available under encapsulation methods,
and under packet encryption.

3. Sampled packet reports. Define the format of the report that is
constructed by the network element for each sampled packet for
communication to applications. The format shall be sufficiently
rich as to allow inclusion in the packet report of (i) IP packet
information as specified in paragraph 2 above; (ii) encapsulating
packet headers as specified in paragraph 2 above; (iii) interface
or channel identifiers associated with transit of the packet across
the network element; (iv) quantities computable from packet content
and router state, (v) quantities computed during the selection
operation. All reported quantities must reflect the router state
and configuration encountered by the packet in the network element.

4. Report Streams. Define a format for a stream of packet reports, to
include: (i) the format of packet reports in the stream; (ii) the
packet reports themselves; (iii) configuration parameters of the
selectors of the packets reported on; (iv) configuration parameters
and state information of the network element; (v) quantities that
enable collectors and applications to infer of attained packet
sampling rates, detect loss during samping, report loss in
transmission, and correct for information missing from the packet
report stream; (vi) indication of the inherent accuracy
of the reported quantities, e.g., of timestamps.

5. Multiple Report Streams. Define requirements for multiple parallel
packet samplers in one network element, including the allowed
degradation of packet reporting when packets are selected by
multiple packet samplers.

6. Configuration and Management. Define a packet sampler MIB to reside
at the network element, including parameters for packet selection,
packet report and stream format, and export. Select or define a
communication protocol to configure/read this MIB.

7. Presentation, Export, and Transport of Packet Reports. Define
interface for presentation of reports to on-board applications.
Select unreliable transport protocol for remote export. Determine
rate control algorithms for export.

Initial Internet-Draft: A Framework for Passive Packet Measurement
[draft-duffield-framework-papame]

Goals and Milestones:

Done		Submit initial Framework document
Done		Submit initial Packet selector and packet information document
Done		Submit initial Report format and report stream format document
Done		Submit initial Export and requirements for collectors document
Done		Submit initial MIB document
May 03		Submit final Framework document
May 03		Submit final Packet selector and packet information document
Sep 03		Submit final Report format and report stream format document
Oct 03		Submit final Export and requirements for collectors document
Nov 03		Submit final MIB document

Internet-Drafts:

draft-ietf-psamp-framework-10.txt

draft-ietf-psamp-sample-tech-06.txt

draft-ietf-psamp-mib-04.txt

No Request For Comments

Current Meeting Report

===========================================
Minutes of the PSAMP BOF session at IETF 62
Thursday March 10, 16:45 h - 17:45 h
===========================================

Packet Sampling Working Group
Chairs: Andy Bierman <abierman@cisco.com>
Juergen Quittek <quittek@netlab.nec.de>

Minutes taken by Ralf Wolter

0. Session Summary
1. PSAMP WG Status
2. Update of Packet Selection
3. PSAMP MIB
4. Continuation of work on PSAMP protocol

----------------
Discussed Internet drafts

A Framework for Passive Packet Measurement
http://www.ietf.org/internet-drafts/draft-ietf-psamp-framework-10.txt

Sampling and Filtering Techniques for IP Packet Selection
http://www.ietf.org/internet-drafts/draft-ietf-psamp-sample-tech-06.txt

Definitions of Managed Objects for Packet Sampling
http://www.ietf.org/internet-drafts/draft-ietf-psamp-mib-04.txt

----------------
0. Session Summary

The PSAMP framework document is ready to be submitted to the IESG. The packet selection document completed WG last call and the next version will include all agreed changes. Both documents will be submitted together as soon as the next version of the packet selection document is available.

The MIB module still has open issues. Solutions for several issues were found during the session. A new version fixing all current is planned for June. WG last call on this document is planned to close at IETF63.

The protocol document and info model document are expired. The IPFIX WG plans to submit the corresponding IPFIX document by March to the IESG. At this time work on the two PSAMP documents will start again. A stable version was planned for IETF63 and WG last call in September 2005.

----------------
1. PSAMP WG Status (Juergen)

The PSAMP framework document passed WG last call. It will be forwarded to the IESG together with the Packet Selection draft, for which WG last call will close at the end of the IETF meeting. Protocol and info model are on hold until IPFIX completes the corresponding documents. These drafts are expired. The PSAMP MIB is progressing.

----------------
2. Sampling and Filtering Techniques (Tanja Zseby)

draft-ietf-psamp-sample-tech-06.txt

Tanja reported changes since the last version including several clarifications and harmonization of terminology. The only technical change was limiting combinations of filters to AND combinations only. OR combinations are not supported anymore.

Some minor edits are still required. Beyond this, the only open issue is the discussion of hash functions. Implementing hash functions is not mandatory, but if they are supported, then the recommended one SHOULD be supported. The current version recommends IPSX for packet selection and CRC for packet digest. IPSX does not work for IPv6, but for IPv4 it is 7 times faster than BOB. But BOB works well for IPv6. BOB performs similarly to CRC for packet digest. After some discussions, it was agreed to recommend BOB for both, packet selection and packet digest. IPSX and CRC will be optional.

Tanja suggested proposing the investigation of an optimal hash function for IPv6 as work item for the IRTF IMRG.

----------------
3. PSAMP MIB (Benoit Claise)

draft-ietf-psamp-mib-04.txt

Benoit explained that the main changed since the previous version was the completion of modelling all filter and sampling functions. Additionally, several clarifications were applied and terminology was harmonized.

Still there is a significant list of open issues. The document needs more diagrams and examples to explain the interconnection of different parts of the MIB. An entity relationship diagram should be added.

References with object IDs must be explained, especially pointers and their relationship to the functions and input parameters a new section is required.

Hash filtering is the most difficult part in the draft, it is still not finally decided how to integrate hash filtering into the MIB. Should more hash functions be supported? BenoitÕs proposal was limiting the complexity.

Should all hash parameter functions be implemented in the MIB? This has security issues, as a simple snmpwalk would provide all details and could lead to a potential attack. The problem is that knowledge about the hash functions parameter could result in an attack against the collector (either to avoid collection or to make sure certain packet patterns are collected).

[Juergen] SNMPv3 would solve the issue. But how many customers use SNMPv3?

The description of RowStatus objects must clearly state the minimum sets of objects per table. Row state filtering: today there is one big table, sub-tables would make the implementation easier.

Still multiple editorial changes are required.

[Juergen] It would be very helpful to add usage examples required that clarify the sequence of actions how to setup a filter by using tables etc.

----------------
4. Continuation of work on PSAMP protocol

The following milestones were discussed and agreed. The WG charter page needs to be updated accordingly.

May 05: framework and sample tech to IESG
Jun 05: new version of the MIB that fixes the current issue
IETF63: stable version of protocol and info model for next meeting;
IETF63: last call on MIB
Sep 05: last call on protocol and info model

Slides

Agenda
Sampling and Filtering Techniques for IP Packet Selection - Update -
Managed Objects for Packet Sampling