Re: [IPFIX] templateLifePacket on IPFIX collector

Benoit Claise <bclaise@cisco.com> Tue, 03 October 2017 08:19 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C60A6134B82 for <ipfix@ietfa.amsl.com>; Tue, 3 Oct 2017 01:19:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgPawaPFihQB for <ipfix@ietfa.amsl.com>; Tue, 3 Oct 2017 01:19:41 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1665132D67 for <ipfix@ietf.org>; Tue, 3 Oct 2017 01:19:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=36751; q=dns/txt; s=iport; t=1507018780; x=1508228380; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=+u8C60otfwvIvC7VBEQV6KYVvU2vqx+PJeBp59GvetQ=; b=i+PBnHwo9x/PU9ZJfVGU496I6ThkgqgrtR44RWAKELMu6VW69D9H2+Df ef2HZuhGauxp2Ecp8Itoxr9MW6G2hzSzqXievSqKgmQGJFc4q/J9CAL2z 9pK2BhHY/+Bc9i4uDDIeONNzJzmsez5SwJ5ZKcAeUHsNaMDT1GF5zH0rg w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BzAQDoRtNZ/xbLJq1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzCBEW4ng3mLE5BmkUaEZg6CAQMKGAEKhRgChQgWAQIBAQEBAQE?= =?us-ascii?q?BayiFGAEBAQECAQEBIUsLBQsJAhggAQYDAgInHxEGDQYCAQGKJAgQh0SdZ4InJ?= =?us-ascii?q?4sLAQEBAQEBAQEBAQEBAQEBAQEBARoFgjd2g1OBaiuCfYRRAQsHAVWCXYJhBYo?= =?us-ascii?q?KiR+FL4hah16DX4koghSJSSSHCIoTg2aHW4E5JgkogQMLMiEIHRVJhGGCPj42A?= =?us-ascii?q?QGHDw8YghwBAQE?=
X-IronPort-AV: E=Sophos;i="5.42,473,1500940800"; d="scan'208,217";a="655156751"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Oct 2017 08:19:38 +0000
Received: from [10.55.221.36] (ams-bclaise-nitro3.cisco.com [10.55.221.36]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v938JbLV007332; Tue, 3 Oct 2017 08:19:38 GMT
To: Petr Velan <petr.velan@cesnet.cz>
Cc: "Brian Trammell (IETF)" <ietf@trammell.ch>, ipfix@ietf.org
References: <CALbOe5M7QzMAmvd_mjoa_cqqbAd0idjiXpGbTBp3rtr-McXJNw@mail.gmail.com> <09DB7C34-E8A0-470D-A808-6875AB94FA9A@trammell.ch> <CALbOe5PArCC8XMgP6VajWRj=q6U4q9dLi8wqrqWOeGa30Mfyog@mail.gmail.com> <b4c2a214-5e6c-861a-a394-ad26ae42bd21@cisco.com> <CALbOe5M+YzXN8VPKBU_04ZGxk43bauyfbZspiRUcFAjXeO4JOA@mail.gmail.com>
From: Benoit Claise <bclaise@cisco.com>
Message-ID: <0cfc063d-fbab-0aa6-416f-6f6e203ae865@cisco.com>
Date: Tue, 3 Oct 2017 10:19:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CALbOe5M+YzXN8VPKBU_04ZGxk43bauyfbZspiRUcFAjXeO4JOA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------3FD27BC85DE50EAC47EA7177"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/f4QLsv32XMtZtxmQIMNx2XGl52o>
Subject: Re: [IPFIX] templateLifePacket on IPFIX collector
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2017 08:19:45 -0000

Hi Petr,
> Hi Benoit,
>
> I think that there is a slight confusion. I'm talking specifically 
> about __Collection Process__, not __Exporting Process__. My focus is 
> on templateLifeTime, optionsTemplateLifeTime, templateLifePacket, and 
> optionsTemplateLifePacket options and not at all about 
> templateRefreshTimeout, optionsTemplateRefreshTimeout, 
> templateRefreshPacket, and optionsTemplateRefreshPacket options.
>
> With that cleared out, let my try to clarify:
>
> On Mon, Oct 2, 2017 at 2:11 PM, Benoit Claise <bclaise@cisco.com 
> <mailto:bclaise@cisco.com>> wrote:
>
>     Hi Petr,
>>     Hi Brian,
>>
>>     I understand that the Exporter is required to export the
>>     templates at regular intervals. It is not clear, whether "regular
>>     intervals" mean "time intervals" (as suggested by the
>>     templateRefreshTimeout example) or if it can mean "packet
>>     intervals" as well (as suggested by the RFC 6728).
>     As mentioned, the two options come from NetFlow v9, with UDP.
>>     Moreover, this discusses only the Exporter Processes. My question
>>     was primarily about the Collecting Process, where the RFC 7011
>>     specifies the following:
>>
>>         In order to minimize resource requirements for Templates that are no
>>         longer being used by the Exporting Process, the Collecting Process
>>         MAY associate a lifetime with each Template received in a Transport
>>         Session.  Templates not refreshed by the Exporting Process within the
>>         lifetime can then be discarded by the Collecting Process.  The
>>         Template lifetime at the Collecting Process MAY be exposed by a
>>         configuration parameter or MAY be derived from observation of the
>>         interval of periodic Template retransmissions from the Exporting
>>         Process.  In this latter case, the Template lifetime SHOULD default
>>         to at least 3 times the observed retransmission rate.
>>     So the IPFIX configuration model only suggests that the
>>     Collecting Process can use the *TemplateLifePacket options
>>     without actually requiring their implementation anywhere. Is that
>>     correct?
>     Not sure I understand.
>     From RFC7011
>
>         Since UDP provides no method for reliable transmission of Templates,
>         Exporting Processes using UDP as the transport protocol MUST
>         periodically retransmit each active Template at regular intervals.
>         The Template retransmission interval MUST be configurable via, for
>         example, the templateRefreshTimeout and optionsTemplateRefreshTimeout
>         parameters as defined in [RFC6728 <https://tools.ietf.org/html/rfc6728>].  Default settings for these
>         values are deployment- and application-specific.
>
>     If the collector is the one that configured the
>     templateRefreshTimeout and optionsTemplateRefreshTimeout for the
>     Exporter, then it knows this information. Alternatively, it can
>     try to deduce it.
>
> This says that an __Exporting Process__ must implement some kind of 
> the template refresh timeout for UDP and that it must be configurable. 
> However, template lifetime tracking is only suggested for __Collecting 
> Processes__ for the UDP protocol in the RFC 7011 and the template 
> lifepacket expiration is not mentioned at all. My original question 
> was whether the template lifepacket tracking was required/suggested by 
> the IPFIX protocol as it was present in the IPFIX information model. 
> The answer to that question seems to be _no_.
Expiration on the Exporting Process. From your last sentence in this 
email, it seems that we agree on the following

       Since UDP provides no method for reliable transmission of Templates,
        Exporting Processes using UDP as the transport protocol MUST
        periodically retransmit each active Template at regular intervals.
        The Template retransmission interval MUST be configurable via, for
        example, the templateRefreshTimeout and optionsTemplateRefreshTimeout
        parameters as defined in [RFC6728 <https://tools.ietf.org/html/rfc6728>].  Default settings for these
        values are deployment- and application-specific.

Could be read as:

       Since UDP provides no method for reliable transmission of Templates,
        Exporting Processes using UDP as the transport protocol MUST
        periodically retransmit each active Template at regular intervals (packets or time)
        The Template retransmission interval MUST be configurable via, for
        example, the templateRefreshTimeout and optionsTemplateRefreshTimeout
    *or **templateRefreshPacket **and **optionsTemplateRefreshPacket*
        parameters as defined in [RFC6728 <https://tools.ietf.org/html/rfc6728>] .  Default settings for these
        values are deployment- and application-specific.

Now, I get it that your question is about templateLifeTime, 
optionsTemplateLifeTime, templateLifePacket, and 
optionsTemplateLifePacket on the Collecting Process.
See below.

>     Now, an editorial errata (more for completeness that anything
>     else) could be that RFC7011 should mention RFC 6728
>     templateRefreshPacket and optionsTemplateRefreshPacket.
>     However, it says "for example, the templateRefreshTimeout and
>     optionsTemplateRefreshTimeout parameters as defined in [RFC6728
>     <https://tools.ietf.org/html/rfc6728>]."
>     So there might be other examples.
>>
>>     On a related note, while reading through the RFC 6728, I've
>>     noticed that it still references the obsoleted RFC 5101, which is
>>     not good, especially regarding the template timeout on collecting
>>     process. The problem is that it forces the configuration of
>>     templateLifeTime and optionsTemplateLifeTime options per RFC
>>     5101, Section 10.3.7 where it states:
>>         The Collecting Process MUST associate a lifetime with each Template
>>         (or another definition of an identifier considered unique within the
>>         Transport Session) received via UDP.  Templates (and similar
>>         definitions) not refreshed by the Exporting Process within the
>>         lifetime are expired at the Collecting Process.
>>     However, the RFC 7011 obsoletes this (see my first quote) and
>>     changes this behaviour to optional. Would it make sense to update
>>     the RFC 6728 to reflect this change?
>     Maybe.
>
>
> That is a significant change from RFC 5101 which _required_ the 
> template lifetime tracking. The relevant text in RFC 6728 stil 
> references RFC 5101 and suggest that implementing the template 
> lifetime expiration for UDP it is still required for __Collecting 
> Processes_ by the IPFIX protocol, which is no longer true.
You're right that this functionality moved from a MUST in RFC 5101 to a 
MAY in RFC7011.
You're right that RFC6728 was specified based on RFC5101
What would you change if you would update RFC6728 to be RFC7011? 
Optional features should still be modeled. So the description text next 
to templateLifeTime, optionsTemplateLifeTime, templateLifePacket, 
optionsTemplateLifePacket?
So basically, yes, RFC6728 could be updated to be inline with RFC7011. 
Hence my previous answer "maybe"

Regards, Benoit
>
> The template expiration based on number of packets at the __Collecting 
> Process__ was not present anywhere in the RFC 3954. Therefore, I'm 
> surprised to find it in the IPFIX information model when it is not 
> mentioned in the standard. I fully agree that the 
> templateRefreshPacket makes complete sense at the __Exporting 
> Process__, but my focus here is on the __Collecting Process__.
>
> Cheers,
> Petr
>
>
>     Regards, Benoit
>
>>
>>     Cheers,
>>     Petr
>>
>>     On Mon, Oct 2, 2017 at 10:05 AM, Brian Trammell (IETF)
>>     <ietf@trammell.ch <mailto:ietf@trammell.ch>> wrote:
>>
>>         hi Petr,
>>
>>         This is specified in section 8.4 of RFC 7011 for UDP:
>>
>>            Since UDP provides no method for reliable transmission of
>>         Templates,
>>            Exporting Processes using UDP as the transport protocol MUST
>>            periodically retransmit each active Template at regular
>>         intervals.
>>            The Template retransmission interval MUST be configurable
>>         via, for
>>            example, the templateRefreshTimeout and
>>         optionsTemplateRefreshTimeout
>>            parameters as defined in [RFC6728]. Default settings for these
>>            values are deployment- and application-specific.
>>
>>         For transports with reliable template lifetimes (TCP, SCTP),
>>         templates require no refresh, since template state remains
>>         synchronized between exporter and collector.
>>
>>         Cheers,
>>
>>         Brian
>>
>>
>>         > On 2 Oct 2017, at 09:37, Petr Velan <petr.velan@cesnet.cz
>>         <mailto:petr.velan@cesnet.cz>> wrote:
>>         >
>>         > Hello IPFIX masters,
>>         >
>>         > we are implementing an IPFIX collector and a question came
>>         up whether to support templateLifePacket configuration as
>>         specified in RFC 6728
>>         (https://tools.ietf.org/html/rfc6728#section-4.5.2
>>         <https://tools.ietf.org/html/rfc6728#section-4.5.2>). It
>>         seems, that the *LifePacket options are not mentioned
>>         anywhere else in the IPFIX related documents and that the
>>         IPFIX protocol specifies only time based timeout expiration.
>>         Therefore, my question is why the *LifePacket options are
>>         even present in the RFC 6728 and whether it is necessary to
>>         implement them for the collector (and exporter as well) to be
>>         compliant with the IPFIX standard.
>>         >
>>         > I think that the whole *LifePacket option came from NetFlow
>>         v9 where the informational RFC 3954 states that:
>>         >       On a regular basis, the Exporter MUST send all the
>>         Template
>>         >       Records and Options Template Records to refresh the
>>         Collector.
>>         >       Template IDs have a limited lifetime at the Collector
>>         and MUST be
>>         >       periodically refreshed. Two approaches are taken to
>>         make sure
>>         >       that Templates get refreshed at the Collector:
>>         >             * Every N number of Export Packets.
>>         >             * On a time basis, so every N number of minutes.
>>         >       Both options MUST be configurable by the user on the
>>         Exporter.
>>         >       When one of these expiry conditions is met, the
>>         Exporter MUST send
>>         >       the Template FlowSet and Options Template.
>>         >
>>         >
>>         > If that is the case, should the IPFIX standard specify
>>         something similar as well? Otherwise, it would seem that
>>         removing the *LifePacket options from the RFC 6728 would
>>         prevent further confusion.
>>         >
>>         > Kind regards,
>>         > Petr Velan
>>         >
>>         > _______________________________________________
>>         > IPFIX mailing list
>>         > IPFIX@ietf.org <mailto:IPFIX@ietf.org>
>>         > https://www.ietf.org/mailman/listinfo/ipfix
>>         <https://www.ietf.org/mailman/listinfo/ipfix>
>>
>>
>>
>>
>>     _______________________________________________
>>     IPFIX mailing list
>>     IPFIX@ietf.org <mailto:IPFIX@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/ipfix
>>     <https://www.ietf.org/mailman/listinfo/ipfix>
>
>