1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

Slides:



Advertisements
Similar presentations
Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Advertisements

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv4 - The Internet Protocol Version 4
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
MOBILITY SUPPORT IN IPv6
K. Salah1 Security Protocols in the Internet IPSec.
Draft-novak-bmwg-ipflow-meth-05.txt IP Flow Information Accounting and Export Benchmarking Methodology
The OSI Reference Model Key concepts: Layers Communications between two adjacent layers Encapsulation Multiplexing and demultiplexing Tunneling.
1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Real Time Protocol (RTP) 김 준
1 PWE3 Architecture PWE3 IETF March 2003 Stewart Bryant.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
CS 4396 Computer Networks Lab
GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.
SIP working group IETF#70 Essential corrections Keith Drage.
Evaluation of NetFlow Version 9 Against IPFIX Requirements: changes from version 03 to 04 draft-claise-ipfix-eval-netflow-04.txt Benoit Claise, Cisco Systems.
1 PSAMP Protocol Specifications PSAMP IETF-59 March 2, 2004 Benoit Claise Juergen Quittek.
Net Flow Network Protocol Presented By : Arslan Qamar.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
Chapter 27 IPv6 Protocol.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.
THE CLASSIC INTERNET PROTOCOL (RFC 791) Dr. Rocky K. C. Chang 20 September
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
Generic UDP Encapsulation for IP Tunneling Lucy Yong July 2014 Toronto CA draft-ietf-tsvwg-gre-in-udp-02.
MPLS over L2TPv3 Encapsulation IETF VersionIHLTOSTotal length IdentificationFlagsFragment offset TTL Protocol ==
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
1 IPFIX Default Transport IPFIX IETF-58 November 10, 2003 Stewart Bryant Benoit Claise.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 PSAMP Protocol Specifications PSAMP IETF-58 November 11, 2003 Benoit Claise Juergen Quittek.
IPFIX MIB Status Managed Object for IP Flow Export A Status Report Thomas Dietz Atsushi Kobayashi
Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
IPFIX Protocol Draft Benoit Claise, Cisco Systems Mark Fullmer, OARnet Reinaldo Penno, Nortel Networks Paul Calato, Riverstone Networks.
K. Salah1 Security Protocols in the Internet IPSec.
IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.
1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:
Network Transport Circuit Breakers draft-ietf-tsvwg-circuit-breaker Most recent version -08 (uploaded for this meeting). Editor: Gorry Fairhurst.
H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the.
Transmission of IP Packets over IEEE 802
Chapter 3 TCP and IP Chapter 3 TCP and IP.
IPFIX Protocol Specifications IPFIX IETF-62 March 12th, Benoit Claise Stewart Bryant
IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt.
Managed Objects for Packet Sampling
PANA Issues and Resolutions
IETF#67 – 5-10 November 2006 FECFRAME requirements (draft-ietf-fecframe-req-01) Mark Watson.
IPSec IPSec is communication security provided at the network layer.
IPFIX Requirements: Document Changes from Version -07 to Version -09
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
IP - The Internet Protocol
Guide to TCP/IP Fourth Edition
Network Security (contd.)
UDP based Publication Channel for Streaming Telemetry
Robert Moskowitz, Verizon
IP - The Internet Protocol
IP - The Internet Protocol
PW Control Word Stitching
Presentation transcript:

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan

222 Changes from version 01 to 02 Time Synchronization Proposal Section 10 "Export Packet UNIX Secs Computation and Flow Records Times" Section 10.1 "microsecond precision" Section 10.2 "millisecond precision“ Section 10.3 "nanosecond precision" Section 10.4 "multiple precisions"

333 Changes from version 01 to 02 Linkage with Information Model A new section Defining the encoding rules: "Boolean“, "Byte“, "UnsignedByte“, "Short"... -> Needs to be completed "Reduced Size Encoding of Integral Types"

444 Changes from version 01 to 02 Security New section 15.1 "IPsec Profile" New section "Selectors" New section "Mode" New section "Key Management" New section "Security Policy" New section "Authentication" New section "Availability" New section 15.2 "Network Architecture" New section 15.3 "When IPsec is not an Option" New section 15.4 "Transport Issues" New section 15.5 "Logging an IPFIX Attack" Note: TLS has been added in version 03

555 Changes from version 01 to 02 Vendor Specific Information Element Section "IETF Exclusive Template FlowSet Format" FlowSet ID = 0 Section "IETF Exclusive Options Template FlowSet Format“ FlowSet ID = 1 Section "Vendor Specified Template FlowSet Format“ FlowSet ID = 2 Section "Vendor Specified Options Template FlowSet Format" FlowSet ID = 3

666 Changes from version 01 to 02 Metering Process Statistics Option Template New section 9.1 "Metering Process Statistics Option Template“ This is a proposal At minimum: ipfixOption, observationDomain, lostFlows, time Still under discussion on the mailing list

777 Changes from version 01 to 02 Editorial Changes New IPFIX Overview Section Length replaced the Count in the header. Example at the end of the draft is updated. Updated the Variable Length Data Type As a consequence, the new term "Information Element" exists in the terminology section Normative versus informative references Minor editorial changes

888 Changes from version 02 to 03 Terminology Terminology sections synchronized between [IPFIX-PROTO] and [IPFIX-ARCH] Actually the next version of [IPFIX-ARCH]

999 Changes from version 02 to 03 Transport Protocol(s) SCTP MUST be implemented by all compliant implementations. UDP and TCP is a MAY also be implemented by compliant implementations. SCTP SHOULD be used in deployments where exporters and collectors are communicating over links which are susceptible to congestion. TCP MAY be used in deployments where exporters and collectors communicate over links which are susceptible to congestion, but SCTP is preferred, due to its ability to limit back pressure on exporters (especially when using PR-SCTP) and its message vs. stream orientation. Other non-congestion aware protocols (like UDP) MAY be used in deployments where exporters and collectors always communicate over dedicated links which are not susceptible to congestion. Note: need some text for UDP and TCP

10 Changes from version 02 to 03 Flow Expiration Flow Expiration section is now synchronized with [IPFIX-ARCH]: 4.0 Criteria for flow expiration and Export 4.1 Flow Expiration 4.2 Flow Export

11 Changes from version 02 to 03 Editorial Changes Abstract modified Structure changed 9. Specific Reporting Requirements 9.1 The Metering Process Statistics Option Template Change the IPFIX Header "Unix Secs" to "Export Time" The Option Data Record Format can have multiple scopes: figure updated Minor editorial changes

12 Changes from version 02 to 03 List of Open Issues and Actions 30 of them identified Please provide feedback and text on the mailing list Let’s discuss some of them

13 Open Issues Exporter Time Accuracy? [IPFIX-REQ] The timestamp resolution MUST be at least the one of the sysUpTime [RFC3418], which is one centisecond. Meeting Minutes for IETF 58: The consensus was that a UTC-based seconds and microseconds, similar to Unix struct timeval, should be adopted. The IPFIX implementation may need to report its time resolution, which presumably would require new text in the protocol draft. What if the exporter can’t report timestamps with a microsecond time accuracy? But only centisecond? Must we find a way to report the time accuracy (resolution)? Or we don’t care?

14 Open Issues IP Encapsulated Packet IP Traffic Flow or Flow definition: A flow is defined as a set of IP packets passing an observation point in the network during a certain time interval. The initial question is: Should we add: “or encapsulated IP packets”? [IPFIX-REQ]: If the observation point is located at a device supporting Multiprotocol Label Switching (MPLS, see [RFC3031]) then the metering process MUST be able to separate flows by the MPLS label.

15 Open Issues IP Encapsulated Packet (part 2) What do we want to report? What do we want the flow key to be? Examples: -GRE -IP-in-IP -IPV6 tunnel (original packet IPV6/IPV4) -MPLS packets with IP(v4/v6) -MPLS packets with non-IP -We support MPLS or any other sub-IP as long as the original packet is IP? -One can define flow based on just MPLS labels? -Should we change the Flow definition? -Removed IP in the Flow definition? A flow is defined as a set of IP packets passing an observation point in the network during a certain time interval.

16 Open Issues Padding The Exporting Process SHOULD insert some padding bytes so that the subsequent FlowSet starts at a 4-byte aligned boundary. It is important to note that the Length field includes the padding bits. The Collector MUST accept padding in the Data FlowSet and Options Template FlowSet, which means for the Flow Data Records, the Options Data Records and the Template Records. Question: padding as a MAY, SHOULD or MUST? Proposal: padding a MAY

17 Feedback Any others to be discussed now? Thank you