[PSAMP] IPFIX/PSAMP-MIB: parameters of Property Match Filtering
Gerhard Muenz <muenz@net.in.tum.de> Tue, 31 March 2009 08:22 UTC
Return-Path: <muenz@net.in.tum.de>
X-Original-To: psamp@core3.amsl.com
Delivered-To: psamp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC7133A68CD; Tue, 31 Mar 2009 01:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.843
X-Spam-Level:
X-Spam-Status: No, score=-1.843 tagged_above=-999 required=5 tests=[AWL=-0.194, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_55=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmzwFQ3lVzdN; Tue, 31 Mar 2009 01:22:04 -0700 (PDT)
Received: from mail-out2.informatik.tu-muenchen.de (mail-out2.informatik.tu-muenchen.de [131.159.0.36]) by core3.amsl.com (Postfix) with ESMTP id 3C45F3A6358; Tue, 31 Mar 2009 01:22:03 -0700 (PDT)
Received: from phoenix.net.informatik.tu-muenchen.de (phoenix.net.informatik.tu-muenchen.de [131.159.14.1]) by services.net.informatik.tu-muenchen.de (Postix Mailer @ mail) with ESMTP id 5D8D447F33; Tue, 31 Mar 2009 10:23:00 +0200 (CEST)
Received: from [131.159.20.108] (repulse.net.informatik.tu-muenchen.de [131.159.20.108]) by phoenix.net.informatik.tu-muenchen.de (Postfix) with ESMTP id 44E27A9B; Tue, 31 Mar 2009 10:23:00 +0200 (CEST)
Message-ID: <49D1D2E5.3010007@net.in.tum.de>
Date: Tue, 31 Mar 2009 10:23:01 +0200
From: Gerhard Muenz <muenz@net.in.tum.de>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: psamp <psamp@ietf.org>, "ipfix@ietf.org" <ipfix@ietf.org>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms020801050408000105030103"
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [PSAMP] IPFIX/PSAMP-MIB: parameters of Property Match Filtering
X-BeenThere: psamp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This mailing list is used for discussion within the IETF packet sampling \(PSAMP\) WG" <psamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/psamp>, <mailto:psamp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/psamp>
List-Post: <mailto:psamp@ietf.org>
List-Help: <mailto:psamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/psamp>, <mailto:psamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2009 08:22:05 -0000
Hi all, Regarding consistency of property match filtering parameters in RFC5475 (psamp-tech), RFC5476 (psamp-proto), PSAMP-MIB, and IPFIX-MIB: From RFC5475: A packet is selected if Field=Value. Masks and ranges are only supported to the extent to which [RFC5102] allows them, e.g., by providing explicit fields like the netmasks for source and destination addresses. This is consistent with RFC5476. From psamp-mib-06: The match filtering method has no capabilities defined and contains four parameters in the psampFilterMatchParamSetTable: The psampFilterMatchFieldId contain the PSAMP or IPFIX field id defined in the information model as reference what to match. The psampFilterMatchStartValue and psampFilterMatchStopValue contain the start and stop value to match the content against. In this way you can match e.g., a range x-z of transport protocol ports by specifying the field id that represents the transport protocol port and giving x as start value and y as stop value. If a single value should be matched than start and stop value must be equal. A mask psampFilterMatchMask can be applied if it is applicable for the field id. The encoding of the values is dependent on the field id and has to be done according to the PSAMP protocol document. However, defining a range (startValue, stopValue) and mask is not consistent with RFC5475/5476. So, what are the plans for PSAMP-MIB? Replace psampFilterMatchStartValue, psampFilterMatchStopvalue, and psampFilterMatchMask by a single psampFilterMatchValue? RFC5475/5476 allow multiple Field=Value conditions in a single Selector (AND semantic. If PSAMP-MIB is changed as sketched above, every Field=Value condition corresponds to a row in psampFilterMatchParamSetTable. In this case, there are consequences for IPFIX-MIB: The ipfixSelectorTable in IPFIX-MIB should be changed to enable the linkage between one Selector ID and multiple rows in psampFilterMatchParamSetTable. At the moment, the ipfixSelectorTable only allows linking the Selector ID to a single OID (ipfixSelectorFunction) only, which restricts property match filtering to a single Field=Value condition per Selector. Regards, Gerhard -- Dipl.-Ing. Gerhard Münz Chair for Network Architectures and Services (I8) Department of Informatics Technische Universität München Boltzmannstr. 3, 85748 Garching bei München, Germany Phone: +49 89 289-18008 Fax: +49 89 289-18033 E-mail: muenz@net.in.tum.de WWW: http://www.net.in.tum.de/~muenz
- [PSAMP] IPFIX/PSAMP-MIB: parameters of Property M… Gerhard Muenz