首页 > 学院 > 网络通信 > 正文

RFC1857 - A Model for Common Operational Statistics

2019-11-04 10:35:11
字体:
来源:转载
供稿:网友

  Network Working Group M. Lambert
Request For Comments: 1857 Pittsburgh Supercomputing Center
Obsoletes: 1404 October 1995
Category: Informational

A Model for Common Operational Statistics

Status of this Memo

This memo PRovides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

Abstract

This memo describes a model for operational statistics in the
Internet. It gives recommendations for metrics, measurements,
polling periods and presentation formats and defines a format for the
exchange of operational statistics.

Acknowledgements

The author would like to thank the members of the Operational
Statistics Working Group of the IETF whose efforts made this memo
possible, particularly Bernhard Stockman, author of RFC1404, and
Nevil Brownlee, who prodUCed the revised BNF description of the
model. Wherever possible, their text has been changed as little as
feasible.

Table of Contents

1. Introduction ............................................. 2
2. The Model ................................................ 5
2.1 Metrics and Polling Periods .............................. 5
2.2 Format for Storing Collected Data ........................ 6
2.3 Reports .................................................. 6
2.4 Security Issues .......................................... 6
3. Categorization of Metrics ................................ 7
3.1 Overview ................................................. 7
3.2 Categorization of Metrics Based on Measurement Areas ..... 7
3.2.1 Utilization Metrics ...................................... 7
3.2.2 Performance Metrics ...................................... 7
3.2.3 Availability Metrics ..................................... 8
3.2.4 Stability Metrics ........................................ 8
3.3 Categorization Based on Availability of Metrics .......... 8
3.3.1 Per Interface Variables Already in Standard MIB .......... 8
3.3.2 Per Interface Variables in Private Enterprise MIB ........ 9
3.3.3 Per interface Variables Needing High Resolution Polling .. 9

3.3.4 Per Interface Variables not in any MIB ................... 9
3.3.5 Per Node Variables ....................................... 9
3.3.6 Metrics not being Retrievable with SNMP ................. 10
3.4 Recommended Metrics ..................................... 10
4. Polling Frequencies ..................................... 10
4.1 Variables Needing High Resolution Polling ............... 11
4.2 Variables not Needing High Resolution Polling ........... 11
5. Pre-Processing of Raw Statistical Data .................. 11
5.1 Optimizing and Concentrating Data to Resources .......... 11
5.2 Aggregation of Data ..................................... 12
6. Storing of Statistical Data ............................. 12
6.1 The Storage Format ...................................... 13
6.1.1 The Label Section ....................................... 14
6.1.2 The Device Section ...................................... 15
6.1.3 The Data Section ........................................ 17
6.2 Storage Requirement Estimations ......................... 17
7. Report Formats .......................................... 18
7.1 Report Types and Contents ............................... 18
7.2 Contents of the Reports ................................. 19
7.2.1 Offered Load by Link .................................... 19
7.2.2 Offered Load by Customer ................................ 19
7.2.3 Resource Utilization Reporting .......................... 20
7.2.3.1 Utilization as Maximum Peak Behavior .................... 20
7.2.3.2 Utilization as Frequency Distribution of Peaks .......... 20
8. Considerations for Future Development ................... 20
8.1 A Client/Server Based Statistical Exchange System ....... 21
8.2 Inclusion of Variables not in the Internet Standard MIB . 21
8.3 Detailed Resource Utilization Statistics ................ 21
Appendix A Some formulas for statistical aggregation ........... 22
Appendix B An example .......................................... 24
Security Considerations ......................................... 27
Author's Address ................................................ 27

1. Introduction

Many network administrations commonly collect and archive network
management metrics that indicate network utilization, growth and
reliability. The primary goals of this activity are to facilitate
near-term problem isolation and longer-term network planning within
the organization. There is also the broader goal of cooperative
problem isolation and network planning among network administrations.
This broader goal is likely to become increasingly important as the
Internet continues to grow, particularly as the number of Internet
service providers eXPands and the quality of service between
providers becomes more of a concern.

There exist a variety of network management tools for the collection
and presentation of network management metrics. However, different
kinds of measurement and presentation techniques make it difficult
to compare data among networks. In addition, there is not general
agreement on what metrics should be regularly collected or how they
should be displayed.

There needs to be an agreed-upon model for

1) A minimal set of common network management metrics to satisfy
the goals stated above,

2) Tools for collecting these metrics,

3) A common interchange format to facilitate the usage of these
data by common presentation tools and

4) Common presentation formats.

Under this Operational Statistics model, collection tools will
collect and store data to be retrieved later in a given format by
presentation tools displaying the data in a predefined way. (See
figure below.)

The Operational Statistics Model

(Collection of common metrics, by commonly available tools, stored in
a common format, displayed in common formats by commonly available
presentation tools.)

!-----------------------!
! Network !
!---+---------------+---!
/ /
/ /
/ /
--------+------ ----+---------
! New ! ! Old !
! Collection ! ! Collection !
! Tool ! ! Tool !
!---------+---! !------+-----!
/ !
/ !-------+--------!
/ ! Post-Processor !
/ !--+-------------!
/ /
/ /
/ /
!--+-------+---!
! Common !
! Statistics !
! Database !
!-+--------+---!
/ /
/ /
/ /
/ !-+-------------!
/ ! Pre-Processor !
/ !-------+-------!
!-----------+--! !
! New ! !-------+-------!
! Presentation ! ! Old !
! Tool ! ! Presentation !
!---------+----! ! Tool !
/ !--+------------!
/ /
/ /
!-+---------------+-!
! Graphical Output !
! (e.g., to paper !
! or X Window) !
!-------------------!

This memo gives an overview of this model for common operational
statistics. The model defines the gathering, storing and presentation
of network operational statistics and classifies the types of
information that should be available at each network operation center
(NOC) conforming to this model.

The model defines a minimal set of metrics and discusses how these
metrics should be gathered and stored. It gives recommendations for
the content and layout of statistical reports which make possible the
easy comparison of network statistics among NOCs.

The primary purpose of this model is to define mechanisms by which
NOCs could share most effectively their operational statistics. One
intent of this model is to specify a baseline capability that NOCs
conforming to the model may support with minimal development effort
and minimal ongoing effort.

2. The Model

The model defines three areas of interest on which all underlying
concepts are based:

1) The definition of a minimal set of metrics to be gathered,

2) The definition of a format for storing collected statistical
data and

3) The definition of methods and formats for generating reports.

The model indicates that old tools currently in use could be
retrofitted into the new paradigm. This could be done by providing
conversion filters between old and new tools. In this sense this
model intends to advocate the development of freely redistributable
software for use by participating NOCs.

One basic idea of the model is that statistical data stored at one
place could be retrieved and displayed at some other place.

2.1. Metrics and Polling Periods

Here the value is 0.

The intent here is to define a minimal set of metrics that could be
gathered easily using standard SNMP-based network management tools.
Thus, these metrics should be available as variables in the Internet
Standard MIB.

If the Internet Standard MIB were changed, this minimal set of
metrics should be reconsidered, as there are many metrics regarded
as important, but not currently defined in the standard MIB.
Some metrics which are highly desirable to collect are probably not
retrievable using SNMP. Therefore, tools and methods for gathering
such metrics should be defined explicitly if such metrics are to be
considered. This is, however, outside of the scope of this memo.

2.2. Format for Storing Collected Data

A format for storing data is defined. The intent is to minimize
redundant information by using a single header structure wherein all
information relevant to a certain set of statistical data is stored.
This header section will give information about when and where the
corresponding statistical data were collected.

2.3. Reports

Some basic classes of reports are suggested, addressing different
views of network behavior. Reports of total octets and packets over
some time period are regarded as essential to give an overall view of
the traffic flow in a network. Differentiation between applications
and protocols is regarded as needed to give ideas on which type of
traffic is dominant. Reports on resource utilization are
recommended.

The time period which a report spans may vary depending on its
intent. In engineering and operations daily or weekly reports may be
sufficient, whereas for capacity planning there may be a need for
longer-term reports.

2.4. Security Issues

There are legal, ethical and political concerns about data sharing.
People, in particular Network Service Providers, are concerned about
showing data that may make one of their networks look bad.

For this reason there is a need to insure integrity, conformity and
confidentiality of the shared data. To be useful, the same data
should be collected from all involved sites and it should be
collected at the same interval.

3. Categorization of Metrics

3.1. Overview

This section gives a classification of metrics with regard to scope
and ease of retrieval. A recommendation of a minimal set of metrics
is given. This section also gives some hints on metrics to be
considered for future inclusion when available in the network
management environment. Finally some thoughts on storage requirements
are presented.

3.2. Categorization of Metrics Based on Measurement Areas

The metrics used in evaluating network traffic could be classified
into (at least) four major categories:

o Utilization metrics
o Performance metrics
o Availability metrics
o Stability metrics

3.2.1. Utilization Metrics

This category describes different aspects of the total traffic being
forwarded through the network. Possible metrics include:

o Total input and output packets and octets
o Various peak metrics
o Per protocol and per application metrics

3.2.2. Performance Metrics

These metrics relate to quality of service issues such as delays and
congestion situations. Possible metrics include:

o RTT metrics on different protocol layers
o Number of collisions on a bus network
o Number of ICMP Source Quench messages
o Number of packets dropped

3.2.3. Availability Metrics

These metrics could be viewed as gauging long term accessibility on
different protocol layers. Possible metrics include:

o Line availability as percentage uptime
o Route availability
o Application availability

3.2.4. Stability Metrics

These metrics describe short-term fluctuations in the network which
degrade the service level. Changes in traffic patterns also could be
recognized using these metrics. Possible metrics include:

o Number of fast line status transitions
o Number of fast route changes (also known as route flapping)
o Number of routes per interface in the tables
o Next hop count stability
o Short term ICMP behavior

3.3. Categorization Based on Availability of Metrics

To be able to retrieve metrics, the corresponding variables must be
accessible at every network object which is part of the management
domain for which statistics are being collected.

Some metrics are easily retrievable because they are defined as
variables in the Internet Standard MIB. Other metrics may be
retrievable because they are part of some vendor's private enterprise
MIB suBTree. Finally, some metrics are considered irretrievable,
either because they are not possible to include in the SNMP concept
or because their measurement would require extensive polling (loading
the network with management traffic).

The metrics categorized below could each be judged as important in
evaluating network behavior. This list may serve as a basis for
revisiting the decisions on which metrics are to be regarded as
reasonable and desirable to collect. If the availability of the
metrics listed below changes, these decisions may change.

3.3.1. Per Interface Variables Already in Internet Standard MIB (thus
easy to retrieve)

ifInUcastPkts (unicast packets in)
ifOutUcastPkts (unicast packets out)
ifInNUcastPkts (non-unicast packets in
ifOutNUcastPkts (non-unicast packets out)

ifInOctets (octets in)
ifOutOctets (octets out)
ifOperStatus (line status)

3.3.2. Per Interface Variables in Internet Private Enterprise MIB (thus
could sometimes be retrievable)

discarded packets in
discarded packets out
congestion events in
congestion events out
aggregate errors
interface resets

3.3.3. Per Interface Variables Needing High Resolution Polling (which
is hard due to resulting network load)

interface queue length
seconds missing stats
interface unavailable
route changes
interface next hop count

3.3.4. Per Interface Variables not in any Known MIB (thus impossible
to retrieve using SNMP but possible to include in a MIB)

link layer packets in
link layer packets out
link layer octets in
link layer octets out
packet interarrival times
packet size distribution

3.3.5. Per Node Variables (not categorized here)

per-protocol packets in
per-protocol packets out
per-protocol octets in
per-protocol octets out
packets discarded in
packets discarded out
packet size distribution
system uptime
poll delta time
reboot count

3.3.6. Metrics not Retrievable with SNMP

delays (RTTs) on different protocol layers
application layer availabilities
peak behavior metrics

3.4. Recommended Metrics

A large number of metrics could be considered for collection in the
process of doing network statistics. To facilitate general consensus
for this model, there is a need to define a minimal set of metrics
that are both essential and retrievable in a majority of today's
network objects. General retrievability is equated with presence in
the Internet Standard MIB.

The following metrics from the Internet Standard MIB were chosen as
being desirable and reasonable:

For each interface:

ifInOctets (octets in)
ifOutOctets (octets out)
ifInUcastPkts (unicast packets in)
ifOutUcastPkts (unicast packets out)
ifInNUcastPkts (non-unicast packets in)
ifOutNUcastPkts (non-unicast packets out)
ifInDiscards (in discards)
ifOutDiscards (out discards)
ifOperStatus (line status)

For each node:

ipForwDatagrams (IP forwards)
ipInDiscards (IP in discards)
sysUpTime (system uptime)

4. Polling Frequencies

The purpose of polling at specified intervals is to gather statistics
to serve as a basis for trend and capacity planning. From the
operational data it should be possible to derive engineering and
management data. It should be noted that all polling and retention
values given below are recommendations and are not mandatory.

4.1. Variables Needing High Resolution Polling

To be able to detect peak behavior, it is recommended that a period
of 1 minute (60 seconds) at a maximum be used in gathering traffic
data. The metrics to be collected at this frequency are:

for each interface

ifInOctets (octets in)
ifOutOctets (octets out)
ifInUcastPkts (unicast packets in)
ifOutUcastPkts (unicast packets out)

If it is not possible to gather data at this high polling frequency,
it is recommended that an exact multiple of 60 seconds be used. The
initial polling frequency value will be part of the stored
statistical data as described in section 6.1.2 below.

4.2. Variables not Needing High Resolution Polling

The remainder of the recommended variables to be gathered, i.e.,

For each interface:

ifInNUcastPkts (non-unicast packets in)
ifOutNUcastPkts (non-unicast packets out)
ifInDiscards (in discards)
ifOutDiscards (out discards)
ifOperStatus (line status)

and for each node:

ipForwDatagrams (IP forwards)
ipInDiscards (IP in discards)
sysUpTime (system uptime)

could be collected at a lower polling rate. No polling rate is
specified, but it is recommended that the period chosen be an exact
multiple of 60 seconds.

5. Pre-Processing of Raw Statistical Data

5.1. Optimizing and Concentrating Data to Resources

To avoid storing redundant data in what might be a shared file
system, it is desirable to preprocess the raw data. For example, if a
link is down there is no need to continuously store a counter which
is not changing. The use of the variables sysUpTime and ifOperStatus

makes it possible not to have to continuously store data collected
from links and nodes where no traffic has been transmitted for some
period of time.

Another aspect of processing is to decouple the data from the raw
interface being polled. The intent should be to convert such data
into the resource of interest as, for example, the traffic on a given
link. Changes of interface in a gateway for a given link should not
be visible in the resulting data.

5.2. Aggregation of Data

At many sites, the volume of data generated by a polling period of 1
minute will make aggregation of the stored data desirable if not
necessary.

Aggregation here refers to the replacement of data values on a number
of time intervals by some function of the values over the union of
the intervals. Either raw data or shorter-term aggregates may be
aggregated. Note that aggregation reduces the amount of data, but
also reduces the available information.

In this model, the function used for the aggregation is either the
arithmetic mean or the maximum, depending on whether it is desired to
track the average or peak value of a variable.

Details of the layout of the aggregated entries in the data file are
given in section 6.1.3.

Suggestions for aggregation periods:

Over a

24 hour period aggregate to 15 minutes,
1 month period aggregate to 1 hour,
1 year period aggregate to 1 day

6. Storing of Statistical Data

This section describes a format for the storage of statistical data.
The goal is to facilitate a common set of tools for the gathering,
storage and analysis of statistical data. The format is defined with
the intent of minimizing redundant information and thus minimizing
storage requirements. If a client server based model for retrieving
remote statistical data were later developed, the specified storage
format could be used as the transmission protocol.

This model is intended to define an interchange file format, which
would not necessarily be used for actual data storage. That means
its goal is to provide complete, self-contained, portable files,
rather than to describe a full database for storing them.

6.1. The Storage Format

All white space (including tabs, line feeds and carriage returns)
within a file is ignored. In addition all text from a # symbol to
the following end of line (inclusive) is also ignored.

stat-data ::= <stat-section> [ <FS> <stat-section> ]
stat-section ::= <device-section> <label-section> <data-section>

A data file must contain at least one device section and at least one
label section. At least one data section must be associated with
each label section. A device section must precede any data section
which uses tags defined within it.

A data section may appear in the file (in which case it is called an
internal data section and is preceded by a label section) or in
another file (in which case it is called an external data section and
is specified in an external label section). Such an external file
may contain one and only one data section.

A label section indicates the start and finish times for its
associated data section or sections, and a list of the names of the
tags they contain. Within a data file there is an ordering of label
sections. This depends only upon their relative position in the
file. All internal data sections associated with the first label
record must precede those associated with the second label record,
and so on.

Here are some examples of valid data files:

<label-s> <device-s> <data-s> <data-s>

<label-s> <device-s> <data-s> <device-s> <data-s> <data-s>

Both these files start with a label section giving the times and
tag-name lists for the device and data sections which follow.

<dev-s> <label-s> <label-s> <label-s>

This file begins with a device section (which specifies tags used in
its data sections) then has three 'external' label sections, each of
which points to a separate data section. The data sections need not
use all the tags defined in the device section; this is indicated by

the tag-name lists in their label sections.

<default-dev> <dev-1> <label-1> <dev-2> <label-2> ..

In this example default-dev is a full device section, including a
complete tag-table, with initial polling and aggregation periods
specified for each variable in each variable-field. There is no
label or data for default-dev--it is there purely to provide default
tag-list information. Dev-1, dev-2, ... are device sections for a
series of different devices. They each have their description fields
(network-name, router-name, etc), but no tag-table. Instead they
rely on using the tag-table from default-device. A default-dev
record, if present, must be the first item in the data file.
Label-1, label-2, etc. are label sections which point to files
containing data sections for each device.

6.1.1. The Label Section

label-section ::= BEGIN_LABEL <FS> <data-location> <FS>
<tag-name-list> <FS>
<start-time> <FS> <stop-time> <FS> END_LABEL
data-location ::= <data-file-name> <empty>

tag-name-list ::= <LEFT> <tag> [ <FS> <tag> ] <RIGHT>

The label section gives the start and stop times for its
corresponding data section (or sections) and a list of the tags it
uses. If a data location is given it specifies the name of a file
containing its data section; otherwise the data section follows in
this file.

start-time ::= <time-string>
stop-time ::= <time-string>
data-file-name ::= <ASCII-string>

time-string ::= <year><month><day><hour><minute><second>

year ::= <digit><digit><digit><digit>
month ::= 01..12
day ::= 01..31
hour ::= 00..23
minute ::= 00..59
second ::= <float>

The start-time and stop-time are specified in UTC.

A maximum of 60.0 is specified for 'seconds' so as to allow for leap
seconds, as is done (for example) by ntp. If a time-zone changes
during a data file--e.g. because daylight savings time has
ended--this should be recorded by ending the current data section,
writing a device section with the new time-zone and starting a new
data section.

6.1.2. The Device Section

device-section ::= BEGIN_DEVICE <FS> <device-field> <FS> END_DEVICE
device-field ::= <network-name><FS><router-name><FS><link-name<FS>
<bw-value><FS><proto-type><FS><proto-addr><FS>
<time-zone> <optional-tag-table>
optional-tag-table ::= <FS> <tag-table> <empty>

network-name ::= <ASCII-string>
router-name ::= <ASCII-string>
link-name ::= <ASCII-string>
bw-value ::= <float>
proto-type ::= IP DECNET X.25 CLNS IPX AppleTalk
proto-addr ::= <ASCII-string>
time-zone ::= [+-] [00..13] [00..59]

tag-table ::= <LEFT> <tag-desc> [ <FS> <tag-desc> ] <RIGHT>
tag-desc ::= <tag> <FS> <tag-class> <FS> <variable-field-list>

tag ::= <ASCII-string>
tag-class ::= total peak

variable-field-list ::= <LEFT> <variable-field>
[ <FS> <variable-field> ] <RIGHT>
variable-field ::= <variable-name><FS><initial-polling-period>
<FS> <aggregation-period>

variable-name ::= <ASCII-string>
initial-polling-period ::= <integer>
aggregation-period ::= <integer>

The network-name is a human readable string indicating to which
network the logged data belong.

The router-name is given as an ASCII string, allowing for styles
other than IP domain names (which are names of interfaces, not
routers).

The link-name is a human readable string indicating the connectivity
of the link where from the logged data is gathered.

The units for bandwidth (bw-value) are bits per second, and are given
as a floating-point number, e.g. 1536000 or 1.536e6. A zero value
indicates that the actual bandwidth is unknown; one instance of this
would be a Frame Relay link with Committed Information Rate different
from Burst Rate.

The proto-type field describes to which network architecture the
interface being logged is connected. Valid types are IP, DECNET,
X.25, CLNS, IPX and AppleTalk.

The network address (proto-addr) is the unique numeric address of the
interface being logged. The actual form of this address is dependent
on the protocol type as indicated in the proto-type field. For
Internet connected interfaces the dotted-quad notation should be
used.

The time-zone indicates the time difference that should be added to
the time-stamp in the data-section to give the local time for the
logged interface. Note that the range for time-zone is sufficient to
allow for all possibilities, not just those which fall on 30-minute
multiples.

The tag-table lists all variables being polled. Variable names are
the fully qualified Internet MIB names. The table may contain
multiple tags. Each tag must be associated with only one polling and
aggregation period. If variables are being polled or aggregated at
different periods, a separate tag in the table must be used for each
period.

As variables may be polled with different polling periods within the
same set of logged data, there is a need to explicitly associate a
polling period with each variable. After processing, the actual
period covered may have changed compared to the initial polling
period and this should be noted in the aggregation period field. The
initial polling period and aggregation period are given in seconds.

Original data values, and data values which have been aggregated by
adding them together, will have a tag-class of 'total.' Data values
which have been aggregated by finding the maximum over an aggregation
time interval will have a tag-class of 'peak.'

The tag-table and variable-field-lists are enclosed in brackets,
making the extent of each obvious. Without the brackets a parser
would have difficulty distinguishing between a variable name
(continuing the variable-field list for this tag) or a tag (starting
the next tag of the tag table). To make the distinction clearer to a
human reader one should use different kinds of brackets for each, for
example {} for the tag-table list and [] for the variable-field

lists.

6.1.3. The Data Section

data-section ::= BEGIN_DATA <FS> <data-field>
[ <FS> <data-field> ] <FS> END_DATA
data-field ::= <time-string> <FS> <tag> <FS>
<poll-delta> <FS> <delta-val-list>

delta-val-list ::= LEFT <delta-val> [ <FS> <delta-val> ] RIGHT

poll-delta ::= <integer>
delta-val ::= <integer>

FS ::= , ; :
LEFT ::= ( [ {
RIGHT ::= ) ] }

A data-field contains values for each variable in the specified tag.
A new data field should be written for each separate poll; there
should be a one-to-one mapping betwen variables and values. Each
data-field begins with the timestamp for this poll followed by the
tag defining the polled variables followed by a polling delta value
giving the period of time in seconds since the previous poll. The
variable values are stored as delta values for counters and as
absolute values for non-counter values such as OperStatus. The
timestamp is in UTC and the time-zone field in the device section is
used to compute the local time for the device being logged.

Comma, semicolon or colon may be used as a field separator. Normally
one would use commas within a line, semicolon at the end of a line
and a colon after keyWords such as BEGIN_LABEL.

Parentheses (), brackets [] or braces {} may be used as LEFT and
RIGHT brackets around tag-name, tag-table and delta-val lists. These
should be used in corresponding pairs, although combinations such as
(], [} etc. are syntactically valid.

6.2. Storage Requirement Estimations

The header sections are not counted in this example. Assuming that
the maximum polling intensity is used for all 12 recommended
variables, that the size in ASCII of each variable is eight bytes and
that there are no timestamps which are fractional seconds, the
following calculations will give an estimate of storage requirements
for one year of storing and aggregating statistical data.

Assuming that data is saved according to the scheme

1 minute non-aggregated saved 1 day,
15 minute aggregation period saved 1 week,
1 hour aggregation period saved 1 month and
1 day aggregation period saved 1 year,

this will give:

Size of one entry for each aggregation period:

Aggregation periods

1 min 15 min 1 hour 1 day

Timestamp 14 14 14 14
Tag 5 5 5 5
Poll-Delta 2 3 4 5
Total values 96 96 96 96
Peak values 0 96 192 288
Field separators 14 28 42 56

Total entry size 131 242 353 464

For each day 60*24 = 1440 entries with a total size of 1440*131 = 189
kB.

For each week 4*24*7 = 672 entries are stored with a total size of
672*242 = 163 kB.

For each month 24*30 = 720 entries are stored with a total size of
720*353 = 254 kB.

For each year 365 entries are stored with a total size of 365*464 =
169 kB.

Grand total estimated storage for during one year = 775 kB.

7. Report Formats

This section suggests some report formats and defines the metrics to
be used in such reports.

7.1. Report Types and Contents

There are longer-term needs for monthly and yearly reports showing
long-term tendencies in the network. There are short-term weekly
reports giving information about medium-term changes in network

behavior which could serve as input to the medium-term engineering
approach. Finally, there are daily reports giving the instantaneous
overviews needed in the daily operations of a network.

These reports should give information on:

Offered Load Total traffic at external interfaces
Offered Load Segmented by "Customer"
Offered Load Segmented protocol/application.

Resource Utilization Link/Router

7.2. Content of the Reports

7.2.1. Offered Load by Link

Metric categories: input octets per external interface
output octets per external interface
input packets per external interface
output packets per external interface

The intent is to visualize the overall trend of network traffic on
each connected external interface. This could be done as a bar-chart
giving the totals for each of the four metric categories. Based on
the time period selected this could be done on a hourly, daily,
monthly or yearly basis.

7.2.2. Offered Load by Customer

Metric categories: input octets per customer
output octets per customer
input packets per customer
output packets per customer

The recommendation here is to sort the offered load (in decreasing
order) by customer. Plot the function F(n), where F(n) is percentage
of total traffic offered to the top n customers or the function f(n)
where f is the percentage of traffic offered by the nth ranked
customers.

The definition of what is meant by a "customer" has to be done
locally at the site where the statistics are being gathered.

A cumulative plot could be useful as an overview of how traffic is
distributed among users since it enables one to quickly pick off what
fraction of the traffic comes from what number of "users."

A method of displaying both average and peak behaviors in the same
bar chart is to compute both the average value over some period and
the peak value during the same period. The average and peak values
are then displayed in the same bar.

7.2.3. Resource Utilization Reporting

7.2.3.1. Utilization as Maximum Peak Behavior

Link utilization is used to capture information on network loading.
The polling interval must be small enough to be significant with
respect to variations in human activity, since this is the activity
that drives variations in network loading. On the other hand, there
is no need to make it smaller than an interval over which excessive
delay would notably impact productivity. For this reason, 30 minutes
is a good estimate of the time at which people remain in one activity
and over which prolonged high delay will affect their productivity.
To track 30 minute variations, there is a need to sample twice as
frequently, i.e., every 15 minutes. Use of the polling period of 10
minutes recommended above should be sufficient to capture variations
in utilization.

A possible format for reporting utilizations seen as peak behaviors
is to use a method of combining averages and peak measurements onto
the same diagram. Compare for example peak-meters on audio-equipment.
If, for example, a diagram contains the daily totals for some period,
then the peaks would be the most busy hour during each day. If the
diagram were totals on an hourly basis then the peak would be the
maximum ten-minute period in each hour.

By combining the average and the maximum values for a certain time
period, it should be possible to detect line utilization and
bottlenecks due to temporary high loads.

7.2.3.2. Utilization Visualized as a Frequency Distribution of Peaks

Another way of visualizing line utilization is to put the ten-minute
samples in a histogram showing the relative frequency among the
samples versus the load.

8. Considerations for Future Development

This memo is the first effort at formalizing a common basis for
operational statistics. One major guideline in this work has been to
keep the model simple to facilitate the easy integration of this
model by vendors and NOCs into their operational tools.

There are, however, some ideas that could progress further to expand
the scope and usability of the model.

8.1. A Client/Server Based Statistical Exchange System

A possible path for development could be the definition of a
client/server based architecture for providing Internet access to
operational statistics. Such an architecture envisions that each NOC
install a server which provides locally collected information in a
variety of forms for clients.

Using a query language, the client should be able to define the
network object, the interface, the metrics and the time period to be
provided. Using a TCP-based protocol, the server will transmit the
requested data. Once these data are received by the client, they
could be processed and presented by a variety of tools. One
possibility is to have an X-Window based tool that displays defined
diagrams from data, supporting such diagrams being fed into the X-
Window tool directly from the statistical server. Another
complementary method would be to generate PostScript output to print
the diagrams. In all cases it should be possible to store the
retrieved data locally for later processing.

The client/server approach is discussed further by Henry Clark in
RFC1856.

8.2. Inclusion of Variables not in the Internet Standard MIB

As has been pointed out above in the categorization of metrics, there
are metrics which certainly could have been recommended if they were
available in the Internet Standard MIB. To facilitate the inclusion
of such metrics in the set of recommended metrics, it will be
necessary to specify a subtree in the Internet Standard MIB
containing variables judged necessary in the scope of performing
operational statistics.

8.3. Detailed Resource Utilization Statistics

One area of interest not covered in the above description of metrics
and presentation formats is to present statistics on detailed views
of the traffic flows. Such views could include statistics on a per
application basis and on a per protocol basis. Today such metrics are
not part of the Internet Standard MIB. Tools like the NSF NNStat are
being used to gather information of this kind. A possible way to
achieve such data could be to define an NNStat MIB or to include such
variables in the above suggested operational statistics MIB subtree.

APPENDIX A

Some formulas for statistical aggregation

The following naming conventions are used:

For poll values poll(n)_j

n = Polling or aggregation period
j = Entry number

poll(900)_j is thus the 15 minute total value.

For peak values peak(n,m)_j

n = Period over which the peak is calculated
m = The peak period length
j = Entry number

peak(3600,900)_j is thus the maximum 15 minute period calculated over
1 hour.

Assume a polling over 24 hour period giving 1440 logged entries.

=========================

Without any aggregation we have

poll(60)_1
......
poll(60)_1440

========================

15 minute aggregation will give 96 entries of total values

poll(900)_1
....
poll(900)_96

j=(n+14)
poll(900)_k = SUM poll(60)_j n=1,16,31,...1426
j=n k=1,2,....,96

There will also be 96 one-minute peak values.

j=(n+14)
peak(900,60)_k = MAX poll(60)_j n=1,16,31,....,1426
j=n k=1,2,....,96

=======================

The next aggregation step is from 15 minutes to 1 hour. This gives
24 totals.

j=(n+3)
poll(3600)_k = SUM poll(900)_j n=1,5,9,.....,93
j=n k=1,2,....,24

and 24 one-minute peaks calculated over each hour.

j=(n+3)
peak (3600,60)_k = MAX peak(900,60)_j n=1,5,9,.....,93
j=n k=1,2,....24

and finally 24 15-minute peaks calculated over each hour:

j=(n+3)
peak (3600,900) = MAX poll(900)_j n=1,5,9,.....,93
j=n

===================

The next aggregation step is from 1 hour to 24 hours. For each day
with 1440 entries as above this will give

j=(n+23)
poll(86400)_k = SUM poll(3600)_j n=1,25,51,.......
j=n k=1,2............

j=(n+23)
peak(86400,60)_k = MAX peak(3600,60)_j n=1,25,51,....
j=n k=1,2.........

which gives the busiest 1 minute period over 24 hours.

j=(n+23)
peak(86400,900)_k = MAX peak(3600,900)_j n=1,25,51,....
j=n k=1,2,........

which gives the busiest 15 minute period over 24 hours.

j=(n+23)

peak(86400,3600)_k = MAX poll(3600)_j n=1,25,51,....
j=n k=1,2,........

which gives the busiest 1 hour period over 24 hours.

===================

There will probably be a difference between the three peak values in
the final 24 hour aggregation. A smaller peak period will give higher
values than a longer one, i.e., if adjusted to be numerically
comparable.

poll(86400)/3600 < peak(86400,3600) < peak(86400,900)*4
< peak(86400,60)*60

APPENDIX B

An example

Assuming below data storage:

BEGIN_DEVICE:
...
{
UNI-1,total: [ifInOctet, 60, 60,ifOutOctet, 60, 60];
BRD-1,total: [ifInNUcastPkts,300,300,ifOutNUcastPkts,300,300]
}
...

which gives

BEGIN_DATA:
19920730000000,UNI-1,60:(val1-1,val2-1);
19920730000060,UNI-1,60:(val1-2,val2-2);
19920730000120,UNI-1,60:(val1-3,val2-3);
19920730000180,UNI-1,60:(val1-4,val2-4);
19920730000240,UNI-1,60:(val1-5,val2-5);
19920730000300,UNI-1,60:(val1-6,val2-6);
19920730000300,BRD-1,300:(val1-7,val2-7);
19920730000360,UNI-1,60:(val1-8,val2-8);
...

Aggregation to 15 minutes gives

BEGIN_DEVICE:
...

{
UNI-1,total: [ifInOctet, 60,900,ifOutOctet, 60,900];
BRD-1,total: [ifInNUcastPkts,300,900,ifOutNUcastPkts,300,900];
UNI-2,peak: [ifInOctet, 60,900,ifOutOctet, 60,900];
BRD-2,peak: [ifInNUcastPkts,300,900,ifOutNUcastPkts,300,900]
}
...

where UNI-1 is the 15 minute total
BRD-1 is the 15 minute total
UNI-2 is the 1 minute peak over 15 minute (peak = peak(1))
BRD-2 is the 5 minute peak over 15 minute (peak = peak(1))

which gives

BEGIN_DATA:
19920730000900,UNI-1,900:(tot-val1,tot-val2);
19920730000900,BRD-1,900:(tot-val1,tot-val2);
19920730000900,UNI-2,900:(peak(1)-val1,peak(1)-val2);
19920730000900,BRD-2,900:(peak(1)-val1,peak(1)-val2);
19920730001800,UNI-1,900:(tot-val1,tot-val2);
19920730001800,BRD-1,900:(tot-val1,tot-val2);
19920730001800,UNI-2,900:(peak(1)-val1,peak(1)-val2);
19920730001800,BRD-2,900:(peak(1)-val1,peak(1)-val2);
...

Next aggregation step to 1 hour generates:

BEGIN_DEVICE:
...
{
UNI-1,total: [ifInOctet, 60,3600,ifOutOctet, 60,3600];
BRD-1,total: [ifInNUcastPkts,300,3600,ifOutNUcastPkts,300,3600];
UNI-2,peak: [ifInOctet, 60,3600,ifOutOctet, 60,3600];
BRD-2,peak: [ifInNUcastPkts,300, 900,ifOutNUcastPkts,300, 900];
UNI-3,peak: [ifInOctet, 900,3600,ifOutOctet, 900,3600];
BRD-3,peak: [ifInNUcastPkts,900,3600,ifOutNUcastPkts,900,3600]
}

where
UNI-1 is the one hour total
BRD-1 is the one hour total
UNI-2 is the 1 minute peak over 1 hour (peak of peak = peak(2))
BRD-2 is the 5 minute peak over 1 hour (peak of peak = peak(2))
UNI-3 is the 15 minute peak over 1 hour (peak = peak(1))
BRD-3 is the 15 minute peak over 1 hour (peak = peak(1))

which gives

BEGIN_DATA:
19920730003600,UNI-1,3600:(tot-val1,tot-val2);
19920730003600,BRD-1,3600:(tot-val1,tot-val2);
19920730003600,UNI-2,3600:(peak(2)-val1,peak(2)-val2);
19920730003600,BRD-2,3600:(peak(2)-val1,peak(2)-val2);
19920730003600,UNI-3,3600:(peak(1)-val1,peak(1)-val2);
19920730003600,BRD-3,3600:(peak(1)-val1,peak(1)-val2);
19920730007200,UNI-1,3600:(tot-val1,tot-val2);
19920730007200,BRD-1,3600:(tot-val1,tot-val2);
19920730007200,UNI-2,3600:(peak(2)-val1,peak(2)-val2);
19920730007200,BRD-2,3600:(peak(2)-val1,peak(2)-val2);
19920730007200,UNI-3,3600:(peak(1)-val1,peak(1)-val2);
19920730007200,BRD-3,3600:(peak(1)-val1,peak(1)-val2);
...

Finally aggregation step to 1 day generates:

BEGIN_DEVICE:
...
{
UNI-1,total: [ifInOctet, 60,86400,ifOutOctet, 60,86400];
BRD-1,total: [ifInNUcastPkts, 300,86400,ifOutNUcastPkts, 300,86400];
UNI-2,peak: [ifInOctet, 60,86400,ifOutOctet, 60,86400];
BRD-2,peak: [ifInNUcastPkts, 300, 900,ifOutNUcastPkts, 300, 900];
UNI-3,peak: [ifInOctet, 900,86400,ifOutOctet, 900,86400];
BRD-3,peak: [ifInNUcastPkts, 900,86400,ifOutNUcastPkts, 900,86400];
UNI-4,peak: [ifInOctet, 3600,86400,ifOutOctet, 3600,86400];
BRD-4,peak: [ifInNUcastPkts,3600,86400,ifOutNUcastPkts,3600,86400]
}
...

where
UNI-1 is the 24 hour total
BRD-1 is the 24 hour total
UNI-2 is the 1 minute peak over 24 hour
(peak of peak of peak = peak(3))
UNI-3 is the 15 minute peak over 24 hour (peak of peak = peak(2))
UNI-4 is the 1 hour peak over 24 hour (peak = peak(1))
BRD-2 is the 5 minute peak over 24 hour
(peak of peak of peak = peak(3))
BRD-3 is the 15 minute peak over 24 hour (peak of peak = peak(2))
BRD-4 is the 1 hour peak over 24 hour (peak = peak(1))

which gives

BEGIN_DATA:
19920730086400,UNI-1,86400:(tot-val1,tot-val2);
19920730086400,BRD-1,86400:(tot-val1,tot-val2);
19920730086400,UNI-2,86400:(peak(3)-val1,peak(3)-val2);
19920730086400,BRD-2,86400:(peak(3)-val1,peak(3)-val2);
19920730086400,UNI-3,86400:(peak(2)-val1,peak(2)-val2);
19920730086400,BRD-3,86400:(peak(2)-val1,peak(2)-val2);
19920730086400,UNI-4,86400:(peak(1)-val1,peak(1)-val2);
19920730086400,BRD-4,86400:(peak(1)-val1,peak(1)-val2);
19920730172800,UNI-1,86400:(tot-val1,tot-val2);
19920730172800,BRD-1,86400:(tot-val1,tot-val2);
19920730172800,UNI-2,86400:(peak(3)-val1,peak(3)-val2);
19920730172800,BRD-2,86400:(peak(3)-val1,peak(3)-val2);
19920730172800,UNI-3,86400:(peak(2)-val1,peak(2)-val2);
19920730172800,UNI-3,86400:(peak(2)-val1,peak(2)-val2);
19920730172800,UNI-4,86400:(peak(1)-val1,peak(1)-val2);
19920730172800,BRD-4,86400:(peak(1)-val1,peak(1)-val2);
...

Security Considerations

Security issues are discussed in Section 2.4.

Author's Address

Michael H. Lambert
Pittsburgh Supercomputing Center
4400 Fifth Avenue
Pittsburgh, PA 15213
USA

Phone: +1 412 268-4960
Fax: +1 412 268-8200


发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表