[IPFIX] IPFIX export: SNMP versus physical Interface

Paul Aitken <paitken@cisco.com> Tue, 26 July 2011 12:30 UTC

Return-Path: <paitken@cisco.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6240721F87E2 for <ipfix@ietfa.amsl.com>; Tue, 26 Jul 2011 05:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnauIzbd1vnf for <ipfix@ietfa.amsl.com>; Tue, 26 Jul 2011 05:30:14 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 148C121F8797 for <ipfix@ietf.org>; Tue, 26 Jul 2011 05:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=paitken@cisco.com; l=9325; q=dns/txt; s=iport; t=1311683414; x=1312893014; h=message-id:date:from:mime-version:to:subject; bh=JvePRjuyXrJnup41tr2//kxKd9ex6fIczL8XvwoemBs=; b=Ol0abA33bpa4NXP7SZGx3BVjn5bGuV4P2tgGeetoYCkgRZnCpqU3phTI nPllZKU1s0KHQhOXtror/q6bxsqFsNJRdDS/1Eru08CFkVgtGCVGyDzhY fNjaaT/ymzYdlT2iZwE4nR5o/wXHE59r60zWgSaVRrp6Q/J/Ds8yV9aWg g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EADWyLk6Q/khL/2dsb2JhbABQAW8/IhgDAgECAQJYDg8BAR+CNqR/d6tCgSOeY4ZABJJyhQeLWg
X-IronPort-AV: E=Sophos; i="4.67,269,1309737600"; d="scan'208,217"; a="44348559"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-2.cisco.com with ESMTP; 26 Jul 2011 12:30:12 +0000
Received: from [10.61.83.209] (ams3-vpn-dhcp5074.cisco.com [10.61.83.209]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p6QCUBMH031549 for <ipfix@ietf.org>; Tue, 26 Jul 2011 12:30:11 GMT
Message-ID: <4E2EB359.8070309@cisco.com>
Date: Tue, 26 Jul 2011 13:30:17 +0100
From: Paul Aitken <paitken@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: IETF IPFIX Working Group <ipfix@ietf.org>
Content-Type: multipart/alternative; boundary="------------070901080007020104090405"
Subject: [IPFIX] IPFIX export: SNMP versus physical Interface
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 12:30:15 -0000

Dear IPFIXers,

I noticed that the definitions of fields 10 and 14, and fields 252 and 
253 are confusingly similar. See below.

Cisco uses fields 10 and 14 to export the logical or virtual interface 
(eg. SVI, tunnel), while fields 252 and 253 export the actual physical 
interface.

For example, if we have an SVI configured on a VLAN, the SNMP index of 
the SVI would be exported using fields 10 and 14, while the SNMP index 
of the physical port in that VLAN would be exported with fields 252 and 253.

So I propose to update fields 10 and 11 to say, "the index of the 
logical or virtual interface ...", to contrast with 252 and 253 which 
say, "The index of a networking device's physical interface ...".

And I propose to add the following text (copied from 10 and 14) to 252 
and 253, to clarify that these are also SNMP ifIndex values:

            The value matches the value of
            managed object 'ifIndex' as defined in RFC 2863.
            Note that ifIndex values are not assigned statically to an
            interface and that the interfaces may be renumbered every
            time the device's management system is re-initialized, as
            specified in RFC 2863.


The existing definitions are below for reference.

Please shout now if you disagree.

Thanks,
P.


10 ingressInterface unsigned32 identifier current

            The index of the IP interface where packets of this Flow
            are being received.  The value matches the value of managed
            object 'ifIndex' as defined in RFC 2863.
            Note that ifIndex values are not assigned statically to an
            interface and that the interfaces may be renumbered every
            time the device's management system is re-initialized, as
            specified in RFC 2863.

           See [RFC2863] for the definition of the
           ifIndex object.


14 egressInterface unsigned32 identifier current

            The index of the IP interface where packets of
            this Flow are being sent.  The value matches the value of
            managed object 'ifIndex' as defined in RFC 2863.
            Note that ifIndex values are not assigned statically to an
            interface and that the interfaces may be renumbered every
            time the device's management system is re-initialized, as
            specified in RFC 2863.

           See [RFC2863] for the definition of the
           ifIndex object.


252 ingressPhysicalInterface unsigned32 identifier current

           The index of a networking device's physical interface 
(example, a
           switch port) where packets of this flow are being received.

           See [RFC2863] for the definition of the ifIndex object.


253 egressPhysicalInterface unsigned32 identifier current

           The index of a networking device's physical interface 
(example, a
           switch port) where packets of this flow are being sent.

           See [RFC2863] for the definition of the ifIndex object.