Draft Aitken Ipfix New Infos 03

8/2/2019 Draft Aitken Ipfix New Infos 03

1/28

IPFIXwor

inggroupEditorP.Ait

enInternetDraftEditorB.Claisedraft-ait en-ipfix-new-infos-03CiscoSystems,Inc.IntendedStatus:ProposedStandardMarch17,2008Expires:September17,2008NewInformationElementsfromtheIPFIXInformationModelStatusofthisMemoBysubmittingthisInternet-Draft,eachauthorrepresentsthatanyapplicablepatentorotherIPRclaimsofwhichheorsheisawarehavebeenorwillbedisclosed,andanyofwhichheorshebecomesawarewillbedisclosed,inaccordancewithSection6ofBCP79.Internet-Draftsarewor ingdocumentsoftheInternetEngineeringTas Force(IETF),itsareas,anditswor inggroups.Notethatothergroupsmayalsodistributewor ingdocumentsasInternet-Drafts.

Internet-Draftsaredraftdocumentsvalidforamaximumofsixmonthsandmaybeupdated,replaced,orobsoletedbyotherdocumentsatanytime.ItisinappropriatetouseInternet-Draftsasreferencematerialortocitethemotherthanas"wor inprogress."ThelistofcurrentInternet-Draftscanbeaccessedathttp://www.ietf.org/ietf/1id-abstracts.txt.ThelistofInternet-DraftShadowDirectoriescanbeaccessedathttp://www.ietf.org/shadow.html.

ThisInternet-DraftwillexpireonMarch3rd,2008.CopyrightNoticeCopyright(C)TheIETFTrust(2008).AbstractThisdocumentspecifiestheIPFIXprotocolthatservesfortransmittingIPtrafficflowinformationoverthenetwor .Inorder

Ait en,ClaiseStandardTrac [Page1]


2/28

NewInformationElementsfortheIPFIXInformationModelMarch2008

totransmitIPtrafficflowinformationfromanexportingprocesstoaninformationcollectingprocess,acommonrepresentationofflowdataandastandardmeansofcommunicatingthemisrequired.ThisdocumentdescribeshowtheIPFIXdataandtemplatesrecordsarecarriedoveranumberoftransportprotocolsfromanIPFIXexportingprocesstoanIPFIXcollectingprocess.ConventionsusedinthisdocumentThe

eywords"MUST","MUSTNOT","REQUIRED","SHALL","SHALLNOT","SHOULD","SHOULDNOT","RECOMMENDED","MAY",and"OPTIONAL"inthisdocumentaretobeinterpretedasdescribedinRFC2119[RFC2119].TableofContents1.Introduction.................................................32.Terminology..................................................32.1IPFIXDocumentsOverview...................................42.2PSAMPDocumentsOverview...................................43.InformationElementIdentifiers..............................44.NewInformationElementsintherange1-127..................64.1interfaceName..............................................6

4.2interfaceDescription.......................................74.3forwardingStatus...........................................74.4mplsTopLabelPrefixLength...................................94.5postIpDiffServCodePoint...................................104.6multicastReplicationFactor................................105.NewInformationElementsintherange128-32767.............105.1postNATSourceIPv4Address..................................105.2postNATDestinationIPv4Address.............................115.3postNAPTSourceTransportPort...............................115.4postNAPTDestinationTransportPort..........................125.5natOriginatingAddressRealm................................125.6natEvent..................................................125.7initiatorOctets...........................................13

5.8responderOctets...........................................135.9firewallEvent.............................................135.10ingressVRFID.............................................145.11egressVRFID..............................................145.12VRFname..................................................145.13ethernetHeaderLength.....................................145.14ethernetPayloadLength....................................155.15ethernetTotalLength......................................155.16dot1qVlanId..............................................155.17dot1qPriority............................................165.18dot1qCustomerVlanId......................................16

Ait

en,ClaiseStandardTrac

[Page2]


3/28


5.19dot1qCustomerPriority....................................165.20metroEvcId...............................................175.21metroEvcType.............................................175.22pseudoWireId.............................................175.23pseudoWireType...........................................185.24pseudoWireControlWord....................................185.25ingressPhysicalInterface.................................185.26egressPhysicalInterface..................................185.27postDot1qVlanId..........................................195.28postDot1qCustomerVlanId..................................195.29ethernetType.............................................195.30selectorName.............................................206.Relationshipbetweendot1qVlanIdandvlanId.................207.RelationshipbetweeninterfacerelatedInformationElements.218.IANAConsiderations.........................................219.References..................................................229.1NormativeReferences......................................229.2InformativeReferences....................................2310.SecurityConsiderations....................................2511.Contributors...............................................2512.Ac nowledgements...........................................2513.Authors'Addresses.........................................25

14.IntellectualPropertyStatement............................2615.CopyrightStatement........................................2616.Disclaimer.................................................271.IntroductionTheIPFIXInformationModel[RFC5102]definesanextensiblelistofInformationElementswhichmaybetransmittedbytheIPFIXprotocol[RFC5101].ThisdocumentlistsaseriesofnewInformationElementstoupdatetheIPFIXInformationModel,andactsasthepersistentpublication

mediumrequestedintheIANAconsiderationssectionoftheIPFIXInformationModel[RFC5102]("ThespecificationofnewIPFIXInformationElementsMUSTusethetemplatespecifiedinsection2.1andMUSTbepublishedusingawellestablishedandpersistentpublicationmedium").2.TerminologyIPFIX-specificterminologyusedinthisdocumentisdefinedinsection2oftheIPFIXProtocol[RFC5101].AsintheIPFIXProtocol[RFC5101],theseIPFIX-specifictermshavethefirstletterofawordcapitalizedwhenusedinthisdocument.

Ait

en,ClaiseStandardTrac

[Page3]


4/28


2.1IPFIXDocumentsOverviewTheIPFIXProtocol[RFC5101]providesnetwor administratorswithaccesstoIPflowinformation.ThearchitecturefortheexportofmeasuredIPflowinformationoutofanIPFIXexportingprocesstoacollectingprocessisdefinedintheIPFIXArchitecture[IPFIX-ARCH],pertherequirementsdefinedinRFC3917[RFC3917].TheIPFIXArchitecture[IPFIX-ARCH]specifieshowIPFIXDataRecordsandTemplatesarecarriedviaacongestion-awaretransportprotocolfromIPFIXExportingProcessestoIPFIXCollectingProcesses.IPFIXhasaformaldescriptionofIPFIXInformationElements,theirname,typeandadditionalsemanticinformation,asspecifiedintheIPFIXInformationModel[RFC5102].FinallytheIPFIXApplicabilityStatement[IPFIX-AS]describeswhattypeofapplicationscanusetheIPFIXprotocolandhowtheycanuse

theinformationprovided.ItfurthermoreshowshowtheIPFIXframewor relatestootherarchitecturesandframewor s.2.2PSAMPDocumentsOverviewThedocument"AFramewor forPac etSelectionandReporting"[PSAMP-FMWK],describesthePSAMPframewor fornetwor elementstoselectsubsetsofpac etsbystatisticalandothermethods,andtoexportastreamofreportsontheselectedpac etstoacollector.Thesetofpac etselectiontechniques(sampling,filtering,andhashing)supportedbyPSAMParedescribedin"SamplingandFiltering

TechniquesforIPPac

etSelection"[PSAMP-TECH].ThePSAMPprotocol[PSAMP-PROTO]specifiestheexportofpac etinformationfromaPSAMPExportingProcesstoaPSAMPCollectingProcess.Li eIPFIX,PSAMPhasaformaldescriptionofitsinformationelements,theirname,typeandadditionalsemanticinformation.ThePSAMPinformationmodelisdefinedin[PSAMP-INFO].Finally[PSAMP-MIB]describesthePSAMPManagementInformationBase.3.InformationElementIdentifiers



5/28


ThevalueoftheInformationElementidentifiersareintherangeof1-32767.Withinthisrange,InformationElementidentifiervaluesinthesub-rangeof1-127arecompatiblewithfieldtypesusedbyNetFlowversion9[RFC3954].ThefollowinglistgivesanoverviewofthenewInformationElementidentifiersthatareintherange1-127.TheseInformationElementswerepreviouslyRESERVEDaccordingtotheIPFIXInformationModel[RFC5102]andIANA.+-------+----------------------------+|ID|Name|+-------+----------------------------+|82|interfaceName||83|interfaceDescription|~~~|89|forwardingStatus|~~~|91|mplsTopLabelPrefixLength|~~~|98|postIpDiffServCodePoint||99|multicastReplicationFactor|

+-------+----------------------------+ThefollowinglistgivesanoverviewofnewInformationElements,notpartoftheRESERVEDrange.ItalsodisplaystheidealInformationElementidentifiersthatwewouldli eIANAtoassign.Notethatthefollowingwebsitehttp://ipfix.netlab.nec.de/infoElements.php,maintainedbytheIPFIXChair(JuergenQuitte )isaplaceholderfortheallocationoftheInformationElementId,whilewaitingfortheIANAassignments.



6/28


+-------+----------------------------------+|ID|Name|+-------+----------------------------------+|225|postNATSourceIPv4Address||226|postNATDestinationIPv4Address||227|postNAPTSourceTransportPort||228|postNAPTDestinationTransportPort||229|natOriginatingAddressRealm||230|natEvent||231|InitiatorOctets||232|ResponderOctets||233|firewallEvent||234|ingressVRFID||235|egressVRFID||236|VRFname|~~~|240|ethernetHeaderLength||241|ethernetPayloadLength||242|ethernetTotalLength||243|dot1qVlanId||244|dot1qPriority||245|dot1qCustomerVlanId|

|246|dot1qCustomerPriority||247|metroEvcId||248|metroEvcType||249|pseudoWireId||250|pseudoWireType||251|pseudoWireControlWord||252|ingressPhysicalInterface||253|egressPhysicalInterface||254|postDot1qVlanId||255|postDot1qCustomerVlanId||256|ethernetType|~~~|335|selectorName|

+-------+----------------------------------+4.NewInformationElementsintherange1-1274.1interfaceNameDescription:Ashortnameuniquelydescribinganinterface,eg"Eth1/0".AbstractDataType:stringElementId:82Status:current

Reference:SeeRFC2863[RFC2863]forthedefinitionoftheifNameobject.Ait en,ClaiseStandardTrac [Page6]


7/28


4.2interfaceDescriptionDescription:Thedescriptionofaninterface,eg"FastEthernet1/0"or"ISPconnection".AbstractDataType:stringElementId:83Status:currentReference:SeeRFC2863[RFC2863]forthedefinitionoftheifDescrobject.4.3forwardingStatusDescription:Describestheforwardingstatusoftheflowandanyattachedreasons.ForwardingStatusisavariablelengthfieldwithlengthof1,2or4octets.

***IANAACTION***ThevaluesofthiselementaretobeallocatedfromIANAregistrieswhichcanbefoundathttp://www.iana.org/assignments/...A.Whenlength=1octet:01234567+-+-+-+-+-+-+-+-+|S|||t|Reason|

|a|codes||t|or||u|flags||s||+-+-+-+-+-+-+-+-+Status:00b=Un nown01b=Forwarded10b=Dropped11b=Consumed

Reasoncodes:Ait en,ClaiseStandardTrac [Page7]


8/28


Reasoncodesaredefinedperstatuscode.ReasonCode(status=01b,Forwarded):000000b=Un

nown000001b=Fragmented000010b=NotFragmentedReasonCode(status=10b,Dropped):000000b=Un nown000001b=ACLDeny000010b=ACLdrop000011b=Unroutable000100b=Adjacency000101b=Fragmentation&DFset000110b=Badheaderchec sum000111b=BadtotalLength001000b=BadHeaderLength001001b=badTTL

001010b=Policer001011b=WRED001100b=RPF001101b=Forus001110b=Badoutputinterface001111b=HardwareReasonCode(status=11b,Consumed):000000b=Un nown000001b=PuntAdjacency000010b=IncompleteAdjacency

000011b=ForusExample1:hexdump:01000000decode:01->Forward000000->NofurtherinformationExample2:hexdump:10001001decode:10->Drop

001001->Fragmentation&DFsetAit en,ClaiseStandardTrac [Page8]


9/28


B.Whenlength=2octets:Alengthof2indicatesanextendedreason:bit00000000001111110123456789012345+----------------+----------------+|Status&Reason|ExtendedReason|+----------------+----------------+Thestatusandreasonareasdefinedin(A)above.Theextendedreasonsareyettobedefined.C.Whenlength=4octets:Iftherearefurtherextensionstothereason,thefieldlengthis4:0000000000111111111122222222223301234567890123456789012345678901+----------------+----------------+----------------+----------------+

|Status&Reason|ExtendedReason|FurtherExtensions|+----------------+----------------+----------------+----------------+Thestatus,reasonandextendedreasonareasdefinedin(B)above.Furtherextendedreasonsareyettobedefined.AbstractDataType:octetArrayDataTypeSemantics:flagsElementId:89Status:current4.4mplsTopLabelPrefixLength

Description:TheprefixlengthofthesubnetofthemplsTopLabelIPv4AddressthattheMPLStoplabelwillcausetheFlowtobeforwardedto.AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:91Status:currentUnits:bitsRange:Thevalidrangeis0-32Reference:SeeRFC3031fortheassociationbetweenMPLSlabelsandprefixlengths.



10/28


4.5postIpDiffServCodePointDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'ipDiffServCodePoint',exceptthatitreportsapotentiallymodifiedvaluecausedbyamiddleboxfunctionafterthepac

etpassedtheObservationPoint.AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:98Status:currentRange:Thevalidrangeis0-63.Reference:SeeRFC3260[RFC3260]forthedefinitionoftheDifferentiatedServicesField.Seesection5.3.2ofRFC1812[RFC1812]andRFC791[RFC791]forthedefinitionoftheIPv4TOSfield.SeeRFC2460[RFC2460]forthedefinitionoftheIPv6TrafficClassfield.SeetheIPFIXInformaitonModel[RFC5102]forthe'ipDiffServCodePoint'specification.

4.6multicastReplicationFactorDescription:Theamountofmulticastreplicationthat'sappliedtoatrafficstream.AbstractDataType:DataTypeSemantics:ElementId:99Status:currentReference:SeeRFC1112[RFC1112]forthespecificationofreservedIPv4multicastaddresses.SeeRFC4291[RFC4291]forthe

specificationofreservedIPv6multicastaddresses.5.NewInformationElementsintherange128-327675.1postNATSourceIPv4AddressDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'sourceIPv4Address',exceptthatitreportsamodifiedvaluecausedbyaNATmiddleboxfunctionafterthepac

etpassedtheObservationPoint.AbstractDataType:ipv4Address

DataTypeSemantics:identifierElementId:225Ait en,ClaiseStandardTrac [Page10]


11/28


Status:currentReference:SeeRFC791[RFC791]forthedefinitionoftheIPv4sourceaddressfield.SeeRFC3022[RFC3022]forthedefinitionofNAT.SeeRFC3234[RFC3234]forthedefinitionofmiddleboxes.5.2postNATDestinationIPv4AddressDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'destinationIPv4Address',exceptthatitreportsamodifiedvaluecausedbyaNATmiddleboxfunctionafterthepac

etpassedtheObservationPoint.AbstractDataType:ipv4AddressDataTypeSemantics:identifierElementId:226Status:currentReference:SeeRFC791[RFC791]forthedefinitionoftheIPv4destinationaddressfield.SeeRFC3022[RFC3022]forthedefinitionof

NAT.SeeRFC3234[RFC3234]forthedefinitionofmiddleboxes.5.3postNAPTSourceTransportPortDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'sourceTransportPort',exceptthatitreportsamodifiedvaluecausedbyaNetwor AddressPortTranslation(NAPT)middleboxfunctionafterthepac etpassedtheObservationPoint.AbstractDataType:unsigned16DataTypeSemantics:identifier

ElementId:227Status:currentReference:SeeRFC768[RFC768]forthedefinitionoftheUDPsourceportfield.SeeRFC793[RFC793]forthedefinitionoftheTCPsourceportfield.SeeRFC4960[RFC4960]forthedefinitionofSCTP.SeeRFC3022[RFC3022]forthedefinitionofNAPT.SeeRFC3234[RFC3234]forthedefinitionofmiddleboxes.AdditionalinformationondefinedUDPandTCPportnumberscanbefoundathttp://www.iana.org/assignments/port-numbers.



12/28


5.4postNAPTDestinationTransportPortDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'destinationTransportPort',exceptthatitreportsamodifiedvaluecausedbyaNetwor

AddressPortTranslation(NAPT)middleboxfunctionafterthepac

etpassedtheObservationPoint.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:228Status:currentReference:SeeRFC768[RFC768]forthedefinitionoftheUDPsourceportfield.SeeRFC793[RFC793]forthedefinitionoftheTCPsourceportfield.SeeRFC4960[RFC4960]forthedefinitionofSCTP.SeeRFC3022[RFC3022]forthedefinitionofNAPT.SeeRFC3234[RFC3234]forthedefinitionofmiddleboxes.AdditionalinformationondefinedUDPandTCPportnumberscanbefoundathttp://www.iana.org/assignments/port-numbers.

5.5natOriginatingAddressRealmDescription:Indicateswhetherthesessionwascreatedbecausetrafficoriginatedintheprivateorpublicaddressrealm.postNATSourceIPv4Address,postNATDestinationIPv4Address,postNAPTSourceTransportPort,andpostNAPTDestinationTransportPortarequalifiedwiththeaddressrealminperspective.Theallowedvaluesare:Private:1Public:2AbstractDataType:unsigned8

DataTypeSemantics:flagsElementId:229Status:currentReference:SeeRFC3022[RFC3022]forthedefinitionofNAT.5.6natEventDescription:IndicatesaNATevent.Theallowedvaluesare:1-Createevent.2-Deleteevent.



13/28


ACreateeventisgeneratedwhenaNATtranslationiscreated,whetherdynamicallyorstatically.ADeleteeventisgeneratedwhenaNATtranslationisdeleted.AbstractDataType:unsigned8DataTypeSemantics:ElementId:230Status:currentReference:SeeRFC3022[RFC3022]forthedefinitionofNAT.5.7initiatorOctetsDescription:Thetotalnumberoflayer4payloadbytesinaflowfromtheinitiator.Theinitiatoristhedevicewhichtriggeredthesessioncreation,andremainsthesameforthelifeofthesession.AbstractDataType:unsigned64DataTypeSemantics:ElementId:231Status:current

5.8responderOctetsDescription:Thetotalnumberoflayer4payloadbytesinaflowfromtheresponder.Theresponderisthedevicewhichrepliestotheinitiator,andremainsthesameforthelifeofthesession.AbstractDataType:unsigned64DataTypeSemantics:ElementId:232Status:current

5.9firewallEventDescription:Indicatesafirewallevent.Theallowedvaluesare:0-Ignore(invalid)1-FlowCreated2-FlowDeleted3-FlowDenied4-FlowAlertAbstractDataType:unsigned8

DataTypeSemantics:ElementId:233Ait en,ClaiseStandardTrac [Page13]


14/28


Status:current5.10ingressVRFIDDescription:AnuniqueidentifieroftheVRFnamewherethepac etsofthisflowarebeingreceived.ThisidentifierisuniqueperMeteringProcessAbstractDataType:unsigned32DataTypeSemantics:ElementId:234Status:current5.11egressVRFIDDescription:AnuniqueidentifieroftheVRFnamewherethepac etsofthisflowarebeingsent.ThisidentifierisuniqueperMeteringProcessAbstractDataType:unsigned32

DataTypeSemantics:ElementId:235Status:current5.12VRFnameDescription:ThenameofaVPNRoutingandForwardingtable(VRF).AbstractDataType:stringElementId:236Status:currentReference:

SeeRFC4364[RFC4364]forthedefinitionofVRF.5.13ethernetHeaderLengthDescription:ThedifferencebetweenthelengthofanEthernetframe(minustheFCS)andthelengthofitsMACClientDatasection(includinganypadding)asdefinedinsection3.1of[IEEE.802-3.2005].ItdoesnotincludethePreamble,SFDandExtensionfieldlengths.AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:240

Status:currentUnits:octetsAit en,ClaiseStandardTrac [Page14]


15/28


Reference:(1)[IEEE.802-3.2005]5.14ethernetPayloadLengthDescription:ThelengthoftheMACClientDatasection(includinganypadding)ofaframeasdefinedinsection3.1of[IEEE.802-3.2005].AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:241Status:currentUnits:octetsReference:(1)[IEEE.802-3.2005]5.15ethernetTotalLengthDescription:ThetotallengthoftheEthernetframe(excludingthePreamble,

SFD,ExtensionandFCSfields)asdescribedinsection3.1of[IEEE.802-3.2005].AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:242Status:currentUnits:octetsReference:(1)[IEEE.802-3.2005]5.16dot1qVlanId

Description:Thevalueofthe12-bitVLANIdentifierportionoftheTagControlInformationfieldofanEthernetframeasdescribedinsection3.5.5of[IEEE.802-3.2005].ThestructureandsemanticswithintheTagControlInformationfieldaredefinedinIEEEP802.1Q.IncaseofaQinQframe,itrepresentstheoutertag'sVLANidentifierandincaseofanIEEE802.1adframeitrepresentstheServiceVLANidentifierintheS-TAGTagControlInformation(TCI)fieldasdescribedin[IEEE.802-1ad.2005].AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:243Status:current

Reference:(1)[IEEE.802-3.2005]Ait en,ClaiseStandardTrac [Page15]


16/28


(2)[IEEE.802-1ad.2005]5.17dot1qPriorityDescription:Thevalueofthe3-bitUserPriorityportionoftheTagControlInformationfieldofanEthernetframeasdescribedinsection3.5.5of[IEEE.802-3.2005].ThestructureandsemanticswithintheTagControlInformationfieldaredefinedinIEEEP802.1Q.IncaseofaQinQframe,itrepresentstheoutertag's3-bitClassofService(CoS)identifierandincaseofanIEEE802.1adframeitrepresentsthe3-bitPriorityCodePoint(PCP)portionoftheS-TAGTagControlInformation(TCI)fieldasdescribedin[IEEE.802-1ad.2005].AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:244Status:currentReference:(1)[IEEE.802-3.2005](2)[IEEE.802-1ad.2005]

5.18dot1qCustomerVlanIdDescription:IncaseofaQinQframe,itrepresentstheinnertag's(*)VLANidentifierandincaseofanIEEE802.1adframeitrepresentstheCustomerVLANidentifierintheC-TAGTagControlInformation(TCI)fieldasdescribedin[IEEE.802-1ad.2005].(*)Note:the801.2Qtagdirectlyfollowingtheouterone.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:245

Status:currentReference:(1)[IEEE.802-1ad.2005](2)[IEEE.802-1Q.2003]5.19dot1qCustomerPriorityDescription:IncaseofaQinQframe,itrepresentstheinnertag's(*)ClassofService(CoS)identifierandincaseofanIEEE802.1adframeitrepresentsthe3-bitPriorityCodePoint(PCP)portionoftheC-TAGTagControlInformation(TCI)fieldasdescribedin

[IEEE.802-1ad.2005].(*)Note:the801.2Qtagdirectlyfollowingtheouterone.Ait en,ClaiseStandardTrac [Page16]


17/28


AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:246Status:currentReference:(1)[IEEE.802-1ad.2005](2)[IEEE.802-1Q.2003]5.20metroEvcIdDescription:TheEVCServiceAttributewhichuniquelyidentifiestheEthernetVirtualConnection(EVC)withinaMetroEthernetNetwor

,asdefinedinsection6.2ofMEF10.1.TheMetroEVCIDisencodedinastringofupto100characters.AbstractDataType:stringElementId:247Status:currentReference:(1)MEF10.1(EthernetServicesAttributesPhase2)(2)MEF16(EthernetLocalManagementInterface)

5.21metroEvcTypeDescription:The3-bitEVCServiceAttributewhichidentifiesthetypeofserviceprovidedbyanEVC.AbstractDataType:unsigned8DataTypeSemantics:identifierElementId:248Status:currentReference:(1)MEF10.1(EthernetServicesAttributesPhase2)

(2)MEF16(EthernetLocalManagementInterface)5.22pseudoWireIdDescription:A32-bitnon-zeroconnectionidentifier,whichtogetherwiththepseudoWireType,identifiesthePseudoWire(PW)asdefinedinRFC4447[RFC4447].AbstractDataType:unsigned32DataTypeSemantics:identifierElementId:249Status:current

Reference:SeeRFC4447[RFC4447]forpseudowiredefinitions.Ait en,ClaiseStandardTrac [Page17]


18/28


5.23pseudoWireTypeDescription:ThevalueofthisinformationelementidentifiesthetypeofMPLSPseudoWire(PW)asdefinedinRFC4446.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:250Status:currentReference:SeeRFC4446[RFC4446]forthepseudowiretypedefinition,andhttp://www.iana.org/assignments/pwe3-parametersfortheIANAPseudowireTypesRegistry.5.24pseudoWireControlWordDescription:The32-bitPreferredPseudoWire(PW)MPLSControlWordasdefinedinSection3ofRFC4385[RFC4385].

AbstractDataType:unsigned32DataTypeSemantics:identifierElementId:251Status:currentReference:SeeRFC4385[RFC4385]forthePseudoWireControlWorddefinition.5.25ingressPhysicalInterfaceDescription:Theindexofanetwor ingdevice'sphysicalinterface(example,a

switchport)wherepac

etsofthisflowarebeingreceived.AbstractDataType:unsigned32DataTypeSemantics:identifierElementId:252Status:currentReference:SeeRFC2863[RFC2863]forthedefinitionoftheifIndexobject.5.26egressPhysicalInterfaceDescription:Theindexofanetwor ingdevice'sphysicalinterface(example,a

switchport)wherepac

etsofthisflowarebeingsent.Ait en,ClaiseStandardTrac [Page18]


19/28


AbstractDataType:unsigned32DataTypeSemantics:identifierElementId:253Status:currentReference:SeeRFC2863[RFC2863]forthedefinitionoftheifIndexobject.5.27postDot1qVlanIdDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'dot1qVlanId',exceptthatitreportsapotentiallymodifiedvaluecausedbyamiddleboxfunctionafterthepac etpassedtheObservationPoint.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:254Status:currentReference:(1)[IEEE.802-3.2005](2)[IEEE.802-1ad.2005]

5.28postDot1qCustomerVlanIdDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'dot1qCustomerVlanId',exceptthatitreportsapotentiallymodifiedvaluecausedbyamiddleboxfunctionafterthepac etpassedtheObservationPoint.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:255Status:current

Reference:(1)[IEEE.802-1ad.2005](2)[IEEE.802-1Q.2003]5.29ethernetTypeDescription:TheEthernettypefieldofanEthernetframethatidentifiestheMACclientprotocolcarriedinthepayloadasdefinedinparagraph1.4.349of[IEEE.802-3.2005].AbstractDataType:unsigned16DataTypeSemantics:identifier

ElementId:256Status:currentAit en,ClaiseStandardTrac [Page19]


20/28


Reference:(1)[IEEE.802-3.2005](2)Ethertyperegistryavailableathttp://standards.ieee.org/regauth/ethertype/eth.txt5.30selectorNameDescription:ThenameofaselectoridentifiedbyaselectorID.GloballyuniqueperMeteringProcess.AbstractDataType:stringElementId:335Status:current6.Relationshipbetweendot1qVlanIdandvlanIdTheIPFIXInformationModel[RFC5102]specifiesthevlanIdInformationElement,whilethisdocumentspecifiesthedot1qVlanId.ThevlanIdInformationElementreferences[IEEE.802-1Q.2003],while

thedot1qVlanIdreferences[IEEE.802-3.2005]and[IEEE.802-1ad.2005].Sincethe[IEEE.802-1ad.2005]supersedesthe[IEEE.802-1Q.2003](itmentions:"AmendmenttoIEEEStd802.1Q-2005".),thenthedot1qVlanIdsupersedesvlanId.***IANAACTION***AsaconsequencethevlanIdspecifiedintheIPFIXInformationModel[RFC5102]isnowdeprecated:vlanIdDescription:

TheIEEE802.1QVLANidentifier(VID)extractedfromtheTagControlInformationfieldthatwasattachedtotheIPpac et.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:58Status:deprecatedReference:See[IEEE.802-1Q.2003].***IANAACTION***ThisdocumentalsospecifiespostDot1qVlanId,inconnectionwiththe

dot1qCustomerVlanId.Asaconsequence,thepostVlanIdspecifiedintheIPFIXInformationModel[RFC5102]isnowdeprecated:Ait en,ClaiseStandardTrac [Page20]


21/28


postVlanIdDescription:ThedefinitionofthisInformationElementisidenticaltothedefinitionofInformationElement'vlanId',exceptthatitreportsapotentiallymodifiedvaluecausedbyamiddleboxfunctionafterthepac etpassedtheObservationPoint.AbstractDataType:unsigned16DataTypeSemantics:identifierElementId:59Status:deprecatedReference:See[IEEE.802-1Q.2003].7.RelationshipbetweeninterfacerelatedInformationElementsTheIPFIXInformationModel[RFC5102]specifiestheingressInterface(#10)andegressInterface(#14)informationelements,whilethisdocumentspecifiestheingressPhysicalInterfaceandegressPhysicalInterface.TheIPFIXdefinitionsforingressInterfaceandegressInterfaceare

somewhatvague,essentiallyincaseofthevirtualinterfaces.Letusconsidertraffictransitingatunnel,wherethevirtualandphysicalinterfacesaredifferent.IfoneimplementationusestheingressInterfaceandegressInterfacetoreportthephysicalinterfaceswhileanotherimplementationusesthesameinformationelementstoreportthevirtualinterfaces,withoutsomehowma ingthiscleartotheCollector,thenanyreportsandanalysisaregoingtobes ewed.ThespecificationsofingressPhysicalInterfaceandegressPhysicalInterfaceclarifiesthesituation.Therelationshipbetweenthemultiplesub-layersofnetwor

interfacesisspecifiedintheifStac

TableMIBtableintheinterfaceMIB[RFC2863].8.IANAConsiderationsThisdocumentspecifiesnewIPFIXInformationElementsintworanges.InformationElementsintherange1to127arecompatiblewithfieldtypesusedbyNetFlowversion9[RFC3954].TheseInformationElementswerepreviouslyRESERVEDaccordingtotheIPFIXInformationModel[RFC5102]andIANA.TheseshouldbeallocatedimmediatelywiththespecifiedIDstoretainbac wardscompatibilitywithNetFlow

version9[RFC3954].Ait en,ClaiseStandardTrac [Page21]


22/28


TheremainderoftheInformationElements(intherange128andup)arenew,andarethereforesubjecttoexpertreviewasspecifiedintheIPFIXInformationModel[RFC5102].TheyarelistedherewiththeidealInformationElementidentifiersthatwewouldli

eIANAtoassign.Inaddition,someIANAactionshavebeenhighlightedinsection7.Finally,theforwardingStatusInformationElementrequiresthecreationofnewIANAregistries.9.References9.1NormativeReferences[RFC768]Postel,J.,"UserDatagramProtocol",STD6,RFC768,August1980.[RFC791]J.Postel,"InternetProtocol.DARPAInternetProgram.ProtocolSpecification,"RFC791,September1981.[RFC793]J.Postel,"TransmissionControlProtocol",September

1981.[RFC1112]B.Braden,"RequirementsforInternethosts-communicationlayers",Octobre1989.[RFC1812]Ba er,F.,Ed.,"RequirementsforIPVersion4Routers",RFC1812,June1995.[RFC2119]Bradner,S.,"KeywordsforuseinRFCstoIndicateRequirementLevels",BCP14,RFC2119,March1997[RFC2460]Deering,S.andR.Hinden,"InternetProtocol,Version6(IPv6)Specification",RFC2460,December1998.

[RFC2863]McCloghrie,K.andF.Kastenholz,"TheInterfacesGroupMIB",RFC2863,June2000.[RFC4291]Hinden,R.andS.Deering,"IPVersion6AddressingArchitecture",RFC4291,February2006.[RFC4364]Rosen,E.andY.Re

hter,"BGP/MPLSIPVirtualPrivateNetwor s(VPNs)",RFC4364,February2006.[RFC4385]Bryant,S.,Swallow,G.,Martini,L.,andD.McPherson,"PseudowireEmulationEdge-to-Edge(PWE3)ControlWordforUseoveranMPLSPSN",RFC4385,February2006.



23/28


[RFC4446]Martini,L.,"IANAAllocationsforPseudowireEdgetoEdgeEmulation(PWE3)",BCP116,RFC4446,April2006.[RFC4447]Martini,L.,Ed.,Rosen,E.,El-Aawar,N.,Smith,T.,andG.Heron,"PseudowireSetupandMaintenanceUsingtheLabelDistributionProtocol(LDP)",RFC4447,April2006.[RFC4960]Stewart,R.,Ed.,"StreamControlTransmissionProtocol",RFC4960,September2007.[RFC5101]Claise,B.,Ed.,"SpecificationoftheIPFlowInformationExport(IPFIX)ProtocolfortheExchangeofIPTrafficFlowInformation",RFC5101,January2008.[RFC5102]Quitte ,J.,Bryant,S.,Claise,B.,Ait en,P.,andJ.Meyer,"InformationModelforIPFlowInformationExport",RFC5102,January2008.[IEEE.802-1ad.2005]"IEEEStandardforLocalandMetropolitanAreaNetwor s---VirtualBridgedLocalAreaNetwor s---Amendment4:ProviderBridges",IEEE802.1ad-2005,May26,2006.

[IEEE.802-1Q.2003]"IEEEStandardsforLocalandMetropolitanAreaNetwor s:VirtualBridgedLocalAreaNetwor s",IEEE802.1Q,2003Edition-2003.[IEEEStd802.1Q-2005]"IEEEStandardforLocalandMetropolitanAreaNetwor s---VirtualBridgedLocalAreaNetwor s",IEEE802.1Q-2005,May19,2006.[IEEE.802-3.2005]"IEEEStandardforInformationTechnology-

TelecommunicationsandInformationExchangeBetweenSystems-LocalandMetropolitanAreaNetwor s-SpecificRequirementsPart3:CarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)AccessMethodandPhysicalLayerSpecifications",IEEE802.3-2005,Dec09,2005.[ISO_IEC.7498-1_1994]InternationalOrganizationforStandardization,"Informationtechnology--OpenSystemsInterconnection--BasicReferenceModel:TheBasicMode",ISOStandard7498-1:1994,June1996.9.2InformativeReferences



24/28


[RFC3022]Srisuresh,P.andK.Egevang,"TraditionalIPNetwor AddressTranslator(TraditionalNAT)",RFC3022,January2001.[RFC3234]Carpenter,B.andS.Brim,"Middleboxes:TaxonomyandIssues",RFC3234,February2002.[RFC3260]Grossman,D.,"NewTerminologyandClarificationsforDiffserv",RFC3260,April2002.[RFC3917]Quitte ,J.,Zseby,T.,Claise,B.,Zander,S.,"RequirementsforIPFlowInformationExport"RFC3917,October2004[RFC3954]Claise,B.,etal"CiscoSystemsNetFlowServicesExportVersion9",RFC3954,October2004[IPFIX-ARCH]Sadasivan,G.,Brownlee,N.,Claise,B.,Quitte ,J.,"ArchitectureModelforIPFlowInformationExport"draft-ietf-ipfix-architecture-12,September2006[IPFIX-AS]Zseby,T.,Boschi,E.,Brownlee,N.,Claise,B.,"IPFIX

Applicability",draft-ietf-ipfix-as-12.txt,June2007[PSAMP-FMWK]D.Chiou,B.Claise,N.Duffield,A.Greenberg,M.Grossglauser,P.Marimuthu,J.Rexford,G.Sadasivan,"AFramewor forPassivePac etMeasurement"draft-ietf-psamp-framewor -12.txt[PSAMP-TECH]T.Zseby,M.Molina,N.Duffield,S.Niccolini,F.Raspall,"SamplingandFilteringTechniquesforIPPac etSelection"draft-ietf-psamp-sample-tech-10.txt

[PSAMP-PROTO]B.Claise(Ed.),"Pac

etSampling(PSAMP)ProtocolSpecifications",RFCXXXX.[CurrentlyInternetDraftdraft-ietf-psamp-protocol-09.txt,wor inprogress,December2007].[PSAMP-INFO]T.Dietz,F.Dressler,G.Carle,B.Claise,"InformationModelforPac etSamplingExports",draft-ietf-psamp-info-08.txt[PSAMP-MIB]Dietz,T.,Claise,B."DefinitionsofManagedObjectsforPac etSampling",Internet-Draftwor inprogress,June2006



25/28


10.SecurityConsiderationsTheIPFIXinformationmodelitselfdoesnotdirectlyintroducesecurityissues.Rather,itdefinesasetofattributesthatmayforprivacyorbusinessissuesbeconsideredsensitiveinformation.11.ContributorsGaneshMurthyCiscoSystems,Inc.3850Zan

erRoadSanJose,CALIFORNIA95134UnitedStatesPhone:+14088537869EMail:[email protected],Inc.TorriBianche-FaggioBldgLotH1

ViaTorriBianche7Vimercate20059ItalyPhone:+390396295244EMail:[email protected] nowledgementsTheeditorswouldli etothan thefollowingpersonsfortheirreviewsoftheinformationelementsspecifications:AndrewJohnson,

GennadyDosovits

y,GeorgeSerpa,Mi

eTracy,NagarajVaradharajan,SenthilSiva umar,StanYates,StewartBryantandRolandDobbins.Thecontributorswishtothan thefollowingindividualsfordiscussionsandfeedbac

:BobKlessig,NeilMcGill,SamerSalam,YibinYang,RaviSamprathiandPrasannaRajah.13.Authors'AddressesPaulAit enCiscoSystems,Inc.96CommercialQuayEdinburghEH66LX



26/28


ScotlandPhone:+441315613616EMail:pait

[email protected],Inc.DeKleetlaan6ab1Diegem1831BelgiumPhone:+3227045622EMail:[email protected] esnopositionregardingthevalidityorscopeofanyIntellectualPropertyRightsorotherrightsthatmightbeclaimedtopertaintotheimplementationoruseofthe

technologydescribedinthisdocumentortheextenttowhichanylicenseundersuchrightsmightormightnotbeavailable;nordoesitrepresentthatithasmadeanyindependentefforttoidentifyanysuchrights.InformationontheprocedureswithrespecttorightsinRFCdocumentscanbefoundinBCP78andBCP79.CopiesofIPRdisclosuresmadetotheIETFSecretariatandanyassurancesoflicensestobemadeavailable,ortheresultofanattemptmadetoobtainagenerallicenseorpermissionfortheuseofsuchproprietaryrightsbyimplementersorusersofthisspecificationcanbeobtainedfromtheIETFon-lineIPRrepositoryathttp://www.ietf.org/ipr.

TheIETFinvitesanyinterestedpartytobringtoitsattentionanycopyrights,patentsorpatentapplications,orotherproprietaryrightsthatmaycovertechnologythatmayberequiredtoimplementthisstandard.PleaseaddresstheinformationtotheIETFatietf-ipr@ietf.org.15.CopyrightStatementCopyright(C)TheIETFTrust(2008).Thisdocumentissubjecttotherights,licensesandrestrictionscontainedinBCP78,andexceptassetforth

therein,theauthorsretainalltheirrights.Ait en,ClaiseStandardTrac [Page26]


27/28


16.DisclaimerThisdocumentandtheinformationcontainedhereinareprovidedonan"ASIS"basisandTHECONTRIBUTOR,THEORGANIZATIONHE/SHEREPRESENTSORISSPONSOREDBY(IFANY),THEINTERNETSOCIETY,THEIETFTRUSTANDTHEINTERNETENGINEERINGTASKFORCEDISCLAIMALLWARRANTIES,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOANYWARRANTYTHATTHEUSEOFTHEINFORMATIONHEREINWILLNOTINFRINGEANYRIGHTSORANYIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.



28/28

Draft Aitken Ipfix New Infos 03

Documents

Transcript of Draft Aitken Ipfix New Infos 03