IP Flow Information Export (ipfix) ---------------------------------- Charter Last Modified: 2007-11-26 Current Status: Active Working Group Chair(s): Nevil Brownlee Juergen Quittek Operations and Management Area Director(s): Dan Romascanu Ronald Bonica Operations and Management Area Advisor: Dan Romascanu Mailing Lists: General Discussion:ipfix@ietf.org To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix Archive: http://www1.ietf.org/mail-archive/web/ipfix/current/index.html Description of Working Group: There are a number of IP flow information export systems in common use. These systems differ significantly, even though some have adopted a common transport mechanism; such differences make it difficult to develop generalized flow analysis tools. As such, there is a need in industry and the Internet research community for IP devices such as routers to export flow information in a standard way to external systems such as mediation systems, accounting/billing systems, and network management systems to facilitate services such as Internet research, measurement, accounting, and billing. An IP flow information export system includes a data model, which represents the flow information, and a transport protocol. An "exporter," which is typically an IP router or IP traffic measurement device, will employ the IP flow information export system to report information about "IP flows," these being series of related IP packets that have been either forwarded or dropped. The reported flow information will include both (1) those attributes derived from the IP packet headers such as source and destination address, protocol, and port number and (2) those attributes often known only to the exporter such as ingress and egress ports, IP (sub)net mask, autonomous system numbers and perhaps sub-IP-layer information. This group will select a protocol by which IP flow information can be transferred in a timely fashion from an "exporter" to a collection station or stations and define an architecture which employs it. The protocol must run over an IETF approved congestion-aware transport protocol such as TCP or SCTP. Specific Goals o Define the notion of a "standard IP flow." The flow definition will be a practical one, similar to those currently in use by existing non-standard flow information export protocols which have attempted to achieve similar goals but have not documented their flow definition. o Devise data encodings that support analysis of IPv4 and IPv6 unicast and multicast flows traversing a network element at packet header level and other levels of aggregation as requested by the network operator according to the capabilities of the given router implementation. o Consider the notion of IP flow information export based upon packet sampling. o Identify and address any security privacy concerns affecting flow data. Determine technology for securing the flow information export data, e.g. TLS. o Specify the transport mapping for carrying IP flow information, one which is amenable to router and instrumentation implementers, and to deployment. o Ensure that the flow export system is reliable in that it will minimize the likelihood of flow data being lost due to resource constraints in the exporter or receiver and to accurately report such loss if it occurs. Goals and Milestones: Done Submit Revised Internet-Draft on IP Flow Export Requirements Done Submit Internet-Draft on IP Flow Export Architecture Done Submit Internet-Draft on IP Flow Export Data Model Done Submit Internet-Draft on IPFIX Protocol Evaluation Report Done Submit Internet-Draft on IP Flow Export Applicability Statement Done Select IPFIX protocol, revise Architecture and Data Model drafts Done Submit IPFX-REQUIREMENTS to IESG for publication as Informational RFC Done Submit IPFIX Protocol Evaluation Report to IESG for publication as Informational RFC Done Submit IPFX-ARCHITECTURE to IESG for publication as Proposed Standard RFC Done Submit IPFX-INFO_MODEL to IESG for publication as Informational RFC Done Submit IPFX-APPLICABILITY to IESG for publication as Informational RFC Done Submit IPFX-PROTOCOL to IESG for publication as Proposed Standard RFC Done Publish Internet Draft on IPFIX Implementation Guidelines Done Publish Internet Draft on Reducing Redundancy in IPFIX data transfer Done Publish Internet Draft on Handling IPFIX Bidirectional Flows Done Publish Internet Draft on IPFIX Testing Done Publish Internet Draft on IPFIX MIB Done Submit IPFIX Implementation Guidelines draft to IESG for publication as Informational RFC Done Submit IPFIX Reducing Redundancy draft to IESG for publication as Informational RFC Done Submit IPFIX Testing draft to IESG for publication as Informational RFC Done Submit IPFIX Biflows draft to IESG for publication as Standards Track RFC Done Submit IPFIX MIB draft to IESG for publication as Standards track RFC Nov 2007 Submit IPFIX Testing draft to IESG for publication as Informational RFC Nov 2007 Submit IPFIX MIB draft to IESG for publication as Standards track RFC Dec 2007 Publish Internet draft on IPFIX Type Information Export Dec 2007 Publish Internet draft on IPFIX Configuration Data Model Dec 2007 Publish Internet draft on IPFIX File Format Dec 2007 Publish Internet draft on Single SCTP Stream Reporting Jan 2008 Publish Internet draft on IPFIX Mediation Problem Statement Jan 2008 Submit File Format draft to IESG for publication as Standards track RFC Jun 2008 Submit Type Export draft to IESG for publication as Standards track RFC Jun 2008 Submit Single SCTP Stream draft to IESG for publication as Informational RFC Oct 2008 Submit Configuration Data Model draft to IESG for publication as Standards track RFC Oct 2008 Submit Mediation Problem draft to IESG for publication as Informational RFC Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Feb 2002 Sep 2006 Architecture for IP Flow Information Export Jun 2003 Jul 2007 IPFIX Applicability Sep 2006 Dec 2007 IPFIX Implementation Guidelines Sep 2006 May 2007 Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports Oct 2006 Feb 2008 Guidelines for IP Flow Information eXport (IPFIX) Testing Feb 2007 Dec 2007 Definitions of Managed Objects for IP Flow Information Export Jan 2008 Jan 2008 An IPFIX-Based File Format Jan 2008 Jan 2008 Exporting Type Information for IPFIX Information Elements Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC3917 I Oct 2004 Requirements for IP Flow Information Export RFC3955 I Nov 2004 Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX) RFC5103 PS Jan 2008 Bidirectional Flow Export using IP Flow Information Export (IPFIX) RFC5102 PS Jan 2008 Information Model for IP Flow Information Export RFC5101 PS Jan 2008 Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information