Re: [IPFIX] Options Templates, Templates, and related Data Sets sent in separate transport sessions
Garri Djavadyan <g.djavadyan@gmail.com> Mon, 05 February 2024 23:29 UTC
Return-Path: <g.djavadyan@gmail.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29575C14F60A for <ipfix@ietfa.amsl.com>; Mon, 5 Feb 2024 15:29:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rPyoOTfD1Ph3 for <ipfix@ietfa.amsl.com>; Mon, 5 Feb 2024 15:29:44 -0800 (PST)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94002C14F604 for <ipfix@ietf.org>; Mon, 5 Feb 2024 15:29:44 -0800 (PST)
Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2d0b750518bso8681561fa.0 for <ipfix@ietf.org>; Mon, 05 Feb 2024 15:29:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707175782; x=1707780582; darn=ietf.org; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id:from:to:cc :subject:date:message-id:reply-to; bh=NtxbpeaVTEiCs1du/hqfrxPzfbXzQJfCKJl+k3XPFxA=; b=c/YCYbkgteCUsUFiHkuoIW83P3NAFnV7xgmX57IY2pSdzqdxQZdKD4eyEa1ECag2fW Mt9k4UEndmKLgJuMyzu24aKrvjETl5AX6dOR81LfGeH8nmubKtSAyjVaZYLJVMWFUZOC jTmrcgS4Y8SrzAA/UjC4xgDVpPZbMGVCEZpCn2Ull0kClW9Awxen+8iL18+7afw5GXez 5YbGApIZgUFCSjqc/S+eXvlMmPU4pbukjvZNtOZTpOyrKFduo54aBt4kQ8MRs0Sagcmy DCXF3JnXzeTp4WMfSANf2y3JTrCEraLijif+VMG+JlWQ0CIU1uf2AQlRBcWYw8t7KbhV sLbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707175782; x=1707780582; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NtxbpeaVTEiCs1du/hqfrxPzfbXzQJfCKJl+k3XPFxA=; b=SVFTTHWZuCIFhwmxcLij68DKgKaGid6vpFyGT9wz3c8V/6pF3E1bWzQIOPEjhPsoO2 3n9BDFMhFRUBzR0jJ+DylxDlBuaaB5kMaOho0Vz6VCV3f62diCoGeDzEAzPrEcOWCaAF +PkrBuXG5y/F5ycpfPTIDEVR1JJe4Nlq7xZ9e+bm3lp4b2MCe8V32FZ/+2VJP6RFz4LS Bu5ZVUM3+kuuY55P+S6i9i/huO6A/hNg+6OGoVDOfxLZ2au19cwv7Y66DocuGltqxFMa 1hhsyEl4H4cV35goa3vzM120rH/aT52agypsD4iZfcP64rx2JyCuv22PkfENj32I1IYT wsrA==
X-Gm-Message-State: AOJu0YzV3N0yZtjEvKGpmlJkCk5nuDLB8NjgL051FivHPDNoQxT0IkCu p0wW02is2EjzebfxpOdAS1Xp1HMCFY/lQagotN7nOOlnCKGuvZsXgkdDnymB
X-Google-Smtp-Source: AGHT+IHSQBYSKZB8LQa/KeaByx5EvR/jggpUJm6QqA4nkydQKpBkd2j6+9KhQpa/RGkrZYNH9ZnSvA==
X-Received: by 2002:a2e:bc28:0:b0:2d0:b3c3:d8f3 with SMTP id b40-20020a2ebc28000000b002d0b3c3d8f3mr891765ljf.41.1707175781697; Mon, 05 Feb 2024 15:29:41 -0800 (PST)
Received: from ?IPv6:2a02:a210:2280:c00:4e94:e21b:393c:8e98? (2a02-a210-2280-0c00-4e94-e21b-393c-8e98.cable.dynamic.v6.ziggo.nl. [2a02:a210:2280:c00:4e94:e21b:393c:8e98]) by smtp.gmail.com with ESMTPSA id q4-20020a056402248400b005606405866bsm396906eda.58.2024.02.05.15.29.40 for <ipfix@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Feb 2024 15:29:40 -0800 (PST)
Message-ID: <05853a655a6db65bdf2ccc4983b2fada93654d49.camel@gmail.com>
From: Garri Djavadyan <g.djavadyan@gmail.com>
To: "ipfix@ietf.org" <ipfix@ietf.org>
Date: Tue, 06 Feb 2024 00:29:39 +0100
In-Reply-To: <7a9c6493-ac7e-4cd1-9703-a5f33f1b7330@ciena.com>
References: <095e959a3b1f5c557fe1e463754379edc21b32ea.camel@gmail.com> <7a9c6493-ac7e-4cd1-9703-a5f33f1b7330@ciena.com>
Autocrypt: addr=g.djavadyan@gmail.com; prefer-encrypt=mutual; keydata=mQINBFo+To4BEADC1carfPgdOb+6l/NlXtXwXK0iKTJQnlihyg8MrDcrxSa/XjW1ISpfuBID40gqIIKNnGSjljfzf9FroR7WIQkImT1w80chWU57jf2ag8ytR2RJhM4tV2j98mqc6sZK5TG52SMVjOKnE266tXCL+HlILQaD9vpkfRrj79uNZHecprvIIflR4AXLAuXABzy65CnQ4jdxcZKReFL1+4Q7874+xAIe6dHuxWeS7PZPvj8FnRVNHDwPJxumEwV4sRYKeLF5lghPZlx9YAOknlnXdU58yh1UalvfiiKTthSS07BpUgwoiBAu5rYHE1DpUWcqvZWh59iy2JAsABrGJT/fEDC8UYr3wf7hWRNSkArEn3cCKth4crPyOhd9R/MO4eQAQnrdJXI6lgZojMwDZjIpItcxdekiVO4wnfPYvBf8BALPAw6k1PvAB8f7fiF+i1pKmr+nTuBcVpLkHV851BGVWXRW4l5QTYNQnf7lolhD4ErmJgOSfs7mu/jN8K8iUZlTwLScET71r/lplLBz5Is1cJVR/uZH36XK/16i4oaNshR2dxls3JcNCrBKDCrjev2G8SkKei7QqvysWKr5GdTyWnTjl6xQ3b6YoHymm3m/gRrTSrko8xxkuSOHsYSJq08Oy/STtFrB5jZe+/wC1r3EDZQZy5s8pT1OPGQbElzHDCyAzwARAQABtCdHYXJyaSBEamF2YWR5YW4gPGcuZGphdmFkeWFuQGdtYWlsLmNvbT6JAlQEEwEKAD4WIQTrf7SULpRILLSZ9B5gZG43gCh3ZwUCWj5OjgIbAwUJCWYBgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBgZG43gCh3Z4/IEAC9E+DHF//+651Tb/n5WbrZPUkt3WzjXHNIMzwCYWbCQag+WBvRxz9l qm00wDuZyGQzK5RY6RrSJ8A5rZRcMSHh5Jh8QAJLA4v5KDUUWh0n91sdRd/Vc cyzQhQmiWgvA2Rl/YfSyaQHimbDOUbDgApMGTy5ltZ51dKlwLUma2IVHW/qLGWnh51i2VXts+lPIo2lndqPSik0dLxEiL8d5IvpaukOiJrP8atwvm522nunr6V7bpwsq1lPEkW0eJBlqwjqZ/TQNQAqD/QWofFtvC7iTXEz4rfrHZP/2cHklo+rZtE2TNF44qe1k5G1y6SCL0iGuaVckdrVyyv6TuxGf8+59aGamqpySkfU4p9hwEsxWx+iPhkq31irstxuzzrWDjvoHNrw6s+2g07VRclfSOkX+4iFXxgchjwxbgdWo2PUEcGFDEbCgTUQ64B6PHMLMc9O3l/3cQAnFgW7dL7CMMOUjy6sRgvqF906c+ZPGk4OR3yanXuJOKXz9OVCbNgYPnxOuZo1L7BgW4JdewT96qjvkObeMwNOi2ED4WCU8w2XEx9FE1SR1A71/TKNHgMzycKCYqNk9xOi70yzXnIhrDYTJvC2rOqNC/8COtCvZ8epJ5JoJxQXQC+GEAOCMkERTY7aeEpfAKUuwwYYtR8kv7irlDQOTGe+xt+eI7C1g3SVyg==
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.50.2
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/thid-E77CxwuNszk0AHIzJv6tSI>
Subject: Re: [IPFIX] Options Templates, Templates, and related Data Sets sent in separate transport sessions
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 23:29:48 -0000
Paul, Thank you so much for your reply. Indeed, a source address translator in front of several Exporters that use two Transport UDP Sessions to represent one IPFIX export stream, have conflicting Observation Domain IDs, and different samplingInterval values in the Data Records would be a nightmare for a Collecting Process that treats multiple Transport Sessions sourced from the same IP as the same export stream. It seems I did not pay enough attention to the following sentence in the section 3.1 of the RFC7011: Collecting Processes SHOULD use the Transport Session and the Observation Domain ID field to separate different export streams originating from the same Exporter. I think a definition of the Export Stream in the Terminology (2) section of the RFC7011 could also help avoid doubts, saying something like: A Transport Session carrying related Template Records, Options Template Records, and Data Records. Now it is clear that we faced a bug that needs to be reported to the respective vendor. Thank you. Kind regards, Garri Djavadyan On Mon, 2024-02-05 at 10:17 +0000, Aitken, Paul wrote: > Garri, > > From the receiver's point of view, the different transport sessions > are > independent export streams which could come from different Exporters. > The receiver can't tell whether these come from one exporter or two. > The > data in the "options" Export Stream cannot be scoped to data in the > other stream as Template IDs are unique per Transport Session and the > Observation Domain is locally unique to the Exporting Process and > multiple EPs may be in play. > > Only SCTP provides multiple streams; TPC and UDP do not. See section > 6.1 > of RFC 5153. > > P. > > > On 03/02/24 14:38, Garri Djavadyan wrote: > > Hi IPFIX experts, > > > > > > Recently, my colleagues and I faced an IPFIX exporter > > implementation > > that sends IPFIX messages with the Template and related Data Sets > > in > > one transport UDP session and the Options Template and related Data > > Sets in another transport UDP session (sourced from a different UDP > > port) to the same IPFIX collector port. > > > > While trying to understand this behaviour, I checked RFC7011 and a > > few > > related RFCs but could not find any notes suggesting use cases when > > it > > might be necessary. Also, I could not find any notes prohibiting > > this. > > > > However, we know of at least one use case when sending the > > aforementioned 4 IPFIX messages over 2 separate transport sessions > > is > > undesirable. For example, when multiple self-sufficient IPFIX > > collectors are listening on the same UDP socket using the socket > > option > > SO_REUSEPORT (for horizontal scaling), the kernel-level load- > > balancing > > algorithm can distribute 2 related sessions of the same exporter to > > different processes. As a result, the process receiving the Flow > > Records, cannot process them properly without the related Options. > > In > > theory, it can also happen in the environments where layer-4 load- > > balancers are used to distribute transport UDP sessions between > > IPFIX > > collecting hosts. > > > > Considering this, could you please help answer the following > > question? > > > > Did I interpret the IPFIX RFCs correctly and the mentioned > > exporter's > > behaviour is a compliant implementation? > > > > There is a note in the "Template Management" section 8 of RFC7011 > > saying: > > > > Options Templates and Templates that are related or > > interdependent > > (e.g., by sharing common properties as described in [RFC5473]) > > SHOULD be sent together in the same IPFIX Message. > > > > but the Templates and the Options Templates in the case that I > > mentioned are not interdependant by the common properties per > > RFC5473. > > > > > > > > Thank you in advance! > > > > > > Kind regards, > > Garri Djavadyan > > > > > > _______________________________________________ > > IPFIX mailing list > > IPFIX@ietf.org > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipfix__;!!OSsGDw!J3DauxNGB6V13gsv8HRy629ddHwNTtJFeE5njPIdVQCVssXh2upsaiMkWBlmd8llnYXke9dEef0WZvmNag$ > > [ietf[.]org]
- [IPFIX] Options Templates, Templates, and related… Garri Djavadyan
- Re: [IPFIX] Options Templates, Templates, and rel… Aitken, Paul
- Re: [IPFIX] Options Templates, Templates, and rel… Garri Djavadyan
- Re: [IPFIX] Options Templates, Templates, and rel… Garri Djavadyan
- Re: [IPFIX] Options Templates, Templates, and rel… Brian Trammell (IETF)
- Re: [IPFIX] Options Templates, Templates, and rel… Garri Djavadyan