IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt.

Slides:

Advertisements

Similar presentations

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Advertisements

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net

VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Chapter 5 - Transport and Network Layers TCP/IP (Part 1) Dr. V.T. Raja Oregon State University Chapter Objectives: Understand primary functions of transport.

EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

Oct 19, 2004CS573: Network Protocols and Standards1 IP: Datagram and Addressing Network Protocols and Standards Autumn

Chapter 9 Classification And Forwarding. Outline.

CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

Draft-molina-flow-selection-00 Maurizio Molina,. 2 © NEC Europe Ltd., 2002 Network Laboratories, Heidelberg Motivation, Background (1/2) Flow selection.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

Access Control List (ACL)

Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang.

24/10/2015draft-novak-bmwg-ipflow-meth- 03.txt 1 IP Flow Information Accounting and Export Benchmarking Methodology

1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.

Layer 3: Internet Protocol.  Content IP Address within the IP Header. IP Address Classes. Subnetting and Creating a Subnet. Network Layer and Path Determination.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.

IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.

The Client-Server Model And the Socket API. Client-Server (1) The datagram service does not require cooperation between the peer applications but such.

Net Flow Network Protocol Presented By : Arslan Qamar.

63rd IETF - IPFIX WG dratf-stephan-isp-template-00.txt I nteroperability requirement for ISPs.

Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.

Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.

A RTCP-based Retransmission Protocol for Unicast RTP Streaming Multimedia draft-podolsky-avt-rtprx-00.txt Matthew Podolsky, Koichi Yano, and Steven McCanne.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

1 IPFIX Default Transport IPFIX IETF-58 November 10, 2003 Stewart Bryant Benoit Claise.

1 PSAMP Protocol Specifications PSAMP IETF-58 November 11, 2003 Benoit Claise Juergen Quittek.

PSAMP Information Model Status Information Model for Packet Sampling A Status Report Thomas Dietz Falko Dressler.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

IPFIX MIB Status Managed Object for IP Flow Export A Status Report Thomas Dietz Atsushi Kobayashi

1 Minneapolis‘ IETF IPFIX Aggregation draft-dressler-ipfix-aggregation-00.txt.

IPFIX Protocol Draft Benoit Claise, Cisco Systems Mark Fullmer, OARnet Reinaldo Penno, Nortel Networks Paul Calato, Riverstone Networks.

IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.

1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:

Flow sampling in IPFIX: Status and suggestion for its support Maurizio Molina,

Flow OAM Requirements Janardhanan Pathangi Balaji Venkat Venkataswami DELL Richard Groves – Microsoft Peter Hoose – Facebook

NetFlow Analyzer Best Practices, Tips, Tricks. Agenda Professional vs Enterprise Edition System Requirements Storage Settings Performance Tuning Configure.

IETF 64 PSAMP WG1 Path-coupled Meter Configuration Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen Quittek,

IP Flow Information eXport (IPFIX)

IPFIX Protocol Specifications IPFIX IETF-62 March 12th, Benoit Claise Stewart Bryant

Monitoring MIPv6 Traffic with IPFIX

IPv6 Flow Label Specification

RTP: A Transport Protocol for Real-Time Applications

TCP-in-UDP draft-welzl-irtf-iccrg-tcp-in-udp-00.txt

Signaling Compression for Push-to-talk over Cellular (PoC)

Multipath QUIC: Design and Evaluation

Internet Protocol: Connectionless Datagram Delivery

Zhenqiang Li Rong Gu China Mobile Jie Dong Huawei Technologies

NETCONF Configuration I/F Advertisement by WSDL and XSD

CS 1652 Jack Lange University of Pittsburgh

draft-levin-xcon-cccp-02.txt Orit Levin

UDP based Publication Channel for Streaming Telemetry

Bala’zs, Norm, Jouni DetNet WG London, 23rd March, 2018

Chapter 15. Internet Protocol

Export BGP community information in IPFIX draft-ietf-opsawg-ipfix-bgp-community-01.txt Zhenqiang Li Rong Gu China Mobile Jie Dong Huawei Technologies.

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt

Motivation Reduction of monitoring data Speed-up of flow accounting Bandwidth savings and performance savings at the collector Speed-up of flow accounting Reduction of concurrent active streams in a monitor Concentrating multiple IPFIX streams Definition of concentrator functionality Transport of information about the aggregation rules For improved processing of IPFIX data 63rd IETF Meeting, Paris, 2005

Architecture EP EP EP AP AP MP MP MP CP CP exported monitoring data (IPFIX Protocol) exported monitoring data (IPFIX Protocol) EP EP EP AP AP MP MP MP CP CP exported monitoring data (IPFIX Protocol) EP: Exporting Process AP: Aggregation Process MP: Metering Process 63rd IETF Meeting, Paris, 2005

Aggregation Rules Specify Comprise aggregation instructions containing which flow records to aggregate into a meta-flow record how the meta-flow record and the corresponding data template looks like Comprise aggregation instructions containing IPFIX field ID mandatory field for incoming records included in meta-flow record or data template depending on field modifier pattern (optional) restricts aggregated flow records to those that match this pattern field modifier (discard, keep, mask/n, or aggregate) specifies how this field is treated implicitly defines if the field appears in meta-flow or data template 63rd IETF Meeting, Paris, 2005

Field Modifiers Rule instruction Result Field modifier Pattern exist Field in meta-flow record contains Fixed-value field in Data Template contains discard no n/a yes pattern keep original value original value, if pattern is range of values mask/n IP network address 63rd IETF Meeting, Paris, 2005

Field Modifier – cont’d Special field modifier aggregate for counters, timestamps etc. Result depends on field: minimum in case of minimumPacketLength, minimumTtl, flowStartSeconds, flowStartMilliSeconds maximum in case of maximumPacketLenth, maximumTtl, flowEndSeconds, flowEndMilliSeconds binary OR (as suggested by IPFIX-INFO) in case of ipv6OptionHeaders, tcpControlBits sum in case of octetDeltaCount, packetDeltaCount 63rd IETF Meeting, Paris, 2005

Example Goal: Aggregation Rule: monitor flows to web servers (http/https) in 10.10.0.0/16 aggregate sources addresses into /24 network addresses Aggregation Rule: discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in 10.10.0.0/16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds 63rd IETF Meeting, Paris, 2005

Example – cont’d Data Template: 63rd IETF Meeting, Paris, 2005 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Template ID | Field Count = 6 | | Data Count = 2 | Preceding Rule | | Field 1 Type = sourceIpv4SourceNetwork | | Field 2 Type = destinationIpv4Address | | Field 3 Type = packetDeltaCount | | Field 4 Type = octetDeltaCount | | Field 5 Type = flowStartMilliSeconds | | Field 6 Type = flowEndMilliSecondsess | | Data 1 Type = destinationTransportPort | | Data 1 Value = 80,443 | | Data 2 Type = destinationIpv4Network | | Data 2 Value = 10.10.0.0/16 | 63rd IETF Meeting, Paris, 2005

Example – cont’d Incoming flows: Resulting meta-flow: pattern in data template Incoming flows: Resulting meta-flow: Prot Src Port Src Addr Dst Port Dst Addr # Pkt # Oct Start End TCP 64235 10.0.1.1 80 10.10.0.10 4 144 1055 1090 64236 3 56 1071 1103 6889 10.0.1.2 2 34 1083 1100 5555 10.0.2.1 6 155 1201 6666 10.10.0.11 77 1095 1199 discarded fixed-value in data template Src Net Dst Addr # Pkt # Oct Start End 10.0.1.0/24 10.10.0.10 9 234 1055 1103 10.0.2.0/24 6 155 1090 1201 10.10.0.11 3 77 1095 1199 63rd IETF Meeting, Paris, 2005

Cascading Aggregation Rules Goal: Allows other semantics than “match-any”, i.e. may be used to avoid that an incoming flow contributes to more than one meta-flow Cascading aggregation rules: Use preceding rule field in data template header Get incoming flow preceding rule Apply rule 1? no preceding rule Apply rule 2? no yes Aggregate … yes Aggregate 63rd IETF Meeting, Paris, 2005

Conclusions IPFIX Aggregation -00 received only positive feedback -01 has reached a good state Already two implementations supporting aggregation IBM Erlangen University / Tuebingen University Next steps To be continued as an individual I-D? To be added to the IPFIX charter? 63rd IETF Meeting, Paris, 2005