[secdir] [New-work] WG Review: Recharter of IP Flow Information Export (ipfix)

IESG Secretary <iesg-secretary@ietf.org> Tue, 15 September 2009 18:00 UTC

Return-Path: <secdir-bounces@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB99A3A6A7E for <secdir@core3.amsl.com>; Tue, 15 Sep 2009 11:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.999
X-Spam-Level:
X-Spam-Status: No, score=-103.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FBnokfQ8ZCD for <secdir@core3.amsl.com>; Tue, 15 Sep 2009 11:00:27 -0700 (PDT)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by core3.amsl.com (Postfix) with ESMTP id 9AF2D28C15A for <secdir@ietf.org>; Tue, 15 Sep 2009 11:00:25 -0700 (PDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n8FI1ARr008169 for <secdir@ietf.org>; Tue, 15 Sep 2009 14:01:10 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n8FI18j1008163 for <secdir@PCH.mit.edu>; Tue, 15 Sep 2009 14:01:08 -0400
Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id n8FI0uTC015766 for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:57 -0400 (EDT)
Received: from mail.ietf.org (localhost [127.0.0.1]) by mit.edu (Spam Firewall) with ESMTP id 087C41F3C9AA for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:55 -0400 (EDT)
Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by mit.edu with ESMTP id GEfFVXtAUBXQYK5H for <secdir@mit.edu>; Tue, 15 Sep 2009 14:00:55 -0400 (EDT)
Received-SPF: pass (mit.edu: domain of new-work-bounces@ietf.org designates 64.170.98.32 as permitted sender) receiver=mit.edu; client_ip=64.170.98.32; envelope-from=new-work-bounces@ietf.org;
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 740A828C19C; Tue, 15 Sep 2009 11:00:05 -0700 (PDT)
X-Original-To: new-work@ietf.org
Delivered-To: new-work@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 88FD928C172; Tue, 15 Sep 2009 11:00:01 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
Mime-Version: 1.0
Message-Id: <20090915180001.88FD928C172@core3.amsl.com>
Date: Tue, 15 Sep 2009 11:00:01 -0700 (PDT)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: secdir@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: secdir-bounces@mit.edu
Errors-To: secdir-bounces@mit.edu
X-Mailman-Approved-At: Tue, 15 Sep 2009 11:01:30 -0700
Subject: [secdir] [New-work] WG Review: Recharter of IP Flow Information Export (ipfix)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2009 18:00:29 -0000

A modified charter has been submitted for the IP Flow Information Export
(ipfix) working group in the Operations and Management Area of the IETF. 
The IESG has not made any determination as yet.  The modified charter is
provided below for informational purposes only.  Please send your comments
to the IESG mailing list (iesg@ietf.org) by Tuesday, September 22, 2009

IP Flow Information Export (ipfix)
--------------------------------------------
Current Status: Active Working Group

Last Modified: 2009-09-01

Chair(s):

* Nevil Brownlee (n.brownlee@auckland.ac.nz)
* Juergen Quittek (quittek@netlab.nec.de)

Operations and Management Area Director(s):

* Dan Romascanu (dromasca@avaya.com)
* Ronald Bonica (rbonica@juniper.net)

Operations and Management Area Advisor:

* Dan Romascanu (dromasca@avaya.com)

Mailing Lists:
General Discussion: ipfix@ietf.org
To Subscribe: http://www.ietf.org/mailman/listinfo/ipfix
Archive: http://www.ietf.org/mail-archive/web/ipfix

Description of Working Group:

The IPFIX working group has specified the Information Model (to 
describe IP flows) and the IPFIX protocol (to transfer IP flow data 
from IPFIX exporters to collectors). Several implementers have already 
built applications using the IPFIX protocol. As a result of a series of 
IPFIX interoperability testing events the WG has produced guidelines 
for IPFIX implementation and testing as well as recommendations for 
handling special cases such as bidirectional flow reporting and 
reducing redundancy in flow records.

Practical experiences with IPFIX implementations exposed new
requirements for the IPFIX protocol that so far have not been addressed
by the WG. The major current goal of the WG is developing solutions 
that meet the new requirements without modifying the core IPFIX 
protocol specifications.

1. The IPFIX WG has developed a MIB module for monitoring IPFIX
implementations. Means for configuring these devices have not been
standardized yet. The WG will develop an XML-based configuration data
model that can be used for configuring IPFIX devices and for storing,
modifying and managing IPFIX configurations parameter sets. This work
will be performed in close collaboration with the NETCONF WG.

2. First applications of IPFIX at large operator networks showed the
need for mediation of flow information, for example, for aggregating
huge amounts of flow data and for anomymization of flow information.
The IPFIX WG will investigate this issue and produce a problem 
Statement and a framework for IPFIX flow mediation.

3. The PSAMP WG has developed a protocol for reporting observed 
packets. The PSAMP protocol is an extension of the IPFIX protocol. The 
IPFIX WG will develop a MIB module for monitoring PSAMP 
implementations. The new MIB module will be an extension of the IPFIX 
MIB module.

4. Anonymization of flow information has been identified as a
requirement for flow information export already in RFC 3917. However,
technologies for flow anonymization are still a research issue and have
so far not been considered to be mature enough for standardization.
As one step in this direction, the IPFIX WG will develop guidelines for
the implementation of anonymized data export and storage over IPFIX and
define an information model for configuring and reporting anonymization
applied at IPFIX devices.

5. The IPFIX and PSAMP WGs have defined standards for selecting 
observed IP packets and collecting information in flow records.
In order to reduce the amount of data to be processed, packet selection
methods have been defined. Another method for reducing flow data is 
flow selection. The IPFIX WG will define methods for flow selection and
provide an information model for configuring and reporting flow
selection applied at IPFIX devices.

6. Being designed for the export of flow records the IPFIX protocol
provides very limited means for structuring information elements within
IPFIX records. With the increasing number of IPFIX applications there 
is a need for exporting more complex information. The IPFIX WG will 
develop an extension of the IPFIX protocol that supports hierarchically
structured data and lists (sequences) of Information Elements in data
records.

Goals and Milestones:

Oct 2009 Submit Mediation Problem Statement I-D to IESG
for publication as Informational RFC
Oct 2009 Submit initial draft on anonymization support
Oct 2009 Submit initial draft on flow selection
Oct 2009 Submit initial draft on structuring information elements
Jan 2010 Submit Configuration Data Model draft to IESG
for publication as Standards track RFC
Jan 2010 Submit Mediation Framework I-D to IESG
for publication as Informational RFC
Jan 2010 Submit final version of PSAMP MIB module
Jun 2010 Submit anonymization support I-D to IESG
for publication as Experimental RFC
Jun 2010 Submit flow selection I-D to IESG
for publication as Standards Track RFC
Jun 2010 Submit structuring information elements I-D to IESG
for publication as Standards Track RFC
_______________________________________________
New-work mailing list
New-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work
_______________________________________________
secdir mailing list
secdir@mit.edu
https://mailman.mit.edu/mailman/listinfo/secdir