RFC 7270






Internet Engineering Task Force (IETF)                    A. Yourtchenko
Request for Comments: 7270                                     P. Aitken
Category: Informational                                        B. Claise
ISSN: 2070-1721                                      Cisco Systems, Inc.
                                                               June 2014


                  Cisco-Specific Information Elements
              Reused in IP Flow Information Export (IPFIX)

Abstract



   This document describes some additional IP Flow Information Export
   (IPFIX) Information Elements in the range of 1-127, which is the
   range compatible with field types used by NetFlow version 9 in RFC
   3954, as specified in the IPFIX Information Model in RFC 7012.

Status of This Memo



   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7270.

Copyright Notice



   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Yourtchenko, et al.           Informational                     [Page 1]

RFC 7270               Cisco Information Elements              June 2014


Table of Contents



   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Information Elements Overview . . . . . . . . . . . . . . . .   3
   4.  Information Elements  . . . . . . . . . . . . . . . . . . . .   4
     4.1.  samplingInterval  . . . . . . . . . . . . . . . . . . . .   4
     4.2.  samplingAlgorithm . . . . . . . . . . . . . . . . . . . .   4
     4.3.  engineType  . . . . . . . . . . . . . . . . . . . . . . .   5
     4.4.  engineId  . . . . . . . . . . . . . . . . . . . . . . . .   5
     4.5.  ipv4RouterSc  . . . . . . . . . . . . . . . . . . . . . .   5
     4.6.  samplerId . . . . . . . . . . . . . . . . . . . . . . . .   6
     4.7.  samplerMode . . . . . . . . . . . . . . . . . . . . . . .   6
     4.8.  samplerRandomInterval . . . . . . . . . . . . . . . . . .   6
     4.9.  classId . . . . . . . . . . . . . . . . . . . . . . . . .   7
     4.10. samplerName . . . . . . . . . . . . . . . . . . . . . . .   7
     4.11. flagsAndSamplerId . . . . . . . . . . . . . . . . . . . .   7
     4.12. forwardingStatus  . . . . . . . . . . . . . . . . . . . .   8
     4.13. srcTrafficIndex . . . . . . . . . . . . . . . . . . . . .   9
     4.14. dstTrafficIndex . . . . . . . . . . . . . . . . . . . . .  10
     4.15. className . . . . . . . . . . . . . . . . . . . . . . . .  10
     4.16. layer2packetSectionOffset . . . . . . . . . . . . . . . .  10
     4.17. layer2packetSectionSize . . . . . . . . . . . . . . . . .  10
     4.18. layer2packetSectionData . . . . . . . . . . . . . . . . .  11
   5.  Other Information Elements  . . . . . . . . . . . . . . . . .  11
     5.1.  Performance Metrics IEs . . . . . . . . . . . . . . . . .  11
     5.2.  Application Information IEs . . . . . . . . . . . . . . .  11
     5.3.  IEs Assigned for NetFlow v9 Compatibility . . . . . . . .  11
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  13
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  13
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  13
   Appendix A.  XML Specification of IPFIX Information Elements  . .  15

1.  Introduction



   Section 4 of [RFC7012] defines the IPFIX Information Elements (IEs)
   in the range of 1-127 to be compatible with the NetFlow version 9
   fields, as specified in "Cisco Systems NetFlow Services Export
   Version 9" [RFC3954].  As [RFC3954] was published in 2004, it does
   not contain all NetFlow version 9 field types in the range of 1-127.
   The question was asked whether IPFIX Devices should exclusively
   report the IANA IPFIX IEs [IANA-IPFIX].  In other words, when
   upgrading from a NetFlow Metering Process to an IPFIX Metering
   Process, should the IPFIX Devices stop reporting IEs specific to
   NetFlow version 9 that were not registered in IANA [IANA-IPFIX]?




Yourtchenko, et al.           Informational                     [Page 2]

RFC 7270               Cisco Information Elements              June 2014


   This document is intended to fill the gap in this IE range.  It
   describes some additional IPFIX Information Elements in the range of
   1-127, which is the range compatible with field types used by NetFlow
   version 9 in [RFC3954], as specified in the IPFIX Information Model
   [RFC7012].  With this, IPFIX implementations could export all the
   Information Elements specified in IANA [IANA-IPFIX], regardless of
   the range.

   This document follows the rules in "Guidelines for Authors and
   Reviewers of IP Flow Export (IPFIX) Information Elements" [RFC7013].
   This document does not extend [RFC3954].  The IPFIX Protocol
   [RFC7011] has its own Information Model ([RFC7012] and IANA
   [IANA-IPFIX]), which is extensible upon application to IANA, subject
   to expert review by IE-DOCTORS [RFC7013].  This document extends the
   IPFIX Information Model.

2.  Terminology



   IPFIX-specific terminology used in this document is defined in
   Section 2 of [RFC7011].  As in [RFC7011], these IPFIX-specific terms
   have the first letter of a word capitalized when used in this
   document.

3.  Information Elements Overview



   The following Information Elements are discussed in the sections
   below:

     +----+-----------------------+-----+---------------------------+
     | ID | Name                  |  ID | Name                      |
     +----+-----------------------+-----+---------------------------+
     | 34 | samplingInterval      |  84 | samplerName               |
     | 35 | samplingAlgorithm     |  87 | flagsAndSamplerId         |
     | 38 | engineType            |  89 | forwardingStatus          |
     | 39 | engineId              |  92 | srcTrafficIndex           |
     | 43 | ipv4RouterSc          |  93 | dstTrafficIndex           |
     | 48 | samplerId             | 100 | className                 |
     | 49 | samplerMode           | 102 | layer2packetSectionOffset |
     | 50 | samplerRandomInterval | 103 | layer2packetSectionSize   |
     | 51 | classId               | 104 | layer2packetSectionData   |
     +----+-----------------------+-----+---------------------------+

                                  Table 1








Yourtchenko, et al.           Informational                     [Page 3]

RFC 7270               Cisco Information Elements              June 2014


4.  Information Elements



4.1.  samplingInterval



   Description:
      Deprecated in favor of 305 samplingPacketInterval.  When using
      sampled NetFlow, the rate at which packets are sampled -- e.g., a
      value of 100 indicates that one of every 100 packets is sampled.

   Abstract Data Type:  unsigned32

   ElementId:  34

   Semantics:  quantity

   Status:  deprecated

   Units:  packets

4.2.  samplingAlgorithm



   Description:
      Deprecated in favor of 304 selectorAlgorithm.  The type of
      algorithm used for sampled NetFlow:

         1 - Deterministic Sampling,

         2 - Random Sampling.

      The values are not compatible with the selectorAlgorithm IE, where
      "Deterministic" has been replaced by "Systematic count-based" (1)
      or "Systematic time-based" (2), and "Random" is (3).  Conversion
      is required; see "Packet Sampling (PSAMP) Parameters"
      [IANA-PSAMP].

   Abstract Data Type:  unsigned8

   ElementId:  35

   Semantics:  identifier

   Status:  deprecated









Yourtchenko, et al.           Informational                     [Page 4]

RFC 7270               Cisco Information Elements              June 2014


4.3.  engineType



   Description:
      Type of flow switching engine in a router/switch:

         RP = 0,

         VIP/Line card = 1,

         PFC/DFC = 2.

      Reserved for internal use on the Collector.

   Abstract Data Type:  unsigned8

   ElementId:  38

   Semantics:  identifier

   Status:  deprecated

4.4.  engineId



   Description:
      Versatile Interface Processor (VIP) or line card slot number of
      the flow switching engine in a router/switch.  Reserved for
      internal use on the Collector.

   Abstract Data Type:  unsigned8

   ElementId:  39

   Semantics:  identifier

   Status:  deprecated

4.5.  ipv4RouterSc



   Description:
      This is a platform-specific field for the Catalyst 5000/Catalyst
      6000 family.  It is used to store the address of a router that is
      being shortcut when performing MultiLayer Switching.

   Abstract Data Type:  ipv4Address

   ElementId:  43

   Semantics:  default



Yourtchenko, et al.           Informational                     [Page 5]

RFC 7270               Cisco Information Elements              June 2014


   Status:  deprecated

   Reference:
      [CCO-MLS] describes MultiLayer Switching.

4.6.  samplerId



   Description:
      Deprecated in favor of 302 selectorId.  The unique identifier
      associated with samplerName.

   Abstract Data Type:  unsigned8

   ElementId:  48

   Semantics:  identifier

   Status:  deprecated

4.7.  samplerMode



   Description:
      Deprecated in favor of 304 selectorAlgorithm.  The values are not
      compatible: selectorAlgorithm=3 is random sampling.  The type of
      algorithm used for sampling data: 1 - Deterministic, 2 - Random
      Sampling.  Use with samplerRandomInterval.

   Abstract Data Type:  unsigned8

   ElementId:  49

   Semantics:  identifier

   Status:  deprecated

4.8.  samplerRandomInterval



   Description:
      Deprecated in favor of 305 samplingPacketInterval.  Packet
      interval at which to sample -- in case of random sampling.  Used
      in connection with the samplerMode 0x02 (random sampling) value.

   Abstract Data Type:  unsigned32

   ElementId:  50






Yourtchenko, et al.           Informational                     [Page 6]

RFC 7270               Cisco Information Elements              June 2014


   Semantics:  quantity

   Status:  deprecated

4.9.  classId



   Description:
      Deprecated in favor of 302 selectorId.  Characterizes the traffic
      class, i.e., QoS treatment.

   Abstract Data Type:  unsigned8

   ElementId:  51

   Semantics:  identifier

   Status:  deprecated

4.10.  samplerName



   Description:
      Deprecated in favor of 335 selectorName.  Name of the flow
      sampler.

   Abstract Data Type:  string

   ElementId:  84

   Status:  deprecated

4.11.  flagsAndSamplerId



   Description:
      Flow flags and the value of the sampler ID (samplerId) combined in
      one bitmapped field.  Reserved for internal use on the Collector.

   Abstract Data Type:  unsigned32

   ElementId:  87

   Semantics:  identifier

   Status:  deprecated








Yourtchenko, et al.           Informational                     [Page 7]

RFC 7270               Cisco Information Elements              June 2014


4.12.  forwardingStatus



   Description:
      This Information Element describes the forwarding status of the
      flow and any attached reasons.  The reduced-size encoding rules as
      per [RFC7011] apply.

      The basic encoding is 8 bits.  The future extensions
      could add one or three bytes.  The layout of the basic
      encoding is as follows:

         MSB -   0   1   2   3   4   5   6   7   - LSB
               +---+---+---+---+---+---+---+---+
               | Status|  Reason code or flags |
               +---+---+---+---+---+---+---+---+

      Status:

      00b = Unknown
      01b = Forwarded
      10b = Dropped
      11b = Consumed

      Reason Code (status = 01b, Forwarded)

      01 000000b = 64 = Unknown
      01 000001b = 65 = Fragmented
      01 000010b = 66 = Not Fragmented



      Reason Code (status = 10b, Dropped)

      10 000000b = 128 = Unknown
      10 000001b = 129 = ACL deny
      10 000010b = 130 = ACL drop
      10 000011b = 131 = Unroutable
      10 000100b = 132 = Adjacency
      10 000101b = 133 = Fragmentation and DF set
      10 000110b = 134 = Bad header checksum
      10 000111b = 135 = Bad total Length
      10 001000b = 136 = Bad header length
      10 001001b = 137 = bad TTL
      10 001010b = 138 = Policer
      10 001011b = 139 = WRED
      10 001100b = 140 = RPF
      10 001101b = 141 = For us
      10 001110b = 142 = Bad output interface
      10 001111b = 143 = Hardware




Yourtchenko, et al.           Informational                     [Page 8]

RFC 7270               Cisco Information Elements              June 2014


      Reason Code (status = 11b, Consumed)

      11 000000b = 192 = Unknown
      11 000001b = 193 = Punt Adjacency
      11 000010b = 194 = Incomplete Adjacency
      11 000011b = 195 = For us



      Examples:

        value : 0x40 = 64
        binary: 01000000
        decode: 01        -> Forward
                  000000  -> No further information

        value : 0x89 = 137
        binary: 10001001
        decode: 10        -> Drop
                  001001  -> Fragmentation and DF set

   Abstract Data Type:  unsigned32

   ElementId:  89

   Semantics:  identifier

   Status:  current

   Reference:
      See "NetFlow Version 9 Flow-Record Format" [CCO-NF9FMT].

4.13.  srcTrafficIndex



   Description:
      BGP Policy Accounting Source Traffic Index.

   Abstract Data Type:  unsigned32

   ElementId:  92

   Semantics:  identifier

   Status:  current

   Reference:
      BGP policy accounting as described in [CCO-BGPPOL].






Yourtchenko, et al.           Informational                     [Page 9]

RFC 7270               Cisco Information Elements              June 2014


4.14.  dstTrafficIndex



   Description:
      BGP Policy Accounting Destination Traffic Index.

   Abstract Data Type:  unsigned32

   ElementId:  93

   Semantics:  identifier

   Status:  current

   Reference:
      BGP policy accounting as described in [CCO-BGPPOL].

4.15.  className



   Description:
      Deprecated in favor of 335 selectorName.  Traffic Class Name,
      associated with the classId Information Element.

   Abstract Data Type:  string

   ElementId:  100

   Status:  deprecated

4.16.  layer2packetSectionOffset



   Description:
      Deprecated in favor of 409 sectionOffset.  Layer 2 packet section
      offset.  Potentially a generic packet section offset.

   Abstract Data Type:  unsigned16

   ElementId:  102

   Semantics:  quantity

   Status:  deprecated

4.17.  layer2packetSectionSize



   Description:
      Deprecated in favor of 312 dataLinkFrameSize.  Layer 2 packet
      section size.  Potentially a generic packet section size.




Yourtchenko, et al.           Informational                    [Page 10]

RFC 7270               Cisco Information Elements              June 2014


   Abstract Data Type:  unsigned16

   ElementId:  103

   Semantics:  quantity

   Status:  deprecated

4.18.  layer2packetSectionData



   Description:
      Deprecated in favor of 315 dataLinkFrameSection.  Layer 2 packet
      section data.

   Abstract Data Type:  octetArray

   ElementId:  104

   Status:  deprecated

5.  Other Information Elements



5.1.  Performance Metrics IEs



   ElementId: 65 .. 69

   Performance metrics will need a consolidation in the industry, based
   on [RFC6390].  Once this consolidation happens, via a separate
   document the IEs 65-69 will either be assigned in the IANA registry
   or their status will be deprecated.

5.2.  Application Information IEs



   ElementId: 94 .. 96

   ElementId: 101

   Please refer to [RFC6759].

5.3.  IEs Assigned for NetFlow v9 Compatibility



   ElementId: 105..127

   These element IDs are not covered by this document and are left "as
   is", i.e., for NetFlow v9 compatibility.






Yourtchenko, et al.           Informational                    [Page 11]

RFC 7270               Cisco Information Elements              June 2014


6.  IANA Considerations



   This document specifies several new IPFIX Information Elements in
   IANA's "IPFIX Information Elements" registry [IANA-IPFIX] as
   summarized in Section 3 and detailed in Section 4 above.  The
   following Information Elements have been assigned:

   o  IE Number 34 for the samplingInterval IE

   o  IE Number 35 for the samplingAlgorithm IE

   o  IE Number 38 for the engineType IE

   o  IE Number 39 for the engineId IE

   o  IE Number 43 for the ipv4RouterSc IE

   o  IE Number 48 for the samplerId IE

   o  IE Number 49 for the samplerMode IE

   o  IE Number 50 for the samplerRandomInterval IE

   o  IE Number 51 for the classId IE

   o  IE Number 84 for the samplerName IE

   o  IE Number 87 for the flagsAndSamplerId IE

   o  IE Number 89 for the forwardingStatus IE

   o  IE Number 92 for the srcTrafficIndex IE

   o  IE Number 93 for the dstTrafficIndex IE

   o  IE Number 100 for the className IE

   o  IE Number 102 for the layer2packetSectionOffset IE

   o  IE Number 103 for the layer2packetSectionSize IE

   o  IE Number 104 for the layer2packetSectionData IE









Yourtchenko, et al.           Informational                    [Page 12]

RFC 7270               Cisco Information Elements              June 2014


7.  Security Considerations



   This document specifies the definitions of several Information
   Elements and does not alter the security considerations of the base
   protocol.  Please refer to the security considerations sections of
   [RFC3954] and [RFC7012].

8.  References



8.1.  Normative References



   [RFC7011]  Claise, B., Trammell, B., and P. Aitken, "Specification of
              the IP Flow Information Export (IPFIX) Protocol for the
              Exchange of Flow Information", STD 77, RFC 7011, September
              2013.

8.2.  Informative References



   [CCO-BGPPOL]
              Cisco, "BGP Policy Accounting and BGP Policy Accounting
              Output Interface Accounting Features", December 2005,
              <http://www.cisco.com/en/US/tech/tk365/
              technologies_tech_note09186a0080094e88.shtml>.

   [CCO-MLS]  Cisco, "IP MultiLayer Switching Sample Configuration",
              November 2007,
              <http://www.cisco.com/en/US/products/hw/switches/ps700/
              products_configuration_example09186a00800ab513.shtml>.

   [CCO-NF9FMT]
              Cisco, "NetFlow Version 9 Flow-Record Format", May 2011,
              <http://www.cisco.com/en/US/technologies/tk648/tk362/
              technologies_white_paper09186a00800a3db9.html>.

   [IANA-IPFIX]
              IANA, "IP Flow Information Export (IPFIX) Entities",
              <http://www.iana.org/assignments/ipfix/>.

   [IANA-PSAMP]
              IANA, "Packet Sampling (PSAMP) Parameters",
              <http://www.iana.org/assignments/psamp-parameters/>.

   [RFC3954]  Claise, B., "Cisco Systems NetFlow Services Export Version
              9", RFC 3954, October 2004.

   [RFC6390]  Clark, A. and B. Claise, "Guidelines for Considering New
              Performance Metric Development", BCP 170, RFC 6390,
              October 2011.



Yourtchenko, et al.           Informational                    [Page 13]

RFC 7270               Cisco Information Elements              June 2014


   [RFC6759]  Claise, B., Aitken, P., and N. Ben-Dvora, "Cisco Systems
              Export of Application Information in IP Flow Information
              Export (IPFIX)", RFC 6759, November 2012.

   [RFC7012]  Claise, B. and B. Trammell, "Information Model for IP Flow
              Information Export (IPFIX)", RFC 7012, September 2013.

   [RFC7013]  Trammell, B. and B. Claise, "Guidelines for Authors and
              Reviewers of IP Flow Information Export (IPFIX)
              Information Elements", BCP 184, RFC 7013, September 2013.









































Yourtchenko, et al.           Informational                    [Page 14]

RFC 7270               Cisco Information Elements              June 2014


Appendix A.  XML Specification of IPFIX Information Elements



   <?xml version="1.0" encoding="UTF-8"?>

   <fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
                 ipfix-info.xsd">

     <field name="samplingInterval" dataType="unsigned32"
              group=""
              dataTypeSemantics="quantity"
              elementId="34" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 305 samplingPacketInterval.  When using
        sampled NetFlow, the rate at which packets are sampled --
        e.g., a value of 100 indicates that one of every 100 packets
        is sampled.
        </paragraph>
       </description>
     </field>
     <field name="samplingAlgorithm" dataType="unsigned8"
              group=""
              dataTypeSemantics="identifier"
              elementId="35" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 304 selectorAlgorithm.  The type of
        algorithm used for sampled NetFlow: 1 - Deterministic Sampling,
        2 - Random Sampling.  The values are not compatible with the
        selectorAlgorithm IE, where "Deterministic" has been replaced
        by "Systematic count-based" (1) or "Systematic time-based" (2),
        and "Random" is (3).  Conversion is required; see
        [IANA-PSAMP] PSAMP parameters.
        </paragraph>
       </description>
     </field>
     <field name="engineType" dataType="unsigned8"
              group=""
              dataTypeSemantics="identifier"
              elementId="38" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Type of flow switching engine in a router/switch: RP = 0,
        VIP/Line card = 1, PFC/DFC = 2.  Reserved for internal use on
        the Collector.
        </paragraph>



Yourtchenko, et al.           Informational                    [Page 15]

RFC 7270               Cisco Information Elements              June 2014


       </description>
     </field>
     <field name="engineId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="39" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Versatile Interface Processor (VIP) or line card slot number of
        the flow switching engine in a router/switch.  Reserved for
        internal use on the Collector.
        </paragraph>
       </description>
     </field>
     <field name="ipv4RouterSc" dataType="ipv4Address"
             group=""
             dataTypeSemantics="default"
             elementId="43" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        This is a platform-specific field for the Catalyst 5000/Catalyst
        6000 family.  It is used to store the address of a router that
        is being shortcut when performing MultiLayer Switching.
        </paragraph>
       </description>
       <reference>
        http://www.cisco.com/en/US/products/hw/switches/ps700/
        products_configuration_example09186a00800ab513.shtml
        describes MultiLayer Switching.
       </reference>
     </field>
     <field name="samplerId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="48" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 302 selectorId.  The unique identifier
        associated with samplerName.
        </paragraph>
       </description>
     </field>
     <field name="samplerMode" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="49" applicability="flow" status="deprecated">
       <description>
        <paragraph>



Yourtchenko, et al.           Informational                    [Page 16]

RFC 7270               Cisco Information Elements              June 2014


        Deprecated in favor of 304 selectorAlgorithm.  The values are
        not compatible: selectorAlgorithm=3 is random sampling.  The
        type of algorithm used for sampled NetFlow: 1 - Deterministic
        Sampling, 2 - Random Sampling.  Use with samplerRandomInterval.
        </paragraph>
       </description>
     </field>
     <field name="samplerRandomInterval" dataType="unsigned32"
             group=""
             dataTypeSemantics="quantity"
             elementId="50" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 305 samplingPacketInterval.  Packet
        interval at which to sample -- in case of random sampling.  Used
        in connection with the samplerMode 0x02 (random sampling) value.
        </paragraph>
       </description>
     </field>
     <field name="classId" dataType="unsigned8"
             group=""
             dataTypeSemantics="identifier"
             elementId="51" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 302 selectorId.  Characterizes the
        traffic class, i.e., QoS treatment.
        </paragraph>
       </description>
     </field>
     <field name="samplerName" dataType="string"
             group=""
             dataTypeSemantics=""
             elementId="84" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 335 selectorName.  Name of the flow
        sampler.
        </paragraph>
       </description>
     </field>
     <field name="flagsAndSamplerId" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="87" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Flow flags and the value of the sampler ID (samplerId) combined



Yourtchenko, et al.           Informational                    [Page 17]

RFC 7270               Cisco Information Elements              June 2014


        in one bitmapped field.  Reserved for internal use on the
        Collector.
        </paragraph>
       </description>
     </field>
     <field name="forwardingStatus" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="89" applicability="flow" status="current">
       <description>
        <paragraph>
        This Information Element describes the forwarding status of the
        flow and any attached reasons.  The reduced-size encoding rules
        as per [RFC7011] apply.
        </paragraph>
        <artwork>
           The basic encoding is 8 bits.  The future extensions
           could add one or three bytes.  The layout of the basic
           encoding is as follows:

             MSB -   0   1   2   3   4   5   6   7   - LSB
                 +---+---+---+---+---+---+---+---+
                 | Status|  Reason code or flags |
                 +---+---+---+---+---+---+---+---+
           Status:

           00b = Unknown
           01b = Forwarded
           10b = Dropped
           11b = Consumed

           Reason Code (status = 01b, Forwarded)

           01 000000b = 64 = Unknown
           01 000001b = 65 = Fragmented
           01 000010b = 66 = Not Fragmented

           Reason Code (status = 10b, Dropped)

           10 000000b = 128 = Unknown
           10 000001b = 129 = ACL deny
           10 000010b = 130 = ACL drop
           10 000011b = 131 = Unroutable
           10 000100b = 132 = Adjacency
           10 000101b = 133 = Fragmentation and DF set
           10 000110b = 134 = Bad header checksum
           10 000111b = 135 = Bad total Length
           10 001000b = 136 = Bad header length



Yourtchenko, et al.           Informational                    [Page 18]

RFC 7270               Cisco Information Elements              June 2014


           10 001001b = 137 = bad TTL
           10 001010b = 138 = Policer
           10 001011b = 139 = WRED
           10 001100b = 140 = RPF
           10 001101b = 141 = For us
           10 001110b = 142 = Bad output interface
           10 001111b = 143 = Hardware

           Reason Code (status = 11b, Consumed)

           11 000000b = 192 = Unknown
           11 000001b = 193 = Punt Adjacency
           11 000010b = 194 = Incomplete Adjacency
           11 000011b = 195 = For us

           Examples:

             value : 0x40 = 64
             binary: 01000000
             decode: 01     -> Forward
                   000000  -> No further information

             value : 0x89 = 137
             binary: 10001001
             decode: 10     -> Drop
                   001001  -> Fragmentation and DF set
        </artwork>
       </description>
       <reference>
        See http://www.cisco.com/en/US/technologies/tk648/tk362/
        technologies_white_paper09186a00800a3db9.html -
        NetFlow Version 9 Flow-Record Format.
       </reference>
     </field>
     <field name="srcTrafficIndex" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="92" applicability="flow" status="current">
       <description>
        <paragraph>
        BGP Policy Accounting Source Traffic Index.
        </paragraph>
       </description>
       <reference>
        BGP policy accounting as described in
        http://www.cisco.com/en/US/tech/tk365/
        technologies_tech_note09186a0080094e88.shtml
       </reference>



Yourtchenko, et al.           Informational                    [Page 19]

RFC 7270               Cisco Information Elements              June 2014


     </field>
     <field name="dstTrafficIndex" dataType="unsigned32"
             group=""
             dataTypeSemantics="identifier"
             elementId="93" applicability="flow" status="current">
       <description>
        <paragraph>
        BGP Policy Accounting Destination Traffic Index.
        </paragraph>
       </description>
       <reference>
        BGP policy accounting as described in
        http://www.cisco.com/en/US/tech/tk365/
        technologies_tech_note09186a0080094e88.shtml
       </reference>
     </field>
     <field name="className" dataType="string"
             group=""
             dataTypeSemantics=""
             elementId="100" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 335 selectorName.  Traffic Class Name,
        associated with the classId Information Element.
        </paragraph>
       </description>
     </field>
     <field name="layer2packetSectionOffset" dataType="unsigned16"
             group=""
             dataTypeSemantics="quantity"
             elementId="102" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 409 sectionOffset.
        Layer 2 packet section offset.  Potentially a generic packet
        section offset.
        </paragraph>
       </description>
     </field>
     <field name="layer2packetSectionSize" dataType="unsigned16"
             group=""
             dataTypeSemantics="quantity"
             elementId="103" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 312 dataLinkFrameSize.
        Layer 2 packet section size.  Potentially a generic packet
        section size.



Yourtchenko, et al.           Informational                    [Page 20]

RFC 7270               Cisco Information Elements              June 2014


        </paragraph>
       </description>
     </field>
     <field name="layer2packetSectionData" dataType="octetArray"
             group=""
             dataTypeSemantics=""
             elementId="104" applicability="flow" status="deprecated">
       <description>
        <paragraph>
        Deprecated in favor of 315 dataLinkFrameSection.
        Layer 2 packet section data.
        </paragraph>
       </description>
     </field>
   </fieldDefinitions>

Authors' Addresses



   Andrew Yourtchenko
   Cisco Systems, Inc.
   De Kleetlaan, 7
   Brussels, Diegem  B-1831
   Belgium

   Phone: +32 2 704 5494
   EMail: ayourtch@cisco.com


   Paul Aitken
   Cisco Systems, Inc.
   96 Commercial Quay
   Edinburgh  EH6 6LX
   Scotland

   Phone: +44 131 561 3616
   EMail: paitken@cisco.com


   Benoit Claise
   Cisco Systems, Inc.
   De Kleetlaan, 6a b1
   Diegem  B-1831
   Belgium

   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com





Yourtchenko, et al.           Informational                    [Page 21]