[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]
Versions: 00
Network Working Group C. Sommer
Internet-Draft F. Dressler
Intended status: Informational Univ. Erlangen
Expires: January 8, 2009 G. Muenz
Univ. Tuebingen
July 7, 2008
Rich Template Set Extension to the IPFIX Protocol
<draft-sommer-ipfix-richtemplate-00.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 8, 2009.
Abstract
This draft describes the Rich Template Set, a Template Set for the
IPFIX Protocol, as well as its respective Template Records. One
possible application domain for this new Set is the transport of
IPFIX Flow Mediation selection criteria. In comparison to the use of
Common Properties, the use of Rich Template Sets reduces the overhead
of repeated transmissions and makes data transmissions more robust
against failures.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 1]
Internet-Draft Rich Template Set IPFIX Extension July 2008
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Rich Template . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Use of the Rich Template in Flow Aggregation . . . . . . . . . 7
4. Security considerations . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6. Normative References . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 11
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 2]
Internet-Draft Rich Template Set IPFIX Extension July 2008
1. Introduction
IPFIX supports the concept of a Mediator, a device that receives,
transforms, and exports data streams using IPFIX. A major
requirement of flow mediation is the reduction of the volume of IPFIX
traffic by discarding and aggregating received information.
[I-D.dressler-ipfix-aggregation] describes how pattern matching is
used for flow aggregation. The draft also outlines how to select
flows and subsequently communicate the selection criteria to an IPFIX
Collector, using Common Properties of the resulting Compound Flows to
describe these attributes. In order to avoid the overhead of the
repeated transmissions of all Common Properties (or their
identifiers) in all Flow Records, a new Template Set, the Rich
Template Set, is introduced. This Template Set allows an Exporting
Process to simultaneously declare and transmit Common Properties to a
receiver.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 3]
Internet-Draft Rich Template Set IPFIX Extension July 2008
2. Rich Template
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 4 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Rich Template Record 1 |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| ... |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Rich Template Record N |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Padding (opt) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Rich Template Set Format
The basic format of a Rich Template Set is shown in Figure 1. It is
the same as that of a Template Set defined in [RFC5101], except for a
different Set ID.
The format of individual Rich Template Records, however, differs from
that of Template Records and is shown in Figure 2.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 4]
Internet-Draft Rich Template Set IPFIX Extension July 2008
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID (> 255) | Field Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Count | Common Properties ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Field 1 Specifier |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| ... |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Field N Specifier |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Data 1 Specifier |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| ... |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Data M Specifier |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Data 1 Value |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| ... |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Data M Value |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Rich Template Record Format
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 5]
Internet-Draft Rich Template Set IPFIX Extension July 2008
The Rich Template Set field definitions are as follows:
Set ID
Type of this Template Set. A Set ID value of 4 is proposed for the
Rich Template Set.
Length
Total length of this set in bytes, as defined in [RFC5101].
Padding
OPTIONAL padding, as defined in [RFC5101].
The Rich Template Record field definitions are as follows:
Template ID
Template ID of this Rich Template Record. As defined in
[RFC5101], this value MUST be greater than 255.
Field Count
Number of regular fields that will be sent in subsequent Data
Records using this Template, as defined in [RFC5101].
Data Count
Number of fixed-value fields that will be sent in this Template.
Common Properties ID
Contains an identifier that can be referred to by
commonPropertiesId Information Elements, as introduced in
[I-D.ietf-ipfix-reducing-redundancy].
Field N Specifier
Information Element identifier, Field length and an Enterprise
Number (if applicable) of field N. Refer to [RFC5101] for more
information on Field Specifiers.
Data M Specifier
Same as "Field N Specifier", but used for Common Properties of all
Data Records of this Template. Together with Data M Value, a
similar encoding like TLV (type-length-value) is achieved.
Data M Value
Bit representation of a Common Property as would be transmitted in
a Data Record.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 6]
Internet-Draft Rich Template Set IPFIX Extension July 2008
3. Use of the Rich Template in Flow Aggregation
The Rich Template is well-suited for use in flow aggregation, as
introduced in [I-D.dressler-ipfix-aggregation]. Table 1 illustrates
the relationship between a flow aggregator's field modifiers and
patterns on the one hand, and the resulting regular and fixed-value
fields in the Rich Template on the other hand. It can be seen that
the analyzer is able to deduce all instructions of the Aggregation
Rule considering the structure of the Rich Template, except the
combination "discard without pattern" that does not result in any
field.
+----------+---------+------------------------+---------------------+
| field | pattern | field in Flow Record | fixed-value field |
| modifier | | | in Rich Template |
+----------+---------+------------------------+---------------------+
| discard | no | N/A | N/A |
| discard | yes | N/A | yes, contains |
| | | | pattern |
| keep | no | yes | N/A |
| keep | yes | yes, if pattern | yes, contains |
| | | specifies a range of | pattern |
| | | values | |
| mask | no | yes, IP network | N/A |
| | | address | |
| mask | yes | yes, IP network | yes, contains |
| | | address | pattern |
+----------+---------+------------------------+---------------------+
Table 1: Relation between field modifiers, Flow Records, and Rich
Templates
Assume, for example, the concentrator was given the Aggregation Rule
shown in Table 2.
+-------------------------+--------------+-------------+
| IPFIX Field | Filtering | Aggregation |
+-------------------------+--------------+-------------+
| sourceIPv4Address | 192.0.2.0/28 | discard |
| destinatonTransportPort | | keep |
| packetDeltaCount | | aggregate |
+-------------------------+--------------+-------------+
Table 2: Example Rule
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 7]
Internet-Draft Rich Template Set IPFIX Extension July 2008
Based on the Aggregation Rule, the concentrator would now first send
a corresponding Rich Template Record as shown in Table 3.
+----------------------+------------------+
| Field | Value |
+----------------------+------------------+
| Template ID | 10001 |
| Field Count | 2 |
| Data Count | 2 |
| Common Properties ID | 0 |
| Field 1 Type | Destination Port |
| Field 2 Type | Packets |
| Data 1 Type | Source IP Prefix |
| Data 2 Type | Source IP Mask |
| Data 1 Value | 192.0.2.0 |
| Data 2 Value | 28 |
+----------------------+------------------+
Table 3: Rich Template used
Assume further that the concentrator receives the Flow Records shown
in Table 4.
+-------------+-----------+--------------+----------------+---------+
| Source IP | Source | Destination | Destination | Packets |
| | Port | IP | Port | |
+-------------+-----------+--------------+----------------+---------+
| 192.0.2.1 | 64235 | 192.0.2.101 | 80 | 10 |
| 192.0.2.2 | 64236 | 192.0.2.102 | 110 | 10 |
| 192.0.2.3 | 64237 | 192.0.2.103 | 80 | 10 |
| 192.0.2.101 | 64238 | 192.0.2.1 | 80 | 10 |
| 192.0.2.102 | 64239 | 192.0.2.2 | 80 | 10 |
+-------------+-----------+--------------+----------------+---------+
Table 4: Incoming Flows
The concentrator would then export Data Records of this type, which
contain the Compound Flows resulting from aggregation. Note that the
Flows' Common Property, having a source IP address in 192.0.2.0/28,
was already transmitted in the Rich Template Record and is thus not
included in Data Records.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 8]
Internet-Draft Rich Template Set IPFIX Extension July 2008
The exported Data Records, shown in Table 5, only contain the
aggregated packet counts and the destination port, the latter being
the only discriminating Flow Key property.
+------------------+---------+
| Destination Port | Packets |
+------------------+---------+
| 80 | 20 |
| 110 | 10 |
+------------------+---------+
Table 5: Aggregated Flows
4. Security considerations
This document introduces a new IPFIX Template Set, a variation on the
Template Set and data types introduced in [RFC5101] and
[I-D.ietf-ipfix-reducing-redundancy]. No additional security
considerations apply.
5. IANA Considerations
Use of the Rich Template Set requires one new IPFIX Set ID to be
assigned.
6. Normative References
[I-D.dressler-ipfix-aggregation]
Dressler, F., "IPFIX Aggregation",
draft-dressler-ipfix-aggregation-05 (work in progress),
July 2008.
[I-D.ietf-ipfix-reducing-redundancy]
Boschi, E., "Reducing Redundancy in IP Flow Information
Export (IPFIX) and Packet Sampling (PSAMP) Reports",
draft-ietf-ipfix-reducing-redundancy-04 (work in
progress), May 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 9]
Internet-Draft Rich Template Set IPFIX Extension July 2008
Authors' Addresses
Christoph Sommer
University of Erlangen-Nuremberg
Department of Computer Science 7
Martensstr. 3
Erlangen 91058
Germany
Phone: +49 9131 85-27993
Email: christoph.sommer@informatik.uni-erlangen.de
URI: http://www7.informatik.uni-erlangen.de/~sommer/
Falko Dressler
University of Erlangen-Nuremberg
Department of Computer Science 7
Martensstr. 3
Erlangen 91058
Germany
Phone: +49 9131 85-27914
Email: dressler@informatik.uni-erlangen.de
URI: http://www7.informatik.uni-erlangen.de/
Gerhard Muenz
University of Tuebingen
Computer Networks and Internet
Sand 13
Tuebingen 72076
Germany
Phone: +49 7071 29-70534
Email: muenz@informatik.uni-tuebingen.de
URI: http://net.informatik.uni-tuebingen.de/
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 10]
Internet-Draft Rich Template Set IPFIX Extension July 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 11]
Html markup produced by rfcmarkup 1.129c, available from
https://tools.ietf.org/tools/rfcmarkup/