Presentation is loading. Please wait.

Presentation is loading. Please wait.

Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,

Published byByron Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,"— Presentation transcript:

1 Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch, choits}@etri.re.kr

2 Motivation Contents-awareness is getting more important Applicability Application Recognition/Identification User-configurable or dynamic ports, overloaded ports, etc. are big concerns Contents-based Service Differentiation and Accounting Attack/Intrusion Detection Some worms or viruses do not incur flow/packet number increases, esp. at the early stage of dissemination.

3 Real-world Situation Port/Application Port-based Accounting Contents-based Accounting 80/HTTP67 GB 59.1 GB (11.8% reduced) 21/FTP_CTRL0.29 GB0.28 GB 20/FTP_DATA43 GB42 GB ?/FTP_DATA_PASSIVEn/a 6 GB (14.3% of FTP_DATA, 2% of the total volume) 5003/?692 MB HTTP: 13.2 MB BUGS_MUSIC: 420.8 MB EDONKEY: 172.3 MB etc.: 85.7 MB PosTech Traffic Breakdown - PosTech Campus Network (24h sum in May, 304GB total volume)

4 Exporting Payload Required Contents-awareness requires exporting packet payload Entire/partial payloads can be exported on a per-packet basis our approach in the draft on the existing flow basis might be another decent option

5 Why per-packet basis? Payload investigation is expensive requires fragmentation, drop, and out-of-order handling O(t*p) or O(t+p) time complexity t = text length, p = pattern length Timely transmission is important can’t wait until a flow terminates

6 Other Applications of PPR Export QoS Monitoring and Traffic Profiling Understanding per-packet traits required

7 The Objective of the Draft Incorporating per-packet information export into the existing ipfix proposals providing a generalized version of a ppr export mechanism so that all the required fields of a packet (including payload) can be exported leveraging the existing ipfix protocol, information model, and architecture

8 Correspondence with the WG Charters ipfix or psamp? When it’s literally grounded on the charters, the draft better matches with psamp than ipfix. Nevertheless, we first brought this up to ipfix because psamp seems to be focusing on sampling and filtering mechanisms and the mibs for configuration Corresponding to the “ipfix-psamp relationship” proposal

9 Suggested Extensions Information Model Extension The draft includes information elements based on IPv4/TCP/UDP headers and packet payloads Exporting first n bytes of a packet supported Configuration Extension A selection criteria for enabling/disabling per-packet record generation Adding Per-Packet Info Export flag to the existing selection criteria suffices Pattern Specification for packet payload investigation and export (optional)

10 Extended Architecture Packet Capturing Timestamping Sampling Generating Flow Records Generating Packet Records (A payload is appended only when a specified pattern is found on the payload) Payload Investigation (Null when No pattern or Wildcard pattern) Classifying PPIE flag == on

11 Data Export Utilizing the existing Data Export mechanism Requires at the most two different record templates Flow Properties record and Packet Properties record In psamp, Flow Properties record merely means shared information element; just for stringent network resource consumption Associating packet records with the corresponding flow record is accomplished on the basis of the order of the two records; a Flow Properties record must be disposed right ahead of the corresponding Packet Properties records Packet record export intervals synchronized with the flow export unsynchronized with the flow export periodic/instant export

12 A Sample Layout of an Export Packet Containing PPR Packet Header Data FlowSet (Ordinary Flow Records)... Flow Properties FlowSet (Flow Record of flow “X”) Packet Properties FlowSet (Packet Records within “X”)... FlowSet ID = p FlowSet ID = q or p FlowSet ID = r

13 Issues Discussed Assigning a unique pkt id globally unique? flow-locally unique? what about calculating the unique id at the collecting process? Schemes for associating packet records to the corresponding flow record Incorporating information elements for IPv6 packets

14 Proposed Next Steps Regarding contents-awareness To supplement the applicability draft with some texts Exporting packet payloads using the existing flow export mechanisms may also be separately documented Regarding per-packet information export Verifying the correctness of utilizing ipfix protocol and information model under ipfix/psamp? Then, building up as a wg document in psamp? Cooperation with another interested group expected

15 Thank You!

Download ppt "Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,"

Similar presentations

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian

Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.
Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.

Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
1 PSAMP WGIETF, November 2002PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-01.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:

1 PSAMP WGIETF, November 2002PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-01.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:
FLIP : Flexible Interconnection Protocol Ignacio Solis Katia Obraczka.

FLIP : Flexible Interconnection Protocol Ignacio Solis Katia Obraczka.
December 10, 20001 Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.
DPNM, POSTECH 1/23 NOMS 2010 Jae Yoon Chung 1, Byungchul Park 1, Young J. Won 1 John Strassner 2, and James W. Hong 1, 2 {dejavu94, fates, yjwon, johns,

DPNM, POSTECH 1/23 NOMS 2010 Jae Yoon Chung 1, Byungchul Park 1, Young J. Won 1 John Strassner 2, and James W. Hong 1, 2 {dejavu94, fates, yjwon, johns,
December 13, 20001 Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

Similar presentations

Ads by Google