IP Flow Information Export (ipfix) ---------------------------------- Charter Last Modified: 2010-08-11 Current Status: Active Working Group Chair(s): Nevil Brownlee <n.brownlee@auckland.ac.nz> Juergen Quittek <quittek@neclab.eu> Operations and Management Area Director(s): Dan Romascanu <dromasca@avaya.com> Ronald Bonica <rbonica@juniper.net> Operations and Management Area Advisor: Dan Romascanu <dromasca@avaya.com> Mailing Lists: General Discussion:ipfix@ietf.org To Subscribe: http://www.ietf.org/mailman/listinfo/ipfix Archive: http://www.ietf.org/mail-archive/web/ipfix Description of Working Group: The IPFIX working group has specified the Information Model (to describe IP flows) and the IPFIX protocol (to transfer IP flow data from IPFIX exporters to collectors). Several implementers have already built applications using the IPFIX protocol. As a result of a series of IPFIX interoperability testing events the WG has produced guidelines for IPFIX implementation and testing as well as recommendations for handling special cases such as bidirectional flow reporting and reducing redundancy in flow records. Practical experiences with IPFIX implementations exposed new requirements for the IPFIX protocol that so far have not been addressed by the WG. The major current goal of the WG is developing solutions that meet the new requirements without modifying the core IPFIX protocol specifications. 1. The IPFIX WG has developed a MIB module for monitoring IPFIX implementations. Means for configuring these devices have not been standardized yet. The WG will develop an XML-based configuration data model that can be used for configuring IPFIX devices and for storing, modifying and managing IPFIX configurations parameter sets. This work will be performed in close collaboration with the NETCONF WG. 2. First applications of IPFIX at large operator networks showed the need for mediation of flow information, for example, for aggregating huge amounts of flow data and for anomymization of flow information. The IPFIX WG will investigate this issue and produce a problem statement and a framework for IPFIX flow mediation. 3. The PSAMP WG has developed a protocol for reporting observed packets. The PSAMP protocol is an extension of the IPFIX protocol. The IPFIX WG will develop a MIB module for monitoring PSAMP implementations. The new MIB module will be an extension of the IPFIX MIB module. 4. Anonymization of flow information has been identified as a requirement for flow information export already in RFC 3917. However, technologies for flow anonymization are still a research issue and have so far not been considered to be mature enough for standardization. As one step in this direction, the IPFIX WG will develop guidelines for the implementation of anonymized data export and storage over IPFIX and define an information model for configuring and reporting anonymization applied at IPFIX devices. 5. The IPFIX and PSAMP WGs have defined standards for selecting observed IP packets and collecting information in flow records. In order to reduce the amount of data to be processed, packet selection methods have been defined. Another method for reducing flow data is flow selection. The IPFIX WG will define methods for flow selection and provide an information model for configuring and reporting flow selection applied at IPFIX devices. 6. Being designed for the export of flow records the IPFIX protocol provides very limited means for structuring information elements within IPFIX records. With the increasing number of IPFIX applications there is a need for exporting more complex information. The IPFIX WG will develop an extension of the IPFIX protocol that supports hierarchically structured data and lists (sequences) of Information Elements in data records. Goals and Milestones: Done Submit Revised Internet-Draft on IP Flow Export Requirements Done Submit Internet-Draft on IP Flow Export Architecture Done Submit Internet-Draft on IP Flow Export Data Model Done Submit Internet-Draft on IPFIX Protocol Evaluation Report Done Submit Internet-Draft on IP Flow Export Applicability Statement Done Select IPFIX protocol, revise Architecture and Data Model drafts Done Submit IPFX-REQUIREMENTS to IESG for publication as Informational RFC Done Submit IPFIX Protocol Evaluation Report to IESG for publication as Informational RFC Done Submit IPFX-ARCHITECTURE to IESG for publication as Proposed Standard RFC Done Submit IPFX-INFO_MODEL to IESG for publication as Informational RFC Done Submit IPFX-APPLICABILITY to IESG for publication as Informational RFC Done Submit IPFX-PROTOCOL to IESG for publication as Proposed Standard RFC Done Publish Internet Draft on IPFIX Implementation Guidelines Done Publish Internet Draft on Reducing Redundancy in IPFIX data transfer Done Publish Internet Draft on Handling IPFIX Bidirectional Flows Done Publish Internet Draft on IPFIX Testing Done Publish Internet Draft on IPFIX MIB Done Submit IPFIX Implementation Guidelines draft to IESG for publication as Informational RFC Done Submit IPFIX Reducing Redundancy draft to IESG for publication as Informational RFC Done Submit IPFIX Testing draft to IESG for publication as Informational RFC Done Submit IPFIX Biflows draft to IESG for publication as Standards Track RFC Done Publish Internet draft on IPFIX Type Information Export Done Publish Internet draft on IPFIX File Format Done Publish Internet draft on IPFIX Configuration Data Model Done Publish Internet draft on Single SCTP Stream Reporting Done Submit File Format draft to IESG for publication as Standards track RFC Done Publish Internet draft on IPFIX Mediation Problem Statement Done Submit IPFIX MIB draft to IESG for publication as Standards track RFC Done Submit Type Export draft to IESG for publication as Standards track RFC Done Submit Single SCTP Stream draft to IESG for publication as Informational RFC Done Submit Mediation Problem Statement I-D to IESG for publication as Informational RFC Done Submit initial draft on anonymization support Done Submit initial draft on flow selection Done Submit initial draft on structuring information elements Aug 2010 Submit final version of PSAMP MIB module Aug 2010 Submit Configuration Data Model draft to IESG for publication as Standards track RFC Aug 2010 Submit Mediation Framework I-D to IESG for publication as Informational RFC Oct 2010 Submit anonymization support I-D to IESG for publication as Experimental RFC Dec 2010 Submit flow selection I-D to IESG for publication as Standards Track RFC Dec 2010 Submit structuring information elements I-D to IESG for publication as Standards Track RFC Internet-Drafts: Posted Revised I-D Title <Filename> ------ ------- -------------------------------------------- Jul 2008 May 2010 <draft-ietf-ipfix-export-per-sctp-stream-08.txt> IPFIX Export per SCTP Stream Jul 2008 Mar 2011 <draft-ietf-ipfix-configuration-model-09.txt> Configuration Data Model for IPFIX and PSAMP Oct 2009 Jan 2011 <draft-ietf-ipfix-anon-06.txt> IP Flow Anonymization Support Oct 2009 May 2011 <draft-ietf-ipfix-structured-data-06.txt> Export of Structured Data in IPFIX Oct 2009 Mar 2011 <draft-ietf-ipfix-flow-selection-tech-05.txt> Flow Selection Techniques Mar 2010 Mar 2011 <draft-ietf-ipfix-psamp-mib-03.txt> Definitions of Managed Objects for Packet Sampling Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC3917 I Oct 2004 Requirements for IP Flow Information Export RFC3955 I Nov 2004 Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX) RFC5103 PS Jan 2008 Bidirectional Flow Export using IP Flow Information Export (IPFIX) RFC5102 PS Jan 2008 Information Model for IP Flow Information Export RFC5101 PS Jan 2008 Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information RFC5153 I Apr 2008 IPFIX Implementation Guidelines RFC5473 I Mar 2009 Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports RFC5472 I Mar 2009 IP Flow Information Export (IPFIX) Applicability RFC5471 I Mar 2009 Guidelines for IP Flow Information Export (IPFIX) Testing RFC5470 I Mar 2009 Architecture for IP Flow Information Export RFC5610 PS Jul 2009 Exporting Type Information for IPFIX Information Elements RFC5655 PS Oct 2009 Specification of the IP Flow Information Export (IPFIX) File Format RFC5815 PS Apr 2010 Definitions of Managed Objects for IP Flow Information Export RFC5982 I Aug 2010 IP Flow Information Export (IPFIX) Mediation: Problem Statement RFC6183 I Apr 2011 IP Flow Information Export (IPFIX) Mediation: Framework