draft-ietf-ippm-alt-mark-07.txt   draft-ietf-ippm-alt-mark-08.txt 
Network Working Group G. Fioccola, Ed. Network Working Group G. Fioccola, Ed.
Internet-Draft A. Capello, Ed. Internet-Draft A. Capello, Ed.
Intended status: Experimental M. Cociglio Intended status: Experimental M. Cociglio
Expires: March 4, 2018 L. Castaldelli Expires: March 9, 2018 L. Castaldelli
Telecom Italia Telecom Italia
M. Chen, Ed. M. Chen, Ed.
L. Zheng, Ed. L. Zheng, Ed.
Huawei Technologies Huawei Technologies
G. Mirsky, Ed. G. Mirsky, Ed.
ZTE ZTE
T. Mizrahi, Ed. T. Mizrahi, Ed.
Marvell Marvell
August 31, 2017 September 5, 2017
Alternate Marking method for passive and hybrid performance monitoring Alternate Marking method for passive and hybrid performance monitoring
draft-ietf-ippm-alt-mark-07 draft-ietf-ippm-alt-mark-08
Abstract Abstract
This document describes a method to perform packet loss, delay and This document describes a method to perform packet loss, delay and
jitter measurements on live traffic. This method is based on jitter measurements on live traffic. This method is based on
Alternate Marking (Coloring) technique. A report on the operational Alternate Marking (Coloring) technique. A report on the operational
experiment done at Telecom Italia is explained in order to give an experiment done at Telecom Italia is explained in order to give an
example and show the method applicability. This technique can be example and show the method applicability. This technique can be
applied in various situations as detailed in this document and could applied in various situations as detailed in this document and could
be considered passive or hybrid depending on the application. be considered passive or hybrid depending on the application.
skipping to change at page 1, line 46 skipping to change at page 1, line 46
capitals, as shown here. capitals, as shown here.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 4, 2018. This Internet-Draft will expire on March 9, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of the method . . . . . . . . . . . . . . . . . . . 4 2. Overview of the method . . . . . . . . . . . . . . . . . . . 4
3. Detailed description of the method . . . . . . . . . . . . . 6 3. Detailed description of the method . . . . . . . . . . . . . 6
3.1. Packet loss measurement . . . . . . . . . . . . . . . . . 6 3.1. Packet loss measurement . . . . . . . . . . . . . . . . . 6
3.2. Timing aspects . . . . . . . . . . . . . . . . . . . . . 10 3.1.1. Coloring the packets . . . . . . . . . . . . . . . . 11
3.3. One-way delay measurement . . . . . . . . . . . . . . . . 11 3.1.2. Counting the packets . . . . . . . . . . . . . . . . 11
3.3.1. Single marking methodology . . . . . . . . . . . . . 11 3.1.3. Collecting data and calculating packet loss . . . . . 12
3.3.2. Double marking methodology . . . . . . . . . . . . . 13 3.2. Timing aspects . . . . . . . . . . . . . . . . . . . . . 12
3.4. Delay variation measurement . . . . . . . . . . . . . . . 14 3.3. One-way delay measurement . . . . . . . . . . . . . . . . 14
4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 15 3.3.1. Single marking methodology . . . . . . . . . . . . . 14
4.1. Synchronization . . . . . . . . . . . . . . . . . . . . . 15 3.3.2. Double marking methodology . . . . . . . . . . . . . 16
4.2. Data Correlation . . . . . . . . . . . . . . . . . . . . 15 3.4. Delay variation measurement . . . . . . . . . . . . . . . 17
4.3. Packet Re-ordering . . . . . . . . . . . . . . . . . . . 16 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 18
5. Implementation and deployment . . . . . . . . . . . . . . . . 17 4.1. Synchronization . . . . . . . . . . . . . . . . . . . . . 18
5.1. Report on the operational experiment at Telecom Italia . 17 4.2. Data Correlation . . . . . . . . . . . . . . . . . . . . 18
5.1.1. Coloring the packets . . . . . . . . . . . . . . . . 19 4.3. Packet Re-ordering . . . . . . . . . . . . . . . . . . . 19
5.1.2. Counting the packets . . . . . . . . . . . . . . . . 20 5. Implementation and deployment . . . . . . . . . . . . . . . . 20
5.1.3. Collecting data and calculating packet loss . . . . . 21 5.1. Report on the operational experiment at Telecom Italia . 20
5.1.4. Metric transparency . . . . . . . . . . . . . . . . . 22 5.1.1. Metric transparency . . . . . . . . . . . . . . . . . 21
5.2. IP flow performance measurement (IPFPM) . . . . . . . . . 22 5.2. IP flow performance measurement (IPFPM) . . . . . . . . . 22
5.3. OAM Passive Performance Measurement . . . . . . . . . . . 22 5.3. OAM Passive Performance Measurement . . . . . . . . . . . 22
5.4. RFC6374 Use Case . . . . . . . . . . . . . . . . . . . . 22 5.4. RFC6374 Use Case . . . . . . . . . . . . . . . . . . . . 22
5.5. Application to active performance measurement . . . . . . 23 5.5. Application to active performance measurement . . . . . . 23
6. Hybrid measurement . . . . . . . . . . . . . . . . . . . . . 23 6. Hybrid measurement . . . . . . . . . . . . . . . . . . . . . 23
7. Compliance with RFC6390 guidelines . . . . . . . . . . . . . 23 7. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8. Compliance with RFC6390 guidelines . . . . . . . . . . . . . 24
9. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 26 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27
12.1. Normative References . . . . . . . . . . . . . . . . . . 27 12.1. Normative References . . . . . . . . . . . . . . . . . . 27
12.2. Informative References . . . . . . . . . . . . . . . . . 28 12.2. Informative References . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction 1. Introduction
Nowadays, most of the traffic in Service Providers' networks carries Nowadays, most of the traffic in Service Providers' networks carries
skipping to change at page 6, line 43 skipping to change at page 6, line 43
different network devices along the path, it is possible to measure different network devices along the path, it is possible to measure
packet loss occurred in any single block between any two points. packet loss occurred in any single block between any two points.
As discussed in the previous section, a simple way to create the As discussed in the previous section, a simple way to create the
blocks is to "color" the traffic (two colors are sufficient) so that blocks is to "color" the traffic (two colors are sufficient) so that
packets belonging to different consecutive blocks will have different packets belonging to different consecutive blocks will have different
colors. Whenever the color changes, the previous block terminates colors. Whenever the color changes, the previous block terminates
and the new one begins. Hence, all the packets belonging to the same and the new one begins. Hence, all the packets belonging to the same
block will have the same color and packets of different consecutive block will have the same color and packets of different consecutive
blocks will have different colors. The number of packets in each blocks will have different colors. The number of packets in each
block depends on the criterion used to create the blocks: if the block depends on the criterion used to create the blocks:
color is switched after a fixed number of packets, then each block
will contain the same number of packets (except for any losses); but o if the color is switched after a fixed number of packets, then
if the color is switched according to a fixed timer, then the number each block will contain the same number of packets (except for any
of packets may be different in each block depending on the packet losses);
rate.
o if the color is switched according to a fixed timer, then the
number of packets may be different in each block depending on the
packet rate.
The following figure shows how a flow looks like when it is split in The following figure shows how a flow looks like when it is split in
traffic blocks with colored packets. traffic blocks with colored packets.
A: packet with A coloring A: packet with A coloring
B: packet with B coloring B: packet with B coloring
| | | | | | | | | |
| | Traffic flow | | | | Traffic flow | |
-------------------------------------------------------------------> ------------------------------------------------------------------->
skipping to change at page 10, line 5 skipping to change at page 9, line 50
have the same value (388), which corresponds to the number of packets have the same value (388), which corresponds to the number of packets
of the second block (no loss). During blocks three and four, R1 and of the second block (no loss). During blocks three and four, R1 and
R2 counters are different, meaning that some packets have been lost: R2 counters are different, meaning that some packets have been lost:
in the example, one single packet (382-381) was lost during block in the example, one single packet (382-381) was lost during block
three and three packets (377-374) were lost during block four. three and three packets (377-374) were lost during block four.
The method applied to R1 and R2 can be extended to any other router The method applied to R1 and R2 can be extended to any other router
and applied to more complex networks, as far as the measurement is and applied to more complex networks, as far as the measurement is
enabled on the path followed by the traffic flow(s) being observed. enabled on the path followed by the traffic flow(s) being observed.
It's worth mentioning two different strategies that can be used when
implementing the method:
o flow-based: the flow-based strategy is used when only a limited
number of traffic flows need to be monitored. According to this
strategy, only a subset of the flows is colored. Counters for
packet loss measurements can be instantiated for each single flow,
or for the set as a whole, depending on the desired granularity.
A relevant problem with this approach is the necessity to know in
advance the path followed by flows that are subject to
measurement. Path rerouting and traffic load-balancing increase
the issue complexity, especially for unicast traffic. The problem
is easier to solve for multicast traffic where load balancing is
seldom used and static joins are frequently used to force traffic
forwarding and replication.
o link-based: measurements are performed on all the traffic on a
link by link basis. The link could be a physical link or a
logical link. Counters could be instantiated for the traffic as a
whole or for each traffic class (in case it is desired to monitor
each class separately), but in the second case a couple of
counters is needed for each class.
As mentioned, the flow-based measurement requires the identification
of the flow to be monitored and the discovery of the path followed by
the selected flow. It is possible to monitor a single flow or
multiple flows grouped together, but in this case measurement is
consistent only if all the flows in the group follow the same path.
Moreover if a measurement is performed by grouping many flows, it is
not possible to determine exactly which flow was affected by packets
loss. In order to have measures per single flow it is necessary to
configure counters for each specific flow. Once the flow(s) to be
monitored have been identified, it is necessary to configure the
monitoring on the proper nodes. Configuring the monitoring means
configuring the rule to intercept the traffic and configuring the
counters to count the packets. To have just an end-to-end
monitoring, it is sufficient to enable the monitoring on the first
and the last hop routers of the path: the mechanism is completely
transparent to intermediate nodes and independent from the path
followed by traffic flows. On the contrary, to monitor the flow on a
hop-by-hop basis along its whole path it is necessary to enable the
monitoring on every node from the source to the destination. In case
the exact path followed by the flow is not known a priori (i.e. the
flow has multiple paths to reach the destination) it is necessary to
enable the monitoring system on every path: counters on interfaces
traversed by the flow will report packet count, counters on other
interfaces will be null.
3.1.1. Coloring the packets
The coloring operation is fundamental in order to create packet
blocks. This implies choosing where to activate the coloring and how
to color the packets.
In case of flow-based measurements, it is desirable, in general, to
have a single coloring node because it is easier to manage and
doesn't rise any risk of conflict (consider the case where two nodes
color the same flow). Thus it is advantageous to color the flow as
close as possible to the source. In addition, coloring a flow close
to the source allows an end-to-end measure if a measurement point is
enabled on the last-hop router as well. The only requirement is that
the coloring must change periodically and every node along the path
must be able to identify unambiguously the colored packets. For
link-based measurements, all traffic needs to be colored when
transmitted on the link. If the traffic had already been colored,
then it has to be re-colored because the color must be consistent on
the link. This means that each hop along the path must (re-)color
the traffic; the color is not required to be consistent along
different links.
Traffic coloring can be implemented by setting a specific bit in the
packet header and changing the value of that bit periodically. How
to choose the marking field depends on the application and is out of
scope here.
3.1.2. Counting the packets
Assuming that the coloring of the packets is performed only by the
source node, the nodes between source and destination (included) have
to count the colored packets that they receive and forward: this
operation can be enabled on every router along the path or only on a
subset, depending on which network segment is being monitored (a
single link, a particular metro area, the backbone, the whole path).
Since the color switches periodically between two values, two
counters (one for each value) are needed: one counter for packets
with color A and one counter for packets with color B. For each flow
(or group of flows) being monitored and for every interface where the
monitoring is active, a couple of counters is needed. For example,
in order to monitor separately 3 flows on a router with 4 interfaces
involved, 24 counters are needed (2 counters for each of the 3 flows
on each of the 4 interfaces).
In case of link-based measurements the behaviour is similar except
that coloring and counting operations are performed on a link by link
basis at each endpoint of the link.
Another important aspect to take into consideration is when to read
the counters: in order to count the exact number of packets of a
block the routers must perform this operation when that block has
ended: in other words, the counter for color A must be read when the
current block has color B, in order to be sure that the value of the
counter is stable. This task can be accomplished in two ways. The
general approach suggests to read the counters periodically, many
times during a block duration, and to compare these successive
readings: when the counter stops incrementing means that the current
block has ended and its value can be elaborated safely.
Alternatively, if the coloring operation is performed on the basis of
a fixed timer, it is possible to configure the reading of the
counters according to that timer: for example, reading the counter
for color A every period in the middle of the subsequent block with
color B is a safe choice. A sufficient margin should be considered
between the end of a block and the reading of the counter, in order
to take into account any out-of-order packets.
3.1.3. Collecting data and calculating packet loss
The nodes enabled to perform performance monitoring collect the value
of the counters, but they are not able to directly use this
information to measure packet loss, because they only have their own
samples. For this reason, an external Network Management System
(NMS) can be used to collect and elaborate data and to perform packet
loss calculation. The NMS compares the values of counters from
different nodes and can calculate if some packets were lost (even a
single packet) and also where packets were lost.
The value of the counters needs to be transmitted to the NMS as soon
as it has been read. This can be accomplished by using SNMP or FTP
and can be done in Push Mode or Polling Mode. In the first case,
each router periodically sends the information to the NMS, in the
latter case it is the NMS that periodically polls routers to collect
information. In any case, the NMS has to collect all the relevant
values from all the routers within one cycle of the timer.
If link-based measurement is used, it would be possible to use a
protocol to exchange values of counters between the two endpoints in
order to let them perform the packet loss calculation for each
traffic direction. A similar approach could be also applied to a
flow-based measurement.
3.2. Timing aspects 3.2. Timing aspects
This document introduces two color switching method: one is based on This document introduces two color switching method: one is based on
fixed number of packet, the other is based on fixed timer. But the fixed number of packet, the other is based on fixed timer. But the
method based on fixed timer is preferable because is more method based on fixed timer is preferable because is more
deterministic, and will be considered in the rest of the dcoument. deterministic, and will be considered in the rest of the dcoument.
By considering the clock error between network devices R1 and R2, By considering the clock error between network devices R1 and R2,
they must be synchronized to the same clock reference with an they must be synchronized to the same clock reference with an
accuracy of +/- L/2 time units, where L is the time duration of the accuracy of +/- L/2 time units, where L is the time duration of the
skipping to change at page 18, line 7 skipping to change at page 20, line 48
Telecom Italia and it's currently being used in Telecom Italia's Telecom Italia and it's currently being used in Telecom Italia's
network. The methodology has been applied by leveraging functions network. The methodology has been applied by leveraging functions
and tools available on IP routers and it's currently being used to and tools available on IP routers and it's currently being used to
monitor packet loss in some portions of Telecom Italia's network. monitor packet loss in some portions of Telecom Italia's network.
The application of the method to delay measurement is currently being The application of the method to delay measurement is currently being
evaluated in Telecom Italia's labs. This section describes how the evaluated in Telecom Italia's labs. This section describes how the
features currently available on existing routing platforms can be features currently available on existing routing platforms can be
used to apply the method, in order to give an example of used to apply the method, in order to give an example of
implementation and deployment. implementation and deployment.
The fundamental steps for this implementation of the method can be The current implementation in Telecom Italia uses the flow-based
summarized in the following items: strategy, as defined in section 3. The link-based strategy could be
applied to physical link or a logical link (e.g. Ethernet VLAN or a
o coloring the packets; MPLS PW).
o counting the packets;
o collecting data and calculating the packet loss.
o metric transparency.
Before going deeper into the implementation details, it's worth
mentioning two different strategies that can be used when
implementing the method:
o flow-based: the flow-based strategy is used when only a limited
number of traffic flows need to be monitored. This could be the
case, for example, of IPTV channels or other specific applications
traffic with high QoS requirements (i.e. Mobile Backhauling
traffic). According to this strategy, only a subset of the flows
is colored. Counters for packet loss measurements can be
instantiated for each single flow, or for the set as a whole,
depending on the desired granularity. A relevant problem with
this approach is the necessity to know in advance the path
followed by flows that are subject to measurement. Path rerouting
and traffic load-balancing increase the issue complexity,
especially for unicast traffic. The problem is easier to solve
for multicast traffic where load balancing is seldom used,
especially for IPTV traffic where static joins are frequently used
to force traffic forwarding and replication. Another application
is on Mobile Backhauling, implemented with a VPN MPLS in Telecom
Italia's network; where the monitoring is between the Provider
Edge nodes of the VPN MPLS.
o link-based: measurements are performed on all the traffic on a
link by link basis. The link could be a physical link or a
logical link (for instance an Ethernet VLAN or a MPLS PW).
Counters could be instantiated for the traffic as a whole or for
each traffic class (in case it is desired to monitor each class
separately), but in the second case a couple of counters is needed
for each class.
The current implementation in Telecom Italia uses the first strategy.
As mentioned, the flow-based measurement requires the identification
of the flow to be monitored and the discovery of the path followed by
the selected flow. It is possible to monitor a single flow or
multiple flows grouped together, but in this case measurement is
consistent only if all the flows in the group follow the same path.
Moreover, a Service Provider should be aware that, if a measurement
is performed by grouping many flows, it is not possible to determine
exactly which flow was affected by packets loss. In order to have
measures per single flow it is necessary to configure counters for
each specific flow. Once the flow(s) to be monitored have been
identified, it is necessary to configure the monitoring on the proper
nodes. Configuring the monitoring means configuring the policy to
intercept the traffic and configuring the counters to count the
packets. To have just an end-to-end monitoring, it is sufficient to
enable the monitoring on the first and the last hop routers of the
path: the mechanism is completely transparent to intermediate nodes
and independent from the path followed by traffic flows. On the
contrary, to monitor the flow on a hop-by-hop basis along its whole
path it is necessary to enable the monitoring on every node from the
source to the destination. In case the exact path followed by the
flow is not known a priori (i.e. the flow has multiple paths to reach
the destination) it is necessary to enable the monitoring system on
every path: counters on interfaces traversed by the flow will report
packet count, counters on other interfaces will be null.
5.1.1. Coloring the packets
The coloring operation is fundamental in order to create packet
blocks. This implies choosing where to activate the coloring and how
to color the packets.
In case of flow-based measurements, it is desirable, in general, to The method is applied in Telecom Italia's network to multicast IPTV
have a single coloring node because it is easier to manage and channels or other specific traffic flows with high QoS requirements
doesn't rise any risk of conflict (consider the case where two nodes (i.e. Mobile Backhauling traffic implemented with a VPN MPLS).
color the same flow). Thus it is advantageous to color the flow as
close as possible to the source. In addition, coloring a flow close
to the source allows an end-to-end measure if a measurement point is
enabled on the last-hop router as well. The only requirement is that
the coloring must change periodically and every node along the path
must be able to identify unambiguously the colored packets. For
link-based measurements, all traffic needs to be colored when
transmitted on the link. If the traffic had already been colored,
then it has to be re-colored because the color must be consistent on
the link. This means that each hop along the path must (re-)color
the traffic; the color is not required to be consistent along
different links.
Traffic coloring can be implemented by setting a specific bit in the The implementation of the method by a Service Provider needs to use
packet header and changing the value of that bit periodically. With the router features. With current router implementations, only QoS
current router implementations, only QoS related fields and features related fields and features offer the required flexibility to set
offer the required flexibility to set bits in the packet header. In bits in the packet header. In case a Service Provider only uses the
case a Service Provider only uses the three most significant bits of three most significant bits of the DSCP field (corresponding to IP
the DSCP field (corresponding to IP Precedence) for QoS Precedence) for QoS classification and queuing, it is possible to use
classification and queuing, it is possible to use the two less the two less significant bits of the DSCP field (bit 0 and bit 1) to
significant bits of the DSCP field (bit 0 and bit 1) to implement the implement the method without affecting QoS policies. One of the two
method without affecting QoS policies. One of the two bits (bit 0) bits (bit 0) could be used to identify flows subject to traffic
could be used to identify flows subject to traffic monitoring (set to monitoring (set to 1 if the flow is under monitoring, otherwise it is
1 if the flow is under monitoring, otherwise it is set to 0), while set to 0), while the second (bit 1) can be used for coloring the
the second (bit 1) can be used for coloring the traffic (switching traffic (switching between values 0 and 1, corresponding to color A
between values 0 and 1, corresponding to color A and B) and creating and B) and creating the blocks.
the blocks.
In practice, coloring the traffic using the DSCP field can be In practice, coloring the traffic using the DSCP field can be
implemented by configuring on the router output interface an access implemented by configuring on the router output interface an access
list that intercepts the flow(s) to be monitored and applies to them list that intercepts the flow(s) to be monitored and applies to them
a policy that sets the DSCP field accordingly. Since traffic a policy that sets the DSCP field accordingly. Since traffic
coloring has to be switched between the two values over time, the coloring has to be switched between the two values over time, the
policy needs to be modified periodically: an automatic script can be policy needs to be modified periodically: an automatic script can be
used perform this task on the basis of a fixed timer. In Telecom used perform this task on the basis of a fixed timer. In Telecom
Italia's implementation this timer is set to 5 minutes: this value Italia's implementation this timer is set to 5 minutes: this value
showed to be a good compromise between measurement frequency and showed to be a good compromise between measurement frequency and
stability of the measurement (i.e. possibility to collect all the stability of the measurement (i.e. possibility to collect all the
measures referring to the same block). measures referring to the same block).
5.1.2. Counting the packets If traffic is colored using the DSCP field an access-list that
Assuming that the coloring of the packets is performed only by the
source node, the nodes between source and destination (included) have
to count the colored packets that they receive and forward: this
operation can be enabled on every router along the path or only on a
subset, depending on which network segment is being monitored (a
single link, a particular metro area, the backbone, the whole path).
Since the color switches periodically between two values, two
counters (one for each value) are needed: one counter for packets
with color A and one counter for packets with color B. For each flow
(or group of flows) being monitored and for every interface where the
monitoring is active, a couple of counters is needed. For example,
in order to monitor separately 3 flows on a router with 4 interfaces
involved, 24 counters are needed (2 counters for each of the 3 flows
on each of the 4 interfaces). If traffic is colored using the DSCP
field, as in Telecom Italia's implementation, an access-list that
matches specific DSCP values can be used to count the packets of the matches specific DSCP values can be used to count the packets of the
flow(s) being monitored. flow(s) being monitored. Also, a 5 minutes timer for color switching
is a safe choice for reading the counters.
In case of link-based measurements the behaviour is similar except
that coloring and counting operations are performed on a link by link
basis at each endpoint of the link.
Another important aspect to take into consideration is when to read
the counters: in order to count the exact number of packets of a
block the routers must perform this operation when that block has
ended: in other words, the counter for color A must be read when the
current block has color B, in order to be sure that the value of the
counter is stable. This task can be accomplished in two ways. The
general approach suggests to read the counters periodically, many
times during a block duration, and to compare these successive
readings: when the counter stops incrementing means that the current
block has ended and its value can be elaborated safely.
Alternatively, if the coloring operation is performed on the basis of
a fixed timer, it is possible to configure the reading of the
counters according to that timer: for example, if each block is 5
minutes long, reading the counter for color A every 5 minute in the
middle of the subsequent block (with color B) is a safe choice. A
sufficient margin should be considered between the end of a block and
the reading of the counter, in order to take into account any out-of-
order packets. The choice of a 5 minutes timer for colore switching
was also inspired by these considerations.
5.1.3. Collecting data and calculating packet loss
The nodes enabled to perform performance monitoring collect the value
of the counters, but they are not able to directly use this
information to measure packet loss, because they only have their own
samples. For this reason, an external Network Management System
(NMS) is required to collect and elaborate data and to perform packet
loss calculation. The NMS compares the values of counters from
different nodes and can calculate if some packets were lost (even a
single packet) and also where packets were lost.
The value of the counters needs to be transmitted to the NMS as soon
as it has been read. This can be accomplished by using SNMP or FTP
and can be done in Push Mode or Polling Mode. In the first case,
each router periodically sends the information to the NMS, in the
latter case it is the NMS that periodically polls routers to collect
information. In any case, the NMS has to collect all the relevant
values from all the routers within one cycle of the timer (5
minutes).
If link-based measurement is used, it would be possible to use a 5.1.1. Metric transparency
protocol to exchange values of counters between the two endpoints in
order to let them perform the packet loss calculation for each
traffic direction. A similar approach could be complicated if
applied to a flow-based measurement.
5.1.4. Metric transparency Since a Service Provider application is described here, the method
can be applied to end-to-end services supplied to Customers. So it
is important to highlight that the method SHOULD be transparent
outside the Service Provider domain.
In Telecom Italia's implementation the source node colors the packets In Telecom Italia's implementation the source node colors the packets
with a policy that is modified periodically via an automatic script with a policy that is modified periodically via an automatic script
in order to alternate the DSCP field of the packets. The nodes in order to alternate the DSCP field of the packets. The nodes
between source and destination (included) have to count with an between source and destination (included) have to count with an
access-list the colored packets that they receive and forward. access-list the colored packets that they receive and forward.
Moreover the destination node has an important role: the colored Moreover the destination node has an important role: the colored
packets are intercepted and a policy restores and sets the DSCP field packets are intercepted and a policy restores and sets the DSCP field
of all the packets to the initial value. In this way the metric is of all the packets to the initial value. In this way the metric is
skipping to change at page 23, line 29 skipping to change at page 23, line 25
The method has been explicitly designed for passive measurements but The method has been explicitly designed for passive measurements but
it can also be used with active measurements. In order to have both it can also be used with active measurements. In order to have both
end to end measurements and intermediate measurements (hybrid end to end measurements and intermediate measurements (hybrid
measurements) two end points can exchanges artificial traffic flows measurements) two end points can exchanges artificial traffic flows
and apply alternate marking over these flows. In the intermediate and apply alternate marking over these flows. In the intermediate
points artificial traffic is managed in the same way as real traffic points artificial traffic is managed in the same way as real traffic
and measured as specified before. So the application of marking and measured as specified before. So the application of marking
method can simplify also the active measurement, as explained in method can simplify also the active measurement, as explained in
[I-D.fioccola-ippm-alt-mark-active]. [I-D.fioccola-ippm-alt-mark-active].
7. Compliance with RFC6390 guidelines 7. Summary
The advantages of the method described in this document are:
o easy implementation: it can be implemented using features already
available on major routing platforms;
o low computational effort: the additional load on processing is
negligible;
o accurate packet loss measurement: single packet loss granularity
is achieved with a passive measurement;
o potential applicability to any kind of packet/frame -based
traffic: Ethernet, IP, MPLS, etc., both unicast and multicast;
o robustness: the method can tolerate out of order packets and it's
not based on "special" packets whose loss could have a negative
impact;
o no interoperability issues: the features required to implement the
method are available on all current routing platforms.
The method doesn't raise any specific need for protocol extension,
but it could be further improved by means of some extension to
existing protocols. Specifically, the use of DiffServ bits for
coloring the packets could not be a viable solution in some cases: a
standard method to color the packets for this specific application
could be beneficial.
8. Compliance with RFC6390 guidelines
RFC6390 [RFC6390] defines a framework and a process for developing RFC6390 [RFC6390] defines a framework and a process for developing
Performance Metrics for protocols above and below the IP layer (such Performance Metrics for protocols above and below the IP layer (such
as IP-based applications that operate over reliable or datagram as IP-based applications that operate over reliable or datagram
transport protocols). transport protocols).
This document doesn't aim to propose a new Performance Metric but a This document doesn't aim to propose a new Performance Metric but a
new method of measurement for a few Performance Metrics that have new method of measurement for a few Performance Metrics that have
already been standardized. Nevertheless, it's worth applying already been standardized. Nevertheless, it's worth applying
[RFC6390] guidelines to the present document, in order to provide a [RFC6390] guidelines to the present document, in order to provide a
skipping to change at page 25, line 16 skipping to change at page 25, line 41
QoS-related configuration and behavior; moreover, the intermediate QoS-related configuration and behavior; moreover, the intermediate
nodes must not change the value of the DSCP field not to alter the nodes must not change the value of the DSCP field not to alter the
measurement. measurement.
o Organization of Results: the method of measurement produces o Organization of Results: the method of measurement produces
singletons. singletons.
o Parameters: currently, the main parameter of the method is the o Parameters: currently, the main parameter of the method is the
time interval used to alternate the colors and read the counters. time interval used to alternate the colors and read the counters.
8. Security Considerations 9. Security Considerations
This document specifies a method to perform measurements in the This document specifies a method to perform measurements in the
context of a Service Provider's network and has not been developed to context of a Service Provider's network and has not been developed to
conduct Internet measurements, so it does not directly affect conduct Internet measurements, so it does not directly affect
Internet security nor applications which run on the Internet. Internet security nor applications which run on the Internet.
However, implementation of this method must be mindful of security However, implementation of this method must be mindful of security
and privacy concerns. and privacy concerns.
There are two types of security concerns: potential harm caused by There are two types of security concerns: potential harm caused by
the measurements and potential harm to the measurements. For what the measurements and potential harm to the measurements.
concerns the first point, the measurements described in this document
are passive, so there are no packets injected into the network o Harm caused by the measurement: the measurements described in this
causing potential harm to the network itself and to data traffic. document are passive, so there are no new packets injected into
Nevertheless, the method implies modifications on the fly to the IP the network causing potential harm to the network itself and to
header of data packets: this must be performed in a way that doesn't data traffic. Nevertheless, the method implies modifications on
alter the quality of service experienced by packets subject to the fly to the IP header of data packets: this must be performed
measurements and that preserve stability and performance of routers in a way that doesn't alter the quality of service experienced by
doing the measurements. The measurements themselves could be harmed packets subject to measurements and that preserve stability and
by routers altering the marking of the packets, or by an attacker performance of routers doing the measurements. One of the main
injecting artificial traffic. Authentication techniques, such as security threats in OAM protocols is network reconnaissance; an
digital signatures, may be used where appropriate to guard against attacker can gather information about the network performance by
injected traffic attacks. passively eavesdropping to OAM messages. The advantage of the
methods described in this document is that the marking bits are
the only information that is exchanged between the network
devices. Therefore, passive eavesdropping to data plane traffic
does not allow attackers to gain information about the network
performance.
o Harm to the measurement: the measurements could be harmed by
routers altering the marking of the packets, or by an attacker
injecting artificial traffic. Authentication techniques, such as
digital signatures, may be used where appropriate to guard against
injected traffic attacks. Since the measurement itself may be
affected by routers (or other network devices) along the path of
IP packets intentionally altering the value of marking bits of
packets, as mentioned above, the mechanism specified in this
document can be applied just in the context of a controlled
domain, and thus the routers (or other network devices) are
locally administered and this type of attack can be avoided. In
addition, an attacker can't gain information about network
performance from a single monitoring point, and must use
synchronized monitoring points at multiple points on the path,
because they have to do the same kind of measurement and
aggregation that Service Providers using Alternate Marking must
do.
The privacy concerns of network measurement are limited because the The privacy concerns of network measurement are limited because the
method only relies on information contained in the IP header without method only relies on information contained in the IP header without
any release of user data. any release of user data.
The measurement itself may be affected by routers (or other network
devices) along the path of IP packets intentionally altering the
value of marking bits of packets. As mentioned above, the mechanism
specified in this document is just in the context of one Service
Provider's network, and thus the routers (or other network devices)
are locally administered and this type of attack can be avoided.
One of the main security threats in OAM protocols is network
reconnaissance; an attacker can gather information about the network
performance by passively eavesdropping to OAM messages. The
advantage of the methods described in this document is that the
marking bits are the only information that is exchanged between the
network devices. Therefore, passive eavesdropping to data plane
traffic does not allow attackers to gain information about the
network performance.
Delay attacks are another potential threat in the context of this Delay attacks are another potential threat in the context of this
document. Delay measurement is performed using a specific packet in document. Delay measurement is performed using a specific packet in
each block, marked by a dedicated color bit. Therefore, a man-in- each block, marked by a dedicated color bit. Therefore, a man-in-
the-middle attacker can selectively induce synthetic delay only to the-middle attacker can selectively induce synthetic delay only to
delay-colored packets, causing systematic error in the delay delay-colored packets, causing systematic error in the delay
measurements. As discussed in previous sections, the methods measurements. As discussed in previous sections, the methods
described in this document rely on an underlying time synchronization described in this document rely on an underlying time synchronization
protocol. Thus, by attacking the time protocol an attacker can protocol. Thus, by attacking the time protocol an attacker can
potentially compromise the integrity of the measurement. A detailed potentially compromise the integrity of the measurement. A detailed
discussion about the threats against time protocols and how to discussion about the threats against time protocols and how to
mitigate them is presented in RFC 7384 [RFC7384]. mitigate them is presented in RFC 7384 [RFC7384].
9. Conclusions
The advantages of the method described in this document are:
o easy implementation: it can be implemented using features already
available on major routing platforms;
o low computational effort: the additional load on processing is
negligible;
o accurate packet loss measurement: single packet loss granularity
is achieved with a passive measurement;
o potential applicability to any kind of packet/frame -based
traffic: Ethernet, IP, MPLS, etc., both unicast and multicast;
o robustness: the method can tolerate out of order packets and it's
not based on "special" packets whose loss could have a negative
impact;
o no interoperability issues: the features required to implement the
method are available on all current routing platforms.
The method doesn't raise any specific need for protocol extension,
but it could be further improved by means of some extension to
existing protocols. Specifically, the use of DiffServ bits for
coloring the packets could not be a viable solution in some cases: a
standard method to color the packets for this specific application
could be beneficial.
10. IANA Considerations 10. IANA Considerations
There are no IANA actions required. There are no IANA actions required.
11. Acknowledgements 11. Acknowledgements
The previous IETF drafts about this technique were: The previous IETF drafts about this technique were:
[I-D.cociglio-mboned-multicast-pm] and [I-D.tempia-opsawg-p3m]. [I-D.cociglio-mboned-multicast-pm] and [I-D.tempia-opsawg-p3m].
The authors would like to thank Alberto Tempia Bonda, Domenico The authors would like to thank Alberto Tempia Bonda, Domenico
skipping to change at page 27, line 31 skipping to change at page 27, line 31
12.1. Normative References 12.1. Normative References
[IEEE-1588] [IEEE-1588]
IEEE 1588-2008, "IEEE Standard for a Precision Clock IEEE 1588-2008, "IEEE Standard for a Precision Clock
Synchronization Protocol for Networked Measurement and Synchronization Protocol for Networked Measurement and
Control Systems", July 2008. Control Systems", July 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997,
editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation [RFC3393] Demichelis, C. and P. Chimento, "IP Packet Delay Variation
Metric for IP Performance Metrics (IPPM)", RFC 3393, Metric for IP Performance Metrics (IPPM)", RFC 3393,
DOI 10.17487/RFC3393, November 2002, <https://www.rfc- DOI 10.17487/RFC3393, November 2002,
editor.org/info/rfc3393>. <https://www.rfc-editor.org/info/rfc3393>.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and Algorithms "Network Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,
<https://www.rfc-editor.org/info/rfc5905>. <https://www.rfc-editor.org/info/rfc5905>.
[RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton, [RFC7679] Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton,
Ed., "A One-Way Delay Metric for IP Performance Metrics Ed., "A One-Way Delay Metric for IP Performance Metrics
(IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January (IPPM)", STD 81, RFC 7679, DOI 10.17487/RFC7679, January
2016, <https://www.rfc-editor.org/info/rfc7679>. 2016, <https://www.rfc-editor.org/info/rfc7679>.
skipping to change at page 29, line 40 skipping to change at page 29, line 40
"A packet based method for passive performance "A packet based method for passive performance
monitoring", draft-tempia-opsawg-p3m-04 (work in monitoring", draft-tempia-opsawg-p3m-04 (work in
progress), February 2014. progress), February 2014.
[RFC5481] Morton, A. and B. Claise, "Packet Delay Variation [RFC5481] Morton, A. and B. Claise, "Packet Delay Variation
Applicability Statement", RFC 5481, DOI 10.17487/RFC5481, Applicability Statement", RFC 5481, DOI 10.17487/RFC5481,
March 2009, <https://www.rfc-editor.org/info/rfc5481>. March 2009, <https://www.rfc-editor.org/info/rfc5481>.
[RFC6374] Frost, D. and S. Bryant, "Packet Loss and Delay [RFC6374] Frost, D. and S. Bryant, "Packet Loss and Delay
Measurement for MPLS Networks", RFC 6374, Measurement for MPLS Networks", RFC 6374,
DOI 10.17487/RFC6374, September 2011, <https://www.rfc- DOI 10.17487/RFC6374, September 2011,
editor.org/info/rfc6374>. <https://www.rfc-editor.org/info/rfc6374>.
[RFC6390] Clark, A. and B. Claise, "Guidelines for Considering New [RFC6390] Clark, A. and B. Claise, "Guidelines for Considering New
Performance Metric Development", BCP 170, RFC 6390, Performance Metric Development", BCP 170, RFC 6390,
DOI 10.17487/RFC6390, October 2011, <https://www.rfc- DOI 10.17487/RFC6390, October 2011,
editor.org/info/rfc6390>. <https://www.rfc-editor.org/info/rfc6390>.
[RFC6703] Morton, A., Ramachandran, G., and G. Maguluri, "Reporting [RFC6703] Morton, A., Ramachandran, G., and G. Maguluri, "Reporting
IP Network Performance Metrics: Different Points of View", IP Network Performance Metrics: Different Points of View",
RFC 6703, DOI 10.17487/RFC6703, August 2012, RFC 6703, DOI 10.17487/RFC6703, August 2012,
<https://www.rfc-editor.org/info/rfc6703>. <https://www.rfc-editor.org/info/rfc6703>.
[RFC7276] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y. [RFC7276] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y.
Weingarten, "An Overview of Operations, Administration, Weingarten, "An Overview of Operations, Administration,
and Maintenance (OAM) Tools", RFC 7276, and Maintenance (OAM) Tools", RFC 7276,
DOI 10.17487/RFC7276, June 2014, <https://www.rfc- DOI 10.17487/RFC7276, June 2014,
editor.org/info/rfc7276>. <https://www.rfc-editor.org/info/rfc7276>.
[RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in [RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in
Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384, Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384,
October 2014, <https://www.rfc-editor.org/info/rfc7384>. October 2014, <https://www.rfc-editor.org/info/rfc7384>.
[RFC7799] Morton, A., "Active and Passive Metrics and Methods (with [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with
Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
May 2016, <https://www.rfc-editor.org/info/rfc7799>. May 2016, <https://www.rfc-editor.org/info/rfc7799>.
Authors' Addresses Authors' Addresses
 End of changes. 27 change blocks. 
272 lines changed or deleted 279 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/