1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
|
Internet Engineering Task Force (IETF) G. Fioccola, Ed.
Request for Comments: 9342 Huawei Technologies
Obsoletes: 8889 M. Cociglio
Category: Standards Track Telecom Italia
ISSN: 2070-1721 A. Sapio
Intel Corporation
R. Sisto
Politecnico di Torino
T. Zhou
Huawei Technologies
December 2022
Clustered Alternate-Marking Method
Abstract
This document generalizes and expands the Alternate-Marking
methodology to measure any kind of unicast flow whose packets can
follow several different paths in the network; this can result in a
multipoint-to-multipoint network. The network clustering approach is
presented and, for this reason, the technique described here is
called "Clustered Alternate Marking". This document obsoletes RFC
8889.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9342.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Revised BSD License text as described in Section 4.e of the
Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents
1. Introduction
1.1. Summary of Changes from RFC 8889
1.2. Requirements Language
2. Terminology
2.1. Correlation with RFC 5644
3. Flow Classification
4. Extension of the Method to Multipoint Flows
4.1. Monitoring Network
4.2. Network Packet Loss
5. Network Clustering
5.1. Algorithm for Clusters Partition
6. Multipoint Packet-Loss Measurement
7. Multipoint Delay and Delay Variation
7.1. Delay Measurements on a Multipoint-Paths Basis
7.1.1. Single-Marking Measurement
7.2. Delay Measurements on a Single-Packet Basis
7.2.1. Single- and Double-Marking Measurement
7.2.2. Hashing Selection Method
8. Synchronization and Timing
9. Recommendations for Deployment
10. A Closed-Loop Performance-Management Approach
11. Security Considerations
12. IANA Considerations
13. References
13.1. Normative References
13.2. Informative References
Appendix A. Example of Monitoring Network and Clusters Partition
Acknowledgements
Contributors
Authors' Addresses
1. Introduction
The Alternate-Marking Method, as described in [RFC9341], is
applicable to a point-to-point path. The extension proposed in this
document applies to the most general case of a multipoint-to-
multipoint path and enables flexible and adaptive performance
measurements in a managed network.
The Alternate-Marking methodology consists of splitting the packet
flow into marking blocks, and the monitoring parameters are the
packet counters and the timestamps for each marking period. In some
applications of the Alternate-Marking Method, a lot of flows and
nodes are to be monitored. Multipoint Alternate Marking aims to
reduce these values and makes the performance monitoring more
flexible in case a detailed analysis is not needed. For instance, by
considering n measurement points and m monitored flows, the order of
magnitude of the packet counters for each time interval is n*m*2 (1
per color). The number of measurement points and monitored flows may
vary and depends on the portion of the network we are monitoring
(core network, metro network, access network, etc.) and the
granularity (for each service, each customer, etc.). So if both n
and m are high values, the packet counters increase a lot, and
Multipoint Alternate Marking offers a tool to control these
parameters.
The approach presented in this document is applied only to unicast
flows and not to multicast. Broadcast, Unknown Unicast, and
Multicast (BUM) traffic is not considered here, because traffic
replication is not covered by the Multipoint Alternate-Marking
Method. Furthermore, it can be applicable to anycast flows, and
Equal-Cost Multipath (ECMP) paths can also be easily monitored with
this technique.
[RFC9341] applies to point-to-point unicast flows and BUM traffic.
For BUM traffic, the basic method of [RFC9341] can be easily applied
link by link; therefore, the multicast flow tree distribution can be
split into separate unicast point-to-point links.
This document and its Clustered Alternate-Marking Method applies to
multipoint-to-multipoint unicast flows, anycast, and ECMP flows.
Therefore, the Alternate-Marking Method can be extended to any kind
of multipoint-to-multipoint paths, and the network-clustering
approach presented in this document is the formalization of how to
implement this property and allow a flexible and optimized
performance measurement support for network management in every
situation.
Without network clustering, it is possible to apply Alternate Marking
only for all the network or per single flow. Instead, with network
clustering, it is possible to partition the network into clusters at
different levels in order to provide the needed degree of detail. In
some circumstances, it is possible to monitor a multipoint network by
monitoring the network clusters, without examining in depth. In case
of problems (packet loss is measured or the delay is too high), the
filtering criteria could be enhanced in order to perform a detailed
analysis by using a different combination of clusters up to a per-
flow measurement as described in [RFC9341].
This approach fits very well with the Closed-Loop Network and
Software-Defined Network (SDN) paradigm, where the SDN orchestrator
and the SDN controllers are the brains of the network and can manage
flow control to the switches and routers and, in the same way, can
calibrate the performance measurements depending on the desired
accuracy. An SDN controller application can orchestrate how
accurately the network performance monitoring is set up by applying
the Multipoint Alternate Marking as described in this document.
It is important to underline that, as an extension of [RFC9341], this
is a methodology document, so the mechanism that can be used to
transmit the counters and the timestamps is out of scope here.
This document assumes that the blocks are created according to a
fixed timer as per [RFC9341]. Switching after a fixed number of
packets is possible, but it is out of scope here.
Note that the fragmented packets' case can be managed with the
Alternate-Marking methodology, and the same guidance provided in
Section 6 of [RFC9341] also applies in the case of Multipoint
Alternate Marking.
1.1. Summary of Changes from RFC 8889
This document defines the Multipoint Alternate-Marking Method,
addressing ambiguities and overtaking its experimental phase in the
original specification [RFC8889].
The relevant changes are:
* Added the recommendations about the different deployments in case
one or two flag bits are available for marking (Section 9).
* Changed the structure to improve readability.
* Removed the wording about the experimentation of the method and
considerations that no longer apply.
* Revised the description of detailed aspects of the methodology,
e.g., synchronization and timing.
It is important to note that all the changes are totally backward
compatible with [RFC8889], and no new additional technique has been
introduced in this document compared to [RFC8889].
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Terminology
The use of the basic terms are identical to those found in Alternate
Marking [RFC9341]. It is to be remembered that [RFC9341] is valid
for point-to-point unicast flows and BUM traffic.
The important new terms are explained below:
Multipoint Alternate Marking: Extension to [RFC9341], valid for
multipoint-to-multipoint unicast flows, anycast, and ECMP flows.
It can also be referred to as "Clustered Alternate Marking".
Flow definition: The concept of flow is generalized in this
document. The identification fields are selected without any
constraints and, in general, the flow can be a multipoint-to-
multipoint flow, as a result of aggregate point-to-point flows.
Monitoring network: Identified with the nodes of the network that
are the measurement points (MPs) and the links that are the
connections between MPs. The monitoring network graph depends on
the flow definition, so it can represent a specific flow or the
entire network topology as aggregate of all the flows. Each node
of the monitoring network cannot be both a source and a
destination of the flow.
Cluster: Smallest identifiable non-trivial subnetwork of the entire
monitoring network graph that still satisfies the condition that
the number of packets that go in is the same as the number that go
out. A cluster partition algorithm, such as that found in
Section 5.1, can be applied to split the monitoring network into
clusters.
Multipoint metrics: Packet loss, delay, and delay variation are
extended to the case of multipoint flows. It is possible to
compute these metrics on the basis of multipoint paths in order to
associate the measurements to a cluster, a combination of
clusters, or the entire monitored network. For delay and delay
variation, it is also possible to define the metrics on a single-
packet basis, and it means that the multipoint path is used to
easily couple packets between input and output nodes of a
multipoint path.
The next section highlights the correlation with the terms used in
[RFC5644].
2.1. Correlation with RFC 5644
[RFC5644] is limited to active measurements using a single source
packet or stream. Its scope is also limited to observations of
corresponding packets along the path (spatial metric) and at one or
more destinations (one-to-group) along the path.
Instead, the scope of this memo is to define multiparty metrics for
passive and hybrid measurements in a group-to-group topology with
multiple sources and destinations.
[RFC5644] introduces metric names that can be reused here but have to
be extended and rephrased to be applied to the Alternate-Marking
schema:
a. the multiparty metrics are not only one-to-group metrics but can
also be group-to-group metrics;
b. the spatial metrics, used for measuring the performance of
segments of a source-to-destination path, are applied here to
clusters.
3. Flow Classification
A unicast flow is identified by all the packets having a set of
common characteristics. This definition is inspired by [RFC7011].
As an example, by considering a flow as all the packets sharing the
same source IP address or the same destination IP address, it is easy
to understand that the resulting pattern will not be a point-to-point
connection but a point-to-multipoint or multipoint-to-point
connection.
In general, a flow can be defined by a set of selection rules used to
match a subset of the packets processed by the network device. These
rules specify a set of Layer 3 and Layer 4 header fields
(identification fields) and the relative values that must be found in
matching packets.
The choice of the identification fields directly affects the type of
paths that the flow would follow in the network. In fact, it is
possible to relate a set of identification fields with the pattern of
the resulting graphs, as listed in Figure 1.
A TCP 5-tuple usually identifies flows following either a single path
or a point-to-point multipath (in the case of load balancing). On
the contrary, a single source address selects aggregate flows
following a point-to-multipoint path, while a multipoint-to-point
path can be the result of a matching on a single destination address.
In the case where a selection rule and its reverse are used for
bidirectional measurements, they can correspond to a point-to-
multipoint path in one direction and a multipoint-to-point path in
the opposite direction.
So the flows to be monitored are selected into the monitoring points
using packet selection rules, which can also change the pattern of
the monitored network.
Note that, more generally, the flow can be defined at different
levels based on the potential encapsulation, and additional
conditions that are not in the packet header can also be included as
part of matching criteria.
The Alternate-Marking Method is applicable only to a single path (and
partially to a one-to-one multipath), so the extension proposed in
this document is suitable also for the most general case of
multipoint-to-multipoint, which embraces all the other patterns in
Figure 1.
point-to-point single path
+------+ +------+ +------+
---<> R1 <>----<> R2 <>----<> R3 <>---
+------+ +------+ +------+
point-to-point multipath
+------+
<> R2 <>
/ +------+ \
/ \
+------+ / \ +------+
---<> R1 <> <> R4 <>---
+------+ \ / +------+
\ /
\ +------+ /
<> R3 <>
+------+
point-to-multipoint
+------+
<> R4 <>---
/ +------+
+------+ /
<> R2 <>
/ +------+ \
+------+ / \ +------+
---<> R1 <> <> R5 <>---
+------+ \ +------+
\ +------+
<> R3 <>
+------+ \
\ +------+
<> R6 <>---
+------+
multipoint-to-point
+------+
---<> R1 <>
+------+ \
\ +------+
<> R4 <>
/ +------+ \
+------+ / \ +------+
---<> R2 <> <> R6 <>---
+------+ / +------+
+------+ /
<> R5 <>
/ +------+
+------+ /
---<> R3 <>
+------+
multipoint-to-multipoint
+------+ +------+
---<> R1 <> <> R6 <>---
+------+ \ / +------+
\ +------+ /
<> R4 <>
+------+ \
+------+ \ +------+
---<> R2 <> <> R7 <>---
+------+ \ / +------+
\ +------+ /
<> R5 <>
/ +------+ \
+------+ / \ +------+
---<> R3 <> <> R8 <>---
+------+ +------+
Figure 1: Flow Classification
The case of unicast flow is considered in Figure 1. The anycast flow
is also covered, since it is only a special case of a unicast flow if
routing is stable throughout the measurement period. Furthermore, an
ECMP flow is in scope by definition, since it is a point-to-
multipoint unicast flow.
4. Extension of the Method to Multipoint Flows
By using the Alternate-Marking Method, only point-to-point paths can
be monitored. To have an IP (TCP/UDP) flow that follows a point-to-
point path, in general we have to define, with a specific value, 5
identification fields (IP Source, IP Destination, Transport Protocol,
Source Port, and Destination Port).
Multipoint Alternate Marking enables the performance measurement for
multipoint flows selected by identification fields without any
constraints (even the entire network production traffic). It is also
possible to use multiple marking points for the same monitored flow.
4.1. Monitoring Network
The monitoring network is deduced from the production network by
identifying the nodes of the graph that are the measurement points
and the links that are the connections between measurement points.
It can be modeled as a set of nodes and a set of directed arcs that
connect pairs of nodes.
There are some techniques that can help with the building of the
monitoring network (as an example, see [RFC9198]). In general, there
are different options: the monitoring network can be obtained by
considering all the possible paths for the traffic or periodically
checking the traffic (e.g., daily, weekly, and monthly) and updating
the graph as appropriate, but this is up to the Network Management
System (NMS) configuration.
So a graph model of the monitoring network can be built according to
the Alternate-Marking Method, where the monitored interfaces and
links are identified. Only the measurement points and links where
the traffic has flowed have to be represented in the graph.
A simple example of a monitoring network graph is shown in
Appendix A.
Each monitoring point is characterized by the packet counter that
refers only to a marking period of the monitored flow. Also, it is
assumed that there is a monitoring point at all possible egress
points of the multipoint monitored network.
The same is also applicable for the delay, but it will be described
in the following sections.
The rest of the document assumes that the traffic is going from left
to right in order to simplify the explanation. But the analysis done
for one direction applies equally to all directions.
4.2. Network Packet Loss
Since all the packets of the considered flow leaving the network have
previously entered the network, the number of packets counted by all
the input nodes is always greater than, or equal to, the number of
packets counted by all the output nodes. It is assumed that routing
is stable during the measurement period while packet fragmentation
must be handled as described in [RFC9341].
In the case of no packet loss occurring in the marking period, if all
the input and output points of the network domain to be monitored are
measurement points, the sum of the number of packets on all the
ingress interfaces equals the number on egress interfaces for the
monitored flow. In this circumstance, if no packet loss occurs, the
intermediate measurement points only have the task of splitting the
measurement.
It is possible to define the network packet loss of one monitored
flow for a single period. In a packet network, the number of lost
packets is the number of packets counted by the input nodes minus the
number of packets counted by the output nodes. This is true for
every packet flow in each marking period.
The monitored network packet loss with n input nodes and m output
nodes is given by:
PL = (PI1 + PI2 +...+ PIn) - (PO1 + PO2 +...+ POm)
where:
* PL is the network packet loss (number of lost packets);
* PIi is the number of packets flowed through the i-th input node in
this period; and
* POj is the number of packets flowed through the j-th output node
in this period.
The equation is applied on a per-time-interval basis and a per-flow
basis:
* The reference interval is the Alternate-Marking period, as defined
in [RFC9341].
* The flow definition is generalized here. Indeed, as described
before, a multipoint packet flow is considered, and the
identification fields can be selected without any constraints.
5. Network Clustering
The previous equation of Section 4.2 can determine the number of
packets lost globally in the monitored network, exploiting only the
data provided by the counters in the input and output nodes.
In addition, it is possible to leverage the data provided by the
other counters in the network to converge on the smallest
identifiable subnetworks where the losses occur.
As defined in Section 2, a cluster is a non-trivial subnetwork of the
entire monitoring network graph that still satisfies the condition
that the number of packets that go in is the same as the number that
go out, if no packet loss occurs. According to this definition, a
cluster should contain all the arcs emanating from its input nodes
and all the arcs terminating at its output nodes. This ensures that
we can count all the packets (and only those) exiting an input node
again at the output node, whatever path they follow.
As for the entire monitoring network graph, the cluster is defined on
a per-flow basis. In a completely monitored network (a network where
every network interface is monitored), each network device
corresponds to a cluster, and each physical link corresponds to two
clusters (one for each device).
Clusters can have different sizes depending on the flow-filtering
criteria adopted.
Moreover, sometimes clusters can be optionally simplified. For
example, when two monitored interfaces are divided by a single router
(one is the input interface, the other is the output interface, and
the router has only these two interfaces), instead of counting
exactly twice, upon entering and leaving, it is possible to consider
a single measurement point. In this case, we do not care about the
internal packet loss of the router.
It is worth highlighting that it might also be convenient to define
clusters based on the topological information so that they are
applicable to all the possible flows in the monitored network.
Note that, in case of translation or encapsulation, the cluster
properties must also be invariant.
5.1. Algorithm for Clusters Partition
A simple algorithm can be applied in order to split the monitoring
network into clusters. This can be done for each direction
separately; indeed, a node cannot be both a source and a destination.
The clusters partition is based on the monitoring network graph,
which can be valid for a specific flow or can also be general and
valid for the entire network topology.
It is a two-step algorithm:
* Group the links where there is the same starting node;
* Join the grouped links with at least one ending node in common.
Considering that the links are unidirectional, the first step implies
listing all the links as connections between two nodes and grouping
the different links if they have the same starting node. Note that
it is possible to start from any link, and the procedure will work.
Following this classification, the second step implies eventually
joining the groups classified in the first step by looking at the
ending nodes. If different groups have at least one common ending
node, they are put together and belong to the same set. After the
application of the two steps of the algorithm, each one of the
composed sets of links, together with the endpoint nodes, constitutes
a cluster.
A simple application of the clusters partition is shown in
Appendix A.
The algorithm, as applied in the example of a point-to-multipoint
network, works for the more general case of a multipoint-to-
multipoint network in the same way. It should be highlighted that
for a multipoint-to-multipoint network, the multiple sources MUST
mark the traffic coherently and MUST be synchronized with all the
other nodes according to the timing requirements detailed in
Section 8.
When the clusters partition is done, the calculation of packet loss,
delay, and delay variation can be made on a cluster basis. Note that
the packet counters for each marking period permit calculating the
packet rate on a cluster basis, so Committed Information Rate (CIR)
and Excess Information Rate (EIR) could also be deduced on a cluster
basis.
Obviously, by combining some clusters in a new connected subnetwork,
the packet-loss rule is still true. So it is also possible to
consider combinations of clusters if and where it suits.
In this way, in a very large network, there is no need to configure
detailed filter criteria to inspect the traffic. It is possible to
check a multipoint network and, in case of problems, go deep with a
step-by-step cluster analysis, but only for the cluster or
combination of clusters where the problem happens.
In summary, once a flow is defined, the algorithm to build the
clusters partition is based on topological information; therefore, it
considers all the possible links and nodes that could potentially be
crossed by the given flow, even if there is no traffic. So if the
flow does not enter or traverse all the nodes, the counters have a
non-zero value for the involved nodes and a zero value for the other
nodes without traffic; but in the end, all the formulas are still
valid.
The algorithm described above is an iterative clustering algorithm
since it executes steps in iterations, but it is also possible to
apply a recursive clustering algorithm as detailed in
[IEEE-ACM-TON-MPNPM].
The complete and mathematical analysis of the possible algorithms for
the clusters partition, including the considerations in terms of
efficiency and a comparison between the different methods, is in the
paper [IEEE-ACM-TON-MPNPM].
6. Multipoint Packet-Loss Measurement
The network packet loss, defined in Section 4.2, valid for the entire
monitored flow, can easily be extended to each multipoint path (e.g.,
the whole multipoint network, a cluster, or a combination of
clusters). In this way, it is possible to calculate Multipoint
Packet Loss that is representative of a multipoint path.
The same equation of Section 4.2 can be applied to a generic
multipoint path like a cluster or a combination of clusters, where
the number of packets are those entering and leaving the multipoint
path.
By applying the algorithm described in Section 5.1, it is possible to
split the monitoring network into clusters. Then, packet loss can be
measured on a cluster basis for each single period by considering the
counters of the input and output nodes that belong to the specific
cluster. This can be done for every packet flow in each marking
period.
7. Multipoint Delay and Delay Variation
The same line of reasoning can be applied to delay and delay
variation. The delay measurement methods defined in [RFC9341] can be
extended to the case of multipoint flows. It is important to
highlight that both delay and delay-variation measurements make sense
in a multipoint path. The delay variation is calculated by
considering the same packets selected for measuring the delay.
In general, it is possible to perform delay and delay-variation
measurements on the basis of multipoint paths or single packets:
* Delay measurements on the basis of multipoint paths mean that the
delay value is representative of an entire multipoint path (e.g.,
the whole multipoint network, a cluster, or a combination of
clusters).
* Delay measurements on a single-packet basis mean that it is
possible to use a multipoint path just to easily couple packets
between input and output nodes of a multipoint path, as described
in the following sections.
7.1. Delay Measurements on a Multipoint-Paths Basis
7.1.1. Single-Marking Measurement
Mean delay and mean delay-variation measurements can also be
generalized to the case of multipoint flows. It is possible to
compute the average one-way delay of packets in one block, a cluster,
or the entire monitored network.
The average latency can be measured as the difference between the
weighted averages of the mean timestamps of the sets of output and
input nodes. This means that, in the calculation, it is possible to
weigh the timestamps with the number of packets for each endpoint.
Note that, since the one-way delay value is representative of a
multipoint path, it is possible to calculate the two-way delay of a
multipoint path by summing the one-way delays of the two directions,
similarly to [RFC9341].
7.2. Delay Measurements on a Single-Packet Basis
7.2.1. Single- and Double-Marking Measurement
Delay and delay-variation measurements associated with only one
picked packet per period, both single and double marked, cannot be
easily performed in a multipoint scenario since there are some
limitations:
* Single Marking based on the first/last packet of the interval does
not work properly. Indeed, by considering a point-to-multipoint
scenario, it is not possible to recognize which path the first
packet of each block takes over the multipoint flow in order to
correlate it. This is also true for the general case of the
multipoint-to-multipoint scenario.
* Double Marking or multiplexed marking works but only through
statistical means. In a point-to-multipoint scenario, by
selecting only a single packet with the second marking for each
block, it is possible to follow and calculate the delay for that
picked packet. But the measurement can only be done for a single
path in each marking period. To traverse all the paths of the
multipoint flow, it can theoretically be done by continuing the
measurement for the following marking periods and expect to span
all the paths. In the general case of a multipoint-to-multipoint
path, it is also needed to take into account the multiple source
nodes that complicate the correlation of the samples. In this
case, it can be possible to select the second marked packet only
for a source node at a time for each block and cover the remaining
source nodes one by one in the next marking periods.
Note that, since the one-way delay measurement is done on a single-
packet basis, it is always possible to calculate the two-way delay,
but it is not immediate since it is necessary to couple the
measurement on each single path with the opposite direction. In this
case, the NMS can do the calculation.
If a delay measurement is performed for more than one picked packet
and for all the paths of the multipoint flow in the same marking
period, neither the Single- nor the Double-Marking Method are
applicable in the multipoint scenario. The packets follow different
paths, and it becomes very difficult to correlate marked packets in a
multipoint-to-multipoint path if there are more than one per period.
A desirable option is to monitor simultaneously all the paths of a
multipoint path in the same marking period. For this purpose,
hashing can be used, as reported in the next section.
7.2.2. Hashing Selection Method
Sampling and filtering techniques for IP packet selection are
introduced in [RFC5474] and [RFC5475].
The hash-based selection methodologies for delay measurement can work
in a multipoint-to-multipoint path and can be used either coupled to
mean delay or standalone.
[IEEE-NETWORK-PNPM] introduces how to use the hash method (see
[RFC5474] and [RFC5475]) combined with the Alternate-Marking Method
for point-to-point flows. It is also called "Mixed Hashed Marking"
because it refers to the conjunction of the marking method and the
hashing technique. It involves only the Single Marking; indeed, it
is supposed that Double Marking is not used with hashing. The
coupling of the Single Marking with the hashing selection allows
choosing a simplified hash function since the alternation of blocks
gives temporal boundaries for the hashing samples. The marking
batches anchor the samples selected with hashing, and this eases the
correlation of the hashing packets along the path. For example, in
case a hashed sample is lost, it is confined to the considered block
without affecting the identification of the samples for the following
blocks.
Using the hash-based sampling, the number of samples in each block
may vary a lot because it depends on the packet rate that is
variable. A dynamic approach can help to have an almost fixed number
of samples for each marking period, and this is a better option for
making regular measurements over time. In the hash-based sampling,
Alternate Marking is used to create periods, so that hash-based
samples are divided into batches, which allows anchoring the selected
samples to their period. Moreover, in a dynamic hash-based sampling,
it can be possible to dynamically adapt the length of the hash value
to meet the current packet rate, so that the number of samples is
bounded in each marking period.
In a multipoint environment, the hashing selection may be the
solution for performing delay measurements on specific packets and
overcoming the Single- and Double-Marking limitations.
8. Synchronization and Timing
It is important to consider the timing aspects, since out-of-order
packets happen and have to be handled as well, as described in
[RFC9341].
However, in a multisource situation, an additional issue has to be
considered. With multipoint path, the egress nodes will receive
alternate marked packets in random order from different ingress
nodes, and this must not affect the measurement.
So, if we analyze a multipoint-to-multipoint path with more than one
marking node, it is important to recognize the reference measurement
interval. In general, the measurement interval for describing the
results is the interval of the marking node that is more aligned with
the start of the measurement, as reported in Figure 2.
Note that the mark switching approach based on a fixed timer is
considered in this document.
time -> start stop
T(R1) |-------------|
T(R2) |-------------|
T(R3) |------------|
Figure 2: Measurement Interval
In Figure 2, it is assumed that the node with the earliest clock (R1)
identifies the right starting and ending times of the measurement,
but it is just an assumption and other possibilities could occur. So
in this case, T(R1) is the measurement interval, and its recognition
is essential in order to make comparisons with other active/passive/
hybrid packet-loss metrics.
Regarding the timing constraints of the methodology, [RFC9341]
already describes two contributions that are taken into account: the
clock error between network devices and the network delay between the
measurement points.
When we expand to a multipoint environment, we have to consider that
there are more marking nodes that mark the traffic based on
synchronized clock time. But, due to different synchronization
issues that may happen, the marking batches can be of different
lengths and with different offsets when they get mixed in a
multipoint flow. According to [RFC9341], the maximum clock skew
between the network devices is A. Therefore, the additional gap that
results between the multiple sources can be incorporated into A.
...BBBBBBBBB | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | BBBBBBBBB...
|<======================================>|
| L |
...=========>|<==================><==================>|<==========...
| L/2 L/2 |
|<====>| |<====>|
d | | d
|<========================>|
available counting interval
Figure 3: Timing Aspects
Moreover, it is assumed that the multipoint path can be modeled with
a normal distribution; otherwise, it is necessary to reformulate
based on the type of distribution. Under this assumption, the
definition of the guard band d is still applicable as defined in
[RFC9341] and is given by:
d = A + D_avg + 3*D_stddev,
where A is the clock accuracy, D_avg is the average value of the
network delay, and D_stddev is the standard deviation of the delay.
As shown in Figure 3 and according to [RFC9341], the condition that
must be satisfied to enable the method to function properly is that
the available counting interval must be > 0, and that means:
L - 2d > 0.
This formula needs to be verified for each measurement point on the
multipoint path.
Note that the timing considerations are valid for both packet loss
and delay measurements.
9. Recommendations for Deployment
The methodology described in the previous sections can be applied to
various performance measurement problems, as also explained in
[RFC9341]. [RFC8889] reports experimental examples and
[IEEE-NETWORK-PNPM] also includes some information about the
deployment experience.
Different deployments are possible using one flag bit, two flag bits,
or the hashing selection:
One flag: packet-loss measurement MUST be done as described in
Section 6 by applying the network clustering partition described
in Section 5. Delay measurement MUST be done according to the
mean delay calculation representative of the multipoint path, as
described in Section 7.1.1. A Single-Marking Method based on the
first/last packet of the interval cannot be applied, as mentioned
in Section 7.2.1.
Two flags: packet-loss measurement MUST be done as described in
Section 6 by applying the network clustering partition described
in Section 5. Delay measurement SHOULD be done on a single-packet
basis according to the Double-Marking Method (Section 7.2.1). In
this case, the mean delay calculation (Section 7.1.1) MAY also be
used as a representative value of a multipoint path. The choice
depends on the kind of information that is needed, as further
detailed below.
One flag with hash-based selection: packet-loss measurement MUST be
done as described in Section 6 by applying the network clustering
partition described in Section 5. Hash-based selection
methodologies, introduced in Section 7.2.2, MUST be used for delay
measurement.
Similarly to [RFC9341], there are some operational guidelines to
consider when deciding which recommendation to use (i.e., one flag or
two flags or one flag with hash-based selection.
* The Multipoint Alternate-Marking Method utilizes specific flags in
the packet header, so an important factor is the number of flags
available for the implementation. Indeed, if there is only one
flag available, there is no other way, while if two flags are
available, the option with two flags can be considered in
comparison with the option of one flag with hash-based selection.
* The duration of the Alternate-Marking period affects the frequency
of the measurement, and this is a parameter that can be decided on
the basis of the required temporal sampling. But it cannot be
freely chosen, as explained in Section 8.
* The Multipoint Alternate-Marking methodologies enable packet loss,
delay, and delay variation calculation, but in accordance with the
method used (e.g., Single Marking, Double Marking, or hashing
selection), there is a different kind of information that can be
derived. For example, to get measurements on a multipoint-paths
basis, one flag can be used. To get measurements on a single-
packet basis, two flags are preferred. For this reason, the type
of data needed in the specific scenario is an additional element
to take into account.
* The Multipoint Alternate-Marking Methods imply different
computational load depending on the method employed. Therefore,
the available computational resources on the measurement points
can also influence the choice. As an example, mean delay
calculation may require more processing, and it may not be the
best option to minimize the computational load.
The experiment with Multipoint Alternate-Marking methodologies
confirmed the benefits of the Alternate-Marking methodology [RFC9341]
as its extension to the general case of multipoint-to-multipoint
scenarios.
The Multipoint Alternate-Marking Method MUST only be applied to
controlled domains, as per [RFC9341].
10. A Closed-Loop Performance-Management Approach
The Multipoint Alternate-Marking framework that is introduced in this
document adds flexibility to Performance Management (PM), because it
can reduce the order of magnitude of the packet counters. This
allows an SDN orchestrator to supervise, control, and manage PM in
large networks.
The monitoring network can be considered as a whole or split into
clusters that are the smallest subnetworks (group-to-group segments),
maintaining the packet-loss property for each subnetwork. The
clusters can also be combined in new, connected subnetworks at
different levels, depending on the detail we want to achieve.
An SDN controller or an NMS can calibrate performance measurements,
since they are aware of the network topology. They can start without
examining in depth. In case of necessity (packet loss is measured or
the delay is too high), the filtering criteria could be immediately
reconfigured in order to perform a partition of the network by using
clusters and/or different combinations of clusters. In this way, the
problem can be localized in a specific cluster or a single
combination of clusters, and a more detailed analysis can be
performed step by step by successive approximation up to a point-to-
point flow detailed analysis. This is the so-called "closed loop".
This approach can be called "network zooming" and can be performed in
two different ways:
1. change the traffic filter and select more detailed flows;
2. activate new measurement points by defining more specified
clusters.
The network-zooming approach implies that some filters or rules are
changed; therefore, there is a transient time to wait once the new
network configuration takes effect. This time can be determined by
the network orchestrator/controller, based on the network conditions.
For example, if the network zooming identifies the performance
problem for the traffic coming from a specific source, we need to
recognize the marked signal from this specific source node and its
relative path. For this purpose, we can activate all the available
measurement points and better specify the flow filter criteria (i.e.,
5-tuple). As an alternative, it can be enough to select packets from
the specific source for delay measurements; in this case, it is
possible to apply the hashing technique, as mentioned in the previous
sections.
[OPSAWG-IFIT-FRAMEWORK] defines an architecture where the centralized
data collector and network management can apply the intelligent and
flexible Alternate-Marking algorithm as previously described.
As for [RFC9341], it is possible to classify the traffic and mark a
portion of the total traffic. For each period, the packet rate and
bandwidth are calculated from the number of packets. In this way,
the network orchestrator becomes aware if the traffic rate surpasses
limits. In addition, more precision can be obtained by reducing the
marking period; indeed, some implementations use a marking period of
1 sec or less.
In addition, an SDN controller could also collect the measurement
history.
It is important to mention that the Multipoint Alternate-Marking
framework also helps Traffic Visualization. Indeed, this methodology
is very useful for identifying which path or cluster is crossed by
the flow.
11. Security Considerations
This document specifies a method of performing measurements that does
not directly affect Internet security or applications that run on the
Internet. However, implementation of this method must be mindful of
security and privacy concerns, as explained in [RFC9341].
12. IANA Considerations
This document has no IANA actions.
13. References
13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F.
Raspall, "Sampling and Filtering Techniques for IP Packet
Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009,
<https://www.rfc-editor.org/info/rfc5475>.
[RFC5644] Stephan, E., Liang, L., and A. Morton, "IP Performance
Metrics (IPPM): Spatial and Multicast", RFC 5644,
DOI 10.17487/RFC5644, October 2009,
<https://www.rfc-editor.org/info/rfc5644>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC9341] Fioccola, G., Ed., Cociglio, M., Mirsky, G., Mizrahi, T.,
and T. Zhou, "Alternate-Marking Method", RFC 9341,
DOI 10.17487/RFC9341, December 2022,
<https://www.rfc-editor.org/info/rfc9341>.
13.2. Informative References
[IEEE-ACM-TON-MPNPM]
Cociglio, M., Fioccola, G., Marchetto, G., Sapio, A., and
R. Sisto, "Multipoint Passive Monitoring in Packet
Networks", IEEE/ACM Transactions on Networking, Vol. 27,
Issue 6, DOI 10.1109/TNET.2019.2950157, December 2019,
<https://doi.org/10.1109/TNET.2019.2950157>.
[IEEE-NETWORK-PNPM]
Mizrahi, T., Navon, G., Fioccola, G., Cociglio, M., Chen,
M., and G. Mirsky, "AM-PM: Efficient Network Telemetry
using Alternate Marking", IEEE Network, Vol. 33, Issue 4,
DOI 10.1109/MNET.2019.1800152, July 2019,
<https://doi.org/10.1109/MNET.2019.1800152>.
[OPSAWG-IFIT-FRAMEWORK]
Song, H., Qin, F., Chen, H., Jin, J., and J. Shin, "A
Framework for In-situ Flow Information Telemetry", Work in
Progress, Internet-Draft, draft-song-opsawg-ifit-
framework-19, 24 October 2022,
<https://datatracker.ietf.org/doc/html/draft-song-opsawg-
ifit-framework-19>.
[RFC5474] Duffield, N., Ed., Chiou, D., Claise, B., Greenberg, A.,
Grossglauser, M., and J. Rexford, "A Framework for Packet
Selection and Reporting", RFC 5474, DOI 10.17487/RFC5474,
March 2009, <https://www.rfc-editor.org/info/rfc5474>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC8889] Fioccola, G., Ed., Cociglio, M., Sapio, A., and R. Sisto,
"Multipoint Alternate-Marking Method for Passive and
Hybrid Performance Monitoring", RFC 8889,
DOI 10.17487/RFC8889, August 2020,
<https://www.rfc-editor.org/info/rfc8889>.
[RFC9198] Alvarez-Hamelin, J., Morton, A., Fabini, J., Pignataro,
C., and R. Geib, "Advanced Unidirectional Route Assessment
(AURA)", RFC 9198, DOI 10.17487/RFC9198, May 2022,
<https://www.rfc-editor.org/info/rfc9198>.
Appendix A. Example of Monitoring Network and Clusters Partition
Figure 4 shows a simple example of a monitoring network graph:
+------+
<> R6 <>---
/ +------+
+------+ +------+ /
<> R2 <>---<> R4 <>
/ +------+ \ +------+ \
/ \ \ +------+
+------+ / +------+ \ +------+ <> R7 <>---
---<> R1 <>---<> R3 <>---<> R5 <> +------+
+------+ \ +------+ \ +------+ \
\ \ \ +------+
\ \ <> R8 <>---
\ \ +------+
\ \
\ \ +------+
\ <> R9 <>---
\ +------+
\
\ +------+
<> R10 <>---
+------+
Figure 4: Monitoring Network Graph
In the monitoring network graph example, it is possible to identify
the clusters partition by applying this two-step algorithm described
in Section 5.1.
The first step identifies the following groups:
Group 1: (R1-R2), (R1-R3), (R1-R10)
Group 2: (R2-R4), (R2-R5)
Group 3: (R3-R5), (R3-R9)
Group 4: (R4-R6), (R4-R7)
Group 5: (R5-R8)
Then, the second step builds the clusters partition (in particular,
we can underline that Groups 2 and 3 connect together, since R5 is in
common):
Cluster 1: (R1-R2), (R1-R3), (R1-R10)
Cluster 2: (R2-R4), (R2-R5), (R3-R5), (R3-R9)
Cluster 3: (R4-R6), (R4-R7)
Cluster 4: (R5-R8)
The flow direction considered here is from left to right. For the
opposite direction, the same reasoning can be applied, and in this
example, you get the same clusters partition.
In the end, the following 4 clusters are obtained:
Cluster 1
+------+
<> R2 <>---
/ +------+
/
+------+ / +------+
---<> R1 <>---<> R3 <>---
+------+ \ +------+
\
\
\
\
\
\
\
\
\ +------+
<> R10 <>---
+------+
Cluster 2
+------+ +------+
---<> R2 <>---<> R4 <>---
+------+ \ +------+
\
+------+ \ +------+
---<> R3 <>---<> R5 <>---
+------+ \ +------+
\
\
\
\
\ +------+
<> R9 <>---
+------+
Cluster 3
+------+
<> R6 <>---
/ +------+
+------+ /
---<> R4 <>
+------+ \
\ +------+
<> R7 <>---
+------+
Cluster 4
+------+
---<> R5 <>
+------+ \
\ +------+
<> R8 <>---
+------+
Figure 5: Clusters Example
There are clusters with more than two nodes as well as two-node
clusters. In the two-node clusters, the loss is on the link (Cluster
4). In more-than-two-node clusters, the loss is on the cluster, but
we cannot know in which link (Cluster 1, 2, or 3).
Acknowledgements
The authors would like to thank Martin Duke and Tommy Pauly for their
assistance and their detailed and valuable reviews.
Contributors
Greg Mirsky
Ericsson
Email: gregimirsky@gmail.com
Tal Mizrahi
Huawei Technologies
Email: tal.mizrahi.phd@gmail.com
Xiao Min
ZTE Corp.
Email: xiao.min2@zte.com.cn
Authors' Addresses
Giuseppe Fioccola (editor)
Huawei Technologies
Riesstrasse, 25
80992 Munich
Germany
Email: giuseppe.fioccola@huawei.com
Mauro Cociglio
Telecom Italia
Email: mauro.cociglio@outlook.com
Amedeo Sapio
Intel Corporation
4750 Patrick Henry Dr.
Santa Clara, CA 95054
United States of America
Email: amedeo.sapio@intel.com
Riccardo Sisto
Politecnico di Torino
Corso Duca degli Abruzzi, 24
10129 Torino
Italy
Email: riccardo.sisto@polito.it
Tianran Zhou
Huawei Technologies
156 Beiqing Rd.
Beijing
100095
China
Email: zhoutianran@huawei.com
|
