Internet DRAFT - draft-swhyte-i2rs-data-collection-system
draft-swhyte-i2rs-data-collection-system
Network Working Group S. Whyte
Internet-Draft Google Inc.
Intended status: Informational M. Hines
Expires: April 24, 2014 W. Kumari
Google, Inc.
October 21, 2013
Bulk Network Data Collection System
draft-swhyte-i2rs-data-collection-system-00
Abstract
Collecting large amounts of data from network infrastructure devices
has never been very easy. Existing methods generate CPU and memory
loads that may be unacceptable, the output varies across
implementations and can be difficult to parse, and these methods are
often difficult to scale. I2RS programmatic interfacing with the
routing system may exacerbate this problem: state needs to be
collected from nodes and fed to consumers participating in the
control plane that may not be physically close to the nodes. This
state includes not only control plane information, but elements of
the data plane that have a direct impact on control plane behavior,
like traffic engineering.
This document outlines a set of use cases requiring a flexible
framework to collect routing system data, and the features and
functionality needed to make such a framework useful for these use
cases.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
Whyte, et al. Expires April 24, 2014 [Page 1]
�
Internet-Draft Bulk Data Collection October 2013
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 24, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Desired functionality . . . . . . . . . . . . . . . . . . . . 3
2.1. Database Model . . . . . . . . . . . . . . . . . . . . . 4
2.2. Pub-Sub . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3. Capability Negotiation . . . . . . . . . . . . . . . . . 5
2.4. Format Agnostic . . . . . . . . . . . . . . . . . . . . . 5
2.5. Transport Options . . . . . . . . . . . . . . . . . . . . 5
2.6. Filtering . . . . . . . . . . . . . . . . . . . . . . . . 5
2.7. Timestamps . . . . . . . . . . . . . . . . . . . . . . . 6
2.8. Introspection . . . . . . . . . . . . . . . . . . . . . . 6
2.9. Registration . . . . . . . . . . . . . . . . . . . . . . 6
3. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Push . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1.1. Interface counters . . . . . . . . . . . . . . . . . 7
3.1.2. Thresholds . . . . . . . . . . . . . . . . . . . . . 7
3.1.3. Streaming . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Pull . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.1. Interface counters . . . . . . . . . . . . . . . . . 8
3.2.2. RIB Dump . . . . . . . . . . . . . . . . . . . . . . 8
3.2.3. Arbitrary data collection . . . . . . . . . . . . . . 8
3.3. Dynamic subscriptions . . . . . . . . . . . . . . . . . . 8
4. Subscriber versus consumer . . . . . . . . . . . . . . . . . 8
4.1. Remapping . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
Whyte, et al. Expires April 24, 2014 [Page 2]
�
Internet-Draft Bulk Data Collection October 2013
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
Managing and monitoring a network requires getting state out of it.
You can't manage what you don't measure, as the saying goes.
Currently there are a limited set of tools to get data off of network
nodes, and they do not lend themselves to programmatic access.
The primary tool today is SNMP. SNMP can be used to both push data
off a node (via traps/notifications) and pull data off the box (via
queries). SNMP queries have a variety of issues, not the least of
which is the fact that the protocol specification requires data
structures to be created on demand on network nodes that do not match
how the device's operating system data structures store the same
data. Fixing this problem has the immediate benefit of reducing CPU
and memory consumption of the monitored network devices, greatly
increasing the deployability and relevance of a solution. SNMP traps
/notifications suffer from a lack of introspection; the network
management system (NMS) must be preconfigured to understand what
information is being reported.
Other tools include CLI scraping and Syslog. CLI scraping is a low-
level pull mechanism and essentially the opposite of programmatic
access. Any change in CLI implementation, whether its a simple
whitespace correction, re-ordering of configuration stanzas,
typographical errors, or even unit changes, can require a rewriting
of monitoring software. This is compounded by the fact there is no
standardized CLI specification, such that a network with multiple
vendors in it requires these rewrites per vendor CLI change.
Syslog is another way to push data off of a network node. Syslog has
been around a long time, and while current standards provide
structured data output, very few implementations exist on network
nodes currently. For the most part NMSes must be trained how to
consume and interpret different implementations of syslog.
2. Desired functionality
Collecting large data sets with high frequency and resolution, with
minimal impact to a device's CPU and memory, is the primary
objective. Aspects of the over-all data collection system, such as
availability or reliability or scaling, are outside of scope as they
deal with the data once it has left the network node.
Whyte, et al. Expires April 24, 2014 [Page 3]
�
Internet-Draft Bulk Data Collection October 2013
We are only focusing on getting data off the node in an easily
machine parsable format.
2.1. Database Model
A database model is desired, whereby a network node can describe the
data it has available, and the structure of that data. This gives
the implementor the ability to present a database model that can be
optimal with the node's internal data structure implementations. The
NMS consumes and understands the database model only after it has
been trained to do so by incorporating a published version of the
database model from the vendor.
It should be noted that all existing data collection methods outlined
earlier require explicit knowledge of the method's implementation for
integration into a NMS. We do not propose a solution that eliminates
this, because heterogeneity of the data is not required, as we can
see from existing implementations. Rather, capability negotiation
and flexible formats and transports, outlined below, are desired
enabling the primary objective of getting large data sets off the
nodes with as little impact as possible.
2.2. Pub-Sub
An underlying pub-sub model is desired for a variety of features. It
provides a security model for authorization, it supports
intermediaries allowing the system to scale as needed, and it
provides both push and pull methods of data distribution.
In the context of this draft, a pub-sub model is a general concept
indicating information flow. Specific system details are obviously
critical yet belong in a data model document. The high level desire
is to have network nodes as publishers, with an NMS implementing
subscribers. Conceptually, they are connected by a message bus, a
layer of indirection between the publishers and subscribers. Having
a message bus allows publisher fan-in, subscriber fan-out, and a
number of other useful features outside the scope of this document.
The message bus is frequently referred to as a broker inside pub-sub
models.
Having a message bus abstraction allows for considerable flexibility
in NMS design as well. Placement of brokers in the network, their
redundancy, availablility, scaling per publisher or subscriber, can
all be tailored to suit an individual network's needs, from extremely
simple (flat) to extremely complex with multiple layers of hierarchy.
Many implementations of pub-sub models exist, scaling both in number
of subscriptions and in number of messages, both of which should be
considered carefully in the I2RS context.
Whyte, et al. Expires April 24, 2014 [Page 4]
�
Internet-Draft Bulk Data Collection October 2013
2.3. Capability Negotiation
Capability negotiation allows a node to inform a subscriber of a
number of options. Two extremely important options would be
transport protocols and formats supported. Other aspects such as
security options and error handling would also be negotiated during
this phase.
The capability negotiation phase is done via a control channel opened
for the purpose of registering subscriptions with the node. This
control channel should be TCP.
2.4. Format Agnostic
From the I2RS perspective, this framework should be format agnostic.
If a node advertises the ability to present data in XML and the
subscriber agrees, then XML can be used. Other formats that have
interest are JSON, HTML, and protobufs. Even interest for /proc/net
formatted output exists, and would help a NMS based on this framework
integrate into existing server configuration management systems.
[ Editor note: even ASN.1 should be an acceptable format. This would
potentially allow an extremely easy deployment into an existing SNMP
based NMS.]
2.5. Transport Options
Because the focus of this framework ends at getting data off the box
as quickly as possible, implementations should have the freedom to
choose a transport that meets their system design needs and not be
restricted by a specific format.
During the negotiation phase a node should advertise all the
transport options it provides and allow the subscriber to select what
it needs.
Given the time-value of different data elements coming off the node
can be quite different, it should be possible to request multiple
transports and associate a subscription with the transport protocol
of choice.
2.6. Filtering
Once a network node has provided its database model to a subscriber,
the subscriber needs a way to select parts of the model for
subscription, and it needs to be able to request multiple
subscriptions at a time.
Whyte, et al. Expires April 24, 2014 [Page 5]
�
Internet-Draft Bulk Data Collection October 2013
This framework should provide a standard filtering mechanism so that,
independent of the database model structure and contents, a
subscriber can select interesting items to collect and bucket them
based on standard parameters such as frequency of collection,
underlying transport required, whether the data is to be pushed or
pulled, or even streaming or one-shot.
2.7. Timestamps
Every piece of data collected by this framework needs a timestamp
associated with it indicating when the node made it available for
collection. This is not required on a per-variable basis, for
example data organized into a table only requires a timestamp
associated with the table.
This is not to say additional timestamps are not useful for certain
data sets nor that other timestamps with other semantics, for example
collection time versus advertisement time, can not be used, but
rather those additional timestamps are better placed in the database
model supported by the device.
2.8. Introspection
This framework should support introspection of the database model.
Introspection provides support for data verification, easier
inclusion of legacy data, and easier merging of data stream.
2.9. Registration
After capabilities and a database model have been exchanged, and a
filter used to select elements of the model to subscribe to, the
framework should support a standard way to register for all the data
desired, using whatever capabilities were advertised by the node.
Once registration is complete, the control channel can be closed.
Ensuring subscriptions are correct, complete, and replicated or not,
is up to the overall system and not the network node.
3. Use cases
Following are example use cases outlining the utility of subscribing
to data with different parameters.
Whyte, et al. Expires April 24, 2014 [Page 6]
�
Internet-Draft Bulk Data Collection October 2013
3.1. Push
Pushing data off the box can be done synchronously at fixed
intervals, or asynchronously in an ad-hoc fashion. All data pushed
is set up via registered subscriptions.
3.1.1. Interface counters
Interface counters provide a use case demonstrating the need to push
data off of a network node at specific intervals. In this proposed
framework, a node would advertise its database model including all
the interfaces it has to offer and what it can count on each. A
subscriber would select the interfaces and counters of each it is
interested in via a filter, use the filter to group them according to
available parameters, and register with the node to have them
published at agreed upon intervals.
3.1.2. Thresholds
Another use case demonstrating a push capability is thresholding.
Assuming a node advertises the capability to record and track a
threshold for a particular data type, it would use the registered
subscription to push relevant data to the subscriber whenever the
threshold was crossed. As an example, a subscriber may want to set a
threshold for memory consumed - if the available device memory falls
below a threshold the subscriber should be informed so that the
operator can investigate the issue manually or programatically.
3.1.3. Streaming
Streaming data, such as RIB information, will be critical to
supporting I2RS functionality. In this use case, a subscriber may
desire to have all updates to a RIB streamed into the collection
system, in as close to real-time as possible.
3.2. Pull
Pulling data off the node will always be a one-shot function. As
such it is probably the most heavy-handed way to get data into the
collection system, as it requires all the overhead of setting up and
tearing down the control channel, exchanging the database model,
creating a filter, and receiving the data. Nevertheless, it can be a
valuable option and should be supported.
n.b. it is certainly possible to cache requests on publishers, and
have them "replayed" via a subscription identifier. However the
capability to track the state required to do so may not be available
on a node, and this is somewhat counter to the overall goal of
Whyte, et al. Expires April 24, 2014 [Page 7]
�
Internet-Draft Bulk Data Collection October 2013
minimizing impact to the node. Having this capability as an optional
parameter of a database model, is worth exploring.
3.2.1. Interface counters
Similar to the interface counter example above, except in this case
the registration includes a parameter indicating the data should be
collected immediately and sent only once.
3.2.2. RIB Dump
Getting a snapshot of the node's current RIB can be useful for a
variety of reasons. Similar to collecting RIB information above, in
this example the subscriber would register for a one-shot dump of the
RIB, collected and sent immediately.
3.2.3. Arbitrary data collection
Once the NMS understands a node's database model, it should be able
to register for one-shot collection of any subset of that database
model. Given the overheads involved, this would best be restricted
to one-off collection needs, such as troubleshooting, but the use
case need is solid.
3.3. Dynamic subscriptions
This framework should support dynamic subscription capabilities with
pre-existing monitoring protocols that currently require static
configuration. For example, if a node's database model indicates it
support IPFIX, using the standard registration process outlined above
a subscriber should be able to set up a streaming IPFIX feed. BMP
and the like should also be available via this mechanism.
4. Subscriber versus consumer
It should be noted that because overall data collection system
architecture is out of scope, it is opaque to this framework whether
a subscriber is also the consumer of data. In order to maximize
design options, including scalability of the overall system, both
options should be supported.
4.1. Remapping
Remapping in this context is the ability to modify a node's database
model and request the modified model be used in subscriptions. While
this has interesting properties, it strays far from the primary
objective of getting data off of nodes as fast was with as little
impact as possible, and thus should be considered out of scope.
Whyte, et al. Expires April 24, 2014 [Page 8]
�
Internet-Draft Bulk Data Collection October 2013
5. Errors
Errors happen. Many classes of errors and their handling are already
well-understood and don't need to be re-iterated here. There are
certainly failure modes that may be unique to I2RS or this framework,
however, and we should be prepared to incorporate solutions for
those.
For example,providing a method for a node and a subscriber to agree
on resolution steps after defined error events would be very useful.
A subscriber may want certain subscriptions to be available for
pulling, if the push mechanism failed.
There may also be value in defining how a subscriber can probe the
transport layer, such that publisher responses can assist in
troubleshooting protocol-specific failures.
The framework needs to support standardized handling of stale data.
This class of error will largely be related to handling changes and
exceptions in the database models exchanged. For example what
happens when a node's physical configuration changes and part of an
existing subscription becomes invalid. Similar thought to logical
changes, such as the disappearance of a BGP speaker, needs to be
give.
6. IANA Considerations
This documents makes no request of the IANA.
7. Security Considerations
I2RS provides security requirements, any security requirements raised
by this framework should be encompassed there.
[TODO(WK, SW): This section needs more work / text ]
8. Acknowledgements
The author wishes to acknowledge the contributions of a number of
folk, including
{TODO(WK, SW): Remember to add folk! ]
Whyte, et al. Expires April 24, 2014 [Page 9]
�
Internet-Draft Bulk Data Collection October 2013
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
9.2. Informative References
[DeBoer] De Boer, M. and J. Bosma, "Discovering Path MTU black
holes on the Internet using RIPE Atlas", July 2012, <http:
//www.nlnetlabs.nl/downloads/publications/pmtu-black-
holes-msc-thesis.pdf>.
Authors' Addresses
Scott Whyte
Google Inc.
1600 Amphitheatre Parkway
Mountain view, California 94043
USA
Email: swhyte@google.com
Marcus Hines
Google, Inc.
1600 Amphitheatre Parkway
Mountain view, California 94043
USA
Email: hines@google.com
Warren Kumari
Google, Inc.
1600 Amphitheatre Parkway
Mountain view, California 94043
USA
Email: warren@kumari.net
Whyte, et al. Expires April 24, 2014 [Page 10]
