Competence Center NET Fraunhofer FOKUS IPFIX IP Flow
- Slides: 8
Competence Center NET Fraunhofer FOKUS IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research 1 T. Zseby, CC NET
Competence Center NET Fraunhofer FOKUS IPFIX Architecture Router Observation Point IPFIX Collector Exporter Metering IP Traffic push protocol: periodically IPFIX messages to configured receivers Transport protocols: SCTP (, UDP, TCP) 2 T. Zseby, CC NET 2
Competence Center NET Fraunhofer FOKUS IPFIX/PSAMP Measurement Model Flow Information Packet Information IPFIX PSAMP Packet Export Flow Selection Packet Record Generation Flow Record Generation Aggregation Classification Rules Classification Clock Signal Snapsize Packet Selection Timestamping Packet Capturing Observation Point T. Zseby, CC NET Packet Processing Aggregation Rules Selection Rules 3 Flow Export Core Functions Optional Functions
Competence Center NET Fraunhofer FOKUS Data Representation Templates in the message stream describe the data sets Allows flexible and efficient (binary) representation of flows on the wire message template A 4 message template B T. Zseby, CC NET data A 1 data B 1 data A 2 4
Competence Center NET Fraunhofer FOKUS Information Model The information model supports reporting a wide variety of information elements (IEs): – “Five-tuple” (IPv 4, IPv 6 header fields) and standard packet/byte counters – All ICMP, TCP, UDP header fields – Layer 2, VLAN, MPLS, and other sub-IP information – Timestamps down to nanosecond resolution – Packet treatment: e. g. , routed next hop and AS – Detailed counters: e. g. , sum of squares, flag counters New IEs registered with IANA Enterprise-specific IEs for private extensions New defined IEs – location / GPS information, Qo. S parameters, spectrum measurements, … 5 T. Zseby, CC NET 5
Competence Center NET Fraunhofer FOKUS IPFIX Files (RFC 5655) Goal: facilitate interoperability and reusability among a variety of flow storage, processing, and analysis tools An IPFIX file is any serialized stream of IPFIX Messages. – a “file transport” for IPFIX – binary flow data file format Meta data via Options Templates – Exporter certificate, time, etc. Several extensions – Error detection and recovery – Storage of Net. Flow v 9 data – Signing and encryption – Encapsulation of Non-IPFIX Data in IPFIX Files – Encapsulation of IPFIX Files within Other File Formats 6 T. Zseby, CC NET 6
Competence Center NET Fraunhofer FOKUS IPFIX Status Core IPFIX protocol published as RFC in 2008 – RFC 5101 - Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information – RFC 5102 - Information Model for IP Flow Information Export Additional RFCs see http: //tools. ietf. org/wg/ipfix/ Current ongoing work – Configuration, Anonymization, IPFIX mediator, … Several implementations exist Use in testbeds – One. Lab uses IPFIX for flow and packet data export – Additonal: Reporting sampling rates and CPU utilization – NOVI considers IPFIX as exporting protocol – Integration with OMF planned 7 T. Zseby, CC NET 7
Competence Center NET Fraunhofer FOKUS Thank You! Contact: tanja. zseby@fokus. fraunhofer. de 8 T. Zseby, CC NET
