Embed Size (px)
Citation preview
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET1
IPFIX – IP Flow Information Export Overview
Tanja ZsebyFraunhofer FOKUS, Network Research
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET2
IPFIX Architecture
push protocol: periodically IPFIX messages to configured receivers
Transport protocols: SCTP (, UDP, TCP)
2
Exporter
CollectorIPFIX
IP Traffic
Router
Metering
ObservationPoint
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET3
IPFIX/PSAMP Measurement Model
Observation Point
Packet Capturing
Flow Record Generation
Flow Selection
Flow Export
Optional Functions
Core Functions
Aggregation
Classification
Timestamping
IPFIX
Packet Record Generation
Packet Export
PSAMP
Packet Selection
Snapsize
Clock Signal
Selection Rules
Classification Rules
Aggregation Rules Pa
ck
et P
roc
es
sin
g
Flow InformationPacket Information
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET4
Data Representation
Templates in the message stream describe the data sets
Allows flexible and efficient (binary) representation of flows on the wire
4
message
templateA
templateB
message
dataA1
dataB1
dataA2
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET5
Information Model
The information model supports reporting a wide variety of information elements (IEs):– “Five-tuple” (IPv4, IPv6 header fields) and standard packet/byte
counters– All ICMP, TCP, UDP header fields– Layer 2, VLAN, MPLS, and other sub-IP information– Timestamps down to nanosecond resolution– Packet treatment: e.g., routed next hop and AS– Detailed counters: e.g., sum of squares, flag counters
New IEs registered with IANA Enterprise-specific IEs for private extensions New defined IEs
– location / GPS information, QoS parameters, spectrum measurements, …
5
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET6
IPFIX Files (RFC5655)
Goal: facilitate interoperability and reusability among a variety of flow storage, processing, and analysis tools
An IPFIX file is any serialized stream of IPFIX Messages.– a “file transport” for IPFIX– binary flow data file format
Meta data via Options Templates – Exporter certificate, time, etc.
Several extensions– Error detection and recovery– Storage of NetFlow v9 data– Signing and encryption– Encapsulation of Non-IPFIX Data in IPFIX Files– Encapsulation of IPFIX Files within Other File Formats
6
Fraunhofer FOKUSCompetence Center NET
T. Zseby, CC NET7
IPFIX Status
Core IPFIX protocol published as RFC in 2008– RFC5101 - Specification of the IP Flow Information Export
(IPFIX) Protocol for the Exchange of IP Traffic Flow Information
– RFC5102 - Information Model for IP Flow Information Export Additional RFCs see http://tools.ietf.org/wg/ipfix/ Current ongoing work
– Configuration, Anonymization, IPFIX mediator, … Several implementations exist Use in testbeds
– OneLab uses IPFIX for flow and packet data export– Additonal: Reporting sampling rates and CPU utilization– NOVI considers IPFIX as exporting protocol– Integration with OMF planned
7
