IETF Logo Mail Archive

Re: [IPFIX] new IPFIX fields for traffic classification

Paul Aitken <paitken@cisco.com> Tue, 14 June 2011 10:04 UTC

Return-Path: <paitken@cisco.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D6321F85DE for <ipfix@ietfa.amsl.com>; Tue, 14 Jun 2011 03:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dc0HgvQS-1DY for <ipfix@ietfa.amsl.com>; Tue, 14 Jun 2011 03:04:20 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 4030C21F85D5 for <ipfix@ietf.org>; Tue, 14 Jun 2011 03:04:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=paitken@cisco.com; l=2612; q=dns/txt; s=iport; t=1308045860; x=1309255460; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=zGl5R0qYh5ZR7VZuz7gnO0GwE2Jj9ZVfAR4NWeUimWg=; b=KJM5XxFcKr0dg9+543GnsBK9HnFHLWxa0+AfJ+7FicU/lN25GoZxKWhq 2GHhsrEF1e26qlZ0HMy2D/e72xl4uhI6IiKe8mgoGEBrOwRcJ9yAhWZ0a RljU63VEGzniAkjgdSVKH3IgzAyUI/L7En/INg3gzJyzkzehYB/znqmG0 s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EALsx902Q/khM/2dsb2JhbABSpjd3qiueL4YkBJFHhFeLDw
X-IronPort-AV: E=Sophos;i="4.65,363,1304294400"; d="scan'208";a="35130401"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by ams-iport-2.cisco.com with ESMTP; 14 Jun 2011 10:04:14 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p5EA4DRd016034; Tue, 14 Jun 2011 10:04:14 GMT
Received: from [10.61.100.192] (dhcp-10-61-100-192.cisco.com [10.61.100.192]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id p5EA48tX019150; Tue, 14 Jun 2011 11:04:09 +0100 (BST)
Message-ID: <4DF73218.3050105@cisco.com>
Date: Tue, 14 Jun 2011 11:04:08 +0100
From: Paul Aitken <paitken@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Brian Trammell <trammell@tik.ee.ethz.ch>
References: <4DF626E8.80606@cisco.com> <73F44306-67AE-4776-95EE-224BB8D63275@tik.ee.ethz.ch>
In-Reply-To: <73F44306-67AE-4776-95EE-224BB8D63275@tik.ee.ethz.ch>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IETF IPFIX Working Group <ipfix@ietf.org>
Subject: Re: [IPFIX] new IPFIX fields for traffic classification
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 10:04:22 -0000

Brian,

Hierarchical sub-classification is essentially the direction we're going 
with draft-claise-export-application-info-in-ipfix.

P.


On 13/06/11 16:22, Brian Trammell wrote:
> Hi, Paul,
>
> A suggestion: if these are encoded in strings, why not specify a delimiter-separated ID space and have a single flowClassification string with this delimiter separated space.
>
> IE "flowClassification" = "email.gmail", "ftp-group.ftp-data" and so on?
>
> This would allow sub-sub-sub categories, as well ("voip.skype.datachannel.noudp.v5")
>
> Cheers,
>
> Brian
>
> On Jun 13, 2011, at 5:04 PM, Paul Aitken wrote:
>
>> Dear IPFIX experts,
>>
>> Cisco would like to define some new IPFIX fields for traffic classification so we can attach classification information to each exported flow.
>>
>> Unlike many other fields, we don't propose to encode these fields numerically, so the usual option table mapping numbers to names won't be necessary.
>>
>> Instead, these fields would contain strings. Each field would be extensible so new strings could be added in future. In fact, we expect this to be a regular occurrence as new classifications are defined.
>>
>> However, it's not desirable - and perhaps not even possible - to list all the classification values. So there won't be any complete or exhaustive value list for any of these fields, and IANA won't maintain a registry for each field.
>>
>> This is similar to the existing wlanSSID, interfaceName and VRFname fields: while we can define the purpose of these fields, the values cannot be listed exhaustively. These can only be defined as generic strings, and no attempt should be made to register all the possible values.
>>
>> While we've already defined enterprise-specific fields, we feel these fields will be generally useful to the community. Nevil has asked for discussion before approving our request for new IANA field allocations.
>>
>> So, please discuss... ;-)
>>
>>
>> Specifically, the fields which we'd like to define are:
>>
>>     * Category = a protocol attribute which broadly groups a set of protocols having the same characteristic.
>>         e.g. file-sharing, email.
>>
>>     * Sub-category = a second level category attribute
>>         e.g. p2p-file-transfer, gmail
>>
>>     * Application-group = a protocol attribute which groups a set of protocols belonging to same application.
>>         e.g. ftp-group
>>
>>
>> Cheers,
>> P.
>>
>> _______________________________________________
>> IPFIX mailing list
>> IPFIX@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipfix

v2.23.0 | Report a Bug | By Email