Sampling and Filtering Techniques for IP Packet Selection - Update - draft-ietf-psamp-sample-tech-02.txt Tanja Zseby, FhG FOKUS Maurizio Molina, NEC Europe.

Slides:

Advertisements

Similar presentations

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.

Advertisements

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.

Fast, Memory-Efficient Traffic Estimation by Coincidence Counting Fang Hao 1, Murali Kodialam 1, T. V. Lakshman 1, Hui Zhang 2, 1 Bell Labs, Lucent Technologies.

Fast and Reliable Estimation Schemes in RFID Systems Murali Kodialam and Thyaga Nandagopal Bell Labs, Lucent Technologies.

Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke,

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

1 PSAMP WGIETF, November 2002PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-01.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:

Sampling and Flow Measurement Eric Purpus 5/18/04.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

DNA design team update Brett Pentland – Monash University.

Policy-based Accounting Draft Update Tanja Zseby, Sebastian Zander Fraunhofer Institute FOKUS Competence Center for Global Networking (GloNe) [zseby,

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Internet Networking Spring 2003

Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Objectives After completing this chapter you will be able to: Describe hierarchical routing in OSPF Describe the 3 protocols in OSPF, the Hello, Exchange.

Fast and Reliable Estimation Schemes in RFID Systems Murali Kodialam and Thyaga Nandagopal Bell Labs, Lucent Technologies Presented by : Joseph Gunawan.

Document Number ETH West Diamond Avenue - Third Floor, Gaithersburg, MD Phone: (301) Fax: (301)

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

Genetic Algorithm.

ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Dividing the Pizza An Advanced Traffic Billing System An Advanced Traffic Billing System Christopher Lawrence Burke The University of Queensland.

Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.

Topic of Presentation IPv6 Presented by: Mahwish Chaudhary Roll No 08TL01.

RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.

1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.

CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Interconnect simulation. Different levels for Evaluating an architecture Numerical models – Mathematic formulations to obtain performance characteristics.

Sampling and Filtering Techniques for IP Packet Selection - Update - draft-ietf-psamp-sample-tech-04.txt Tanja Zseby, FhG FOKUS Maurizio Molina, NEC Europe.

Institut für Telematik Universität Karlsruhe (TH) Germany IWAN 2005 – November 23th An Extension to Packet Filtering of Programmable Networks Marcus Schöller,

 Development began in 1987  OSPF Working Group (part of IETF)  OSPFv2 first established in 1991  Many new features added since then  Updated OSPFv2.

Genetic Algorithms Genetic algorithms provide an approach to learning that is based loosely on simulated evolution. Hypotheses are often described by bit.

Routing Fundamentals and Subnets Introduction to IT and Communications Technology CE

Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.

Chapter 18 IP: Internet Protocol Addresses. Internet protocol software used to make the internet appear to be a single, seamless communication system.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Calculating frequency moments of Data Stream

PSAMP MIB Status Managed Objects for Packet Sampling A Status Report Thomas Dietz Benoit Claise

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

LSNDI RMRA 1 Design and troubleshooting M Clements.

POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.

PSAMP Information Model Status Information Model for Packet Sampling A Status Report Thomas Dietz Falko Dressler.

IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.

1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:

Flow sampling in IPFIX: Status and suggestion for its support Maurizio Molina,

Hash Function comparison for PSAMP purposes: results and suggestions Maurizio Molina,

4: Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.

Managed Objects for Packet Sampling

Bundle Protocol Specification

IPFIX Requirements: Document Changes from Version -07 to Version -09

PSAMP MIB Status: Document Changes

Todd Walter Stanford University

Vidur Nayyar Xueting Wang Weicong Zhao

IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.

Faculty of Computer Science & Information System

IP Forwarding Relates to Lab 3.

Cryptography Lecture 15.

Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Discussion and Conclusion of Conference Call on February19]

Presentation transcript:

Sampling and Filtering Techniques for IP Packet Selection - Update - draft-ietf-psamp-sample-tech-02.txt Tanja Zseby, FhG FOKUS Maurizio Molina, NEC Europe Ltd. Fredric Raspall, NEC Europe Ltd. Nick Duffield, AT&T Labs

draft-ietf-psamp-sample-tech-02.txt2 Changes  Terminology –Aligned with Framework draft –Moved to framework –Terms for describing schemes repeated  will be removed  Description of schemes –Aligned with framework draft, agreed on schemes –Aligned with terminology –All detailed descriptions now in sample-tech draft  Restructuring of document  Complexity levels removed –Difficult to agree on levels –Vendors can select scheme(s)  Flow-state sampling added

draft-ietf-psamp-sample-tech-02.txt3 Definitions  Agreement with framework document:  Filtering: deterministic selection based on the packet content  Sampling: everything else –Content-independent Sampling Deterministic or random selection independent of packet content Examples: systematic, random sampling that is independent of packet content. –Content-dependent Sampling Selection dependent on packet content Example: pseudorandom selection according to a probability that depends on the contents of a packet field

draft-ietf-psamp-sample-tech-02.txt4 Schemes and Parameters: Sampling  Systematic count-based –start and stop in accordance to spatial packet position (packet count). –Input parameters: Interval length (in number of packets) Spacing between intervals (in number of packets)  Systematic time-based –start and stop in accordance to temporal packet position (arrival time). –Input parameters: Interval length (in µsec) Spacing (in µsec)  Not covered: –Systematic sampling with combined time- and count based trigger –Non-equal spacing

draft-ietf-psamp-sample-tech-02.txt5 Schemes and Parameters: Sampling  Random n-out-of-N –Random selection of n packets from N –Input parameters: List of n (random) sampling positions Parent size N  Uniform Probabilistic –Same sampling probability for each packet –Input parameters: Sampling probability p  Non-Uniform Probabilistic –Sampling probability depends on input –Input parameters: Function for calculation probability p  Flow State Probabilistic –Sampling probability depends on flow state (of own flow or other flows) –Input parameters: Policy for selecting flows

draft-ietf-psamp-sample-tech-02.txt6 Schemes and Parameters: Filtering  Match/Mask –Apply a bit mask to packet header and/or the first N bytes of the payload –Select packet if the bit string after masking falls within one or more selection range –Input Parameters header/payload masks (as bit strings) header/payload selection ranges (as bit strings)  Hashing –Apply bit mask to packet header and/or the first N bytes of the payload, create unique bit string –Optionally, link with another pre-defined bit string (seed) –Apply hash function on the string –Select the packet if the result falls into one or more a selection range(s) –Input Parameters Input mask (as bit strings) Seed Selection interval Hashfunction

draft-ietf-psamp-sample-tech-02.txt7 Schemes and Parameters: Filtering  Router-state selection –Select packet on the basis of its route/treatment in the router (e.g. IF to which it is routed, no route found, etc.) –Input parameters Router state (when packet should be selected)  Combined Schemes –Combination of the defined sampling and filtering schemes –E.g. for stratified sampling –Coupled via STREAM_ID [your scheme here]

draft-ietf-psamp-sample-tech-02.txt8 Schemes and Parameters Scheme | input parameters | functions systematic | packet position | packet counter count-based | sampling pattern | systematic | arrival time | clock or timer time-based | sampling pattern | random | packet position | packet counter, n-out-of-N | sampling pattern | random numbers | (random number list) | uniform | sampling | random function probabilistic | probability | non-uniform |e.g. packet position | selection function, probabilistic |or packet content(parts)| probability calc non-uniform |e.g. flow state | selection function, flow-state |or packet content(parts)| probability calc mask/match | packet content(parts) | filter function hash-based | packet content(parts) | hash function router state | router state | router state | | discovery Further clarification needed

draft-ietf-psamp-sample-tech-02.txt9 Next Steps/Open Issues  Plan –Include description of specific (pre-defined) functions (hash- functions, non-uniform selection, flow states) –Formal information model in separate document  Open Issues –More/other schemes needed ? –Which hash functions ? –High level filter specification needed ? Currently bit level (allows all combinations) Optionally also support high level definition (fields) Existing work on this in other groups ? –Include flow state sampling ?

Thank you for your attention ! Questions ?