datatracker.ietf.org
Sign In
Version 4.50, 2013-05-15
Report a bug

Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol
draft-ietf-ipfix-a9n-08

Active Internet-Draft (ipfix WG)
Document Stream: IETF
Last updated: 2012-11-19
Replaces: draft-trammell-ipfix-a9n
Intended RFC status: Proposed Standard
Other versions: plain text, xml, pdf, html
IETF State: WG Document (ipfix)
Document shepherd:Nevil Brownlee
Shepherd writeup
Consensus:Unknown
IESG State: RFC Ed Queue
IANA Action State: RFC-Ed-Ack 
RFC Editor State: MISSREF
On agenda of 2012-11-15 IESG telechat
Responsible AD: Joel Jaeggli
IESG Note: Nevil Brownlee (n.brownlee@auckland.ac.nz) is the document shepherd.
Send notices to: ipfix-chairs@tools.ietf.org, draft-ietf-ipfix-a9n@tools.ietf.org 
IPFIX Working Group                                          B. Trammell
Internet-Draft                                                ETH Zurich
Intended status: Standards Track                               A. Wagner
Expires: May 24, 2013                                        Consecom AG
                                                               B. Claise
                                                     Cisco Systems, Inc.
                                                       November 20, 2012

  Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol
                      draft-ietf-ipfix-a9n-08.txt

Abstract

   This document provides a common implementation-independent basis for
   the interoperable application of the IP Flow Information Export
   (IPFIX) Protocol to the handling of Aggregated Flows, which are IPFIX
   Flows representing packets from multiple Original Flows sharing some
   set of common properties.  It does this through a detailed
   terminology and a descriptive Intermediate Aggregation Process
   architecture, including a specification of methods for Original Flow
   counting and counter distribution across intervals.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 24, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of

Trammell, et al.          Expires May 24, 2013                  [Page 1]
Internet-Draft              IPFIX Aggregation              November 2012

   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  IPFIX Protocol Overview  . . . . . . . . . . . . . . . . .  5
     1.2.  IPFIX Documents Overview . . . . . . . . . . . . . . . . .  5
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.  Use Cases for IPFIX Aggregation  . . . . . . . . . . . . . . .  9
   4.  Architecture for Flow Aggregation  . . . . . . . . . . . . . . 11
     4.1.  Aggregation within the IPFIX Architecture  . . . . . . . . 11
     4.2.  Intermediate Aggregation Process Architecture  . . . . . . 15
       4.2.1.  Correlation and Normalization  . . . . . . . . . . . . 17
   5.  IP Flow Aggregation Operations . . . . . . . . . . . . . . . . 19
     5.1.  Temporal Aggregation through Interval Distribution . . . . 19
       5.1.1.  Distributing Values Across Intervals . . . . . . . . . 20
       5.1.2.  Time Composition . . . . . . . . . . . . . . . . . . . 22
       5.1.3.  External Interval Distribution . . . . . . . . . . . . 22
     5.2.  Spatial Aggregation of Flow Keys . . . . . . . . . . . . . 23
       5.2.1.  Counting Original Flows  . . . . . . . . . . . . . . . 24
       5.2.2.  Counting Distinct Key Values . . . . . . . . . . . . . 25
     5.3.  Spatial Aggregation of Non-Key Fields  . . . . . . . . . . 26
       5.3.1.  Counter Statistics . . . . . . . . . . . . . . . . . . 26
       5.3.2.  Derivation of New Values from Flow Keys and
               non-Key fields . . . . . . . . . . . . . . . . . . . . 26
     5.4.  Aggregation Combination  . . . . . . . . . . . . . . . . . 27
   6.  Additional Considerations and Special Cases in Flow
       Aggregation  . . . . . . . . . . . . . . . . . . . . . . . . . 28
     6.1.  Exact versus Approximate Counting during Aggregation . . . 28
     6.2.  Delay and Loss introduced by the IAP . . . . . . . . . . . 28
     6.3.  Considerations for Aggregation of Sampled Flows  . . . . . 28
     6.4.  Considerations for Aggregation of Heterogeneous Flows  . . 29
   7.  Export of Aggregated IP Flows using IPFIX  . . . . . . . . . . 30