1、 International Telecommunication Union ITU-T Series YTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 23(11/2013) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS ITU-T Y.2770-series Supplement on DPI terminology ITU-T Y-series Recommendat
2、ions Supplement 23 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Network aspects Y.300Y.399 Interfaces and protocols Y.400Y
3、.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture, access, network capabilities and resource management Y
4、.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWORKS Frameworks and functional arch
5、itecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Enhancements to NGN Y.2300Y.2399 Network management Y.2400Y.2499 Net
6、work control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 Carrier grade open environment Y.2900Y.2999 FUTURE NETWORKS Y.3000Y.3499 CLOUD COMPUTING Y.3500Y.3999 For further details, please refer to the list of ITU-
7、T Recommendations. Y series Supplement 23 (11/2013) i Supplement 23 to ITU-T Y-series Recommendations ITU-T Y.2770-series Supplement on DPI terminology Summary Recommendation ITU-T Y.2770 introduced new terms in the area of deep packet inspection (DPI). Work on DPI terminology was an essential part
8、during the development of this Recommendation. This Supplement 23 to the ITU-T Y-series provides complementary information on DPI terminology related to the flow and application descriptor, packet processing and layered protocol architectures, as defined by ITU-T Y.2770. History Edition Recommendati
9、on Approval Study Group Unique ID*1.0 ITU-T Y Suppl. 23 2013-11-15 13 11.1002/1000/12101 _ *To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. i
10、i Y series Supplement 23 (11/2013) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of
11、 ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topic
12、s for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepa
13、red on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain
14、certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requir
15、ements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU
16、takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property
17、, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2014 All rights reserved. No pa
18、rt of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Y series Supplement 23 (11/2013) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplement 3 4 Abbreviations a
19、nd acronyms 3 5 Conventions 4 6 Formal specification of major terminology 4 6.1 Introduction 4 6.2 Summary and illustration of terms . 4 6.3 Using a formal description technique for the terms . 6 7 Illustration of terminology related to packet processing 7 7.1 Introduction 7 7.2 Rule-oriented packet
20、 processing . 7 7.3 Major categories of packet policing . 8 7.4 Packet descriptor 9 7.5 Session descriptor . 10 7.6 Terminology on identification, classification and filtering of packets, flows and traffic 11 7.7 Application and flow tag 11 8 DPI in layered protocol architectures . 12 8.1 DPI versus
21、 non-DPI 12 8.2 Example reference models for some layered protocol architectures 13 Bibliography. 15 Y series Supplement 23 (11/2013) 1 Supplement 23 to ITU-T Y-series Recommendations ITU-T Y.2770-series Supplement on DPI terminology 1 Scope This Supplement provides complementary information to DPI
22、terminology, defined in ITU-T Y.2770. This Supplement is structured as follows: DPI terminology: relationship and formal specification aspect of key DPI terms (clause 6); from perspective of packet processing (clause 7); and from perspective of layered protocol architectures (clause 8). The purpose
23、of this Supplement is to provide readers of ITU-T Y.2770 with background information. 2 References ITU-T X.200 Recommendation ITU-T X.200 (1994) | ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Reference Model: The basic model. ITU-T Y.2770 Recommendation ITU-T Y.2770
24、 (2012), Requirements for deep packet inspection in next generation networks. IETF RFC 791 IETF RFC 791 (1981), Internet Protocol. IETF RFC 1122 IETF RFC 1122 (1989), Requirements for Internet Hosts Communication Layers. IETF RFC 1123 IETF RFC 1123 (1989), Requirements for Internet Hosts Application
25、 and Support. IETF RFC 1812 IETF RFC 1812 (1995), Requirements for IP Version 4 Routers. IETF RFC 5101 IETF RFC 5101 (2008), Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. 3 Definitions 3.1 Terms defined elsewhere This Supplement use
26、s the following terms defined elsewhere: 3.1.1 application ITU-T Y.2770: A designation of one of the following: an application protocol type (e.g., IP application protocols ITU-T H.264 video, or session initiation protocol (SIP); a served user instance (e.g., VoIP, VoLTE, VoIMS, VoNGN, and VoP2P) of
27、 an application type, e.g., “voice-over-packet application“; a “provider specific application“ for voice-over-Packet, (e.g., 3GPP provider VoIP, Skype VoIP); an application embedded in another application (e.g., application content in a body element of a SIP or an HTTP message). 2 Y series Supplemen
28、t 23 (11/2013) An application is identifiable by a particular identifier (e.g., via a bit field, pattern, signature, or regular expression as “application level conditions“, see also clause 3.2.2 of ITU-T Y.2770), as a common characteristic of all above listed levels of applications. 3.1.2 applicati
29、on descriptor (also known as application-level conditions) ITU-T Y.2770: A set of rule conditions that identifies the application (according to clause 3.2.1 of ITU-T Y.2770). Recommendation ITU-T Y.2770 addresses the application descriptor as an object in general, which is synonymous with applicatio
30、n-level conditions. It does not deal with its detailed structure, e.g., syntax, encoding and data type. 3.1.3 deep packet inspection (DPI) ITU-T Y.2770: Analysis, according to the layered protocol architecture OSI-BRM ITU-T X.200, of payload and/or packet properties (see list of potential properties
31、 in clause 3.2.11 of ITU-T Y.2770 deeper than protocol layer 2, 3 or 4 (L2/L3/L4) header information; and other packet properties in order to identify the application unambiguously. NOTE The output of the DPI function, along with some extra information such as the flow information, is typically used
32、 in subsequent functions such as reporting or actions on the packet. 3.1.4 DPI policy condition (also known as DPI signature) ITU-T Y.2770: A representation of the necessary state and/or prerequisites that identify an application and define whether policy rule actions should be performed. The set of
33、 DPI policy conditions associated with a policy rule specifies when the policy rule is applicable (see also b-IETF RFC 3198). A DPI policy condition must contain application level conditions and may contain other options such as state conditions and/or flow level conditions: 1) State Condition (opti
34、onal): a) network grade of service conditions (e.g., experienced congestion in packet paths); or b) network element status (e.g., local overload condition of the DPI-FE). 2) Flow descriptor/flow level conditions (optional): a) packet content (header fields); b) characteristics of a packet (e.g., num
35、ber of MPLS labels); c) packet treatment (e.g., output interface of the DPI-FE); 3) Application descriptor/application level conditions: a) packet content (application header fields and application payload). NOTE The condition relates to the “simple condition“ in the formal descriptions of flow leve
36、l conditions and application level conditions. 3.1.5 flow descriptor (also known as flow level conditions) ITU-T Y.2770: A set of rule conditions that is used to identify a specific type of flow (according to clause 3.1.3 of ITU-T Y.2770) from inspected traffic. NOTE 1 This definition of flow descri
37、ptor extends the definition in b-ITU-T Y.2121 with additional elements as described in clause 3 of ITU-T Y.2770. NOTE 2 For further normative discussion of the flow descriptor as used in ITU-T Y.2770, see Annex A of ITU-T Y.2770. Y series Supplement 23 (11/2013) 3 3.2 Terms defined in this Supplemen
38、t This Supplement defines the following term: 3.2.1 DPI for packets according to IETF-BRM protocol layering (abbreviated as DPIIETF-BRM): The IETF basic reference model (BRM), given by IETF RFC 791, relates to the OSI-BRM without protocol layers L5 and L6. The DPIIETF-BRMis thus based on an absolute
39、 protocol layering model. There is DPIIETF-BRMin case of policy rules for deep packet inspection with policy conditions primarily based on elements related to protocol layers above the transport layer. NOTE This does not exclude other indicated methods for DPI application identification as described
40、 in ITU-T Y.2770. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: ABNF Augmented Backus-Naur Form AD Application Descriptor BRM Basic Reference Model CNF Conjunctive Normal Form DCCP Datagram Congestion Control Protocol DNF Disjunctive Normal Form DPI Deep
41、 Packet Inspection DPI-FE DPI Functional Entity ERM Extended Reference Model FD Flow Descriptor FDFlow dependent FIFlow independent HTTP Hypertext Transfer Protocol IANA Internet Assigned Numbers Authority IE Information Element IP Internet Protocol IPFIX (IETF working group) IP Flow Information Exp
42、ort L Lookup key LX (Protocol) Layer X LYHI Header Inspection at protocol Layer Y LYPI Payload Inspection at protocol Layer Y MPI Medium depth Packet Inspection NGN Next Generation Network OSI Open Systems Interconnection PCI Protocol Control Information PD Packet Descriptor PDU Protocol Data Unit 4
43、 Y series Supplement 23 (11/2013) PI Packet Identification RTP Real-time Transport Protocol SCTP Stream Control Transmission Protocol SD Session Descriptor SDU Service Data Unit SPI Shallow Packet Inspection (DPI) SSRC (RTP) Synchronization Source TRM Tunnelled Reference Model 5 Conventions None. 6
44、Formal specification of major terminology 6.1 Introduction Terminology is defined in clause 3 of this Supplement. There are some crucial terms that are related to each other in the scope of deep packet inspection (DPI). The purpose of this clause is to highlight these principal relationships. This c
45、lause focuses on the terms flow descriptor (flow level conditions), application descriptor (application level conditions) and DPI Signature. Using a formal description of these terms allows for a more precise elaboration and indication of their differences. Where there are discrepancies between this
46、 clause and clause 3 of ITU-T Y.2770, ITU-T Y.2770 takes precedence over this Supplement. 6.2 Summary and illustration of terms Figure 6-1 provides a high-level summary and illustration of the underlying concepts and relationships of these terms. 5 Y series Supplement 23 (11/2013) Figure 6-1 Illustr
47、ation of the three major terms: flow descriptor, application descriptor and DPI signature 6 Y series Supplement 23 (11/2013) 6.3 Using a formal description technique for the terms The Augmented BackusNaur Form (ABNF) is used as the formal language example in this clause. 6.3.1 Formal specification o
48、f flow descriptor (flow level conditions) Table 6-1 provides a formal description of the flow level conditions, which is in line with the prose specification for flow (see clause 3.1.3 of ITU-T Y.2770); for flow descriptor/flow level conditions see clause 3.2.16 of ITU-T Y.2770. Table 6-1 Formal spe
49、cification of flow descriptor (flow level conditions) ABNF (shortened) Comments Flow Descriptor = CompoundCondition The flow descriptor relates to a logical function, which is effectively a set of rule conditions enforced for packet (flow) policing. CompoundCondition = DNF (*SimpleCondition) / CNF (*SimpleCondition) DNF Disjunctive Normal Form CNF Conjunctive Normal Form SimpleCondition = “( MA
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1