PPT Version

Download Report

Transcript PPT Version 

On the Relationship between
PSAMP and IPFIX
<draft-quittek-psamp-ipfix-00.txt>
Jürgen Quittek, NEC
Background
• Both, PSAMP WG and IPFIX WG, aim at
standardizing technology for
– observing traffic a network devices and
– exporting some (processed) part of the
observation to other devices
• Both consider packet selection as a
component
– IPFIX: just one out of many
– PSAMP: the focus
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
2
Motivation for Discussing Relationship
• Goals
– avoid duplication of work
– increase mutual benefits between the WGs
– harmonize standards to be developed by
the WGs
• Issues
– potential overlap of activities
– potential mutual complements
– common issues that should
be harmonized
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
3
IPFIX WG Goals
• Main goal: Selecting a protocol for IP flow
information export
• Steps
– define the notion of a standards IP flow
– devise data encodings for IP flows
– consider the notion of IP flow information export
based on packet sampling
– identify and address any security & privacy
concern affecting flow data
– specify the transport mapping for carrying IP flow
information
– ensure that the flow export system is reliable and
efficient
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
4
IPFIX Current Status
• Requirements document nearly completed
• Protocol selection ongoing
– 5 protocols under evaluation
•
•
•
•
•
CRANE
Diameter
IPDR
LFAP
NetFlow v9
• Work on architecture and data encodings
stopped until protocol selection is done
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
5
PSAMP Goals
• Specify a set of selection operations by
which packets are sampled
• Specify the information that is to be made
available for reporting on sampled packets
• Describe protocols by which information
on sampled packets is reported to
applications
• Describe protocols by which packet
selection and reporting configured.
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
6
IPFIX Architecture
Observation
Point
Packet headers
Metering
Process
Exporting
Process
Flow records
packet header capturing
|
timestamping
|
v
+----->+
|
|
| classifying
|
|
+------+
|
maintaining flow records
|
v
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
7
Collecting
Process
Flow records
selection
functions
may be inserted
before any
other function
PSAMP Architecture Guess
Observation
Point
Packet headers
+ portion of
payload
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
Reporting
& Export
Process
Selection
Process
Packet headers
+ portion of
payload
8
Collecting
Process
Packet reports
+ configuration
information
PSAMP Architecture Variation
Packet headers
+ portion of
payload
Observation
Point
Reporting
& Export
Process
Boolean
Selection
Process
Packet headers
+ portion of
payload
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
Packet reports
+ configuration
information
9
Collecting
Process
IPFIX
Architecture Comparison
Observation
Point
PSAMP
Packet headers
Observation
Point
Packet headers
+ portion of
payload
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
Metering
Process
Exporting
Process
Flow records
Flow records
Reporting
& Export
Process
Selection
Process
Packet headers
+ portion of
payload
10
Collecting
Process
Collecting
Process
Packet reports
+ configuration
information
Overlap, Complement, Harmonization
• Terminology
• Packet selection function
– (traditional) packet filtering
– sampling
• Packet selection model
• IPFIX export for PSAMP
• Configuration
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
11
Packet Selection Function
• The IPFIX metering process allows a
packet selection function to be called
before any of its other functions.
• Conceptually, this could be the same
function as the one used by the PSAMP
selection process.
• So far, IPFIX did not clearly specify this
function. PSAMP will definitely do so.
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
12
Packet Selection Model
• For packet selection (incl. sampling and filtering)
the PSAMP WG will develop
– an information model
– a data model
• Both can potentially be re-used by IPFIX
– information model in architecture and protocol
– data model in protocol
– configuration of metering group
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
13
IPFIX Export for PSAMP
• There is potential to re-use parts or all of
the IPFIX protocol for the PSAMP protocol
• Three levels of re-use
– information model
– data model
– protocol
• In the extreme case an IPFIX flow record
may contain a single packet
• It needs to be checked if the IPFIX
protocol meets all PSAMP requirements
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
14
Configuration
• PSAMP standardizes a MIB for configuring
• IPFIX does not standardize configuration
– > CLI
• The PSAMP MIB might be a good starting
point to be included in a (future?) IPFIX
MIB
© NEC Europe Ltd., 2002
Network Laboratories, Heidelberg
15