[IPFIX] review: draft-sommer-ipfix-richtemplate-00.txt
Paul Aitken <paitken@cisco.com> Thu, 10 July 2008 16:53 UTC
Return-Path: <ipfix-bounces@ietf.org>
X-Original-To: ipfix-archive@lists.ietf.org
Delivered-To: ietfarch-ipfix-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A40228C101; Thu, 10 Jul 2008 09:53:02 -0700 (PDT)
X-Original-To: ipfix@core3.amsl.com
Delivered-To: ipfix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 760A228C0F5 for <ipfix@core3.amsl.com>; Thu, 10 Jul 2008 09:53:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.449
X-Spam-Level:
X-Spam-Status: No, score=-5.449 tagged_above=-999 required=5 tests=[AWL=-1.150, BAYES_00=-2.599, MANGLED_NAIL=2.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfD0qVi1nbyN for <ipfix@core3.amsl.com>; Thu, 10 Jul 2008 09:52:59 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 95E7C3A6A27 for <ipfix@ietf.org>; Thu, 10 Jul 2008 09:52:56 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,339,1212364800"; d="scan'208";a="14046015"
Received: from ams-dkim-2.cisco.com ([144.254.224.139]) by ams-iport-1.cisco.com with ESMTP; 10 Jul 2008 16:53:11 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m6AGrBCu025316 for <ipfix@ietf.org>; Thu, 10 Jul 2008 18:53:11 +0200
Received: from cisco.com (mrwint.cisco.com [64.103.71.48]) by ams-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m6AGrBvq004816 for <ipfix@ietf.org>; Thu, 10 Jul 2008 16:53:11 GMT
Received: from [10.61.98.15] (dhcp-10-61-98-15.cisco.com [10.61.98.15]) by cisco.com (8.11.7p3+Sun/8.8.8) with ESMTP id m6AGrAi00082 for <ipfix@ietf.org>; Thu, 10 Jul 2008 17:53:10 +0100 (BST)
Message-ID: <48763E75.3020305@cisco.com>
Date: Thu, 10 Jul 2008 17:53:09 +0100
From: Paul Aitken <paitken@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.8.1.15) Gecko/20080620 SeaMonkey/1.1.10
MIME-Version: 1.0
To: "ipfix@ietf.org" <ipfix@ietf.org>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=23404; t=1215708791; x=1216572791; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=paitken@cisco.com; z=From:=20Paul=20Aitken=20<paitken@cisco.com> |Subject:=20review=3A=20draft-sommer-ipfix-richtemplate-00. txt |Sender:=20; bh=jQnx47WUlyBV2zv9FMJu1Z3RyKBT/SXu6PnQdFuoEo8=; b=pbYag9TrM0xsvhWMDS0IXyR8LhMeVWNBNOyKvJYQIjj+iC37GD+egdgAi3 FPkkgtlVKZf48XtW8/Fx9dG3ZWCjcBJ9recPPOmS+zw1LdOaN5+pLkxtwwCB l9A/JJMtMM;
Authentication-Results: ams-dkim-2; header.From=paitken@cisco.com; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
Subject: [IPFIX] review: draft-sommer-ipfix-richtemplate-00.txt
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ipfix-bounces@ietf.org
Errors-To: ipfix-bounces@ietf.org
Chaps, Interesting draft. Please find some feedback inline. > Network Working Group C. Sommer > Internet-Draft F. Dressler > Intended status: Informational Univ. Erlangen > Expires: January 8, 2009 G. Muenz > Univ. Tuebingen > July 7, 2008 > > > Rich Template Set Extension to the IPFIX Protocol > <draft-sommer-ipfix-richtemplate-00.txt> > > Status of this Memo > > By submitting this Internet-Draft, each author represents that any > applicable patent or other IPR claims of which he or she is aware > have been or will be disclosed, and any of which he or she becomes > aware will be disclosed, in accordance with Section 6 of BCP 79. > > Internet-Drafts are working documents of the Internet Engineering > Task Force (IETF), its areas, and its working groups. Note that > other groups may also distribute working documents as Internet- > Drafts. > > Internet-Drafts are draft documents valid for a maximum of six months > and may be updated, replaced, or obsoleted by other documents at any > time. It is inappropriate to use Internet-Drafts as reference > material or to cite them other than as "work in progress." > > The list of current Internet-Drafts can be accessed at > http://www.ietf.org/ietf/1id-abstracts.txt. > > The list of Internet-Draft Shadow Directories can be accessed at > http://www.ietf.org/shadow.html. > > This Internet-Draft will expire on January 8, 2009. > > Abstract > > This draft describes the Rich Template Set, a Template Set for the > IPFIX Protocol, as well as its respective Template Records. One > possible application domain for this new Set is the transport of > IPFIX Flow Mediation selection criteria. In comparison to the use of > Common Properties, the use of Rich Template Sets reduces the overhead > of repeated transmissions and makes data transmissions more robust > against failures. > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 1] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > Table of Contents > > 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 > 2. Rich Template . . . . . . . . . . . . . . . . . . . . . . . . 4 > 3. Use of the Rich Template in Flow Aggregation . . . . . . . . . 7 > 4. Security considerations . . . . . . . . . . . . . . . . . . . 9 > 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 > 6. Normative References . . . . . . . . . . . . . . . . . . . . . 9 > Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 > Intellectual Property and Copyright Statements . . . . . . . . . . 11 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 2] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > 1. Introduction > > IPFIX supports the concept of a Mediator, a device that receives, > transforms, and exports data streams using IPFIX. A major > requirement of flow mediation is the reduction of the volume of IPFIX > traffic by discarding and aggregating received information. > [I-D.dressler-ipfix-aggregation] describes how pattern matching is > used for flow aggregation. The draft also outlines how to select > flows and subsequently communicate the selection criteria to an IPFIX > Collector, using Common Properties of the resulting Compound Flows to > describe these attributes. In order to avoid the overhead of the > repeated transmissions of all Common Properties (or their > identifiers) in all Flow Records, a new Template Set, the Rich > Template Set, is introduced. This Template Set allows an Exporting > Process to simultaneously declare and transmit Common Properties to a > receiver. > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > document are to be interpreted as described in [RFC2119]. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 3] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > 2. Rich Template > > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Set ID = 4 | Length | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Rich Template Record 1 | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | ... | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Rich Template Record N | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Padding (opt) | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Figure 1: Rich Template Set Format > > The basic format of a Rich Template Set is shown in Figure 1. It is > the same as that of a Template Set defined in [RFC5101], except for a > different Set ID. I'd prefer to see the pertinent fields specified at this point rather than below figure 2. > > The format of individual Rich Template Records, however, differs from > that of Template Records and is shown in Figure 2. > > > > > > > > > > > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 4] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Template ID (> 255) | Field Count | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | Data Count | Common Properties ID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Field 1 Specifier | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | ... | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Field N Specifier | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Data 1 Specifier | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | ... | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Data M Specifier | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Data 1 Value | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | ... | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | Data M Value | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Figure 2: Rich Template Record Format It might be more logical to put each "Data M Value" right after each "Data M Specifier" to make a list of {T,L,V} tuples, rather than {T,L}, {T,L}, {T,L}, .... {V}, {V}, {V}. > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 5] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > The Rich Template Set field definitions are as follows: > > Set ID > Type of this Template Set. A Set ID value of 4 is proposed for the > Rich Template Set. > > Length > Total length of this set in bytes, as defined in [RFC5101]. > > Padding > OPTIONAL padding, as defined in [RFC5101]. I'd prefer to move the above field definitions to above figure 2. > The Rich Template Record field definitions are as follows: > > Template ID > Template ID of this Rich Template Record. As defined in > [RFC5101], this value MUST be greater than 255. > > Field Count > Number of regular fields that will be sent in subsequent Data > Records using this Template, as defined in [RFC5101]. > > Data Count > Number of fixed-value fields that will be sent in this Template. > > Common Properties ID > Contains an identifier that can be referred to by > commonPropertiesId Information Elements, as introduced in > [I-D.ietf-ipfix-reducing-redundancy]. > > Field N Specifier > Information Element identifier, Field length and an Enterprise > Number (if applicable) of field N. Refer to [RFC5101] for more > information on Field Specifiers. > > Data M Specifier > Same as "Field N Specifier", but used for Common Properties of all > Data Records of this Template. Together with Data M Value, a > similar encoding like TLV (type-length-value) is achieved. > > Data M Value > Bit representation of a Common Property as would be transmitted in > a Data Record. > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 6] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > 3. Use of the Rich Template in Flow Aggregation > > The Rich Template is well-suited for use in flow aggregation, as > introduced in [I-D.dressler-ipfix-aggregation]. Table 1 illustrates > the relationship between a flow aggregator's field modifiers and > patterns on the one hand, and the resulting regular and fixed-value > fields in the Rich Template on the other hand. It can be seen that > the analyzer is able to deduce all instructions of the Aggregation > Rule considering the structure of the Rich Template, except the > combination "discard without pattern" that does not result in any > field. > > +----------+---------+------------------------+---------------------+ > | field | pattern | field in Flow Record | fixed-value field | > | modifier | | | in Rich Template | > +----------+---------+------------------------+---------------------+ > | discard | no | N/A | N/A | > | discard | yes | N/A | yes, contains | > | | | | pattern | > | keep | no | yes | N/A | > | keep | yes | yes, if pattern | yes, contains | > | | | specifies a range of | pattern | > | | | values | | > | mask | no | yes, IP network | N/A | > | | | address | | > | mask | yes | yes, IP network | yes, contains | > | | | address | pattern | > +----------+---------+------------------------+---------------------+ > > Table 1: Relation between field modifiers, Flow Records, and Rich > Templates > > Assume, for example, the concentrator was given the Aggregation Rule > shown in Table 2. > > +-------------------------+--------------+-------------+ > | IPFIX Field | Filtering | Aggregation | > +-------------------------+--------------+-------------+ > | sourceIPv4Address | 192.0.2.0/28 | discard | > | destinatonTransportPort | | keep | > | packetDeltaCount | | aggregate | > +-------------------------+--------------+-------------+ > > Table 2: Example Rule > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 7] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > Based on the Aggregation Rule, the concentrator would now first send > a corresponding Rich Template Record as shown in Table 3. > > +----------------------+------------------+ > | Field | Value | > +----------------------+------------------+ > | Template ID | 10001 | > | Field Count | 2 | > | Data Count | 2 | > | Common Properties ID | 0 | > | Field 1 Type | Destination Port | > | Field 2 Type | Packets | > | Data 1 Type | Source IP Prefix | > | Data 2 Type | Source IP Mask | > | Data 1 Value | 192.0.2.0 | > | Data 2 Value | 28 | > +----------------------+------------------+ > > Table 3: Rich Template used > > Assume further that the concentrator receives the Flow Records shown > in Table 4. > > +-------------+-----------+--------------+----------------+---------+ > | Source IP | Source | Destination | Destination | Packets | > | | Port | IP | Port | | > +-------------+-----------+--------------+----------------+---------+ > | 192.0.2.1 | 64235 | 192.0.2.101 | 80 | 10 | > | 192.0.2.2 | 64236 | 192.0.2.102 | 110 | 10 | > | 192.0.2.3 | 64237 | 192.0.2.103 | 80 | 10 | > | 192.0.2.101 | 64238 | 192.0.2.1 | 80 | 10 | > | 192.0.2.102 | 64239 | 192.0.2.2 | 80 | 10 | > +-------------+-----------+--------------+----------------+---------+ > > Table 4: Incoming Flows > > The concentrator would then export Data Records of this type, which > contain the Compound Flows resulting from aggregation. Note that the > Flows' Common Property, having a source IP address in 192.0.2.0/28, > was already transmitted in the Rich Template Record and is thus not > included in Data Records. > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 8] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > The exported Data Records, shown in Table 5, only contain the > aggregated packet counts and the destination port, the latter being > the only discriminating Flow Key property. > > +------------------+---------+ > | Destination Port | Packets | > +------------------+---------+ > | 80 | 20 | > | 110 | 10 | > +------------------+---------+ > > Table 5: Aggregated Flows > > Some example Rich Template Records would be perfect! P. > 4. Security considerations > > This document introduces a new IPFIX Template Set, a variation on the > Template Set and data types introduced in [RFC5101] and > [I-D.ietf-ipfix-reducing-redundancy]. No additional security > considerations apply. > > > 5. IANA Considerations > > Use of the Rich Template Set requires one new IPFIX Set ID to be > assigned. > > > 6. Normative References > > [I-D.dressler-ipfix-aggregation] > Dressler, F., "IPFIX Aggregation", > draft-dressler-ipfix-aggregation-05 (work in progress), > July 2008. > > [I-D.ietf-ipfix-reducing-redundancy] > Boschi, E., "Reducing Redundancy in IP Flow Information > Export (IPFIX) and Packet Sampling (PSAMP) Reports", > draft-ietf-ipfix-reducing-redundancy-04 (work in > progress), May 2007. > > [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate > Requirement Levels", BCP 14, RFC 2119, March 1997. > > [RFC5101] Claise, B., "Specification of the IP Flow Information > Export (IPFIX) Protocol for the Exchange of IP Traffic > Flow Information", RFC 5101, January 2008. > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 9] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > Authors' Addresses > > Christoph Sommer > University of Erlangen-Nuremberg > Department of Computer Science 7 > Martensstr. 3 > Erlangen 91058 > Germany > > Phone: +49 9131 85-27993 > Email: christoph.sommer@informatik.uni-erlangen.de > URI: http://www7.informatik.uni-erlangen.de/~sommer/ > > > Falko Dressler > University of Erlangen-Nuremberg > Department of Computer Science 7 > Martensstr. 3 > Erlangen 91058 > Germany > > Phone: +49 9131 85-27914 > Email: dressler@informatik.uni-erlangen.de > URI: http://www7.informatik.uni-erlangen.de/ > > > Gerhard Muenz > University of Tuebingen > Computer Networks and Internet > Sand 13 > Tuebingen 72076 > Germany > > Phone: +49 7071 29-70534 > Email: muenz@informatik.uni-tuebingen.de > URI: http://net.informatik.uni-tuebingen.de/ > > > > > > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 10] > > Internet-Draft Rich Template Set IPFIX Extension July 2008 > > > Full Copyright Statement > > Copyright (C) The IETF Trust (2008). > > This document is subject to the rights, licenses and restrictions > contained in BCP 78, and except as set forth therein, the authors > retain all their rights. > > This document and the information contained herein are provided on an > "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS > OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND > THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS > OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF > THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED > WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. > > > Intellectual Property > > The IETF takes no position regarding the validity or scope of any > Intellectual Property Rights or other rights that might be claimed to > pertain to the implementation or use of the technology described in > this document or the extent to which any license under such rights > might or might not be available; nor does it represent that it has > made any independent effort to identify any such rights. Information > on the procedures with respect to rights in RFC documents can be > found in BCP 78 and BCP 79. > > Copies of IPR disclosures made to the IETF Secretariat and any > assurances of licenses to be made available, or the result of an > attempt made to obtain a general license or permission for the use of > such proprietary rights by implementers or users of this > specification can be obtained from the IETF on-line IPR repository at > http://www.ietf.org/ipr. > > The IETF invites any interested party to bring to its attention any > copyrights, patents or patent applications, or other proprietary > rights that may cover technology that may be required to implement > this standard. Please address the information to the IETF at > ietf-ipr@ietf.org. > > > > > > > > > > > > Sommer, et al. draft-sommer-ipfix-richtemplate-00.txt [Page 11] > -- Paul Aitken Cisco Systems Ltd, Edinburgh, Scotland. _______________________________________________ IPFIX mailing list IPFIX@ietf.org https://www.ietf.org/mailman/listinfo/ipfix