| Internet-Draft | pam-ipfix | July 2023 |
| Clemm, et al. | Expires 8 January 2024 | [Page] |
This document defines a set of IP Flow Information Export (IPFIX) Information Elements to export precision availability data associated with Flows, specifically Flows that are associated with stringent Service Level Objectives (SLOs) such as latency or packet delay variation.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 January 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
IP Flow Information Export (IPFIX) [RFC7011] is a protocol that is widely deployed in operators networks to collect Records containing a wide array of statistics about Flows. The Records are used for many purposes, including network security (e.g., detection of denial-of-service attacks), accounting (e.g., identifying "top talkers"), monitoring and service assurance (e.g., detection of anomalies and abnormal behaviors), and network planning (e.g., maintaining traffic matrices and detecting usage trends). To that aim, IPFIX relies upon a set of basic data items that can be maintained by network devices and exported as part of a Flow Record. These data items are commonly referred to as Information Elements (IEs) [RFC7012].¶
Increasingly, to be provided with mere connectivity is no longer sufficient for many networking applications. There is a growing demand for high-precision services that underly stringent Service Level Objectives (SLOs), such as a given latency that must be met by the (connectivity) service. When a guaranteed property of a service (typically, traffic performance metrics) is not met, this is considered in many cases as equivalent to the service not being available. This is particularly the case in which an application relying upon the service does not degrade gracefully with deteriorating service levels (e.g., video or voice), but in which violation of an SLO will cause the application to abruptly cease to function (e.g., industrial control and Control-as-a-Service applications or telehaptics).¶
Existing IPFIX IEs largely focus on statistics such as traffic volume, packet lengths, header fields, or route properties. However, there is a lack of IEs that indicate a Flow's "quality". Specifically, IPFIX does not support IEs that indicate compliance of a Flow with an SLO. This specification fills that void by defining a set of IEs that are based upon Precision Availability Metrics (PAM) [I-D.ietf-ippm-pam]. PAMs can thus be exported as part of Flow Records using IPFIX.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the IPFIX-specific terminology (Information Element, Template, Collector, Data Record, Flow Record, Exporting Process, Collecting Process, etc.) defined in Section 2 of [RFC7011]. As in [RFC7011], these IPFIX-specific terms have the first letter of a word capitalized.¶
Also, this document uses terminology associated with Precision Availability Metrics (PAM), as defined in Section 2 of [I-D.ietf-ippm-pam]. For the reader's convenience, some of the acronyms that are used in the document are provided below:¶
The following subsections define a set of IEs to export precision availability data as part of Flow Records. At the core of PAMs is the notion of an "interval", i.e. an observation interval (a small unit of time) for which the presence or absence of violations is noted. What constitutes a violation or not depends on the definition of the service, i.e., the length of the interval (e.g., a millisecond) and the SLO (e.g., a not-to-exceed latency threshold or packet inter-arrival delay threshold).¶
Accordingly, IEs are grouped into two categories. The first category contains IEs that reflect PAMs per [I-D.ietf-ippm-pam]. The second category contains IEs that are used to define the context that is necessary to adequately interpret the IEs in the first category, such as the SLO that underlies the definition of precision availability for that particular Flow. This context can be thought of as a manifest for that Flow Record.¶
violatedIntervalsCount¶
TBD1¶
Contains a count of intervals over the duration of the Flow during which the service was not available with the required precision. That is, a count of intervals for which an SLO violation was observed for the Flow.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
violationFreeIntervalsCount¶
TBD2¶
Contains a count of intervals over the duration of the Flow during which the required precision was available, i.e., the period during which the Flow was in compliance with its SLO. In practical terms, the violationFreeIntervalsCount corresponds to the number of intervals over the duration of the Flow minus the violatedIntervalsCount.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
TBD: Assess size of this parameter (for the case of long Flow durations with short interval durations).¶
violatedPacketCount¶
TBD3¶
Contains a count of packets for which packet-level violations of an SLO were observed for the Flow.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
severelyViolatedIntervalsCount¶
TBD4¶
Contains a count of intervals over the duration of a Flow during which a particularly severe violation was observed.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
severelyViolatedPacketCount¶
TBD5¶
Contains a count of packets for which particularly severe packet-level violations of an SLO were observed for the Flow.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
meanTimeBetweenViolatedIntervals¶
TBD6¶
Contains the Mean Time Between Violated Intervals over the duration of the Flow.¶
The mean time is indicated by the number of intervals and thus corresponds to mean number of intervals between violated intervals.¶
If severelyViolatedIntervalsCount is equal to 0, then the meanTimeBetweenViolatedIntervals must be 0.¶
If severelyViolatedIntervalsCount is equal to 0, then the meanTimeBetweenViolatedIntervals must be violationFreeIntervalsCount DIV 2.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
meanNumberPacketsBetweenViolatedIntervals¶
TBD7¶
Contains the mean number of packets between packet-level violations over the duration of the Flow.¶
if violatedPacketCount is equal to 0, then the meanNumberPacketsBetweenViolatedIntervals does not apply.¶
unsigned¶
quantity¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
TBD: Which special value to use to indicate that the meanNumberPacketsBetweenViolatedIntervals does not apply.¶
The following IEs provide context regarding what "violations" and "severe violations" mean for a particular Flow.¶
In this version, IEs for the interval length and for a reference to an SLO are defined. Whether SLOs themselves are to be encoded, including the service level parameter subjected to the SLO (e.g., latency or packet delay variation), the objective itself (upper not-to-exceed threshold or lower threshold and threshold value) is for further study. Likewise, IEs to represent manifest information regarding severity semantics (for severe violations) are for further study.¶
sloId¶
TBD9¶
A reference to an SLO defining the semantics of what is considered precision availability for the Flow.¶
unsigned¶
identifier¶
See [I-D.ietf-ippm-pam] for the general definition of PAM.¶
This-Document¶
[I-D.ietf-ippm-pam] lists a number of additional metrics for which no corresponding IEs are defined for the following reasons:¶
This is a metric that is of interest while a Flow is in progress, but arguably not applicable for export in a Flow Record once the Flow has concluded.¶
By the same token, this is a metric that is of interest while a Flow is in progress, not for export in a Flow Record once the Flow has concluded.¶
Analogous reason as for "time since the last violated interval".¶
Number of packets since the last severely violated packet: :Analogous reason as for "number of packets since the last violated interval".¶
For further study.¶
For further study.¶
This can be easily computed by the processor of the Record and does not warrant a separate IE.¶
This can be easily computed by the processor of the Record and does not warrant a separate IE.¶
IPFIX security considerations are discussed in Section 8 of [RFC7012].¶
This document requests IANA to add the following new IPFIX IEs to the IANA IPFIX registry [IANA-IPFIX]:¶
| Value | Name | Reference |
|---|---|---|
| TBD1 | violatedIntervalsCount | Section 3.1.1 of This-Document |
| TBD2 | violationFreeIntervalsCount | Section 3.1.2 of This-Document |
| TBD3 | violatedPacketCount | Section 3.1.3 of This-Document |
| TBD4 | severelyViolatedIntervalsCount | Section 3.1.4 of This-Document |
| TBD5 | severelyViolatedPacketCount | Section 3.1.5 of This-Document |
| TBD6 | meanTimeBetweenViolatedIntervals | Section 3.1.6 of This-Document |
| TBD7 | meanNumberPacketsBetweenViolatedIntervals | Section 3.1.7 of This-Document |
| TBD8 | precisionAvailabilityIntervalLength | Section 3.2.1 of This-Document |
| TBD9 | sloId | Section 3.2.2 of This-Document |