IP Flow Information Export (IPFIX) Implementation Guidelines
RFC 5153

 
Document
Type RFC - Informational (April 2008; Errata)
Last updated 2013-03-02
Replaces draft-boschi-ipfix-implementation-guidelines
Stream IETF
Formats plain text pdf html
Stream
WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG
IESG state RFC 5153 (Informational)
Telechat date
Responsible AD Dan Romascanu
Send notices to ipfix-chairs@ietf.org

Email authors IPR References Referenced by Nits Search lists

Network Working Group                                          E. Boschi
Request for Comments: 5153                                Hitachi Europe
Category: Informational                                          L. Mark
                                                        Fraunhofer FOKUS
                                                              J. Quittek
                                                          M. Stiemerling
                                                                     NEC
                                                               P. Aitken
                                                     Cisco Systems, Inc.
                                                              April 2008

      IP Flow Information Export (IPFIX) Implementation Guidelines

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   The IP Flow Information Export (IPFIX) protocol defines how IP Flow
   information can be exported from routers, measurement probes, or
   other devices.  This document provides guidelines for the
   implementation and use of the IPFIX protocol.  Several sets of
   guidelines address Template management, transport-specific issues,
   implementation of Exporting and Collecting Processes, and IPFIX
   implementation on middleboxes (such as firewalls, network address
   translators, tunnel endpoints, packet classifiers, etc.).

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  IPFIX Documents Overview . . . . . . . . . . . . . . . . .  3
     1.2.  Overview of the IPFIX Protocol . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Template Management Guidelines . . . . . . . . . . . . . . . .  4
     3.1.  Template Management  . . . . . . . . . . . . . . . . . . .  4
     3.2.  Template Records versus Options Template Records . . . . .  5
     3.3.  Using Scopes . . . . . . . . . . . . . . . . . . . . . . .  6
     3.4.  Multiple Information Elements of the Same Type . . . . . .  6
     3.5.  Selecting Message Size . . . . . . . . . . . . . . . . . .  6
   4.  Exporting Process Guidelines . . . . . . . . . . . . . . . . .  7
     4.1.  Sets . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     4.2.  Information Element Coding . . . . . . . . . . . . . . . .  7
     4.3.  Using Counters . . . . . . . . . . . . . . . . . . . . . .  8
     4.4.  Padding  . . . . . . . . . . . . . . . . . . . . . . . . .  8

Boschi, et al.               Informational                      [Page 1]
RFC 5153            IPFIX Implementation Guidelines           April 2008

       4.4.1.  Alignment of Information Elements within a Data
               Record . . . . . . . . . . . . . . . . . . . . . . . .  9
       4.4.2.  Alignment of Information Element Specifiers within
               a Template Record  . . . . . . . . . . . . . . . . . .  9
       4.4.3.  Alignment of Records within a Set  . . . . . . . . . .  9
       4.4.4.  Alignment of Sets within an IPFIX Message  . . . . . .  9
     4.5.  Time Issues  . . . . . . . . . . . . . . . . . . . . . . . 10
     4.6.  IPFIX Message Header Export Time and Data Record Time  . . 10
     4.7.  Devices without an Absolute Clock  . . . . . . . . . . . . 11
   5.  Collecting Process Guidelines  . . . . . . . . . . . . . . . . 11
     5.1.  Information Element (De)Coding . . . . . . . . . . . . . . 11
     5.2.  Reduced-Size Encoding of Information Elements  . . . . . . 12
     5.3.  Template Management  . . . . . . . . . . . . . . . . . . . 12
   6.  Transport-Specific Guidelines  . . . . . . . . . . . . . . . . 12
     6.1.  SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     6.2.  UDP  . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     6.3.  TCP  . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
   7.  Guidelines for Implementation on Middleboxes . . . . . . . . . 18
     7.1.  Traffic Flow Scenarios at Middleboxes  . . . . . . . . . . 20
     7.2.  Location of the Observation Point  . . . . . . . . . . . . 21
     7.3.  Reporting Flow-Related Middlebox Internals . . . . . . . . 22
       7.3.1.  Packet Dropping Middleboxes  . . . . . . . . . . . . . 23
       7.3.2.  Middleboxes Changing the DSCP  . . . . . . . . . . . . 23
       7.3.3.  Middleboxes Changing IP Addresses and Port Numbers . . 24
   8.  Security Guidelines  . . . . . . . . . . . . . . . . . . . . . 25
     8.1.  Introduction to TLS and DTLS for IPFIX Implementers  . . . 25
     8.2.  X.509-Based Identity Verification for IPFIX over TLS
           or DTLS  . . . . . . . . . . . . . . . . . . . . . . . . . 25
     8.3.  Implementing IPFIX over TLS over TCP . . . . . . . . . . . 26
Show full document text