IP Flow Information Export (IPFIX) Implementation Guidelines
RFC 5153
Network Working Group E. Boschi
Request for Comments: 5153 Hitachi Europe
Category: Informational L. Mark
Fraunhofer FOKUS
J. Quittek
M. Stiemerling
NEC
P. Aitken
Cisco Systems, Inc.
April 2008
IP Flow Information Export (IPFIX) Implementation Guidelines
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
The IP Flow Information Export (IPFIX) protocol defines how IP Flow
information can be exported from routers, measurement probes, or
other devices. This document provides guidelines for the
implementation and use of the IPFIX protocol. Several sets of
guidelines address Template management, transport-specific issues,
implementation of Exporting and Collecting Processes, and IPFIX
implementation on middleboxes (such as firewalls, network address
translators, tunnel endpoints, packet classifiers, etc.).
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 3
1.2. Overview of the IPFIX Protocol . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Template Management Guidelines . . . . . . . . . . . . . . . . 4
3.1. Template Management . . . . . . . . . . . . . . . . . . . 4
3.2. Template Records versus Options Template Records . . . . . 5
3.3. Using Scopes . . . . . . . . . . . . . . . . . . . . . . . 6
3.4. Multiple Information Elements of the Same Type . . . . . . 6
3.5. Selecting Message Size . . . . . . . . . . . . . . . . . . 6
4. Exporting Process Guidelines . . . . . . . . . . . . . . . . . 7
4.1. Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2. Information Element Coding . . . . . . . . . . . . . . . . 7
4.3. Using Counters . . . . . . . . . . . . . . . . . . . . . . 8
4.4. Padding . . . . . . . . . . . . . . . . . . . . . . . . . 8
Boschi, et al. Informational [Page 1]
RFC 5153 IPFIX Implementation Guidelines April 2008
4.4.1. Alignment of Information Elements within a Data
Record . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4.2. Alignment of Information Element Specifiers within
a Template Record . . . . . . . . . . . . . . . . . . 9
4.4.3. Alignment of Records within a Set . . . . . . . . . . 9
4.4.4. Alignment of Sets within an IPFIX Message . . . . . . 9
4.5. Time Issues . . . . . . . . . . . . . . . . . . . . . . . 10
4.6. IPFIX Message Header Export Time and Data Record Time . . 10
4.7. Devices without an Absolute Clock . . . . . . . . . . . . 11
5. Collecting Process Guidelines . . . . . . . . . . . . . . . . 11
5.1. Information Element (De)Coding . . . . . . . . . . . . . . 11
5.2. Reduced-Size Encoding of Information Elements . . . . . . 12
5.3. Template Management . . . . . . . . . . . . . . . . . . . 12
6. Transport-Specific Guidelines . . . . . . . . . . . . . . . . 12
6.1. SCTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6.2. UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3. TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
7. Guidelines for Implementation on Middleboxes . . . . . . . . . 18
7.1. Traffic Flow Scenarios at Middleboxes . . . . . . . . . . 20
7.2. Location of the Observation Point . . . . . . . . . . . . 21
7.3. Reporting Flow-Related Middlebox Internals . . . . . . . . 22
7.3.1. Packet Dropping Middleboxes . . . . . . . . . . . . . 23
7.3.2. Middleboxes Changing the DSCP . . . . . . . . . . . . 23
7.3.3. Middleboxes Changing IP Addresses and Port Numbers . . 24
8. Security Guidelines . . . . . . . . . . . . . . . . . . . . . 25
8.1. Introduction to TLS and DTLS for IPFIX Implementers . . . 25
8.2. X.509-Based Identity Verification for IPFIX over TLS
or DTLS . . . . . . . . . . . . . . . . . . . . . . . . . 25
8.3. Implementing IPFIX over TLS over TCP . . . . . . . . . . . 26
Show full document text