One document matched: draft-ietf-ipfix-exporting-type-01.txt
Differences from draft-ietf-ipfix-exporting-type-00.txt
IPFIX Working Group E. Boschi
Internet-Draft Hitachi Europe
Intended status: Standards Track B. Trammell
Expires: August 28, 2008 CERT/NetSA
L. Mark
T. Zseby
Fraunhofer FOKUS
February 25, 2008
Exporting Type Information for IPFIX Information Elements
draft-ietf-ipfix-exporting-type-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 28, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract
This document describes an extension to IPFIX to allow the encoding
of IPFIX Information Model properties within an IPFIX Message stream,
to allow the export of extended type information for enterprise-
specific Information Elements. This format is designed to facilitate
Boschi, et al. Expires August 28, 2008 [Page 1]
Internet-Draft IPFIX Type Information February 2008
interoperability and reusability among a wide variety of applications
and tools.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Type Information Export . . . . . . . . . . . . . . . . . . . 5
3.1. informationElementDataType . . . . . . . . . . . . . . . . 5
3.2. informationElementDescription . . . . . . . . . . . . . . 6
3.3. informationElementName . . . . . . . . . . . . . . . . . . 6
3.4. informationElementRangeBegin . . . . . . . . . . . . . . . 6
3.5. informationElementRangeEnd . . . . . . . . . . . . . . . . 7
3.6. informationElementSemantics . . . . . . . . . . . . . . . 7
3.7. informationElementUnits . . . . . . . . . . . . . . . . . 8
3.8. privateEnterpriseNumber . . . . . . . . . . . . . . . . . 9
3.9. Information Element Type Options Template . . . . . . . . 9
3.10. Data Type and Semantics Restrictions . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1. Normative References . . . . . . . . . . . . . . . . . . . 13
7.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property and Copyright Statements . . . . . . . . . . 19
Boschi, et al. Expires August 28, 2008 [Page 2]
Internet-Draft IPFIX Type Information February 2008
1. Introduction
The IPFIX protocol specification allows the creation of enterprise-
specific Information Elements to easily extend the protocol to meet
requirements which aren't covered by the existing Information Model.
However, IPFIX Templates provide only the ability to export the size
of the fields defined by these Information Elements; there is no
mechanism to provide full type information for these Information
Elements as is defined for the Information Elements in the IPFIX
Information Model.
This limits the interoperability of enterprise-specific Information
Elements. It is not possible to use analysis tools on IPFIX records
containing these partially defined Information Elements that have not
been developed with a priori knowledge of their types, since such
tools will not be able to decode them; these tools can only treat and
store them as opaque octet arrays. However, if richer information is
available, additional operations such as efficient storage, display,
and limited analysis of records containing enterprise-specific
Information Elements become possible, even for Collecting Processes
that had not been specifically developed to understand them.
This document proposes a mechanism to encode the full set of
properties available for the definition of Information Elements
within the IPFIX Information Model inline within an IPFIX Message
stream using IPFIX Options. This mechanism may be used to fully
define type information for Information Elements used within a
message stream, without resort to an external reference or reliance
on out-of-band configuration.
Note that the solution described in this draft is only for providing
interoperability for enterprise specific information elements that
are not yet standardized. The solution introduces overhead and does
not lead to real interoperability as provided by standards.
Therefore we highly recommend to standardize all new information
elements by registering them with IANA. Standardization is
straightforward. The type information that needs to be specified in
order to support the proposed solution provides a perfect basis for
the description required for standardizing the information element.
We assume that the proposed solution is mainly used in the following
two situations: a) for information elements for very specific
solutions or in very specific environments for which a
standardization might not seem necessary because only few users are
using it or b) temporarily for new information elements before they
are standardized or to first investigate whether they become popular
enough to become standardized.
Boschi, et al. Expires August 28, 2008 [Page 3]
Internet-Draft IPFIX Type Information February 2008
It might happen that information elements previously described by the
proposed exporting type information later become a standard
information element. In some environments old and new version of the
information element can coexist. A translation between information
elements expressed by the described solution and standardized
information elements is not necessary. Collectors will act in
accordance to their capabilities and ignore messages that they do not
support.
1.1. IPFIX Documents Overview
"Specification of the IPFIX Protocol for the Exchange of IP Traffic
Flow Information" [RFC5101] (informally, the IPFIX Protocol document)
and its associated documents define the IPFIX Protocol, which
provides network engineers and administrators with access to IP
traffic flow information.
"Architecture for IP Flow Information Export" [I-D.ietf-ipfix-arch]
(the IPFIX Architecture document) defines the architecture for the
export of measured IP flow information out of an IPFIX Exporting
Process to an IPFIX Collecting Process, and the basic terminology
used to describe the elements of this architecture, per the
requirements defined in "Requirements for IP Flow Information Export"
[RFC3917]. The IPFIX Protocol document [RFC5101] then covers the
details of the method for transporting IPFIX Data Records and
Templates via a congestion-aware transport protocol from an IPFIX
Exporting Process to an IPFIX Collecting Process.
"Information Model for IP Flow Information Export" [RFC5102]
(informally, the IPFIX Information Model document) describes the
Information Elements used by IPFIX, including details on Information
Element naming, numbering, and data type encoding.
This document references the Protocol and Architecture documents for
terminology and extends the IPFIX Information Model to provide new
Information Elements for the representation of Information Element
properties.
2. Terminology
Terms used in this document that are defined in the Terminology
section of the IPFIX Protocol [RFC5101] document are to be
interpreted as defined there.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Boschi, et al. Expires August 28, 2008 [Page 4]
Internet-Draft IPFIX Type Information February 2008
3. Type Information Export
This section describes the mechanism used to encode Information
Element type information within an IPFIX Message stream. This
mechanism consists of an Options Template Record used to define
Information Element type records, and a set of Information Elements
required by these type records. We first specify the necessary
Information Elements, followed by the Information Element Type
Options Template itself. Note that Information Element type records
require one Information Element, informationElementId, that is
defined in the PSAMP Information Model [I-D.ietf-psamp-info].
3.1. informationElementDataType
Description: A description of the storage type of an IPFIX
information element. These correspond to the abstract data types
defined in section 3.1 of the IPFIX Information Model [RFC5102];
see that section for more information on the types described
below. This field may take the following values:
+-------+----------------------+
| Value | Description |
+-------+----------------------+
| 0x00 | octetArray |
| 0x01 | unsigned8 |
| 0x02 | unsigned16 |
| 0x03 | unsigned32 |
| 0x04 | unsigned64 |
| 0x05 | signed8 |
| 0x06 | signed16 |
| 0x07 | signed32 |
| 0x08 | signed64 |
| 0x09 | float32 |
| 0x0A | float64 |
| 0x0B | boolean |
| 0x0C | macAddress |
| 0x0D | string |
| 0x0E | dateTimeSeconds |
| 0x0F | dateTimeMilliseconds |
| 0x10 | dateTimeMicroseconds |
| 0x11 | dateTimeNanoseconds |
| 0x12 | ipv4Address |
| 0x13 | ipv6Address |
+-------+----------------------+
These types are registered in the IANA IPFIX Information Element
Data Type subregistry. This subregistry is intended to assign
numbers for type names, not to provide a mechanism for adding data
Boschi, et al. Expires August 28, 2008 [Page 5]
Internet-Draft IPFIX Type Information February 2008
types to the IPFIX Protocol, and as such requires a Standards
Action [RFC2434] to modify.
Abstract Data Type: unsigned8
ElementId: TBD1
Status: Proposed
Reference: Section 3.1 of the IPFIX Information Model [RFC5102]
3.2. informationElementDescription
Description: A string containing a human-readable description of an
Information Element.
Abstract Data Type: string
Data Type Semantics: identifier
ElementId: TBD2
Status: Proposed
3.3. informationElementName
Description: A string containing the name of an Information
Element.
Abstract Data Type: string
Data Type Semantics: identifier
ElementId: TBD3
Status: Proposed
3.4. informationElementRangeBegin
Description: Contains the inclusive low end of the range of
acceptable values for an Information Element. Not valid and
SHOULD be ignored by a Collecting Process unless
informationElementRangeEnd is also available for the same
Information Element.
Boschi, et al. Expires August 28, 2008 [Page 6]
Internet-Draft IPFIX Type Information February 2008
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: TBD4
Status: Proposed
3.5. informationElementRangeEnd
Description: Contains the inclusive high end of the range of
acceptable values for an Information Element. Not valid and
SHOULD be ignored by a Collecting Process unless
informationElementRangeBegin is also available for the same
Information Element.
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: TBD5
Status: Proposed
3.6. informationElementSemantics
Description: A description of the semantics of an IPFIX information
element. These correspond to the data type semantics defined in
section 3.2 of the IPFIX Information Model [RFC5102]; see that
section for more information on the types described below. This
field may take the following values; the special value 0x00 (none)
is used to note that no semantics apply to the field; it cannot be
manipulated by a Collecting Process or File Reader that does not
understand it a priori.
+-------+--------------+
| Value | Description |
+-------+--------------+
| 0x00 | none |
| 0x01 | quantity |
| 0x02 | totalCounter |
| 0x03 | deltaCounter |
| 0x04 | identifier |
| 0x05 | flags |
+-------+--------------+
These semantics are registered in the IANA IPFIX Information
Element Semantics subregistry. This subregistry is intended to
Boschi, et al. Expires August 28, 2008 [Page 7]
Internet-Draft IPFIX Type Information February 2008
assign numbers for semantics names, not to provide a mechanism for
adding semantics to the IPFIX Protocol, and as such requires a
Standards Action [RFC2434] to modify.
Abstract Data Type: unsigned8
ElementId: TBD6
Status: Proposed
Reference: Section 3.2 of the IPFIX Information Model [RFC5102]
3.7. informationElementUnits
Description: A description of the units of an IPFIX Information
Element. These correspond to the units implicitly defined in the
Information Element definitions in section 5 of the IPFIX
Information Model [RFC5102]; see that section for more information
on the types described below. This field may take the following
values; the special value 0x00 (none) is used to note that the
field is unitless.
+--------+---------------+---------------------------+
| Value | Name | Notes |
+--------+---------------+---------------------------+
| 0x0000 | none | |
| 0x0001 | bits | |
| 0x0002 | octets | |
| 0x0003 | packets | |
| 0x0004 | flows | |
| 0x0005 | seconds | |
| 0x0006 | milliseconds | |
| 0x0007 | microseconds | |
| 0x0008 | nanoseconds | |
| 0x0009 | 4-octet words | for IPv4 header length |
| 0x000A | messages | for reliability reporting |
| 0x000B | hops | for TTL |
| 0x000C | entries | for MPLS label stack |
+--------+---------------+---------------------------+
These types are registered in the IANA IPFIX Information Element
Units subregistry; new types may be added on a First Come First
Served [RFC2434] basis.
Abstract Data Type: unsigned16
Boschi, et al. Expires August 28, 2008 [Page 8]
Internet-Draft IPFIX Type Information February 2008
ElementId: TBD7
Status: Proposed
Reference: Section 5 of the IPFIX Information Model [RFC5102]
3.8. privateEnterpriseNumber
Description: A private enterprise number used to scope an
informationElementID, as would appear in an IPFIX Template Record.
This element can be used to scope properties to a specific
Information Element. If the Enterprise ID bit of the
corresponding Information Element is cleared (has the value 0),
this IE should be set to 0. The presence of a non-zero value in
this IE implies that the Enterprise ID bit of the corresponding
Information Element is set (has the value 1).
Abstract Data Type: unsigned32
Data Type Semantics: identifier
ElementId: TBD8
Status: Proposed
Reference: Section 3.4.1 of the IPFIX Protocol [RFC5101]
3.9. Information Element Type Options Template
The Information Element Type Options Template attaches type
information to Information Elements used within Template Records, as
scoped to an Observation Domain within a Transport Session. This
provides a mechanism for representing an IPFIX Information Model
inline within an IPFIX Message stream. Data Records described by
this template are referred to as Information Element type records.
In deployments in which interoperability across vendor
implementations of IPFIX is important, an Exporting Process exporting
data using Templates containing enterprise-specific Information
Elements SHOULD export an Information Element type record for each
enterprise-specific Information Element it exports. Collecting
Processes MAY use these type records to improve handling of unknown
enterprise-specific Information Elements. Exporting Processes using
enterprise-specific Information Elements to implement proprietary
features MAY omit type records for those Information Elements.
Information Element type records MUST be handled by Collecting
Processes as scoped to the Transport Session in which they are sent;
Boschi, et al. Expires August 28, 2008 [Page 9]
Internet-Draft IPFIX Type Information February 2008
this facility is not intended to provide a method for the permanent
definition of Information Elements.
Similarly, for security reasons, type information for a given
Information Element MUST NOT be re-defined by Information Element
type records, and a Collecting Process MUST NOT allow an Information
Element type record to replace its own internal definition of an
Information Element. Information Element type records SHOULD NOT be
duplicated within a Transport Session, but once an Information
Element type record has been exported for a given Information Element
within a given Transport Session, all subsequent type records for
that Information Element MUST be identical. Conflicting semantic or
type information MUST be ignored by a Collecting Process.
The template SHOULD contain the following Information Elements as
defined in the PSAMP Information Model [I-D.ietf-psamp-info] and in
this document, above:
+-------------------------------+-----------------------------------+
| IE | Description |
+-------------------------------+-----------------------------------+
| informationElementID | The Information Element |
| | identifier of the Information |
| | Element within the specified |
| | Template this record describes. |
| | This Information Element MUST be |
| | defined as a Scope Field. See |
| | the PSAMP Information Model |
| | [I-D.ietf-psamp-info] for a |
| | definition of this field. |
| privateEnterpriseNumber | The Private Enterprise number of |
| | the Information Element within |
| | the specified Template this |
| | record describes. This |
| | Information Element MUST be |
| | defined as a Scope Field. |
| informationElementDataType | The storage type of the specified |
| | Information Element. |
| informationElementSemantics | The semantic type of the |
| | specified Information Element. |
| informationElementUnits | The units of the specified |
| | Information Element. This |
| | element MAY be omitted if the |
| | Information Element is a unitless |
| | quantity, or a not a quantity or |
| | counter. |
Boschi, et al. Expires August 28, 2008 [Page 10]
Internet-Draft IPFIX Type Information February 2008
| informationElementRangeBegin | The low end of the range of |
| | acceptable values for the |
| | specified Information Element. |
| | This element MAY be omitted if |
| | the Information Element's |
| | acceptable range is defined by |
| | its data type. |
| informationElementRangeEnd | The high end of the range of |
| | acceptable values for the |
| | specified Information Element. |
| | This element MAY be omitted if |
| | the Information Element's |
| | acceptable range is defined by |
| | its data type. |
| informationElementName | The name of the specified |
| | Information Element. |
| informationElementDescription | A human readable description of |
| | the specified Information |
| | Element. This element MAY be |
| | omitted in the interest of export |
| | efficiency. |
+-------------------------------+-----------------------------------+
3.10. Data Type and Semantics Restrictions
Note that the informationElementSemantics values are primarily
intended to differentiate semantic interpretation of numeric values,
and that not all combinations of the informationElementDataType and
informationElementSemantics Information Elements are valid; e.g., a
counter cannot be encoded as an IPv4 address. Any
informationElementSemantics value is valid for unsigned
informationElementDataType values ("unsigned8", "unsigned16",
"unsigned32", or "unsigned64"). Any informationElementSemantics
value except flags is valid for signed informationElementDataType
values ("signed8", "signed16", "signed32", or "signed64"). Any
informationElementSemantics value except "identifier" or "flags" is
valid for floating-point informationElementDataType values ("float32"
or "float64"). Only the informationElementSemantics value "none" is
valid for all other other informationElementDataType values
("octetArray", "boolean", "macAddress", "string", "dateTimeSeconds",
"dateTimeMilliseconds", "dateTimeMicroseconds",
"dateTimeNanoseconds", "ipv4Address", or "ipv6Address").
Information Element type records containing invalid combinations of
informationElementSemantics and informationElementDataType MUST NOT
be sent by Exporting Processes, and MUST be ignored by Collecting
Processes.
Boschi, et al. Expires August 28, 2008 [Page 11]
Internet-Draft IPFIX Type Information February 2008
Future standards actions that modify the Information Element Data
Type subregistry or the Information Element Semantics subregistry
should contain a Data Type and Semantics Restrictions sections such
as this one to define allowable combinations of type and semantics
information.
4. Security Considerations
The same security considerations as for the IPFIX Protocol [RFC5101]
apply.
5. IANA Considerations
This document specifies the creation of several new IPFIX Information
Elements in the IPFIX Information Element registry located at
http://www.iana.org/assignments/ipfix, as defined in section 3 above.
IANA has assigned the following Information Element numbers for their
respective Information Elements as specified below:
o Information Element Number TBD1 for the informationElementDataType
Information Element
o Information Element Number TBD2 for the
informationElementDescription Information Element
o Information Element Number TBD3 for the informationElementName
Information Element
o Information Element Number TBD4 for the
informationElementRangeBegin Information Element
o Information Element Number TBD5 for the informationElementRangeEnd
Information Element
o Information Element Number TBD6 for the
informationElementSemantics Information Element
o Information Element Number TBD7 for the informationElementUnits
Information Element
o Information Element Number TBD8 for the privateEnterpriseNumber
Information Element
o [NOTE for IANA: The text TBD1, TBD2, TBD3, TBD4, TBD5, TBD6, TBD7,
and TBD8 should be replaced with the respective assigned
Information Element numbers where they appear in this document.]
Boschi, et al. Expires August 28, 2008 [Page 12]
Internet-Draft IPFIX Type Information February 2008
IANA has created an Information Element Data Type subregistry for the
values defined for the informationElementSemantics Information
Element. Entries may be added to this subregistry subject to a
Standards Action [RFC2434].
[NOTE for IANA: Please create a new Information Element Data Type
subregistry as specified in the paragraph above, with values taken
from section 3.1 of this document.]
IANA has created an Information Element Semantics subregistry for the
values defined for the informationElementSemantics Information
Element. Entries may be added to this subregistry subject to a
Standards Action [RFC2434].
[NOTE for IANA: Please create a new Information Element Semantics
subregistry as specified in the paragraph above, with values taken
from section 3.6 of this document.]
IANA has created an Information Element Units subregistry for the
values defined for the informationElementUnits Information Element.
Entries may be added to this subregistry on an Expert Review
[RFC2434] basis.
[NOTE for IANA: Please create a new Information Element Units
subregistry as specified in the paragraph above, with values taken
from section 3.7 of this document.]
6. Acknowledgements
Thanks to Paul Aitken for the detailed technical review, and to David
Moore for first raising this issue to the IPFIX mailing list.
7. References
7.1. Normative References
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
Meyer, "Information Model for IP Flow Information Export",
RFC 5102, January 2008.
[I-D.ietf-psamp-info]
Dietz, T., Claise, B., Aitken, P., Dressler, F., and G.
Boschi, et al. Expires August 28, 2008 [Page 13]
Internet-Draft IPFIX Type Information February 2008
Carle, "Information Model for Packet Sampling Exports",
draft-ietf-psamp-info-08 (work in progress),
February 2008.
7.2. Informative References
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander,
"Requirements for IP Flow Information Export (IPFIX)",
RFC 3917, October 2004.
[I-D.ietf-ipfix-arch]
Sadasivan, G. and N. Brownlee, "Architecture Model for IP
Flow Information Export", draft-ietf-ipfix-arch-02 (work
in progress), October 2003.
[RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export
Using IP Flow Information Export (IPFIX)", RFC 5103,
January 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
Appendix A. Examples
The following example illustrates how the type information extension
mechanism defined in this document may be used to describe the
semantics of enterprise-specific Information Elements. The
Information Elements used in this example are as follows:
o initialTCPFlags, CERT (PEN 6871) private IE 14, 1 octet, the TCP
flags on the first TCP packet in the flow.
o unionTCPFlags, CERT (PEN 6871) private IE 15, 1 octet, the union
of the TCP flags on all packets after the first TCP packet in the
flow.
An Exporting Process exporting flows containing these Information
Elements might use a Template like the following:
Boschi, et al. Expires August 28, 2008 [Page 14]
Internet-Draft IPFIX Type Information February 2008
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 2 | Length = 52 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 256 | Field Count = 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| flowStartSeconds 150 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| sourceIPv4Address 8 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| destinationIPv4Address 12 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| sourceTransportPort 7 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| destinationTransportPort 11 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| octetTotalCount 85 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1| (initialTCPFlags) 14 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PEN 6871 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1| (unionTCPFlags) 15 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PEN 6871 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| protocolIdentifier 4 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Template with Enterprise-Specific IEs
However, a Collecting Process receiving Data Sets described by this
Template can only treat the enterprise-specific Information Elements
as opaque octets; specifically, there is no hint to the collector
that they contain flag information. To use the type information
extension mechanism to address this problem, the Exporting Process
would first export the Information Element Type Options Template
described in section 3.9 above:
Boschi, et al. Expires August 28, 2008 [Page 15]
Internet-Draft IPFIX Type Information February 2008
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 257 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 2 |0| priv.EnterpriseNumber TBD8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| informationElementId 303 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 2 |0| inf.El.DataType TBD1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| inf.El.Semantics TBD6 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| inf.El.Name TBD3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 65536 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Example Information Element Type Options Template
Then, the Exporting Process would then export two records described
by the Example Information Element Type Options Template to describe
the enterprise-specific Information Elements:
Boschi, et al. Expires August 28, 2008 [Page 16]
Internet-Draft IPFIX Type Information February 2008
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 257 | Length = 50 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PEN 6871 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IE 14 |0x01 unsigned8 |0x05 flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 15 length | |
+-+-+-+-+-+-+-+-+ |
| "initialTCPFlags" |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PEN 6871 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IE 15 |0x01 unsigned8 |0x05 flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 13 length | |
+-+-+-+-+-+-+-+-+ "unionTCPFlags" |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Type Information Extension Example
Authors' Addresses
Elisa Boschi
Hitachi Europe
c/o ETH Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Phone: +41 44 6327057
Email: elisa.boschi@hitachi-eu.com
Boschi, et al. Expires August 28, 2008 [Page 17]
Internet-Draft IPFIX Type Information February 2008
Brian H. Trammell
CERT Network Situational Awareness
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, Pennsylvania 15213
United States
Phone: +1 412 268 9748
Email: bht@cert.org
Lutz Mark
Fraunhofer Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin
Germany
Phone: +49 30 3463 7306
Email: lutz.mark@fokus.fraunhofer.de
Tanja Zseby
Fraunhofer Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin
Germany
Phone: +49 30 3463 7153
Email: tanja.zseby@fokus.fraunhofer.de
Boschi, et al. Expires August 28, 2008 [Page 18]
Internet-Draft IPFIX Type Information February 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Boschi, et al. Expires August 28, 2008 [Page 19]
| PAFTECH AB 2003-2026 | 2026-04-23 03:42:30 |