1 / 12

PSAMP Information Model Status

This report provides an update on the PSAMP information model for packet sampling, including changes from the previous version and open issues that need to be addressed. It also discusses sampling and filtering functions, match filtering methods, method chaining, and the observation point.

gleasonm
Download Presentation

PSAMP Information Model Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PSAMP Information Model Status Information Model for Packet Sampling A Status Report Thomas Dietz dietz@netlab.nec.de Falko Dressler dressler@informatik.uni-tuebingen.de

  2. Changes from Previous Version  Restructerd field order  Added parameter probability for uniform probabilistic sampling

  3. Open Issues  Fields for some sampling methods and almost all filtering methods need to be defined  The chaining of filter and sample methods must be defined  Usage of IPFIX fields in PSAMP must be described  Number space for field IDs (currently starting from 1024)

  4. Sampling/Filtering Functions  Sampling and filtering methods may contain functions  Non-uniform probabilistic sampling  Flow state sampling  Hash filtering  Router state filtering  Do we need standard functions for those methods?

  5. Match Filtering (1)  Match filtering is currently defined as a bit mask on the first 20/40 bytes of a IPv4/IPv6 packet  Advantages  Only one field is needed to encode a match  Very flexible for future extensions (no changes to info model needed)

  6. Match Filtering (2)  Disadvantages  Option/Extension header fields cannot be matched  Transport protocol header fields are difficult to match (impossible if there are extension headers present)  Difficult to read and encode  Difficult to implement

  7. Match Filtering (3)  Proposal: Create a simple description language  Header fields can be matched easily  Most existing devices have a filtering language anyway (access lists)  If extensions are needed they can be defined by vender specific fields (in a first step and can be standardized later if needed)

  8. Method Chaining (1)  Several sampling/Filtering methods can be applied one after another  How do we represent this feature in the info model?  Proposal:  Several fields containing a template ID  One field containing all template ids

  9. Method Chaining (2) – Proposal 1  Several fields containing a template ID Template ID ... Option Data ID 1 Option Data ID 2 ...  Advantages  Easy to encode  Disadvantages  The order of the template IDs is not guarantied by the protocol  Does only work if order is significant

  10. Method Chaining (3) – Proposal 2  One field containing all template IDs Template ID ... Option Data ID List  Advantages  Order of the template IDs is implied by the order within the field  Always one field regardless of the number of methods chained  Disadvantages  More difficult to encode

  11. Observation Point  The observation point is currently not defined in the info model  This should be taken from the IPFIX info model

  12. The End Thank you for your attention

More Related