IETF Logo Mail Archive

Re: [IPFIX] Options Templates, Templates, and related Data Sets sent in separate transport sessions

Garri Djavadyan <g.djavadyan@gmail.com> Wed, 10 April 2024 08:18 UTC

Return-Path: <g.djavadyan@gmail.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0306EC14F6B9 for <ipfix@ietfa.amsl.com>; Wed, 10 Apr 2024 01:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y6mPJihYUW0f for <ipfix@ietfa.amsl.com>; Wed, 10 Apr 2024 01:18:28 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0C4AC14F6B8 for <ipfix@ietf.org>; Wed, 10 Apr 2024 01:18:28 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-56e6a1edecfso3766396a12.1 for <ipfix@ietf.org>; Wed, 10 Apr 2024 01:18:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712737106; x=1713341906; darn=ietf.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=dDlmkLgsG4Ccq75vAV9Op229oFpIIdGNenFYpiZs4GY=; b=Gnq67irEghU/ttugKu/+DzoW7xhHQuctntti2s1z1VUohvVa5VeB4/w18rW9Yj5Ovf +ECemYCR9HAErJiPaL/cW4fO1OGBak2vGu5gGUmbOW53NfDK5ZV5Af+5HSih/qSL2AZ0 TAOe8qXq8Ef1Qztj3eG2R4vhnzAu0aiQbUzEuS/sKtyhNxWKydts4vUC9DmJgoC+R+G6 BEyrbCW2ebLON/KN7TNcTWKPENeBUiGTbuWE7/Xris0tVLy7hyA+sbLGJGEuYz2vWpE8 YLqncOikd2b5TfFD2uZIYz8eMZH6Yc5+lB0cJBePEADs5Pe+QlYgGeKrXCZ0lKtc5QIh 0GFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712737106; x=1713341906; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dDlmkLgsG4Ccq75vAV9Op229oFpIIdGNenFYpiZs4GY=; b=gmBOHAO46khLl8wx3mTh2nPeEQUDgzAMB9lQg03yveuiUpId7p6sNxMGRjnEHi4lwx 3ROvXsFZ6OX4PVE/tpJyt4mHR7KE/Nq/Kzk4EG8rBQNd9EoqmUcBTxQBLp2wjeZqgMMs 7rAw0iGvJhvReZqKMRmtXD0eekUYMyt4AxiORuIuw+B+Fibldfsnh4a6Rr7NNhXFtD59 jAuGQhM8doH1uHiXkoRKvLyLC7zi26SxBJvh8LMfOmivmqq8vHOuZxIh7GGaT4ASXWYp rSnw8gGs+aZABAwQJegCl4hXsVdRwotjv9YKjueKbdp4AGqIPQy6mciiCZmRgPFBrhIm NrHg==
X-Gm-Message-State: AOJu0YwLGj4dicnu9Mtkwhc2qGKLCw9S/wAyww+HTaDbWxVflYDX6E8c 8OJGEX6Ml3yO9u3mnY6birJPB/ANPje4lnPLcMF4wYuci6RVpguMUtVW8WOp
X-Google-Smtp-Source: AGHT+IEBzpC8FX7rzo/4iVSo8+q5HXx86ezpwL62usRly4WXosBiUSgbI+SYAt+1eLgjZeisBEqJ0g==
X-Received: by 2002:a50:ab16:0:b0:56c:5ab5:5fb7 with SMTP id s22-20020a50ab16000000b0056c5ab55fb7mr1034669edc.30.1712737105626; Wed, 10 Apr 2024 01:18:25 -0700 (PDT)
Received: from ?IPv6:2a02:a210:2280:c00:4e94:e21b:393c:8e98? (2a02-a210-2280-0c00-4e94-e21b-393c-8e98.cable.dynamic.v6.ziggo.nl. [2a02:a210:2280:c00:4e94:e21b:393c:8e98]) by smtp.gmail.com with ESMTPSA id et6-20020a056402378600b0056b8dcdaca5sm6135951edb.73.2024.04.10.01.18.24 for <ipfix@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Apr 2024 01:18:24 -0700 (PDT)
Message-ID: <e24aac704ebc70ee72f13671dd6485cb3ec77f94.camel@gmail.com>
From: Garri Djavadyan <g.djavadyan@gmail.com>
To: "ipfix@ietf.org" <ipfix@ietf.org>
Date: Wed, 10 Apr 2024 10:18:24 +0200
In-Reply-To: <05853a655a6db65bdf2ccc4983b2fada93654d49.camel@gmail.com>
References: <095e959a3b1f5c557fe1e463754379edc21b32ea.camel@gmail.com> <7a9c6493-ac7e-4cd1-9703-a5f33f1b7330@ciena.com> <05853a655a6db65bdf2ccc4983b2fada93654d49.camel@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.0
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/LKxg5WplTmp8CkoAitEClF59tpw>
Subject: Re: [IPFIX] Options Templates, Templates, and related Data Sets sent in separate transport sessions
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2024 08:18:33 -0000

Unfortunately, after a few months of discussing and sharing excerpts
from RFC5153 and RFC7011 with the vendor, they refused to admit non-
compliance by stating that "there is no explicit mandatory requirement
for these templates [Templates and Options-Templates] to share a
transport session".

I understand that they are fixated on the "explicit mandatory
requirements" because what they had designed is already implemented in
hardware and not easy to change. I guess there was a confusion over the
RFC's UDP and SCTP requirements during the early architecture design
phase.

Considering that this happened to one vendor, do you think the RFC7011
can be updated a bit to make it more explicit in that all related
template and data records must be carried over the same transport
session, so that future RFC 7011 implementers do not fall into the same
trap again?

Thank you.

Kind regards,
Garri Djavadyan


On Tue, 2024-02-06 at 00:29 +0100, Garri Djavadyan wrote:
> Paul,
> 
> Thank you so much for your reply.
> 
> Indeed, a source address translator in front of several Exporters
> that
> use two Transport UDP Sessions to represent one IPFIX export stream,
> have conflicting Observation Domain IDs, and different
> samplingInterval
> values in the Data Records would be a nightmare for a Collecting
> Process that treats multiple Transport Sessions sourced from the same
> IP as the same export stream.
> 
> It seems I did not pay enough attention to the following sentence in
> the section 3.1 of the RFC7011:
> 
>    Collecting Processes SHOULD use the Transport Session and the
>    Observation Domain ID field to separate different export streams
>    originating from the same Exporter.
>    
> 
> I think a definition of the Export Stream in the Terminology (2)
> section of the RFC7011 could also help avoid doubts, saying something
> like: 
> 
>    A Transport Session carrying related Template Records, Options
>    Template Records, and Data Records.
> 
> 
> Now it is clear that we faced a bug that needs to be reported to the
> respective vendor.
> 
> Thank you.
> 
> Kind regards,
> Garri Djavadyan
> 
> 
> 
> On Mon, 2024-02-05 at 10:17 +0000, Aitken, Paul wrote:
> > Garri,
> > 
> >  From the receiver's point of view, the different transport
> > sessions
> > are 
> > independent export streams which could come from different
> > Exporters.
> > The receiver can't tell whether these come from one exporter or
> > two.
> > The 
> > data in the "options" Export Stream cannot be scoped to data in the
> > other stream as Template IDs are unique per Transport Session and
> > the
> > Observation Domain is locally unique to the Exporting Process and 
> > multiple EPs may be in play.
> > 
> > Only SCTP provides multiple streams; TPC and UDP do not. See
> > section
> > 6.1 
> > of RFC 5153.
> > 
> > P.
> > 
> > 
> > On 03/02/24 14:38, Garri Djavadyan wrote:
> > > Hi IPFIX experts,
> > > 
> > > 
> > > Recently, my colleagues and I faced an IPFIX exporter
> > > implementation
> > > that sends IPFIX messages with the Template and related Data Sets
> > > in
> > > one transport UDP session and the Options Template and related
> > > Data
> > > Sets in another transport UDP session (sourced from a different
> > > UDP
> > > port) to the same IPFIX collector port.
> > > 
> > > While trying to understand this behaviour, I checked RFC7011 and
> > > a
> > > few
> > > related RFCs but could not find any notes suggesting use cases
> > > when
> > > it
> > > might be necessary. Also, I could not find any notes prohibiting
> > > this.
> > > 
> > > However, we know of at least one use case when sending the
> > > aforementioned 4 IPFIX messages over 2 separate transport
> > > sessions
> > > is
> > > undesirable. For example, when multiple self-sufficient IPFIX
> > > collectors are listening on the same UDP socket using the socket
> > > option
> > > SO_REUSEPORT (for horizontal scaling), the kernel-level load-
> > > balancing
> > > algorithm can distribute 2 related sessions of the same exporter
> > > to
> > > different processes. As a result, the process receiving the Flow
> > > Records, cannot process them properly without the related
> > > Options.
> > > In
> > > theory, it can also happen in the environments where layer-4
> > > load-
> > > balancers are used to distribute transport UDP sessions between
> > > IPFIX
> > > collecting hosts.
> > > 
> > > Considering this, could you please help answer the following
> > > question?
> > > 
> > > Did I interpret the IPFIX RFCs correctly and the mentioned
> > > exporter's
> > > behaviour is a compliant implementation?
> > > 
> > > There is a note in the "Template Management" section 8 of RFC7011
> > > saying:
> > > 
> > >     Options Templates and Templates that are related or
> > > interdependent
> > >     (e.g., by sharing common properties as described in
> > > [RFC5473])
> > >     SHOULD be sent together in the same IPFIX Message.
> > > 
> > > but the Templates and the Options Templates in the case that I
> > > mentioned are not interdependant by the common properties per
> > > RFC5473.
> > > 
> > > 
> > > 
> > > Thank you in advance!
> > > 
> > > 
> > > Kind regards,
> > > Garri Djavadyan
> > >   
> > > 
> > > _______________________________________________
> > > IPFIX mailing list
> > > IPFIX@ietf.org
> > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipfix__;!!OSsGDw!J3DauxNGB6V13gsv8HRy629ddHwNTtJFeE5njPIdVQCVssXh2upsaiMkWBlmd8llnYXke9dEef0WZvmNag$
> > >  [ietf[.]org]
>

v2.23.0 | Report a Bug | By Email