Network Working Group M. Chen, Ed. Internet-Draft L. Zheng, Ed. Intended status: Informational Huawei Technologies Expires: September 18, 2016 G. Mirsky, Ed. Ericsson G. Fioccola, Ed. Telecom Italia T. Mizrahi, Ed. Marvell March 17, 2016 IP Flow Performance Measurement Framework draft-chen-ippm-coloring-based-ipfpm-framework-06 Abstract This document specifies a measurement method, the IP flow performance measurement (IPFPM). With IPFPM, data packets are marked into different blocks of markers by changing one or more bits of packets. No additional delimiting packet is needed and the performance is measured in-service and in-band without the insertion of additional traffic. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 18, 2016. Chen, et al. Expires September 18, 2016 [Page 1] Internet-Draft IPFPM Framework March 2016 Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Overview and Concept . . . . . . . . . . . . . . . . . . . . 4 4. Consideration on Marking Bits . . . . . . . . . . . . . . . . 6 5. Reference Model and Functional Components . . . . . . . . . . 6 5.1. Reference Model . . . . . . . . . . . . . . . . . . . . . 6 5.2. Measurement Control Point . . . . . . . . . . . . . . . . 7 5.3. Measurement Agent . . . . . . . . . . . . . . . . . . . . 7 6. Period Number . . . . . . . . . . . . . . . . . . . . . . . . 8 7. Re-ordering Tolerance . . . . . . . . . . . . . . . . . . . . 8 8. Packet Loss Measurement . . . . . . . . . . . . . . . . . . . 9 9. Packet Delay Measurement . . . . . . . . . . . . . . . . . . 10 10. Synchronization Aspects . . . . . . . . . . . . . . . . . . . 11 10.1. Synchronization for the Period Number . . . . . . . . . 12 10.2. Synchronization for Delay Measurement . . . . . . . . . 12 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 12. Security Considerations . . . . . . . . . . . . . . . . . . . 13 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 14. Contributing Authors . . . . . . . . . . . . . . . . . . . . 14 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 15.1. Normative References . . . . . . . . . . . . . . . . . . 15 15.2. Informative References . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 1. Introduction Performance Measurement (PM) is an important tool for service providers, used for Service Level Agreement (SLA) verification, troubleshooting (e.g., fault localization or fault delimitation) and network visualization. Measurement methods could be roughly put into two categories - active measurement methods and passive measurement Chen, et al. Expires September 18, 2016 [Page 2] Internet-Draft IPFPM Framework March 2016 methods. Active methods measure performance or reliability parameters by the examination of traffic (IP Packets) injected into the network, expressly for the purpose of measurement by the intended measurement points. In contrast, passive method measures some performance or reliability parameters associated with the existing traffic (packets) on the network. Both passive and active methods have their strengths and should be regarded as complementary. There are certain scenarios where active measurement alone is not enough or applicable and passive measurement is desirable[I-D.deng-ippm-passive-wireless-usecase]. With active measurement methods, the rate, numbers and interval between the injected packets may affect the accuracy of the results. Moreover, injected test packets are not always guaranteed to be in- band with the data traffic in the pure IP network due to Equal Cost Multi-Path (ECMP). The Multiprotocol Label Switching (MPLS) PM protocol [RFC6374] for packet loss could be considered an example of a passive performance measurement method. By periodically inserting auxiliary Operations, Administration and Maintenance (OAM) packets, the traffic is delimited by OAM packets into consecutive blocks, and the receivers count the packets and calculate the packets lost in each block. However, solutions like [RFC6374] depend on the fixed positions of the delimiting OAM packets for packets counting, and thus are vulnerable to out-of-order arrival of packets. This could happen particularly with out-of-band OAM channels, but might also happen with in-band OAM because of the presence of multipath forwarding within the network. Out of order delivery of data and the delimiting OAM packets can give rise to inaccuracies in the performance measurement figures. The scale of these inaccuracies will depend on data speeds and the variation in delivery, but with out-of-band OAM, this could result in significant differences between real and reported performance. This document specifies a different measurement method, the IP flow performance measurement (IPFPM). With IPFPM, data packets are marked into different blocks of markers by changing one or more bits of packets without altering normal processing in the network. No additional delimiting packet is needed and the performance can be measured in-service without the insertion of additional traffic. Furthermore, because marking-based IP performance measurement does not require extra OAM packets for traffic delimitation, it can be used in situations where there is packet re-ordering. IP Flow Information eXport (IPFIX) [RFC7011] is used for reporting the measurement data of IPFPM to a central calculation element for performance metrics calculation. Several new Information Elements of Chen, et al. Expires September 18, 2016 [Page 3] Internet-Draft IPFPM Framework March 2016 IPFIX are defined for IPFPM. These are described in the companion document [I-D.chen-ippm-ipfpm-report]. 2. Terminology The acronyms used in this document will be listed here. 3. Overview and Concept The concept of marking IP packets for performance measurement is described in [I-D.tempia-opsawg-p3m]. Marking of packets in a specific IP flow to different colors divides the flows into different consecutive blocks. Packets in a block have same marking and consecutive blocks will have different markings. This enables the measuring node to count and calculate packet loss and/or delay based on each block of markers without any additional auxiliary OAM packets. The following figure (Figure 1) is an example that illustrates the different markings in a single IP flow in alternate 0 and 1 blocks. | 0 Block | 1 Block | 0 Block | 1 Block | 000000000000 111111111111 000000000000 111111111111 Figure 1: Packet Marking For packet loss measurement, there are two ways to mark packets: fixed packet numbers or fixed time period for each block of markers. This document considers only fixed time period method. The sender and receiver nodes count the transmitted and received packets/octets based on each block of markers. By counting and comparing the transmitted and received packets/octets, the packet loss can be computed. For packet delay measurement, there are three solutions. One is similar to the packet loss, it still marks the IP flows to different blocks of markers and uses the time of the marking change as the reference time for delay calculations. This solution requires that there must not be any out-of-order packets; otherwise, the result will not be accurate. Because it uses the first packet of each block of markers for delay measurement, if there is packet reordering, the first packet of each block at the sender will be probably different from the first packet of the block at the receiver. An alternate way is to periodically mark a single packet in the IP flow. Within a given time period, there is only one packet that can be marked. The sender records the timestamp when the marked packet is transmitted, and the receiver records the timestamp when receiving the marked packet. With the two timestamps, the packet delay can be computed. Chen, et al. Expires September 18, 2016 [Page 4] Internet-Draft IPFPM Framework March 2016 An additional method consists of taking into account the average arrival time of the packets within a single block (i.e. the same block of markers used for packet loss measurement). The network device locally sums all the timestamps and divides by the total number of packets received, so the average arrival time for that block of packets can be calculated. By subtracting the average arrival times of two adjacent devices it is possible to calculate the average delay between those nodes. This method is robust to out of order packets and also to packet loss (only an error is introduced dependent from the number of lost packets). A centralized calculation element Measurement Control Point (MCP) is introduced in Section 5.2 of this document, to collect the packet counts and timestamps from the senders and receivers for metrics calculation. The IP Flow Information eXport (IPFIX) [RFC7011] protocol is used for collecting the performance measurement statistic information [I-D.chen-ippm-ipfpm-report]. For the statistic information collected, the MCP has to know exactly what packet pair counts (one from the sender and the other is from the receiver) are based on the same block of markers and a pair of timestamps (one from the sender and the other is from the receiver) are based on the same marked packet. In case of average delay calculation the MCP has to know in addition to the packet pair counters also the pair of average timestamps for the same block of markers. The "Period Number" based solution Section 6 is introduced to achieve this. For a specific IP flow to be measured, there may be one or more upstream and downstream Measurement Agents (MAs)( Section 5.3). An IP flow can be identified by the Source IP (SIP) and Destination IP (DIP) addresses, and it may combine the SIP and DIP with any or all of the Protocol number, the Source port, the Destination port, and the Type of Service (TOS) to identify an IP flow. For each flow, there will be a flow identifier that is unique within a certain administrative domain. To simplify the process description, the flows discussed in this document are all unidirectional. A bidirectional flow can be seen as two unidirectional flows. IFPFM supports the measurement of a Multipoint-to-Multipoint (MP2MP) model, which satisfies all the scenarios that include Point-to-Point (P2P), Point-to-Multipoint (P2MP), Multipoint-to-Point (MP2P), and MP2MP. The P2P scenario is obvious and can be used anywhere. P2MP and MP2P are very common in mobile backhaul networks. For example, a Cell Site Gateway (CSG) that uses multi-homing to two Radio Network Controller (RNC) Site Gateways (RSGs) is a typical network design. When there is a failure, there is a requirement to monitor the flows between the CSG and the two RSGs hence to determine whether the fault is in the transport network or in the wireless network (typically called "fault delimitation"). This is especially useful in the Chen, et al. Expires September 18, 2016 [Page 5] Internet-Draft IPFPM Framework March 2016 situation where the transport network belongs to one service provider and the wireless network belongs to other service providers. 4. Consideration on Marking Bits The marking bits selection is encapsulation-related; different bits for marking should be allocated by different encapsulations. This document does not define any marking bits. The marking bits selection for specific encapsulations will be defined in the relevant documents. In general, at least one marking bit is required to support loss and delay measurement. Specifically, if the second delay measurement solution is used (see Section 3), then at least two marking bits are needed; one bit for packet loss measurement, the other for packet delay measurement. In theory, so long as there are unused bits that could be allocated for marking purpose, the marking-based measurement mechanism can be applied to any encapsulation. It is relatively easier for new encapsulations to allocate marking bits. An example of such a case is Bit Indexed Explicit Replication (BIER). Two marking bits for passive performance measurement has been allocated in the BIER encapsulation [I-D.ietf-bier-mpls-encapsulation] (Section 3.). However, for sophisticated encapsulations, it is harder or even impossible to allocate bits for marking purpose. The IPv4 encapsulation is one of the examples. The IPv6 encapsulation is in a similar situation, but for IPv6, an alternative solution is to leverage the IPv6 extension header for marking. Since marking will directly change some bits (of the header) of the real traffic packets, the marking operations MUST NOT affect the forwarding and processing of packets. Specifically, the marking bits MUST NOT be used for ECMP hashing. In addition, to increase the accuracy of measurement, hardware-based implementation is desired. Thus, the location of the marking bits SHOULD be easy for hardware implementation. For example, the marking bits would be best located at fixed positions in a packet header. 5. Reference Model and Functional Components 5.1. Reference Model The outline of the measurement system of large-scale measurement platforms (LMAP) is introduced in [I-D.ietf-lmap-framework]. It describes the main functional components of the LMAP measurement system, and the interactions between the components. The Measurement Agent (MA) of IPFPM could be considered equivalent to the MA of LMAP. The Measurement Control Point (MCP) of IPFPM could be considered as the combined function of Controller and Collector. The IP Flow Chen, et al. Expires September 18, 2016 [Page 6] Internet-Draft IPFPM Framework March 2016 Information eXport (IPFIX) [RFC7011] protocol is used for collecting the performance measurement data on the MAs and reporting to the MCP. The details are specified in the companion document [I-D.chen-ippm-ipfpm-report]. The control between MCP and MAs are left for future study. Figure 2 presents the reference model of IPFPM. +-----+ +------| MCP |------+ | +-----+ | +-----+ | +---/ \---+ | +-----+ | MA1 |---+ | | +---| MA3 | +-----+ | | +-----+ +-----+ | | +-----+ | MA2 |------+ +------| MA4 | +-----+ +-----+ Figure 2: IPFPM Reference Model 5.2. Measurement Control Point The Measurement Control Point (MCP) is responsible for collecting the measurement data from the Measurement Agents (MAs) and calculating the performance metrics according to the collected measurement data. For packet loss, based on each block of markers, the difference between the total counts received from all upstream MAs and the total counts received from all downstream MAs are the lost packet numbers. The MCP must make sure that the counts from the upstream MAs and downstream MAs are related to the same marking/packets block. For packet delay (e.g., one way delay), the difference between the timestamps from the downstream MA and upstream MA is the packet delay. Similarly to packet loss, the MCP must make sure the two timestamps are based on the same marked packet. This document introduces a Period Number (PN) based synchronization mechanism which is discussed in details in Section 6. 5.3. Measurement Agent The Measurement Agent (MA) executes the measurement actions (e.g., marks the packets, counts the packets, records the timestamps, etc.), and reports the data to the Measurement Control Point (MCP). Each MA maintains two timers, one (C-timer, used at upstream MA) is for marking change, the other (R-timer, used at downstream MA) is for reading the packet counts and timestamps. The two timers have the same time interval but are started at different times. An MA can be either an upstream or a downstream MA: the role is specific to an IP flow to be measured. For a specific IP flow, the upstream MA will change the marking and read the packet counts and timestamps when the C-timer expires, the downstream MA just reads the packet counts and Chen, et al. Expires September 18, 2016 [Page 7] Internet-Draft IPFPM Framework March 2016 timestamps when the R-timer expires. The MA may delay the reading for a certain time period when the R-timer expires, in order to be tolerant to a certain degree of packet re-ordering. Section 7 describes this in details. For each Measurement Task (corresponding to an IP flow) [I-D.ietf-lmap-framework], an MA maintains a pair of packet counters and a timestamp counter for each block of markers. As for the pair of packet counters, one is for counting packets and the other is for counting octets. 6. Period Number When data is collected on the upstream MA and downstream MA, e.g., packet counts or timestamps, and periodically reported to the MCP, a certain synchronization mechanism is required to ensure that the collected data is correlated. Synchronization aspects are further discussed in Section 10. This document introduces the Period Number (PN) to help the MCP to determine whether any two or more packet counts (from distributed MAs) are related to the same block of markers, or any two timestamps are related to the same marked packet. Period Numbers assure the data correlation by literally splitting the packets into different measurement periods. The PN is generated each time an MA reads the packet counts or timestamps, and is associated with each packet count and timestamp reported to the MCP. For example, when the MCP sees two PNs associated with two packet counts from an upstream and a downstream MA, it assumes that these two packet counts correspond to the same measurement period by the same PN, i.e., that these two packet counts are related to the same block of markers. The assumption is that the upstream and downstream MAs are time synchronized. This requires the upstream and downstream MAs to have a certain time synchronization capability (e.g., the Network Time Protocol (NTP) [RFC5905], or the IEEE 1588 Precision Time Protocol (PTP) [IEEE1588]), as further discussed in Section 10. The PN is calculated as the modulo of the local time (when the counts or timestamps are read) and the interval of the marking time period. 7. Re-ordering Tolerance In order to allow for a certain degree of packet re-ordering, the R-timer on downstream MAs should be started delta-t (Dt) later than the C-timer is started. Dt is a defined period of time and should satisfy the following conditions: (Time-L - Time-MRO ) < Dt < (Time-L + Time-MRO ) Where Chen, et al. Expires September 18, 2016 [Page 8] Internet-Draft IPFPM Framework March 2016 Time-L: the link delay time between the sender and receiver; Time-MRO: the maximum re-ordering time difference; if a packet is expected to arrive at t1 but actually arrives at t2, then the Time- MRO = | t2 - t1|. Thus, the R-timer should be started at "t + Dt" (where t is the time at which C-timer is started). For simplicity, the C-timer should be started at the beginning of each time period. This document recommends the implementation to support at least these time periods (1s, 10s, 1min, 10min and 1h). Thus, if the time period is 10s, then the C-timer should be started at the time of any multiples of 10 in seconds (e.g., 0s, 10s, 20s, etc.), and the R-timer should be started, for example, at 0s+Dt, 10s+Dt, 20s+Dt, etc. With this method, each MA can independently start its C-timer and R-timer given that the clocks have been synchronized. 8. Packet Loss Measurement To simplify the process description, the flows discussed in this document are all unidirectional. A bidirectional flow can be seen as two unidirectional flows. For a specific flow, there will be an upstream MA and a downstream MA, and for each of these MAs there will be corresponding packet counts/timestamp. For packet loss measurement, this document defines the following counters and quantities: U-CountP[n][m]: U-CountP is a two-dimensional array that stores the number of packets transmitted by each upstream MA in each marking time period. Specifically, parameter "n" is the "period number" of measured blocks of markers while parameter "m" refers to the m-th MA of the upstream MAs. D-CountP[n][m]: D-CountP is a two-dimensional array that stores the number of packets received by each downstream MA in each marking time period. Specifically, parameter "n" is the "period number" of measured blocks of markers while parameter "m" refers to the m-th MA of the downstream MAs. U-CountO[n][m]: U-CountO is a two-dimensional array that stores the number of octets transmitted by each upstream MA in each marking time period. Specifically, parameter "n" is the "period number" of measured blocks of markers while parameter "m" refers to the m-th MA of the upstream MAs. Chen, et al. Expires September 18, 2016 [Page 9] Internet-Draft IPFPM Framework March 2016 D-CountO[n][m]: D-CountO is a two-dimensional array that stores the number of octets received by each downstream MA in each marking time period. Specifically, parameter "n" is the "period number" of measured blocks of markers while parameter "m" refers to the m-th MA of the downstream MAs. LossP: the number of packets transmitted by the upstream MAs but not received at the downstream MAs. LossO: the total octets transmitted by the upstream MAs but not received at the downstream MAs. The total packet loss of a flow can be computed as follows: LossP = U-CountP[1][1] + U-CountP[1][2] + .... + U-CountP[n][m] - D-CountP[1][1] - D-CountP[1][2] - .... - D-CountP[n][m']. LossO = U-CountO[1][1] + U-CountO[1][2] + .... + U-CountO[n][m] - D-CountO[1][1] - D-CountO[1][2] - .... - D-CountO[n][m']. Where the m and m' are the number of upstream MAs and downstream MAs of the measured flow, respectively. 9. Packet Delay Measurement For packet delay measurement, there will be only one upstream MA and may be one or more (P2MP) downstream MAs. Although the marking-based IPFPM supports P2MP model, this document only discusses P2P model. The P2MP model is left for future study. This document defines the following timestamps and quantities: U-Time[n]: U-Time is a one-dimension array that stores the time when marked packets are sent; in case the "average delay" method is being used, U-Time stores the average of the time when the packets of the same block are sent; parameter "n" is the "period number" of marked packets. D-Time[n]: D-Time is a one-dimension array that stores the time when marked packets are received; in case the "average delay" method is being used, D-Time stores the average of the time when the packets of the same block are received; parameter "n" is the "period number" of marked packets. This is only for P2P model. D-Time[n][m]: D-Time a two-dimension array that stores the time when the marked packet is received by downstream MAs at each marking time period; in case the "average delay" method is being used, D-Time stores the average of the times when the packets of the same block are received by downstream MAs at each marking time period. Here, Chen, et al. Expires September 18, 2016 [Page 10] Internet-Draft IPFPM Framework March 2016 parameter "n" is the "period number" of marked packets while parameter "m" refers to the m-th MA of the downstream MAs. This is for P2MP model which is left for future study. One-way Delay[n]: The one-way delay metric for packet networks is described in [RFC2679]. The "n" identifies the "period number" of the marked packet. One-way Delay[1] = D-Time[1] - U-Time[1]. One-way Delay[2] = D-Time[2] - U-Time[2]. ... One-way Delay[n] = D-Time[n] - U-Time[n]. In the case of two-way delay, the delay is the sum of the two one-way delays of the two flows that have the same MAs but have opposite directions. Two-way Delay[1] = (D-Time[1] - U-Time[1]) + (D-Time'[1] - U-Time'[1]). Two-way Delay[2] = (D-Time[2] - U-Time[2]) + (D-Time'[2] - U-Time'[2]). ... Two-way Delay[n] = (D-Time[n] - U-Time[n]) + (D-Time'[n] - U-Time'[n]). Where the D-Time and U-Time are for one forward flow, the D-Time' and U-Time' are for reverse flow. 10. Synchronization Aspects As noted in the previous sections, there are two mechanisms in IPFPM that require MAs to have synchronized clocks: (i) the period number (Section 6), and (ii) delay measurement. This section elaborates on the level of synchronization that is required for each of the two mechanisms. Interestingly, IPFPM can be implemented even with very coarse-grained synchronization. Chen, et al. Expires September 18, 2016 [Page 11] Internet-Draft IPFPM Framework March 2016 10.1. Synchronization for the Period Number Period numbers are used to uniquely identify blocks, allowing the MCP to match the measurements of each block from multipe MAs. The period number of each measurement is computed by the modulo of the local time. Therefore, if the length of the measurement period is L time units, then all MAs must be synchronized to the same clock reference with an accuracy of +/- L/2 time units. This level of accuracy gurantees that all MAs consistently match the color bit to the correct block. For example, if the color is toggeled every second (L = 1 second), then clocks must be synchronized with an accuracy of +/- 0.5 second to a common time reference. The synchronization requirement for maintaining the period number can be satisfied even with a relatively inaccurate synchronization method. 10.2. Synchronization for Delay Measurement As discussed in Section 9, the delay between two MAs is computed by D-Time[1] - U-Time[1], requiring the two MAs to be synchronized. Notably, two-way delay measurement does not require the two MAs to be time synchronized. Therefore, a system that uses only two-way delay measurement does not require synchronization between MAs. U-Time[1] D-Time'[1] MA A -----+--------------------+-------- \ /\ \ / \ / \/ / MA B ---------+------------+------------ D-Time[1] U-Time'[1] Figure 3: Two-way Delay Measurement As shown in Section 9, the two way delay between two MAs is given by (see Figure 3): (D-Time[1] - U-Time[1]) + (D-Time'[1] - U-Time'[1]) Therefore, the two-way delay is equal to: (D-Time'[1] - U-Time[1]) - (U-Time'[1] - D-Time'[1]) Chen, et al. Expires September 18, 2016 [Page 12] Internet-Draft IPFPM Framework March 2016 The latter implies that the two-way delay is comprised of two time differences, (D-Time'[1] - U-Time[1]), and (U-Time'[1] - D-Time'[1]). Thus, the value of the clocks of MA A and MA B does not affect the computation, and synchronization is not required. 11. IANA Considerations This document makes no request to IANA. 12. Security Considerations This document specifies a passive mechanism for measuring packet loss and delay within a Service Provider's network where the IP packets are marked using unused bits in IP head field, thus avoiding the need to insert additional OAM packets during the measurement. Obviously, such a mechanism does not directly affect other applications running on the Internet but may potentially affect the measurement itself. First, the measurement itself may be affected by routers (or other network devices) along the path of IP packets intentionally altering the value of marking bits of packets. As mentioned above, the mechanism specified in this document is just in the context of one Service Provider's network, and thus the routers (or other network devices) are locally administered and this type of attack can be avoided. Second, one of the main security threats in OAM protocols is network reconnaissance; an attacker can gather information about the network performance by passively eavesdropping to OAM messages. The advantage of the methods described in this document is that the color bits are the only information that is exchanged between the MAs. Therefore, passive eavesdropping to data plane traffic does not allow attackers to gain information about the network performance. We note that the information exported from the MAs to the MCP can be subject to eavesdropping, and thus it should be encrypted. Finally, delay attacks are another potential threat in the context of this document. Delay measurement is performed using a specific packet in each block, marked by a dedicated color bit. Therefore, a man-in-the-middle attacker can selectively induce synthetic delay only to delay-colored packets, causing systematic error in the delay measurements. As discussed in previous sections, the methods described in this document rely on an underlying time synchronization protocol. Thus, by attacking the time protocol an attacker can potentially compromise the integrity of the measurement. A detailed discussion about the threats against time protocols and how to mitigate them is presented in RFC 7384 [RFC7384]. Chen, et al. Expires September 18, 2016 [Page 13] Internet-Draft IPFPM Framework March 2016 13. Acknowledgements The authors would like to thank Adrian Farrel for his review, suggestion and comments to this document. 14. Contributing Authors Hongming Liu Huawei Technologies Email: liuhongming@huawei.com Yuanbin Yin Huawei Technologies Email: yinyuanbin@huawei.com Rajiv Papneja Huawei Technologies Email: Rajiv.Papneja@huawei.com Shailesh Abhyankar Vodafone Vodafone House, Ganpat Rao kadam Marg Lower Parel Mumbai 40003 India Email: shailesh.abhyankar@vodafone.com Guangqing Deng CNNIC 4 South 4th Street, Zhongguancun, Haidian District Beijing China Email: dengguangqing@cnnic.cn Yongliang Huang China Unicom Email: huangyl@dipmt.com Chen, et al. Expires September 18, 2016 [Page 14] Internet-Draft IPFPM Framework March 2016 15. References 15.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 15.2. Informative References [I-D.chen-ippm-ipfpm-report] Chen, M., Zheng, L., Liu, H., Yin, Y., Papneja, R., Abhyankar, S., Deng, G., and Y. Huang, "IP Flow Performance Measurement Report", draft-chen-ippm-ipfpm- report-00 (work in progress), July 2014. [I-D.deng-ippm-passive-wireless-usecase] Lingli, D., Zheng, L., and G. Mirsky, "Use-cases for Passive Measurement in Wireless Networks", draft-deng- ippm-passive-wireless-usecase-01 (work in progress), January 2015. [I-D.ietf-bier-mpls-encapsulation] Wijnands, I., Rosen, E., Dolganow, A., Tantsura, J., and S. Aldrin, "Encapsulation for Bit Index Explicit Replication in MPLS Networks", draft-ietf-bier-mpls- encapsulation-03 (work in progress), February 2016. [I-D.ietf-lmap-framework] Eardley, P., Morton, A., Bagnulo, M., Burbridge, T., Aitken, P., and A. Akhter, "A framework for Large-Scale Measurement of Broadband Performance (LMAP)", draft-ietf- lmap-framework-14 (work in progress), April 2015. [I-D.tempia-opsawg-p3m] Capello, A., Cociglio, M., Castaldelli, L., and A. Bonda, "A packet based method for passive performance monitoring", draft-tempia-opsawg-p3m-04 (work in progress), February 2014. [IEEE1588] IEEE, "1588-2008 IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems", March 2008. Chen, et al. Expires September 18, 2016 [Page 15] Internet-Draft IPFPM Framework March 2016 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, . [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, December 1998, . [RFC2679] Almes, G., Kalidindi, S., and M. Zekauskas, "A One-way Delay Metric for IPPM", RFC 2679, DOI 10.17487/RFC2679, September 1999, . [RFC3260] Grossman, D., "New Terminology and Clarifications for Diffserv", RFC 3260, DOI 10.17487/RFC3260, April 2002, . [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. Zekauskas, "A One-way Active Measurement Protocol (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, . [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", RFC 5357, DOI 10.17487/RFC5357, October 2008, . [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, . [RFC6374] Frost, D. and S. Bryant, "Packet Loss and Delay Measurement for MPLS Networks", RFC 6374, DOI 10.17487/RFC6374, September 2011, . [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013, . [RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384, October 2014, . Chen, et al. Expires September 18, 2016 [Page 16] Internet-Draft IPFPM Framework March 2016 Authors' Addresses Mach(Guoyi) Chen (editor) Huawei Technologies Email: mach.chen@huawei.com Lianshu Zheng (editor) Huawei Technologies Email: vero.zheng@huawei.com Greg Mirsky (editor) Ericsson USA Email: gregory.mirsky@ericsson.com Giuseppe Fioccola (editor) Telecom Italia Via Reiss Romoli, 274 Torino 10148 Italy Email: giuseppe.fioccola@telecomitalia.it Tal Mizrahi (editor) Marvell 6 Hamada st. Yokneam Israel Email: talmi@marvell.com Chen, et al. Expires September 18, 2016 [Page 17]