Transcript PPT Version

IPFIX Protocol Specifications
IPFIX IETF-59 March 3, 2004
<draft-ietf-ipfix-protocol-03.txt>
Benoit Claise <[email protected]>
Mark Fullmer <[email protected]>
Reinaldo Penno <[email protected]>
Paul Calato <[email protected]>
Stewart Bryant <[email protected]>
Ganesh Sadasivan <[email protected]>
1
Changes from version 01 to 02
Time Synchronization Proposal
• Section 10 "Export Packet UNIX Secs
Computation and Flow Records Times"
• Section 10.1 "microsecond precision"
• Section 10.2 "millisecond precision“
• Section 10.3 "nanosecond precision"
• Section 10.4 "multiple precisions"
2
Changes from version 01 to 02
Linkage with Information Model
• A new section
• Defining the encoding rules: "Boolean“,
"Byte“, "UnsignedByte“, "Short" ...
-> Needs to be completed
• "Reduced Size Encoding of Integral
Types"
3
Changes from version 01 to 02
Security
•
•
•
•
•
•
•
•
•
•
•
New section 15.1 "IPsec Profile"
New section 15.1.1 "Selectors"
New section 15.1.2 "Mode"
New section 15.1.3 "Key Management"
New section 15.1.4 "Security Policy"
New section 15.1.5 "Authentication"
New section 15.1.6 "Availability"
New section 15.2 "Network Architecture"
New section 15.3 "When IPsec is not an Option"
New section 15.4 "Transport Issues"
New section 15.5 "Logging an IPFIX Attack"
• Note: TLS has been added in version 03
4
Changes from version 01 to 02
Vendor Specific Information Element
• Section "IETF Exclusive Template FlowSet Format"
FlowSet ID = 0
• Section "IETF Exclusive Options Template FlowSet Format“
FlowSet ID = 1
• Section "Vendor Specified Template FlowSet Format“
FlowSet ID = 2
• Section "Vendor Specified Options Template FlowSet
Format"
FlowSet ID = 3
5
Changes from version 01 to 02
Metering Process Statistics Option Template
• New section 9.1 "Metering Process
Statistics Option Template“
• This is a proposal
• At minimum: ipfixOption,
observationDomain, lostFlows, time
• Still under discussion on the mailing list
6
Changes from version 01 to 02
Editorial Changes
• New IPFIX Overview Section
• Length replaced the Count in the header.
Example at the end of the draft is updated.
• Updated the Variable Length Data Type
As a consequence, the new term "Information
Element" exists in the terminology section
• Normative versus informative references
• Minor editorial changes
7
Changes from version 02 to 03
Terminology
• Terminology sections synchronized
between [IPFIX-PROTO] and [IPFIX-ARCH]
• Actually the next version of [IPFIX-ARCH]
8
Changes from version 02 to 03
Transport Protocol(s)
• SCTP MUST be implemented by all compliant implementations.
UDP and TCP is a MAY also be implemented by compliant
implementations.
• SCTP SHOULD be used in deployments where exporters and
collectors are communicating over links which are susceptible to
congestion.
• TCP MAY be used in deployments where exporters and collectors
communicate over links which are susceptible to congestion, but
SCTP is preferred, due to its ability to limit back pressure on
exporters (especially when using PR-SCTP) and its message vs.
stream orientation.
• Other non-congestion aware protocols (like UDP) MAY be used in
deployments where exporters and collectors always communicate
over dedicated links which are not susceptible to congestion.
• Note: need some text for UDP and TCP
9
Changes from version 02 to 03
Flow Expiration
• Flow Expiration section is now
synchronized with [IPFIX-ARCH]:
4.0 Criteria for flow expiration and Export
4.1 Flow Expiration
4.2 Flow Export
10
Changes from version 02 to 03
Editorial Changes
• Abstract modified
• Structure changed
9. Specific Reporting Requirements
9.1 The Metering Process Statistics Option Template
• Change the IPFIX Header "Unix Secs" to "Export
Time"
• The Option Data Record Format can have
multiple scopes: figure updated
• Minor editorial changes
11
Changes from version 02 to 03
List of Open Issues and Actions
• 30 of them identified
• Please provide feedback and text on the
mailing list
• Let’s discuss some of them
12
Open Issues
Exporter Time Accuracy?
• [IPFIX-REQ]
The timestamp resolution MUST be at least the one of the sysUpTime
[RFC3418], which is one centisecond.
• Meeting Minutes for IETF 58:
The consensus was that a UTC-based seconds and microseconds,
similar to Unix struct timeval, should be adopted.
The IPFIX implementation may need to report its time resolution, which
presumably would require new text in the protocol draft.
• What if the exporter can’t report timestamps with a microsecond
time accuracy? But only centisecond?
• Must we find a way to report the time accuracy (resolution)?
• Or we don’t care?
13
Open Issues
IP Encapsulated Packet
• IP Traffic Flow or Flow definition:
A flow is defined as a set of IP packets passing an
observation point in the network during a certain time
interval.
• The initial question is:
Should we add: “or encapsulated IP packets”?
• [IPFIX-REQ]:
If the observation point is located at a device supporting
Multiprotocol Label Switching (MPLS, see [RFC3031]) then
the metering process MUST be able to separate flows by
the MPLS label.
14
Open Issues
IP Encapsulated Packet (part 2)
• What do we want to report?
• What do we want the flow key to be?
Examples:
- GRE
- IP-in-IP
- IPV6 tunnel (original packet IPV6/IPV4)
- MPLS packets with IP(v4/v6)
- MPLS packets with non-IP
-
We support MPLS or any other sub-IP as long as the original
packet is IP?
One can define flow based on just MPLS labels?
-
Should we change the Flow definition?
-
Removed IP in the Flow definition?
A flow is defined as a set of IP packets passing an observation point in
the network during a certain time interval.
15
Open Issues
Padding
The Exporting Process SHOULD insert some padding bytes
so that the subsequent FlowSet starts at a 4-byte aligned
boundary. It is important to note that the Length field
includes the padding bits.
The Collector MUST accept padding in the Data FlowSet and
Options Template FlowSet, which means for the Flow Data
Records, the Options Data Records and the Template
Records.
Question: padding as a MAY, SHOULD or MUST?
Proposal: padding a MAY
16
Feedback
• Any others to be discussed now?
• Thank you
17