RFC9342: Clustered Alternate-Marking Method
Download in text format
Obsoletes:
RFC8889
Related keywords:
(Closed-Loop)
(Cluster)
(delay)
(Delay Variation)
(Hashing)
(Hybrid)
(Loss)
(Measurement)
(Monitoring)
(Multipoint)
(Passive)
(performance)
Internet Engineering Task Force (IETF) G. Fioccola, Ed. Request for Comments: 9342 Huawei Technologies Obsoletes: 8889 M. Cociglio Category: Standards Track Telecom Italia ISSN: 2070-1721 A. Sapio Intel Corporation R. Sisto Politecnico di Torino T. Zhou Huawei Technologies December 2022 Clustered Alternate-Marking Method Abstract This document generalizes and expands the Alternate-Marking methodology to measure any kind of unicast flow whose packets can follow several different paths in the network; this can result in a multipoint-to-multipoint network. The network clustering approach is presented and, for this reason, the technique described here is called "Clustered Alternate Marking". This document obsoletes RFC 8889. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9342. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 1.1. Summary of Changes from RFC 8889 1.2. Requirements Language 2. Terminology 2.1. Correlation with RFC 5644 3. Flow Classification 4. Extension of the Method to Multipoint Flows 4.1. Monitoring Network 4.2. Network Packet Loss 5. Network Clustering 5.1. Algorithm for Clusters Partition 6. Multipoint Packet-Loss Measurement 7. Multipoint Delay and Delay Variation 7.1. Delay Measurements on a Multipoint-Paths Basis 7.1.1. Single-Marking Measurement 7.2. Delay Measurements on a Single-Packet Basis 7.2.1. Single- and Double-Marking Measurement 7.2.2. Hashing Selection Method 8. Synchronization and Timing 9. Recommendations for Deployment 10. A Closed-Loop Performance-Management Approach 11. Security Considerations 12. IANA Considerations 13. References 13.1. Normative References 13.2. Informative References Appendix A. Example of Monitoring Network and Clusters Partition Acknowledgements Contributors Authors' Addresses 1. Introduction The Alternate-Marking Method, as described in [RFC9341], is applicable to a point-to-point path. The extension proposed in this document applies to the most general case of a multipoint-to- multipoint path and enables flexible and adaptive performance measurements in a managed network. The Alternate-Marking methodology consists of splitting the packet flow into marking blocks, and the monitoring parameters are the packet counters and the timestamps for each marking period. In some applications of the Alternate-Marking Method, a lot of flows and nodes are to be monitored. Multipoint Alternate Marking aims to reduce these values and makes the performance monitoring more flexible in case a detailed analysis is not needed. For instance, by considering n measurement points and m monitored flows, the order of magnitude of the packet counters for each time interval is n*m*2 (1 per color). The number of measurement points and monitored flows may vary and depends on the portion of the network we are monitoring (core network, metro network, access network, etc.) and the granularity (for each service, each customer, etc.). So if both n and m are high values, the packet counters increase a lot, and Multipoint Alternate Marking offers a tool to control these parameters. The approach presented in this document is applied only to unicast flows and not to multicast. Broadcast, Unknown Unicast, and Multicast (BUM) traffic is not considered here, because traffic replication is not covered by the Multipoint Alternate-Marking Method. Furthermore, it can be applicable to anycast flows, and Equal-Cost Multipath (ECMP) paths can also be easily monitored with this technique. [RFC9341] applies to point-to-point unicast flows and BUM traffic. For BUM traffic, the basic method of [RFC9341] can be easily applied link by link; therefore, the multicast flow tree distribution can be split into separate unicast point-to-point links. This document and its Clustered Alternate-Marking Method applies to multipoint-to-multipoint unicast flows, anycast, and ECMP flows. Therefore, the Alternate-Marking Method can be extended to any kind of multipoint-to-multipoint paths, and the network-clustering approach presented in this document is the formalization of how to implement this property and allow a flexible and optimized performance measurement support for network management in every situation. Without network clustering, it is possible to apply Alternate Marking only for all the network or per single flow. Instead, with network clustering, it is possible to partition the network into clusters at different levels in order to provide the needed degree of detail. In some circumstances, it is possible to monitor a multipoint network by monitoring the network clusters, without examining in depth. In case of problems (packet loss is measured or the delay is too high), the filtering criteria could be enhanced in order to perform a detailed analysis by using a different combination of clusters up to a per- flow measurement as described in [RFC9341]. This approach fits very well with the Closed-Loop Network and Software-Defined Network (SDN) paradigm, where the SDN orchestrator and the SDN controllers are the brains of the network and can manage flow control to the switches and routers and, in the same way, can calibrate the performance measurements depending on the desired accuracy. An SDN controller application can orchestrate how accurately the network performance monitoring is set up by applying the Multipoint Alternate Marking as described in this document. It is important to underline that, as an extension of [RFC9341], this is a methodology document, so the mechanism that can be used to transmit the counters and the timestamps is out of scope here. This document assumes that the blocks are created according to a fixed timer as per [RFC9341]. Switching after a fixed number of packets is possible, but it is out of scope here. Note that the fragmented packets' case can be managed with the Alternate-Marking methodology, and the same guidance provided in Section 6 of [RFC9341] also applies in the case of Multipoint Alternate Marking. 1.1. Summary of Changes from RFC 8889 This document defines the Multipoint Alternate-Marking Method, addressing ambiguities and overtaking its experimental phase in the original specification [RFC8889]. The relevant changes are: * Added the recommendations about the different deployments in case one or two flag bits are available for marking (Section 9). * Changed the structure to improve readability. * Removed the wording about the experimentation of the method and considerations that no longer apply. * Revised the description of detailed aspects of the methodology, e.g., synchronization and timing. It is important to note that all the changes are totally backward compatible with [RFC8889], and no new additional technique has been introduced in this document compared to [RFC8889]. 1.2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Terminology The use of the basic terms are identical to those found in Alternate Marking [RFC9341]. It is to be remembered that [RFC9341] is valid for point-to-point unicast flows and BUM traffic. The important new terms are explained below: Multipoint Alternate Marking: Extension to [RFC9341], valid for multipoint-to-multipoint unicast flows, anycast, and ECMP flows. It can also be referred to as "Clustered Alternate Marking". Flow definition: The concept of flow is generalized in this document. The identification fields are selected without any constraints and, in general, the flow can be a multipoint-to- multipoint flow, as a result of aggregate point-to-point flows. Monitoring network: Identified with the nodes of the network that are the measurement points (MPs) and the links that are the connections between MPs. The monitoring network graph depends on the flow definition, so it can represent a specific flow or the entire network topology as aggregate of all the flows. Each node of the monitoring network cannot be both a source and a destination of the flow. Cluster: Smallest identifiable non-trivial subnetwork of the entire monitoring network graph that still satisfies the condition that the number of packets that go in is the same as the number that go out. A cluster partition algorithm, such as that found in Section 5.1, can be applied to split the monitoring network into clusters. Multipoint metrics: Packet loss, delay, and delay variation are extended to the case of multipoint flows. It is possible to compute these metrics on the basis of multipoint paths in order to associate the measurements to a cluster, a combination of clusters, or the entire monitored network. For delay and delay variation, it is also possible to define the metrics on a single- packet basis, and it means that the multipoint path is used to easily couple packets between input and output nodes of a multipoint path. The next section highlights the correlation with the terms used in [RFC5644]. 2.1. Correlation with RFC 5644 [RFC5644] is limited to active measurements using a single source packet or stream. Its scope is also limited to observations of corresponding packets along the path (spatial metric) and at one or more destinations (one-to-group) along the path. Instead, the scope of this memo is to define multiparty metrics for passive and hybrid measurements in a group-to-group topology with multiple sources and destinations. [RFC5644] introduces metric names that can be reused here but have to be extended and rephrased to be applied to the Alternate-Marking schema: a. the multiparty metrics are not only one-to-group metrics but can also be group-to-group metrics; b. the spatial metrics, used for measuring the performance of segments of a source-to-destination path, are applied here to clusters. 3. Flow Classification A unicast flow is identified by all the packets having a set of common characteristics. This definition is inspired by [RFC7011]. As an example, by considering a flow as all the packets sharing the same source IP address or the same destination IP address, it is easy to understand that the resulting pattern will not be a point-to-point connection but a point-to-multipoint or multipoint-to-point connection. In general, a flow can be defined by a set of selection rules used to match a subset of the packets processed by the network device. These rules specify a set of Layer 3 and Layer 4 header fields (identification fields) and the relative values that must be found in matching packets. The choice of the identification fields directly affects the type of paths that the flow would follow in the network. In fact, it is possible to relate a set of identification fields with the pattern of the resulting graphs, as listed in Figure 1. A TCP 5-tuple usually identifies flows following either a single path or a point-to-point multipath (in the case of load balancing). On the contrary, a single source address selects aggregate flows following a point-to-multipoint path, while a multipoint-to-point path can be the result of a matching on a single destination address. In the case where a selection rule and its reverse are used for bidirectional measurements, they can correspond to a point-to- multipoint path in one direction and a multipoint-to-point path in the opposite direction. So the flows to be monitored are selected into the monitoring points using packet selection rules, which can also change the pattern of the monitored network. Note that, more generally, the flow can be defined at different levels based on the potential encapsulation, and additional conditions that are not in the packet header can also be included as part of matching criteria. The Alternate-Marking Method is applicable only to a single path (and partially to a one-to-one multipath), so the extension proposed in this document is suitable also for the most general case of multipoint-to-multipoint, which embraces all the other patterns in Figure 1. point-to-point single path +------+ +------+ +------+ ---<> R1 <>----<> R2 <>----<> R3 <>--- +------+ +------+ +------+ point-to-point multipath +------+ <> R2 <> / +------+ \ / \ +------+ / \ +------+ ---<> R1 <> <> R4 <>--- +------+ \ / +------+ \ / \ +------+ / <> R3 <> +------+ point-to-multipoint +------+ <> R4 <>--- / +------+ +------+ / <> R2 <> / +------+ \ +------+ / \ +------+ ---<> R1 <> <> R5 <>--- +------+ \ +------+ \ +------+ <> R3 <> +------+ \ \ +------+ <> R6 <>--- +------+ multipoint-to-point +------+ ---<> R1 <> +------+ \ \ +------+ <> R4 <> / +------+ \ +------+ / \ +------+ ---<> R2 <> <> R6 <>--- +------+ / +------+ +------+ / <> R5 <> / +------+ +------+ / ---<> R3 <> +------+ multipoint-to-multipoint +------+ +------+ ---<> R1 <> <> R6 <>--- +------+ \ / +------+ \ +------+ / <> R4 <> +------+ \ +------+ \ +------+ ---<> R2 <> <> R7 <>--- +------+ \ / +------+ \ +------+ / <> R5 <> / +------+ \ +------+ / \ +------+ ---<> R3 <> <> R8 <>--- +------+ +------+ Figure 1: Flow Classification The case of unicast flow is considered in Figure 1. The anycast flow is also covered, since it is only a special case of a unicast flow if routing is stable throughout the measurement period. Furthermore, an ECMP flow is in scope by definition, since it is a point-to- multipoint unicast flow. 4. Extension of the Method to Multipoint Flows By using the Alternate-Marking Method, only point-to-point paths can be monitored. To have an IP (TCP/UDP) flow that follows a point-to- point path, in general we have to define, with a specific value, 5 identification fields (IP Source, IP Destination, Transport Protocol, Source Port, and Destination Port). Multipoint Alternate Marking enables the performance measurement for multipoint flows selected by identification fields without any constraints (even the entire network production traffic). It is also possible to use multiple marking points for the same monitored flow. 4.1. Monitoring Network The monitoring network is deduced from the production network by identifying the nodes of the graph that are the measurement points and the links that are the connections between measurement points. It can be modeled as a set of nodes and a set of directed arcs that connect pairs of nodes. There are some techniques that can help with the building of the monitoring network (as an example, see [RFC9198]). In general, there are different options: the monitoring network can be obtained by considering all the possible paths for the traffic or periodically checking the traffic (e.g., daily, weekly, and monthly) and updating the graph as appropriate, but this is up to the Network Management System (NMS) configuration. So a graph model of the monitoring network can be built according to the Alternate-Marking Method, where the monitored interfaces and links are identified. Only the measurement points and links where the traffic has flowed have to be represented in the graph. A simple example of a monitoring network graph is shown in Appendix A. Each monitoring point is characterized by the packet counter that refers only to a marking period of the monitored flow. Also, it is assumed that there is a monitoring point at all possible egress points of the multipoint monitored network. The same is also applicable for the delay, but it will be described in the following sections. The rest of the document assumes that the traffic is going from left to right in order to simplify the explanation. But the analysis done for one direction applies equally to all directions. 4.2. Network Packet Loss Since all the packets of the considered flow leaving the network have previously entered the network, the number of packets counted by all the input nodes is always greater than, or equal to, the number of packets counted by all the output nodes. It is assumed that routing is stable during the measurement period while packet fragmentation must be handled as described in [RFC9341]. In the case of no packet loss occurring in the marking period, if all the input and output points of the network domain to be monitored are measurement points, the sum of the number of packets on all the ingress interfaces equals the number on egress interfaces for the monitored flow. In this circumstance, if no packet loss occurs, the intermediate measurement points only have the task of splitting the measurement. It is possible to define the network packet loss of one monitored flow for a single period. In a packet network, the number of lost packets is the number of packets counted by the input nodes minus the number of packets counted by the output nodes. This is true for every packet flow in each marking period. The monitored network packet loss with n input nodes and m output nodes is given by: PL = (PI1 + PI2 +...+ PIn) - (PO1 + PO2 +...+ POm) where: * PL is the network packet loss (number of lost packets); * PIi is the number of packets flowed through the i-th input node in this period; and * POj is the number of packets flowed through the j-th output node in this period. The equation is applied on a per-time-interval basis and a per-flow basis: * The reference interval is the Alternate-Marking period, as defined in [RFC9341]. * The flow definition is generalized here. Indeed, as described before, a multipoint packet flow is considered, and the identification fields can be selected without any constraints. 5. Network Clustering The previous equation of Section 4.2 can determine the number of packets lost globally in the monitored network, exploiting only the data provided by the counters in the input and output nodes. In addition, it is possible to leverage the data provided by the other counters in the network to converge on the smallest identifiable subnetworks where the losses occur. As defined in Section 2, a cluster is a non-trivial subnetwork of the entire monitoring network graph that still satisfies the condition that the number of packets that go in is the same as the number that go out, if no packet loss occurs. According to this definition, a cluster should contain all the arcs emanating from its input nodes and all the arcs terminating at its output nodes. This ensures that we can count all the packets (and only those) exiting an input node again at the output node, whatever path they follow. As for the entire monitoring network graph, the cluster is defined on a per-flow basis. In a completely monitored network (a network where every network interface is monitored), each network device corresponds to a cluster, and each physical link corresponds to two clusters (one for each device). Clusters can have different sizes depending on the flow-filtering criteria adopted. Moreover, sometimes clusters can be optionally simplified. For example, when two monitored interfaces are divided by a single router (one is the input interface, the other is the output interface, and the router has only these two interfaces), instead of counting exactly twice, upon entering and leaving, it is possible to consider a single measurement point. In this case, we do not care about the internal packet loss of the router. It is worth highlighting that it might also be convenient to define clusters based on the topological information so that they are applicable to all the possible flows in the monitored network. Note that, in case of translation or encapsulation, the cluster properties must also be invariant. 5.1. Algorithm for Clusters Partition A simple algorithm can be applied in order to split the monitoring network into clusters. This can be done for each direction separately; indeed, a node cannot be both a source and a destination. The clusters partition is based on the monitoring network graph, which can be valid for a specific flow or can also be general and valid for the entire network topology. It is a two-step algorithm: * Group the links where there is the same starting node; * Join the grouped links with at least one ending node in common. Considering that the links are unidirectional, the first step implies listing all the links as connections between two nodes and grouping the different links if they have the same starting node. Note that it is possible to start from any link, and the procedure will work. Following this classification, the second step implies eventually joining the groups classified in the first step by looking at the ending nodes. If different groups have at least one common ending node, they are put together and belong to the same set. After the application of the two steps of the algorithm, each one of the composed sets of links, together with the endpoint nodes, constitutes a cluster. A simple application of the clusters partition is shown in Appendix A. The algorithm, as applied in the example of a point-to-multipoint network, works for the more general case of a multipoint-to- multipoint network in the same way. It should be highlighted that for a multipoint-to-multipoint network, the multiple sources MUST mark the traffic coherently and MUST be synchronized with all the other nodes according to the timing requirements detailed in Section 8. When the clusters partition is done, the calculation of packet loss, delay, and delay variation can be made on a cluster basis. Note that the packet counters for each marking period permit calculating the packet rate on a cluster basis, so Committed Information Rate (CIR) and Excess Information Rate (EIR) could also be deduced on a cluster basis. Obviously, by combining some clusters in a new connected subnetwork, the packet-loss rule is still true. So it is also possible to consider combinations of clusters if and where it suits. In this way, in a very large network, there is no need to configure detailed filter criteria to inspect the traffic. It is possible to check a multipoint network and, in case of problems, go deep with a step-by-step cluster analysis, but only for the cluster or combination of clusters where the problem happens. In summary, once a flow is defined, the algorithm to build the clusters partition is based on topological information; therefore, it considers all the possible links and nodes that could potentially be crossed by the given flow, even if there is no traffic. So if the flow does not enter or traverse all the nodes, the counters have a non-zero value for the involved nodes and a zero value for the other nodes without traffic; but in the end, all the formulas are still valid. The algorithm described above is an iterative clustering algorithm since it executes steps in iterations, but it is also possible to apply a recursive clustering algorithm as detailed in [IEEE-ACM-TON-MPNPM]. The complete and mathematical analysis of the possible algorithms for the clusters partition, including the considerations in terms of efficiency and a comparison between the different methods, is in the paper [IEEE-ACM-TON-MPNPM]. 6. Multipoint Packet-Loss Measurement The network packet loss, defined in Section 4.2, valid for the entire monitored flow, can easily be extended to each multipoint path (e.g., the whole multipoint network, a cluster, or a combination of clusters). In this way, it is possible to calculate Multipoint Packet Loss that is representative of a multipoint path. The same equation of Section 4.2 can be applied to a generic multipoint path like a cluster or a combination of clusters, where the number of packets are those entering and leaving the multipoint path. By applying the algorithm described in Section 5.1, it is possible to split the monitoring network into clusters. Then, packet loss can be measured on a cluster basis for each single period by considering the counters of the input and output nodes that belong to the specific cluster. This can be done for every packet flow in each marking period. 7. Multipoint Delay and Delay Variation The same line of reasoning can be applied to delay and delay variation. The delay measurement methods defined in [RFC9341] can be extended to the case of multipoint flows. It is important to highlight that both delay and delay-variation measurements make sense in a multipoint path. The delay variation is calculated by considering the same packets selected for measuring the delay. In general, it is possible to perform delay and delay-variation measurements on the basis of multipoint paths or single packets: * Delay measurements on the basis of multipoint paths mean that the delay value is representative of an entire multipoint path (e.g., the whole multipoint network, a cluster, or a combination of clusters). * Delay measurements on a single-packet basis mean that it is possible to use a multipoint path just to easily couple packets between input and output nodes of a multipoint path, as described in the following sections. 7.1. Delay Measurements on a Multipoint-Paths Basis 7.1.1. Single-Marking Measurement Mean delay and mean delay-variation measurements can also be generalized to the case of multipoint flows. It is possible to compute the average one-way delay of packets in one block, a cluster, or the entire monitored network. The average latency can be measured as the difference between the weighted averages of the mean timestamps of the sets of output and input nodes. This means that, in the calculation, it is possible to weigh the timestamps with the number of packets for each endpoint. Note that, since the one-way delay value is representative of a multipoint path, it is possible to calculate the two-way delay of a multipoint path by summing the one-way delays of the two directions, similarly to [RFC9341]. 7.2. Delay Measurements on a Single-Packet Basis 7.2.1. Single- and Double-Marking Measurement Delay and delay-variation measurements associated with only one picked packet per period, both single and double marked, cannot be easily performed in a multipoint scenario since there are some limitations: * Single Marking based on the first/last packet of the interval does not work properly. Indeed, by considering a point-to-multipoint scenario, it is not possible to recognize which path the first packet of each block takes over the multipoint flow in order to correlate it. This is also true for the general case of the multipoint-to-multipoint scenario. * Double Marking or multiplexed marking works but only through statistical means. In a point-to-multipoint scenario, by selecting only a single packet with the second marking for each block, it is possible to follow and calculate the delay for that picked packet. But the measurement can only be done for a single path in each marking period. To traverse all the paths of the multipoint flow, it can theoretically be done by continuing the measurement for the following marking periods and expect to span all the paths. In the general case of a multipoint-to-multipoint path, it is also needed to take into account the multiple source nodes that complicate the correlation of the samples. In this case, it can be possible to select the second marked packet only for a source node at a time for each block and cover the remaining source nodes one by one in the next marking periods. Note that, since the one-way delay measurement is done on a single- packet basis, it is always possible to calculate the two-way delay, but it is not immediate since it is necessary to couple the measurement on each single path with the opposite direction. In this case, the NMS can do the calculation. If a delay measurement is performed for more than one picked packet and for all the paths of the multipoint flow in the same marking period, neither the Single- nor the Double-Marking Method are applicable in the multipoint scenario. The packets follow different paths, and it becomes very difficult to correlate marked packets in a multipoint-to-multipoint path if there are more than one per period. A desirable option is to monitor simultaneously all the paths of a multipoint path in the same marking period. For this purpose, hashing can be used, as reported in the next section. 7.2.2. Hashing Selection Method Sampling and filtering techniques for IP packet selection are introduced in [RFC5474] and [RFC5475]. The hash-based selection methodologies for delay measurement can work in a multipoint-to-multipoint path and can be used either coupled to mean delay or standalone. [IEEE-NETWORK-PNPM] introduces how to use the hash method (see [RFC5474] and [RFC5475]) combined with the Alternate-Marking Method for point-to-point flows. It is also called "Mixed Hashed Marking" because it refers to the conjunction of the marking method and the hashing technique. It involves only the Single Marking; indeed, it is supposed that Double Marking is not used with hashing. The coupling of the Single Marking with the hashing selection allows choosing a simplified hash function since the alternation of blocks gives temporal boundaries for the hashing samples. The marking batches anchor the samples selected with hashing, and this eases the correlation of the hashing packets along the path. For example, in case a hashed sample is lost, it is confined to the considered block without affecting the identification of the samples for the following blocks. Using the hash-based sampling, the number of samples in each block may vary a lot because it depends on the packet rate that is variable. A dynamic approach can help to have an almost fixed number of samples for each marking period, and this is a better option for making regular measurements over time. In the hash-based sampling, Alternate Marking is used to create periods, so that hash-based samples are divided into batches, which allows anchoring the selected samples to their period. Moreover, in a dynamic hash-based sampling, it can be possible to dynamically adapt the length of the hash value to meet the current packet rate, so that the number of samples is bounded in each marking period. In a multipoint environment, the hashing selection may be the solution for performing delay measurements on specific packets and overcoming the Single- and Double-Marking limitations. 8. Synchronization and Timing It is important to consider the timing aspects, since out-of-order packets happen and have to be handled as well, as described in [RFC9341]. However, in a multisource situation, an additional issue has to be considered. With multipoint path, the egress nodes will receive alternate marked packets in random order from different ingress nodes, and this must not affect the measurement. So, if we analyze a multipoint-to-multipoint path with more than one marking node, it is important to recognize the reference measurement interval. In general, the measurement interval for describing the results is the interval of the marking node that is more aligned with the start of the measurement, as reported in Figure 2. Note that the mark switching approach based on a fixed timer is considered in this document. time -> start stop T(R1) |-------------| T(R2) |-------------| T(R3) |------------| Figure 2: Measurement Interval In Figure 2, it is assumed that the node with the earliest clock (R1) identifies the right starting and ending times of the measurement, but it is just an assumption and other possibilities could occur. So in this case, T(R1) is the measurement interval, and its recognition is essential in order to make comparisons with other active/passive/ hybrid packet-loss metrics. Regarding the timing constraints of the methodology, [RFC9341] already describes two contributions that are taken into account: the clock error between network devices and the network delay between the measurement points. When we expand to a multipoint environment, we have to consider that there are more marking nodes that mark the traffic based on synchronized clock time. But, due to different synchronization issues that may happen, the marking batches can be of different lengths and with different offsets when they get mixed in a multipoint flow. According to [RFC9341], the maximum clock skew between the network devices is A. Therefore, the additional gap that results between the multiple sources can be incorporated into A. ...BBBBBBBBB | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | BBBBBBBBB... |<======================================>| | L | ...=========>|<==================><==================>|<==========... | L/2 L/2 | |<====>| |<====>| d | | d |<========================>| available counting interval Figure 3: Timing Aspects Moreover, it is assumed that the multipoint path can be modeled with a normal distribution; otherwise, it is necessary to reformulate based on the type of distribution. Under this assumption, the definition of the guard band d is still applicable as defined in [RFC9341] and is given by: d = A + D_avg + 3*D_stddev, where A is the clock accuracy, D_avg is the average value of the network delay, and D_stddev is the standard deviation of the delay. As shown in Figure 3 and according to [RFC9341], the condition that must be satisfied to enable the method to function properly is that the available counting interval must be > 0, and that means: L - 2d > 0. This formula needs to be verified for each measurement point on the multipoint path. Note that the timing considerations are valid for both packet loss and delay measurements. 9. Recommendations for Deployment The methodology described in the previous sections can be applied to various performance measurement problems, as also explained in [RFC9341]. [RFC8889] reports experimental examples and [IEEE-NETWORK-PNPM] also includes some information about the deployment experience. Different deployments are possible using one flag bit, two flag bits, or the hashing selection: One flag: packet-loss measurement MUST be done as described in Section 6 by applying the network clustering partition described in Section 5. Delay measurement MUST be done according to the mean delay calculation representative of the multipoint path, as described in Section 7.1.1. A Single-Marking Method based on the first/last packet of the interval cannot be applied, as mentioned in Section 7.2.1. Two flags: packet-loss measurement MUST be done as described in Section 6 by applying the network clustering partition described in Section 5. Delay measurement SHOULD be done on a single-packet basis according to the Double-Marking Method (Section 7.2.1). In this case, the mean delay calculation (Section 7.1.1) MAY also be used as a representative value of a multipoint path. The choice depends on the kind of information that is needed, as further detailed below. One flag with hash-based selection: packet-loss measurement MUST be done as described in Section 6 by applying the network clustering partition described in Section 5. Hash-based selection methodologies, introduced in Section 7.2.2, MUST be used for delay measurement. Similarly to [RFC9341], there are some operational guidelines to consider when deciding which recommendation to use (i.e., one flag or two flags or one flag with hash-based selection. * The Multipoint Alternate-Marking Method utilizes specific flags in the packet header, so an important factor is the number of flags available for the implementation. Indeed, if there is only one flag available, there is no other way, while if two flags are available, the option with two flags can be considered in comparison with the option of one flag with hash-based selection. * The duration of the Alternate-Marking period affects the frequency of the measurement, and this is a parameter that can be decided on the basis of the required temporal sampling. But it cannot be freely chosen, as explained in Section 8. * The Multipoint Alternate-Marking methodologies enable packet loss, delay, and delay variation calculation, but in accordance with the method used (e.g., Single Marking, Double Marking, or hashing selection), there is a different kind of information that can be derived. For example, to get measurements on a multipoint-paths basis, one flag can be used. To get measurements on a single- packet basis, two flags are preferred. For this reason, the type of data needed in the specific scenario is an additional element to take into account. * The Multipoint Alternate-Marking Methods imply different computational load depending on the method employed. Therefore, the available computational resources on the measurement points can also influence the choice. As an example, mean delay calculation may require more processing, and it may not be the best option to minimize the computational load. The experiment with Multipoint Alternate-Marking methodologies confirmed the benefits of the Alternate-Marking methodology [RFC9341] as its extension to the general case of multipoint-to-multipoint scenarios. The Multipoint Alternate-Marking Method MUST only be applied to controlled domains, as per [RFC9341]. 10. A Closed-Loop Performance-Management Approach The Multipoint Alternate-Marking framework that is introduced in this document adds flexibility to Performance Management (PM), because it can reduce the order of magnitude of the packet counters. This allows an SDN orchestrator to supervise, control, and manage PM in large networks. The monitoring network can be considered as a whole or split into clusters that are the smallest subnetworks (group-to-group segments), maintaining the packet-loss property for each subnetwork. The clusters can also be combined in new, connected subnetworks at different levels, depending on the detail we want to achieve. An SDN controller or an NMS can calibrate performance measurements, since they are aware of the network topology. They can start without examining in depth. In case of necessity (packet loss is measured or the delay is too high), the filtering criteria could be immediately reconfigured in order to perform a partition of the network by using clusters and/or different combinations of clusters. In this way, the problem can be localized in a specific cluster or a single combination of clusters, and a more detailed analysis can be performed step by step by successive approximation up to a point-to- point flow detailed analysis. This is the so-called "closed loop". This approach can be called "network zooming" and can be performed in two different ways: 1. change the traffic filter and select more detailed flows; 2. activate new measurement points by defining more specified clusters. The network-zooming approach implies that some filters or rules are changed; therefore, there is a transient time to wait once the new network configuration takes effect. This time can be determined by the network orchestrator/controller, based on the network conditions. For example, if the network zooming identifies the performance problem for the traffic coming from a specific source, we need to recognize the marked signal from this specific source node and its relative path. For this purpose, we can activate all the available measurement points and better specify the flow filter criteria (i.e., 5-tuple). As an alternative, it can be enough to select packets from the specific source for delay measurements; in this case, it is possible to apply the hashing technique, as mentioned in the previous sections. [OPSAWG-IFIT-FRAMEWORK] defines an architecture where the centralized data collector and network management can apply the intelligent and flexible Alternate-Marking algorithm as previously described. As for [RFC9341], it is possible to classify the traffic and mark a portion of the total traffic. For each period, the packet rate and bandwidth are calculated from the number of packets. In this way, the network orchestrator becomes aware if the traffic rate surpasses limits. In addition, more precision can be obtained by reducing the marking period; indeed, some implementations use a marking period of 1 sec or less. In addition, an SDN controller could also collect the measurement history. It is important to mention that the Multipoint Alternate-Marking framework also helps Traffic Visualization. Indeed, this methodology is very useful for identifying which path or cluster is crossed by the flow. 11. Security Considerations This document specifies a method of performing measurements that does not directly affect Internet security or applications that run on the Internet. However, implementation of this method must be mindful of security and privacy concerns, as explained in [RFC9341]. 12. IANA Considerations This document has no IANA actions. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. Raspall, "Sampling and Filtering Techniques for IP Packet Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009, <https://www.rfc-editor.org/info/rfc5475>. [RFC5644] Stephan, E., Liang, L., and A. Morton, "IP Performance Metrics (IPPM): Spatial and Multicast", RFC 5644, DOI 10.17487/RFC5644, October 2009, <https://www.rfc-editor.org/info/rfc5644>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC9341] Fioccola, G., Ed., Cociglio, M., Mirsky, G., Mizrahi, T., and T. Zhou, "Alternate-Marking Method", RFC 9341, DOI 10.17487/RFC9341, December 2022, <https://www.rfc-editor.org/info/rfc9341>. 13.2. Informative References [IEEE-ACM-TON-MPNPM] Cociglio, M., Fioccola, G., Marchetto, G., Sapio, A., and R. Sisto, "Multipoint Passive Monitoring in Packet Networks", IEEE/ACM Transactions on Networking, Vol. 27, Issue 6, DOI 10.1109/TNET.2019.2950157, December 2019, <https://doi.org/10.1109/TNET.2019.2950157>. [IEEE-NETWORK-PNPM] Mizrahi, T., Navon, G., Fioccola, G., Cociglio, M., Chen, M., and G. Mirsky, "AM-PM: Efficient Network Telemetry using Alternate Marking", IEEE Network, Vol. 33, Issue 4, DOI 10.1109/MNET.2019.1800152, July 2019, <https://doi.org/10.1109/MNET.2019.1800152>. [OPSAWG-IFIT-FRAMEWORK] Song, H., Qin, F., Chen, H., Jin, J., and J. Shin, "A Framework for In-situ Flow Information Telemetry", Work in Progress, Internet-Draft, draft-song-opsawg-ifit- framework-19, 24 October 2022, <https://datatracker.ietf.org/doc/html/draft-song-opsawg- ifit-framework-19>. [RFC5474] Duffield, N., Ed., Chiou, D., Claise, B., Greenberg, A., Grossglauser, M., and J. Rexford, "A Framework for Packet Selection and Reporting", RFC 5474, DOI 10.17487/RFC5474, March 2009, <https://www.rfc-editor.org/info/rfc5474>. [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013, <https://www.rfc-editor.org/info/rfc7011>. [RFC8889] Fioccola, G., Ed., Cociglio, M., Sapio, A., and R. Sisto, "Multipoint Alternate-Marking Method for Passive and Hybrid Performance Monitoring", RFC 8889, DOI 10.17487/RFC8889, August 2020, <https://www.rfc-editor.org/info/rfc8889>. [RFC9198] Alvarez-Hamelin, J., Morton, A., Fabini, J., Pignataro, C., and R. Geib, "Advanced Unidirectional Route Assessment (AURA)", RFC 9198, DOI 10.17487/RFC9198, May 2022, <https://www.rfc-editor.org/info/rfc9198>. Appendix A. Example of Monitoring Network and Clusters Partition Figure 4 shows a simple example of a monitoring network graph: +------+ <> R6 <>--- / +------+ +------+ +------+ / <> R2 <>---<> R4 <> / +------+ \ +------+ \ / \ \ +------+ +------+ / +------+ \ +------+ <> R7 <>--- ---<> R1 <>---<> R3 <>---<> R5 <> +------+ +------+ \ +------+ \ +------+ \ \ \ \ +------+ \ \ <> R8 <>--- \ \ +------+ \ \ \ \ +------+ \ <> R9 <>--- \ +------+ \ \ +------+ <> R10 <>--- +------+ Figure 4: Monitoring Network Graph In the monitoring network graph example, it is possible to identify the clusters partition by applying this two-step algorithm described in Section 5.1. The first step identifies the following groups: Group 1: (R1-R2), (R1-R3), (R1-R10) Group 2: (R2-R4), (R2-R5) Group 3: (R3-R5), (R3-R9) Group 4: (R4-R6), (R4-R7) Group 5: (R5-R8) Then, the second step builds the clusters partition (in particular, we can underline that Groups 2 and 3 connect together, since R5 is in common): Cluster 1: (R1-R2), (R1-R3), (R1-R10) Cluster 2: (R2-R4), (R2-R5), (R3-R5), (R3-R9) Cluster 3: (R4-R6), (R4-R7) Cluster 4: (R5-R8) The flow direction considered here is from left to right. For the opposite direction, the same reasoning can be applied, and in this example, you get the same clusters partition. In the end, the following 4 clusters are obtained: Cluster 1 +------+ <> R2 <>--- / +------+ / +------+ / +------+ ---<> R1 <>---<> R3 <>--- +------+ \ +------+ \ \ \ \ \ \ \ \ \ +------+ <> R10 <>--- +------+ Cluster 2 +------+ +------+ ---<> R2 <>---<> R4 <>--- +------+ \ +------+ \ +------+ \ +------+ ---<> R3 <>---<> R5 <>--- +------+ \ +------+ \ \ \ \ \ +------+ <> R9 <>--- +------+ Cluster 3 +------+ <> R6 <>--- / +------+ +------+ / ---<> R4 <> +------+ \ \ +------+ <> R7 <>--- +------+ Cluster 4 +------+ ---<> R5 <> +------+ \ \ +------+ <> R8 <>--- +------+ Figure 5: Clusters Example There are clusters with more than two nodes as well as two-node clusters. In the two-node clusters, the loss is on the link (Cluster 4). In more-than-two-node clusters, the loss is on the cluster, but we cannot know in which link (Cluster 1, 2, or 3). Acknowledgements The authors would like to thank Martin Duke and Tommy Pauly for their assistance and their detailed and valuable reviews. Contributors Greg Mirsky Ericsson Email: gregimirsky@gmail.com Tal Mizrahi Huawei Technologies Email: tal.mizrahi.phd@gmail.com Xiao Min ZTE Corp. Email: xiao.min2@zte.com.cn Authors' Addresses Giuseppe Fioccola (editor) Huawei Technologies Riesstrasse, 25 80992 Munich Germany Email: giuseppe.fioccola@huawei.com Mauro Cociglio Telecom Italia Email: mauro.cociglio@outlook.com Amedeo Sapio Intel Corporation 4750 Patrick Henry Dr. Santa Clara, CA 95054 United States of America Email: amedeo.sapio@intel.com Riccardo Sisto Politecnico di Torino Corso Duca degli Abruzzi, 24 10129 Torino Italy Email: riccardo.sisto@polito.it Tianran Zhou Huawei Technologies 156 Beiqing Rd. Beijing 100095 China Email: zhoutianran@huawei.com