Elements of a Framework f or PSAMP Nick Duf f ield AT&T Labs - - PowerPoint PPT Presentation

10

I ETF, Mar 2002 PSAMP BOF

Elements of a Framework f or PSAMP

Nick Duf f ield AT&T Labs nduf f ield@at t .com

11

I ETF, Mar 2002 PSAMP BOF

Aims and Focus

Scope out requirement s f or PSAMP Posit ion PSAMP as a supplier of packet measurement s

support applicat ions, but t hey are done elsewhere main work f or PSAMP is t o def ine packet select ion operat ions

Need t o get measurement s t o applicat ions

hence requirement s f or inf ormat ion model, export can use exist ing prot ocols (I PFI X t he obvious candidat e)

• if PSAMP requirement s mat ch exist ing prot ocol capabilit ies

12

I ETF, Mar 2002 PSAMP BOF

Elements

Packet select ion Parallel measurement Report cont ent Self -def ining report st ream Remot e and local export Robust ness and inf ormat ion loss Conf igurat ion and management

13

I ETF, Mar 2002 PSAMP BOF

Packet Selection Primitives

Requirement : suf f icient ly rich set of packet select ion operat ions Filt er

e.g., mat ch/ mask on source/ dest inat ion pref ix, port numbers, prot ocol, … + t ags t o indicat e t he associat ed (sub)int erf ace

Sample

e.g., 1 in N det erminist ic, random, or hash-based

Combinat ions

e.g., f ilt er, t hen sample 1 in N

Scope

select ion based on packet cont ent : availabilit y of rout er st at e not assumed

Count ers

packet s/ byt es of f ull packet st ream, and of select ed packet s available f or export , or polling used direct ly by applicat ions, e.g., f ilt er, t hen count f or billing provide robust ness w.r.t . inf ormat ion loss, e.g., f rom report st ream

14

I ETF, Mar 2002 PSAMP BOF

Parallel Measurement

Requirement : parallel conf igurable inf ormat ion f lows

select or 1 report 1 select or 2 report 2 select or 3 report 3

Packet Header

• export 1

export 2 export 3 collect or 1 collect or 2 collect or 3

15

I ETF, Mar 2002 PSAMP BOF

Resource I ssues f or Parallel Measurements

Bounded processing resources per packet in rout er Packet may mat ch several select ors

e.g. coarse AS f ilt er f or billing, narrow subf ilt er f or engineerng

I f packet mat ches t oo many select ors:

not possible t o f ully report all result ing measurement s

Want gracef ul degradat ion f rom f ull report ing

e.g., ref lect ing user priorit ies

I nf ormat ion model design:

should provide inherent robust ness t o such inf ormat ion loss

16

I ETF, Mar 2002 PSAMP BOF

Report Content

Requirement : per packet report ing wit h suf f icient det ail Classes of inf ormat ion available f or inclusion

header f ields, e.g., I P sr c/ dst address, TCP/ UDP port s, sizes, ToS, … sub-I P level ident if iers, e.g., i/ o int erf aces, MPLS label st ack, … rout er st at e, e.g, rout ing pref ix, AS numbers, next hop, t imest amps,… derived quant it ies, e.g., hash values packet / byt e count ers f rom originat ing select or

17

I ETF, Mar 2002 PSAMP BOF

Self - def ining Report Stream

Requirement : t ransparent int erpret at ion of dat a I nclude select or paramet ers f or dat a int erpret at ion

e.g., sampling: use N t o est imat e act ual t raf f ic int ensit y e.g., f ilt ering: what is possible universe of a given packet e.g.., hash f unct ion paramet ers: f or I CMP t raceback mat ching

At t ribut ion

mult iple select ors: which one(s) select ed packet ?

Self -def ining report st ream

include select or paramet ers, report f ormat , …

• e.g. per iodically, upon change, upon command, …

robust : dat a and it s int erpret at ion bound t oget her

Alt ernat ive t hat we don’t like:

collect or keeps independent t rack of select ion paramet ers

• e.g. paramet er management syst em, or by polling rout er

j oining dat a painf ul, especially synchronizat ion mult iple syst ems t o int erpret one dat a source = archit ect ural host age impact of undocument ed changes, e.g., t hrough CLI

18

I ETF, Mar 2002 PSAMP BOF

Remote and Local Export

Requirement :

report ing t o on-board and of f -board applicat ions

Flexibilit y of dif f erent export dest inat ions per select or

dif f erent measurement applicat ions, on dif f erent or same host

Allow local export t o on-board applicat ions

e.g. securit y applicat ions

• local export of hashes t o I CMPt raceback applicat ion

e.g. mult iple-packet measurement operat ions

• int erpacket delay j it t er, f low f ormat ion

Rat e limit ing export

e.g. rat e limit supply of measurement s t o t ransport

19

I ETF, Mar 2002 PSAMP BOF

Robustness and I nf ormation Loss

Requirement : robust ness t o inf ormat ion loss Causes of inf ormat ion loss:

incomplet e inf ormat ion if packet mat ches mult iple select ors report loss in t ransit collect or f ailure

I nherent robust ness in packet measurement model:

small inf ormat ion cont ent in a single measurement

• relat ive t o whole dat a st ream

Enhance robust ness of measurement report st ream:

enable int erpolat ion/ correct ion f or missing dat a

• e.g., include packet / byt e count ers, sequence numbers

decouples f rom and reduces need f or reliabilit y at ot her levels

20

I ETF, Mar 2002 PSAMP BOF

Conf iguration and Management

Mot ivat ion: enable reliable conf igurat ion by ext ernal applicat ions

(not as part of t he export prot ocol!)

• f select or paramet ers, report f ormat , export dest inat ion

conf igurat ion of select ors in large number of device

Applicat ions:

e.g., set up of large number of f ilt ers/ count ers f or billing e.g., collect or f ailure: redirect ion of export t o secondary collect or e.g., ongoing 1 in N baseline measurement s t o NOC

• aut omat ed det ect ion of DoS at t ack signat ure at NOC
• aut omat ed reconf igurat ion of rout er f ilt er t o f ocus on at t ack t raf f ic

e.g., dynamic select or reconf igurat ion by on-board applicat ions

• Requirement : MI B f or conf igurat ion paramet ers, SNMP t o read/ writ e

secure, reliable, widespread experience, easy t o build client s vendor neut ral, st andardized easy t o reconf igure f rom on-board applicat ion