2.7.10 Realtime Traffic Flow Measurement (rtfm)

NOTE: This charter is a snapshot of the 41st IETF Meeting in Los Angeles, California. It may now be out-of-date. Last Modified: 27-Mar-98

Chair(s):

Gregory Ruth <gruth@gte.com>
Nevil Brownlee <n.brownlee@auckland.ac.nz>
Sig Handelman <swhandel@us.ibm.com>

Transport Area Director(s):

Scott Bradner <sob@harvard.edu>
Allyn Romanow <allyn.romanow@eng.sun.com>

Transport Area Advisor:

Scott Bradner <sob@harvard.edu>

Mailing Lists:

General Discussion:rtfm@auckland.ac.nz
To Subscribe: majordomo@auckland.ac.nz
In Body: subscribe rtfm your-email-address
Archive: ftp://ftp.auckland.ac.nz/pub/rtfm/ml-archive

Description of Working Group:

This working group has three main objectives:

* Consider current issues in traffic flow measurement, such as

- Security issues relating to both traffic measuring devices and to the data they produce.

- Policy issues relating to traffic measurement and usage accounting, for example any requirements these may place on emerging network protocols

- Existing work in traffic flow measurement, including that of IETF Working Groups such as bmwg/ippm, rsvp and rmonmib, as well as that by vendors and independent researchers

* Produce an improved Traffic Flow Model considering at least the following needs:

- wider range of measurable quantities, e.g. those relating to IPv6, and to class of service - simpler ways to specify flows of interest - better ways to control access to measured flow data - strong focus on data reduction capabilities - efficient hardware implementation

* Develop the RTFM Architecture and Meter MIB as 'standards track' documents with the IETF.

Goals and Milestones:

Feb 96

  

Submit set of revised Internet-Drafts and of RFC1272 to the IESG for consideration as Experimental Protocols.

Mar 96

  

Produce outline for 'New Traffic Flow Model' document

Jul 96

  

Submit 'New Traffic Flow Model' document as an Internet-Draft, and begin working on an implementation document.

Jul 96

  

Submit Internet-Draft on Flow Meter MIB.

Nov 96

  

Submit Implementation document as an Internet-Draft.

Nov 96

  

Submit 'New Traffic Flow Model' to the IESG to be considered for publication as an RFC.

Mar 97

  

Submit Implementation Internet-Draft to the IESG to be considered for publication as an RFC.

Jul 97

  

Submit Meter MIB I-D to IESG for consideration as Proposed

Aug 97

  

Publish revised and extended I-D on 'New Attributes'

Aug 97

  

Publish revised 'Architecture' I-D to cover new attributes

Dec 97

  

Submit I-Ds on 'New Attributes' and 'Architecture' for consideration as Proposed Standards

Internet-Drafts:

Request For Comments:

RFC

Status

Title

 

RFC2064

E

Traffic Flow Measurement: Meter MIB

RFC2063

E

Traffic Flow Measurement: Architecture

RFC2123

 

Traffic Flow Measurement: Experiences with NeTraMet

Current Meeting Report

Minutes of the Realtime Traffic Flow Measurement (rtfm) Working Group

Reported by Stephen Stibler

Summary

The WG reviewed its two current I-Ds, 'New Attributes' and 'Simple Ruleset Language.' Reports covered preliminary work on TCP attributes, one-way transit time measurements, and the status of the two RTFM implementations. The WG will continue to develop the above I-Ds, and will produce an Applicability Statement for its new 'Architecture' and 'Meter MIB' I-Ds.

The 'New Attributes' draft was discussed. The way in which attributes are classified needs to be made clearer, and it was pointed out that some attribute values could usefully be returned either as a distribution (summarizing the life of the flow) or as a sequence of values (giving all the values as they were measured). 'Packet trace' values now appear useful for collecting a 'digest' of information about each packet in a flow; this will be developed further.

Comments from the mailing list had pointed out some potential problems with the new attributes themselves. Sig Handelman led some discussion on the new attributes and their problems, and commented that further work on this is proceeding.

The need for a standard flow data file was considered. Since the RTFM attributes effectively form a database schema there was no support for defining a file format.

Nevil Brownlee reported on some preliminary work on implementing 'TCP Attributes,' which will require the meter to keep a table with one entry for each TCP stream active within an RTFM flow. To estimate the size of such a table Nevil had collected data on web proxy streams; as a by-product he had produced some interesting distributions for his site's web flows. From these it appears that 200 streams would be a reasonable first estimate of the table size.

Nevil also reported on work in progress by Ian Graham's group at the University of Waikato on measuring one-way transit times for IP packets between New Zealand and the UK. At present this is done using stand-alone programs on Unix systems to observe the packets; Ian and Nevil are considering using the RTFM architecture instead. The measurements would be made in an RTFM meter and read back as 'packet trace' attribute values. This would allow different users to make measurements on a single remote meter.

The 'SRL: the Simple Ruleset Language' draft was discussed. This is an attempt to produce a minimal language which makes it easy to specify the flows of interest and the level of address detail required for each flow. It was noted that even minimal languages must be designed carefully so that they scale well. SRL should be useful to anyone needing to specify flows and actions to be taken when they are observed; interest was expressed by members of other working groups such as rap (RSVP Admission Policy) and diffserv (Differentiated Services). Nevil intends to produce an SRL compiler so users can experiment with the language.

Development of the IBM meter continues, and Sig Handelman presented some preliminary measurements of flow measurements on a fairly busy FDDI ring. Sig expects to deploy meters in two large sites where they will be directly connected to large database servers; he will report on this in due course. He is also considering how 'application-level' attributes could be implemented so as to collect web usage data.

NeTraMet version 4.1 is now in widespread use. Kevin Hoadley (JANET, UK) has produced a modified meter using NetFlow data from a Cisco router. He uses this to monitor JANET's transatlantic link, seeing about 1500 flows per second. He uses a machine-generated ruleset with 30,000 rules, and reports good performance with the meter running on a 200 MHz FreeBSD system. The next version of NeTraMet will include the NetFlow interface.

The WG goals were reviewed. The 'Architecture' and 'Meter MIB' drafts are new versions of RFC 2063 and 2064, reflecting a year's experience. They have had a two-week WG last call, but need an Applicability Statement before being forwarded to IESG as Proposed Standards. This will be discussed on the mailing list.

'New Attributes' and 'Simple Ruleset Language' are new drafts, and are intended to become Informational RFCs. Development of both will continue on the mailing list. WG members were strongly urged to read the drafts and send their comments, opinions, suggestions, etc. to the RTFM mailing list.

Slides

Implementing TCP Attributes
IP Delay Measurements

Attendees List

go to list