-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdraft-gray-sampled-streaming-01.txt
1008 lines (753 loc) · 36 KB
/
draft-gray-sampled-streaming-01.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Internet Engineering Task Force A. Gray, Ed.
Internet-Draft Charter Communications
Intended status: Informational 25 September 2019
Expires: 28 March 2020
Sampled Traffic Streaming
draft-gray-sampled-streaming-01
Abstract
This document standardizes the means of requesting a sampled capture
stream from a router, receiving details about the resulting data
flow, and the structure of the data flow itself. This is
specifically tailored to having various hardware ASICs be able to
perform this operation as quickly as possible, by allowing
communication of the specific bit formats of headers applied to the
packet flow, in a way that enhances interoperability between sources
and sinks. Historically, NetFlow and its ilk have been used for
these use cases, however the growth in hardware forward speeds is far
outpacing the growth in CPU speeds, and the CPU-heavy parts of
NetFlow is resulting in a reduction of sampling rates that include
all of the fields provided by NetFlow that require CPU lookups.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 28 March 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
Gray Expires 28 March 2020 [Page 1]
Internet-Draft Sampled Traffic Streaming September 2019
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem Statement / Operator Use Cases . . . . . . . . . . . 3
2.1. Use Case 1 : Traffic Analytics . . . . . . . . . . . . . 3
2.2. Use Case 2 : Network Behavior Verification . . . . . . . 3
2.3. Use Case 3 : Standardization . . . . . . . . . . . . . . 4
3. Stream Setup . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Data Stream Format . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1. Normative References . . . . . . . . . . . . . . . . . . 8
7.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Yang Model . . . . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Terminology
The following terms are used within this document:
Client: The device configuring the Replicator.
Receiver: The device that will be receiving the packet stream.
Replicator: The device doing the actual packet replication, as
requested by a Client, and sending it to a Receiver.
Point: The location inside the Replicator (generally a forwarding
ASIC) that performs the actual packet replication. There may be
multiple physical interfaces serviced by one Point, or one
Gray Expires 28 March 2020 [Page 2]
Internet-Draft Sampled Traffic Streaming September 2019
interface may be serviced by multiple Points, that may have
different capabilities.
2. Problem Statement / Operator Use Cases
This document is designed around the following use cases that
operators have today, or can foresee coming on the near horizon.
2.1. Use Case 1 : Traffic Analytics
At present, operators may use a mix of NetFlow, IPFIX, and inline
traffic samplers spread throughout the network to gather data for
analytics. With the next generation of hardware on the horizon, we
have 400Gb/s interfaces starting to become available, with faster
speeds already being talked about. This will require at least an
augmentation of any inline traffic samplers, which are quite
expensive. Additionally, the pace of growth in the data plane is
outgrowing the pace of growth in the control plane. This is
especially seen with relatively control plane or CPU heavy protocols
like NetFlow, where present sampling rates are simply not going to be
sustainable long-term, due to on-box control plane hardware
limitations. Being able to capture a filtered, sampled collection of
actual packets throughout the network is very valuable for
understanding how the network is being used, to provide hard data to
justify network topology augments or changes.
This proposal addresses this use case by making the data replication
as simple as possible for hardware forwarding ASICs to implement and
send off the device. This allows offloading the heavy calculations
to distributed infrastructure than can be scaled as needed using
commodity hardware.
2.2. Use Case 2 : Network Behavior Verification
This use case focuses on the potential ability to have the ASICs also
include packets that would normally be dropped, along with a reason
why. With bits denoting dropped due to QoS policies, buffer
contention, ACLs, etc., this traffic could be captured (potentially
at a sampling rate of 1:1, i.e. every packet) and sent off for off-
box analysis to determine if this was expected, or to provide alerts
that QoS policies may be having adverse effects on the network.
Here, including the packet payload provides a lot of additional data
for these platforms to effectively "second guess" these policies.
This proposal addresses this use case by explicitly including a field
for marking what an ASIC is going to do with a packet, and including
the payload of the resulting sample.
Gray Expires 28 March 2020 [Page 3]
Internet-Draft Sampled Traffic Streaming September 2019
2.3. Use Case 3 : Standardization
These problems are foreseen by various vendors, who are talking about
different variants of these sorts of traffic flows. Standardizing
the way these streams are formed and communicated between the
Replicators, Clients, and Receivers in a fashion that allows vendors
flexibility in what the ASIC has to do (by allowing communicating of
an extremely dynamic header in a manner than control planes can
manage) allows systems to be used between all compliant platforms.
The alternative is having to build independent systems for each form
of this sort of packet replication that may end up being developed,
resulting in much higher costs.
This proposal addresses this use case by allowing the packet header
to contain any combination of information, in any position and of any
length, to be dynamically determined and information about how to
handle this data to be exchanged between the Replicator, Client, and
Receiver. This allows ASICs to put on what information they can, in
the most efficient format for them.
3. Stream Setup
To begin, a Client utilizes a supported configuration method
(NETCONF, RESTCONF, gRPC, etc.) and the YANG model listed in
Appendix A. A Client must first request from the Replicator the
available configurations via the 'points' branch, which provides the
following information:
* A name of the Point.
* What interfaces this Point is servicing.
* If filtering is available, and if so, what filters can be applied
(against certain IP fields, against parts of the frame, etc.)
* Minimum and maximum sampling rates.
* Any current samplers already active off this Point.
* Optionally, the maximum frame length the Point can replicate into
the sample.
* Optionally, the maximum offset into a frame the Point can inspect.
* Optionally, the maximum number of samplers that this Point can
accommodate. A Client MUST still check for success, as highly
complex filters may reduce the amount of replication the Point can
do from this maximum.
Gray Expires 28 March 2020 [Page 4]
Internet-Draft Sampled Traffic Streaming September 2019
The Client then can request one or more streams to be set up on the
Replicator, using that information.
These individual streams may be configured with filters and a
sampling rate, with the replicated packets sent to the Receiver,
wrapped in an outer UDP header. The available filters are provided
by the Replicator in the response above - a common option will be for
what interface specifically to filter traffic against. The source
port of this UDP stream MUST be set to TBD1 by default - Replicators
MAY offer an ability to change this default. This is to allow
security filters to have a fixed value to key off of as an additional
defense to prevent these streams from being inadvertently sent to
undesirable locations.
The Client and Receiver MAY be separate devices. The mechanism of
exchanging information between Client and Receiver about the setup
process is outside the scope of this document.
4. Data Stream Format
After the stream setup, the Client MUST re-query the stream
configuration to get the stream-format data that the remote device
has calculated. The Client MUST NOT assume that the stream-format
data is consistent between one instance and any other performed
(there may be different versions of ASICs, different capabilities,
different versions of operating systems, or different filters may
yield a different format), or that the Payload is always at the end
(as it is the only variable-width field, it could appear at the
beginning or in the middle, and sufficient data is provided by the
other fields to extract the data correctly). This provides the
Client with what information is provided at what location in the
resulting packet. The Replicator MUST follow the expectation that is
provided in these fields.
One example of what the resulting packet may look like (but not a
nominative listing of what it is - the actual format can be any
combination of fields, of any size, in any order), the data inside
the resulting data stream after the UDP tunnel header may look like
the following:
Example layout:
Gray Expires 28 March 2020 [Page 5]
Internet-Draft Sampled Traffic Streaming September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Incoming Port | Timestamp |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Act| Frame Length | Internal Data 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload |
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1
This non-normative example would be listed in the modeled data for
packet-format as per the following table:
+-----------+------+----------------+-----------------------------+
| Name | Size | Type | Type-Data |
+===========+======+================+=============================+
| Incoming | 8 | ingress-port | A listing of values that |
| port | | | may be seen in this field, |
| | | | mapped to interface-refs |
| | | | from [RFC8343]. |
+-----------+------+----------------+-----------------------------+
| Timestamp | 24 | timestamp-nsec | Two 32 bit numbers giving |
| | | | when the "0" of this field |
| | | | is based off of. |
+-----------+------+----------------+-----------------------------+
| Act | 2 | action | A listing of values that |
| | | | may be seen in this field, |
| | | | mapped to action types |
| | | | (accepted, dropped, etc.) |
+-----------+------+----------------+-----------------------------+
| Frame | 17 | frame-length | Note that this denotes the |
| Length | | | original frame length - the |
| | | | payload field MAY NOT |
| | | | include the entire payload. |
+-----------+------+----------------+-----------------------------+
| Internal | 13 | padding | |
| Data 1 | | | |
+-----------+------+----------------+-----------------------------+
| Payload | 0 | frame-payload | |
+-----------+------+----------------+-----------------------------+
Table 1: Example packet-format response
To restate the prior note, the above is purely an example of what the
format could be - the actual format used is negotiated between the
Gray Expires 28 March 2020 [Page 6]
Internet-Draft Sampled Traffic Streaming September 2019
Client and Replicator, and can have practically any layout, with any
additional fields.
To adequately addresses the use cases stated above, a Replicator
SHOULD support as a minimum set of capabilities:
* An action field that denotes a pass or drop (ideally with drop
reason)
* The payload of at least 128 octets
* The original frame length
* Sampling rates down to 1:1 (i.e. every packet is replicated)
* Having different sampling sessions having different sampling rates
(to allow a "general" session to be watching a broad selection of
traffic, and more specific sessions targeting exact flows or
situations)
* At least two sessions per physical interface
* Filtering on ingress port
* Filtering on action
* Filtering on direction of traffic
A Client SHOULD take efforts to be notified when a change has
occurred on the Replicator, and re-verify its replication
configurations when such a change is detected.
5. IANA Considerations
This document defines a new UDP port number, entitled "Sampled
Streaming", and assigns a value of TBD1 from the Service Name and
Transport Protocol Port Number Registry
https://www.iana.org/assignments/service-names-port-numbers/service-
names-port-numbers.xhtml:
+------+-------------------+
| Tag | Description |
+======+===================+
| TBD1 | Sampled Streaming |
+------+-------------------+
Table 2
Gray Expires 28 March 2020 [Page 7]
Internet-Draft Sampled Traffic Streaming September 2019
This document requests registration of a URI in the "IETF XML
Registry" RFC 3688 [RFC3688]. Following the format in RFC 3688, the
following registration is suggested:
URI: urn:ietf:params:xml:ns:yang:ietf-sampled-streaming
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
This document registers a YANG module in the "YANG Module Names"
registry RFC 6020 [RFC6020]:
name: ietf-sampled-streaming
namespace: urn:ietf:params:xml:ns:yang:ietf-sampled-streaming
prefix: ss
reference: This document
6. Security Considerations
Vendors and deployments must take into consideration that this
functionality allows a mirroring of traffic, with configurable
destinations and filters. Similar functionality already exists in
various remote packet mirroring systems, and similar considerations
should be taken. Filters utilizing the source port of TBD1 SHOULD be
applied at the edges of a provider's network to provide an additional
layer of security.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
Gray Expires 28 March 2020 [Page 8]
Internet-Draft Sampled Traffic Streaming September 2019
7.2. Informative References
Appendix A. Yang Model
module ietf-sampled-streaming {
namespace "urn:ietf:params:xml:ns:yang:ietf-sampled-streaming";
prefix "ss";
import ietf-yang-types {
prefix yang;
}
import ietf-interfaces {
prefix if;
}
import ietf-inet-types {
prefix inet;
}
organization
"IETF Working Group";
contact
"Editor: Andrew Gray
<mailto:[email protected]>";
description
"This module contains a collection of YANG definitions for
managing sampled streaming subscriptions.
Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
Gray Expires 28 March 2020 [Page 9]
Internet-Draft Sampled Traffic Streaming September 2019
revision 2019-08-06 {
description
"Updates based on feedback for -01 draft.";
reference
"draft-gray-sampled-streaming-01";
}
revision 2019-06-25 {
description
"Initial version.";
reference
"draft-gray-sampled-streaming-00";
}
typedef filter-type {
type enumeration {
enum interfaces {
description "List of interfaces to filter against.";
}
enum action {
description "Filter against a list of actions that the Point took (i.e., only consider packets that were actually forwarded).";
}
enum direction {
description "Direction to sample traffic in.";
}
enum ip-version {
description "The version number in the IP header.";
}
enum ip-v4-srcip {
description "The IPv4 header's source IPv4 address.";
}
enum ip-v4-dstip {
description "The IPv4 header's destination IPv4 address.";
}
enum ip-v4-ttl {
description "The IPv4 header's Time to Live.";
}
enum ip-v4-prot {
description "The IPv4 header's protocol number.";
}
enum ip-v6-srcip {
description "The IPv6 header's source IPv4 address.";
}
enum ip-v6-dstip {
description "The IPv6 header's destination IPv4 address.";
}
enum frame-size {
description "The total size of the frame.";
Gray Expires 28 March 2020 [Page 10]
Internet-Draft Sampled Traffic Streaming September 2019
}
enum frame-payload {
description "Specific payload octets.";
}
}
description "The filtering abilities available.";
}
typedef field-type {
type enumeration {
enum padding {
description "Padding bits that MUST be ignored.";
}
enum port {
description "An indication of the port the traffic was sampled from.";
}
enum direction {
description "Which direction the traffic went.";
}
enum ingress-port {
description "What port the traffic was received from (may be different than 'port')";
}
enum egress-port {
description "What port the traffic is leaving on (may be different than 'port')";
}
enum timestamp-msec {
description "The timestamp the packet was received at, in integer milliseconds.";
}
enum timestamp-usec {
description "The timestamp the packet was received at, in integer microseconds.";
}
enum timestamp-nsec {
description "The timestamp the packet was received at, in integer nanoseconds.";
}
enum frame-length {
description "The received frame length. Note that due to chipset capabilities, this MAY NOT be the same as the captured packet length.";
}
enum frame-payload {
description "The payload of the frame.";
}
enum action {
description "The action that was taken on this frame. Values are mapped as according to action-type.";
}
}
description "Types of data included in the data stream provided back to the receiver. Note that all fields will not be provided.";
}
typedef action-type {
Gray Expires 28 March 2020 [Page 11]
Internet-Draft Sampled Traffic Streaming September 2019
type enumeration {
enum forwarded {
description "Forwarded normally through the system.";
}
enum dropped {
description "Generically dropped. A more specific action type code should be used, if possible.";
}
enum dropped-rate-limit {
description "Dropped due to a rate limiter applied.";
}
enum dropped-buffer {
description "Dropped due to no buffer space.";
}
enum dropped-security {
description "Dropped due to a security policy.";
}
enum dropped-error {
description "Dropped due to the frame being in error.";
}
enum remarked {
description "Frame was remarked and forwarded.";
}
}
description "Possible actions taken on a packet.";
}
typedef destination-type {
type enumeration {
enum udp {
description "Sent with a UDP header.";
}
}
description "Different possible destination types.";
}
typedef direction-type {
type enumeration {
enum ingress {
description "Traffic flowing into the Replicator.";
}
enum egress {
description "Traffic flowing out of the Replicator.";
}
enum both {
description "Capture both ingress and egress traffic.";
}
}
description "Different possible direction types.";
Gray Expires 28 March 2020 [Page 12]
Internet-Draft Sampled Traffic Streaming September 2019
}
list points {
description "A listing of the capture points available on this device, what ports they provide for, and what filtering is available at those points.";
key name;
leaf name {
type string;
description "The name of this capture point.";
}
list interface {
description "List of interfaces that are available at this point.";
config false;
leaf if {
mandatory true;
type if:interface-ref;
description "An interface tied to this capture point.";
}
}
list filters {
description "List of filtering options available at this point.";
config false;
leaf filter {
description "One specific filter available at this point.";
mandatory true;
type filter-type;
}
}
leaf min-ratio {
type uint32 {
range "1..max";
}
description "The minimum sampling ratio (1:N, with N being this value) this point can provide.";
}
leaf max-ratio {
type uint32 {
range "1..max";
}
description "The maximum sampling ratio (1:N, with N being this value) this point can provide.";
}
leaf max-samplers {
type uint32;
description "The maximum number of samplers that can be installed at this point.";
}
leaf max-filters {
type uint32;
description "The maximum number of filtering rules permitted at this location. Note this is an absolute maximum, and fewer rules that are complex may still be rejected by the device.";
}
leaf max-frame-length-copy {
Gray Expires 28 March 2020 [Page 13]
Internet-Draft Sampled Traffic Streaming September 2019
type uint16;
description "The maximum size that the point can replicate and copy into the header.";
}
leaf max-frame-depth-inspect {
type uint16;
description "The offset of the last octet in a frame the ASIC can perform filtering against.";
}
list samplers {
description "A list of all the samplers attached to this point.";
config true;
key "name";
leaf name {
mandatory true;
type string;
description "A unique name given to this sampler.";
}
container destination {
description "The destination of where to send the UDP stream to.";
leaf type {
mandatory true;
type destination-type;
description "The type of encoding for the destination.";
}
container udp-parameters {
description "Parameters for destination-type=udp. Source port is always the port number assigned by IANA.";
when "../type='udp'";
leaf destination-ip {
mandatory true;
type inet:ip-address-no-zone;
description "The destination IP to send the stream to.";
}
leaf destination-port {
mandatory true;
type inet:port-number;
description "The destination UDP port number to send the stream to.";
}
}
}
leaf ratio {
mandatory true;
type uint32 {
range "1..max";
}
Gray Expires 28 March 2020 [Page 14]
Internet-Draft Sampled Traffic Streaming September 2019
description "The requested sampling ratio (1:N, with N being this value).";
}
list filters {
description "A list of filters applied to this sampling. Multiple filters are logically ANDed together.";
key "name";
leaf name {
description "A name for this filter.";
type string;
}
list interfaces {
when "../type = 'interfaces'";
description "Filter down to only this list of interfaces.";
key "int";
leaf int {
description "A specific interface to filter against.";
type if:interface-ref;
}
}
list actions {
when "../type = 'action'";
description "Filter down to only this list of actions.";
key "action";
leaf action {
description "One specific action code.";
type action-type;
}
}
list directions {
when "../type = 'direction'";
description "Which direction(s) to sample traffic in.";
key "direction";
leaf direction {
description "Specific direction code.";
type direction-type;
}
}
leaf type {
description "The type of filter associated.";
type filter-type;
mandatory true;
}
Gray Expires 28 March 2020 [Page 15]
Internet-Draft Sampled Traffic Streaming September 2019
leaf ipv4-address {
when "../type = 'ip-v4-srcip' | ../type = 'ip-v4-dstip'";
type inet:ipv4-address-no-zone;
description "The IPv4 address to filter on.";
}
leaf ipv6-address {
when "../type = 'ip-v6-srcip' | ../type = 'ip-v6-dstip'";
type inet:ipv6-address-no-zone;
description "The IPv6 address to filter on.";
}
leaf version {
when "../type = 'ip-version'";
type inet:ip-version;
description "The value of the IP version number to match on.";
}
container frame-payload {
when "../type = 'frame-payload'";
description "Frame payload fragment to match on.";
leaf offset {
description "Offset in octets from the start of the frame to begin the match on.";
type uint16;
}
leaf match {
description "The bytes to match on.";
type binary;
}
}
leaf frame-length {
when "../type = 'frame-length'";
type uint16;
description "Frame length to match on.";
}
}
container stream-format {
config false;
description "This contains the packet format data that this sampling stream is sending. This is only valid after configuration. The length fields are given in bits, and are consecutive. Needed gaps should use a 'padding' element.";
list fields {
description "The listing of the fields that will be encapsulated and sent to the receiver.";
key "name";
leaf name {
Gray Expires 28 March 2020 [Page 16]
Internet-Draft Sampled Traffic Streaming September 2019
type string;
description "Human readable name of what this field contains.";
}
leaf size {
type uint32 {
range "0..524280";
}
description "The size of this field, in bits. The value of '0' denotes a variable-sized field, which is only permitted as the last field in this definition.";
}
leaf type {
type field-type;
description "The type of this data.";
}
list action-mappings {
description "The mapping of values to action-type codes, valid for type=action.";
key "value";
when "../type='action'";
leaf value {
type binary;
description "The value that will appear in the header.";
}
leaf meaning {
type action-type;
description "What this value indicates.";
}
}
list port-mappings {
description "The mapping of values to interfaces, valid for type=ingress-port or type=egress-port";
key "value";
when "../type='ingress-port' | ../type='egress-port'";
leaf value {
type binary;
description "The value that will appear in the header.";
}
leaf port {
type if:interface-ref;
description "The port the value maps to.";
}
}
list direction-mappings {
description "The mapping of values to direction codes, valid for type=direction.";
key "value";
when "../type='direction'";
leaf value {
type binary;
Gray Expires 28 March 2020 [Page 17]
Internet-Draft Sampled Traffic Streaming September 2019
description "The value that will appear in the header.";
}
leaf direction {
type direction-type;
description "The direction the traffic in respect to the port.";
}
}
container timestamp {
description "Supplemental data for type=timestamp*, in PTP Truncated Timestamp Format. Provides the time used as the epoch for the number in the data stream.";
when "../type='timestamp-nsec' | ../type='timestamp-usec' | ../type='timestamp-msec'";
leaf seconds {
type uint32;
description "Specifies the integer portion of the number of seconds since the epoch.";
}
leaf nanoseconds {
type uint32;
description "Specifies the fractional portion of the number of seconds since the epoch, in integer number of nanoseconds.";
}
}
}
}
}
}
}
Author's Address
Andrew Gray (editor)
Charter Communications
8560 Upland Drive, Suite B
Englewood, CO 80112
United States
Phone: +1 720 699 5125
Email: [email protected]