datatracker.ietf.org
Sign in
Version 5.6.2.p3, 2014-07-31
Report a bug

IP Flow Information Export (IPFIX) Implementation Guidelines
RFC 5153

Network Working Group                                          E. Boschi
Request for Comments: 5153                                Hitachi Europe
Category: Informational                                          L. Mark
                                                        Fraunhofer FOKUS
                                                              J. Quittek
                                                          M. Stiemerling
                                                                     NEC
                                                               P. Aitken
                                                     Cisco Systems, Inc.
                                                              April 2008

      IP Flow Information Export (IPFIX) Implementation Guidelines

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   The IP Flow Information Export (IPFIX) protocol defines how IP Flow
   information can be exported from routers, measurement probes, or
   other devices.  This document provides guidelines for the
   implementation and use of the IPFIX protocol.  Several sets of
   guidelines address Template management, transport-specific issues,
   implementation of Exporting and Collecting Processes, and IPFIX
   implementation on middleboxes (such as firewalls, network address
   translators, tunnel endpoints, packet classifiers, etc.).

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  IPFIX Documents Overview . . . . . . . . . . . . . . . . .  3
     1.2.  Overview of the IPFIX Protocol . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Template Management Guidelines . . . . . . . . . . . . . . . .  4
     3.1.  Template Management  . . . . . . . . . . . . . . . . . . .  4
     3.2.  Template Records versus Options Template Records . . . . .  5
     3.3.  Using Scopes . . . . . . . . . . . . . . . . . . . . . . .  6
     3.4.  Multiple Information Elements of the Same Type . . . . . .  6
     3.5.  Selecting Message Size . . . . . . . . . . . . . . . . . .  6
   4.  Exporting Process Guidelines . . . . . . . . . . . . . . . . .  7
     4.1.  Sets . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     4.2.  Information Element Coding . . . . . . . . . . . . . . . .  7
     4.3.  Using Counters . . . . . . . . . . . . . . . . . . . . . .  8
     4.4.  Padding  . . . . . . . . . . . . . . . . . . . . . . . . .  8

Boschi, et al.               Informational                      [Page 1]
RFC 5153            IPFIX Implementation Guidelines           April 2008

       4.4.1.  Alignment of Information Elements within a Data
               Record . . . . . . . . . . . . . . . . . . . . . . . .  9
       4.4.2.  Alignment of Information Element Specifiers within
               a Template Record  . . . . . . . . . . . . . . . . . .  9
       4.4.3.  Alignment of Records within a Set  . . . . . . . . . .  9
       4.4.4.  Alignment of Sets within an IPFIX Message  . . . . . .  9
     4.5.  Time Issues  . . . . . . . . . . . . . . . . . . . . . . . 10
     4.6.  IPFIX Message Header Export Time and Data Record Time  . . 10
     4.7.  Devices without an Absolute Clock  . . . . . . . . . . . . 11
   5.  Collecting Process Guidelines  . . . . . . . . . . . . . . . . 11
     5.1.  Information Element (De)Coding . . . . . . . . . . . . . . 11
     5.2.  Reduced-Size Encoding of Information Elements  . . . . . . 12
     5.3.  Template Management  . . . . . . . . . . . . . . . . . . . 12
   6.  Transport-Specific Guidelines  . . . . . . . . . . . . . . . . 12
     6.1.  SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     6.2.  UDP  . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     6.3.  TCP  . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
   7.  Guidelines for Implementation on Middleboxes . . . . . . . . . 18
     7.1.  Traffic Flow Scenarios at Middleboxes  . . . . . . . . . . 20
     7.2.  Location of the Observation Point  . . . . . . . . . . . . 21
     7.3.  Reporting Flow-Related Middlebox Internals . . . . . . . . 22
       7.3.1.  Packet Dropping Middleboxes  . . . . . . . . . . . . . 23
       7.3.2.  Middleboxes Changing the DSCP  . . . . . . . . . . . . 23
       7.3.3.  Middleboxes Changing IP Addresses and Port Numbers . . 24
   8.  Security Guidelines  . . . . . . . . . . . . . . . . . . . . . 25
     8.1.  Introduction to TLS and DTLS for IPFIX Implementers  . . . 25
     8.2.  X.509-Based Identity Verification for IPFIX over TLS
           or DTLS  . . . . . . . . . . . . . . . . . . . . . . . . . 25
     8.3.  Implementing IPFIX over TLS over TCP . . . . . . . . . . . 26

[include full document text]