Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET2 IPFIX Architecture push protocol: periodically IPFIX messages to configured receivers Transport protocols: SCTP (, UDP, TCP) 2 Exporter Collector IPFIX IP Traffic Router Metering Observation Point
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET3 IPFIX/PSAMP Measurement Model Observation Point Packet Capturing Flow Record Generation Flow Selection Flow Export Optional Functions Core Functions Aggregation Classification Timestamping IPFIX Packet Record Generation Packet Export PSAMP Packet Selection Snapsize Clock Signal Selection Rules Classification Rules Aggregation Rules Packet Processing Flow Information Packet Information
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET4 Data Representation Templates in the message stream describe the data sets Allows flexible and efficient (binary) representation of flows on the wire 4 message template A template B message data A1 data B1 data A2
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET5 Information Model The information model supports reporting a wide variety of information elements (IEs): – “Five-tuple” (IPv4, IPv6 header fields) and standard packet/byte counters – All ICMP, TCP, UDP header fields – Layer 2, VLAN, MPLS, and other sub-IP information – Timestamps down to nanosecond resolution – Packet treatment: e.g., routed next hop and AS – Detailed counters: e.g., sum of squares, flag counters New IEs registered with IANA Enterprise-specific IEs for private extensions New defined IEs – location / GPS information, QoS parameters, spectrum measurements, … 5
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET6 IPFIX Files (RFC5655) Goal: facilitate interoperability and reusability among a variety of flow storage, processing, and analysis tools An IPFIX file is any serialized stream of IPFIX Messages. – a “file transport” for IPFIX – binary flow data file format Meta data via Options Templates – Exporter certificate, time, etc. Several extensions – Error detection and recovery – Storage of NetFlow v9 data – Signing and encryption – Encapsulation of Non-IPFIX Data in IPFIX Files – Encapsulation of IPFIX Files within Other File Formats 6
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET7 IPFIX Status Core IPFIX protocol published as RFC in 2008 – RFC Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information – RFC Information Model for IP Flow Information Export Additional RFCs see Current ongoing work – Configuration, Anonymization, IPFIX mediator, … Several implementations exist Use in testbeds – OneLab uses IPFIX for flow and packet data export – Additonal: Reporting sampling rates and CPU utilization – NOVI considers IPFIX as exporting protocol – Integration with OMF planned 7
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET8 Thank You! Contact: