Re: [IPFIX] new IPFIX fields for traffic classification
Brian Trammell <trammell@tik.ee.ethz.ch> Mon, 13 June 2011 15:22 UTC
Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40FF21F84A2 for <ipfix@ietfa.amsl.com>; Mon, 13 Jun 2011 08:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34mBYN7l8DSB for <ipfix@ietfa.amsl.com>; Mon, 13 Jun 2011 08:22:40 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id EFCED21F8493 for <ipfix@ietf.org>; Mon, 13 Jun 2011 08:22:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id D8F92D9324; Mon, 13 Jun 2011 17:22:51 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id l1Rwlpd89EHB; Mon, 13 Jun 2011 17:22:51 +0200 (MEST)
Received: from [10.0.1.2] (cust-integra-121-161.antanet.ch [80.75.121.161]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 76551D931C; Mon, 13 Jun 2011 17:22:51 +0200 (MEST)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <4DF626E8.80606@cisco.com>
Date: Mon, 13 Jun 2011 17:22:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <73F44306-67AE-4776-95EE-224BB8D63275@tik.ee.ethz.ch>
References: <4DF626E8.80606@cisco.com>
To: Paul Aitken <paitken@cisco.com>
X-Mailer: Apple Mail (2.1084)
Cc: IETF IPFIX Working Group <ipfix@ietf.org>
Subject: Re: [IPFIX] new IPFIX fields for traffic classification
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 15:22:40 -0000
Hi, Paul,
A suggestion: if these are encoded in strings, why not specify a delimiter-separated ID space and have a single flowClassification string with this delimiter separated space.
IE "flowClassification" = "email.gmail", "ftp-group.ftp-data" and so on?
This would allow sub-sub-sub categories, as well ("voip.skype.datachannel.noudp.v5")
Cheers,
Brian
On Jun 13, 2011, at 5:04 PM, Paul Aitken wrote:
> Dear IPFIX experts,
>
> Cisco would like to define some new IPFIX fields for traffic classification so we can attach classification information to each exported flow.
>
> Unlike many other fields, we don't propose to encode these fields numerically, so the usual option table mapping numbers to names won't be necessary.
>
> Instead, these fields would contain strings. Each field would be extensible so new strings could be added in future. In fact, we expect this to be a regular occurrence as new classifications are defined.
>
> However, it's not desirable - and perhaps not even possible - to list all the classification values. So there won't be any complete or exhaustive value list for any of these fields, and IANA won't maintain a registry for each field.
>
> This is similar to the existing wlanSSID, interfaceName and VRFname fields: while we can define the purpose of these fields, the values cannot be listed exhaustively. These can only be defined as generic strings, and no attempt should be made to register all the possible values.
>
> While we've already defined enterprise-specific fields, we feel these fields will be generally useful to the community. Nevil has asked for discussion before approving our request for new IANA field allocations.
>
> So, please discuss... ;-)
>
>
> Specifically, the fields which we'd like to define are:
>
> * Category = a protocol attribute which broadly groups a set of protocols having the same characteristic.
> e.g. file-sharing, email.
>
> * Sub-category = a second level category attribute
> e.g. p2p-file-transfer, gmail
>
> * Application-group = a protocol attribute which groups a set of protocols belonging to same application.
> e.g. ftp-group
>
>
> Cheers,
> P.
>
> _______________________________________________
> IPFIX mailing list
> IPFIX@ietf.org
> https://www.ietf.org/mailman/listinfo/ipfix
- [IPFIX] new IPFIX fields for traffic classificati… Paul Aitken
- Re: [IPFIX] new IPFIX fields for traffic classifi… Brian Trammell
- Re: [IPFIX] new IPFIX fields for traffic classifi… Chris Inacio
- Re: [IPFIX] new IPFIX fields for traffic classifi… Paul Aitken
- Re: [IPFIX] new IPFIX fields for traffic classifi… Paul Aitken