Network Working Group N. Duffield, Ed.
Request for Comments: 5474 AT&T Labs - Research
Category: Informational D. Chiou
University of Texas
B. Claise
Cisco Systems, Inc.
A. Greenberg
Microsoft
M. Grossglauser
EPFL & Nokia
J. Rexford
Princeton University
March 2009
Network Working Group N. Duffield, Ed.
Request for Comments: 5474 AT&T Labs - Research
Category: Informational D. Chiou
University of Texas
B. Claise
Cisco Systems, Inc.
A. Greenberg
Microsoft
M. Grossglauser
EPFL & Nokia
J. Rexford
Princeton University
March 2009
A Framework for Packet Selection and Reporting
数据包选择和报告框架
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Abstract
摘要
This document specifies a framework for the PSAMP (Packet SAMPling) protocol. The functions of this protocol are to select packets from a stream according to a set of standardized Selectors, to form a stream of reports on the selected packets, and to export the reports to a Collector. This framework details the components of this architecture, then describes some generic requirements, motivated by the dual aims of ubiquitous deployment and utility of the reports for applications. Detailed requirements for selection, reporting, and exporting are described, along with configuration requirements of the PSAMP functions.
本文档指定了PSAMP(数据包采样)协议的框架。该协议的功能是根据一组标准化选择器从流中选择数据包,在所选数据包上形成报告流,并将报告导出到收集器。该框架详细介绍了该体系结构的组件,然后描述了一些通用需求,其动机是无处不在的部署和应用程序报告的实用性。描述了选择、报告和导出的详细要求,以及PSAMP功能的配置要求。
Table of Contents
目录
1. Introduction ....................................................4
2. PSAMP Documents Overview ........................................4
3. Elements, Terminology, and High-Level Architecture ..............5
3.1. High-Level Description of the PSAMP Architecture ...........5
3.2. Observation Points, Packet Streams, and Packet Content .....5
3.3. Selection Process ..........................................6
3.4. Reporting ..................................................7
3.5. Metering Process ...........................................8
3.6. Exporting Process ..........................................8
3.7. PSAMP Device ...............................................9
3.8. Collector ..................................................9
3.9. Possible Configurations ....................................9
4. Generic Requirements for PSAMP .................................11
4.1. Generic Selection Process Requirements ....................11
4.2. Generic Reporting Requirements ............................12
4.3. Generic Exporting Process Requirements ....................12
4.4. Generic Configuration Requirements ........................13
5. Packet Selection ...............................................13
5.1. Two Types of Selectors ....................................13
5.2. PSAMP Packet Selectors ....................................14
5.3. Selection Fraction Terminology ............................17
5.4. Input Sequence Numbers for Primitive Selectors ............18
5.5. Composite Selectors .......................................19
5.6. Constraints on the Selection Fraction .....................19
6. Reporting ......................................................19
6.1. Mandatory Contents of Packet Reports: Basic Reports .......19
6.2. Extended Packet Reports ...................................20
6.3. Extended Packet Reports in the Presence of IPFIX ..........20
6.4. Report Interpretation .....................................21
7. Parallel Metering Processes ....................................22
8. Exporting Process ..............................................22
8.1. Use of IPFIX ..............................................22
8.2. Export Packets ............................................22
1. Introduction ....................................................4
2. PSAMP Documents Overview ........................................4
3. Elements, Terminology, and High-Level Architecture ..............5
3.1. High-Level Description of the PSAMP Architecture ...........5
3.2. Observation Points, Packet Streams, and Packet Content .....5
3.3. Selection Process ..........................................6
3.4. Reporting ..................................................7
3.5. Metering Process ...........................................8
3.6. Exporting Process ..........................................8
3.7. PSAMP Device ...............................................9
3.8. Collector ..................................................9
3.9. Possible Configurations ....................................9
4. Generic Requirements for PSAMP .................................11
4.1. Generic Selection Process Requirements ....................11
4.2. Generic Reporting Requirements ............................12
4.3. Generic Exporting Process Requirements ....................12
4.4. Generic Configuration Requirements ........................13
5. Packet Selection ...............................................13
5.1. Two Types of Selectors ....................................13
5.2. PSAMP Packet Selectors ....................................14
5.3. Selection Fraction Terminology ............................17
5.4. Input Sequence Numbers for Primitive Selectors ............18
5.5. Composite Selectors .......................................19
5.6. Constraints on the Selection Fraction .....................19
6. Reporting ......................................................19
6.1. Mandatory Contents of Packet Reports: Basic Reports .......19
6.2. Extended Packet Reports ...................................20
6.3. Extended Packet Reports in the Presence of IPFIX ..........20
6.4. Report Interpretation .....................................21
7. Parallel Metering Processes ....................................22
8. Exporting Process ..............................................22
8.1. Use of IPFIX ..............................................22
8.2. Export Packets ............................................22
8.3. Congestion-Aware Unreliable Transport .....................22
8.4. Configurable Export Rate Limit ............................23
8.5. Limiting Delay for Export Packets .........................23
8.6. Export Packet Compression .................................24
8.7. Collector Destination .....................................25
8.8. Local Export ..............................................25
9. Configuration and Management ...................................25
10. Feasibility and Complexity ....................................26
10.1. Feasibility ..............................................26
10.1.1. Filtering .........................................26
10.1.2. Sampling ..........................................26
10.1.3. Hashing ...........................................26
10.1.4. Reporting .........................................27
10.1.5. Exporting .........................................27
10.2. Potential Hardware Complexity ............................27
11. Applications ..................................................28
11.1. Baseline Measurement and Drill Down ......................29
11.2. Trajectory Sampling ......................................29
11.3. Passive Performance Measurement ..........................30
11.4. Troubleshooting ..........................................30
12. Security Considerations .......................................31
12.1. Relation of PSAMP and IPFIX Security for
Exporting Process ........................................31
12.2. PSAMP Specific Privacy Considerations ....................31
12.3. Security Considerations for Hash-Based Selection .........32
12.3.1. Modes and Impact of Vulnerabilities ...............32
12.3.2. Use of Private Parameters in Hash Functions .......33
12.3.3. Strength of Hash Functions ........................33
12.4. Security Guidelines for Configuring PSAMP ................34
13. Contributors ..................................................34
14. Acknowledgments ...............................................34
15. References ....................................................34
15.1. Normative References .....................................34
15.2. Informative References ...................................35
8.3. Congestion-Aware Unreliable Transport .....................22
8.4. Configurable Export Rate Limit ............................23
8.5. Limiting Delay for Export Packets .........................23
8.6. Export Packet Compression .................................24
8.7. Collector Destination .....................................25
8.8. Local Export ..............................................25
9. Configuration and Management ...................................25
10. Feasibility and Complexity ....................................26
10.1. Feasibility ..............................................26
10.1.1. Filtering .........................................26
10.1.2. Sampling ..........................................26
10.1.3. Hashing ...........................................26
10.1.4. Reporting .........................................27
10.1.5. Exporting .........................................27
10.2. Potential Hardware Complexity ............................27
11. Applications ..................................................28
11.1. Baseline Measurement and Drill Down ......................29
11.2. Trajectory Sampling ......................................29
11.3. Passive Performance Measurement ..........................30
11.4. Troubleshooting ..........................................30
12. Security Considerations .......................................31
12.1. Relation of PSAMP and IPFIX Security for
Exporting Process ........................................31
12.2. PSAMP Specific Privacy Considerations ....................31
12.3. Security Considerations for Hash-Based Selection .........32
12.3.1. Modes and Impact of Vulnerabilities ...............32
12.3.2. Use of Private Parameters in Hash Functions .......33
12.3.3. Strength of Hash Functions ........................33
12.4. Security Guidelines for Configuring PSAMP ................34
13. Contributors ..................................................34
14. Acknowledgments ...............................................34
15. References ....................................................34
15.1. Normative References .....................................34
15.2. Informative References ...................................35
This document describes the PSAMP framework for network elements to select subsets of packets by statistical and other methods, and to export a stream of reports on the selected packets to a Collector.
本文档描述了PSAMP框架,用于网络元素通过统计和其他方法选择数据包子集,并将所选数据包的报告流导出到收集器。
The motivation for the PSAMP standard comes from the need for measurement-based support for network management and control across multivendor domains. This requires domain-wide consistency in the types of selection schemes available, and the manner in which the resulting measurements are presented and interpreted.
PSAMP标准的动机来自于对跨多供应商域的网络管理和控制的基于测量的支持。这要求可用选择方案的类型以及结果测量的呈现和解释方式在整个领域内保持一致。
The motivation for specific packet selection operations comes from the applications that they enable. Development of the PSAMP standard is open to influence by the requirements of standards in related IETF Working Groups, for example, IP Performance Metrics (IPPM) [RFC2330] and Internet Traffic Engineering (TEWG).
特定数据包选择操作的动机来自它们启用的应用程序。PSAMP标准的制定受到相关IETF工作组标准要求的影响,例如,IP性能指标(IPPM)[RFC2330]和互联网流量工程(TEWG)。
The name PSAMP is a contraction of the phrase "Packet Sampling". The word "Sampling" captures the idea that only a subset of all packets passing a network element will be selected for reporting. But PSAMP selection operations include random selection, deterministic selection (Filtering), and deterministic approximations to random selection (Hash-based Selection).
PSAMP的名称是短语“数据包采样”的缩写。“采样”一词抓住了这样一个概念,即只有通过网元的所有数据包的子集才会被选择用于报告。但是PSAMP选择操作包括随机选择、确定性选择(过滤)和随机选择的确定性近似(基于散列的选择)。
This document is one out of a series of documents from the PSAMP group.
本文档是PSAMP组的一系列文档之一。
RFC 5474 (this document): "A Framework for Packet Selection and Reporting" describes the PSAMP framework for network elements to select subsets of packets by statistical and other methods, and to export a stream of reports on the selected packets to a Collector. Definitions of terminology and the use of the terms "must", "should", and "may" in this document are informational only.
RFC 5474(本文件):“数据包选择和报告框架”描述了PSAMP框架,用于网络元件通过统计和其他方法选择数据包子集,并将所选数据包的报告流导出到收集器。本文件中术语的定义以及术语“必须”、“应该”和“可能”的使用仅供参考。
[RFC5475]: "Sampling and Filtering Techniques for IP Packet Selection" describes the set of packet selection techniques supported by PSAMP.
[RFC5475]:“IP数据包选择的采样和过滤技术”描述了PSAMP支持的数据包选择技术集。
[RFC5476]: "Packet Sampling (PSAMP) Protocol Specifications" specifies the export of packet information from a PSAMP Exporting Process to a PSAMP Collecting Process.
[RFC5476]:“数据包采样(PSAMP)协议规范”指定将数据包信息从PSAMP导出进程导出到PSAMP收集进程。
[RFC5477]: "Information Model for Packet Sampling Exports" defines an information and data model for PSAMP.
[RFC5477]:“数据包采样导出的信息模型”定义了PSAMP的信息和数据模型。
Here is an informal high-level description of the PSAMP protocol operating in a PSAMP Device (all terms will be defined presently). A stream of packets is observed at an Observation Point. A Selection Process inspects each packet to determine whether or not it is to be selected for reporting. The Selection Process is part of the Metering Process, which constructs a report on each selected packet, using the Packet Content, and possibly other information such as the packet treatment at the Observation Point or the arrival timestamp. An Exporting Process sends the Packet Reports to a Collector, together with any subsidiary information needed for their interpretation.
以下是在PSAMP设备中运行的PSAMP协议的非正式高级描述(所有术语目前将定义)。在观察点观察数据包流。选择过程检查每个数据包,以确定是否选择它进行报告。选择过程是计量过程的一部分,计量过程使用分组内容和可能的其他信息(例如观察点处的分组处理或到达时间戳)构建关于每个所选分组的报告。导出过程将数据包报告连同解释所需的任何辅助信息一起发送给收集器。
The following figure indicates the sequence of the three processes (Selection, Metering, and Exporting) within the PSAMP device.
下图显示了PSAMP设备内三个过程(选择、计量和导出)的顺序。
+------------------+
| Metering Process |
| +-----------+ | +-----------+
Observed | | Selection | | | Exporting |
Packet--->| | Process |--------->| Process |--->Collector
Stream | +-----------+ | +-----------+
+------------------+
+------------------+
| Metering Process |
| +-----------+ | +-----------+
Observed | | Selection | | | Exporting |
Packet--->| | Process |--------->| Process |--->Collector
Stream | +-----------+ | +-----------+
+------------------+
The following sections give detailed definitions of each of the objects just named.
以下各节给出了刚刚命名的每个对象的详细定义。
This section contains the definition of terms relevant to obtaining the packet input to the Selection Process.
本节包含与获取选择过程的数据包输入相关的术语定义。
* Observation Point
* 观测点
An Observation Point is a location in the network where IP packets can be observed. Examples include a line to which a probe is attached, a shared medium, such as an Ethernet-based LAN, a single port of a router, or a set of interfaces (physical or logical) of a router.
观察点是网络中可以观察IP数据包的位置。示例包括探针连接的线路、共享介质(如基于以太网的LAN)、路由器的单个端口或路由器的一组接口(物理或逻辑)。
Note that every Observation Point is associated with an Observation Domain and that one Observation Point may be a superset of several other Observation Points. For
请注意,每个观察点都与一个观察域相关联,并且一个观察点可能是多个其他观察点的超集。对于
example, one Observation Point can be an entire line card. That would be the superset of the individual Observation Points at the line card's interfaces.
例如,一个观察点可以是一张完整的线卡。这将是线路卡接口处单个观测点的超集。
* Observed Packet Stream
* 观测数据包流
The Observed Packet Stream is the set of all packets observed at the Observation Point.
观察到的分组流是在观察点处观察到的所有分组的集合。
* Packet Stream
* 包流
A Packet Stream denotes a set of packets from the Observed Packet Stream that flows past some specified point within the Metering Process. An example of a Packet Stream is the output of the Selection Process. Note that packets selected from a stream, e.g., by Sampling, do not necessarily possess a property by which they can be distinguished from packets that have not been selected. For this reason, the term "stream" is favored over "flow", which is defined as a set of packets with common properties [RFC3917].
数据包流表示来自观测数据包流的一组数据包,这些数据包流经过计量过程中的某个指定点。分组流的一个示例是选择过程的输出。注意,例如通过采样从流中选择的分组不一定具有可通过其与未选择的分组区分的属性。因此,术语“流”优于“流”,后者被定义为具有公共属性的一组数据包[RFC3917]。
* Packet Content
* 数据包内容
The Packet Content denotes the union of the packet header (which includes link layer, network layer, and other encapsulation headers) and the packet payload.
分组内容表示分组报头(包括链路层、网络层和其他封装报头)和分组有效载荷的联合。
This section defines the Selection Process and related objects.
本节定义了选择过程和相关对象。
* Selection Process
* 选择过程
A Selection Process takes the Observed Packet Stream as its input and selects a subset of that stream as its output.
选择过程将观察到的分组流作为其输入,并选择该流的子集作为其输出。
* Selection State
* 选择状态
A Selection Process may maintain state information for use by the Selection Process. At a given time, the Selection State may depend on packets observed at and before that time, and other variables. Examples include:
选择过程可以维护状态信息以供选择过程使用。在给定时间,选择状态可能取决于在该时间和之前观察到的数据包以及其他变量。例子包括:
(i) sequence numbers of packets at the input of Selectors;
(i) 选择器输入端的数据包序列号;
(ii) a timestamp of observation of the packet at the Observation Point;
(ii)在观察点观察分组的时间戳;
(iii) iterators for pseudorandom number generators;
(iii)伪随机数生成器的迭代器;
(iv) hash values calculated during selection;
(iv)选择期间计算的哈希值;
(v) indicators of whether the packet was selected by a given Selector.
(v) 指示数据包是否由给定选择器选择的指示器。
Selection Processes may change portions of the Selection State as a result of processing a packet. Selection State for a packet reflects the state after processing the packet.
选择过程可作为处理分组的结果而改变选择状态的部分。数据包的选择状态反映处理数据包后的状态。
* Selector
* 选择器
A Selector defines the action of a Selection Process on a single packet of its input. If selected, the packet becomes an element of the output Packet Stream.
选择器定义选择过程对其输入的单个数据包的操作。如果选择,则数据包成为输出数据包流的一个元素。
The Selector can make use of the following information in determining whether a packet is selected:
选择器可以利用以下信息来确定是否选择了分组:
(i) the Packet Content;
(i) 分组内容;
(ii) information derived from the packet's treatment at the Observation Point;
(ii)从观察点的数据包处理中获得的信息;
(iii) any Selection State that may be maintained by the Selection Process.
(iii)选择过程可能维持的任何选择状态。
* Composite Selector
* 复合选择器
A Composite Selector is an ordered composition of Selectors, in which the output Packet Stream issuing from one Selector forms the input Packet Stream to the succeeding Selector.
复合选择器是选择器的有序组合,其中从一个选择器发出的输出数据包流形成到后续选择器的输入数据包流。
* Primitive Selector
* 基本选择器
A Selector is primitive if it is not a Composite Selector.
如果选择器不是复合选择器,则它是基本选择器。
* Packet Reports
* 数据包报告
Packet Reports comprise a configurable subset of a packet's input to the Selection Process, including the Packet Content, information relating to its treatment (for example, the output interface), and its associated Selection State (for example, a hash of the Packet Content).
分组报告包括分组对选择过程的输入的可配置子集,包括分组内容、与其处理相关的信息(例如,输出接口)及其关联的选择状态(例如,分组内容的散列)。
* Report Interpretation
* 报告解释
Report Interpretation comprises subsidiary information, relating to one or more packets, that is used for interpretation of their Packet Reports. Examples include configuration parameters of the Selection Process.
报告解释包括用于解释其数据包报告的与一个或多个数据包相关的辅助信息。示例包括选择过程的配置参数。
* Report Stream
* 报告流
The Report Stream is the output of a Metering Process, comprising two distinct types of information: Packet Reports and Report Interpretation.
报告流是计量过程的输出,包括两种不同类型的信息:数据包报告和报告解释。
A Metering Process selects packets from the Observed Packet Stream using a Selection Process, and produces as output a Report Stream concerning the selected packets.
计量处理使用选择处理从观察到的分组流中选择分组,并产生关于所选分组的报告流作为输出。
The PSAMP Metering Process can be viewed as analogous to the IPFIX Metering Process [RFC5101], which produces Flow Records as its output, with the difference that the PSAMP Metering Process always contains a Selection Process. The relationship between PSAMP and IPFIX is further described in [RFC5477] and [RFC5474].
PSAMP计量过程可被视为类似于IPFIX计量过程[RFC5101],该过程产生流量记录作为其输出,不同之处在于PSAMP计量过程始终包含一个选择过程。[RFC5477]和[RFC5474]中进一步描述了PSAMP和IPFIX之间的关系。
* Exporting Process
* 导出过程
An Exporting Process sends, in the form of Export Packets, the output of one or more Metering Processes to one or more Collectors.
导出过程以导出包的形式将一个或多个计量过程的输出发送到一个或多个收集器。
* Export Packets
* 导出数据包
An Export Packet is a combination of Report Interpretation(s) and/or one or more Packet Reports that are bundled by the Exporting Process into an Export Packet for exporting to a Collector.
导出数据包是报告解释和/或一个或多个数据包报告的组合,这些报告由导出过程捆绑到导出数据包中,以导出到收集器。
A PSAMP Device is a device hosting at least an Observation Point, a Metering Process (which includes a Selection Process), and an Exporting Process. Typically, corresponding Observation Point(s), Metering Process(es), and Exporting Process(es) are co-located at this device, for example, at a router.
PSAMP设备是至少承载观测点、计量过程(包括选择过程)和导出过程的设备。通常,相应的观测点、计量过程和导出过程共同位于该设备上,例如路由器上。
A Collector receives a Report Stream exported by one or more Exporting Processes. In some cases, the host of the Metering and/or Exporting Processes may also serve as the Collector.
收集器接收由一个或多个导出进程导出的报告流。在某些情况下,计量和/或导出过程的主机也可以用作收集器。
Various possibilities for the high-level architecture of these elements are as follows.
这些元素的高级架构的各种可能性如下。
MP = Metering Process, EP = Exporting process
MP=计量过程,EP=导出过程
PSAMP Device
+---------------------+ +------------------+
|Observation Point(s) | | Collector(1) |
|MP(s)--->EP----------+---------------->| |
|MP(s)--->EP----------+-------+-------->| |
+---------------------+ | +------------------+
|
PSAMP Device |
+---------------------+ | +------------------+
|Observation Point(s) | +-------->| Collector(2) |
|MP(s)--->EP----------+---------------->| |
+---------------------+ +------------------+
PSAMP Device
+---------------------+ +------------------+
|Observation Point(s) | | Collector(1) |
|MP(s)--->EP----------+---------------->| |
|MP(s)--->EP----------+-------+-------->| |
+---------------------+ | +------------------+
|
PSAMP Device |
+---------------------+ | +------------------+
|Observation Point(s) | +-------->| Collector(2) |
|MP(s)--->EP----------+---------------->| |
+---------------------+ +------------------+
PSAMP Device
+---------------------+
|Observation Point(s) |
|MP(s)--->EP---+ |
| | |
|Collector(3)<-+ |
+---------------------+
PSAMP Device
+---------------------+
|Observation Point(s) |
|MP(s)--->EP---+ |
| | |
|Collector(3)<-+ |
+---------------------+
The most simple Metering Process configuration is composed of:
最简单的计量过程配置包括:
+------------------------------------+
| +----------+ |
| |Selection | |
Observed | |Process | Packet |
Packet-->| |(Primitive|-> Stream -> |--> Report Stream
^
Stream | | Selector)| |
^
| +----------+ |
| Metering Process |
+------------------------------------+
+------------------------------------+
| +----------+ |
| |Selection | |
Observed | |Process | Packet |
Packet-->| |(Primitive|-> Stream -> |--> Report Stream
^
Stream | | Selector)| |
^
| +----------+ |
| Metering Process |
+------------------------------------+
A Metering Process with a Composite Selector is composed of:
带有复合选择器的计量过程包括:
+--------------------------------------------------...
| +-----------------------------------+
| | +----------+ +----------+ |
| | |Selection | |Selection | |
Observed | | |Process | |Process | |
Packet-->| | |(Primitive|-Packet->|(Primitive|---> Packet ...
^ ^
Stream | | |Selector1)| Stream |Selector2)| | Stream
^ ^
| | +----------+ +----------+ |
| | Composite Selector |
| +-----------------------------------+
| Metering Process
+--------------------------------------------------...
+--------------------------------------------------...
| +-----------------------------------+
| | +----------+ +----------+ |
| | |Selection | |Selection | |
Observed | | |Process | |Process | |
Packet-->| | |(Primitive|-Packet->|(Primitive|---> Packet ...
^ ^
Stream | | |Selector1)| Stream |Selector2)| | Stream
^ ^
| | +----------+ +----------+ |
| | Composite Selector |
| +-----------------------------------+
| Metering Process
+--------------------------------------------------...
...-------------+
|
|
|
|
|---> Report Stream
|
|
|
|
|
...-------------+
...-------------+
|
|
|
|
|---> Report Stream
|
|
|
|
|
...-------------+
This section describes the generic requirements for the PSAMP protocol. A number of these are realized as specific requirements in later sections.
本节介绍PSAMP协议的一般要求。在后面的章节中,其中一些是作为特定需求实现的。
(a) Ubiquity: The Selectors must be simple enough to be implemented ubiquitously at maximal line rate.
(a) 普遍性:选择器必须足够简单,以最大行速率普遍实现。
(b) Applicability: The set of Selectors must be rich enough to support a range of existing and emerging measurement-based applications and protocols. This requires a workable trade-off between the range of traffic engineering applications and operational tasks it enables, and the complexity of the set of capabilities.
(b) 适用性:选择器集必须足够丰富,以支持一系列现有和新兴的基于测量的应用程序和协议。这就需要在交通工程应用的范围和它所能实现的操作任务以及能力集的复杂性之间进行可行的权衡。
(c) Extensibility: The protocol must be able to accommodate additional packet Selectors not currently defined.
(c) 可扩展性:协议必须能够容纳当前未定义的其他数据包选择器。
(d) Flexibility: The protocol must support selection of packets using various network protocols or encapsulation layers, including Internet Protocol Version 4 (IPv4) [RFC0791], Internet Protocol Version 6 (IPv6) [RFC2460], and Multiprotocol Label Switching (MPLS) [RFC3031].
(d) 灵活性:协议必须支持使用各种网络协议或封装层选择数据包,包括Internet协议版本4(IPv4)[RFC0791]、Internet协议版本6(IPv6)[RFC2460]和多协议标签交换(MPLS)[RFC3031]。
(e) Robust Selection: Packet selection must be robust against attempts to craft an Observed Packet Stream from which packets are selected disproportionately (e.g., to evade selection or overload measurement systems).
(e) 稳健选择:数据包选择必须稳健,以防试图构建一个观察到的数据包流,数据包从中被不成比例地选择(例如,逃避选择或过载测量系统)。
(f) Parallel Metering Processes: The protocol must support simultaneous operation of multiple independent Metering Processes at the same host.
(f) 并行计量进程:协议必须支持在同一主机上同时运行多个独立计量进程。
(g) Causality: The selection decision for each packet should depend only weakly, if at all, upon future packets' arrivals. This promotes ubiquity by limiting the complexity of the selection logic.
(g) 因果关系:每个数据包的选择决定应该仅弱地依赖于未来数据包的到达。这通过限制选择逻辑的复杂性来促进普遍性。
(h) Encrypted Packets: Selectors that interpret packet fields must be configurable to ignore (i.e., not select) encrypted packets, when they are detected.
(h) 加密数据包:解释数据包字段的选择器必须可配置为在检测到加密数据包时忽略(即不选择)加密数据包。
Specific Selectors are outlined in Section 5, and described in more detail in the companion document [RFC5475].
第5节概述了特定选择器,并在配套文件[RFC5475]中进行了更详细的描述。
(i) Self-Defining: The Report Stream must be complete in the sense that no additional information need be retrieved from the Observation Point in order to interpret and analyze the reports.
(i) 自定义:报告流必须是完整的,即不需要从观察点检索额外的信息来解释和分析报告。
(j) Indication of Information Loss: The Report Stream must include sufficient information to indicate or allow the detection of loss occurring within the Selection, Metering, and/or Exporting Processes, or in transport. This may be achieved by the use of sequence numbers.
(j) 信息丢失指示:报告流必须包含足够的信息,以指示或允许检测在选择、计量和/或导出过程中或传输过程中发生的丢失。这可以通过使用序列号来实现。
(k) Accuracy: The Report Stream must include information that enables the accuracy of measurements to be determined.
(k) 准确度:报告流必须包含能够确定测量准确度的信息。
(l) Faithfulness: All reported quantities that relate to the packet treatment must reflect the router state and configuration encountered by the packet at the time it is received by the Metering Process.
(l) 忠实性:与数据包处理相关的所有报告数量必须反映路由器状态和计量过程接收数据包时遇到的配置。
(m) Privacy: Although selection of the content of Packet Reports must be responsive to the needs of measurement applications, it must also conform with [RFC2804]. In particular, full packet capture of arbitrary Packet Streams is explicitly out of scope.
(m) 隐私:尽管数据包报告内容的选择必须响应测量应用程序的需求,但也必须符合[RFC2804]。特别是,任意数据包流的完整数据包捕获明显超出范围。
See Section 6 for further discussions on Reporting.
有关报告的进一步讨论,请参见第6节。
(n) Timeliness: Configuration must allow for limiting of buffering delays for the formation and transmission for Export Packets. See Section 8.5 for further details.
(n) 及时性:配置必须允许限制输出数据包的形成和传输的缓冲延迟。详见第8.5节。
(o) Congestion Avoidance: Export of a Report Stream across a network must be congestion avoiding in compliance with [RFC2914]. This is discussed further in Section 8.3.
(o) 拥塞避免:根据[RFC2914],通过网络导出报告流时必须避免拥塞。第8.3节将对此进行进一步讨论。
(p) Secure Export
(p) 安全出口
(i) confidentiality: The option to encrypt exported data must be provided.
(i) 机密性:必须提供加密导出数据的选项。
(ii) integrity: Alterations in transit to exported data must be detectable at the Collector.
(ii)完整性:在传输过程中对导出数据的更改必须在收集器处可检测到。
(iii) authenticity: Authenticity of exported data must be verifiable by the Collector in order to detect forged data.
(iii)真实性:为了检测伪造数据,采集器必须能够验证导出数据的真实性。
The motivation here is the same as for security in IPFIX export; see Sections 6.3 and 10 of [RFC3917].
这里的动机与IPFIX导出中的安全性相同;见[RFC3917]第6.3节和第10节。
(q) Ease of Configuration: This applies to ease of configuration of Sampling and export parameters, e.g., for automated remote reconfiguration in response to collected reports.
(q) 易于配置:这适用于采样和导出参数的易于配置,例如,用于响应收集的报告的自动远程重新配置。
(r) Secure Configuration: The option to configure via protocols that prevent unauthorized reconfiguration or eavesdropping on configuration communications must be available. Eavesdropping on configuration might allow an attacker to gain knowledge that would be helpful in crafting a Packet Stream to evade subversion or overload the measurement infrastructure.
(r) 安全配置:必须提供通过协议进行配置的选项,以防止未经授权的重新配置或窃听配置通信。窃听配置可能使攻击者获得有助于构建数据包流以逃避颠覆或使测量基础设施过载的知识。
Configuration is discussed in Section 9.
配置在第9节中讨论。
This section details specific requirements for the Selection Process, motivated by the generic requirements of Section 3.3.
本节详细说明了根据第3.3节的一般要求,选择过程的具体要求。
PSAMP categorizes Selectors into two types:
PSAMP将选择器分为两种类型:
* Filtering: A filter is a Selector that selects a packet deterministically based on the Packet Content, or its treatment, or functions of these occurring in the Selection State. Two examples are:
* 过滤:过滤器是一个选择器,它根据数据包内容、数据包处理或选择状态中出现的数据包功能来确定选择数据包。两个例子是:
(i) Property Match Filtering: A packet is selected if a specific field in the packet equals a predefined value.
(i) 属性匹配筛选:如果数据包中的特定字段等于预定义值,则选择数据包。
(ii) Hash-based Selection: A hash function is applied to the Packet Content, and the packet is selected if the result falls in a specified range.
(ii)基于散列的选择:对数据包内容应用散列函数,如果结果在指定范围内,则选择数据包。
* Sampling: A Selector that is not a filter is called a Sampling operation. This reflects the intuitive notion that if the selection of a packet cannot be determined from its content alone, there must be some type of Sampling taking place.
* 采样:不是过滤器的选择器称为采样操作。这反映了一个直观的概念,即如果不能仅从数据包的内容来确定数据包的选择,则必须进行某种类型的采样。
Sampling operations can be divided into two subtypes:
采样操作可分为两个子类型:
(i) Content-independent Sampling, which does not use Packet Content in reaching Sampling decisions. Examples include
(i) 与内容无关的采样,在做出采样决定时不使用数据包内容。例子包括
systematic Sampling, and uniform pseudorandom Sampling driven by a pseudorandom number whose generation is independent of Packet Content. Note that in content-independent Sampling, it is not necessary to access the Packet Content in order to make the selection decision.
系统采样,以及由伪随机数驱动的均匀伪随机采样,其生成与数据包内容无关。注意,在与内容无关的采样中,不必为了做出选择决策而访问分组内容。
(ii) Content-dependent Sampling, in which the Packet Content is used in reaching selection decisions. An application is pseudorandom selection with a probability that depends on the contents of a packet field, e.g., Sampling packets with a probability dependent on their TCP/UDP port numbers. Note that this is not a filter.
(ii)与内容相关的抽样,其中分组内容用于达成选择决策。应用程序是伪随机选择,其概率取决于数据包字段的内容,例如,采样数据包的概率取决于其TCP/UDP端口号。请注意,这不是一个过滤器。
A spectrum of packet Selectors is described in detail in [RFC5475]. Here we only briefly summarize the meanings for completeness.
[RFC5475]中详细描述了分组选择器的频谱。在这里,我们仅简要总结完整性的含义。
A PSAMP Selection Process must support at least one of the following Selectors.
PSAMP选择过程必须至少支持以下选择器之一。
* systematic count-based Sampling: Packet selection is triggered periodically by packet count, a number of successive packets being selected subsequent to each trigger.
* 基于系统计数的采样:数据包选择由数据包计数周期性触发,在每次触发后选择多个连续数据包。
* systematic time-based Sampling: This is similar to systematic count-based Sampling except that selection is reckoned with respect to time rather than count. Packet selection is triggered at periodic instants separated by a time called the spacing. All packets that arrive within a certain time of the trigger (called the interval length) are selected.
* 基于时间的系统抽样:这与基于计数的系统抽样类似,只是选择是根据时间而不是计数来计算的。数据包选择在间隔时间间隔的周期性瞬间触发。所有在触发器的特定时间(称为间隔长度)内到达的数据包都被选中。
* probabilistic n-out-of-N Sampling: From each count-based successive block of N packets, n are selected at random.
* 概率n取n抽样:从n个包的每个基于计数的连续块中,随机选择n个。
* uniform probabilistic Sampling: Packets are selected independently with fixed Sampling probability p.
* 均匀概率抽样:以固定抽样概率p独立选择数据包。
* non-uniform probabilistic Sampling: Packets are selected independently with probability p that depends on Packet Content.
* 非均匀概率抽样:数据包以概率p独立选择,概率p取决于数据包内容。
* Property Match Filtering
* 属性匹配过滤
With this Filtering method, a packet is selected if a specific field within the packet and/or on properties of the router state equal(s) a predefined value. Possible filter fields are all IPFIX Flow attributes specified in [RFC5102]. Further fields can be defined by vendor-specific extensions.
使用此过滤方法,如果包内和/或路由器状态属性上的特定字段等于预定义值,则选择包。可能的筛选器字段是[RFC5102]中指定的所有IPFIX流属性。其他字段可以由特定于供应商的扩展定义。
A packet is selected if Field=Value. Masks and ranges are only supported to the extent to which [RFC5102] allows them, e.g., by providing explicit fields like the netmasks for source and destination addresses.
如果字段=值,则选择数据包。掩码和范围仅在[RFC5102]允许的范围内受支持,例如,通过提供源地址和目标地址的网络掩码等显式字段。
AND operations are possible by concatenating filters, thus producing a composite selection operation. In this case, the ordering in which the Filtering happens is implicitly defined (outer filters come after inner filters). However, as long as the concatenation is on filters only, the result of the cascaded filter is independent from the order, but the order may be important for implementation purposes, as the first filter will have to work at a higher rate. In any case, an implementation is not constrained to respect the filter ordering, as long as the result is the same, and it may even implement the composite Filtering in one single step.
和操作可以通过串联过滤器来实现,从而产生复合选择操作。在这种情况下,过滤发生的顺序是隐式定义的(外部过滤器在内部过滤器之后)。然而,只要级联仅在滤波器上,级联滤波器的结果与阶数无关,但是阶数对于实现目的可能很重要,因为第一个滤波器必须以更高的速率工作。在任何情况下,只要结果相同,实现都不受过滤器顺序的约束,甚至可以在一个步骤中实现复合过滤。
OR operations are not supported with this basic model. More sophisticated filters (e.g., supporting bitmasks, ranges, or OR operations) can be realized as vendor-specific schemes.
此基本模型不支持或操作。更复杂的过滤器(例如,支持位掩码、范围或操作)可以作为特定于供应商的方案实现。
Property match operations should be available for different protocol portions of the packet header:
属性匹配操作应可用于数据包头的不同协议部分:
(i) IP header (excluding options in IPv4, stacked headers in IPv6)
(i) IP标头(不包括IPv4中的选项,IPv6中的堆叠标头)
(ii) transport header
(ii)运输总管
(iii) encapsulation headers (e.g., the MPLS label stack, if present)
(iii)封装头(例如,MPLS标签堆栈,如果存在)
When the PSAMP Device offers Property Match Filtering, and, in its usual capacity other than in performing PSAMP functions, identifies or processes information from IP, transport, or encapsulation protocols, then the information should be made available for Filtering. For example, when a PSAMP Device is a router that routes based on destination IP address, that field should be made available for Filtering. Conversely, a PSAMP Device that does not route is not expected to be able to locate an IP address within a packet, or make it available for Filtering, although it may do so.
当PSAMP设备提供属性匹配过滤,并且在执行PSAMP功能以外的通常能力下,识别或处理来自IP、传输或封装协议的信息时,则应使该信息可用于过滤。例如,当PSAMP设备是基于目标IP地址路由的路由器时,该字段应可用于过滤。相反,不路由的PSAMP设备预计无法在数据包中定位IP地址,或使其可用于过滤,尽管它可能会这样做。
Since packet encryption alters the meaning of encrypted fields, Property Match Filtering must be configurable to ignore encrypted packets when detected.
由于数据包加密会改变加密字段的含义,因此必须配置属性匹配筛选,以便在检测到加密数据包时忽略加密数据包。
The Selection Process may support Filtering based on the properties of the router state:
选择过程可支持基于路由器状态的属性进行过滤:
(i) Ingress interface at which packet arrives equals a specified value
(i) 数据包到达的入口接口等于指定值
(ii) Egress interface to which packet is routed to equals a specified value
(ii)数据包路由到的出口接口等于指定值
(iii) Packet violated Access Control List (ACL) on the router
(iii)路由器上的数据包违反访问控制列表(ACL)
(iv) Failed Reverse Path Forwarding (RPF). Packets that match the Failed Reverse Path Forwarding (RPF) condition are packets for which ingress Filtering failed as defined in [RFC3704].
(iv)反向路径转发(RPF)失败。符合失败反向路径转发(RPF)条件的数据包是[RFC3704]中定义的入口过滤失败的数据包。
(v) Failed Resource Reservation Protocol (RSVP). Packets that match the Failed RSVP condition are packets that do not fulfill the RSVP specification as defined in [RFC2205].
(v) 失败的资源保留协议(RSVP)。符合失败RSVP条件的数据包是不符合[RFC2205]中定义的RSVP规范的数据包。
(vi) No route found for the packet
(vi)未找到数据包的路由
(vii) Origin Border Gateway Protocol (BGP) Autonomous System (AS) [RFC4271] equals a specified value or lies within a given range
(vii)源边界网关协议(BGP)自治系统(AS)[RFC4271]等于指定值或位于给定范围内
(viii) Destination BGP AS equals a specified value or lies within a given range
(viii)目标BGP等于指定值或位于给定范围内
Router architectural considerations may preclude some information concerning the packet treatment being available at line rate for selection of packets. For example, the Selection Process may not be implemented in the fast path that is able to access router state at line rate. However, when Filtering follows Sampling (or some other selection operation) in a Composite Selector, the rate of the Packet Stream output from the sampler and input to the filter may be sufficiently low that the filter could select based on router state.
路由器体系结构考虑可能会排除一些关于分组处理的信息,这些信息可用于选择分组。例如,选择过程可能不在能够以线路速率访问路由器状态的快速路径中实现。然而,当在复合选择器中的采样(或一些其他选择操作)之后进行过滤时,从采样器输出并输入到过滤器的分组流的速率可以足够低,以致过滤器可以基于路由器状态进行选择。
* Hash-based Selection:
* 基于哈希的选择:
Hash-based Selection will employ one or more hash functions to be standardized. A hash function is applied to a subset of Packet Content, and the packet is selected if the resulting hash falls in a specified range. The stronger the hash function, the more closely Hash-based Selection approximates uniform random Sampling. Privacy of hash selection range and hash function parameters obstructs subversion of the Selector by packets that are crafted
基于散列的选择将使用一个或多个要标准化的散列函数。散列函数应用于数据包内容的子集,如果生成的散列落在指定范围内,则选择该数据包。哈希函数越强,基于哈希的选择就越接近均匀随机抽样。散列选择范围和散列函数参数的私密性阻止了精心编制的数据包对选择器的破坏
either to avoid selection or to be selected. Privacy of the hash function is not required. Robustness and security considerations of Hash-based Selection are further discussed in [RFC5475]. Applications of hash-based Sampling are described in Section 11.
避免选择或被选择。哈希函数的保密性不是必需的。[RFC5475]中进一步讨论了基于散列的选择的健壮性和安全性。第11节描述了基于散列的采样的应用。
* Population:
* 人口:
A Population is a Packet Stream, or a subset of a Packet Stream. A Population can be considered as a base set from which packets are selected. An example is all packets in the Observed Packet Stream that are observed within some specified time interval.
填充是数据包流或数据包流的子集。可以将总体视为从中选择数据包的基本集。一个示例是在某个指定的时间间隔内观察到的所观察的分组流中的所有分组。
* Population Size
* 人口规模
The Population Size is the number of all packets in a Population.
总体大小是总体中所有数据包的数量。
* Sample Size
* 样本量
The Sample Size is the number of packets selected from the Population by a Selector.
样本大小是选择器从总体中选择的数据包数。
* Configured Selection Fraction
* 配置选择分数
The Configured Selection Fraction is the expected ratio of the Sample Size to the Population Size, as based on the configured selection parameters.
配置的选择分数是基于配置的选择参数的样本大小与总体大小的预期比率。
* Attained Selection Fraction
* 获得的选择分数
The Attained Selection Fraction is the ratio of the actual Sample Size to the Population Size.
获得的选择分数是实际样本量与总体规模的比率。
For some Sampling methods, the Attained Selection Fraction can differ from the Configured Selection Fraction due to, for example, the inherent statistical variability in Sampling decisions of probabilistic Sampling and Hash-based Selection. Nevertheless, for large Population Sizes and properly configured Selectors, the Attained Selection Fraction usually approaches the Configured Selection Fraction.
对于一些抽样方法,由于例如概率抽样和基于散列的选择的抽样决策中固有的统计可变性,所获得的选择分数可以不同于所配置的选择分数。然而,对于较大的总体规模和正确配置的选择器,获得的选择分数通常接近配置的选择分数。
The notions of Configured/Attained Selection Fractions extend beyond Selectors. An illustrative example is the Configured Selection Fraction of the composition of the Metering Process with the Exporting Process. Here the Population is the Observed Packet Stream or a subset thereof. The Configured Selection Fraction is the fraction of the Population for which Packet Reports are
配置/获得的选择分数的概念超出了选择器。一个说明性示例是计量过程与导出过程的组合的配置选择分数。这里,总体是观察到的分组流或其子集。配置的选择分数是生成数据包报告的总体分数
expected to reach the Collector. This quantity may reflect additional parameters, not necessarily described in the PSAMP protocol, that determine the degree of loss suffered by Packet Reports en route to the Collector, e.g., the transmission bandwidth available to the Exporting Process. In this example, the Attained Selection Fraction is the fraction of Population packets for which reports did actually reach the Collector, and thus incorporates the effect of any loss of Packet Reports due, e.g., to resource contention at the Observation Point or during transmission.
预计将到达收集器。该数量可反映不一定在PSAMP协议中描述的附加参数,其确定发送到收集器的分组报告所遭受的损失程度,例如导出过程可用的传输带宽。在该示例中,所获得的选择分数是报告确实到达收集器的总体分组的分数,并且因此包括由于(例如)观察点处的资源争用或传输期间的资源争用而导致的分组报告的任何丢失的影响。
Each instance of a Primitive Selector must maintain a count of packets presented at its input. The counter value is to be included as a sequence number for selected packets. The sequence numbers are considered as part of the packet's Selection State.
基本选择器的每个实例都必须保持在其输入端显示的数据包计数。计数器值将作为所选数据包的序列号包含。序列号被视为数据包选择状态的一部分。
Use of input sequence numbers enables applications to determine the Attained Selection Fraction, and hence correctly normalize network usage estimates regardless of loss of information, regardless of whether this loss occurs because of discard of Packet Reports in the Metering Process (e.g., due to resource contention in the host of these processes), or loss of export packets in transmission or collection. See [RFC3176] for further details.
使用输入序列号使应用程序能够确定获得的选择分数,从而正确地规范化网络使用估计,而不管信息丢失,也不管这种丢失是否是由于在计量过程中丢弃数据包报告而发生的(例如,由于这些进程主机中的资源争用)或传输或收集中的导出数据包丢失。有关更多详细信息,请参阅[RFC3176]。
As an example, consider a set of n consecutive Packet Reports r1,
r2,... , rn, selected by a Sampling operation and received at a
Collector. Let s1, s2,..., sn be the input sequence numbers reported
by the packets. The Attained Selection Fraction for the composite of
the measurement and Exporting Processes, taking into account both
packet Sampling at the Observation Point and loss in transmission, is
computed as R = (n-1)/(sn-s1). (Note that R would be 1 if all
packets were selected and there were no transmission loss.)
As an example, consider a set of n consecutive Packet Reports r1,
r2,... , rn, selected by a Sampling operation and received at a
Collector. Let s1, s2,..., sn be the input sequence numbers reported
by the packets. The Attained Selection Fraction for the composite of
the measurement and Exporting Processes, taking into account both
packet Sampling at the Observation Point and loss in transmission, is
computed as R = (n-1)/(sn-s1). (Note that R would be 1 if all
packets were selected and there were no transmission loss.)
The Attained Selection Fraction can be used to estimate the number of bytes present in a portion of the Observed Packet Stream. Let b1, b2,..., bn be the number of bytes reported in each of the packets that reached the Collector, and set B = b1+b2+...+bn. Then the total bytes present in packets in the Observed Packet Stream whose input sequence numbers lie between s1 and sn is estimated by B/R, i.e., scaling up the measured bytes through division by the Attained Selection Fraction.
所获得的选择分数可用于估计观察到的分组流的一部分中存在的字节数。设b1,b2,…,bn为到达收集器的每个数据包中报告的字节数,并设置B=b1+b2+…+bn。然后,通过B/R来估计输入序列号位于s1和sn之间的观察分组流中分组中存在的总字节,即,通过除以所获得的选择分数来放大所测量的字节。
With Composite Selectors, an input sequence number must be reported for each Selector in the composition.
对于复合选择器,必须为组合中的每个选择器报告一个输入序列号。
The ability to compose Selectors in a Selection Process should be provided. The following combinations appear to be most useful for applications:
应提供在选择过程中组合选择器的能力。以下组合似乎对应用程序最有用:
* concatenation of Property Match Filters. This is useful for constructing the AND of the component filters.
* 属性匹配筛选器的串联。这对于构造组件过滤器的AND非常有用。
* Filtering followed by Sampling.
* 先过滤后采样。
* Sampling followed by Filtering.
* 采样后进行过滤。
Composite Selectors are useful for drill-down applications. The first component of a Composite Selector can be used to reduce the load on the second component. In this setting, the advantage to be gained from a given ordering can depend on the composition of the Packet Stream.
复合选择器对于深入应用程序很有用。复合选择器的第一个组件可用于减少第二个组件上的负载。在该设置中,从给定排序获得的优势可以取决于分组流的组成。
Sampling at full line rate, i.e., with probability 1, is not excluded in principle, although resource constraints may not permit it in practice.
原则上不排除以全线速率(即概率为1)进行采样,尽管资源限制在实践中可能不允许这样做。
This section details specific requirements for reporting, motivated by the generic requirements of Section 3.4.
本节根据第3.4节的一般要求,详细说明了报告的具体要求。
Packet Reports must include the following:
数据包报告必须包括以下内容:
(i) the input sequence number(s) of any Selectors that acted on the packet in the instance of a Metering Process that produced the report.
(i) 在生成报告的计量过程实例中,对数据包起作用的任何选择器的输入序列号。
(ii) the identifier of the Metering Process that produced the selected packet.
(ii)产生所选数据包的计量过程的标识符。
The Metering Process must support inclusion of the following in each Packet Report, as a configurable option:
计量过程必须支持在每个数据包报告中包含以下内容,作为可配置选项:
(iii) a basic report on the packet, i.e., some number of contiguous bytes from the start of the packet, including the packet header (which includes network layer and any
(iii)关于分组的基本报告,即,从分组开始的一些连续字节数,包括分组报头(包括网络层和任何
encapsulation headers) and some subsequent bytes of the packet payload.
封装头)和数据包负载的一些后续字节。
Some devices may not have the resource capacity or functionality to provide more detailed Packet Reports than those in (i), (ii), and (iii) above. Using this minimum required reporting functionality, the Metering Process places the burden of interpretation on the Collector or on applications that it supplies. Some devices may have the capability to provide extended Packet Reports, described in the next section.
一些设备可能没有资源容量或功能来提供比上述(i)、(ii)和(iii)中的设备更详细的分组报告。使用此最低要求的报告功能,计量过程将解释的负担放在收集器或其提供的应用程序上。一些设备可能具有提供扩展数据包报告的能力,将在下一节中介绍。
The Metering Process may support inclusion in Packet Reports of the following information, inclusion of any or all being configurable as an option.
计量过程可支持在分组报告中包括以下信息,包括任何或全部可配置为选项。
(iv) fields relating to the following protocols used in the packet: IPv4, IPV6, transport protocols, and encapsulation protocols including MPLS.
(iv)与包中使用的以下协议相关的字段:IPv4、IPV6、传输协议和封装协议,包括MPLS。
(v) packet treatment, including:
(v) 包处理,包括:
- identifiers for any input and output interfaces of the Observation Point that were traversed by the packet
- 数据包遍历的观察点的任何输入和输出接口的标识符
- source and destination BGP AS
- 源和目标BGP AS
(vi) Selection State associated with the packet, including:
(vi)与分组相关联的选择状态,包括:
- the timestamp of observation of the packet at the Observation Point. The timestamp should be reported to microsecond resolution.
- 在观察点观察数据包的时间戳。时间戳应以微秒分辨率报告。
- hash values, where calculated.
- 散列值,其中已计算。
It is envisaged that selection of fields for Extended Packet Reporting may be used to reduce reporting bandwidth, in which case the option to report information in (iii) may not be exercised.
可以设想,选择用于扩展分组报告的字段可用于减少报告带宽,在这种情况下,可能无法执行(iii)中报告信息的选项。
If an IPFIX Metering Process is supported at the Observation Point, then in order to be PSAMP compliant, Extended Packet Reports must be able to include all fields required in the IPFIX information model [RFC5102], with modifications appropriate to reporting on single packets rather than Flows.
如果观察点支持IPFIX计量过程,则为了符合PSAMP,扩展数据包报告必须能够包括IPFIX信息模型[RFC5102]中所需的所有字段,并进行适当的修改,以报告单个数据包而不是流。
The Report Interpretation must include:
报告解释必须包括:
(i) configuration parameters of the Selectors of the packets reported on;
(i) 所报告的分组的选择器的配置参数;
(ii) format of the Packet Report;
(ii)数据包报告的格式;
(iii) indication of the inherent accuracy of the reported quantities, e.g., of the packet timestamp.
(iii)指示报告数量的固有准确性,例如,数据包时间戳。
The accuracy measure in (iii) is of fundamental importance for estimating the likely error attached to estimates formed from the Packet Reports by applications.
(iii)中的精度度量对于估计应用程序根据数据包报告形成的估计值可能存在的误差具有根本重要性。
The requirements for robustness and transparency are motivations for including Report Interpretation in the Report Stream: it makes the Report Stream self-defining. The PSAMP framework excludes reliance on an alternative model in which interpretation is recovered out of band. This latter approach is not robust with respect to undocumented changes in Selector configuration, and may give rise to future architectural problems for network management systems to coherently manage both configuration and data collection.
健壮性和透明度的要求是在报告流中包含报告解释的动机:它使报告流具有自定义性。PSAMP框架排除了对替代模型的依赖,在该模型中,解释在带外恢复。对于选择器配置中未记录的更改,后一种方法并不可靠,并且可能会导致网络管理系统将来出现架构问题,以便一致地管理配置和数据收集。
It is not envisaged that all Report Interpretation be included in every Packet Report. Many of the quantities listed above are expected to be relatively static; they could be communicated periodically, and upon change.
并非所有的报告解释都包含在每个数据包报告中。上面列出的许多数量预计是相对静态的;他们可以定期沟通,并在发生变化时进行沟通。
Because of the increasing number of distinct measurement applications with varying requirements, it is desirable to set up parallel Metering Processes on a given Observed Packet Stream. A device capable of hosting a Metering Process should be able to support more than one independently configurable Metering Process simultaneously. Each such Metering Process should have the option of being equipped with its own Exporting Process; otherwise, the parallel Metering Processes may share the same Exporting Process.
由于具有不同需求的不同测量应用的数量不断增加,因此需要在给定的观测数据包流上建立并行测量过程。能够承载计量过程的设备应能够同时支持多个独立可配置的计量过程。每一个这样的计量过程都可以选择配备自己的出口过程;否则,并行计量过程可能共享相同的导出过程。
Each of the parallel Metering Processes should be independent. However, resource constraints may prevent complete reporting on a packet selected by multiple Selection Processes. In this case, reporting for the packet must be complete for at least one Metering Process; other Metering Processes need only record that they selected the packet, e.g., by incrementing a counter. The priority among Metering Processes under resource contention should be configurable.
每个并行计量过程都应该是独立的。然而,资源约束可能会阻止对由多个选择过程选择的数据包的完整报告。在这种情况下,数据包的报告必须至少完成一个计量过程;其他计量过程只需要记录他们选择的数据包,例如,通过增加计数器。资源争用下的计量进程之间的优先级应该是可配置的。
It is not proposed to standardize the number of parallel Metering Processes.
不建议对平行计量过程的数量进行标准化。
This section details specific requirements for the Exporting Process, motivated by the generic requirements of Section 3.6.
本节详细说明了出口过程的具体要求,其动机是第3.6节的一般要求。
PSAMP will use the IP Flow Information Export (IPFIX) protocol for export of the Report Stream. The IPFIX protocol is well suited for this purpose, because the IPFIX architecture matches the PSAMP architecture very well and the means provided by the IPFIX protocol are sufficient for PSAMP purposes. On the other hand, not all features of the IPFIX protocol will need to be implemented by some PSAMP Devices. For example, a device that offers only content-independent Sampling and basic PSAMP reporting has no need to support IPFIX capabilities based on packet fields.
PSAMP将使用IP流信息导出(IPFIX)协议导出报告流。IPFIX协议非常适合于此目的,因为IPFIX体系结构与PSAMP体系结构非常匹配,并且IPFIX协议提供的方法足以用于PSAMP目的。另一方面,并非IPFIX协议的所有功能都需要由某些PSAMP设备实现。例如,仅提供独立于内容的采样和基本PSAMP报告的设备不需要支持基于数据包字段的IPFIX功能。
Export Packets may contain one or more Packet Reports, and/or Report Interpretation. Export Packets must also contain:
导出数据包可能包含一个或多个数据包报告和/或报告解释。导出数据包还必须包含:
(i) an identifier for the Exporting Process
(i) 导出进程的标识符
(ii) an Export Packet sequence number
(ii)出口数据包序列号
An Export Packet sequence number enables the Collector to identify loss of Export Packets in transit. Note that some transport protocols, e.g., UDP, do not provide sequence numbers. Moreover, having sequence numbers available at the application level enables the Collector to calculate the packet loss rate for use, e.g., in estimating original traffic volumes from Export Packets that reach the Collector.
导出包序列号使收集器能够识别传输中的导出包丢失。请注意,某些传输协议(例如UDP)不提供序列号。此外,在应用级具有可用的序列号使得收集器能够计算分组丢失率以供使用,例如,在从到达收集器的导出分组估计原始业务量时。
The export of the Report Stream does not require reliable export. Section 5.4 shows that the use of input sequence numbers in packet Selectors means that the ability to estimate traffic rates is not impaired by export loss. Export Packet loss becomes another form of Sampling, albeit a less desirable, and less controlled, form of Sampling.
报告流的导出不需要可靠的导出。第5.4节显示,在数据包选择器中使用输入序列号意味着估计流量率的能力不会因输出丢失而受损。导出数据包丢失成为另一种采样形式,尽管这是一种不太理想、也不太受控制的采样形式。
In distinction, retransmission of lost Export Packets consumes additional network resources. The requirement to store
区别在于,丢失的导出数据包的重新传输会消耗额外的网络资源。存储的要求
unacknowledged data is an impediment to having ubiquitous support for PSAMP.
未确认的数据阻碍了对PSAMP的普遍支持。
In order to jointly satisfy the timeliness and congestion avoidance requirements of Section 4.3, a congestion-aware unreliable transport protocol may be used. IPFIX is compatible with this requirement, since it mandates support of the Stream Control Transmission Protocol (SCTP) [RFC4960] and the SCTP Partial Reliability Extension [RFC3758].
为了共同满足第4.3节的及时性和拥塞避免要求,可使用拥塞感知不可靠传输协议。IPFIX与此要求兼容,因为它要求支持流控制传输协议(SCTP)[RFC4960]和SCTP部分可靠性扩展[RFC3758]。
IPFIX also allows the use of the User Datagram Protocol (UDP) [RFC0768], although it is not a congestion-aware protocol. However, in this case, the Export Packets must remain wholly within the administrative domains of the operators [RFC5101]. The PSAMP Exporting Process is equipped with a configurable export rate limit (see Section 8.4) that can be used to limit the export rate when a congestion-aware transport protocol is not used. The Collector, upon detection of Export Packet loss through missing export sequence numbers, may reconfigure the export rate limit downwards in order to avoid congestion.
IPFIX还允许使用用户数据报协议(UDP)[RFC0768],尽管它不是拥塞感知协议。然而,在这种情况下,导出数据包必须完全保留在运营商的管理域内[RFC5101]。PSAMP导出过程配备了可配置的导出速率限制(见第8.4节),可用于在未使用拥塞感知传输协议时限制导出速率。收集器在检测到由于缺少导出序列号而导致的导出数据包丢失时,可以向下重新配置导出速率限制,以避免拥塞。
The Exporting Process must have an export rate limit, configurable per Exporting Process. This is useful for two reasons:
导出过程必须有一个导出速率限制,每个导出过程都可以配置。这很有用,原因有二:
(i) Even without network congestion, the rate of packet selection may exceed the capacity of the Collector to process reports, particularly when many Exporting Processes feed a common Collector. Use of an Export Rate Limit allows control of the global input rate to the Collector.
(i) 即使没有网络拥塞,数据包选择的速率也可能超过收集器处理报告的能力,特别是当许多导出进程向公共收集器提供数据包时。使用导出速率限制可以控制收集器的全局输入速率。
(ii) IPFIX provides export using UDP as the transport protocol in some circumstances. An Export Rate Limit allows the capping of the export rate to match both path link speeds and the capacity of the Collector.
(ii)IPFIX在某些情况下使用UDP作为传输协议提供导出。导出速率限制允许导出速率的上限匹配路径链路速度和收集器容量。
Low measurement latency allows the traffic monitoring system to be more responsive to real-time network events, for example, in quickly identifying sources of congestion. Timeliness is generally a good thing for devices performing the Sampling since it minimizes the amount of memory needed to buffer samples.
较低的测量延迟允许流量监控系统对实时网络事件做出更大的响应,例如,快速识别拥塞源。对于执行采样的设备来说,时效性通常是一件好事,因为它最大限度地减少了缓冲采样所需的内存量。
Keeping the packet dispatching delay small has other benefits besides limiting buffer requirements. For many applications, a resolution of 1 second is sufficient. Applications in this category would include
除了限制缓冲区需求外,保持分组调度延迟较小还有其他好处。对于许多应用,1秒的分辨率就足够了。这类申请包括
identifying sources associated with congestion, tracing Denial-of-Service (DoS) attacks through the network, and constructing traffic matrices. Furthermore, keeping dispatch delay within the resolution required by applications eliminates the need for timestamping by synchronized clocks at Observation Points, or for the Observation Points and Collector to maintain bidirectional communication in order to track clock offsets. The Collector can simply process Packet Reports in the order that they are received, using its own clock as a "global" time base. This avoids the complexity of buffering and reordering samples. See [DuGeGr02] for an example.
识别与拥塞相关的源,通过网络跟踪拒绝服务(DoS)攻击,并构建流量矩阵。此外,将调度延迟保持在应用程序所需的分辨率内,消除了观测点同步时钟的时间戳需求,或观测点和收集器保持双向通信以跟踪时钟偏移的需求。收集器可以简单地按照接收的顺序处理数据包报告,使用自己的时钟作为“全局”时基。这避免了缓冲和重新排序样本的复杂性。有关示例,请参见[DuGeGr02]。
The delay between observation of a packet and transmission of an Export Packet containing a report on that packet has several components. It is difficult to standardize a given numerical delay requirement, since in practice the delay may be sensitive to processor load at the Observation Point. Therefore, PSAMP aims to control that portion of the delay within the Observation Point that is due to buffering in the formation and transmission of Export Packets.
观察数据包和传输包含该数据包报告的导出数据包之间的延迟有几个部分。很难标准化给定的数字延迟要求,因为在实践中,延迟可能对观测点的处理器负载敏感。因此,PSAMP旨在控制观察点内由于导出包的形成和传输中的缓冲而产生的延迟部分。
In order to limit delay in the formation of Export Packets, the Exporting Process must provide the ability to close out and enqueue for transmission any Export Packet during formation as soon as it includes one Packet Report.
为了限制导出数据包形成的延迟,导出过程必须提供在形成过程中,一旦包含一个数据包报告,就关闭并排队传输任何导出数据包的能力。
In order to limit the delay in the transmission of Export Packets, a configurable upper bound to the delay of an Export Packet prior to transmission must be provided. If the bound is exceeded, the Export Packet is dropped. This functionality can be provided by the timed reliability service of the SCTP Partial Reliability Extension [RFC3758].
为了限制输出数据包传输中的延迟,必须提供传输前输出数据包延迟的可配置上限。如果超出限制,导出数据包将被丢弃。此功能可由SCTP部分可靠性扩展[RFC3758]的定时可靠性服务提供。
The Exporting Process may enqueue the Report Stream in order to export multiple Packet Reports in a single Export Packet. Any consequent delay must still allow for timely availability of Packet Reports as just described. The timed reliability service of the SCTP Partial Reliability Extension [RFC3758] allows the dropping of packets from the export buffer once their age in the buffer exceeds a configurable bound. A suitable default value for the bound should be used in order to avoid a low transmission rate due to misconfiguration.
导出过程可以将报告流排队,以便在单个导出分组中导出多个分组报告。任何后续的延迟都必须允许数据包报告的及时可用性,如前所述。SCTP部分可靠性扩展[RFC3758]的定时可靠性服务允许在数据包在缓冲区中的时间超过可配置界限时,从导出缓冲区丢弃数据包。为了避免由于配置错误而导致的低传输速率,应使用合适的绑定默认值。
To conserve network bandwidth and resources at the Collector, the Export Packets may be compressed before export. Compression is expected to be quite effective since the selected packets may share many fields in common, e.g., if a filter focuses on packets with
为了节省收集器处的网络带宽和资源,可以在导出之前压缩导出包。压缩预期是相当有效的,因为所选分组可能共享许多公共字段,例如,如果过滤器关注具有相同字段的分组
certain values in particular header fields. Using compression, however, could impact the timeliness of Packet Reports. Any consequent delay must not violate the timeliness requirement for availability of Packet Reports at the Collector.
特定标题字段中的某些值。但是,使用压缩可能会影响数据包报告的及时性。任何后续延迟不得违反收集器数据包报告可用性的及时性要求。
When exporting to a remote Collector, the Collector is identified by IP address, transport protocol, and transport port number.
导出到远程收集器时,收集器由IP地址、传输协议和传输端口号标识。
The Report Stream may be directly exported to on-board measurement-based applications, for example, those that form composite statistics from more than one packet. Local Export may be presented through an interface directly to the higher-level applications, i.e., through an API, rather than employing the transport used for off-board export. Specification of such an API is outside the scope of the PSAMP framework.
报告流可以直接导出到基于车载测量的应用程序,例如,那些从多个分组形成复合统计的应用程序。本地导出可以通过接口直接呈现给更高级别的应用程序,即通过API,而不是使用用于非车载导出的传输。此类API的规范不在PSAMP框架的范围内。
A possible example of Local Export could be that packets selected by the PSAMP Metering Process serve as the input for the IPFIX protocol, which then forms Flow Records out of the stream of selected packets.
本地导出的一个可能示例是,PSAMP计量过程选择的数据包用作IPFIX协议的输入,然后IPFIX协议从所选数据包流中形成流记录。
A key requirement for PSAMP is the easy reconfiguration of the parameters of the Metering Process, including those for selection and Packet Reports, and of the Exporting Process. An important example is to support measurement-based applications that want to adaptively drill-down on traffic detail in real time.
PSAMP的一个关键要求是计量过程的参数(包括用于选择和数据包报告的参数)以及导出过程的参数易于重新配置。一个重要的例子是支持基于测量的应用程序,这些应用程序希望实时自适应地深入了解流量细节。
To facilitate retrieval and monitoring of parameters, they are to reside in a Management Information Base (MIB). Mandatory monitoring objects will cover all mandatory PSAMP functionality. Alarming of specific parameters could be triggered with thresholding mechanisms such as the RMON (Remote Network Monitoring) event and alarm [RFC2819] or the event MIB [RFC2981].
为了便于检索和监控参数,这些参数将驻留在管理信息库(MIB)中。强制监控对象将涵盖所有强制PSAMP功能。特定参数的报警可通过阈值机制触发,如RMON(远程网络监控)事件和报警[RFC2819]或事件MIB[RFC2981]。
For configuring parameters of the Metering Process, several alternatives are available including a MIB module with writeable objects, as well as other configuration protocols. For configuring parameters of the Exporting Process, the Packet Report, and the Report Interpretation, which is an IFPIX task, the IPFIX configuration method(s) should be used.
对于配置计量过程的参数,有几种可选方案,包括带有可写对象的MIB模块以及其他配置协议。为了配置导出过程、数据包报告和报告解释(这是IFPIX任务)的参数,应使用IPFIX配置方法。
Although management and configuration of Collectors is out of scope, a PSAMP Device, to the extent that it employs IPFIX as an export protocol, inherits from IPFIX the capability to detect and recover from Collector failure; see Section 8.2 of [RFC5470].
虽然收集器的管理和配置超出了范围,但PSAMP设备在使用IPFIX作为导出协议的情况下,继承了IPFIX检测收集器故障并从中恢复的能力;见[RFC5470]第8.2节。
In order for PSAMP to be supported across the entire spectrum of networking equipment, it must be simple and inexpensive to implement. One can envision easy-to-implement instances of the mechanisms described within this document. Thus, for that subset of instances, it should be straightforward for virtually all system vendors to include them within their products. Indeed, Sampling and Filtering operations are already realized in available equipment.
为了使PSAMP能够在整个网络设备范围内得到支持,它必须简单且成本低廉。可以设想本文档中描述的机制的易于实现的实例。因此,对于该实例子集,几乎所有系统供应商都可以直接将其包含在其产品中。事实上,采样和过滤操作已经在可用设备中实现。
Here we give some specific arguments to demonstrate feasibility and comment on the complexity of hardware implementations. We stress here that the point of these arguments is not to favor or recommend any particular implementation, or to suggest a path for standardization, but rather to demonstrate that the set of possible implementations is not empty.
在这里,我们给出一些具体的论据来证明可行性,并对硬件实现的复杂性进行评论。我们在此强调,这些论点的重点不是支持或推荐任何特定的实现,或建议标准化的路径,而是证明可能的实现集不是空的。
Filtering consists of a small number of mask (bit-wise logical), comparison, and range (greater than) operations. Implementation of at least a small number of such operations is straightforward. For example, filters for security Access Control Lists (ACLs) are widely implemented. This could be as simple as an exact match on certain fields, or involve more complex comparisons and ranges.
过滤由少量掩码(按位逻辑)、比较和范围(大于)操作组成。至少一小部分此类操作的实现是简单的。例如,安全访问控制列表(ACL)的过滤器被广泛实现。这可以简单到在某些字段上进行精确匹配,也可以涉及更复杂的比较和范围。
Sampling based on either counters (counter set, decrement, test for equal to zero) or range matching on the hash of a packet (greater than) is possible given a small number of Selectors, although there may be some differences in ease of implementation for hardware vs. software platforms.
如果有少量选择器,则可以基于计数器(计数器集、减量、等于零的测试)或数据包散列上的范围匹配(大于)进行采样,尽管硬件平台和软件平台的实现容易程度可能存在一些差异。
Hashing functions vary greatly in complexity. Execution of a small number of sufficiently simple hash functions is implementable at line rate. Concerning the input to the hash function, hop-invariant IP header fields (IP address, IP identification) and TCP/UDP header fields (port numbers, TCP sequence number) drawn from the first 40
散列函数的复杂度差别很大。少量足够简单的散列函数可以以行速率执行。关于哈希函数的输入,从前40个字段中提取跃点不变的IP头字段(IP地址、IP标识)和TCP/UDP头字段(端口号、TCP序列号)
bytes of the packet have been found to possess a considerable variability; see [DuGr01].
已发现数据包的字节具有相当大的可变性;见[DuGr01]。
The simplest Packet Report would duplicate the first n bytes of the packet. However, such an uncompressed format may tax the bandwidth available to the Exporting Process for high Sampling rates; reporting selected fields would save on this bandwidth. Thus, there is a trade-off between simplicity and bandwidth limitations.
最简单的数据包报告将复制数据包的前n个字节。然而,这种未压缩格式可能对高采样率的导出过程可用的带宽征税;报告所选字段将节省此带宽。因此,在简单性和带宽限制之间存在权衡。
Ease of exporting Export Packets depends on the system architecture. Most systems should be able to support export by insertion of Export Packets, even through the software path.
导出数据包的容易程度取决于系统架构。大多数系统应该能够通过插入导出数据包来支持导出,即使是通过软件路径。
Achieving low constants for performance while minimizing hardware resources is, of course, a challenge, especially at very high clock frequencies. Most of the Selectors, however, are very basic and their implementations very well understood; in fact, the average Application-Specific Integrated Circuit (ASIC) designer simply uses canned library instances of these operations rather than design them from scratch. In addition, networking equipment generally does not need to run at the fastest clock rates, further reducing the effort required to get reasonably efficient implementations.
当然,在最小化硬件资源的同时实现低性能常数是一个挑战,特别是在非常高的时钟频率下。然而,大多数选择器都非常基本,它们的实现也非常容易理解;事实上,一般的专用集成电路(ASIC)设计者只是简单地使用这些操作的封装库实例,而不是从头开始设计它们。此外,网络设备通常不需要以最快的时钟速率运行,从而进一步减少了实现合理高效所需的工作量。
Simple bit-wise logical operations are easy to implement in hardware. Such operations (NAND/NOR/XNOR) directly translate to four-transistor gates. Each bit of a multiple-bit logical operation is completely independent and thus can be performed in parallel incurring no additional performance cost above a single-bit operation.
简单的逐位逻辑操作很容易在硬件中实现。这种操作(NAND/NOR/XNOR)直接转换为四个晶体管门。多位逻辑运算的每一位都是完全独立的,因此可以并行执行,而不会比单位运算产生额外的性能成本。
Comparisons (EQ/NEQ) take O(log(M)) stages of logic, where M is the number of bits involved in the comparison. The log(M) is required to accumulate the result into a single bit.
比较(EQ/NEQ)采用逻辑的O(log(M))级,其中M是比较中涉及的位数。需要日志(M)将结果累积到单个位。
Greater-than operations, as used to determine whether a hash falls in a selection range, are a determination of the most significant not-equivalent bit in the two operands. The operand with that most-significant-not-equal bit set to be one is greater than the other.
大于运算用于确定哈希是否在选择范围内,是确定两个操作数中最重要的非等效位。最高有效位不相等的操作数设置为一个大于另一个。
Thus, a greater-than operation is also an O(log(M)) stages-of-logic operation. Optimized implementations of arithmetic operations are also O(log(M)) due to propagation of the carry bit.
因此,大于操作也是逻辑操作的O(log(M))级。由于进位的传播,算术运算的优化实现也是O(log(M))。
Setting a counter is simply loading a register with a state. Such an operation is simple and fast O(1). Incrementing or decrementing a counter is a read, followed by an arithmetic operation, followed by a store. Making the register dual-ported does take additional space, but it is a well-understood technique. Thus, the increment/decrement is also an O(log(M)) operation.
设置计数器只是加载一个状态为的寄存器。这样的操作是简单且快速的O(1)。递增或递减计数器是一种读取,然后是算术运算,最后是存储。使寄存器双端口化确实需要额外的空间,但这是一种众所周知的技术。因此,增量/减量也是O(log(M))操作。
Hashing functions come in a variety of forms. The computation involved in a standard Cyclic Redundancy Check (CRC), for example, is essentially a set of XOR operations, where the intermediate result is stored and XORed with the next chunk of data. There are only O(1) operations and no log complexity operations. Thus, a simple hash function, such as CRC or generalizations thereof, can be implemented in hardware very efficiently.
哈希函数有多种形式。例如,标准循环冗余校验(CRC)中涉及的计算本质上是一组异或操作,其中存储中间结果并与下一个数据块异或。只有O(1)操作,没有日志复杂性操作。因此,可以在硬件中非常有效地实现诸如CRC或其推广的简单散列函数。
At the other end of the range of complexity, the MD5 function uses a large number of bit-wise conditional operations and arithmetic operations. The former are O(1) operations and the latter are O(log(M)). MD5 specifies 256 32 bit ADD operations per 16 bytes of input processed. Consider processing 10 Gb/sec at 100 MHz (this processing rate appears to be currently available). This requires processing 12.5 bytes/cycle, and hence at least 200 adders, a sizeable number. Because of data dependencies within the MD5 algorithm, the adders cannot be simply run in parallel, thus requiring either faster clock rates and/or more advanced architectures. Thus, selection hashing functions as complex as MD5 may be precluded for ubiquitous use at full line rate. This motivates exploring the use of selection hash functions with complexity somewhere between that of MD5 and CRC. In some applications (see Section 11), a second hash may be calculated on only selected packets; MD5 is feasible for this purpose if the rate of production of selected packets is sufficiently low.
在复杂度范围的另一端,MD5函数使用大量逐位条件运算和算术运算。前者是O(1)运算,后者是O(log(M))。MD5指定每处理16字节输入的256个32位加法操作。考虑在100兆赫下处理10 GB /秒(这个处理速率似乎是当前可用的)。这需要处理12.5字节/周期,因此至少需要200个加法器,这是一个相当大的数字。由于MD5算法中的数据依赖性,加法器不能简单地并行运行,因此需要更快的时钟速率和/或更高级的体系结构。因此,像MD5这样复杂的选择散列函数可能无法以全行速率普遍使用。这促使人们探索使用复杂度介于MD5和CRC之间的选择哈希函数。在一些应用中(参见第11节),第二散列可以仅在选定的分组上计算;如果所选数据包的生成速率足够低,则MD5可用于此目的。
We first describe several representative operational applications that require traffic measurements at various levels of temporal and spatial granularity. Some of the goals here appear similar to those of IPFIX, at least in the broad classes of applications supported. The major benefit of PSAMP is the support of new network management applications, specifically, those enabled by the packet Selectors that it supports.
我们首先描述了几个具有代表性的操作应用程序,这些应用程序需要在不同的时间和空间粒度级别上进行流量测量。这里的一些目标似乎与IPFIX类似,至少在支持的应用程序的广泛类别中是如此。PSAMP的主要优点是支持新的网络管理应用程序,特别是它所支持的包选择器所支持的那些应用程序。
Packet Sampling is ideally suited to determine the composition of the traffic across a network. The approach is to enable measurement on a cut-set of the network links such that each packet entering the network is seen at least once, for example, on all ingress links. Unfiltered Sampling with a relatively low selection fraction establishes baseline measurements of the network traffic. Packet Reports include packet attributes of common interest: source and destination address and port numbers, prefix, protocol number, type of service, etc. Traffic matrices are indicated by reporting source and destination AS matrices. Absolute traffic volumes are estimated by renormalizing the sampled traffic volumes through division by either the Configured Selection Fraction or the Attained Selection Fraction (as derived from input packet counters included in the Report Stream).
数据包采样非常适合于确定网络中流量的组成。该方法是使得能够在网络链路的割集上进行测量,使得进入网络的每个分组例如在所有入口链路上至少被看到一次。选择分数相对较低的未过滤采样建立了网络流量的基线测量。数据包报告包括共同感兴趣的数据包属性:源和目标地址和端口号、前缀、协议号、服务类型等。流量矩阵由报告源和目标作为矩阵表示。绝对业务量通过将采样的业务量除以配置的选择分数或获得的选择分数(源自报告流中包含的输入数据包计数器)来重新规范化来估计。
Suppose an operator or a measurement-based application detects an interesting subset of a Packet Stream, as identified by a particular packet attribute. Real-time drill down to that subset is achieved by instantiating a new Metering Process on the same Observed Packet Stream from which the subset was reported. The Selection Process of the new Metering Process filters according to the attribute of interest, and composes with Sampling if necessary to manage the attained fraction of packets selected.
假设操作员或基于测量的应用程序检测到由特定数据包属性标识的数据包流的有趣子集。通过在报告子集的同一观测数据包流上实例化一个新的计量过程,可以实时深入到该子集。新计量过程的选择过程根据感兴趣的属性进行过滤,并在必要时与采样相结合,以管理所选分组的所获得部分。
The goal of trajectory Sampling is the selection of a subset of packets at all enabled Observation Points at which these packets are observed in a network domain. Thus, the selection decisions are consistent in the sense that each packet is selected either at all enabled Observation Points or at none of them. Trajectory Sampling is realized by Hash-based Selection if all enabled Observation Points apply a common hash function to a portion of the Packet Content that is invariant along the packet path. (Thus, fields such at TTL and CRC are excluded.)
轨迹采样的目标是在所有启用的观测点上选择数据包的子集,这些数据包在网络域中被观测到。因此,选择决策在以下意义上是一致的,即每个分组要么在所有启用的观察点上被选择,要么在其中任何一个都没有被选择。如果所有启用的观测点对沿分组路径不变的分组内容的一部分应用公共哈希函数,则通过基于哈希的选择来实现轨迹采样。(因此,不包括TTL和CRC等字段。)
The trajectory followed by a packet is reconstructed from Packet Reports on it that reach the Collector. Reports on a given packet are associated by matching either a label comprising the invariant reported Packet Content or possibly some digest of it. The reconstruction of trajectories and methods for dealing with possible ambiguities due to label collisions (identical labels reported by different packets) and potential loss of reports in transmission are dealt with in [DuGr01], [DuGeGr02], and [DuGr04].
根据到达收集器的数据包报告重构数据包后的轨迹。给定数据包上的报告通过匹配包含不变报告数据包内容的标签或可能的数据包摘要来关联。[DuGr01]、[DuGeGr02]和[DuGr04]中讨论了由于标签冲突(不同数据包报告的相同标签)和传输中报告的潜在丢失而导致的轨迹重建和处理可能歧义的方法。
Trajectory Sampling enables the tracking of the performance experience by customer traffic, customers identified by a list of source or destination prefixes, or by ingress or egress interfaces. Operational uses include the verification of Service Level Agreements (SLAs), and troubleshooting following a customer complaint.
轨迹采样可通过客户流量、通过源前缀或目标前缀列表识别的客户,或通过入口或出口接口跟踪性能体验。操作用途包括验证服务级别协议(SLA),以及在客户投诉后进行故障排除。
In this application, trajectory Sampling is enabled at all network ingress and egress interfaces. Rates of loss in transit between ingress and egress are estimated from the proportion of trajectories for which no egress report is received. Note that loss of customer packets is distinguishable from loss of Packet Reports through use of report sequence numbers. Assuming synchronization of clocks between different entities, delay of customer traffic across the network may also be measured; see [Zs02].
在此应用程序中,在所有网络入口和出口接口处启用轨迹采样。根据未收到出口报告的轨迹比例,估算入口和出口之间的运输损失率。注意,通过使用报告序列号,可以将客户数据包丢失与数据包丢失报告区分开来。假设不同实体之间的时钟同步,也可以测量网络上客户业务的延迟;见[Zs02]。
Extending hash selection to all interfaces in the network would enable attribution of poor performance to individual network links.
将散列选择扩展到网络中的所有接口将使性能差归因于单个网络链路。
PSAMP Packet Reports can also be used to diagnose problems whose occurrence is evident from aggregate statistics, per interface utilization and packet loss statistics. These statistics are typically moving averages over relatively long time windows, e.g., 5 minutes, and serve as a coarse-grain indication of operational health of the network. The most common method of obtaining such measurements is through the appropriate SNMP MIBs (MIB-II [RFC1213] and vendor-specific MIBs).
PSAMP数据包报告还可用于诊断问题,这些问题的发生可以从聚合统计、每个接口的利用率和数据包丢失统计中看出。这些统计数据通常是相对较长时间窗口(例如5分钟)内的移动平均值,并作为网络运行状况的粗略指示。获取此类测量的最常用方法是通过适当的SNMP MIB(MIB-II[RFC1213]和供应商特定的MIB)。
Suppose an operator detects a link that is persistently overloaded and experiences significant packet drop rates. There is a wide range of potential causes: routing parameters (e.g., OSPF link weights) that are poorly adapted to the traffic matrix, e.g., because of a shift in that matrix; a DoS attack, a flash crowd, or a routing problem (link flapping). In most cases, aggregate link statistics are not sufficient to distinguish between such causes and to decide on an appropriate corrective action. For example, if routing over two links is unstable, and the links flap between being overloaded and inactive, this might be averaged out in a 5-minute window, indicating moderate loads on both links.
假设一个运营商检测到一个持续过载的链路,并且经历了显著的丢包率。存在广泛的潜在原因:路由参数(例如,OSPF链路权重)不适合流量矩阵,例如,由于该矩阵中的移动;拒绝服务攻击、flash群组或路由问题(链接摆动)。在大多数情况下,聚合链接统计数据不足以区分这些原因并决定适当的纠正措施。例如,如果两条链路上的路由不稳定,并且链路在过载和非活动之间切换,则这可能会在5分钟的窗口内平均,表明两条链路上的负载都适中。
Baseline PSAMP measurement of the congested link, as described in Section 11.1, enables measurements that are fine grained in both space and time. The operator has to be able to determine how many bytes/packets are generated for each source/destination address, port number, and prefix, or other attributes, such as protocol number,
如第11.1节所述,拥塞链路的基线PSAMP测量允许在空间和时间上进行细粒度的测量。操作员必须能够确定为每个源/目标地址、端口号和前缀或其他属性(如协议号)生成多少字节/数据包,
MPLS forwarding equivalence class (FEC), type of service, etc. This allows the precise determination of the nature of the offending traffic. For example, in the case of a Distributed Denial of Service (DDoS) attack, the operator would see a significant fraction of traffic with an identical destination address.
MPLS转发等价类(FEC)、服务类型等。这允许精确确定违规流量的性质。例如,在分布式拒绝服务(DDoS)攻击的情况下,运营商将看到相当一部分流量具有相同的目标地址。
In certain circumstances, precise information about the spatial flow of traffic through the network domain is required to detect and diagnose problems and verify correct network behavior. In the case of the overloaded link, it would be very helpful to know the precise set of paths that packets traversing this link follow. This would readily reveal a routing problem such as a loop, or a link with a misconfigured weight. More generally, complex diagnosis scenarios can benefit from measurement of traffic intensities (and other attributes) over a set of paths that is constrained in some way. For example, if a multihomed customer complains about performance problems on one of the access links from a particular source address prefix, the operator should be able to examine in detail the traffic from that source prefix that also traverses the specified access link towards the customer.
在某些情况下,需要有关通过网络域的流量空间流的精确信息来检测和诊断问题,并验证正确的网络行为。在过载链路的情况下,了解穿越该链路的数据包所遵循的精确路径集将非常有用。这很容易暴露出路由问题,例如环路或权重配置错误的链路。更一般地说,复杂的诊断场景可以受益于对以某种方式受到约束的一组路径上的流量强度(和其他属性)的测量。例如,如果多宿客户投诉某个特定源地址前缀的某个访问链路出现性能问题,则运营商应能够详细检查来自该源前缀的流量,该源前缀也会穿过指定的访问链路到达该客户。
While it is in principle possible to obtain the spatial flow of traffic through auxiliary network state information, e.g., by downloading routing and forwarding tables from routers, this information is often unreliable, outdated, voluminous, and contingent on a network model. For operational purposes, a direct observation of traffic flow provided by trajectory Sampling is more reliable, as it does not depend on any such auxiliary information. For example, if there was a bug in a router's software, direct observation would allow the diagnosis the effect of this bug, while an indirect method would not.
虽然原则上可以通过辅助网络状态信息(例如,通过从路由器下载路由和转发表)获得流量的空间流,但该信息通常不可靠、过时、大量且取决于网络模型。出于操作目的,轨迹采样提供的交通流直接观测更可靠,因为它不依赖于任何此类辅助信息。例如,如果路由器软件中存在缺陷,直接观察将允许诊断该缺陷的影响,而间接方法则不会。
As detailed in Section 4.3, PSAMP shares with IPFIX security requirements for export, namely, confidentiality, integrity, and authenticity of the exported data; see also Sections 6.3 and 10 of [RFC3917]. Since PSAMP will use IPFIX for export, it can employ the IPFIX protocol [RFC5101] to meet its requirements.
如第4.3节所述,PSAMP与IPFIX共享导出的安全要求,即导出数据的机密性、完整性和真实性;另见[RFC3917]第6.3节和第10节。由于PSAMP将使用IPFIX进行导出,因此它可以使用IPFIX协议[RFC5101]来满足其要求。
In distinction with IPFIX, a PSAMP Device may, in some configurations, report some number of initial bytes of the packet, which may include some part of a packet payload. This option is conformant with the requirements of [RFC2804] since it does not
与IPFIX不同的是,在一些配置中,PSAMP设备可以报告包的一些初始字节数,其中可以包括包有效载荷的一些部分。该选项符合[RFC2804]的要求,因为它没有
mandate configurations that would enable capture of an entire Packet Stream of a Flow: neither a unit Sampling rate (1 in 1 Sampling) nor reporting a specific number of initial bytes is required by the PSAMP protocol.
授权能够捕获流的整个数据包流的配置:PSAMP协议既不需要单位采样率(1:1采样),也不需要报告特定数量的初始字节。
To preserve privacy of any users acting as sender or receiver of the observed traffic, the contents of the Packet Reports must be able to remain confidential in transit between the exporting PSAMP Device and the Collector. PSAMP will use IPFIX as the exporting protocol, and the IPFIX protocol must provide mechanisms to ensure confidentiality of the Exporting Process, for example, encryption of Export Packets [RFC5101].
为了保护作为观察流量发送者或接收者的任何用户的隐私,数据包报告的内容必须能够在导出PSAMP设备和收集器之间的传输过程中保持机密。PSAMP将使用IPFIX作为导出协议,IPFIX协议必须提供确保导出过程机密性的机制,例如,导出数据包的加密[RFC5101]。
A concern for Hash-based Selection is whether some large set of related packets could be disproportionately sampled, either
基于散列的选择的一个问题是,是否会对一些大型相关数据包集进行不成比例的采样
(i) through unanticipated behavior in the hash function, or
(i) 通过哈希函数中的意外行为,或
(ii) because the packets had been deliberately crafted to have this property.
(ii)因为这些数据包是经过精心设计而具有此属性的。
As detailed below, only cryptographic hash functions (e.g., one based on MD5) employing a private parameter are sufficiently strong to withstand the range of conceivable attacks. However, implementation considerations may preclude operating the strongest hash functions at line rate. For this reason, PSAMP is not expected to standardize around a cryptographic hash function at the present time. The purpose of this section is to inform discussion of the vulnerabilities and trade-offs associated with different hash function choices. Section 6.2.2 of [RFC5475] does this in more detail.
如下所述,只有采用私有参数的加密散列函数(例如,基于MD5的函数)具有足够的强度,能够抵御各种可能的攻击。然而,实现方面的考虑可能会妨碍以行速率运行最强的哈希函数。因此,目前不希望PSAMP围绕加密哈希函数进行标准化。本节的目的是为讨论与不同哈希函数选择相关的漏洞和权衡提供信息。[RFC5475]第6.2.2节对此做了更详细的说明。
An attacker able to predict packet Sampling outcomes could craft a Packet Stream that could evade selection, or another that could overwhelm the measurement infrastructure with all its packets being selected. An attacker may attempt to do this based on knowledge of the hash function. An attacker could employ knowledge of selection outcomes of a known Packet Stream to reverse engineer parameters of the hash function. This knowledge could be gathered, e.g., from billing information, reactions of intrusion detection systems, or observation of a Report Stream.
能够预测数据包采样结果的攻击者可以创建一个数据包流,该数据包流可以逃避选择,或者另一个数据包流可以在选择所有数据包的情况下压倒测量基础设施。攻击者可能会根据对哈希函数的了解尝试执行此操作。攻击者可以利用已知数据包流的选择结果知识对哈希函数的参数进行反向工程。这些知识可以从计费信息、入侵检测系统的反应或对报告流的观察中收集。
Since Hash-based Selection is deterministic, it is vulnerable to replay attacks. Repetition of a single packet may be noticeable to
由于基于哈希的选择是确定性的,因此容易受到重播攻击。单个数据包的重复可能会引起用户的注意
other measurement methods if employed (e.g., collection of Flow statistics), whereas a set of distinct packets that appears statistically similar to regular traffic may be less noticeable. The impact of replay attacks on Hash-based Selection may be mitigated by repeated changing of hash function parameters.
如果采用其他测量方法(例如,流量统计数据的收集),而在统计上与常规流量相似的一组不同的数据包可能不太明显。重放攻击对基于散列的选择的影响可以通过反复更改散列函数参数来减轻。
Because hash functions for Hash-based Selection are to be standardized and hence public, the packet selection decision must be controlled by some private quantity associated with the Hash-based Selection Selector. Making private the range of hash values for which packets are selected is not alone sufficient to prevent an attacker crafting a stream of distinct packets that are disproportionately selected. A private parameter must be used within the hash function, for example, a private modulus in a hash function, or by concatenating the hash input with a private string prior to hashing.
由于用于基于散列的选择的散列函数将被标准化,因此是公共的,因此包选择决策必须由与基于散列的选择选择器相关联的一些私有数量控制。将选择的数据包的散列值的范围设为private并不足以防止攻击者精心设计一个选择过多的不同数据包流。必须在哈希函数中使用私有参数,例如,哈希函数中的私有模,或者在哈希之前将哈希输入与私有字符串连接起来。
The specific choice of hash function and its usage determines the types of potential vulnerability:
哈希函数的具体选择及其用法决定了潜在漏洞的类型:
* Cryptographic hash functions: when a private parameter is used, future selection outcomes cannot be predicted even by an attacker with knowledge of past selection outcomes.
* 加密散列函数:使用私有参数时,即使攻击者知道过去的选择结果,也无法预测未来的选择结果。
* Non-cryptographic hash functions:
* 非加密哈希函数:
Using knowledge of past selection outcomes: some well-known hash functions, e.g., CRC-32, are vulnerable to attacks, in the sense that their private parameter can be determined with knowledge of sufficiently many past selections, even when a private parameter is used; see [GoRe07].
使用过去选择结果的知识:一些众所周知的哈希函数,例如CRC-32,容易受到攻击,因为它们的私有参数可以通过足够多的过去选择的知识来确定,即使使用了私有参数;见[GoRe07]。
No knowledge of past selection outcomes: using a private parameter hardened the hash function to classes of attacks that work when the parameter is public, although vulnerability to future attacks is not precluded.
不知道过去的选择结果:使用私有参数会使哈希函数硬化,使其适应在参数为公共时有效的攻击类别,尽管不排除未来攻击的脆弱性。
Hash function parameters configured in a PSAMP Device are sensitive information, which must be kept private. As well as using probing techniques to discover parameters of non-cryptographic hash functions as described above, implementation and procedural weaknesses may lead
PSAMP设备中配置的哈希函数参数是敏感信息,必须保密。除了如上所述使用探测技术来发现非加密散列函数的参数外,实现和过程缺陷可能导致
to attackers discovering parameters, whatever class of hash function is used. The following measures may prevent this from occurring:
为了发现参数,攻击者可以使用任何类型的哈希函数。以下措施可防止这种情况发生:
Hash function parameters must not be displayable in cleartext on PSAMP Devices. This reduces the chance for the parameters to be discovered by unauthorized access to the PSAMP Device.
哈希函数参数不能在PSAMP设备上以明文显示。这减少了未经授权访问PSAMP设备发现参数的机会。
Hash function parameters must not be remotely set in cleartext over a channel that may be eavesdropped.
哈希函数参数不能通过可能被窃听的通道在明文中远程设置。
Hash function parameters must be changed regularly. Note that such changes must be synchronized over all PSAMP Devices in a domain under which trajectory Sampling is employed in order to maintain consistent Sampling of packets over the domain.
哈希函数参数必须定期更改。请注意,为了保持域上数据包的一致采样,必须在采用轨迹采样的域中的所有PSAMP设备上同步这些更改。
Default hash function parameter values should be initialized randomly, in order to avoid predictable values that attackers could exploit.
默认哈希函数参数值应随机初始化,以避免攻击者可能利用的可预测值。
Sharon Goldberg contributed to Section 12.3 on security considerations for Hash-based Selection.
Sharon Goldberg对第12.3节关于基于散列的选择的安全考虑做出了贡献。
Sharon Goldberg Department of Electrical Engineering Princeton University F210-K EQuad Princeton, NJ 08544 USA EMail: goldbe@princeton.edu
Sharon Goldberg普林斯顿大学电气工程系F210-K EQuad Princeton,NJ 08544美国电子邮件:goldbe@princeton.edu
The authors would like to thank Peram Marimuthu and Ganesh Sadasivan for their input in early working drafts of this document.
作者要感谢Peram Marimuthu和Ganesh Sadasivan在本文件早期工作草案中的投入。
[RFC5476] Claise. B., Ed., "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, March 2009.
[RFC5476]键盘。B.,编辑,“数据包采样(PSAMP)协议规范”,RFC 54762009年3月。
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. Carle, "Information Model for Packet Sampling Exports", RFC 5477, March 2009.
[RFC5477]Dietz,T.,Claise,B.,Aitken,P.,Dressler,F.,和G.Carle,“数据包抽样出口的信息模型”,RFC 5477,2009年3月。
[RFC5101] Claise, B., Ed., "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, January 2008.
[RFC5101]Claise,B.,Ed.,“交换IP流量信息的IP流量信息导出(IPFIX)协议规范”,RFC 5101,2008年1月。
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
[RFC0791]Postel,J.,“互联网协议”,STD 5,RFC 7911981年9月。
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, January 2008.
[RFC5102]Quitek,J.,Bryant,S.,Claise,B.,Aitken,P.,和J.Meyer,“IP流信息导出的信息模型”,RFC 5102,2008年1月。
[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, September 2007.
[RFC4960]Stewart,R.,Ed.“流控制传输协议”,RFC 49602007年9月。
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. Conrad, "Stream Control Transmission Protocol (SCTP) Partial Reliability Extension", RFC 3758, May 2004.
[RFC3758]Stewart,R.,Ramalho,M.,Xie,Q.,Tuexen,M.,和P.Conrad,“流控制传输协议(SCTP)部分可靠性扩展”,RFC 3758,2004年5月。
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. Raspall, " Sampling and Filtering Techniques for IP Packet Selection", RFC 5475, March 2009.
[RFC5475]Zseby,T.,Molina,M.,Duffield,N.,Niccolini,S.,和F.Raspall,“IP数据包选择的采样和过滤技术”,RFC 5475,2009年3月。
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed Networks", BCP 84, RFC 3704, March 2004.
[RFC3704]Baker,F.和P.Savola,“多宿网络的入口过滤”,BCP 84,RFC 37042004年3月。
[RFC2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, S., and S. Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification", RFC 2205, September 1997.
[RFC2205]Braden,R.,Ed.,Zhang,L.,Berson,S.,Herzog,S.,和S.Jamin,“资源预留协议(RSVP)——版本1功能规范”,RFC 22052997年9月。
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[RFC2460]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,1998年12月。
[DuGeGr02] N.G. Duffield, A. Gerber, M. Grossglauser, "Trajectory Engine: A Backend for Trajectory Sampling", IEEE Network Operations and Management Symposium 2002, Florence, Italy, April 15-19, 2002.
[DuGeGr02]N.G.Duffield,A.Gerber,M.Grossglauser,“轨迹引擎:轨迹采样的后端”,2002年IEEE网络运营和管理研讨会,意大利佛罗伦萨,2002年4月15-19日。
[DuGr04] N. G. Duffield and M. Grossglauser, "Trajectory Sampling with Unreliable Reporting", Proc IEEE Infocom 2004, Hong Kong, March 2004.
[DuGR04] N. G. Duffield和M. Grossglauser,“Trajectory Sampling报告不可靠”,PROC IEEE信息网络2004,香港,2004年3月。
[DuGr08] N. G. Duffield and M. Grossglauser, "Trajectory Sampling with Unreliable Reporting", IEEE/ACM Trans. on Networking, 16(1), February 2008.
[DuGr08]N.G.Duffield和M.Grossglauser,“报告不可靠的轨迹采样”,IEEE/ACM Trans。关于网络,2008年2月16日第(1)款。
[RFC2914] Floyd, S., "Congestion Control Principles", BCP 41, RFC 2914, September 2000.
[RFC2914]Floyd,S.,“拥塞控制原则”,BCP 41,RFC 2914,2000年9月。
[GoRe07] S. Goldberg, J. Rexford, "Security Vulnerabilities and Solutions for Packet Sampling", IEEE Sarnoff Symposium, Princeton, NJ, May 2007.
[GoRe07]S.Goldberg,J.Rexford,“数据包采样的安全漏洞和解决方案”,IEEE Sarnoff研讨会,新泽西州普林斯顿,2007年5月。
[RFC2804] IAB and IESG, "IETF Policy on Wiretapping", RFC 2804, May 2000.
[RFC2804]IAB和IESG,“IETF关于窃听的政策”,RFC28042000年5月。
[RFC2981] Kavasseri, R., Ed., "Event MIB", RFC 2981, October 2000.
[RFC2981]卡瓦塞里,R.,编辑,“事件MIB”,RFC 29812000年10月。
[RFC1213] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets:MIB-II", STD 17, RFC 1213, March 1991.
[RFC1213]McCloghrie,K.和M.Rose,“基于TCP/IP的互联网网络管理的管理信息库:MIB-II”,STD 17,RFC 1213,1991年3月。
[RFC3176] Phaal, P., Panchen, S., and N. McKee, "InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks", RFC 3176, September 2001.
[RFC3176]Phaal,P.,Panchen,S.,和N.McKee,“InMon公司的sFlow:监测交换和路由网络流量的方法”,RFC 3176,2001年9月。
[RFC2330] Paxson, V., Almes, G., Mahdavi, J., and M. Mathis, "Framework for IP Performance Metrics", RFC 2330, May 1998.
[RFC2330]Paxson,V.,Almes,G.,Mahdavi,J.,和M.Mathis,“IP性能度量框架”,RFC 2330,1998年5月。
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
[RFC0768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,1980年8月。
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.
[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4271]Rekhter,Y.,Ed.,Li,T.,Ed.,和S.Hares,Ed.,“边境网关协议4(BGP-4)”,RFC 42712006年1月。
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, January 2001.
[RFC3031]Rosen,E.,Viswanathan,A.,和R.Callon,“多协议标签交换体系结构”,RFC 30312001年1月。
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", RFC 5470, March 2009.
[RFC5470]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出架构”,RFC 54702009年3月。
[RFC2819] Waldbusser, S., "Remote Network Monitoring Management Information Base", STD 59, RFC 2819, May 2000.
[RFC2819]Waldbusser,S.,“远程网络监控管理信息库”,STD 59,RFC 2819,2000年5月。
[Zs02] T. Zseby, "Deployment of Sampling Methods for SLA Validation with Non-Intrusive Measurements", Proceedings of Passive and Active Measurement Workshop (PAM 2002), Fort Collins, CO, USA, March 25-26, 2002.
[Zs02]T.Zseby,“非侵入性测量的SLA验证抽样方法的部署”,《被动和主动测量研讨会论文集》(PAM 2002),美国柯林斯堡,2002年3月25-26日。
Authors' Addresses
作者地址
Derek Chiou Department of Electrical and Computer Engineering University of Texas at Austin 1 University Station, Stop C0803, ENS Building room 135, Austin TX, 78712 USA
德里克,德克萨斯大学电气与计算机工程系,奥斯丁1大学火车站,C0803站,美国大厦78712室,奥斯丁TX,78712
Phone: +1 512 232 7722
EMail: Derek@ece.utexas.edu
Phone: +1 512 232 7722
EMail: Derek@ece.utexas.edu
Benoit Claise Cisco Systems De Kleetlaan 6a b1 1831 Diegem Belgium
Benoit Claise Cisco Systems De Kleetlaan 6a b1 1831 Diegem比利时
Phone: +32 2 704 5622
EMail: bclaise@cisco.com
Phone: +32 2 704 5622
EMail: bclaise@cisco.com
Nick Duffield, Editor AT&T Labs - Research Room B139 180 Park Ave Florham Park NJ 07932 USA
Nick Duffield,美国电话电报公司实验室编辑-研究室B139 180 Park Ave Florham Park NJ 07932
Phone: +1 973-360-8726
EMail: duffield@research.att.com
Phone: +1 973-360-8726
EMail: duffield@research.att.com
Albert Greenberg One Microsoft Way Redmond, WA 98052-6399 USA
艾伯特·格林伯格美国华盛顿州雷德蒙微软大道一号,邮编:98052-6399
Phone: +1 425-722-8870
EMail: albert@microsoft.com
Phone: +1 425-722-8870
EMail: albert@microsoft.com
Matthias Grossglauser School of Computer and Communication Sciences EPFL 1015 Lausanne Switzerland
Matthias Grossglauser计算机与通信科学学院EPFL 1015瑞士洛桑
EMail: matthias.grossglauser@epfl.ch
EMail: matthias.grossglauser@epfl.ch
Jennifer Rexford Department of Computer Science Princeton University 35 Olden Street Princeton, NJ 08540-5233 USA
美国新泽西州普林斯顿市奥尔登街35号普林斯顿大学计算机科学系Jennifer Rexford 08540-5233
Phone: +1 609-258-5182
EMail: jrex@cs.princeton.edu
Phone: +1 609-258-5182
EMail: jrex@cs.princeton.edu