Elements of a Framework f or PSAMP Nick Duf f ield AT&T Labs nduf f ield@at t .com PSAMP BOF I ETF, Mar 2002 10
Aims and Focus � Scope out requirement s f or PSAMP � Posit ion PSAMP as a supplier of packet measurement s � support applicat ions, but t hey are done elsewhere � main work f or PSAMP is t o def ine packet select ion operat ions � Need t o get measurement s t o applicat ions � hence requirement s f or inf ormat ion model, export � can use exist ing prot ocols (I PFI X t he obvious candidat e) • if PSAMP requirement s mat ch exist ing prot ocol capabilit ies PSAMP BOF I ETF, Mar 2002 11
Elements � Packet select ion � Parallel measurement � Report cont ent � Self -def ining report st ream � Remot e and local export � Robust ness and inf ormat ion loss � Conf igurat ion and management PSAMP BOF I ETF, Mar 2002 12
Packet Selection Primitives � Requirement : suf f icient ly rich set of packet select ion operat ions � Filt er � e.g., mat ch/ mask on source/ dest inat ion pref ix, port numbers, prot ocol, … + t ags t o indicat e t he associat ed (sub)int erf ace � Sample � e.g., 1 in N det erminist ic, random, or hash-based � Combinat ions � e.g., f ilt er, t hen sample 1 in N � Scope � select ion based on packet cont ent : availabilit y of rout er st at e not assumed � Count ers � packet s/ byt es of f ull packet st ream, and of select ed packet s � available f or export , or polling � used direct ly by applicat ions, e.g., f ilt er, t hen count f or billing � provide robust ness w.r.t . inf ormat ion loss, e.g., f rom report st ream PSAMP BOF I ETF, Mar 2002 13
Parallel Measurement � Requirement : parallel conf igurable inf ormat ion f lows Packet Header select or 1 report 1 export 1 collect or 1 select or 2 report 2 export 2 collect or 2 select or 3 report 3 export 3 collect or 3 � � � PSAMP BOF I ETF, Mar 2002 14
Resource I ssues f or Parallel Measurements � Bounded processing resources per packet in rout er � Packet may mat ch several select ors � e.g. coarse AS f ilt er f or billing, narrow subf ilt er f or engineerng � I f packet mat ches t oo many select ors: � not possible t o f ully report all result ing measurement s � Want gracef ul degradat ion f rom f ull report ing � e.g., ref lect ing user priorit ies � I nf ormat ion model design: � should provide inherent robust ness t o such inf ormat ion loss PSAMP BOF I ETF, Mar 2002 15
Report Content � Requirement : per packet report ing wit h suf f icient det ail � Classes of inf ormat ion available f or inclusion � header f ields, e.g., I P sr c/ dst address, TCP/ UDP port s, sizes, ToS, … � sub-I P level ident if iers, e.g., i/ o int erf aces, MPLS label st ack, … � rout er st at e, e.g, rout ing pref ix, AS numbers, next hop, t imest amps,… � derived quant it ies, e.g., hash values � packet / byt e count ers f rom originat ing select or PSAMP BOF I ETF, Mar 2002 16
Self - def ining Report Stream � Requirement : t ransparent int erpret at ion of dat a � I nclude select or paramet ers f or dat a int erpret at ion � e.g., sampling: use N t o est imat e act ual t raf f ic int ensit y � e.g., f ilt ering: what is possible universe of a given packet � e.g.., hash f unct ion paramet ers: f or I CMP t raceback mat ching � At t ribut ion � mult iple select ors: which one(s) select ed packet ? � Self -def ining report st ream � include select or paramet ers, report f ormat , … • e.g. per iodically, upon change, upon command, … � robust : dat a and it s int erpret at ion bound t oget her � Alt ernat ive t hat we don’t like: � collect or keeps independent t rack of select ion paramet ers • e.g. paramet er management syst em, or by polling rout er � j oining dat a painf ul, especially synchronizat ion � mult iple syst ems t o int erpret one dat a source = archit ect ural host age � impact of undocument ed changes, e.g., t hrough CLI PSAMP BOF I ETF, Mar 2002 17
Remote and Local Export � Requirement : � report ing t o on-board and of f -board applicat ions � Flexibilit y of dif f erent export dest inat ions per select or � dif f erent measurement applicat ions, on dif f erent or same host � Allow local export t o on-board applicat ions � e.g. securit y applicat ions • local export of hashes t o I CMPt raceback applicat ion � e.g. mult iple-packet measurement operat ions • int erpacket delay j it t er, f low f ormat ion � Rat e limit ing export � e.g. rat e limit supply of measurement s t o t ransport PSAMP BOF I ETF, Mar 2002 18
Robustness and I nf ormation Loss � Requirement : robust ness t o inf ormat ion loss � Causes of inf ormat ion loss: � incomplet e inf ormat ion if packet mat ches mult iple select ors � report loss in t ransit � collect or f ailure � I nherent robust ness in packet measurement model: � small inf ormat ion cont ent in a single measurement • relat ive t o whole dat a st ream � Enhance robust ness of measurement report st ream: � enable int erpolat ion/ correct ion f or missing dat a • e.g., include packet / byt e count ers, sequence numbers � decouples f rom and reduces need f or reliabilit y at ot her levels PSAMP BOF I ETF, Mar 2002 19
Conf iguration and Management � Mot ivat ion: enable reliable conf igurat ion by ext ernal applicat ions � (not as part of t he export prot ocol!) � of select or paramet ers, report f ormat , export dest inat ion � conf igurat ion of select ors in large number of device � Applicat ions: � e.g., set up of large number of f ilt ers/ count ers f or billing � e.g., collect or f ailure: redirect ion of export t o secondary collect or � e.g., ongoing 1 in N baseline measurement s t o NOC • aut omat ed det ect ion of DoS at t ack signat ure at NOC • aut omat ed reconf igurat ion of rout er f ilt er t o f ocus on at t ack t raf f ic � e.g., dynamic select or reconf igurat ion by on-board applicat ions � Requirement : MI B f or conf igurat ion paramet ers, SNMP t o read/ writ e � secure, reliable, widespread experience, easy t o build client s � vendor neut ral, st andardized � easy t o reconf igure f rom on-board applicat ion PSAMP BOF I ETF, Mar 2002 20
Recommend
More recommend
