Skip to main content

IPFIX Protocol over QUIC
draft-llg-opsawg-ipfix-over-quic-00

Document Type Active Internet-Draft (individual)
Authors Yisong Liu , Changwang Lin , Thomas Graf
Last updated 2024-11-28
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-llg-opsawg-ipfix-over-quic-00
OPSAWG                                                      Y. Liu, Ed.
Internet Draft                                             China Mobile
Intended status: Standards Track                            C. Lin, Ed.
Expires: May 28, 2025                              New H3C Technologies
                                                           T. Graf, Ed.
                                                               Swisscom
                                                      November 28, 2024

                         IPFIX Protocol over QUIC
                    draft-llg-opsawg-ipfix-over-quic-00

Abstract

   The IP Flow Information Export (IPFIX) Protocol provides a means for
   transmitting Traffic Flow information over the network. IPFIX Data
   and Template Records can be carried over a number of transport
   protocols from an IPFIX Exporting Process to an IPFIX Collecting
   Process. The supported transport protocols are SCTP, UDP and TCP.
   QUIC could provide useful, reliable and secure semantics for IPFIX
   Protocol in particular as a single connection could carry multiple
   traffic flows over streams, enabling much better efficiency and
   performance for Exporter and Collector. This document describes how
   to use IPFIX Protocol over the QUIC transport protocol, named
   IPFIXoQUIC.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute
   working documents as Internet-Drafts. The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 28, 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors. All rights reserved.

llg, et al.              Expire May 28, 2025                  [Page 1]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Revised BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Revised BSD License.

Table of Contents

   1. Introduction...................................................2
   2. Terminology and Definitions....................................4
   3. Connection Management..........................................4
      3.1. Connection Establishment..................................4
      3.2. Connection Termination....................................5
         3.2.1. QUIC Connection Termination Process..................5
         3.2.2. IPFIXoQUIC Considerations for Connection Termination.5
   4. Stream Mapping and Usage.......................................5
      4.1. Unidirectional Stream from Exporter to Collector..........6
      4.2. Multiple Stream Usage.....................................6
   5. Endpoint Authentication........................................7
   6. Operational Considerations.....................................7
      6.1. Congestion Avoidance......................................7
      6.2. Reliability...............................................8
      6.3. MTU.......................................................8
      6.4. Failover..................................................8
   7. IANA Considerations............................................8
   8. Security Considerations........................................9
   9. References.....................................................9
      9.1. Normative References......................................9
      9.2. Informative References...................................10
   Author's Address.................................................11

1. Introduction

   In order to transmit Traffic Flow information from an Exporting
   Process to a Collecting Process, a common representation of flow
   data and a standard means of communicating them are required.
   [RFC7011] specifies a protocol called IP Flow Information Export
   (IPFIX) Protocol, and describes how the IPFIX Data and Template
   Records of IPFIX Protocol are carried over a few of transport
   protocols from an Exporter to a Collector.

   The IPFIX Protocol Specification has been designed to be transport
   protocol independent, and allows a mapping to define how it could be

llg, et al.             Expires May 28, 2025                  [Page 2]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   implemented over any specific transport protocol. In other words,
   the Exporter can export to multiple Collectors using independent
   transport protocols. At present, some transport protocols are
   defined to carry IPFIX Protocol: SCTP transport [RFC9260], UDP
   transport [UDP], TCP transport [TCP].

   As the network continues to expand, the data traffic it carries is
   increasing, placing a significant load challenge on the IPFIX
   transport protocol. To prevent potential security threats (such as
   DoS attacks), it is highly desirable that it must ensure the
   confidentiality and integrity of IPFIX data transferred from an
   Exporting Process to a Collecting Process. Authentication mechanism
   is also desirable to prevent the collection of data from an
   unauthorized Exporting Process or the export of data to an
   unauthorized Collecting Process.

   QUIC [RFC9000] conforms to the above requirements, therefore is also
   an appropriate transport protocol for IPFIX Protocol. QUIC is UDP-
   based multiplexed and secure transport protocol that provides
   connection-oriented and stateful interaction between a client and
   server. It can provide low latency and encrypted transport with
   resilient connections.

   QUIC uses multiple simultaneous streams to carry data in one
   direction. Each stream is a separate unidirectional or bidirectional
   channel consisting of an ordered stream of bytes. In Addition, each
   stream has its own flow control, which limit bytes sent on a stream,
   together with flow control of the connection. Moreover, QUIC does
   not have the TCP shortcomings such as head of line blocking.

   Compared to the transport protocols already supported by IPFIX
   [RFC7011], QUIC offers the following advantages:

   *  QUIC provides reliability and congestion control similar to SCTP
   and TCP. It is more universally used and supported across the global
   Internet environment because QUIC is a UDP-based protocol.

   *  QUIC has built-in TLS encryption (typically TLS 1.3), offering
   end-to-end security to ensure data confidentiality and integrity. In
   contrast, with SCTP, UDP, and TCP, such encryption requires
   additional protocols like DTLS.

   *  QUIC supports multi-streaming similar to SCTP, allowing multiple
   data streams to be multiplexed within a single connection. Each
   stream transmits data independently, avoiding the head-of-line
   blocking issue found in TCP.

llg, et al.             Expires May 28, 2025                  [Page 3]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   Therefore, QUIC is a proper secure and reliable transport protocol
   for the message transmission mechanism of IPFIX Protocol. This
   document specifies how to use QUIC as the transport protocol for
   IPFIX Protocol.

2. Terminology and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   In this document, the terms "client" and "server" are used to refer
   to the two ends of the QUIC connection. The client actively
   initiates the QUIC connection. The terms "exporter" and "collector"
   are used to refer to the two ends of the IPFIX Protocol session. An
   exporter establishes and keeps open a connection to one or more
   collectors, generally, an "exporter" is a "client" meanwhile a
   "collector" is a "server".

   *  Client: The endpoint that initiates a QUIC connection, the
   Exporter or Exporting Process.

   *  Server: The endpoint that accepts a QUIC connection, the
   Collector or Collecting Process.

3. Connection Management

3.1. Connection Establishment

   QUIC connection establishment is described in [RFC9000]. During
   establishing connection, IPFIXoQUIC support is indicated by
   selecting the Application-Layer Protocol Negotiation (ALPN)
   [RFC7301] token as listed in the IANA Section 7 in the TLS
   handshake.

   The Exporter MUST also act as the client meanwhile the Collector
   must also act as the server.

   The Exporter should be the initiator of the QUIC connection to the
   Collector meanwhile the Collector acts as a connection acceptor. The
   Exporter MAY support more than one active connection to different
   Collector. The Exporter MAY also support more than one active
   connection to the same Collector to avoid head-of-line blocking
   across Observation Domains.

llg, et al.             Expires May 28, 2025                  [Page 4]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   The Exporter MAY record an alarm if the underlying QUIC connection
   establishment time out; this timeout should be configurable on the
   Exporter.

   If the Collecting Process does not acknowledge an attempt by the
   Exporting Process to establish a connection, QUIC will automatically
   retry connection establishment using exponential backoff. The
   Exporting Process MAY open a backup QUIC connection to a Collecting
   Process in advance, if it supports Collecting Process failover.

3.2. Connection Termination

3.2.1. QUIC Connection Termination Process

   The typical QUIC connection termination process is described in
   [RFC9000].

3.2.2. IPFIXoQUIC Considerations for Connection Termination

   When an IPFIX session is implemented based on a QUIC connection, the
   idle timeout should be disabled or the QUIC max_idle_timeout should
   be set appropriately in order to keep the QUIC connection persistent
   even if the IPFIX session is idle.

   When an Exporting Process is shut down, it SHOULD shut down the QUIC
   connection.

   When a Collecting Process no longer wants to receive IPFIX Messages,
   it SHOULD close its end of the connection. The Collecting Process
   SHOULD continue to read IPFIX Messages until the Exporting Process
   has closed its end.

   When a Collecting Process detects that the QUIC connection to the
   Exporting Process has terminated abnormally, it MUST continue to
   listen for a new connection.

   When an Exporting Process is detecting the abnormal interruption of
   the QUIC connection to the Collecting Process, it SHOULD try to re-
   establish the connection. Connection timeouts and retry schedules
   SHOULD be configurable. The default configuration is that an
   Exporting Process MUST NOT attempt to establish a connection more
   frequently than once per minute.

4. Stream Mapping and Usage

   QUIC [RFC9000] uses multiple simultaneous streams to carry data in
   one direction. QUIC Streams provide a lightweight, ordered byte-
   stream abstraction to an application. Streams can be unidirectional

llg, et al.             Expires May 28, 2025                  [Page 5]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   or bidirectional meanwhile streams can be initiated by either the
   client or the server. Unidirectional streams carry data in one
   direction: from the initiator of the stream to its peer.
   Bidirectional streams allow for data to be sent in both directions.

   QUIC uses Stream ID to identify the stream. The least significant
   bit (0x1) of the stream ID identifies the initiator of the stream
   (client with the bit set to 0). The second least significant bit
   (0x2) of the stream ID distinguishes between bidirectional streams
   (with the bit set to 0) and unidirectional streams [RFC9000].

4.1. Unidirectional Stream from Exporter to Collector

   According to the architecture for the export of measured IP Flow
   information defined in [RFC5470], IPFIX Data Records and Templates
   are carried via a number of transport protocols from IPFIX Exporting
   Process to IPFIX Collecting Process. Therefore, the IPFIX connection
   is unidirectional from Exporter to Collector.

   Based on the above description, The IPFIX messages are initiated by
   the Exporter and no reply is needed from the Collector. So the IPFIX
   messages MAY be mapped into one unidirectional stream whose stream
   type is 0x3 according to section 2.1 of [RFC9000].

4.2. Multiple Stream Usage

   For achieving much better Transmission efficiency and performance
   for Exporter and Collector, An Exporting Process MAY create more
   than one QUIC stream per connection. Each of these streams may be
   used for the transmission of IPFIX Messages containing Data Sets,
   Template Sets, and/or Options Template Sets.

   IPFIX messages can be differentiated by various characteristics,
   such as five-tuple information (Source IP address, source port,
   destination IP address, destination port, and transport layer
   protocol), only transport layer protocol (UDP and TCP), and ranges
   of source or destination IP addresses, and carried over different
   QUIC streams accordingly.

   For five-tuple information, each five-tuple's IPFIX messages are
   transmitted through a QUIC stream. If there are many five-tuples, a
   large number of QUIC streams must be created, so this approach
   should be used with caution.

   For only transport layer protocol, IPFIX messages of each protocol
   are transmitted through a QUIC stream.

llg, et al.             Expires May 28, 2025                  [Page 6]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   For ranges of source or destination addresses, IPFIX messages with
   specified source or destination IP address segment are transmitted
   through a QUIC stream. The size of the IP address range can be
   determined by the configuration.

   Moreover, if the specified feature's IPFIX message is binding to a
   QUIC stream ID, meaning that the IPFIX message with fixed features
   is only transmitted through a QUIC stream of fixed ID, the collector
   will only receive the specified feature's IPFIX message from the
   designated stream ID. This may simplify the implementation of the
   collector.

5. Endpoint Authentication

   IPFIXoQUIC uses QUIC which uses TLS version 1.3 or greater.
   Therefore, the TLS handshake process can be used for IPFIXoQUIC
   endpoint authentication. A third-party authentication mechanism can
   also be applied for IPFIXoQUIC endpoint authentication, such as a
   TLS client certificate.

6. Operational Considerations

   The decision to use IPFIXoQUIC instead of the SCTP-based/TCP-
   based/UDP-based mechanism in [RFC7011] is an operational decision,
   and an implementation MUST provide a configuration mechanism to
   enable IPFIXoQUIC on the IPFIX session.

   Some connectivity problems (such as blocking UDP) could result in a
   failure to establish a QUIC connection. When this happens, the
   Exporter SHOULD attempt to establish an IPFIX session via other
   transport protocols.

6.1. Congestion Avoidance

   QUIC controls the rate at which data can be sent from the Exporting
   Process to the Collecting Process, using a mechanism that considers
   both network congestion and the receiver's capabilities. Therefore,
   an IPFIX Exporting Process may not be able to send IPFIX Messages at
   the rate the Metering Process generates them, either due to network
   congestion or because the Collecting Process cannot process IPFIX
   Messages quickly enough. As long as congestion is transient, the
   Exporting Process can buffer IPFIX Messages for transmission.
   However, buffering is inherently limited due to both resource
   constraints and timeliness requirements, so persistent and/or severe
   congestion may lead to a situation where the Exporting Process is
   blocked.

llg, et al.             Expires May 28, 2025                  [Page 7]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   When an Exporting Process has Data Records to send but the
   transmission buffer is full and wants to avoid blocking, it can
   choose to drop some Data Records. The dropped Data Records MUST be
   accounted for, so that the number of lost records can later be
   reported as described in Section 4.3 of [RFC7011].

6.2. Reliability

   QUIC ensures reliable delivery of data from the Exporting Process to
   the Collecting Process.

6.3. MTU

   QUIC uses path MTU discovery to determine the maximum packet size
   suitable for transmission of IPFIX Messages, aiming to ensure that
   packets can be delivered to the destination by all nodes in the
   network path without fragmentation.

6.4. Failover

   If the Collecting Process does not acknowledge an attempt by the
   Exporting Process to establish a connection, QUIC will automatically
   retry connection establishment using exponential back off. The
   Exporter MAY log an alarm if the underlying QUIC connection
   establishment times out; this timeout should be configurable on the
   Exporter.

   The Exporting Process MAY open a backup QUIC connection to a
   Collecting Process in advance, if it supports Collecting Process
   failover.

   QUIC identifies connections using connection IDs instead of relying
   on the IP address and port at the network layer. This allows QUIC to
   continue data transmission without reconstructing the connection
   when the network path changes.

7. IANA Considerations

   This document creates a new registration for the identification of
   IPFIXoQUIC in the "Application Layer Protocol Negotiation (ALPN)
   Protocol IDs" registry established in [RFC7301].

   The "IPFIXoQ" string identifies IPFIXoQUIC:

   *  Protocol: IPFIXoQUIC

   *  Identification Sequence: 0x49 0x50 0x46 0x49 0x58 0x6f 0x51
   ("IPFIXoQ")

llg, et al.             Expires May 28, 2025                  [Page 8]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   *  Specification: This document

   In addition, it is requested for IANA to reserve a UDP port TBD for
   'IPFIX over QUIC'.

8. Security Considerations

   This document replaces the transport protocol layer of IPFIX from
   other transport protocols to QUIC. The basic protocol specification
   of IPFIX is not modified, and therefore the new security risks are
   not introduced to the basic IPFIX protocol. The security
   considerations of [RFC7011] are applicable to this document.

   IPFIXoQUIC enhances transport-layer security for IPFIX session
   according to [RFC9000]. This document does not require to support
   third-party authentication (e.g., backend Authentication) due to the
   fact that TLS does not specify this way of authentication. If third-
   party authentication is needed, TLS client certificates are
   recommended to be used here.

9. References

9.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, DOI
             10.17487/RFC2119, March 1997, <https://www.rfc-
             editor.org/info/rfc2119>.

   [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
             "Specification of the IP Flow Information Export (IPFIX)
             Protocol for the Exchange of Flow Information", STD 77,
             RFC 7011, DOI 10.17487/RFC7011, September 2013,
             <https://www.rfc-editor.org/info/rfc7011>.

   [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
             2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
             May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
             Multiplexed and Secure Transport", RFC 9000, DOI
             10.17487/RFC9000, May 2021, <https://www.rfc-
             editor.org/info/rfc9000>.

   [RFC9260] Stewart, R., Tuxen, M., and K. Nielsen, "Stream Control
             Transmission Protocol", RFC 9260, DOI 10.17487/RFC9260,
             June 2022, <https://www.rfc-editor.org/info/rfc9260>.

llg, et al.             Expires May 28, 2025                  [Page 9]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

   [TCP]     Eddy, W., Ed., "Transmission Control Protocol (TCP)", STD
             7, RFC 9293, DOI 10.17487/RFC9293, August 2022,
             <https://www.rfc-editor.org/info/rfc9293>.

   [UDP]     Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI
             10.17487/RFC0768, August 1980, <https://www.rfc-
             editor.org/info/rfc768>.

9.2. Informative References

   [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
             "Architecture for IP Flow Information Export", RFC 5470,
             DOI 10.17487/RFC5470, March 2009, <https://www.rfc-
             editor.org/info/rfc5470>.

   [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan,
             "Transport Layer Security (TLS) Application-Layer Protocol
             Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
             July 2014, <https://www.rfc-editor.org/info/rfc7301>.

llg, et al.             Expires May 28, 2025                 [Page 10]
Internet-Draft         IPFIX Protocol over QUIC          November 2024

Author's Address

   Yisong Liu (editor)
   China Mobile
   China
   Email: liuyisong@chinamobile.com

   Changwang Lin (editor)
   New H3C Technologies
   Beijing
   China

   Email: linchangwang.04414@h3c.com

   Thomas Graf (editor)
   Swisscom
   Binzring 17
   CH- Zurich 8045
   Switzerland
   Email: thomas.graf@swisscom.com

llg, et al.             Expires May 28, 2025                 [Page 11]