Re: [IPFIX] exporting ranges in IPFIX
Senthil Sivakumar <ssenthil@cisco.com> Mon, 11 June 2012 16:33 UTC
Return-Path: <ssenthil@cisco.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5C7221F85CD for <ipfix@ietfa.amsl.com>; Mon, 11 Jun 2012 09:33:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4p6nhGDbJKN for <ipfix@ietfa.amsl.com>; Mon, 11 Jun 2012 09:33:06 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id B9E1021F85C4 for <ipfix@ietf.org>; Mon, 11 Jun 2012 09:33:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ssenthil@cisco.com; l=4780; q=dns/txt; s=iport; t=1339432386; x=1340641986; h=date:subject:from:to:cc:message-id:in-reply-to: mime-version:content-transfer-encoding; bh=tVf3m68JsTbVItCdD4XRiL3IeMEzM1Z2X9VcsCXachw=; b=HsTL1+0cCIjr13XhAhnO4wFtfzRjE4gBaw2V//VIqcrqSdEx8d5y6Wlx wAANcQbWowD+4TjnTIJ6saRi4akKJmkENKMc4nnJUZRwssK+D2u3ohVki AZhqrCTdFaB2uE8MAj37O+6n3Ya3zj8tOmcOpx5WO13k+l5wqqeJfhoiW Y=;
X-IronPort-AV: E=Sophos;i="4.75,750,1330905600"; d="scan'208";a="91403221"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-7.cisco.com with ESMTP; 11 Jun 2012 16:33:06 +0000
Received: from [10.150.26.7] ([10.150.26.7]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id q5BGX3nu003169; Mon, 11 Jun 2012 16:33:04 GMT
User-Agent: Microsoft-MacOutlook/14.2.2.120421
Date: Mon, 11 Jun 2012 12:33:01 -0400
From: Senthil Sivakumar <ssenthil@cisco.com>
To: Brian Trammell <trammell@tik.ee.ethz.ch>, Paul Aitken <paitken@cisco.com>
Message-ID: <CBFB9210.208DF%ssenthil@cisco.com>
Thread-Topic: [IPFIX] exporting ranges in IPFIX
In-Reply-To: <496491AA-BE09-4F4E-B45D-F6C3AD8B16C1@tik.ee.ethz.ch>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Cc: IETF IPFIX Working Group <ipfix@ietf.org>
Subject: Re: [IPFIX] exporting ranges in IPFIX
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 16:33:07 -0000
On 6/11/12 10:48 AM, "Brian Trammell" <trammell@tik.ee.ethz.ch> wrote: >Hi, Paul, all, > >As for adding the port block range IEs, this makes sense as there is (1) >no generic range mechanism for IPFIX and (2) no way to report blocks of >ports semantically consistent with that required by >draft-ietf-behave-lsn-requirements. > >Two comments, neither particularly IPFIX-specific: > >First, there is a danger here, of course, that self-inconsistent >information can be reported using either the step size or number of ports >in block for stepped ranges: simply report a step or count greater than >the range. This should of course be treated in the descriptions of the >IEs... True. There is an effort underway in Behave that is capturing the IE's for NAT logging. And we should have all the constraints and restrictions on what should be reported/collected. > >Second, it's not clear that the proposed solution covers the applications >envisioned by the draft in question; from section 5: > > Note that this list is not exhaustive. There is a continuum of > behavior that a CGN may choose to implement. For example, a CGN > could use scattered port sets of consecutive port sets. It is very difficult to have a generic solution for all possible port allocation mechanisms. There are two goals : one is to reduce the amount of logs sent/received (to avoid per-connection logging) and not to be too predictable that would open one to attacks. That is where the bulk allocation with some arbitrary step size. Of course, it is not fool proof in all respects. > >The stepped-range thing seems a little hackish to me, but I'm not at all >familiar with how things are done on CGNs. What about disjoint stepped >ranges? What about uneven steps? Hacks are great, but they should at >least address the whole problem, I think. However, I suppose these IEs >plus structured data would handle every reasonable case... if that's the >approach, that should also be mentioned. If one wants to have uneven steps or some complex port scattered allocation mechanism then the implementations would have to figure out the necessary information that would required to be synced so that the exporter and collector can work in tandem knowing what port is allocated to which user. We donĀ¹t have such a mechanism today and when we have one, we might have to come back and ask for additional fields if required. Thanks Senthil > >Cheers, > >Brian > > >On Jun 8, 2012, at 11:06 PM, Paul Aitken wrote: > >> Dear all, >> >> I've had two feedbacks requesting a range start / range end mechanism. >>So I propose to request four fields: >> >> Port block start: 16 bits >> Port block end: 16 bits >> Port block step size 16 bits >> Number of ports in block 16 bits >> >> These can be reported in whatever way best matches the implementation. >> >> eg, { start, step, number }, { start, end, step }, { start, end, number >>}. >> >> The default step size will be 1, so { start, end } indicates a >>contiguous range. >> >> Finally, I've upped the step size from 8 bits to 16 bits to allow step >>sizes > 255. >> >> Any further feedback? >> >> Thanks, >> P. >> >> >> On 05/06/12 16:29, Paul Aitken wrote: >>> Dear IPFIX experts, >>> >>> As far as I know, IPFIX doesn't have a generic mechanism for reporting >>>ranges. >>> >>> I'm looking for a way to report bulk port allocation per section 5 of >>>http://tools.ietf.org/html/draft-ietf-behave-lsn-requirements-05. >>> >>> This method would be useful for reporting port ranges in >>>draft-tsou-behave-natx4-log-reduction-02 and >>>draft-bajko-pripaddrassign-04. >>> >>> So I propose to request three new IPFIX Information Elements: >>> >>> Port block start: 16 bits >>> Port block step size 8 bits >>> Number of ports in block 16 bits >>> >>> >>> However, there could be better ways to export a "range" which don't >>>require three new IEs each time. Do you forsee a need for a such a >>>mechanism? >>> >>> Shall I proceed with my request to IANA? If so, should I write a short >>>ID explaining how the three IEs should be used together? >>> >>> Thanks, >>> P. >>> >>> _______________________________________________ >>> IPFIX mailing list >>> IPFIX@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipfix >> >> _______________________________________________ >> IPFIX mailing list >> IPFIX@ietf.org >> https://www.ietf.org/mailman/listinfo/ipfix > >_______________________________________________ >IPFIX mailing list >IPFIX@ietf.org >https://www.ietf.org/mailman/listinfo/ipfix
- [IPFIX] exporting ranges in IPFIX Paul Aitken
- Re: [IPFIX] exporting ranges in IPFIX Andrew Feren
- Re: [IPFIX] exporting ranges in IPFIX Paul Aitken
- Re: [IPFIX] exporting ranges in IPFIX Paul Aitken
- Re: [IPFIX] exporting ranges in IPFIX Brian Trammell
- Re: [IPFIX] exporting ranges in IPFIX Senthil Sivakumar