IP Flow Information Export S. Kashima
Internet-Draft A. Kobayashi
Intended status: Standards Track NTT
Expires: April 28, 2010 October 25, 2009
Data Link Layer Monitoring with IPFIX/PSAMP
draft-kashima-ipfix-data-link-layer-monitoring-01
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 28, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Kashima & Kobayashi Expires April 28, 2010 [Page 1]
�
Internet-Draft Data Link Layer Monitoring October 2009
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document describes an efficient method for monitoring an
Ethernet network using the IP Flow Information Export (IPFIX)
protocol, adding Information Elements related to the Ethernet header.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . . 3
2. Wide-Area Ethernet Network Summary . . . . . . . . . . . . . . 3
3. Existing Traffic Measurement . . . . . . . . . . . . . . . . . 4
4. Future Traffic Measurement . . . . . . . . . . . . . . . . . . 4
5. Information Elements . . . . . . . . . . . . . . . . . . . . . 5
5.1. dataLinkFrameType . . . . . . . . . . . . . . . . . . . . . 5
5.2. dataLinkFrameSize . . . . . . . . . . . . . . . . . . . . . 6
5.3. dataLinkFrameSection . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
Kashima & Kobayashi Expires April 28, 2010 [Page 2]
�
Internet-Draft Data Link Layer Monitoring October 2009
1. Introduction
Ethernet [IEEE802.1D] and VLAN (Virtual LAN) [IEEE802.1Q]
technologies used to be used only in Local Area Networks. Recently,
they have been used in Wide Area Networks, e.g., L2-VPN services.
Accordingly, the IEEE802.1Q standard has been enhanced to
[IEEE802.1ad] and [IEEE802.1ah].
Wide-area Ethernet networks will be renovated from IEEE802.1ad to
coexisting IEEE802.1ad and IEEE802.1ah in the near future.
IEEE802.1ad will continue to be utilized in access networks, and
IEEE802.1ah will be introduced in provider backbone networks.
While this hierarchical approach provides flexible and scalable
networks, it increases the complexity of traffic measurement due to
the existence of various Ethernet header forms. To cope with this, a
more sophisticated method is required.
IPFIX/PSAMP could help to resolve these problems. However, the PSAMP
Information Model [RFC5477] does not have Information Elements
related to Ethernet header forms. This document describes the
Information Elements related to data link layers that enable a more
sophisticated traffic measurement method.
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Wide-Area Ethernet Network Summary
[IEEE802.1ad] and [IEEE802.1ah], which are standards for the Wide-
Area Ethernet, are described below.
o In IEEE802.1ad, there are two VLAN IDs: S-VID (Service VLAN
Identifier) and C-VID (Customer VLAN Identifier). S-VID is
assigned to an Ethernet frame by a service provider, while C-VID
is independently assigned to an Ethernet frame by a customer.
Frame switching in a service provider network is based on only
S-VID.
o In IEEE802.1ah, new Ethernet fields, such as B-VID (Backbone VLAN
Identifier) and I-SID (Backbone Service Instance Identifier), are
introduced to overcome the limitations on the VLAN identifier
space on IEEE802.1ad and to isolate the service provider
identifier space and customer identifier space. Frame switching
is based on a 12-bit B-VID, and customer identification is based
Kashima & Kobayashi Expires April 28, 2010 [Page 3]
�
Internet-Draft Data Link Layer Monitoring October 2009
on a 24-bit I-SID. A flexible network design has become possible
because network management is separated from customer management.
Other Ethernet fields that indicate quality of service (QoS) class
are B-PCP, B-DEI, I-PCP, and I-DEI.
IEEE802.1ah will be introduced into a backbone network in an actual
Ethernet network, and the wide-area Ethernet service is expected to
change from a flat network with only IEEE802.1ad to a hierarchical
network with co-existing IEEE802.1ad and IEEE802.1ah.
3. Existing Traffic Measurement
In a wide-area Ethernet network, network administrators are required
to measure traffic volume for each VPN customer and for each QoS
class in addition to measuring interface-based traffic. This
measurement makes it possible to provide a traffic report to network
administrators for capacity planning and traffic engineering and to
customers.
At present, network administrators use a variety of special
measurement methods, such as an Enterprise MIB from various vendors
and various device types (router, switch, or probe), in a single
network domain. It is difficult to mediate the differences. In
addition, this will lead to limitations in future networks with
[IEEE802.1ah].
4. Future Traffic Measurement
After [IEEE802.1ah] is installed in a backbone network, a more
sophisticated traffic measurement method than that used today will be
required because network administrators must measure traffic volume
for each VPN customer and for each QoS class, without regard for the
distinction between IEEE802.1ah and [IEEE802.1ad]. In the case of
IEEE802.1ah, a traffic measurement for a VPN customer is more
complicated due to consideration of the separation of VLAN
Identifiers, and a traffic measurement for QoS class is more
complicated due to consideration of the multiple parameters related
to QoS. As the use of multicast applications increases, complicated
traffic measurements for each parameter and each Ethernet frame type
(unicast, multicast, and broadcast) will be required.
The requirements for the method are as follows:
o flexible traffic measurement architecture, which can be applied to
both IEEE802.1ad and IEEE802.1ah, and
Kashima & Kobayashi Expires April 28, 2010 [Page 4]
�
Internet-Draft Data Link Layer Monitoring October 2009
o no software upgrade for switching devices, even when a network
administrator requires traffic data based on a new Ethernet field.
These requirements mean that it is possible to apply the architecture
of IPFIX/PSAMP. Therefore, in this document, we propose an Ethernet
traffic measurement method using IPFIX/PSAMP, as follows.
The device (Exporter) samples Ethernet frames using PSAMP, extracts
the header of the frame, and exports the header information extracted
via IPFIX to the Collector. The Collector sums up the number of
frames and the number of octets for each Ethernet header field (e.g.,
B-VID, I-SID, B-PCP, and I-PCP) and for each Ethernet frame type
(e.g., multicast or broadcast).
Furthermore, the device (Exporter) filters and samples traffic for
each VPN using a Composite Selector of PSAMP [RFC5475]. This makes
it possible to change the granularity of the traffic monitoring for
each VPN.
5. Information Elements
The Information Elements related to data link layer description was
deleted from <draft-ietf-psamp-info-10.txt> though it was defined in
<draft-ietf-psamp-info-09.txt>. This was because, at that time, the
PSAMP Working Group selected not standardization based on vague
requirements but standardization that was quickly completed.
The following Information Elements are necessary for enabling the
above-mentioned method, which is not limited to Ethernet because the
method can be applied to other data link protocols.
+-----+---------------------------+-----+---------------------------+
| ID | Name | ID | Name |
+-----+---------------------------+-----+---------------------------+
| XXX | dataLinkFrameType | XXX | dataLinkFrameSize |
| XXX | dataLinkFrameSection | | |
+-----+---------------------------+-----+---------------------------+
5.1. dataLinkFrameType
Description:
This Information Element specifies the type of the sampled data
link frame and SHOULD be checked before analyzing higher layer
protocols.
Kashima & Kobayashi Expires April 28, 2010 [Page 5]
�
Internet-Draft Data Link Layer Monitoring October 2009
The data link layer is defined in [ISO_IEC.7498-1_1994].
The following data link types are defined here.
- 0x01 ETHERNET
- 0x02 PPP
- 0x03 WiMAX
Further values may be assigned by IANA.
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: XXX
Status: current
5.2. dataLinkFrameSize
Description:
This Information Element specifies the size of the sampled data
link frame and SHOULD be checked before analyzing higher layer
protocols.
The data link layer is defined in [ISO_IEC.7498-1_1994].
Abstract Data Type: unsigned32
Data Type Semantics: quantity
ElementId: XXX
Status: current
5.3. dataLinkFrameSection
Description:
This Information Element, which may have a variable length,
carries the first n octets from the data link frame of a sampled
packet.
The data link layer is defined in [ISO_IEC.7498-1_1994].
Kashima & Kobayashi Expires April 28, 2010 [Page 6]
�
Internet-Draft Data Link Layer Monitoring October 2009
The size of the exported section may be constrained due to
limitations in the IPFIX protocol.
The data for this field MUST NOT be padded. If insufficient
octets are available for the length specified in the Template,
then a new Template MUST be used.
Further Information Elements, i.e., dataLinkFrameSize and
dataLinkFrameType, are needed to specify the data link type and
the size of the data link frame of this Information Element. A
set of these Information Elements MUST be contained in one Packet
Report.
Abstract Data Type: octetArray
Data Type Semantics: quantity
ElementId: XXX
Status: current
6. Security Considerations
The recommendations in this document do not introduce any additional
security issues to those already mentioned in [RFC5101] and
[RFC5477].
7. IANA Considerations
This document requires an ElementId assignment to be made by IANA.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References
[IEEE802.1D]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Media Access Control (MAC)
Bridges", IEEE Std 802.1D-2004, June 2004.
Kashima & Kobayashi Expires April 28, 2010 [Page 7]
�
Internet-Draft Data Link Layer Monitoring October 2009
[IEEE802.1Q]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks", IEEE Std 802.1Q-2005, May 2006.
[IEEE802.1ad]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks Amendment 4: Provider Bridges", IEEE Std 802.1ad-
2005, May 2006.
[IEEE802.1ah]
IEEE Computer Society, "IEEE Standards for Local and
Metropolitan Area Networks: Virtual Bridged Local Area
Networks Amendment 7: Provider Backbone Bridges", IEEE
Std 802.1ah-2008, August 2008.
[ISO_IEC.7498-1_1994]
International Organization for Standardization,
"Information technology -- Open Systems Interconnection --
Basic Reference Model: The Basic Mode", ISO Standard 7498-
1:1994, June 1996.
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F.
Raspall, "Sampling and Filtering Techniques for IP Packet
Selection", RFC 5475, March 2009.
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G.
Carle, "Information Model for Packet Sampling Exports",
RFC 5477, March 2009.
Authors' Addresses
Shingo Kashima
NTT PF Lab.
Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585
Japan
Phone: +81 422 59 3894
Email: kashima@nttv6.net
Kashima & Kobayashi Expires April 28, 2010 [Page 8]
�
Internet-Draft Data Link Layer Monitoring October 2009
Atsushi Kobayashi
NTT PF Lab.
Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585
Japan
Phone: +81 422 59 3978
Email: akoba@nttv6.net
Kashima & Kobayashi Expires April 28, 2010 [Page 9]
�