Re: sending strings data into IPfix stream
DESCOMBES Thierry <descombes@lpsc.in2p3.fr> Tue, 02 July 2013 13:56 UTC
Return-Path: <descombes@lpsc.in2p3.fr>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66C9A21F9EB7 for <ietf@ietfa.amsl.com>; Tue, 2 Jul 2013 06:56:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ItenECPcWWn for <ietf@ietfa.amsl.com>; Tue, 2 Jul 2013 06:56:29 -0700 (PDT)
Received: from lpsc-mail.in2p3.fr (lpsc-mail.in2p3.fr [134.158.40.8]) by ietfa.amsl.com (Postfix) with ESMTP id C448C21F99BA for <ietf@ietf.org>; Tue, 2 Jul 2013 06:56:27 -0700 (PDT)
Received: from [134.158.40.158] (lpsc0158x.in2p3.fr [134.158.40.158]) by lpsc-mail.in2p3.fr (8.13.1/8.13.1/In2p3) with ESMTP id r62DuNhY027480; Tue, 2 Jul 2013 15:56:23 +0200
Message-ID: <51D2DC7E.60301@lpsc.in2p3.fr>
Date: Tue, 02 Jul 2013 15:58:22 +0200
From: DESCOMBES Thierry <descombes@lpsc.in2p3.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130523 Thunderbird/17.0.6
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
Subject: Re: sending strings data into IPfix stream
References: <51D14680.90809@lpsc.in2p3.fr> <180BD9A1-3325-471A-8BB6-F80A73F5535A@tik.ee.ethz.ch>
In-Reply-To: <180BD9A1-3325-471A-8BB6-F80A73F5535A@tik.ee.ethz.ch>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 13:56:33 -0000
Hi Brian, Thanks a lot for your answer. Our IPFIX exporter is a bit specific, and we'd like to export periodically a list of hostname, ipaddress and related data (that are not available from the collector: owner, serial number, ...) It should be easier to send this list using IPFIX stream (and this deals with all security/filtering policy)... The transmission frequency of this list will be quite low. What is the right way to dothat ? Do I have to use IPFIX option templates to send such data, or not ? Thanks a lot. Cheers Thierry On 01/07/2013 11:28, Brian Trammell wrote: > Hi, Thierry, > > Have a look in the IANA information element registry (http://www.iana.org/assignments/ipfix) to see if there are existing IEs for the information you want to export. > > Hostnames, I think, are not there -- in general, IPFIX exporters deal in addresses taken from observed packets and leave it up to the collector to do reverse resolution, due to (1) the amount of time DNS reverse lookups can take, blocking measurement activity on a (presumably) resource-constrained metering process, as well as (2) the ambiguity inherent within reverse lookups (due to e.g. misconfigured local and/or authoritative resolvers). In an environment where you have a good, internal database of hostnames (e.g. because the metering process is colocated with a DHCP server), this is more likely to be useful, though. > > If you'd like to export information _not_ in the IANA Information Element registry, you have two options; (1) defining new enterprise-specific IEs scoped by your Private Enterprise Number (see Section 3.2 and example A.2.2. in http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis) or (2) submitting a new Information Element definition for addition to the IANA registry (see http://tools.ietf.org/html/draft-ietf-ipfix-ie-doctors-07/ for guidelines on writing such a definition). > > Keep in mind, for strings, you'll almost certainly be dealing with variable-length IE export; see section 7 of http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis. > > Cheers, > > Brian > > > On 1 Jul 2013, at 11:06 , DESCOMBES Thierry <descombes@lpsc.in2p3.fr> wrote: > >> Hello, >> Not sure if this is the right list for this type of message ... >> I am developing an IPFIX exporter. It exports IP flows, and I'd like now to export some extra information (strings) about the machines on the LAN (the hostname of the machine, and others information ...) >> What is the right way to do that (IPFIX fields to use, template options or not ...) >> Thank you very much in advance. Regards >> T. Descombes
- Re: sending strings data into IPfix stream DESCOMBES Thierry
- sending strings data into IPfix stream DESCOMBES Thierry
- Re: sending strings data into IPfix stream Brian Trammell