Internet DRAFT - draft-clemm-ippm-pam-ipfix

draft-clemm-ippm-pam-ipfix







IPPM                                                       A. Clemm, Ed.
Internet-Draft                                                 Futurewei
Intended status: Standards Track                            M. Boucadair
Expires: 7 June 2024                                              Orange
                                                               G. Mirsky
                                                                Ericsson
                                                         5 December 2023


       Export of Flow Precision Availability Metrics Using IPFIX
                     draft-clemm-ippm-pam-ipfix-00

Abstract

   This document defines a set of IP Flow Information Export (IPFIX)
   Information Elements to export precision availability data associated
   with Flows, specifically Flows that are associated with stringent
   Service Level Objectives (SLOs) such as latency or packet delay
   variation.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 7 June 2024.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.










Clemm, et al.              Expires 7 June 2024                  [Page 1]

Internet-Draft                  pam-ipfix                  December 2023


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Precision Availability Information Elements . . . . . . . . .   4
     3.1.  IEs Based on Precision Availability Metrics . . . . . . .   4
       3.1.1.  Violated Intervals Count  . . . . . . . . . . . . . .   4
       3.1.2.  Violation-Free Intervals Count  . . . . . . . . . . .   5
       3.1.3.  Violated Packet Count . . . . . . . . . . . . . . . .   5
       3.1.4.  Severely Violated Intervals Count . . . . . . . . . .   5
       3.1.5.  Severely Violated Packet Count  . . . . . . . . . . .   6
       3.1.6.  Mean Time Between VIs . . . . . . . . . . . . . . . .   6
       3.1.7.  Mean Number of Packets Between VIs  . . . . . . . . .   7
     3.2.  IEs Representing SLO Manifest Information . . . . . . . .   7
       3.2.1.  Precision Availability Interval Length  . . . . . . .   8
       3.2.2.  SLO Identifier  . . . . . . . . . . . . . . . . . . .   8
     3.3.  Precision Availability Metrics Not Considered . . . . . .   8
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   IP Flow Information Export (IPFIX) [RFC7011] is a protocol that is
   widely deployed in operators networks to collect Records containing a
   wide array of statistics about Flows.  The Records are used for many
   purposes, including network security (e.g., detection of denial-of-
   service attacks), accounting (e.g., identifying "top talkers"),
   monitoring and service assurance (e.g., detection of anomalies and
   abnormal behaviors), and network planning (e.g., maintaining traffic
   matrices and detecting usage trends).  To that aim, IPFIX relies upon
   a set of basic data items that can be maintained by network devices
   and exported as part of a Flow Record.  These data items are commonly
   referred to as Information Elements (IEs) [RFC7012].





Clemm, et al.              Expires 7 June 2024                  [Page 2]

Internet-Draft                  pam-ipfix                  December 2023


   Increasingly, to be provided with mere connectivity is no longer
   sufficient for many networking applications.  There is a growing
   demand for high-precision services that underly stringent Service
   Level Objectives (SLOs), such as a given latency that must be met by
   the (connectivity) service.  When a guaranteed property of a service
   (typically, traffic performance metrics) is not met, this is
   considered in many cases as equivalent to the service not being
   available.  This is particularly the case in which an application
   relying upon the service does not degrade gracefully with
   deteriorating service levels (e.g., video or voice), but in which
   violation of an SLO will cause the application to abruptly cease to
   function (e.g., industrial control and Control-as-a-Service
   applications or telehaptics).

   Existing IPFIX IEs largely focus on statistics such as traffic
   volume, packet lengths, header fields, or route properties.  However,
   there is a lack of IEs that indicate a Flow's "quality".
   Specifically, IPFIX does not support IEs that indicate compliance of
   a Flow with an SLO.  This specification fills that void by defining a
   set of IEs that are based upon Precision Availability Metrics (PAM)
   [I-D.ietf-ippm-pam].  PAMs can thus be exported as part of Flow
   Records using IPFIX.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   This document uses the IPFIX-specific terminology (Information
   Element, Template, Collector, Data Record, Flow Record, Exporting
   Process, Collecting Process, etc.) defined in Section 2 of [RFC7011].
   As in [RFC7011], these IPFIX-specific terms have the first letter of
   a word capitalized.

   Also, this document uses terminology associated with Precision
   Availability Metrics (PAM), as defined in Section 2 of
   [I-D.ietf-ippm-pam].  For the reader's convenience, some of the
   acronyms that are used in the document are provided below:

   IE:  Information Element

   IPFIX:  IP Flow Information Export

   PAM:  Precision Availability Metric




Clemm, et al.              Expires 7 June 2024                  [Page 3]

Internet-Draft                  pam-ipfix                  December 2023


   SLO:  Service Level Objective

   VI:  Violated Interval

   VFI:  Violation-Free Interval

3.  Precision Availability Information Elements

   The following subsections define a set of IEs to export precision
   availability data as part of Flow Records.  At the core of PAMs is
   the notion of an "interval", i.e. an observation interval (a small
   unit of time) for which the presence or absence of violations is
   noted.  What constitutes a violation or not depends on the definition
   of the service, i.e., the length of the interval (e.g., a
   millisecond) and the SLO (e.g., a not-to-exceed latency threshold or
   packet inter-arrival delay threshold).

   Accordingly, IEs are grouped into two categories.  The first category
   contains IEs that reflect PAMs per [I-D.ietf-ippm-pam].  The second
   category contains IEs that are used to define the context that is
   necessary to adequately interpret the IEs in the first category, such
   as the SLO that underlies the definition of precision availability
   for that particular Flow.  This context can be thought of as a
   manifest for that Flow Record.

3.1.  IEs Based on Precision Availability Metrics

3.1.1.  Violated Intervals Count

   Name:  violatedIntervalsCount

   ElementID:  TBD1

   Description:  Contains a count of intervals over the duration of the
      Flow during which the service was not available with the required
      precision.  That is, a count of intervals for which an SLO
      violation was observed for the Flow.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document





Clemm, et al.              Expires 7 June 2024                  [Page 4]

Internet-Draft                  pam-ipfix                  December 2023


3.1.2.  Violation-Free Intervals Count

   Name:  violationFreeIntervalsCount

   ElementID:  TBD2

   Description:  Contains a count of intervals over the duration of the
      Flow during which the required precision was available, i.e., the
      period during which the Flow was in compliance with its SLO.  In
      practical terms, the violationFreeIntervalsCount corresponds to
      the number of intervals over the duration of the Flow minus the
      violatedIntervalsCount.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

      TBD: Assess size of this parameter (for the case of long Flow
      durations with short interval durations).

3.1.3.  Violated Packet Count

   Name:  violatedPacketCount

   ElementID:  TBD3

   Description:  Contains a count of packets for which packet-level
      violations of an SLO were observed for the Flow.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.1.4.  Severely Violated Intervals Count

   Name:  severelyViolatedIntervalsCount

   ElementID:  TBD4



Clemm, et al.              Expires 7 June 2024                  [Page 5]

Internet-Draft                  pam-ipfix                  December 2023


   Description:  Contains a count of intervals over the duration of a
      Flow during which a particularly severe violation was observed.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.1.5.  Severely Violated Packet Count

   Name:  severelyViolatedPacketCount

   ElementID:  TBD5

   Description:  Contains a count of packets for which particularly
      severe packet-level violations of an SLO were observed for the
      Flow.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.1.6.  Mean Time Between VIs

   Name:  meanTimeBetweenViolatedIntervals

   ElementID:  TBD6

   Description:  Contains the Mean Time Between Violated Intervals over
      the duration of the Flow.

      The mean time is indicated by the number of intervals and thus
      corresponds to mean number of intervals between violated
      intervals.

      If severelyViolatedIntervalsCount is equal to 0, then the
      meanTimeBetweenViolatedIntervals must be 0.

      If severelyViolatedIntervalsCount is equal to 0, then the



Clemm, et al.              Expires 7 June 2024                  [Page 6]

Internet-Draft                  pam-ipfix                  December 2023


      meanTimeBetweenViolatedIntervals must be
      violationFreeIntervalsCount DIV 2.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.1.7.  Mean Number of Packets Between VIs

   Name:  meanNumberPacketsBetweenViolatedIntervals

   ElementID:  TBD7

   Description:  Contains the mean number of packets between packet-
      level violations over the duration of the Flow.

      if violatedPacketCount is equal to 0, then the
      meanNumberPacketsBetweenViolatedIntervals does not apply.

   Abstract Data Type:  unsigned

   Data Type Semantics:  quantity

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

      TBD: Which special value to use to indicate that the
      meanNumberPacketsBetweenViolatedIntervals does not apply.

3.2.  IEs Representing SLO Manifest Information

   The following IEs provide context regarding what "violations" and
   "severe violations" mean for a particular Flow.











Clemm, et al.              Expires 7 June 2024                  [Page 7]

Internet-Draft                  pam-ipfix                  December 2023


   In this version, IEs for the interval length and for a reference to
   an SLO are defined.  Whether SLOs themselves are to be encoded,
   including the service level parameter subjected to the SLO (e.g.,
   latency or packet delay variation), the objective itself (upper not-
   to-exceed threshold or lower threshold and threshold value) is for
   further study.  Likewise, IEs to represent manifest information
   regarding severity semantics (for severe violations) are for further
   study.

3.2.1.  Precision Availability Interval Length

   Name:  precisionAvailabilityIntervalLength

   ElementID:  TBD8

   Description:  Indicates the duration of an availability interval.

   Abstract Data Type:  unsigned

   Data Type Semantics:  identifier

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.2.2.  SLO Identifier

   Name:  sloId

   ElementID:  TBD9

   Description:  A reference to an SLO defining the semantics of what is
      considered precision availability for the Flow.

   Abstract Data Type:  unsigned

   Data Type Semantics:  identifier

   Additional Information:  See [I-D.ietf-ippm-pam] for the general
      definition of PAM.

   Reference:  This-Document

3.3.  Precision Availability Metrics Not Considered

   [I-D.ietf-ippm-pam] lists a number of additional metrics for which no
   corresponding IEs are defined for the following reasons:



Clemm, et al.              Expires 7 June 2024                  [Page 8]

Internet-Draft                  pam-ipfix                  December 2023


   Time since the last violated interval:  This is a metric that is of
      interest while a Flow is in progress, but arguably not applicable
      for export in a Flow Record once the Flow has concluded.

   Number of packets since the last violated packet:  By the same token,
      this is a metric that is of interest while a Flow is in progress,
      not for export in a Flow Record once the Flow has concluded.

   Time since the last severely violated interval:  Analogous reason as
      for "time since the last violated interval".

   Number of packets since the last severely violated packet: :Analogous
   reason as for "number of packets since the last violated interval".

   Mean time between SVIs:  For further study.

   Mean packets between SVIs:  For further study.

   Violated Interval Ratio:  This can be easily computed by the
      processor of the Record and does not warrant a separate IE.

   Severely Violated Interval Ratio:  This can be easily computed by the
      processor of the Record and does not warrant a separate IE.

4.  Security Considerations

   IPFIX security considerations are discussed in Section 8 of
   [RFC7012].

5.  IANA Considerations

   This document requests IANA to add the following new IPFIX IEs to the
   IANA IPFIX registry [IANA-IPFIX]:


















Clemm, et al.              Expires 7 June 2024                  [Page 9]

Internet-Draft                  pam-ipfix                  December 2023


    +=====+===========================================+===============+
    |Value| Name                                      | Reference     |
    +=====+===========================================+===============+
    |TBD1 | violatedIntervalsCount                    | Section 3.1.1 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD2 | violationFreeIntervalsCount               | Section 3.1.2 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD3 | violatedPacketCount                       | Section 3.1.3 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD4 | severelyViolatedIntervalsCount            | Section 3.1.4 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD5 | severelyViolatedPacketCount               | Section 3.1.5 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD6 | meanTimeBetweenViolatedIntervals          | Section 3.1.6 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD7 | meanNumberPacketsBetweenViolatedIntervals | Section 3.1.7 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD8 | precisionAvailabilityIntervalLength       | Section 3.2.1 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+
    |TBD9 | sloId                                     | Section 3.2.2 |
    |     |                                           | of This-      |
    |     |                                           | Document      |
    +-----+-------------------------------------------+---------------+

                  Table 1: New IPFIX Information Elements

6.  References

6.1.  Normative References






Clemm, et al.              Expires 7 June 2024                 [Page 10]

Internet-Draft                  pam-ipfix                  December 2023


   [I-D.ietf-ippm-pam]
              Mirsky, G., Halpern, J. M., Min, X., Clemm, A., Strassner,
              J., and J. François, "Precision Availability Metrics for
              Services Governed by Service Level Objectives (SLOs)",
              Work in Progress, Internet-Draft, draft-ietf-ippm-pam-09,
              1 December 2023, <https://datatracker.ietf.org/doc/html/
              draft-ietf-ippm-pam-09>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC7011]  Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
              "Specification of the IP Flow Information Export (IPFIX)
              Protocol for the Exchange of Flow Information", STD 77,
              RFC 7011, DOI 10.17487/RFC7011, September 2013,
              <https://www.rfc-editor.org/rfc/rfc7011>.

   [RFC7012]  Claise, B., Ed. and B. Trammell, Ed., "Information Model
              for IP Flow Information Export (IPFIX)", RFC 7012,
              DOI 10.17487/RFC7012, September 2013,
              <https://www.rfc-editor.org/rfc/rfc7012>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

6.2.  Informative References

   [IANA-IPFIX]
              IANA, "IP Flow Information Export (IPFIX) Entities",
              <https://www.iana.org/assignments/ipfix/ipfix.xhtml>.

Authors' Addresses

   Alexander Clemm (editor)
   Futurewei
   2220 Central Expressway
   Santa Clara,  CA 95050
   United States of America
   Email: ludwig@clemm.org


   Mohamed Boucadair
   Orange
   35000 Rennes
   France



Clemm, et al.              Expires 7 June 2024                 [Page 11]

Internet-Draft                  pam-ipfix                  December 2023


   Email: mohamed.boucadair@orange.com


   Greg Mirsky
   Ericsson
   United States of America
   Email: gregimirsky@gmail.com












































Clemm, et al.              Expires 7 June 2024                 [Page 12]