Traffic Flow Measurement: Architecture
RFC 2063

Document Type RFC - Experimental (January 1997; No errata)
Obsoleted by RFC 2722
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2063 (Experimental)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        N. Brownlee
Request for Comments: 2063                    The University of Auckland
Category: Experimental                                          C. Mills
                                            BBN Systems and Technologies
                                                                 G. Ruth
                                                  GTE Laboratories, Inc.
                                                            January 1997

                Traffic Flow Measurement:  Architecture

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Abstract

   This document describes an architecture for the measurement and
   reporting of network traffic flows, discusses how this relates to an
   overall network traffic flow architecture, and describes how it can
   be used within the Internet.  It is intended to provide a starting
   point for the Realtime Traffic Flow Measurement Working Group.

Table of Contents

 1 Statement of Purpose and Scope                                     2
 2 Traffic Flow Measurement Architecture                              4
   2.1 Meters and Traffic Flows . . . . . . . . . . . . . . . . . .   4
   2.2 Interaction Between METER and METER READER . . . . . . . . .   6
   2.3 Interaction Between MANAGER and METER  . . . . . . . . . . .   6
   2.4 Interaction Between MANAGER and METER READER . . . . . . . .   7
   2.5 Multiple METERs or METER READERs . . . . . . . . . . . . . .   7
   2.6 Interaction Between MANAGERs (MANAGER - MANAGER) . . . . . .   8
   2.7 METER READERs and APPLICATIONs . . . . . . . . . . . . . . .   8
 3 Traffic Flows and Reporting Granularity                            9
   3.1 Flows and their Attributes . . . . . . . . . . . . . . . . .   9
   3.2 Granularity of Flow Measurements . . . . . . . . . . . . . .  11
   3.3 Rolling Counters, Timestamps, Report-in-One-Bucket-Only  . .  13
 4 Meters                                                            15
   4.1 Meter Structure  . . . . . . . . . . . . . . . . . . . . . .  15
   4.2 Flow Table . . . . . . . . . . . . . . . . . . . . . . . . .  17
   4.3 Packet Handling, Packet Matching . . . . . . . . . . . . . .  17
   4.4 Rules and Rule Sets  . . . . . . . . . . . . . . . . . . . .  21
   4.5 Maintaining the Flow Table . . . . . . . . . . . . . . . . .  24
   4.6 Handling Increasing Traffic Levels . . . . . . . . . . . . .  25

Brownlee, et. al.             Experimental                      [Page 1]
RFC 2063         Traffic Flow Measurement: Architecture     January 1997

 5 Meter Readers                                                     26
   5.1 Identifying Flows in Flow Records  . . . . . . . . . . . . .  26
   5.2 Usage Records, Flow Data Files . . . . . . . . . . . . . . .  27
   5.3 Meter to Meter Reader:  Usage Record Transmission. . . . . .  27
 6 Managers                                                          28
   6.1 Between Manager and Meter:  Control Functions  . . . . . . .  28
   6.2 Between Manager and Meter Reader:  Control Functions   . . .  29
   6.3 Exception Conditions . . . . . . . . . . . . . . . . . . . .  31
   6.4 Standard Rule Sets   . . . . . . . . . . . . . . . . . . . .  32
 7 APPENDICES                                                        33
   7.1 Appendix A: Network Characterisation . . . . . . . . . . . .  33
   7.2 Appendix B: Recommended Traffic Flow Measurement Capabilities 34
   7.3 Appendix C: List of Defined Flow Attributes  . . . . . . . .  35
   7.4 Appendix D: List of Meter Control Variables  . . . . . . . .  36
 8 Acknowledgments                                                   36
 9 References                                                        37
10 Security Considerations                                           37
11 Authors' Addresses                                                37

1 Statement of Purpose and Scope

   This document describes an architecture for traffic flow measurement
   and reporting for data networks which has the following
   characteristics:

     - The traffic flow model can be consistently applied to any
       protocol/application at any network layer (e.g.  network,
       transport, application layers).

     - Traffic flow attributes are defined in such a way that they are
       valid for multiple networking protocol stacks, and that traffic
       flow measurement implementations are useful in MULTI-PROTOCOL
       environments.

     - Users may specify their traffic flow measurement requirements
       in a simple manner, allowing them to collect the flow data they
       need while ignoring other traffic.

     - The data reduction effort to produce requested traffic flow
       information is placed as near as possible to the network
Show full document text