Internet Engineering Task Force (IETF) A. Yourtchenko Request for Comments: 7270 P. Aitken Category: Informational B. Claise ISSN: 2070-1721 Cisco Systems, Inc. June 2014
Cisco-Specific Information Elements Reused in IP Flow Information Export (IPFIX)
Abstract
This document describes some additional IP Flow Information Export (IPFIX) Information Elements in the range of 1-127, which is the range compatible with field types used by NetFlow version 9 in RFC 3954, as specified in the IPFIX Information Model in RFC 7012.
Status of This Memo
This document is not an Internet Standards Track specification; it is published for informational purposes.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7270.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Section 4 of [RFC7012] defines the IPFIX Information Elements (IEs) in the range of 1-127 to be compatible with the NetFlow version 9 fields, as specified in "Cisco Systems NetFlow Services Export Version 9" [RFC3954]. As [RFC3954] was published in 2004, it does not contain all NetFlow version 9 field types in the range of 1-127. The question was asked whether IPFIX Devices should exclusively report the IANA IPFIX IEs [IANA-IPFIX]. In other words, when upgrading from a NetFlow Metering Process to an IPFIX Metering Process, should the IPFIX Devices stop reporting IEs specific to NetFlow version 9 that were not registered in IANA [IANA-IPFIX]?
Yourtchenko, et al. Informational [Page 2]
RFC 7270 Cisco Information Elements June 2014
This document is intended to fill the gap in this IE range. It describes some additional IPFIX Information Elements in the range of 1-127, which is the range compatible with field types used by NetFlow version 9 in [RFC3954], as specified in the IPFIX Information Model [RFC7012]. With this, IPFIX implementations could export all the Information Elements specified in IANA [IANA-IPFIX], regardless of the range.
This document follows the rules in "Guidelines for Authors and Reviewers of IP Flow Export (IPFIX) Information Elements" [RFC7013]. This document does not extend [RFC3954]. The IPFIX Protocol [RFC7011] has its own Information Model ([RFC7012] and IANA [IANA-IPFIX]), which is extensible upon application to IANA, subject to expert review by IE-DOCTORS [RFC7013]. This document extends the IPFIX Information Model.
IPFIX-specific terminology used in this document is defined in Section 2 of [RFC7011]. As in [RFC7011], these IPFIX-specific terms have the first letter of a word capitalized when used in this document.
Description: Deprecated in favor of 305 samplingPacketInterval. When using sampled NetFlow, the rate at which packets are sampled -- e.g., a value of 100 indicates that one of every 100 packets is sampled.
The values are not compatible with the selectorAlgorithm IE, where "Deterministic" has been replaced by "Systematic count-based" (1) or "Systematic time-based" (2), and "Random" is (3). Conversion is required; see "Packet Sampling (PSAMP) Parameters" [IANA-PSAMP].
Description: Versatile Interface Processor (VIP) or line card slot number of the flow switching engine in a router/switch. Reserved for internal use on the Collector.
Description: This is a platform-specific field for the Catalyst 5000/Catalyst 6000 family. It is used to store the address of a router that is being shortcut when performing MultiLayer Switching.
Description: Deprecated in favor of 304 selectorAlgorithm. The values are not compatible: selectorAlgorithm=3 is random sampling. The type of algorithm used for sampling data: 1 - Deterministic, 2 - Random Sampling. Use with samplerRandomInterval.
Description: Deprecated in favor of 305 samplingPacketInterval. Packet interval at which to sample -- in case of random sampling. Used in connection with the samplerMode 0x02 (random sampling) value.
Description: This Information Element describes the forwarding status of the flow and any attached reasons. The reduced-size encoding rules as per [RFC7011] apply.
The basic encoding is 8 bits. The future extensions could add one or three bytes. The layout of the basic encoding is as follows:
Performance metrics will need a consolidation in the industry, based on [RFC6390]. Once this consolidation happens, via a separate document the IEs 65-69 will either be assigned in the IANA registry or their status will be deprecated.
This document specifies several new IPFIX Information Elements in IANA's "IPFIX Information Elements" registry [IANA-IPFIX] as summarized in Section 3 and detailed in Section 4 above. The following Information Elements have been assigned:
o IE Number 34 for the samplingInterval IE
o IE Number 35 for the samplingAlgorithm IE
o IE Number 38 for the engineType IE
o IE Number 39 for the engineId IE
o IE Number 43 for the ipv4RouterSc IE
o IE Number 48 for the samplerId IE
o IE Number 49 for the samplerMode IE
o IE Number 50 for the samplerRandomInterval IE
o IE Number 51 for the classId IE
o IE Number 84 for the samplerName IE
o IE Number 87 for the flagsAndSamplerId IE
o IE Number 89 for the forwardingStatus IE
o IE Number 92 for the srcTrafficIndex IE
o IE Number 93 for the dstTrafficIndex IE
o IE Number 100 for the className IE
o IE Number 102 for the layer2packetSectionOffset IE
o IE Number 103 for the layer2packetSectionSize IE
o IE Number 104 for the layer2packetSectionData IE
This document specifies the definitions of several Information Elements and does not alter the security considerations of the base protocol. Please refer to the security considerations sections of [RFC3954] and [RFC7012].
[RFC7011] Claise, B., Trammell, B., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, September 2013.
[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004.
[RFC6390] Clark, A. and B. Claise, "Guidelines for Considering New Performance Metric Development", BCP 170, RFC 6390, October 2011.
Yourtchenko, et al. Informational [Page 13]
RFC 7270 Cisco Information Elements June 2014
[RFC6759] Claise, B., Aitken, P., and N. Ben-Dvora, "Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX)", RFC 6759, November 2012.
[RFC7012] Claise, B. and B. Trammell, "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, September 2013.
[RFC7013] Trammell, B. and B. Claise, "Guidelines for Authors and Reviewers of IP Flow Information Export (IPFIX) Information Elements", BCP 184, RFC 7013, September 2013.
Yourtchenko, et al. Informational [Page 14]
RFC 7270 Cisco Information Elements June 2014
Appendix A. XML Specification of IPFIX Information Elements
<field name="samplingInterval" dataType="unsigned32" group="" dataTypeSemantics="quantity" elementId="34" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 305 samplingPacketInterval. When using sampled NetFlow, the rate at which packets are sampled -- e.g., a value of 100 indicates that one of every 100 packets is sampled. </paragraph> </description> </field> <field name="samplingAlgorithm" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="35" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 304 selectorAlgorithm. The type of algorithm used for sampled NetFlow: 1 - Deterministic Sampling, 2 - Random Sampling. The values are not compatible with the selectorAlgorithm IE, where "Deterministic" has been replaced by "Systematic count-based" (1) or "Systematic time-based" (2), and "Random" is (3). Conversion is required; see [IANA-PSAMP] PSAMP parameters. </paragraph> </description> </field> <field name="engineType" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="38" applicability="flow" status="deprecated"> <description> <paragraph> Type of flow switching engine in a router/switch: RP = 0, VIP/Line card = 1, PFC/DFC = 2. Reserved for internal use on the Collector. </paragraph>
Yourtchenko, et al. Informational [Page 15]
RFC 7270 Cisco Information Elements June 2014
</description> </field> <field name="engineId" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="39" applicability="flow" status="deprecated"> <description> <paragraph> Versatile Interface Processor (VIP) or line card slot number of the flow switching engine in a router/switch. Reserved for internal use on the Collector. </paragraph> </description> </field> <field name="ipv4RouterSc" dataType="ipv4Address" group="" dataTypeSemantics="default" elementId="43" applicability="flow" status="deprecated"> <description> <paragraph> This is a platform-specific field for the Catalyst 5000/Catalyst 6000 family. It is used to store the address of a router that is being shortcut when performing MultiLayer Switching. </paragraph> </description> <reference> http://www.cisco.com/en/US/products/hw/switches/ps700/ products_configuration_example09186a00800ab513.shtml describes MultiLayer Switching. </reference> </field> <field name="samplerId" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="48" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 302 selectorId. The unique identifier associated with samplerName. </paragraph> </description> </field> <field name="samplerMode" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="49" applicability="flow" status="deprecated"> <description> <paragraph>
Yourtchenko, et al. Informational [Page 16]
RFC 7270 Cisco Information Elements June 2014
Deprecated in favor of 304 selectorAlgorithm. The values are not compatible: selectorAlgorithm=3 is random sampling. The type of algorithm used for sampled NetFlow: 1 - Deterministic Sampling, 2 - Random Sampling. Use with samplerRandomInterval. </paragraph> </description> </field> <field name="samplerRandomInterval" dataType="unsigned32" group="" dataTypeSemantics="quantity" elementId="50" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 305 samplingPacketInterval. Packet interval at which to sample -- in case of random sampling. Used in connection with the samplerMode 0x02 (random sampling) value. </paragraph> </description> </field> <field name="classId" dataType="unsigned8" group="" dataTypeSemantics="identifier" elementId="51" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 302 selectorId. Characterizes the traffic class, i.e., QoS treatment. </paragraph> </description> </field> <field name="samplerName" dataType="string" group="" dataTypeSemantics="" elementId="84" applicability="flow" status="deprecated"> <description> <paragraph> Deprecated in favor of 335 selectorName. Name of the flow sampler. </paragraph> </description> </field> <field name="flagsAndSamplerId" dataType="unsigned32" group="" dataTypeSemantics="identifier" elementId="87" applicability="flow" status="deprecated"> <description> <paragraph> Flow flags and the value of the sampler ID (samplerId) combined
Yourtchenko, et al. Informational [Page 17]
RFC 7270 Cisco Information Elements June 2014
in one bitmapped field. Reserved for internal use on the Collector. </paragraph> </description> </field> <field name="forwardingStatus" dataType="unsigned32" group="" dataTypeSemantics="identifier" elementId="89" applicability="flow" status="current"> <description> <paragraph> This Information Element describes the forwarding status of the flow and any attached reasons. The reduced-size encoding rules as per [RFC7011] apply. </paragraph> <artwork> The basic encoding is 8 bits. The future extensions could add one or three bytes. The layout of the basic encoding is as follows: