1 PSAMP WGIETF, November 2002PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-01.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou: Avici Marimuthu, Sadasivan: Cisco

2 PSAMP WGIETF, November 2002PSAMP WG Aims  Review of Framework Draft  Does it cover all framework issues?  With sufficient detail?  Open issues  harmonization with sampling draft  harmonization with IPFIX terminology

3 PSAMP WGIETF, November 2002PSAMP WG Framework document: requirements  Ubiquity: everywhere at maximal line rate  Applicability: rich enough to support applications  Timeliness: minimal delay in reporting  Transparency: need no additional reporting from device beyond PSAMP  Robustness: with respect to information loss  Privacy: RFC 2804; exclude full packet capture of arbitrary streams  Faithfulness: reported device state is that encountered by packet  Configuration: easy, and reconfiguration too  Security: of configuration and reporting; no evasion of measurement  Extensibility: to support future applications  Flexibility: different protocols (e.g IPv4, IPv6) and encapsulation  Parallel Measurements: multiple, independently configurable  Congestion Avoidance: export in compliance with RFC 2914

4 PSAMP WGIETF, November 2002PSAMP WG Framework document: elements and architecture  PSAMP Device  Hosts observation point(s), measurement process(es)  Measurement Process  Selection Process, Reporting Process, Export Process  Selection process:  Input: packet stream from observation point, their treatment, selection state e.g. counters, random number iterates, time dependent  Output: binary decision per packet (sampled or not)  How is it done: configurable selection operations  Reporting Process:  Input: as with selection process, but for the selected packets  Output: packet reports: information per selected packet report interpretation e.g. selection configuration, reporting configuration, accuracy information  Export Process:  Send output of reporting process to one or more collectors (on-board or off-board)  Parallel Measurements:  Can have multiple measurement processes per PSAMP device

5 PSAMP WGIETF, November 2002PSAMP WG Configuration  Easy dynamic reconfiguration of parameters  Selection E.g. instantiate new filter to drill down on traffic of interest  Reporting E.g. change level of report detail to match export bandwidth  Export E.g. reconfigure export rate limit in response to congestion  Approach  parameters live in MIB,  reconfigurable e.g. using SNMP

6 PSAMP WGIETF, November 2002PSAMP WG Export and Congestion Avoidance  Favor unreliable transport  Not reporting on all packets; view report loss as type of sampling can correct for loss by use of sequence numbers  Less onerous on PSAMP device: no need for addressibility of exporter no need to buffer unacknowledged data no need to process acknowledgements per packet  Need to be congestion aware: conform to RFC 2814  Three candidates for unreliable congestion aware export 1.Whatever IPFIX decides 2.Protocols under development, e.g. DCCP 3.Collector-based rate reconfiguration (Section 6.7)  Open issues: will need to evaluate

7 PSAMP WGIETF, November 2002PSAMP WG Collector based rate reconfiguration  Export process has configurable rate limit  Collector responsibility  Detect congestion (as loss from sequence numbers)  Reconfigure exporter rate limit need to chose rate control algorithm  Failure management with keepalives  Keepalives collector to exporter adjust or cease export on loss of connectivity from collector  Keepalives from exporter to collector collector distinguishes no packets selected from packet loss  Resource management and fairness  Collector can prioritize amongst different exporters  May want more or less than fair share of bandwidth for export More: get reports through even under congestion Less: collector close to exporter: small RTT compared with regular traffic

8 PSAMP WGIETF, November 2002PSAMP WG Selection Operations  The core activity of PSAMP: selecting packets  Need framework to decide which selection operations to include.  Open issues:  Find the right balance between: applicability: what applications should be supported (Section 9) ubiquity: what can be implemented at maximal line rate (Section 10)  What assumptions are we prepared to make about traffic? Drives our choice of selection operations  How to classify? Clear distinction between filtering and sampling difficult

9 PSAMP WGIETF, November 2002PSAMP WG Applications: initial proposal  Baselining  Select 1 in N packets (somehow: periodic? random? ) for reporting  Drilldown  Select traffic of interest by filtering e.g. by address, port  Path Properties:  Application congestion troubleshooting: find sources of traffic overloading a link route troubleshooting: identify routing loops performance measurement: loss, delay along paths  Approach: correlated sampling: sample representative subset of packet at all points on their paths.  Method: hash-based selection* select packet if hash of invariant fields fall in given range all routers use same hash function and range: –packet selected everywhere or nowhere  Open Issue:  Should this set be larger? Smaller? * N.B. AT&T may own intellectual property applicable to this item

10 PSAMP WGIETF, November 2002PSAMP WG Framework for Sampling and Assumptions  Current practice using particular algorithms  e.g. 1 in N periodic, vs. quasirandom with probability 1/N  Want framework to help decide if:  these are different configurable samplers, or  these are different implementations of “select 1/N th of packets kind of randomly”  Abstraction:  selection law: how you want to sampling to look e.g. 1/N th of packets with no apparent correlations  content law: what you are prepared to assume about traffic e.g. interpacket correlations negligible if separation greater than M packets –roughly true if there are more than M active flows  deem selection method: acceptable if it conforms to selection law under assumed content law  may have more than one acceptable sampling method E.g. both above examples if N > M  Open issues:  if two sampling methods are acceptable, just regard them as different implementations?  what content laws are we comfortable in assuming?

11 PSAMP WGIETF, November 2002PSAMP WG Classification Issues  Question whether sampling/filtering dichotomy fits all cases  (filtering deterministic on content,  sampling random, independent of content)  Exceptions to dichotomy  hashing is deterministic, but a good hash function can sample  importance sampling sampling with probability dependent on field contents –e.g. sample certain applications, or large packets more frequently generally impractical to implement as stratified sampling –i.e. filter on content, then sample with content-dependent probability –complex: generally have different probability for each content value  some “random” sampling algorithms use seeds from packet contents  Open issues:  aim for classification scheme, or concentrate on required functionality?