[IPFIX] Comments needed for draft-fu-ipfix-network-security-00

"Hedanping (Ana)" <ana.hedanping@huawei.com> Thu, 25 December 2014 06:30 UTC

Return-Path: <ana.hedanping@huawei.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 437F81A8720 for <ipfix@ietfa.amsl.com>; Wed, 24 Dec 2014 22:30:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ULnkSTnPSa9N for <ipfix@ietfa.amsl.com>; Wed, 24 Dec 2014 22:30:09 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B5671A004C for <ipfix@ietf.org>; Wed, 24 Dec 2014 22:30:08 -0800 (PST)
Received: from (EHLO lhreml402-hub.china.huawei.com) ([]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BQL67287; Thu, 25 Dec 2014 06:30:06 +0000 (GMT)
Received: from SZXEML453-HUB.china.huawei.com ( by lhreml402-hub.china.huawei.com ( with Microsoft SMTP Server (TLS) id; Thu, 25 Dec 2014 06:30:05 +0000
Received: from szxeml557-mbs.china.huawei.com ([]) by SZXEML453-HUB.china.huawei.com ([]) with mapi id 14.03.0158.001; Thu, 25 Dec 2014 14:30:00 +0800
From: "Hedanping (Ana)" <ana.hedanping@huawei.com>
To: "ipfix@ietf.org" <ipfix@ietf.org>, "ipfix-chairs@tools.ietf.org" <ipfix-chairs@tools.ietf.org>, "stbryant@cisco.com" <stbryant@cisco.com>, Paul Aitken <paitken@Brocade.com>, Benoit Claise <bclaise@cisco.com>, Andrew Feren <andrewf@plixer.com>
Thread-Topic: Comments needed for draft-fu-ipfix-network-security-00
Thread-Index: AdAgDDK1FVa1OpepS8CUXrZ5IZppbA==
Date: Thu, 25 Dec 2014 06:29:59 +0000
Message-ID: <77FA386512F0D748BC7C02C36EB1106D90DB24@szxeml557-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_77FA386512F0D748BC7C02C36EB1106D90DB24szxeml557mbschina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/ipfix/o54ztPEgojZ5NZVc4TRPORV3_TM
Cc: "draft-fu-ipfix-network-security@tools.ietf.org" <draft-fu-ipfix-network-security@tools.ietf.org>
Subject: [IPFIX] Comments needed for draft-fu-ipfix-network-security-00
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Dec 2014 06:30:12 -0000


We wrote a draft to extend standard Information Elements for inspecting network security (e.g. the fragment attack in ICMP, TCP and UDP; and DDOS attack). Compared with packet/Byte based sampling, session based sampling is proposed and will be more useful for efficient and effective security inspection.

The link of the draft is as follow, where the proposed IEs are described:


Your comments are welcome!

Merry holidays and happy new year!