IPFIX Working Group B. Trammell Internet-Draft CERT/NetSA Updates: XXXX (if approved) E. Boschi Intended status: Standards Track Hitachi Europe Expires: February 2, 2008 August 1, 2007 IP Flow Information Export (IPFIX) SCTP Stream Restriction Change draft-trammell-ipfix-sctp-change-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 2, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract The IPFIX protocol mandates the use of PR-SCTP as transport protocol. The document specifies the transmission of Templates over SCTP stream zero with reliable delivery and the transmission of Data Records over separate streams. This constraint is unnecessary. This document relaxes all restrictions on the use of SCTP streams within IPFIX, allowing IPFIX implementations to use SCTP streams as most appropriate for their respective applications. Trammell & Boschi Expires February 2, 2008 [Page 1]
Internet-Draft IPFIX SCTP Stream Change August 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Usage of Streams in PR-SCTP for IPFIX export . . . . . . . . . 4 4. Changes to IPFIX Protocol Specification . . . . . . . . . . . 5 4.1. Stream Restriction Changes . . . . . . . . . . . . . . . . 5 4.2. SCTP Reliability . . . . . . . . . . . . . . . . . . . . . 6 4.3. SCTP References . . . . . . . . . . . . . . . . . . . . . 6 4.4. IPFIX Implementation Guidelines changes . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . . . 10 Trammell & Boschi Expires February 2, 2008 [Page 2]
Internet-Draft IPFIX SCTP Stream Change August 2007 1. Introduction The specification of the IPFIX Protocol [I-D.ietf-ipfix-protocol] mandates the use of PR-SCTP as transport protocol for IPFIX. SCTP as specified in RFC 2960 [RFC2960] and RFC 3309 [RFC3309] using the PR- SCTP extension defined in RFC 3758 [RFC3758] MUST be implemented by all compliant implementations. Section 10.2.4.3 of the IPFIX Protocol specification [I-D.ietf-ipfix-protocol] requires that "An Exporting Process MUST request at least two outbound streams per association. The first stream (referred to as stream zero in the rest of this document), is used to send the Template Set and the Options Template Set. Data Sets MUST NOT be sent on stream zero." This is an unnecessary constraint, derived in part from a misunderstanding during the IPFIX Protocol development process of the nature of SCTP streams and the per-message nature of the SCTP partial reliability extension. This document updates the specification of the use of SCTP and PR-SCTP as transport protocol for IPFIX, allowing Data Sets, Template Sets and Option Template Sets to be sent over any SCTP stream. No limit is given on the number of Streams an Exporting Process must request (e.g., one outbound stream sending all templates and data is perfectly acceptable). The motivation behind this change is to allow different IPFIX implementations to make the most appropriate use of SCTP streams, which are used to isolate different logical groups of messages in order to avoid the head-of-line blocking issue that can reduce total throughput in fully-reliable single-stream transport protocols such as TCP. For example, one IPFIX implementation could isolate information from each separate Observation Domain into its own stream, a second could export inbound and outbound flow data in separate streams, and a third, simpler implementation could use a single stream for all templates and data. None of these arrangements are possible with the IPFIX Protocol as presently specified. This change does require one minor note on the handling of Template Withdrawals. In the protocol as presently specified, since all Template Sets (including Template Sets within Template Withdrawal Messages) SHOULD appear on stream zero, there exists no case in which a reused Template ID may be received and processed before the Template Withdrawal Message making the ID available for reuse. With the removal of this restriction, we recommend that guidelines on the use of Template Withdrawals on any stream be added to the IPFIX Implementation Guidelines. Trammell & Boschi Expires February 2, 2008 [Page 3]
Internet-Draft IPFIX SCTP Stream Change August 2007 In addition, there are a two other very minor issues with the IPFIX Protocol Specification's handling of SCTP. First, it refers to "unreliable" delivery over PR-SCTP, a service which PR-SCTP does not provide, and fails to reference RFC 3309, which corrects a problem with SCTP's checksum mechanism. As this document corrects issues with the interaction between IPFIX and SCTP, these issues are also corrected in sections 4.2 and 4.3. 2. Terminology Terms used in this document that are defined in the Terminology section of the IPFIX Protocol [I-D.ietf-ipfix-protocol] document are to be interpreted as defined there. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Usage of Streams in PR-SCTP for IPFIX export This section updates and supersedes any language in the IPFIX Protocol Specification regarding stream selection. The new stream selection rules are specified here in their entirety. In case of any conflict with the IPFIX Protocol Specification, the following three paragraphs are normative. Specific changes to the IPFIX Protocol Specification and IPFIX Implementation Guidelines appear in the following section. An Exporting Process may request any number of SCTP streams during SCTP association establishment. An Exporting Process may send Template Sets and Options Template Sets on any SCTP stream. Template Sets and Options Template Sets MUST be sent reliably, and MUST be sent in order within a stream. An Exporting Process may send Data Sets on any SCTP Stream, with full or partial reliability, with ordered or unordered delivery. A Collecting Process MUST accept Template Sets, Options Template Sets, Template Witdrawal Sets, and Data Sets on any SCTP stream. Additionally, an Exporting Process sending Template Withdrawal Messages SHOULD ensure to the extent possible that the Template Withdrawal Messages and subsequent Template Sets reusing the withdrawn Template IDs are received and processed at the Collecting Process in proper order. The Exporting Process can achieve this by one of two possible methods: 1. by sending a Template Withdrawal Trammell & Boschi Expires February 2, 2008 [Page 4]
Internet-Draft IPFIX SCTP Stream Change August 2007 Message reliably, in order, and on the same stream as the subsequent Template Set reusing its ID; or 2. by waiting an appropriate amount of time (on the scale of one minute) after sending a Template Withdrawal Message before attempting to reuse the withdrawn Template ID. 4. Changes to IPFIX Protocol Specification The following are the changes that would be made to the IPFIX Protocol Specification to modify it to use the unrestrictive stream selection rules in the previous section, and to clarify other issues regarding the interaction of IPFIX with SCTP. 4.1. Stream Restriction Changes Paragraph 5 of Section 8 "Template Management" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: Template Sets and Options Template Sets may be sent on any SCTP stream. Template Sets and Option Template Sets MUST be sent reliably and in order. As such, the Collecting Process MUST store the Template Record information for the duration of the association so that it can interpret the corresponding Data Records that are received in subsequent Data Sets. Paragraph 14 of Section 8 "Template Management" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: The Template Withdraw Message may be sent on any SCTP stream. The Template Withdraw Message MUST be sent reliably and in order. Paragraph 2 of Section 9 "The Collecting Process's Side" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: The Collecting Process SHOULD listen for a new association request from the Exporting Process. The Exporting Process will request a number of streams to use for export. An Exporting Process MAY ask for and support more than one SCTP stream. Section 10.2.4.3 "Stream" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced in full as follows. Note that these changes also modify text on the reliability of IPFIX Message transmission within streams, as noted in the following section: An Exporting Process may request any number of outbound SCTP streams per association. Each of these streams may be used for the Trammell & Boschi Expires February 2, 2008 [Page 5]
Internet-Draft IPFIX SCTP Stream Change August 2007 transmission of IPFIX Messages containing Data Sets, Template Sets, and/or Options Template Sets. Depending on the requirements of the application, the Exporting Process may send Data Sets with full or partial reliability, using ordered or out-of-order delivery, over any SCTP stream established during SCTP Association setup. When IPFIX Messages containing Data Sets are exported partially reliably, they SHOULD be marked for retransmission as long as there is room in the SCTP send queues. However, if the queue overflows during times of congestion or other retransmission events, the oldest IPFIX Message that has been transmitted and marked as partially reliable should be freed and marked to be skipped per the PR-SCTP [RFC3758] specification. The freed buffer space should then be re- used for the new Data Sets being exported. 4.2. SCTP Reliability PR-SCTP [RFC3758] provides partially reliable transport with a variety of levels of partial reliability as defined by a variety of partial reliability policies, as noted in the IPFIX Implementation Guidelines [I-D.ietf-ipfix-implementation-guidelines]. However, there is no such thing as "unreliable" SCTP transport. One such reference in section 10.2.4.3 was replaced in the previous section. In addition paragraph 1 of section 10.2.2 "Reliability" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: The SCTP transport protocol is by default reliable, but has the capability to deliver messages with partial reliability [RFC3758]. 4.3. SCTP References Note also that references to the SCTP documents in the IPFIX Protocol Specification are incomplete. References to SCTP as specified in RFC 2960 [RFC2960] should also reference RFC 3309 [RFC3309], which updates SCTP to use CRC32 for checksums as opposed to the originally specified Adler-32. This is an oversight, and is not intended to imply that SCTP with Adler-32 checksums should be used as a transport protocol for IPFIX. Consequently, paragraph 2 of section 10.1 "Transport Compliance and Transport Usage" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: SCTP as specified in [RFC 2960] and [RFC 3309] using the PR-SCTP extension defined in [RFC 3758] MUST be implemented by all compliant Trammell & Boschi Expires February 2, 2008 [Page 6]
Internet-Draft IPFIX SCTP Stream Change August 2007 implementations. UDP [UDP] MAY also be implemented by compliant implementations. TCP [TCP] MAY also be implemented by compliant implementations. Paragraph 1 of section 10.2 "SCTP" of the IPFIX Protocol Specification [I-D.ietf-ipfix-protocol] is replaced as follows: This section describes how IPFIX can be transported over SCTP as specified in [RFC 2960] and [RFC 3309] using the PR-SCTP extension defined in [RFC 3758]. 4.4. IPFIX Implementation Guidelines changes The following text is added to Section 6.1 "SCTP" of the IPFIX Implementation Guidelines [I-D.ietf-ipfix-implementation-guidelines]. (Note that as the text of the Implementation Guidelines is still subject to change, the absolute position of the text is not specified here): Since Template Sets and Template Withdrawal Messages may be sent on any SCTP stream, a Template Withdrawal Message may withdraw a template sent on a different stream, and a Template Set may reuse a Template ID withdrawn by a Template Withdrawal Message sent on a different stream. Therefore, an Exporting Process sending Template Withdrawal Messages SHOULD ensure to the extent possible that the Template Withdrawal Messages and subsequent Template Sets reusing the withdrawn Template IDs are received and processed at the Collecting Process in proper order. The Exporting Process can achieve this by one of two possible methods: 1. by sending a Template Withdrawal Message reliably, in order, and on the same stream as the subsequent Template Set reusing its ID; or 2. by waiting an appropriate amount of time (on the scale of one minute) after sending a Template Withdrawal Message before attempting to reuse the withdrawn Template ID. 5. Security Considerations The same security considerations as for the IPFIX Protocol [I-D.ietf-ipfix-protocol] apply. 6. IANA Considerations This document has no actions for IANA. Trammell & Boschi Expires February 2, 2008 [Page 7]
Internet-Draft IPFIX SCTP Stream Change August 2007 7. Acknowledgements Thanks to Randall Stewart, Michael Tuexen, and Peter Lei for technical assistance with PR-SCTP. Thanks to Benoit Claise and Paul Aitken for refining the new stream restriction rules in this draft. 8. References 8.1. Normative References [I-D.ietf-ipfix-protocol] Claise, B., "Specification of the IPFIX Protocol for the Exchange", draft-ietf-ipfix-protocol-24 (work in progress), November 2006. [I-D.ietf-ipfix-implementation-guidelines] Boschi, E., "IPFIX Implementation Guidelines", draft-ietf-ipfix-implementation-guidelines-06 (work in progress), June 2007. [RFC2960] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson, "Stream Control Transmission Protocol", RFC 2960, October 2000. [RFC3309] Stone, J., Stewart, R., and D. Otis, "Stream Control Transmission Protocol (SCTP) Checksum Change", RFC 3309, September 2002. [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. Conrad, "Stream Control Transmission Protocol (SCTP) Partial Reliability Extension", RFC 3758, May 2004. 8.2. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Trammell & Boschi Expires February 2, 2008 [Page 8]
Internet-Draft IPFIX SCTP Stream Change August 2007 Authors' Addresses Brian H. Trammell CERT Network Situational Awareness Software Engineering Institute 4500 Fifth Avenue Pittsburgh, Pennsylvania 15213 United States Phone: +1 412 268 9748 Email: bht@cert.org Elisa Boschi Hitachi Europe SAS Immeuble Le Theleme 1503 Route les Dolines 06560 Valbonne France Phone: +33 4 89874100 Email: elisa.boschi@hitachi-eu.com Trammell & Boschi Expires February 2, 2008 [Page 9]
Internet-Draft IPFIX SCTP Stream Change August 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Trammell & Boschi Expires February 2, 2008 [Page 10]