[Docs] [txt|pdf|xml] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 RFC 7270

Network Working Group                                     A. Yourtchenko
Internet-Draft                                                 P. Aitken
Intended status:  Informational                                B. Claise
Expires:  September 13, 2012                         Cisco Systems, Inc.
                                                          March 12, 2012


          Cisco Specific Information Elements reused in IPFIX
                     draft-yourtchenko-cisco-ies-03

Abstract

   This document describes some additional Information Elements of Cisco
   Systems, Inc. that are not listed in RFC3954.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 13, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Yourtchenko, et al.    Expires September 13, 2012               [Page 1]


Internet-Draft         Cisco Information Elements             March 2012


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Information Elements Overview  . . . . . . . . . . . . . . . .  3
   4.  Information Elements . . . . . . . . . . . . . . . . . . . . .  4
     4.1.  deltaFlowCount . . . . . . . . . . . . . . . . . . . . . .  4
     4.2.  samplingInterval . . . . . . . . . . . . . . . . . . . . .  4
     4.3.  samplingAlgorithm  . . . . . . . . . . . . . . . . . . . .  4
     4.4.  engineType . . . . . . . . . . . . . . . . . . . . . . . .  5
     4.5.  engineId . . . . . . . . . . . . . . . . . . . . . . . . .  5
     4.6.  ipv4RouterSc . . . . . . . . . . . . . . . . . . . . . . .  5
     4.7.  samplerId  . . . . . . . . . . . . . . . . . . . . . . . .  5
     4.8.  samplerMode  . . . . . . . . . . . . . . . . . . . . . . .  6
     4.9.  samplerRandomInterval  . . . . . . . . . . . . . . . . . .  6
     4.10. classId  . . . . . . . . . . . . . . . . . . . . . . . . .  6
     4.11. samplerName  . . . . . . . . . . . . . . . . . . . . . . .  6
     4.12. flagsAndSamplerId  . . . . . . . . . . . . . . . . . . . .  7
     4.13. forwardingStatus . . . . . . . . . . . . . . . . . . . . .  7
     4.14. srcTrafficIndex  . . . . . . . . . . . . . . . . . . . . .  8
     4.15. dstTrafficIndex  . . . . . . . . . . . . . . . . . . . . .  9
     4.16. className  . . . . . . . . . . . . . . . . . . . . . . . .  9
     4.17. layer2packetSectionOffset  . . . . . . . . . . . . . . . .  9
     4.18. layer2packetSectionSize  . . . . . . . . . . . . . . . . .  9
     4.19. layer2packetSectionData  . . . . . . . . . . . . . . . . . 10
   5.  Other Information Elements . . . . . . . . . . . . . . . . . . 10
     5.1.  Performance Metrics IEs  . . . . . . . . . . . . . . . . . 10
     5.2.  Application Information IEs  . . . . . . . . . . . . . . . 10
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 11
   Appendix A.  XML Specification of IPFIX Information Elements . . . 13
   Appendix B.  Changes . . . . . . . . . . . . . . . . . . . . . . . 19
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20















Yourtchenko, et al.    Expires September 13, 2012               [Page 2]


Internet-Draft         Cisco Information Elements             March 2012


1.  Introduction

   The section 4 of [RFC5102] defines the IPFIX Information Elements in
   the range of 1-127 to be compatible with the NetFlow version 9
   fields, as specified in the "Cisco Systems NetFlow Services Export
   Version 9" [RFC3954].  As [RFC3954] was specified in 2004, it does
   not contain all NetFlow version 9 specific fields in the range 1-127.
   The question was asked whether IPFIX Devices should exclusively
   report the IPFIX IANA IEs [IPFIX-IANA] ?  In other words, when
   upgrading from a NetFlow metering process to an IPFIX Metering
   Process, should the IPFIX Devices stop reporting NetFlow version 9
   specific IEs that were not registered in IANA [IPFIX-IANA] ?

   This document is intended to fill the gap in this IE range.  That
   way, IPFIX implementations could export all the IEs specified in
   IANA, regardless of the range.


2.  Terminology

   IPFIX-specific terminology used in this document is defined in
   Section 2 of [RFC5101].  As in [RFC5101], these IPFIX-specific terms
   have the first letter of a word capitalized when used in this
   document.


3.  Information Elements Overview

   The following Information Elements are discussed in the sections
   below:

     +----+-----------------------+-----+---------------------------+
     | ID | Name                  |  ID | Name                      |
     +----+-----------------------+-----+---------------------------+
     |  3 | deltaFlowCount        |  84 | samplerName               |
     | 34 | samplingInterval      |  87 | flagsAndSamplerId         |
     | 35 | samplingAlgorithm     |  89 | forwardingStatus          |
     | 38 | engineType            |  92 | srcTrafficIndex           |
     | 39 | engineId              |  93 | dstTrafficIndex           |
     | 43 | ipv4RouterSc          | 100 | className                 |
     | 48 | samplerId             | 102 | layer2packetSectionOffset |
     | 49 | samplerMode           | 103 | layer2packetSectionSize   |
     | 50 | samplerRandomInterval | 104 | layer2packetSectionData   |
     | 51 | classId               |     |                           |
     +----+-----------------------+-----+---------------------------+

                                  Table 1




Yourtchenko, et al.    Expires September 13, 2012               [Page 3]


Internet-Draft         Cisco Information Elements             March 2012


4.  Information Elements

4.1.  deltaFlowCount

   Description:
      This Information Element specifies the current number of all Flow
      Records that form the parent population as input to the Flow
      Selection Process.
   Abstract Data Type:  unsigned64
   ElementId:  3
   Semantics:  quantity
   Status:  current
   Units:  flows
   RFC EDITOR NOTE:  if the Flow Aggregation for IPFIX document
      [I-D.trammell-ipfix-a9n] is published before this, then remove
      this entry.  This Information Element is similar to
      'deltaFlowCount' there.

4.2.  samplingInterval

   Description:
      Deprecated in favor of 305 samplingPacketInterval.  When using
      sampled NetFlow, the rate at which packets are sampled - e.g. a
      value of 100 indicates that one of every 100 packets is sampled.
   Abstract Data Type:  unsigned32
   ElementId:  34
   Semantics:  quantity
   Status:  deprecated
   Units:  packets

4.3.  samplingAlgorithm

   Description:
      Deprecated in favor of 304 selectorAlgorithm.  The type of
      algorithm used for sampled NetFlow:
         1 - Deterministic Sampling;
         2 - Random Sampling.
      The values are not compatible with the selectorAlgorithm IE, where
      "Deterministic" has been replaced by "Systematic count-based" (1)
      or "Systematic time-based" (2), and "Random" is (3).  Conversion
      is required, see PSAMP parameters [PSAMP-IANA].
   Abstract Data Type:  unsigned8
   ElementId:  35
   Semantics:  identifier







Yourtchenko, et al.    Expires September 13, 2012               [Page 4]


Internet-Draft         Cisco Information Elements             March 2012


   Status:  deprecated

4.4.  engineType

   Description:
      Type of flow switching engine in a router/switch:
         RP = 0,
         VIP/Line card = 1,
         PFC/DFC = 2.
      Reserved for internal use on the collector.
   Abstract Data Type:  unsigned8
   ElementId:  38
   Semantics:  identifier
   Status:  deprecated

4.5.  engineId

   Description:
      VIP or line card slot number of the flow switching engine in a
      router/switch.  Reserved for internal use on the collector.
   Abstract Data Type:  unsigned8
   ElementId:  39
   Semantics:  identifier
   Status:  deprecated

4.6.  ipv4RouterSc

   Description:
      This is a platform-specific field for Catalyst 5000/Catalyst 6000
      family.  It is used to store the address of a router that is being
      shortcut when performing MultiLayer Switching.
   Abstract Data Type:  ipv4Address
   ElementId:  43
   Semantics:  ipv4Address
   Status:  deprecated
   Reference:  [CCO-MLS] describes the MultiLayer Switching.

4.7.  samplerId

   Description:
      Deprecated in favor of 302 selectorId.  The unique identifier
      associated with samplerName.
   Abstract Data Type:  unsigned8
   ElementId:  48







Yourtchenko, et al.    Expires September 13, 2012               [Page 5]


Internet-Draft         Cisco Information Elements             March 2012


   Semantics:  identifier
   Status:  deprecated

4.8.  samplerMode

   Description:
      Deprecated in favor of 304 selectorAlgorithm.  The values are not
      compatible:  selectorAlgorithm=3 is random sampling.  The type of
      algorithm used for sampling data:  1 - deterministic, 2 - random
      sampling.  Use with samplerRandomInterval.
   Abstract Data Type:  unsigned8
   ElementId:  49
   Semantics:  identifier
   Status:  deprecated

4.9.  samplerRandomInterval

   Description:
      Deprecated in favour of 305 samplingPacketInterval.  Packet
      interval at which to sample - in case of random sampling.  Used in
      connection with samplerMode 0x02 (random sampling) value.
   Abstract Data Type:  unsigned32
   ElementId:  50
   Semantics:  quantity
   Status:  deprecated

4.10.  classId

   Description:
      Deprecated in favour of 302 selectorId.  Characterizes the traffic
      class, i.e.  QoS treatment.
   Abstract Data Type:  unsigned8
   ElementId:  51
   Semantics:  identifier
   Status:  deprecated

4.11.  samplerName

   Description:
      Deprecated in favor of 335 selectorName.  Name of the flow
      sampler.
   Abstract Data Type:  string
   ElementId:  84
   Status:  deprecated







Yourtchenko, et al.    Expires September 13, 2012               [Page 6]


Internet-Draft         Cisco Information Elements             March 2012


4.12.  flagsAndSamplerId

   Description:
      Flow flags and the value of the sampler ID (samplerId) combined in
      one bitmapped field.  Reserved for internal use on the collector.
   Abstract Data Type:  unsigned32
   ElementId:  87
   Semantics:  identifier
   Status:  deprecated

4.13.  forwardingStatus

   Description:
      This Information Element describes the forwarding status of the
      flow and any attached reasons.  The Reduced Size Encoding rules as
      per [RFC5101] apply.

      The basic encoding is 8 bits. The future extensions
      could add one or three bytes. The layout of the basic
      encoding is as follows:

         MSB -   0   1   2   3   4   5   6   7   - LSB
               +---+---+---+---+---+---+---+---+
               | Status|  Reason code or flags |
               +---+---+---+---+---+---+---+---+

      Status:

      00b = Unknown
      01b = Forwarded
      10b = Dropped
      11b = Consumed


      Reason Code (status = 01b, Forwarded)

      01 000000b = 64 = Unknown
      01 000001b = 65 = Fragmented
      01 000010b = 66 = Not Fragmented

      Reason Code (status = 10b, Dropped)

      10 000000b = 128 = Unknown
      10 000001b = 129 = ACL deny
      10 000010b = 130 = ACL drop
      10 000011b = 131 = Unroutable
      10 000100b = 132 = Adjacency
      10 000101b = 133 = Fragmentation and DF set



Yourtchenko, et al.    Expires September 13, 2012               [Page 7]


Internet-Draft         Cisco Information Elements             March 2012


      10 000110b = 134 = Bad header checksum
      10 000111b = 135 = Bad total Length
      10 001000b = 136 = Bad header length
      10 001001b = 137 = bad TTL
      10 001010b = 138 = Policer
      10 001011b = 139 = WRED
      10 001100b = 140 = RPF
      10 001101b = 141 = For us
      10 001110b = 142 = Bad output interface
      10 001111b = 143 = Hardware

      Reason Code (status = 11b, Consumed)

      11 000000b = 192 = Unknown
      11 000001b = 193 = Punt Adjacency
      11 000010b = 194 = Incomplete Adjacency
      11 000011b = 195 = For us

      Examples:

        value : 0x40 = 64
        binary: 01000000
        decode: 01        -> Forward
                  000000  -> No further information

        value : 0x89 = 137
        binary: 10001001
        decode: 10        -> Drop
                  001001  -> Fragmentation and DF set



   Abstract Data Type:  unsigned32
   ElementId:  89
   Semantics:  identifier
   Status:  current
   Reference:
      See [CCO-NF9FMT] - NetFlow Version 9 Record Format.

4.14.  srcTrafficIndex

   Description:
      BGP Policy Accounting Source Traffic Index
   Abstract Data Type:  unsigned32







Yourtchenko, et al.    Expires September 13, 2012               [Page 8]


Internet-Draft         Cisco Information Elements             March 2012


   ElementId:  92
   Semantics:  identifier
   Status:  current
   Reference:
      BGP policy accounting as described in [CCO-BGPPOL]

4.15.  dstTrafficIndex

   Description:
      BGP Policy Accounting Destination Traffic Index
   Abstract Data Type:  unsigned32
   ElementId:  93
   Semantics:  identifier
   Status:  current
   Reference:
      BGP policy accounting as described in [CCO-BGPPOL]

4.16.  className

   Description:
      Deprecated in favor of 335 selectorName.  Traffic Class Name,
      associated with the classId Information Element.
   Abstract Data Type:  string
   ElementId:  100
   Status:  deprecated

4.17.  layer2packetSectionOffset

   Description:
      Layer 2 packet section offset.  Potentially a generic packet
      section offset.
   Abstract Data Type:  unsigned16
   ElementId:  102
   Semantics:  quantity
   Status:  current
   EDITOR'S NOTE:  [I-D.kashima-ipfix-data-link-layer-monitoring]
      contains a corresponding field 'sectionOffset' with a better
      description.  One solution is to assign the value 102 for the
      'sectionOffset' in [I-D.kashima-ipfix-data-link-layer-monitoring].

4.18.  layer2packetSectionSize

   Description:
      Layer 2 packet section size.  Potentially a generic packet section
      size.






Yourtchenko, et al.    Expires September 13, 2012               [Page 9]


Internet-Draft         Cisco Information Elements             March 2012


   Abstract Data Type:  unsigned16
   ElementId:  103
   Semantics:  quantity
   Status:  current
   EDITOR'S NOTE:  [I-D.kashima-ipfix-data-link-layer-monitoring]
      contains a corresponding field 'sectionObservedOctets' with a
      better description.  One solution is to assign the value 103 to
      'sectionObservedOctets' in
      [I-D.kashima-ipfix-data-link-layer-monitoring].

4.19.  layer2packetSectionData

   Description:
      Layer 2 packet section data.
   Abstract Data Type:  octetArray
   ElementId:  104
   Status:  current
   EDITOR's NOTE:  [I-D.kashima-ipfix-data-link-layer-monitoring]
      contains a corresponding field 'dataLinkFrameSection' with a
      better description.  One solution is to assign the value 104 to
      'dataLinkFrameSection' in
      [I-D.kashima-ipfix-data-link-layer-monitoring].


5.  Other Information Elements

5.1.  Performance Metrics IEs

   ElementId:  65 .. 69

   Performance metrics will need a consolidation in the industry, based
   on RFC6390.  Once this consolidation happens, via a separate document
   the IEs 65-69 will either be assigned in the IANA registry or their
   status will be deprecated.

5.2.  Application Information IEs

   ElementId:  101

   ElementId:  94 .. 97

   Please refer to the Export of Application Information in IPFIX
   [I-D.claise-export-application-info-in-ipfix]


6.  IANA Considerations

   This document specifies several new IPFIX Information Elements in the



Yourtchenko, et al.    Expires September 13, 2012              [Page 10]


Internet-Draft         Cisco Information Elements             March 2012


   IPFIX Information Element registry as defined in Section 3 above.
   The following Information Elements must be assigned:

   o  IE Number 3 for the deltaFlowCount IE
   o  IE Number 34 for the samplingInterval IE
   o  IE Number 35 for the samplingAlgorithm IE
   o  IE Number 38 for the engineType IE
   o  IE Number 39 for the engineId IE
   o  IE Number 43 for the ipv4RouterSc IE
   o  IE Number 48 for the samplerId IE
   o  IE Number 49 for the samplerMode IE
   o  IE Number 50 for the samplerRandomInterval IE
   o  IE Number 51 for the classId IE
   o  IE Number 84 for the samplerName IE
   o  IE Number 87 for the flagsAndSamplerId IE
   o  IE Number 89 for the forwardingStatus IE
   o  IE Number 92 for the srcTrafficIndex IE
   o  IE Number 93 for the dstTrafficIndex IE
   o  IE Number 100 for the className IE
   o  IE Number 102 for the layer2packetSectionOffset IE
   o  IE Number 103 for the layer2packetSectionSize IE
   o  IE Number 104 for the layer2packetSectionData IE


7.  Security Considerations

   This document specifies the definitions of several Information
   Elements and does not alter the security considerations of the base
   protocol.  Please refer to the security considerations sections of
   RFC 3954 [RFC3954] and RFC 5102 [RFC5102].

   However, the export of the sections of the packet payload may
   unintentionally change the security assumptions of other protocols.


8.  References

8.1.  Normative References

   [RFC5101]  Claise, B., "Specification of the IP Flow Information
              Export (IPFIX) Protocol for the Exchange of IP Traffic
              Flow Information", RFC 5101, January 2008.

8.2.  Informative References

   [CCO-BGPPOL]
              Cisco, "BGP Policy Accounting and BGP Policy Accounting
              Output Interface Accounting Features", <http://



Yourtchenko, et al.    Expires September 13, 2012              [Page 11]


Internet-Draft         Cisco Information Elements             March 2012


              www.cisco.com/en/US/tech/tk365/
              technologies_tech_note09186a0080094e88.shtml>.

   [CCO-MLS]  Cisco, "IP MultiLayer Switching Sample Configuration", <ht
              tp://www.cisco.com/en/US/products/hw/switches/ps700/
              products_configuration_example09186a00800ab513.shtml>.

   [CCO-NF9FMT]
              Cisco, "NetFlow version 9 Flow-Record format", <http://
              www.cisco.com/en/US/technologies/tk648/tk362/
              technologies_white_paper09186a00800a3db9.html>.

   [I-D.claise-export-application-info-in-ipfix]
              Claise, B., Aitken, P., and N. Ben-Dvora, "Export of
              Application Information in IPFIX",
              draft-claise-export-application-info-in-ipfix-05 (work in
              progress), February 2012.

   [I-D.kashima-ipfix-data-link-layer-monitoring]
              Kashima, S., Nakata, K., and A. Kobayashi, "Information
              Elements for Data Link Layer Traffic Measurement",
              draft-kashima-ipfix-data-link-layer-monitoring-06 (work in
              progress), September 2011.

   [I-D.trammell-ipfix-a9n]
              Trammell, B., Wagner, A., and B. Claise, "Flow Aggregation
              for the IP Flow Information Export (IPFIX) Protocol",
              draft-trammell-ipfix-a9n-04 (work in progress),
              September 2011.

   [IPFIX-IANA]
              IANA, "IP Flow Information Export (IPFIX) Entities",
              <http://www.iana.org/assignments/ipfix/ipfix.xml>.

   [PSAMP-IANA]
              IANA, "Packet Sampling (PSAMP) Parameters", <http://
              www.iana.org/assignments/psamp-parameters/
              psamp-parameters.xml>.

   [RFC3954]  Claise, B., "Cisco Systems NetFlow Services Export Version
              9", RFC 3954, October 2004.

   [RFC5102]  Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
              Meyer, "Information Model for IP Flow Information Export",
              RFC 5102, January 2008.


Appendix A.  XML Specification of IPFIX Information Elements



Yourtchenko, et al.    Expires September 13, 2012              [Page 12]


Internet-Draft         Cisco Information Elements             March 2012


<?xml version="1.0" encoding="UTF-8"?>

<fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
                ipfix-info.xsd">

  <field name="deltaFlowCount" dataType="unsigned64"
             group=""
             dataTypeSemantics="quantity"
             elementId="3" applicability="flow" status="current">
    <description>
        <paragraph>
        This Information Element specifies the current number of all
        Flow Records that form the parent population as input to the
        Flow Selection Process.
        </paragraph>
    </description>
  </field>
  <field name="samplingInterval" dataType="unsigned32"
             group=""
             dataTypeSemantics="quantity"
             elementId="34" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favor of 305 samplingPacketInterval. When using
        sampled NetFlow, the rate at which packets are sampled - e.g. a
        value of 100 indicates that one of every 100 packets is sampled.
        </paragraph>
    </description>
  </field>
  <field name="samplingAlgorithm" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="35" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favor of 304 selectorAlgorithm. The type of
        algorithm used for sampled NetFlow: 1 - Deterministic Sampling;
        2 - Random Sampling. The values are not compatible with the
        selectorAlgorithm IE, where "Deterministic" has been replaced by
        "Systematic count-based" (1) or "Systematic time-based" (2), and
        "Random" is (3). Conversion is required, see
        <REF:PSAMP-IANA>PSAMP parameters.
        </paragraph>
    </description>
  </field>
  <field name="engineType" dataType="unsigned8"



Yourtchenko, et al.    Expires September 13, 2012              [Page 13]


Internet-Draft         Cisco Information Elements             March 2012


             group=""
             dataTypeSemantics="identifier"
             elementId="38" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Type of flow switching engine in a router/switch: RP = 0,
        VIP/Line card = 1, PFC/DFC = 2. Reserved for internal use on the
        collector.
        </paragraph>
    </description>
  </field>
  <field name="engineId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="39" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        VIP or line card slot number of the flow switching engine in a
        router/switch. Reserved for internal use on the collector.
        </paragraph>
    </description>
  </field>
  <field name="ipv4RouterSc" dataType="ipv4Address"
             group=""
             dataTypeSemantics="ipv4Address"
             elementId="43" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        This is a platform-specific field for Catalyst 5000/Catalyst
        6000 family. It is used to store the address of a router that is
        being shortcut when performing MultiLayer Switching.
        </paragraph>
    </description>
    <reference>
        http://www
        .cisco.com
        /en/US/pro
        ducts/hw/s
        witches/ps
        700/products_configuration_example09186a00800ab513.shtml
        describes the MultiLayer Switching.
    </reference>
  </field>
  <field name="samplerId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="48" applicability="flow" status="deprecated">
    <description>



Yourtchenko, et al.    Expires September 13, 2012              [Page 14]


Internet-Draft         Cisco Information Elements             March 2012


        <paragraph>
        Deprecated in favor of 302 selectorId. The unique identifier
        associated with samplerName.
        </paragraph>
    </description>
  </field>
  <field name="samplerMode" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="49" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favor of 304 selectorAlgorithm. The values are not
        compatible: selectorAlgorithm=3 is random sampling. The type of
        algorithm used for sampling data: 1 - deterministic, 2 - random
        sampling. Use with samplerRandomInterval.
        </paragraph>
    </description>
  </field>
  <field name="samplerRandomInterval" dataType="unsigned32"
             group=""
             dataTypeSemantics="quantity"
             elementId="50" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favour of 305 samplingPacketInterval. Packet
        interval at which to sample - in case of random sampling. Used
        in connection with samplerMode 0x02 (random sampling) value.
        </paragraph>
    </description>
  </field>
  <field name="classId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="51" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favour of 302 selectorId. Characterizes the
        traffic class, i.e. QoS treatment.
        </paragraph>
    </description>
  </field>
  <field name="samplerName" dataType="string"
             group=""
             dataTypeSemantics=""
             elementId="84" applicability="flow" status="deprecated">
    <description>
        <paragraph>



Yourtchenko, et al.    Expires September 13, 2012              [Page 15]


Internet-Draft         Cisco Information Elements             March 2012


        Deprecated in favor of 335 selectorName. Name of the flow
        sampler.
        </paragraph>
    </description>
  </field>
  <field name="flagsAndSamplerId" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="87" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Flow flags and the value of the sampler ID (samplerId) combined
        in one bitmapped field. Reserved for internal use on the
        collector.
        </paragraph>
    </description>
  </field>
  <field name="forwardingStatus" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="89" applicability="flow" status="current">
    <description>
        <paragraph>
        This Information Element describes the forwarding status of the
        flow and any attached reasons. The Reduced Size Encoding rules
        as per <REF:RFC5101> apply.
        </paragraph>
        <artwork>
           The basic encoding is 8 bits. The future extensions
           could add one or three bytes. The layout of the basic
           encoding is as follows:

              MSB -   0   1   2   3   4   5   6   7   - LSB
                    +---+---+---+---+---+---+---+---+
                    | Status|  Reason code or flags |
                    +---+---+---+---+---+---+---+---+
           Status:

           00b = Unknown
           01b = Forwarded
           10b = Dropped
           11b = Consumed


           Reason Code (status = 01b, Forwarded)

           01 000000b = 64 = Unknown
           01 000001b = 65 = Fragmented



Yourtchenko, et al.    Expires September 13, 2012              [Page 16]


Internet-Draft         Cisco Information Elements             March 2012


           01 000010b = 66 = Not Fragmented

           Reason Code (status = 10b, Dropped)

           10 000000b = 128 = Unknown
           10 000001b = 129 = ACL deny
           10 000010b = 130 = ACL drop
           10 000011b = 131 = Unroutable
           10 000100b = 132 = Adjacency
           10 000101b = 133 = Fragmentation and DF set
           10 000110b = 134 = Bad header checksum
           10 000111b = 135 = Bad total Length
           10 001000b = 136 = Bad header length
           10 001001b = 137 = bad TTL
           10 001010b = 138 = Policer
           10 001011b = 139 = WRED
           10 001100b = 140 = RPF
           10 001101b = 141 = For us
           10 001110b = 142 = Bad output interface
           10 001111b = 143 = Hardware

           Reason Code (status = 11b, Consumed)

           11 000000b = 192 = Unknown
           11 000001b = 193 = Punt Adjacency
           11 000010b = 194 = Incomplete Adjacency
           11 000011b = 195 = For us

           Examples:

             value : 0x40 = 64
             binary: 01000000
             decode: 01        -> Forward
                       000000  -> No further information

             value : 0x89 = 137
             binary: 10001001
             decode: 10        -> Drop
                       001001  -> Fragmentation and DF set
        </artwork>
    </description>
    <reference>
        See http:/
        /www.cisco
        .com/en/US
        /technolog
        ies/tk648/tk362/technologies_white_paper09186a00800a3db9.html -
        NetFlow Version 9 Record Format.



Yourtchenko, et al.    Expires September 13, 2012              [Page 17]


Internet-Draft         Cisco Information Elements             March 2012


    </reference>
  </field>
  <field name="srcTrafficIndex" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="92" applicability="flow" status="current">
    <description>
        <paragraph>
        BGP Policy Accounting Source Traffic Index
        </paragraph>
    </description>
    <reference>
        BGP policy accounting as described in
        http://www
        .cisco.com
        /en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml
    </reference>
  </field>
  <field name="dstTrafficIndex" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="93" applicability="flow" status="current">
    <description>
        <paragraph>
        BGP Policy Accounting Destination Traffic Index
        </paragraph>
    </description>
    <reference>
        BGP policy accounting as described in
        http://www
        .cisco.com
        /en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml
    </reference>
  </field>
  <field name="className" dataType="string"
             group=""
             dataTypeSemantics=""
             elementId="100" applicability="flow" status="deprecated">
    <description>
        <paragraph>
        Deprecated in favor of 335 selectorName. Traffic Class Name,
        associated with the classId Information Element.
        </paragraph>
    </description>
  </field>
  <field name="layer2packetSectionOffset" dataType="unsigned16"
             group=""
             dataTypeSemantics="quantity"



Yourtchenko, et al.    Expires September 13, 2012              [Page 18]


Internet-Draft         Cisco Information Elements             March 2012


             elementId="102" applicability="flow" status="current">
    <description>
        <paragraph>
        Layer 2 packet section offset. Potentially a generic packet
        section offset.
        </paragraph>
    </description>
  </field>
  <field name="layer2packetSectionSize" dataType="unsigned16"
             group=""
             dataTypeSemantics="quantity"
             elementId="103" applicability="flow" status="current">
    <description>
        <paragraph>
        Layer 2 packet section size. Potentially a generic packet
        section size.
        </paragraph>
    </description>
  </field>
  <field name="layer2packetSectionData" dataType="octetArray"
             group=""
             dataTypeSemantics=""
             elementId="104" applicability="flow" status="current">
    <description>
        <paragraph>
        Layer 2 packet section data.
        </paragraph>
    </description>
  </field>
</fieldDefinitions>



Appendix B.  Changes

   To be removed by RFC Editor before publication

   01:  initial revision presented at the IETF meeting.

   02:  removed "flow" from flowSamplerId, flowSamplerMode, and
   flowSamplerRandomInterval; updated the related drafts in references;
   added the "reference" column to the XML definitions; renamed
   fsFlowEntryTotalCount into deltaFlowCount to keep the naming in sync
   with [I-D.trammell-ipfix-a9n].  Also minor changes to formatting and
   added the IE overview table.

   03:  updated the references to
   draft-claise-export-application-info-in-ipfix, slightly tweaked the



Yourtchenko, et al.    Expires September 13, 2012              [Page 19]


Internet-Draft         Cisco Information Elements             March 2012


   title and removed the unused reference to
   draft-ietf-ipfix-flow-selection-tech.


Authors' Addresses

   Andrew Yourtchenko
   Cisco Systems, Inc.
   De Kleetlaan, 7
   Brussels, Diegem  B-1831
   Belgium

   Phone:  +32 2 704 5494
   Email:  ayourtch@cisco.com


   Paul Aitken
   Cisco Systems, Inc.
   96 Commercial Quay
   Edinburgh  EH6 6LX
   Scotland

   Phone:  +44 131 561 3616
   Email:  paitken@cisco.com


   Benoit Claise
   Cisco Systems, Inc.
   De Kleetlaan, 6a b1
   Diegem  B-1831
   Belgium

   Phone:  +32 2 704 5622
   Email:  bclaise@cisco.com

















Yourtchenko, et al.    Expires September 13, 2012              [Page 20]


Html markup produced by rfcmarkup 1.127, available from https://tools.ietf.org/tools/rfcmarkup/