[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Packet Selectors and Packet Information



Hi,

I would like to start clarifying the scope of the "Packet Selector and
Packet Information" document. Note that the framework assumes that
packet selection refers to the set of packets from which packet sampling
will apply -- it is not the packet sampling itself, but rather the
packet pre-filtering.  Anyone wishing to write an individual I-D
to address this deliverable is strongly encouraged to do so,
as soon as possible. 

First, here is some text from the WG charter about these tasks:

1. Selectors for packet sampling. 
Define the set of primitive packet selection operations for network elements, 
the parameters by which they may be configured, and the ways in which they 
can be combined. 

2. Packet Information. 
Specify extent of packet that is to be made available for reporting. Target
for inclusion the packet's IP header, some subsequent bytes of the packet, 
and encapsulating headers if present. Full packet capture of arbitrary 
packet streams is explicitly out of scope. Specify variants for IPv4 and
IPv6, extent of IP packet available under encapsulation methods, and under
packet encryption.

General Question:
a) Should these topics be separated into 2 documents, or combined into 1
   (as the charter suggests)?

Packet Selector Issues:
b) What specific stateless packet selectors are needed?
   - ingress or egress interface?
   - any MAC layer fields (SA, DA, protocol)?
   - any VLAN header fields (VLAN ID, vlan priority)?
   - which IP header fields?
   - should tunneled protocol encapsulations be supported?
   - which transport protocols? which fields?
   - application identification supported (beyond 5-tuple)?
c) How should combinations of selectors be configured?
   - bitmask?
   - boolean expression (like C 'if' statement)?
   - regular expression/pattern matching?
d) Should any stateful (multi-packet) selectors be supported? If so, how?
e) Is there any existing publicly available work (e.g. IPFIX) that
   can be used as-is, or adapted, for PSAMP packet selection? 
f) Should the default selector be 'no packets' or 'all packets', or
   should this be configurable, with no default?
g) Other criteria for selecting packets

Packet Information Issues:
h) Which fields should be eligible for inclusion (see 'b' above)?
i) What 'external' packet information should be recorded for
   potential inclusion in a sample report (e.g. arrival timestamp,
   ingress or egress interfaces)?
j) How should privacy be enforced? Is there a way to specify which
   protocol payloads cannot be eligible for inclusion? Should this
   be configurable, globally, or per packet sampler?
k) Should it be possible to retrieve entire packets, or all fields
   from a particular protocol layer, in some circumstances? (e.g.,
   ICMP, ARP, DHCP, etc.) Should this be configurable? If so, how?

It may be a good idea to break up this discussion into multiple
threads, to help track each issue.  This email is just intended to
start some discussions.

thanks,
Andy


--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>