📄 draft-peluso-flowselection-tech-00.txt
字号:
Peluso, et al. Expires December 28, 2007 [Page 8]
Internet-Draft Flow selection Techniques June 2007 Packet(s) coming in to Observation Point(s) | | v v +----------------+-------------------------+ +-----+-------+ | Metering Process on an | | | | Observation Point | | | | | | | | packet header capturing | | | | | |...| Metering | | timestamping | | Process N | | | | | | | packet selection | | | | | | | | | classification | | | | | | | | | flow state dependent sampling (*) | | | | | | | | | aggregation | | | | | | | | | flow recording (*) | | | | | | | | | | Timing out Flows | | | | | Handle resource overloads | | | +--------|---------------------------------+ +-----|-------+ | | Flow Records (selected by Observation Domain) Flow Records | | +----------------------+--------------------+ | +----------------------|---------------+ | Exporting Process v | | +---------------+-----------+ | | | flow selection (*) | | | +---------------+-----------+ | | | | | +---------------+-----------+ | | | flow export | | | +---------------+-----------+ | | | | +----------------------+---------------+ | v IPFIX export packet to Collector (*) indicates where flow selection can take place. Figure 1Peluso, et al. Expires December 28, 2007 [Page 9]
Internet-Draft Flow selection Techniques June 2007 As for the metering process, the flow selection consists in accounting only a subset of all the incoming packets collected at the observation point. However, unlike the selection process realized before the packet classification is performed, the flow selection at the metering process is in charge of electing only those incoming packets which somehow satisfy certain conditions related to the flows state information available from the flow recording process. This kind of selection is referred as a packet sampling technique, in accordance with [PSAMP-TECH] which introduces it as flow state dependent sampling. The state of the stored flow records is thus considered during the packet selection, so that the process responsible for generating or updating flow records might result easily influenced by selectively accounting the packets which feed it. Under this perspective, unlike the flow selection performed at the flow recording and exporting processes, flow selection operate at a very early stage to regard to the concept of flow, as it acts at packet level. In this way, in fact, one can prevent that some observed/observable packets might enforce the flow recording process to account, for instance, not representative or not expected flow records. Coming to the flow selection that might be provided in the flow recording and/or exporting processes, as above clarified, it is done at flow level, therefore, after that packets are classified in to the correspondent flows. More exactly, the flow selection process can be carried out on the flow recording process by storing new flow records only in those cases in which enough resources are available at the monitoring device to maintain them or by discarding already accounted records which, under certain circumstances and at a certain point in time, might be retained not anymore representative. Finally, at the flow exporting process it might be required that not all of the stored flow records available to be exported can be actually send to the collectors. We can distinguish the following selection techniques: 1. based on flow record content (i.e. all reported flow characteristics); 2. based on flow record arrival time; 3. based on external events like the exhaustion of local resources.5.1. Flow selection on flow record content <Text for this section>Peluso, et al. Expires December 28, 2007 [Page 10]
Internet-Draft Flow selection Techniques June 20075.2. Flow selection on flow record arrival time <Text for this section>5.3. Flow selection on external events <Text for this section>6. Solutions for flow cache data structure The flow cache is the component of the flow monitoring system which in charge of storing flow records, i.e. the data structures devoted to contain values of predefined metrics related to every observed flow. The effectiveness of the flow cache definitely affects the overall performance of the flow monitoring system. This is the most challenging component, as it has to search for the flow records and update the related metrics within the packet interarrival time. Elements in the flow cache can be ordered according to a Least Recently Used (LRU) algorithm: as a packet arrives at the network interface it is classified, i.e. a flowID, is computed and assigned to it. Solutions for the generation of flow IDs and search mechanisms for flow records within flow cache are described in [MoCD06]. In case a corresponding flow record, i.e. a record with that flowID, already exists in the linked list, then it is updated with packet-related data and moved to the top of the list. Otherwise, a new flow record is created and inserted on top of the list. This ordering algorithm allows addressing two issues: first, timed out flows can be easily identified by scanning the list from the tail and checking for each record whether the difference between the last update time and the current time exceeds the timeout value. Second, it is intuitive that records related to living flows transporting a lot of traffic, the so-called elephant flows, are frequently moved to the head of the list. Therefore, data about such flows can be found with high probability by scanning the LRU list from the head.7. Information model for flow selection configuration This section aims at describing the representative parameters of the above presented flow selection techniques. To this regard, this section provides the basis for an information model to adopt in order to configure the flow selection process at an IPFIX device.Peluso, et al. Expires December 28, 2007 [Page 11]
Internet-Draft Flow selection Techniques June 20078. IANA Considerations This document makes no request of IANA.9. Security Considerations <Text for this section>10. Acknowledgements <Text for this section>11. References11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.11.2. Informative References [DuLT01a] Duffield, N., Lund, C., and M. Thorup, "Charging from Sampled Network Usage", ACM Internet Measurement Workshop IMW 2001, San Francisco, USA, November 2001. [DuLT01b] Duffield, N., Lund, C., and M. Thorup, "Properties and Prediction of Flow Statistics from Sampled Packet Streams", ACM SIGCOMM Internet Measurement Workshop 2002, November 2002. [DuLT01c] Duffield, N., Lund, C., and M. Thorup, "Learn More, sample less: control of volume and variance in network measurement", IEEE Transactions on Information Theory, May 2005. [DuLT01d] Duffield, N., Lund, C., and M. Thorup, "Flow Sampling under Hard Resource Constraints", ACM IFIP Conference on Measurement and Modeling of Computer Systems SIGMETRICS, June 2004. [EsVa01] Estan, C. and G,. Varghese, "New Directions in Traffic Measurement and Accounting: Focusing on the Elephants, Ignoring the Mice", ACM SIGCOMM Internet Measurement Workshop 2001, San Francisco (CA), November 2001.Peluso, et al. Expires December 28, 2007 [Page 12]
Internet-Draft Flow selection Techniques June 2007 [FeGL98] Feldmann, A., Rexford, J., and R. Caceres, "Efficient Policies for Carrying Web Traffic over Flow-Switched Networks", IEEE/ACM Transaction on Networking, December 1998. [IPFIX-ARCH] Sadasivan, G., Bownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", Internet Draft draft-ietf-ipfix-architecture-12.txt, work in progress, September 2006. [IPFIX-INFO] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", Internet Draft draft-ietf-ipfix-info-15.txt, work in progress, February 2007. [KuXW04] Kumar, K., Xu, J., Wang, J., Spatschek, O., and L. Li, "Space-code bloom filter for efficient per-flow traffic measurement", INFOCOM 2004 Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, March 2004. [MoCD06] Molina, M., Chiosi, A., D'Antonio, S., and G. Ventre, "Design principles and algorithms for effective high-speed IP flow monitoring", September 2006. [Moli03a] Molina, M., "A scalable and efficient methodology for flow monitoring in the Internet", International Teletraffic Congress (ITC-18), Berlin, September 2003. [PSAMP-TECH] Zseby, T., Molina, M., Raspall, F., Duffield, N., and S. Niccolini, "Sampling and Filtering techniques for IP Packet Selection", Internet Draft draft-ietf-psamp-sample-tech-10.txt, work in progress, June 2007.Peluso, et al. Expires December 28, 2007 [Page 13]
Internet-Draft Flow selection Techniques June 2007Authors' Addresses Lorenzo Peluso Fraunhofer Institute FOKUS Kaiserin-Augusta-Allee 31 Berlin 10589 Germany Phone: +49 30 3463 7171 Email: lpeluso@fokus.fraunhofer.de Tanja Zseby Fraunhofer Institute FOKUS Kaiserin-Augusta-Allee 31 Berlin 10589 Germany Phone: +49 30 3463 7153 Email: zseby@fokus.fraunhofer.de Salvatore D'Antonio CINI Consortium/ITeM Laboratory Monte S.Angelo, Via Cinthia Napoli 80126 Italy Phone: +39 081 679944 Email: saldanto@unina.itPeluso, et al. Expires December 28, 2007 [Page 14]
Internet-Draft Flow selection Techniques June 2007Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).Peluso, et al. Expires December 28, 2007 [Page 15]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -