Re: sending strings data into IPfix stream
Brian Trammell <trammell@tik.ee.ethz.ch> Mon, 01 July 2013 09:28 UTC
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AA2421F9E2C for <ietf@ietfa.amsl.com>; Mon, 1 Jul 2013 02:28:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLew9gepp-kN for <ietf@ietfa.amsl.com>; Mon, 1 Jul 2013 02:28:29 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id E005021F9EAE for <ietf@ietf.org>; Mon, 1 Jul 2013 02:28:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 13168D9305; Mon, 1 Jul 2013 11:28:26 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JwJE9YMRZSXJ; Mon, 1 Jul 2013 11:28:25 +0200 (MEST)
Received: from pb-10243.ethz.ch (pb-10243.ethz.ch [82.130.102.152]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id C7B9DD9304; Mon, 1 Jul 2013 11:28:25 +0200 (MEST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: sending strings data into IPfix stream
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <51D14680.90809@lpsc.in2p3.fr>
Date: Mon, 01 Jul 2013 11:28:25 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <180BD9A1-3325-471A-8BB6-F80A73F5535A@tik.ee.ethz.ch>
References: <51D14680.90809@lpsc.in2p3.fr>
To: DESCOMBES Thierry <descombes@lpsc.in2p3.fr>
X-Mailer: Apple Mail (2.1508)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 09:28:36 -0000
Hi, Thierry, Have a look in the IANA information element registry (http://www.iana.org/assignments/ipfix) to see if there are existing IEs for the information you want to export. Hostnames, I think, are not there -- in general, IPFIX exporters deal in addresses taken from observed packets and leave it up to the collector to do reverse resolution, due to (1) the amount of time DNS reverse lookups can take, blocking measurement activity on a (presumably) resource-constrained metering process, as well as (2) the ambiguity inherent within reverse lookups (due to e.g. misconfigured local and/or authoritative resolvers). In an environment where you have a good, internal database of hostnames (e.g. because the metering process is colocated with a DHCP server), this is more likely to be useful, though. If you'd like to export information _not_ in the IANA Information Element registry, you have two options; (1) defining new enterprise-specific IEs scoped by your Private Enterprise Number (see Section 3.2 and example A.2.2. in http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis) or (2) submitting a new Information Element definition for addition to the IANA registry (see http://tools.ietf.org/html/draft-ietf-ipfix-ie-doctors-07/ for guidelines on writing such a definition). Keep in mind, for strings, you'll almost certainly be dealing with variable-length IE export; see section 7 of http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis. Cheers, Brian On 1 Jul 2013, at 11:06 , DESCOMBES Thierry <descombes@lpsc.in2p3.fr> wrote: > Hello, > Not sure if this is the right list for this type of message ... > I am developing an IPFIX exporter. It exports IP flows, and I'd like now to export some extra information (strings) about the machines on the LAN (the hostname of the machine, and others information ...) > What is the right way to do that (IPFIX fields to use, template options or not ...) > Thank you very much in advance. Regards > T. Descombes
- Re: sending strings data into IPfix stream DESCOMBES Thierry
- sending strings data into IPfix stream DESCOMBES Thierry
- Re: sending strings data into IPfix stream Brian Trammell