Export of QUIC Information in IP Flow Information Export (IPFIX)
draft-lin-opsawg-ipfix-quic-header-03
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Changwang Lin , Yisong Liu , Yao Liu | ||
| Last updated | 2025-11-03 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-lin-opsawg-ipfix-quic-header-03
Network Working Group C. Lin
Internet-Draft New H3C Technologies
Intended status: Standards Track Y. Liu
Expires: 7 May 2026 China Mobile
Y. Liu
ZTE
3 November 2025
Export of QUIC Information in IP Flow Information Export (IPFIX)
draft-lin-opsawg-ipfix-quic-header-03
Abstract
This document introduces new IP Flow Information Export (IPFIX)
Information Elements to identify a set of QUIC related information,
which contained in QUIC Header, QUIC Frame and Stream that traffic is
being forwarded along with.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 May 2026.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
Lin, et al. Expires 7 May 2026 [Page 1]
Internet-Draft Export of QUIC Information in IPFIX November 2025
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. New IPFIX QUIC Information Elements . . . . . . . . . . . . . 4
4. Sample Use Cases . . . . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6.1. New IPFIX QUIC Information Elements . . . . . . . . . . . 6
6.1.1. quicHeaderFlag . . . . . . . . . . . . . . . . . . . 7
6.1.2. quicVersion . . . . . . . . . . . . . . . . . . . . . 7
6.1.3. quicDestinationConnectionID . . . . . . . . . . . . . 8
6.1.4. quicSourceConnectionID . . . . . . . . . . . . . . . 8
6.1.5. quicPacketNumber . . . . . . . . . . . . . . . . . . 9
6.1.6. quicFrameType . . . . . . . . . . . . . . . . . . . . 9
6.1.7. quicStreamID . . . . . . . . . . . . . . . . . . . . 9
7. Operational Considerations . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
8.1. Normative References . . . . . . . . . . . . . . . . . . 10
8.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
QUIC Packets are carried in UDP datagrams and exchanged for
communication of QUIC endpoints [RFC9000]. A QUIC packet normally
consists of a QUIC Header and a QUIC Payload.
QUIC Header is divided into Long Header and Short Header. Long
Headers are used for packets that are sent prior to the establishment
of 1-RTT keys. The Long Header contains an 8-bit Public Flag, a
32-bit QUIC Version, a variable-length Destination Connection ID, a
variable-length Source Connection ID and Type-Specific field which
has different content based on the Packet type. The Packet types
that use the Long Header contain Version Negotiation Packet, Initial
Packet, 0-RTT Packet, Handshake Packet and Retry Packet. Once 1-RTT
keys are available, a sender switches to sending 1-RTT packets using
the Short Header. The Short Header includes an 8-bit Public Flag, a
variable-length Destination Connection ID and a Packet Number.
Lin, et al. Expires 7 May 2026 [Page 2]
Internet-Draft Export of QUIC Information in IPFIX November 2025
QUIC payload MAY contain a sequence of Frames which begin with a
Frame Type. In the generic Frame Layout, the Frame Type is followed
by additional type-dependent fields. Since Stream in QUIC is the one
core component to provide a lightweight, ordered byte-stream
abstraction to an application, the Stream ID of Frames related to
Stream is an important information that indicates the stream in which
the Frame is located or that the Frame affects.
QUIC packets provide varying levels of cryptographic protection
depending on their type [RFC9000]. While the entire QUIC payload
MUST be encrypted, certain fields in the QUIC Header are not
protected, as described in the Section 2.1 of [RFC9312]. For details
on QUIC's packet protection mechanisms, refer to Section 5 of
[RFC9001]. The protected fields of QUIC packets can only be accessed
after successful decryption.
This document specifies several new IPFIX Information Elements (IEs)
within the "IPFIX Information Elements" registry [RFC7012] for
purposes of getting QUIC related information. These IEs are used to
export the main fields of QUIC Header and Payload in QUIC packet.
The protected values of some new IEs are accessible exclusively to
devices capable of decrypting QUIC packets, specifically, the
endpoints of a QUIC connection.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
This document makes use of the terms defined in [RFC7011] and
[RFC9000].
The following terms are used as defined in [RFC7011]:
* IPFIX
* IPFIX Information Elements
The following terms are used as defined in [RFC9000]:
* QUIC
* Endpoint
* Server
Lin, et al. Expires 7 May 2026 [Page 3]
Internet-Draft Export of QUIC Information in IPFIX November 2025
* QUIC packet
* Connection ID
* Frame
* Stream
3. New IPFIX QUIC Information Elements
This section specifies the new IPFIX QUIC IEs.
quicHeaderFlag
8-bit flag defined in the QUIC Header (Section 17.2 and 17.3 of
[RFC9000]), as the first byte of QUIC Packet. Base on the first
four bits of the Long Header flag and the first three bits of the
Short Header flag, the QUIC Packet Type can be obtained. the last
four bits of the Long Header flag and last five bits of the Short
Header flag are protected or encrypted, and the remaining bits are
not protected.
quicVersion
32-bit QUIC Version that is in use or negotiation in QUIC Long
Header Packets during connection establishment. For Version
Negotiation Packet, This Version is used to indicate the Supported
Version, because the Version field of a Version Negotiation Packet
MUST be set to 0x00000000. The version field is not protected in
QUIC packet.
quicDestinationConnectionID
The unprotected Destination Connection ID included in the Long
Header or Short Header of QUIC Packet. The Destination Connection
ID is chosen by the recipient of the packet and is used to provide
consistent routing. Since the length of the Destination
Connection ID is not included in 1-RTT Packet (Short Header), the
Destination Connection ID of a 1-RTT Packet could be obtained by
matching only if when the Destination Connection ID is known and
preconfigured on the device.
quicSourceConnectionID
The unprotected Source Connection ID included by the Long Header
of QUIC Packet. The Source Connection ID is used to set the
Destination Connection ID used by the peer during connection
establishment.
quicPacketNumber
The protected Packet Number that appears in some QUIC packet types
such as Initial packet, 0-RTT packet and Handshake packet. The
Lin, et al. Expires 7 May 2026 [Page 4]
Internet-Draft Export of QUIC Information in IPFIX November 2025
underlying packet number increases with each packet sent in a
given packet number space. The Packet Number is an integer in the
range 0 to 262-1. When present in a Long or Short Header, packet
numbers are reduced and encoded in 1 to 4 bytes.
quicFrameType
The protected Frame Type that indicates the type of Frame
contained in the Payload of QUIC Packet. The Frame Type value
uses a variable-length integer encoding which means that integers
are encoded on 1, 2, 4, or 8 bytes and can encode 6-, 14-, 30-, or
62-bit values, respectively. Some Frame Types are defined in
section 12.4 of [RFC9000].
quicStreamID
The protected Stream ID included in the Frame related to Stream
such as RESET_STREAM frame, STOP_SENDING frame, STREAM frame and
MAX_STREAM_DATA frame. A stream ID is a 62-bit integer (0 to
262-1) that is unique for all streams on a connection. Stream IDs
are encoded as variable-length integers, which means that integers
are encoded on 1, 2, 4, or 8 bytes and can encode 6-, 14-, 30-, or
62-bit values, respectively. The two least significant bits from
a stream ID identify the stream types defined in section 2.1 of
[RFC9000].
4. Sample Use Cases
The IPFIX IEs listed in the Section 3, forwardingStatus (89)
[RFC7270] and some existing counter information [IANA-IPFIX] provide
answers to the following questions (amongst others).
* How many packets are forwarded or dropped using QUIC in a network?
* If dropped, for which reasons?
* What is the type of QUIC packet?
* What is the QUIC version that is in use or negotiation?
* What is the Destination or Source Connection ID of QUIC packet?
* Have all the QUIC packets been fully received?
* Which frames does the QUIC packet carry?
* Which stream is the QUIC packet located in?
For Long Header Packet, the following parameters is used to represent
a QUIC flow by IPFIX:
Lin, et al. Expires 7 May 2026 [Page 5]
Internet-Draft Export of QUIC Information in IPFIX November 2025
* Five-tuple (protocol, source and destination IP address, source
and destination port)
* Source Connection ID.
* Destination Connection ID.
Example:
When the Long Packet Type is observed in a Flow during a QUIC
connection, Flow information includes:
Five-tuple + Source Connection ID + Destination Connection ID +
Header Flag
For Short Header Packet, the following parameters is used to
represent a QUIC flow:
* Five-tuple (protocol, source and destination IP address, source
and destination port)
* Destination Connection ID.
Example:
When the Frame Type is observed in a Flow, Flow information includes:
Five-tuple + Destination Connection ID + Frame Type
When the Stream ID is observed in a Flow, Flow information includes:
Five-tuple + Destination Connection ID + Stream ID
5. Security Considerations
There exists no extra security considerations regarding allocation of
these new IPFIX IEs compared to [RFC7012].
6. IANA Considerations
6.1. New IPFIX QUIC Information Elements
This document requests IANA to add new IPFIX QUIC IEs to the "IPFIX
Information Elements" registry [RFC7012] available at [IANA-IPFIX].
Table 1 lists the new IPFIX QUIC IEs:
Lin, et al. Expires 7 May 2026 [Page 6]
Internet-Draft Export of QUIC Information in IPFIX November 2025
+============+=============================+===============+
| Element ID | Name | Reference |
+============+=============================+===============+
| TBD1 | quicHeaderFlag | This document |
+------------+-----------------------------+---------------+
| TBD2 | quicVersion | This document |
+------------+-----------------------------+---------------+
| TBD3 | quicDestinationConnectionID | This document |
+------------+-----------------------------+---------------+
| TBD4 | quicSourceConnectionID | This document |
+------------+-----------------------------+---------------+
| TBD5 | quicPacketNumber | This document |
+------------+-----------------------------+---------------+
| TBD6 | quicFrameType | This document |
+------------+-----------------------------+---------------+
| TBD7 | quicStreamID | This document |
+------------+-----------------------------+---------------+
Table 1: New QUIC IEs in the "IPFIX Information Elements" Registry
6.1.1. quicHeaderFlag
Name: quicHeaderFlag
ElementID: TBD1
Description: The 8-bit flag defined in the QUIC Header (Section 17.2
and 17.3 of [RFC9000]). The meanings of the flag are provided in
the first byte of the QUIC Header Packet [RFC9000].
Abstract Data Type: unsigned8
Data Type Semantics: flags
Additional Information: See RFC9000 for the QUIC Header first byte
specification.
Reference: [this document]
6.1.2. quicVersion
Name: quicVersion
ElementID: TBD2
Description: 32-bit unsigned integer defining the number of Version,
which is in use and negotiation. Its values are provided in the
"QUIC Versions" IANA registry.
Lin, et al. Expires 7 May 2026 [Page 7]
Internet-Draft Export of QUIC Information in IPFIX November 2025
Abstract Data Type: unsigned32
Data Type Semantics: default
Additional Information: See the assignments in the "QUIC Versions"
IANA registry at https://www.iana.org/assignments/quic/
quic.xhtml#quic-versions. See also RFC9000 for the QUIC Versions
specification.
Reference: [this document]
6.1.3. quicDestinationConnectionID
Name: quicDestinationConnectionID
ElementID: TBD3
Description: The Destination Connection ID as defined in Section 7.2
of [RFC9000] as a series of octets in IPFIX. In QUIC version 1,
this value MUST NOT exceed 20 bytes.
Abstract Data Type: octetArray
Data Type Semantics: default
Additional Information: See Section 7.2 of [RFC9000] for more
details about The Destination Connection ID.
Reference: [this document]
6.1.4. quicSourceConnectionID
Name: quicSourceConnectionID
ElementID: TBD4
Description: The Source Connection ID as defined in Section 7.2 of
[RFC9000] as a series of octets in IPFIX. In QUIC version 1, this
value MUST NOT exceed 20 bytes.
Abstract Data Type: octetArray
Data Type Semantics: default
Additional Information: See Section 7.2 of [RFC9000] for more
details about The Source Connection ID.
Reference: [this document]
Lin, et al. Expires 7 May 2026 [Page 8]
Internet-Draft Export of QUIC Information in IPFIX November 2025
6.1.5. quicPacketNumber
Name: quicPacketNumber
ElementID: TBD5
Description: 8~32-bit unsigned integer defining the packet number of
QUIC Header, which is used in determining the cryptographic nonce
for packet protection.
Abstract Data Type: unsigned32
Data Type Semantics: default
Additional Information: See Section 12.3 of [RFC9000] for more
details about The Packet Number.
Reference: [this document]
6.1.6. quicFrameType
Name: quicFrameType
ElementID: TBD6
Description: 62-bit unsigned integer defining the value of Frame
Type, which indicates the type of QUIC Frame. Its values are
provided in the "QUIC Frame Types" IANA registry.
Abstract Data Type: unsigned64
Data Type Semantics: default
Additional Information: See the assignments in the "QUIC FrameTypes"
IANA registry at https://www.iana.org/assignments/quic/
quic.xhtml#quic-frame-types. See also RFC9000 for the Frame Types
specification of QUIC.
Reference: [this document]
6.1.7. quicStreamID
Name: quicStreamID
ElementID: TBD7
Description: 62-bit unsigned integer defining the value of Stream
Lin, et al. Expires 7 May 2026 [Page 9]
Internet-Draft Export of QUIC Information in IPFIX November 2025
ID, which identifies a Stream. The two least significant bits
from a stream ID identify the stream types defined in section 2.1
of [RFC9000].
Abstract Data Type: unsigned64
Data Type Semantics: identifier
Additional Information: See Section 2.1 of [RFC9000] for more
details about The Stream ID.
Reference: [this document]
7. Operational Considerations
The quicDestinationConnectionID can be used to track flow path
consistency, but the Destination Connection ID in the Short Header
Packet lacks a length indication, making it difficult to match on
intermediate devices. Therefore, the Destination Connection ID or
its length must be preconfigured on the intermediate devices.
The protected packet fields must be decrypted before they can be
obtained. quicHeaderFlag, quicVersion, quicDestinationConnectionID,
and quicSourceConnectionID can be obtained in all on-path devices.
quicPacketNumber, quicFrameType, and quicStreamID can be obtained in
endpoint devices or on-path devices which are capable of decrypting
QUIC packets.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model
for IP Flow Information Export (IPFIX)", RFC 7012,
DOI 10.17487/RFC7012, September 2013,
<https://www.rfc-editor.org/info/rfc7012>.
Lin, et al. Expires 7 May 2026 [Page 10]
Internet-Draft Export of QUIC Information in IPFIX November 2025
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>.
8.2. Informative References
[IANA-IPFIX]
"IANA, "IP Flow Information Export (IPFIX) Entities"",
<https://www.iana.org/assignments/ipfix/ipfix.xhtml>.
[RFC7270] Yourtchenko, A., Aitken, P., and B. Claise, "Cisco-
Specific Information Elements Reused in IP Flow
Information Export (IPFIX)", RFC 7270,
DOI 10.17487/RFC7270, June 2014,
<https://www.rfc-editor.org/info/rfc7270>.
[RFC9312] Kuehlewind, M. and B. Trammell, "Manageability of the QUIC
Transport Protocol", RFC 9312, DOI 10.17487/RFC9312,
September 2022, <https://www.rfc-editor.org/info/rfc9312>.
Authors' Addresses
Changwang Lin
New H3C Technologies
8 Yongjia North Road
Beijing
Haidian District, 100094
China
Email: linchangwang.04414@h3c.com
Yisong Liu
China Mobile
32 Xuanwumen West Street
Beijing
Xicheng District, 100053
China
Email: liuyisong@chinamobile.com
Lin, et al. Expires 7 May 2026 [Page 11]
Internet-Draft Export of QUIC Information in IPFIX November 2025
Yao Liu
ZTE
Nanjing
China
Email: liu.yao71@zte.com.cn
Lin, et al. Expires 7 May 2026 [Page 12]