idnits 2.17.1 draft-ietf-ipfix-exporting-type-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 9, 2009) is 5428 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5101 (Obsoleted by RFC 7011) ** Obsolete normative reference: RFC 5102 (Obsoleted by RFC 7012) ** Obsolete normative reference: RFC 2482 (Obsoleted by RFC 6082) ** Obsolete normative reference: RFC 4646 (Obsoleted by RFC 5646) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) Summary: 6 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPFIX Working Group E. Boschi 3 Internet-Draft B. Trammell 4 Intended status: Standards Track Hitachi Europe 5 Expires: December 11, 2009 L. Mark 6 Fraunhofer IFAM 7 T. Zseby 8 Fraunhofer FOKUS 9 June 9, 2009 11 Exporting Type Information for IPFIX Information Elements 12 draft-ietf-ipfix-exporting-type-05.txt 14 Status of this Memo 16 This Internet-Draft is submitted to IETF in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on December 11, 2009. 37 Copyright Notice 39 Copyright (c) 2009 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents in effect on the date of 44 publication of this document (http://trustee.ietf.org/license-info). 45 Please review these documents carefully, as they describe your rights 46 and restrictions with respect to this document. 48 Abstract 50 This document describes an extension to the IP Flow Information 51 Export (IPFIX) protocol, which is used to represent and transmit data 52 from IP flow measurement devices for collection, storage and 53 analysis, to allow the encoding of IPFIX Information Model properties 54 within an IPFIX Message stream. This enables the export of extended 55 type information for enterprise-specific Information Elements, and 56 the storage of such information within IPFIX Files, facilitating 57 interoperability and reusability among a wide variety of applications 58 and tools. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 1.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 4 64 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. Type Information Export . . . . . . . . . . . . . . . . . . . 5 66 3.1. informationElementDataType . . . . . . . . . . . . . . . . 5 67 3.2. informationElementDescription . . . . . . . . . . . . . . 6 68 3.3. informationElementName . . . . . . . . . . . . . . . . . . 7 69 3.4. informationElementRangeBegin . . . . . . . . . . . . . . . 7 70 3.5. informationElementRangeEnd . . . . . . . . . . . . . . . . 7 71 3.6. informationElementSemantics . . . . . . . . . . . . . . . 8 72 3.7. informationElementUnits . . . . . . . . . . . . . . . . . 9 73 3.8. privateEnterpriseNumber . . . . . . . . . . . . . . . . . 9 74 3.9. Information Element Type Options Template . . . . . . . . 10 75 3.10. Data Type and Semantics Restrictions . . . . . . . . . . . 12 76 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 77 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 78 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 79 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 80 7.1. Normative References . . . . . . . . . . . . . . . . . . . 15 81 7.2. Informative References . . . . . . . . . . . . . . . . . . 16 82 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 16 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 85 1. Introduction 87 IP Flow Information Export (IPFIX) provides a template mechanism for 88 the flexible description of Data Records, by defining a record as a 89 collection of Information Elements defined in an IANA registry, 90 However, these Templates provide limited information about the type 91 of described data; indeed, they encode only the size of the fields 92 defined by these Information Elements. There presently exists no 93 mechanism to provide full type information for these Information 94 Elements, as is defined for the Information Elements in the IPFIX 95 Information Model. 97 This especially limits the interoperability of enterprise-specific 98 Information Elements. It is not possible to use analysis tools on 99 IPFIX records containing these partially defined Information Elements 100 that have not been developed with a priori knowledge of their types, 101 since such tools will not be able to decode them; these tools can 102 only treat and store them as opaque octet arrays. However, if richer 103 information is available, additional operations such as efficient 104 storage, display, and limited analysis of records containing 105 enterprise-specific Information Elements become possible, even for 106 Collecting Processes that had not been specifically developed to 107 understand them. 109 This document defines a general mechanism to encode the full set of 110 properties available for the definition of Information Elements 111 within the IPFIX Information Model inline within an IPFIX Message 112 stream using IPFIX Options. This mechanism may be used to fully 113 define type information for Information Elements used within a 114 message stream, without resort to an external reference or reliance 115 on out-of-band configuration, thereby improving the interoperability 116 of enterprise-specific Information Elements. 118 Note that the solution described in this draft is not intended as a 119 replacement for registration with IANA of generally useful 120 Information Elements. It introduces overhead and does not lead to 121 real interoperability as provided by standardization. Therefore we 122 highly recommend to standardize all new generally useful Information 123 Elements by registering them with IANA. Standardization is 124 straightforward, and the type information that needs to be specified 125 in order to support the proposed solution provides a perfect basis 126 for the description required for standardizing the Information 127 Element. 129 It might happen that an Information Element previously described by 130 the mechanism in this document later becomes an IANA-registered, 131 standard Information Element. In such environments old and new 132 versions of the Information Element can coexist. A translation 133 between Information Elements expressed by the described solution and 134 standardized Information Elements is therefore not necessary, and is 135 out of scope for this document. 137 1.1. IPFIX Documents Overview 139 "Specification of the IPFIX Protocol for the Exchange of IP Traffic 140 Flow Information" [RFC5101] (informally, the IPFIX Protocol document) 141 and its associated documents define the IPFIX Protocol, which 142 provides network engineers and administrators with access to IP 143 traffic flow information. 145 "Architecture for IP Flow Information Export" [RFC5470] (the IPFIX 146 Architecture document) defines the architecture for the export of 147 measured IP flow information out of an IPFIX Exporting Process to an 148 IPFIX Collecting Process, and the basic terminology used to describe 149 the elements of this architecture, per the requirements defined in 150 "Requirements for IP Flow Information Export" [RFC3917]. The IPFIX 151 Protocol document [RFC5101] then covers the details of the method for 152 transporting IPFIX Data Records and Templates via a congestion-aware 153 transport protocol from an IPFIX Exporting Process to an IPFIX 154 Collecting Process. 156 "Information Model for IP Flow Information Export" [RFC5102] 157 (informally, the IPFIX Information Model document) describes the 158 Information Elements used by IPFIX, including details on Information 159 Element naming, numbering, and data type encoding. 161 This document references the Protocol and Architecture documents for 162 terminology and extends the IPFIX Information Model to provide new 163 Information Elements for the representation of Information Element 164 properties. It draws data type definitions and data type semantics 165 definitions from the Information Model; the encodings of these data 166 types are defined in [RFC5101]. 168 2. Terminology 170 Terms used in this document that are defined in the Terminology 171 section of the IPFIX Protocol [RFC5101] document are to be 172 interpreted as defined there. 174 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 175 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 176 document are to be interpreted as described in RFC 2119 [RFC2119]. 178 3. Type Information Export 180 This section describes the mechanism used to encode Information 181 Element type information within an IPFIX Message stream. This 182 mechanism consists of an Options Template Record used to define 183 Information Element type records, and a set of Information Elements 184 required by these type records. We first specify the necessary 185 Information Elements, followed by the structure of the Options 186 Template describing the type records. 188 Note that Information Element type records require one Information 189 Element, informationElementId, that is defined in the PSAMP 190 Information Model [RFC5477]. This Information Element supports 191 references only to IANA-defined Information Elements; the 192 privateEnterpriseNumber Information Element is required alongside 193 informationElementId to describe enterprise-specific Information 194 Elements. 196 3.1. informationElementDataType 198 Description: A description of the abstract data type of an IPFIX 199 information element. These are taken from the abstract data types 200 defined in section 3.1 of the IPFIX Information Model [RFC5102]; 201 see that section for more information on the types described 202 below. This field may take the values defined in Table 1 below. 204 +-------+----------------------+ 205 | Value | Description | 206 +-------+----------------------+ 207 | 0x00 | octetArray | 208 | 0x01 | unsigned8 | 209 | 0x02 | unsigned16 | 210 | 0x03 | unsigned32 | 211 | 0x04 | unsigned64 | 212 | 0x05 | signed8 | 213 | 0x06 | signed16 | 214 | 0x07 | signed32 | 215 | 0x08 | signed64 | 216 | 0x09 | float32 | 217 | 0x0A | float64 | 218 | 0x0B | boolean | 219 | 0x0C | macAddress | 220 | 0x0D | string | 221 | 0x0E | dateTimeSeconds | 222 | 0x0F | dateTimeMilliseconds | 223 | 0x10 | dateTimeMicroseconds | 224 | 0x11 | dateTimeNanoseconds | 225 | 0x12 | ipv4Address | 226 | 0x13 | ipv6Address | 227 +-------+----------------------+ 229 Table 1: IE Data Type values 231 These types are registered in the IANA IPFIX Information Element 232 Data Type subregistry. This subregistry is intended to assign 233 numbers for type names, not to provide a mechanism for adding data 234 types to the IPFIX Protocol, and as such requires a Standards 235 Action [RFC5226] to modify. 237 Abstract Data Type: unsigned8 239 ElementId: TBD1 241 Status: current 243 Reference: Section 3.1 of the IPFIX Information Model [RFC5102] 245 3.2. informationElementDescription 247 Description: A UTF-8 [RFC3629] encoded Unicode string containing a 248 human-readable description of an Information Element. The content 249 of the informationElementDescription MAY be annotated with one or 250 more language tags [RFC4646], encoded in-line [RFC2482] within the 251 UTF-8 string, in order to specify the language in which the 252 description is written. Description text in multiple languages 253 MAY tag each section with its own language tag; in this case, the 254 description information in each language SHOULD have equivalent 255 meaning. In the absence of any language tag, the "i-default" 256 [RFC2277] language SHOULD be assumed. See the Security 257 Considerations section for notes on string handling for 258 Information Element type records. 260 Abstract Data Type: string 262 ElementId: TBD2 264 Status: current 266 3.3. informationElementName 268 Description: A UTF-8 [RFC3629] encoded Unicode string containing 269 the name of an Information Element, intended as a simple 270 identifier. See the Security Considerations section for notes on 271 string handling for Information Element type records. 273 Abstract Data Type: string 275 ElementId: TBD3 277 Status: current 279 3.4. informationElementRangeBegin 281 Description: Contains the inclusive low end of the range of 282 acceptable values for an Information Element. 284 Abstract Data Type: unsigned64 286 Data Type Semantics: quantity 288 ElementId: TBD4 290 Status: current 292 3.5. informationElementRangeEnd 294 Description: Contains the inclusive high end of the range of 295 acceptable values for an Information Element. 297 Abstract Data Type: unsigned64 299 Data Type Semantics: quantity 301 ElementId: TBD5 303 Status: current 305 3.6. informationElementSemantics 307 Description: A description of the semantics of an IPFIX Information 308 Element. These are taken from the data type semantics defined in 309 section 3.2 of the IPFIX Information Model [RFC5102]; see that 310 section for more information on the types described below. This 311 field may take the values in Table 2 below; the special value 0x00 312 (default) is used to note that no semantics apply to the field; it 313 cannot be manipulated by a Collecting Process or File Reader that 314 does not understand it a priori. 316 +-------+--------------+ 317 | Value | Description | 318 +-------+--------------+ 319 | 0x00 | default | 320 | 0x01 | quantity | 321 | 0x02 | totalCounter | 322 | 0x03 | deltaCounter | 323 | 0x04 | identifier | 324 | 0x05 | flags | 325 +-------+--------------+ 327 Table 2: IE Semantics values 329 These semantics are registered in the IANA IPFIX Information 330 Element Semantics subregistry. This subregistry is intended to 331 assign numbers for semantics names, not to provide a mechanism for 332 adding semantics to the IPFIX Protocol, and as such requires a 333 Standards Action [RFC5226] to modify. 335 Abstract Data Type: unsigned8 337 ElementId: TBD6 339 Status: current 341 Reference: Section 3.2 of the IPFIX Information Model [RFC5102] 343 3.7. informationElementUnits 345 Description: A description of the units of an IPFIX Information 346 Element. These correspond to the units implicitly defined in the 347 Information Element definitions in section 5 of the IPFIX 348 Information Model [RFC5102]; see that section for more information 349 on the types described below. This field may take the values in 350 Table 3 below; the special value 0x00 (none) is used to note that 351 the field is unitless. 353 +--------+---------------+---------------------------+ 354 | Value | Name | Notes | 355 +--------+---------------+---------------------------+ 356 | 0x0000 | none | | 357 | 0x0001 | bits | | 358 | 0x0002 | octets | | 359 | 0x0003 | packets | | 360 | 0x0004 | flows | | 361 | 0x0005 | seconds | | 362 | 0x0006 | milliseconds | | 363 | 0x0007 | microseconds | | 364 | 0x0008 | nanoseconds | | 365 | 0x0009 | 4-octet words | for IPv4 header length | 366 | 0x000A | messages | for reliability reporting | 367 | 0x000B | hops | for TTL | 368 | 0x000C | entries | for MPLS label stack | 369 +--------+---------------+---------------------------+ 371 Table 3: IE Units values 373 These types are registered in the IANA IPFIX Information Element 374 Units subregistry; new types may be added on a First Come First 375 Served [RFC5226] basis. 377 Abstract Data Type: unsigned16 379 ElementId: TBD7 381 Status: current 383 Reference: Section 5 of the IPFIX Information Model [RFC5102] 385 3.8. privateEnterpriseNumber 387 Description: A private enterprise number, as assigned by IANA. 388 Within the context of an Information Element Type record, this 389 element can be used along with the informationElementId element to 390 scope properties to a specific Information Element. To export 391 type information about an IANA-assigned Information Element, set 392 the privateEnterpriseNumber to 0, or do not export the 393 privateEnterpriseNumber in the type record. To export type 394 information about an enterprise-specific Information Element, 395 export the enterprise number in privateEnterpriseNumber, and 396 export the Information Element number with the Enterprise bit 397 cleared in informationElementId. The Enterprise bit in the 398 associated informationElementId Information Element MUST be 399 ignored by the Collecting Process. 401 Abstract Data Type: unsigned32 403 Data Type Semantics: identifier 405 ElementId: TBD8 407 Status: current 409 Reference: Sections 3.2 and 3.4.1 of the IPFIX Protocol [RFC5101]; 410 section 8.2.3 of the PSAMP Information Model [RFC5477]. 412 3.9. Information Element Type Options Template 414 The Information Element Type Options Template attaches type 415 information to Information Elements used within Template Records, as 416 scoped to an Observation Domain within a Transport Session. This 417 provides a mechanism for representing an IPFIX Information Model 418 inline within an IPFIX Message stream. Data Records described by 419 this template are referred to as Information Element type records. 421 In deployments in which interoperability across vendor 422 implementations of IPFIX is important, an Exporting Process exporting 423 data using Templates containing enterprise-specific Information 424 Elements SHOULD export an Information Element type record for each 425 enterprise-specific Information Element it exports. Collecting 426 Processes MAY use these type records to improve handling of unknown 427 enterprise-specific Information Elements. Exporting Processes using 428 enterprise-specific Information Elements to implement proprietary 429 features MAY omit type records for those Information Elements. 431 Information Element type records MUST be handled by Collecting 432 Processes as scoped to the Transport Session in which they are sent; 433 this facility is not intended to provide a method for the permanent 434 definition of Information Elements. 436 Similarly, for security reasons, type information for a given 437 Information Element MUST NOT be re-defined by Information Element 438 type records, and a Collecting Process MUST NOT allow an Information 439 Element type record to replace its own internal definition of an 440 Information Element. Information Element type records SHOULD NOT be 441 duplicated in a given Observation Domain within a Transport Session. 442 Once an Information Element type record has been exported for a given 443 Information Element within a given Transport Session, all subsequent 444 type records for that Information Element MUST be identical. 445 Information Elements for which a Collecting Process receives 446 conflicting semantic or type information MUST be ignored. 448 Note that while this template MAY be used to export information about 449 any Information Element, including those registered with IANA, 450 Exporting Processes SHOULD NOT export any type records that could be 451 reasonably assumed to duplicate type information available at the 452 Collecting Process. This mechanism is not intended as a replacement 453 for Exporting and Collecting Processes keeping up to date with 454 changes to the IANA registry; such an update mechanism is out of 455 scope for this document. 457 The template SHOULD contain the Information Elements in Table 4, 458 below, as defined in the PSAMP Information Model [RFC5477] and in 459 this document, above. 461 +-------------------------------+-----------------------------------+ 462 | IE | Description | 463 +-------------------------------+-----------------------------------+ 464 | informationElementId [scope] | The Information Element | 465 | | identifier of the Information | 466 | | Element described by this type | 467 | | record. This Information Element | 468 | | MUST be defined as a Scope Field. | 469 | | See the PSAMP Information Model | 470 | | [RFC5477] for a definition of | 471 | | this field. | 472 | privateEnterpriseNumber | The Private Enterprise number of | 473 | [scope] | the Information Element described | 474 | | by this type record. This | 475 | | Information Element MUST be | 476 | | defined as a Scope Field. | 477 | informationElementDataType | The storage type of the specified | 478 | | Information Element. | 479 | informationElementSemantics | The semantic type of the | 480 | | specified Information Element. | 481 | informationElementUnits | The units of the specified | 482 | | Information Element. This | 483 | | element SHOULD be omitted if the | 484 | | Information Element is a unitless | 485 | | quantity, or a not a quantity or | 486 | | counter. | 487 | informationElementRangeBegin | The low end of the range of | 488 | | acceptable values for the | 489 | | specified Information Element. | 490 | | This element SHOULD be omitted if | 491 | | the beginning of the Information | 492 | | Element's acceptable range is | 493 | | defined by its data type. | 494 | informationElementRangeEnd | The high end of the range of | 495 | | acceptable values for the | 496 | | specified Information Element. | 497 | | This element SHOULD be omitted if | 498 | | the end Information Element's | 499 | | acceptable range is defined by | 500 | | its data type. | 501 | informationElementName | The name of the specified | 502 | | Information Element. | 503 | informationElementDescription | A human readable description of | 504 | | the specified Information | 505 | | Element. This element MAY be | 506 | | omitted in the interest of export | 507 | | efficiency. | 508 +-------------------------------+-----------------------------------+ 510 Table 4: IE Type Options 512 3.10. Data Type and Semantics Restrictions 514 Note that the informationElementSemantics values defined in section 515 3.2 of [RFC5102] are primarily intended to differentiate semantic 516 interpretation of numeric values, and that not all combinations of 517 the informationElementDataType and informationElementSemantics 518 Information Elements are valid; e.g., a counter cannot be encoded as 519 an IPv4 address. The following are acceptable values of 520 informationElementSemantics: 522 o Any value is valid for unsigned informationElementDataType values 523 ("unsigned8", "unsigned16", "unsigned32", or "unsigned64"). 525 o Any value except "flags" is valid for signed 526 informationElementDataType values ("signed8", "signed16", 527 "signed32", or "signed64"). 529 o Any value except "identifier" or "flags" is valid for floating- 530 point informationElementDataType values ("float32" or "float64"). 532 o Only "default" is valid for all other other 533 informationElementDataType values ("octetArray", "boolean", 534 "macAddress", "string", "dateTimeSeconds", "dateTimeMilliseconds", 535 "dateTimeMicroseconds", "dateTimeNanoseconds", "ipv4Address", or 536 "ipv6Address"). 538 Information Element type records containing invalid combinations of 539 informationElementSemantics and informationElementDataType MUST NOT 540 be sent by Exporting Processes, and MUST be ignored by Collecting 541 Processes. 543 Future standards actions that modify the Information Element Data 544 Type subregistry or the Information Element Semantics subregistry 545 should contain a Data Type and Semantics Restrictions sections such 546 as this one to define allowable combinations of type and semantics 547 information. 549 4. Security Considerations 551 The same security considerations as for the IPFIX Protocol [RFC5101] 552 apply. 554 Attention must be paid to the handling of Information Element type 555 records at the Collecting Process. Type information precedence rules 556 defined above (a Collecting Process' current knowledge overrides type 557 records; types are not redefinable during a session) are designed to 558 minimize the opportunity for an attacker to maliciously redefine the 559 data model. 561 Note that Information Element type records may contain two strings 562 describing Information Elements: informationElementName and 563 informationElementDescription. IPFIX strings on the wire are length- 564 prefixed and UTF-8 [RFC3629] encoded, most often within an IPFIX 565 variable-length Information Element, which mitigates the risk of 566 unterminated-string attacks against IPFIX Collecting Processes. 567 However, care should still be taken when handling strings within the 568 type system of the Collecting Process. 570 First, Collecting Processes should pay particular attention to buffer 571 sizes converting between length-prefixed and null-terminated strings. 572 Exporting Processes MUST NOT export, and Collecting Processes MUST 573 ignore, any informationElementName or informationElementDescription 574 content which contains null characters (U+0000) in order to ensure 575 buffer and string lengths are consistent. 577 Also, note that there is no limit to IPFIX string length beyond that 578 inherent in the protocol. The maximum IPFIX string length is 65512 579 octets (maximum message length (65535), minus message header (16), 580 minus set header (4), minus long variable length field (3)). 581 Specifically, although the informationElementName of all IANA 582 Information Elements at the time of this writing is less than about 583 40 octets, and the informationElementDescription is less than 4096 584 octets, either of these Information Elements may contain strings up 585 to 65512 octets long. 587 5. IANA Considerations 589 This document specifies the creation of several new IPFIX Information 590 Elements in the IPFIX Information Element registry as defined in 591 section 3 above. IANA has assigned the following Information Element 592 numbers for their respective Information Elements as specified below: 594 o Information Element Number TBD1 for the informationElementDataType 595 Information Element 597 o Information Element Number TBD2 for the 598 informationElementDescription Information Element 600 o Information Element Number TBD3 for the informationElementName 601 Information Element 603 o Information Element Number TBD4 for the 604 informationElementRangeBegin Information Element 606 o Information Element Number TBD5 for the informationElementRangeEnd 607 Information Element 609 o Information Element Number TBD6 for the 610 informationElementSemantics Information Element 612 o Information Element Number TBD7 for the informationElementUnits 613 Information Element 615 o Information Element Number TBD8 for the privateEnterpriseNumber 616 Information Element 618 o [NOTE for IANA: The text TBD1, TBD2, TBD3, TBD4, TBD5, TBD6, TBD7, 619 and TBD8 should be replaced with the respective assigned 620 Information Element numbers where they appear in this document.] 622 IANA has created an Information Element Data Type subregistry for the 623 values defined for the informationElementSemantics Information 624 Element. Entries may be added to this subregistry subject to a 625 Standards Action [RFC5226]. 627 [NOTE for IANA: Please create a new Information Element Data Type 628 subregistry as specified in the paragraph above, with values taken 629 from section 3.1 of this document.] 631 IANA has created an Information Element Semantics subregistry for the 632 values defined for the informationElementSemantics Information 633 Element. Entries may be added to this subregistry subject to a 634 Standards Action [RFC5226]. 636 [NOTE for IANA: Please create a new Information Element Semantics 637 subregistry as specified in the paragraph above, with values taken 638 from section 3.6 of this document.] 640 IANA has created an Information Element Units subregistry for the 641 values defined for the informationElementUnits Information Element. 642 Entries may be added to this subregistry on an Expert Review 643 [RFC5226] basis. 645 [NOTE for IANA: Please create a new Information Element Units 646 subregistry as specified in the paragraph above, with values taken 647 from section 3.7 of this document.] 649 6. Acknowledgements 651 Thanks to Paul Aitken and Gerhard Muenz for the detailed reviews, and 652 to David Moore for first raising this issue to the IPFIX mailing 653 list. 655 7. References 657 7.1. Normative References 659 [RFC5101] Claise, B., "Specification of the IP Flow Information 660 Export (IPFIX) Protocol for the Exchange of IP Traffic 661 Flow Information", RFC 5101, January 2008. 663 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 664 Meyer, "Information Model for IP Flow Information Export", 665 RFC 5102, January 2008. 667 [RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. 668 Carle, "Information Model for Packet Sampling Exports", 669 RFC 5477, March 2009. 671 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 672 10646", STD 63, RFC 3629, November 2003. 674 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 675 Languages", BCP 18, RFC 2277, January 1998. 677 [RFC2482] Whistler, K. and G. Adams, "Language Tagging in Unicode 678 Plain Text", RFC 2482, January 1999. 680 [RFC4646] Phillips, A. and M. Davis, "Tags for Identifying 681 Languages", BCP 47, RFC 4646, September 2006. 683 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 684 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 685 May 2008. 687 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 688 Requirement Levels", BCP 14, RFC 2119, March 1997. 690 7.2. Informative References 692 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 693 "Requirements for IP Flow Information Export (IPFIX)", 694 RFC 3917, October 2004. 696 [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, 697 "Architecture for IP Flow Information Export", RFC 5470, 698 March 2009. 700 Appendix A. Examples 702 The following example illustrates how the type information extension 703 mechanism defined in this document may be used to describe the 704 semantics of enterprise-specific Information Elements. The 705 Information Elements used in this example are as follows: 707 o initialTCPFlags, an example private IE 14, 1 octet, the TCP flags 708 on the first TCP packet in the flow. 710 o unionTCPFlags, an example private IE 15, 1 octet, the union of the 711 TCP flags on all packets after the first TCP packet in the flow. 713 An Exporting Process exporting flows containing these Information 714 Elements might use a Template like the following: 716 1 2 3 717 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 718 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 719 | Set ID = 2 | Length = 52 | 720 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 721 | Template ID = 256 | Field Count = 9 | 722 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 723 |0| flowStartSeconds 150 | Field Length = 4 | 724 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 725 |0| sourceIPv4Address 8 | Field Length = 4 | 726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 727 |0| destinationIPv4Address 12 | Field Length = 4 | 728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 729 |0| sourceTransportPort 7 | Field Length = 2 | 730 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 731 |0| destinationTransportPort 11 | Field Length = 2 | 732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 733 |0| octetTotalCount 85 | Field Length = 4 | 734 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 735 |1| (initialTCPFlags) 14 | Field Length = 1 | 736 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 737 | Private Enterprise Number | 738 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 739 |1| (unionTCPFlags) 15 | Field Length = 1 | 740 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 741 | Private Enterprise Number | 742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 743 |0| protocolIdentifier 4 | Field Length = 1 | 744 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 746 Figure 1: Template with Enterprise-Specific IEs 748 However, a Collecting Process receiving Data Sets described by this 749 Template can only treat the enterprise-specific Information Elements 750 as opaque octets; specifically, there is no hint to the collector 751 that they contain flag information. To use the type information 752 extension mechanism to address this problem, the Exporting Process 753 would first export the Information Element Type Options Template 754 described in section 3.9 above: 756 1 2 3 757 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 758 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 759 | Set ID = 3 | Length = 26 | 760 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 761 | Template ID = 257 | Field Count = 4 | 762 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 763 | Scope Field Count = 2 |0| priv.EnterpriseNumber TBD8 | 764 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 765 | Field Length = 4 |0| informationElementId 303 | 766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 767 | Field Length = 2 |0| inf.El.DataType TBD1 | 768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 | Field Length = 1 |0| inf.El.Semantics TBD6 | 770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 771 | Field Length = 1 |0| inf.El.Name TBD3 | 772 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 773 | Field Length = 65536 | 774 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 776 Figure 2: Example Information Element Type Options Template 778 Then, the Exporting Process would then export two records described 779 by the Example Information Element Type Options Template to describe 780 the enterprise-specific Information Elements: 782 1 2 3 783 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 784 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 785 | Set ID = 257 | Length = 50 | 786 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 787 | Private Enterprise Number | 788 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 789 |X| IE 14 |0x01 unsigned8 |0x05 flags | 790 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 791 | 15 length | | 792 +-+-+-+-+-+-+-+-+ | 793 | "initialTCPFlags" | 794 | | 795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 796 | Private Enterprise Number | 797 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 798 |X| IE 15 |0x01 unsigned8 |0x05 flags | 799 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 800 | 13 length | | 801 +-+-+-+-+-+-+-+-+ "unionTCPFlags" | 802 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 803 | | 804 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 806 Figure 3: Type Record Example 808 Authors' Addresses 810 Elisa Boschi 811 Hitachi Europe 812 c/o ETH Zurich 813 Gloriastrasse 35 814 8092 Zurich 815 Switzerland 817 Phone: +41 44 632 70 57 818 Email: elisa.boschi@hitachi-eu.com 819 Brian Trammell 820 Hitachi Europe 821 c/o ETH Zurich 822 Gloriastrasse 35 823 8092 Zurich 824 Switzerland 826 Phone: +41 44 632 70 13 827 Email: brian.trammell@hitachi-eu.com 829 Lutz Mark 830 Fraunhofer IFAM 831 Wiener Str. 12 832 28359 Bremen 833 Germany 835 Phone: +49 421 2246206 836 Email: lutz.mark@ifam.fraunhofer.de 838 Tanja Zseby 839 Fraunhofer Institute for Open Communication Systems 840 Kaiserin-Augusta-Allee 31 841 10589 Berlin 842 Germany 844 Phone: +49 30 3463 7153 845 Email: tanja.zseby@fokus.fraunhofer.de