idnits 2.17.1 draft-ietf-ipfix-testing-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 17. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1428. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1439. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1446. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1452. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 14, 2008) is 5855 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5101 (Obsoleted by RFC 7011) ** Obsolete normative reference: RFC 5102 (Obsoleted by RFC 7012) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPFIX Working Group C. Schmoll 3 Internet-Draft Fraunhofer FOKUS 4 Intended status: Informational P. Aitken 5 Expires: October 16, 2008 B. Claise 6 Cisco Systems 7 April 14, 2008 9 Guidelines for IP Flow Information eXport (IPFIX) Testing 10 draft-ietf-ipfix-testing-05.txt 12 Status of this Memo 14 By submitting this Internet-Draft, each author represents that any 15 applicable patent or other IPR claims of which he or she is aware 16 have been or will be disclosed, and any of which he or she becomes 17 aware will be disclosed, in accordance with Section 6 of BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on October 16, 2008. 37 Abstract 39 This document presents a list of tests for implementers of IP Flow 40 Information Export (IPFIX) compliant Exporting Processes and 41 Collecting Processes. This document specifies guidelines for a 42 series of tests that can be run on the IPFIX Exporting Process and 43 Collecting Process in order to probe the conformity and robustness of 44 the IPFIX protocol implementations. These tests cover all important 45 functions, in order to gain a level of confidence in the IPFIX 46 implementation. Therefore they allow the implementer to perform 47 interoperability or plug tests with other IPFIX Exporting Processes 48 and Collecting Processes. 50 Conventions used in this document 52 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 53 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 54 document are to be interpreted as described in [RFC2119]. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 1.1. Document Scope . . . . . . . . . . . . . . . . . . . . . . 5 60 1.2. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 5 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 62 3. Test Specifications . . . . . . . . . . . . . . . . . . . . . 8 63 3.1. Exporting Process / Collecting Process connectivity 64 tests . . . . . . . . . . . . . . . . . . . . . . . . . . 8 65 3.1.1. Connectivity tests between Exporting Process and 66 Collecting Process . . . . . . . . . . . . . . . . . . 8 67 3.2. Template and Data Record tests . . . . . . . . . . . . . . 9 68 3.2.1. Transmission of Template with fixed size 69 Information Elements . . . . . . . . . . . . . . . . . 9 70 3.2.2. Transmission of Template with variable length 71 Information Elements . . . . . . . . . . . . . . . . . 9 72 3.2.3. Set Padding . . . . . . . . . . . . . . . . . . . . . 10 73 3.2.4. Record Padding . . . . . . . . . . . . . . . . . . . . 10 74 3.2.5. Template Withdrawal Message . . . . . . . . . . . . . 11 75 3.3. Information Element tests . . . . . . . . . . . . . . . . 13 76 3.3.1. Enterprise-specific Information Elements . . . . . . . 13 77 3.3.2. Reduced Size Encoding of Information Elements . . . . 13 78 3.3.3. Multiple instances of the same Information Element 79 in one Template . . . . . . . . . . . . . . . . . . . 13 80 3.4. Options Template tests . . . . . . . . . . . . . . . . . . 14 81 3.4.1. Using any Information Elements as Scope . . . . . . . 14 82 3.4.2. Using multiple Scopes . . . . . . . . . . . . . . . . 15 83 3.4.3. Metering Process Statistics Option Template . . . . . 15 84 3.4.4. Metering Process Reliability Statistics Option 85 Template . . . . . . . . . . . . . . . . . . . . . . . 15 86 3.4.5. Exporting Process Reliability Statistics Option 87 Template . . . . . . . . . . . . . . . . . . . . . . . 16 88 3.4.6. Flow Keys Option Template . . . . . . . . . . . . . . 16 89 3.5. Stress/Load tests . . . . . . . . . . . . . . . . . . . . 17 90 3.5.1. Large number of Records for one Template . . . . . . . 17 91 3.5.2. Excessive rate of incoming Data Records . . . . . . . 17 92 3.5.3. Large Templates . . . . . . . . . . . . . . . . . . . 18 93 3.5.4. Many new Templates within Data Template timeout 94 interval . . . . . . . . . . . . . . . . . . . . . . . 18 95 3.5.5. Multiple Exporting Processes exporting to one 96 Collecting Process . . . . . . . . . . . . . . . . . . 18 98 3.5.6. Export from one Exporting Process to multiple 99 Collecting Processes . . . . . . . . . . . . . . . . . 19 100 3.6. Error handling . . . . . . . . . . . . . . . . . . . . . . 19 101 3.6.1. Temporary network disconnect . . . . . . . . . . . . . 19 102 3.6.2. Exporting Process termination and restart during 103 data transmission . . . . . . . . . . . . . . . . . . 20 104 3.6.3. Collecting Process termination and restart during 105 data transmission . . . . . . . . . . . . . . . . . . 20 106 3.6.4. Incorrect Template Records and Options Template 107 Records . . . . . . . . . . . . . . . . . . . . . . . 21 108 3.6.5. Incorrect Data Record . . . . . . . . . . . . . . . . 24 109 3.6.6. Export of non-matching Template and Data Records . . . 24 110 3.6.7. Incorrect Set IDs . . . . . . . . . . . . . . . . . . 25 111 3.6.8. Re-using Template IDs . . . . . . . . . . . . . . . . 25 112 3.7. TLS connectivity and policy selection . . . . . . . . . . 29 113 3.7.1. TLS test setup . . . . . . . . . . . . . . . . . . . . 29 114 3.7.2. TLS over TCP connectivity test . . . . . . . . . . . . 30 115 3.7.3. DTLS over UDP connectivity test . . . . . . . . . . . 30 116 3.7.4. DTLS over PR-SCTP connectivity test . . . . . . . . . 30 117 3.7.5. TLS bidirectional authentication policy test . . . . . 31 118 3.7.6. Exporting Process Identity Mismatch TLS Policy test . 31 119 3.7.7. Collecting Process Identity Mismatch TLS Policy 120 test . . . . . . . . . . . . . . . . . . . . . . . . . 31 121 4. Security considerations . . . . . . . . . . . . . . . . . . . 33 122 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 34 123 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 35 124 7. Normative references . . . . . . . . . . . . . . . . . . . . . 36 125 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37 126 Intellectual Property and Copyright Statements . . . . . . . . . . 38 128 1. Introduction 130 An IPFIX implementation, whether in software, firmware, or hardware, 131 needs to be tested thoroughly in order to check its robustness, gain 132 confidence in the conformity to the IPFIX documents it is based on. 134 For a testable IPFIX software toolkit one needs at least one IPFIX 135 Exporting Process and one IPFIX Collecting Process. However when one 136 has for example only implemented a collector then it can be 137 complemented with a 3rd party exporter for these tests. 139 This document specifies guidelines for a series of tests that can be 140 run on the IPFIX Exporting Process and Collecting Process in order to 141 probe the conformity and robustness of the IPFIX protocol 142 implementations. 144 The tests listed here can form a valuable common basis for 145 implementers involved in interoperability testing when all of them 146 use these tests to check their own Exporting Process and Collecting 147 Process implementation first. 149 1.1. Document Scope 151 This document lists tests intended to be performed between an 152 implementation of an IPFIX Exporting Process and an IPFIX Collecting 153 Process. For some tests multiple instances of each of those 154 components (Observation Points, Metering Process, Exporting Process, 155 Collecting Process) are involved. The testing of those different 156 IPFIX components complicates the testing as usually one tests his 157 software agains an existing implementation, which is proven to be 158 compliant. In some cases, two unproven implementations of the 159 Exporting Process and Collecting Process must be tested against each 160 others. The tests range from basic transport connectivity to export 161 of Template and associated Data Records, high load on the Collecting 162 Process, and error condition situations. This document is not 163 intended as as replacement for formal testing software procedures 164 based e.g. on TTCN3 (http://www.ttcn-3.org/) but as a best-practices 165 approach to an informal testing of a developer's IPFIX 166 implementation. 168 1.2. IPFIX Documents Overview 170 The IPFIX protocol [RFC5101] provides network administrators with 171 access to IP Flow information. The architecture for the export of 172 measured IP Flow information out of an IPFIX Exporting Process to a 173 Collecting Process is defined in [I-D.ietf-ipfix-architecture], per 174 the requirements specified in [RFC3917]. 175 [I-D.ietf-ipfix-architecture] specifies how IPFIX data records and 176 Templates are carried via a congestion-aware transport protocol from 177 IPFIX Exporting Processes to IPFIX Collecting Process. IPFIX has a 178 formal description of IPFIX Information Elements, their name, type 179 and additional semantic information, as specified in [RFC5102]. 180 Finally [I-D.ietf-ipfix-as] describes what type of applications can 181 use the IPFIX protocol and how they can use the information provided. 182 It furthermore shows how the IPFIX framework relates to other 183 architectures and frameworks. 185 2. Terminology 187 IPFIX-specific terminology used in this document is defined in 188 Section 2 of [RFC5101]. As in [RFC5101] , these IPFIX-specific terms 189 have the first letter of a word capitalized when used in this 190 document. 192 3. Test Specifications 194 The tests described in this section MAY be performed using an IPFIX 195 Exporting Process on one host and an IPFIX Collecting Process on a 196 different host. The configuration of the Observation Point, Metering 197 Process, Exporting Process, and Collection Process SHOULD be recorded 198 for every test along with the test results. 200 The successful execution of all tests described in this section will 201 give the tester a high confidence that the tested implementation is 202 conformant with the IPFIX architecture and protocol. It does however 203 not provide a 100% comprehensive coverage or formal proof of 204 conformance. 206 3.1. Exporting Process / Collecting Process connectivity tests 208 This section lists the basic tests that are preconditions for the 209 more complex tests specified in later sections of this document. 211 3.1.1. Connectivity tests between Exporting Process and Collecting 212 Process 214 The tester must create one Exporting Process and one Collecting 215 Process, must configure the Exporting Process to export at least one 216 Template Set and associated Data Records to the Collecting Process, 217 and must cause the Exporting Process to initiate the export. 219 When the Exporting Process and Collecting Process are to be connected 220 by an SCTP transport, the tester must ensure that an SCTP association 221 is established. 223 When the Exporting Process and Collecting Process are to be connected 224 by an TCP transport, the tester must ensure that a TCP connection is 225 established. 227 The tester must ensure that the Transport Session parameters (IP 228 addresses and ports) are correct. 230 Note that specifying instructions and tools on how to ensure that a 231 Transport Session is correctly established and that the parameters 232 are correct is out of the scope of this document. 234 The tester must ensure that the Data Records are actually exported. 235 The transmitted data might be observed on-line with an appropriate 236 packet sniffing tool, such as Wireshark (www.wireshark.org). Such 237 tool is also a viable help to check if the initial connection (SCTP, 238 TCP) has been sucessfully established. 240 The tester must record which combinations of IPv4 and IPv6 241 transports, and UDP, SCTP, and TCP transmission protocols are 242 supported, and should perform the test for all the supported 243 combinations. 245 3.2. Template and Data Record tests 247 This section lists tests for checking the correct transmission of 248 IPFIX Template Sets and associated Data Sets. 250 3.2.1. Transmission of Template with fixed size Information Elements 252 The tester must create a Template with a few fixed-size Information 253 Elements where each data type specified in section 6.1 of [RFC5101] 254 (octet, unsigned16, unsigned32 ...) is used at least once, and cause 255 the Template and associated Data Records to be exported over all 256 applicable combinations of transports and protocols in Section 3.1. 258 The tester must ensure that the Template and associated Data Records 259 were correctly received and decoded by the Collecting Process. For 260 this process the use of verbose debugging output is suggested in 261 order to allow a detailed comparison with the sent (and therefore 262 expected) data. 264 3.2.2. Transmission of Template with variable length Information 265 Elements 267 The tester must create a Template with a mixture of fixed-sized and 268 variable length Information Elements, as specified in section 7 of 269 [RFC5101] and cause the Template and associated Data Records to be 270 exported over all applicable combinations of transports and protocols 271 in Section 3.1. 273 The tester must ensure that the Template contains at least: 275 o a single variable length Information Element 277 o a single variable length Information Element followed by a fixed 278 length Information Element 280 o a fixed length Information Element followed by a variable length 281 Information Element 283 o multiple variable length Information Elements 285 The tester must ensure that the Template and associated Data Records 286 were correctly received and decoded by the Collecting Process. 288 3.2.3. Set Padding 290 Section 3.3.1 of [RFC5101] specifies IPFIX Set alignment using 291 padding. 293 The tester must configure a packet generator to generate two Data 294 Sets with padding in between consisting of zero valued octets, as 295 shown in Figure 1. They must be exported to the Collecting Process, 296 which must correctly decode the Data Sets and all the Data Records. 298 +--------------------------------------------------+ 299 | Set Header #1 | 300 +--------------------------------------------------+ 301 | Data Record | 302 +--------------------------------------------------+ 303 | Data Record | 304 +--------------------------------------------------+ 305 ... 306 +--------------------------------------------------+ 307 | Data Record | 308 +--------------------------------------------------+ 309 | Padding with 0 valued octets | 310 +--------------------------------------------------+ 311 | Set Header #2 | 312 +--------------------------------------------------+ 313 | Data Record | 314 +--------------------------------------------------+ 316 Figure 1 318 3.2.4. Record Padding 320 The tester must configure a packet generator to generate a Template 321 that contains the padding Information Element (i.e. paddingOctets). 322 The Template and associated Data Records must be exported to the 323 Collecting Process, over all applicable combinations of transports 324 and protocols in Section 3.1. 326 The tester must repeat the test with various padding sizes, including 327 padding to boundaries other than 4 or 8 octets. 329 The tester must ensure the Collecting Process correctly interprets 330 case where the Data Records are so short that the padding is equal to 331 or longer than the length of the record, so the padding might 332 otherwise be interpreted as another record (e.g. 1 bytes TOS plus 3 333 bytes of padding). Refer to the specifications in section 3.3.1 of 334 [RFC5101]. Figure 2 depicts such a Template, while Figure 3 depicts 335 a Data Record conforming to that Template. 337 0 1 2 3 338 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | Set ID = 2 | Length = 16 octets | 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Template ID 256 | Field Count = 2 | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 344 |0| ipDiffServCodePoint = 195 | Field Length = 1 | 345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 346 |0| paddingOctets = 210 | Field Length = 3 | 347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 349 Figure 2 351 0 1 2 3 352 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | Set ID = 256 | Length = 64 | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | 1 | 0 | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 Figure 3 361 The tester must test fixed-size padding (e.g. 12 bytes of data plus 2 362 bytes of padding) and variable length padding (e.g. export a string 363 and a variable number of padding bytes afterwards to align the next 364 Information Element to a 4 byte boundary). 366 3.2.5. Template Withdrawal Message 368 IPFIX Template management and Template Withdrawal are specified in 369 chapter 8 of [RFC5101]. 371 3.2.5.1. Withdrawal of a previously sent Template 373 The tester must create an IPFIX Template and cause that Template to 374 be exported to an IPFIX Collector over a reliable transport. 376 The tester must check that the Template will be correctly received 377 and decoded by the Collecting Process. 379 The tester must cause the Exporting Process to send an IPFIX Template 380 Withdrawal Message to the Collector in respect of the Template. The 381 Template Withdrawal Message must be sent over the same Transport 382 Session as the Template. 384 The tester must ensure that the Template Withdrawal Message was 385 correctly received and decoded by the Collecting Process, and that 386 the previously sent Template was discarded by the Collecting Process. 388 3.2.5.2. Withdrawal of a previously withdrawn Template 390 The tester must create, export and withdraw an IPFIX Template as 391 described in Section 3.2.5.1. 393 The tester must cause the Exporting Process to send a second IPFIX 394 Template Withdrawal Message to the Collector in respect of the same 395 Template. The Template Withdrawal Message must be sent over the same 396 Transport Session as the Template. 398 The tester must ensure that the Collecting Process discards the IPFIX 399 Message and shuts down the SCTP association or closes the TCP 400 connection. The tester must check that the Collecting Process logged 401 the error. 403 3.2.5.3. Withdrawal of a previously unsent Template 405 The tester must cause the Exporting Process to send an IPFIX Template 406 Withdrawal Message to the Collector in respect of a Template which 407 has not yet been exported. The Template Withdrawal Message must be 408 sent over a reliable transport. 410 The tester must ensure that the Collecting Process discards the IPFIX 411 Message and shuts down the SCTP association or closes the TCP 412 connection. The tester must check that the Collecting Process logged 413 the error. 415 3.2.5.4. Withdrawing all Data Templates 417 The tester must create several IPFIX Templates and cause them to be 418 exported to an IPFIX Collector over a reliable transport. 420 The tester must ensure that the Templates were correctly received and 421 decoded by the Collecting Process. 423 The tester must cause the Exporting Process to send an IPFIX All Data 424 Templates Withdrawal Message to the Collector over the same Transport 425 Session as the Templates. 427 The tester must ensure that the All Data Templates Withdrawal Message 428 was correctly received and decoded by the Collecting Process, and 429 that all the previously sent Templates were discarded by the 430 Collecting Process. 432 3.2.5.5. Withdrawing all Option Templates 434 The tester must create several IPFIX Option Templates and cause them 435 to be exported to an IPFIX Collector over a reliable transport. 437 The tester must ensure that the Option Templates were correctly 438 received and decoded by the Collecting Process. 440 The tester must cause the Exporting Process to send an IPFIX All 441 Option Templates Withdrawal Message to the Collector over the same 442 Transport Session as the Templates. 444 The tester must ensure that the All Option Templates Withdrawal 445 Message was correctly received and decoded by the Collecting Process, 446 and that all the previously sent Option Templates were discarded by 447 the Collecting Process. 449 3.3. Information Element tests 451 This section lists the tests that cover the use of Information 452 Elements. 454 3.3.1. Enterprise-specific Information Elements 456 The tester must cause the export of a Template and associated Data 457 Record that makes use of Enterprise-specific Information Elements as 458 specified in section 3.2 of [RFC5101]. 460 The tester must ensure that the Template and associated Data Record 461 are correctly received and decoded by the Collecting Process, and 462 that Information Elements that are unknown to the Collecting Process 463 are not silently discarded. 465 3.3.2. Reduced Size Encoding of Information Elements 467 The tester must cause the export of a Template and associated Data 468 Record containing Information Elements using reduced-size encoding as 469 specified in section 6.2 of [RFC5101]. 471 The tester must ensure that in the case of Information Elements 472 transmitted using Reduced Size Encoding, the Collecting Process is 473 aware of the real size of each Information Element and not only the 474 reduced size used for its transmission. 476 3.3.3. Multiple instances of the same Information Element in one 477 Template 479 The tester must cause the export of a Template and associated Data 480 Record containing multiple instances of the same Information Element 481 consecutively. 483 The tester must ensure that the Collecting Process is able to parse 484 the IPFIX Message, and stores all values received for all the 485 Information Elements that appeared multiple times in the Template 486 definition. 488 The tester must ensure that the Collecting Process reports the 489 Information Elements in the same order as they were specified in the 490 Template Record, as specified in section 8 of [RFC5101]. 492 The tester must cause the export of another Template and associated 493 Data Record containing multiple instances of the same Information 494 Element with other Information Elements in between. 496 The tester must ensure that the Collecting Process is able to parse 497 the IPFIX Message, and stores all values received for all the 498 Information Elements that appeared multiple times in the Template 499 definition. 501 The tester must ensure that the Collecting Process reports the 502 Information Elements in the same order as they were specified in the 503 Template Record, as specified in section 8 of [RFC5101]. 505 3.4. Options Template tests 507 This section lists the tests that cover the correct transfer of IPFIX 508 Options Templates. 510 3.4.1. Using any Information Elements as Scope 512 Options Templates contain scope fields that give the context of the 513 reported Information Elements in the corresponding Data Records. 514 Scope fields are an Information Elements specified in [RFC5102]. 516 The tester SHOULD perform the export of Options Template Records 517 containing various different Information Elements of each of the 518 abstract data types specified in section 6.1 of [RFC5101] (octet, 519 unsigned16, unsigned32 ...) in their scope fields, and must export a 520 Data Record using each Template. 522 The tester must check and if necessary improve the software so that 523 the Templates and the associated Data Records are correctly received 524 and decoded by the Collecting Process. 526 The tester must ensure that the Collecting Process accepts 527 Information Elements in the scope field other than IPFIX Information 528 Elements which have been recorded by IANA. 530 The tester must ensure that the Collecting Process accepts an 531 Enterprise specific Information Element in the scope field. 533 As specified in section 3.4.2.1 of [RFC5101], the Scope Field Count 534 must NOT be zero. The tester must cause the export of an Options 535 Template Record containing a Scope Field Count of zero. 537 The tester must ensure that the Collecting Process shuts down the 538 SCTP association and discards the IPFIX Message. The tester should 539 check that the Collecting Process logged the error. 541 3.4.2. Using multiple Scopes 543 The tester must cause the export of an Options Template Record 544 containing multiple scope fields, and a Data Record conforming to 545 that Template. 547 The tester must ensure that the Collecting Process reports the 548 Information Elements in the same order as they were specified in the 549 Options Template Record, as specified in section 3.4.2.1 of 550 [RFC5101]. 552 3.4.3. Metering Process Statistics Option Template 554 The tester must create a Metering Process Statistics Option Templates 555 as specified in section 4.1 of [RFC5101], and cause the Option 556 Template and an associated Data Record to be exported. 558 The tester must ensure that the Collecting Process correctly receives 559 and decodes the Option Template and associated Data Record. 561 The tester must also check that the optional meteringProcessId Scope 562 Field is supported by the Collecting Process implementation. 564 If several Metering Processes are available on the Exporter 565 Observation Domain, the tester must create a Metering Process 566 Statistics Option Template containing multiple scopes and an 567 associated Data Record, must cause the Option Template and associated 568 Data Record to be exported, and must ensure that the Collecting 569 Process correctly receives and decodes the Option Template and 570 associated Data Record. 572 3.4.4. Metering Process Reliability Statistics Option Template 574 The tester must create a Metering Process Reliability Statistics 575 Option Template as specified in section 4.2 of [RFC5101], and must 576 cause the Option Template and an associated Data Record to be 577 exported. 579 The tester must ensure that the Collecting Process correctly receives 580 and decodes the Option Template and associated Data Record. 582 The tester must also check that the optional meteringProcessId Scope 583 Field is supported by the Collecting Process implementation. 585 3.4.5. Exporting Process Reliability Statistics Option Template 587 The tester must create an Exporting Process Reliability Statistics 588 Option Template as specified in section 4.3 of [RFC5101], and must 589 cause the Option Template and an associated Data Record to be 590 exported. 592 The tester must ensure that the Collecting Process correctly receives 593 and decodes the Option Template and associated Data Record. 595 3.4.6. Flow Keys Option Template 597 The tester must create a Flow Keys Option Template, as specified in 598 section 4.4 of [RFC5101], where the templateId refers to an existing 599 Template, and must cause the Option Template and an associated Data 600 Record to be exported. 602 The tester must ensure that the Collecting Process correctly receives 603 and decodes the Option Template and associated Data Record, and that 604 the Collecting Process associates the Flow Keys with the right Data 605 Record Information Elements. 607 The tester must create another Flow Keys Data Record to be exported 608 where the associated templateId has insufficient fields to satisfy 609 the flowKeyIndicator. 611 The tester must ensure that the Collecting Process discards the IPFIX 612 Message and shuts down the SCTP association or closes the TCP 613 connection. The tester must check that the Collecting Process logged 614 the error. 616 The tester must create another Flow Keys Option Template, where the 617 templateId refers to a non-existing Template, and must cause the 618 Option Template and an associated Data Record to be exported. 620 The tester must ensure that the Collecting Process shuts down the 621 SCTP association and discards the IPFIX Message. The tester should 622 check that the Collecting Process logged the error. 624 3.5. Stress/Load tests 626 Stress tests are used to check correct behavior and robustness of an 627 IPFIX Collecting Process implementation when a number of Data Records 628 arrive very quickly. This is especially important when IPFIX over 629 UDP is used, since in that case a slow Collecting Process cannot 630 block the IPFIX Exporting Processes from exporting, since UDP is not 631 congestion aware. 633 The tests may be dependent upon the hardware and transports 634 technology in use. Therefore the tests may need to be scaled up or 635 down to meet the needs of the particular implementation. However, 636 the implementer must ensure that the implementation is stable under 637 excessive traffic conditions, for whatever definition of "excessive" 638 applies at their intended installation. 640 The implementer must ensure the correct operation of the Exporting 641 Process and/or Collecting Process when the Collecting Process is 642 incapable of processing records at the rate that they are received. 644 3.5.1. Large number of Records for one Template 646 The tester should export many Data Records to the Collecting Process, 647 all conforming to the same Template, in order to put the Collecting 648 Process under stress. 650 Depending on what that the Collecting Process does (save to file, 651 store to database, analyze the data) the Collecting Process may use 652 up a lot of memory. 654 The tester must ensure that, if the Collecting Process runs out of 655 memory, it shuts down the specific SCTP association or closes the TCP 656 connection but remains available to receive data on other open 657 Transport Sessions and also stays available for future Transport 658 Sessions. 660 3.5.2. Excessive rate of incoming Data Records 662 The tester should perform a test where Data Records are exported to 663 the Collecting Process with an increasing export rate. 665 For TCP or SCTP in reliable mode, the tester must ensure that export 666 stalls the Exporting Process once the Collecting Process becomes 667 fully loaded. 669 For UDP export, the tester must ensure that the Collecting Process 670 drops records as it becomes overloaded, and must check that the 671 Collecting Process logs a warning. 673 3.5.3. Large Templates 675 The tester must create Templates with the maximum possible number of 676 Information Elements, and cause these to be exported to the 677 Collecting Process. 679 The total length field in the IP header is 16 bits, allowing a length 680 up to 65535 octets. 20 octets are required for a minimal IPv4 header, 681 16 octets for the IPFIX header, 4 octets for the Set header and 4 682 octets for the Template header, so the Template definition may be up 683 to (65535 - 20 - 16 - 4 - 4) = 65491 octets long. The minimum IPFIX 684 Information Element specification requires 4 octets: two for the 685 Information Element ID and two for the field length. Therefore, the 686 maximum number of IPFIX Information Elements in a single Template is 687 65491 / 4 = 16372. With this many Information Elements, the Template 688 will be 65488 octets long while the entire packet will be 65532 689 octets long. 691 The tester must create Data Records conforming to this Template, and 692 cause them to be exported. Note that, for the implementation, the 693 associated Data Records might be smaller or larger than the Template 694 Records depending on the length of the Information Elements defined 695 by the Template and on the presence of variable length Information 696 Elements. 698 The tester must ensure that the Collecting Process correctly receives 699 and decodes the Template and associated Data Records. 701 3.5.4. Many new Templates within Data Template timeout interval 703 The tester should create a large number of different Templates and 704 cause them to be exported to the Collecting Process to stress test 705 the Collecting Process's memory consumption. 707 The tester must ensure that the Collecting Process gracefully 708 discards Templates if it's running out of memory resources, and 709 should check that warnings are logged. 711 3.5.5. Multiple Exporting Processes exporting to one Collecting Process 713 The tester must configure multiple Exporting Processes to export 714 Templates and associated Data Records to the same Collecting Process 715 at the same time. 717 The tester must ensure that all the Templates and associated Data 718 Records are correctly received and decoded at the Collecting Process, 719 and that no Exporting Process stalls or disconnects completely unless 720 the Collecting Process runs out of memory. 722 3.5.6. Export from one Exporting Process to multiple Collecting 723 Processes 725 If the Exporting Process supports multiple simultaneous export 726 destinations, the tester must configure the Exporting Process to 727 export Data Records in parallel to different Collecting Processes. 729 The tester must configure the use of a mixture of simple and complex 730 Templates and ensure they are all correctly received and decoded by 731 all the Collecting Processes. 733 3.6. Error handling 735 This section lists and describes a number of problems that might 736 occur in either the network or data transmission or related to wrong 737 information encoding, and which the IPFIX Exporting Process and 738 Collecting Process must be capable of handling in a graceful way. It 739 is intended to test the robustness and fault tolerance of the IPFIX 740 Processes. 742 3.6.1. Temporary network disconnect 744 The IPFIX Exporting Process and Collecting Process behavior must be 745 checked upon interruptions of data transmission due to network 746 failures (whether physical or logical, e.g. defective routing). 748 The tester must configure continuous export over all applicable 749 combinations of transports and protocols in Section 3.1 in turn. 751 For SCTP-based associations and TCP-based connections, the tester 752 should create a short disconnect between the Exporting Process and 753 the Collecting Process (e.g. by momentarily interrupting the network 754 connection) and must ensure that export continues after the 755 connection is repaired. The tester must then create a longer 756 disconnection between the Exporting Process and Collecting Process, 757 and must ensure that export continues after the connection is 758 repaired. 760 For UDP-based data export there is no noticeable connection loss, but 761 data received with non-consecutive sequence numbers indicates data 762 loss. Refer to the sequence number specifications in section 3.1 of 763 [RFC5101]. The tester should create a short disconnect between the 764 Exporting Process and Collecting Process, and must ensure that this 765 is recognized and reported by the Collecting Process per section 3.1 766 of [RFC5101]. 768 3.6.2. Exporting Process termination and restart during data 769 transmission 771 An IPFIX Collecting Process might be confronted with a faulty 772 Exporting Process implementation that suddenly crashes, dropping any 773 open connections. The Exporting Process may be restarted again soon 774 after the crash. 776 Such an event will only be visible to the Collecting Process when the 777 IPFIX Messages (Templates and associated Data Records) are carried 778 over TCP or SCTP. For export via UDP no such test is available due 779 to the connection-less nature of the transport. 781 The tester must configure continuous export over all applicable 782 combinations of SCTP and TCP transports and protocols in Section 3.1 783 in turn. For each combination, the tester must establish export, 784 then kill the active Exporting Process. 786 The tester must ensure that the associated Collecting Process shuts 787 down SCTP associations and closes TCP connections associated with 788 that export after a suitable timeout period. 790 The tester must Ensure that the Collecting Process discards the 791 Template(s) received on the killed transport session. 793 The tester must restart the Exporting Process again, and must ensure 794 that the Exporting Process exports the Templates again. 796 The tester must ensure that the Collecting Process receives and 797 accepts both Templates and associated Data Records from the new 798 Exporting Process running at the same source host. 800 3.6.3. Collecting Process termination and restart during data 801 transmission 803 An IPFIX Exporting Process might be confronted with a faulty 804 Collecting Process implementation that suddenly crashes, dropping any 805 open Transport Sessions. The Collecting Process may be restarted 806 again soon after the crash. 808 The tester must set up an Exporting Process and Collecting Process 809 and cause IPFIX Templates and associated Data Records to be exported 810 over all applicable combinations of SCTP and TCP transports and 811 protocols in Section 3.1 in turn. Via UDP the restart of the 812 Collecting Process will be invisible to the Exporting Process and 813 have no effect. 815 The tester must terminate the Collecting Process while the export is 816 in progress, and must ensure that the Exporting Process shuts down 817 SCTP associations and closes TCP connections associated with that 818 Collecting Process. 820 The tester must restart the Collecting Process and ensure that the 821 Exporting Process connects to the Collecting Process again and that 822 it exports the IPFIX Templates again. 824 The tester must ensure that the new Collecting Process correctly 825 receives and decodes the IPFIX Data Records again. 827 3.6.4. Incorrect Template Records and Options Template Records 829 These tests verify the Collecting Process's operation when it 830 receives a Template Record or Options Template Record with an invalid 831 message length. Refer to the specifications in section 3.4.1 and 832 3.4.2 of [RFC5101], respectively. 834 Consider the example Template Record shown in Figure 4. This 835 Template record is missing one Information Element ID and one 836 Information Element length field. There is insufficient data in the 837 Set for the specified Set length, and the overall record is four 838 octets too short for the specified total length. 840 0 1 2 3 841 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 842 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 843 | Version = 10 | Total Length = 32 | 844 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 845 | Export Time = 1155202151 | 846 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 847 | Sequence Number = 0x12345678 | 848 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 849 | Observation Domain ID = 0x33334444 | 850 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 851 | Set ID = 2 | Set Length = 12 | 852 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 853 | Template ID = 257 | Field Count = 2 | 854 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 855 |0| Info Element Identifier = 8 | Field Length = 4 | 856 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 858 Figure 4 860 The tester must create and cause the Exporting Process to export the 861 following IPFIX Templates, and must ensure the correct Collecting 862 Process behaviour for each of the transports and protocols in 863 Section 3.1. 865 o For SCTP transport, ensure that the Collecting Process discards 866 the IPFIX Message and shuts down the SCTP association, and check 867 that it logs the error. 869 o For TCP transport, ensure that the Collecting Process discards the 870 IPFIX Message, closes the TCP connection, and check that it logs 871 the error. Note that since TCP is a streaming (rather than 872 record-based) protocol, template length errors cannot be detected 873 and may cause framing to be lost, potentially rendering the 874 remainder of the IPFIX stream unintelligible. Therefore some of 875 these tests are not applicable for TCP transport, as indicated. 877 o For UDP transport, ensure that the Collecting Process discards the 878 IPFIX Message, and check that it logs the error. 880 (a) The tester must create the IPFIX Template shown in Figure 4 and 881 cause the Exporting Process to export it. The tester must ensure 882 that the Collecting Process's behaviour is as specified above for 883 each transport type except for TCP, for which this test is not 884 applicable. 886 (b) Consider the IPFIX Template shown in Figure 4, modified with 887 total length = 28. In this case the IPFIX Message has to be rejected 888 because field count = 2 and there is no second Information Element 889 record present in the Set. The available data is exhausted after 890 reading the first Information Element record. 892 The tester must create the modified Template and cause the Exporting 893 Process to export it. The tester must ensure that the Collecting 894 Process's behaviour is as specified above for each transport type. 896 (c) Consider the IPFIX Template shown in Figure 4, modified with 897 total length = 26. In this case the IPFIX Message has to be rejected 898 because the IPFIX Message length is too short. After the first 899 Information Element the IPFIX Message data is exhausted according to 900 the total length information. 902 The tester must create the modified Template and cause the Exporting 903 Process to export it. The tester must ensure that the Collecting 904 Process's behaviour is as specified above for each transport type. 905 The TCP connection used for this test must be manually reset after 906 the test. 908 (d) Consider the IPFIX Template shown in Figure 4, modified with 909 field count = 1. In this case the IPFIX Message must be rejected 910 because total length is too large and does not match the amount of 911 data available. 913 The tester must create the modified Template and cause the Exporting 914 Process to export it. The tester must ensure that the Collecting 915 Process's behaviour is as specified above for each transport type. 916 This test is not applicable for TCP transport. 918 (e) Finally when the IPFIX Template shown in Figure 4 is extended 919 with the data shown in Figure 5, it becomes a correct IPFIX Template. 921 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 922 |0| Info Element Identifier = 12| Field Length = 4 | 923 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 925 Figure 5 927 The tester must create the modified Template and cause the Exporting 928 Process to export it. The tester must ensure that the Template is 929 accepted by the Collecting Process for each transport type. 931 The example Template record shown in Figure 6 must be dropped because 932 the scope field count = 0. 934 0 1 2 3 935 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 936 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 937 | Version = 10 | Total Length = 30 | 938 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 939 | Export Time = 1155202151 | 940 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 941 | Sequence Number = 0x12345678 | 942 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 943 | Observation Domain ID = 0x33334444 | 944 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 945 | Set ID = 3 | Set Length = 14 | 946 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 947 | Template ID = 257 | Field Count = 1 | 948 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 949 | Scope Field Count = 0 |0| Info Element Identifier = 8 | 950 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 951 | Field Length = 4 | 952 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 954 Figure 6 956 The tester must create the Template shown in Figure 6 and cause the 957 Exporting Process to export it. The tester must ensure that the 958 IPFIX Message is discarded by the Collecting Process for each 959 transport type, and must check that the Collecting Process logs an 960 error. The tester must ensure that the Collecting Process also shuts 961 down the SCTP association or closes the TCP connection. 963 The tester must create an IPFIX Options Template where the field 964 count is less than the scope field count, and cause the Exporting 965 Process to export it. Use the above IPFIX Options Template with 966 scope field count = 2. The tester must ensure that the Template is 967 discarded by the Collecting Process for each transport type, and must 968 check that the Collecting Process logs an error. The tester must 969 ensure that the Collecting Process shuts down the SCTP association or 970 closes the TCP connection. 972 3.6.5. Incorrect Data Record 974 The tester must create the following invalid Data Records and cause 975 them to be exported to the Collecting Process over all applicable 976 combinations of transports and protocols in Section 3.1. 978 o IPFIX Message too short. 980 o Illegal use of reduced size encoding. 982 o Invalid length specification in case of variable length 983 Information Elements. 985 The tester must ensure that the Collecting Process discards the IPFIX 986 Message and shuts down the SCTP association or closes the TCP 987 connection. 989 3.6.6. Export of non-matching Template and Data Records 991 The tester must create Templates and associated Data Records that 992 fail to conform to those Templates in the following ways: 994 o too few Information Elements in Data Record 996 o too many Information Elements in Data Record 998 The tester must cause the Templates and associated Data Records to be 999 exported to the Collecting Process over all applicable combinations 1000 of transports and protocols in Section 3.1. 1002 The tester must ensure that the Collecting Process discards the IPFIX 1003 Message and shuts down the SCTP association or closes the TCP 1004 connection. 1006 3.6.7. Incorrect Set IDs 1008 The tester must create Template Sets, Option Template Sets, and 1009 associated Data Sets with an incorrect Set ID, and cause these to be 1010 exported to the Collecting Process over all applicable combinations 1011 of transports and protocols in Section 3.1. 1013 Per [RFC5101] section 3.3.2, only the Set ID values 2 and 3 denote 1014 valid Sets. 1016 The tester must ensure that the Collecting Process discards the IPFIX 1017 Message and shuts down the SCTP association or closes the TCP 1018 connection. 1020 3.6.8. Re-using Template IDs 1022 3.6.8.1. Using SCTP transport. 1024 Refer to section 9 of [RFC5101] for the Collecting Process's SCTP 1025 Template management specifications. 1027 The tester must create an IPFIX Template and cause it to be exported 1028 to a Collecting Process over SCTP transport. 1030 The tester must ensure that the Template was correctly received and 1031 decoded by the Collecting Process. 1033 The tester must cause the same Template to be exported to the same 1034 Collecting Process over the same SCTP association, and must ensure 1035 that the Collecting Process resets the SCTP association and discards 1036 the IPFIX Message. 1038 The tester must create another IPFIX template and cause it to be 1039 exported to the Collecting Process over SCTP transport. 1041 The tester must ensure that the Template was correctly received and 1042 decoded by the Collecting Process. 1044 The tester must modify the Template contents while retaining the same 1045 Template ID. 1047 The tester must cause the modified Template to be exported to the 1048 same Collecting Process over the SCTP same association, and must 1049 ensure that the Collecting Process resets the SCTP association and 1050 discards the IPFIX Message. 1052 The tester must check that an error was logged. 1054 The tester must create another IPFIX Template and cause it to be 1055 exported to the Collecting Process over SCTP transport. 1057 The tester must ensure that the Template was correctly received and 1058 decoded by the Collecting Process. 1060 The tester must cause a Template Withdrawal Message for the Template 1061 to be sent to the Collecting Process over the same SCTP association, 1062 and must ensure that the Template has been discarded by the 1063 Collecting Process. 1065 The tester must create Data Records conforming to the Template and 1066 cause them to be exported to the Collecting Process over the same 1067 SCTP association. 1069 The tester must ensure that the Collecting Process discards the Data 1070 Records and logs a warning. 1072 The tester must cause the same Template to be exported to the same 1073 Collecting Process over the same SCTP association. 1075 The tester must ensure that the Template was correctly received and 1076 decoded by the Collecting Process. 1078 The tester must create Data Records conforming to the Template and 1079 cause them to be exported to the Collecting Process over the same 1080 SCTP association. 1082 The tester must ensure that the Collecting Process correctly receives 1083 and decodes the Data Records. 1085 3.6.8.2. Using TCP transport. 1087 Refer to section 10.4.3 of [RFC5101] for the Collecting Process's TCP 1088 Template management specifications. 1090 The tester must create an IPFIX Template and cause it to be exported 1091 to a Collecting Process over TCP transport. 1093 The tester must ensure that the Template was correctly received and 1094 decoded by the Collecting Process. 1096 The tester must cause the same Template to be exported to the same 1097 Collecting Process over the same TCP connection, and must ensure that 1098 the Collecting Process resets the TCP connection and discards the 1099 IPFIX Message. 1101 The tester must create an IPFIX Template and cause it to be exported 1102 to the Collecting Process over TCP transport. 1104 The tester must ensure that the Template was correctly received and 1105 decoded by the Collecting Process. 1107 The tester must modify the Template contents while retaining the same 1108 Template ID. 1110 The tester must cause the modified Template to be exported to the 1111 same Collecting Process over the same TCP connection, and must ensure 1112 that the Collecting Process resets the TCP connection and discards 1113 the IPFIX Message. 1115 The tester must check that an error was logged. 1117 The tester must create another IPFIX Template and cause it to be 1118 exported to the Collecting Process over TCP transport. 1120 The tester must ensure that the Template was correctly received and 1121 decoded by the Collecting Process. 1123 The tester must cause a Template Withdrawal Message for the Template 1124 to be sent to the Collecting Process over the same TCP connection, 1125 and must ensure that the Template has been discarded by the 1126 Collecting Process. 1128 The tester must create Data Records conforming to the same Template 1129 and cause them to be exported to the same Collecting Process over the 1130 same TCP connection. 1132 The tester must ensure that the Collecting Process discards the Data 1133 Records and logs a warning. 1135 The tester must cause the same Template to be exported to the same 1136 Collecting Process over the same TCP connection. 1138 The tester must ensure that the Template was correctly received and 1139 decoded by the Collecting Process. 1141 The tester must create Data Records conforming to the Template and 1142 cause them to be exported to the same Collecting Process over the 1143 same TCP connection. 1145 The tester must ensure that the Collecting Process correctly receives 1146 and decodes the Data Records. 1148 3.6.8.3. Using UDP transport. 1150 Refer to sections 10.3.6 and 10.3.7 of [RFC5101] for the UDP Template 1151 management specifications. 1153 3.6.8.3.1. Re-using the same Template ID inside the Template lifetime 1155 The tester must create an IPFIX Template and cause it to be exported 1156 to a Collecting Process over UDP transport. 1158 The tester must ensure that the Template was correctly received and 1159 decoded by the Collecting Process. 1161 Before the Template lifetime expires on the Collecting Process, the 1162 tester must cause the same Template to be exported over the same UDP 1163 connection to the same Collecting Process and must ensure that the 1164 Collecting Process accepts the Template. 1166 The tester must create a different Template with the same ID and must 1167 cause this to be exported to the same Collecting Process over the 1168 same UDP connection before the original Template lifetime expires. 1170 The tester must ensure that the Collecting Process does not reject 1171 the new Template. 1173 The tester must create Data Records conforming to the new Template 1174 and cause them to be exported to the same Collecting Process over the 1175 same UDP connection. 1177 The tester must ensure that the Collecting Process correctly receives 1178 and decodes the Data Records. 1180 3.6.8.3.2. Re-using the same Template ID after the Template lifetime 1182 The tester must create an IPFIX Template and cause it to be exported 1183 to a Collecting Process over UDP transport. 1185 The tester must ensure that the Template was correctly received and 1186 decoded by the Collecting Process. 1188 The tester must allow the received Template lifetime to expire on the 1189 Collecting Process. 1191 The tester must create Data Records conforming to the Template and 1192 cause them to be exported to the same Collecting Process over the 1193 same UDP connection. 1195 The tester must ensure that the Collecting Process discards the Data 1196 Records. 1198 The tester must check that the Collecting Process logs a warning. 1200 The tester must cause the same Template to be exported to the same 1201 Collecting Process over the same UDP connection. 1203 The tester must ensure that the Template was correctly received and 1204 decoded by the Collecting Process. 1206 The tester must create Data Records conforming to the Template and 1207 cause them to be exported to the same Collecting Process over the 1208 same UDP connection. 1210 The tester must ensure that the Collecting Process correctly receives 1211 and decodes the Data Records. 1213 3.7. TLS connectivity and policy selection 1215 This section lists tests that verify connectivity over TLS and DTLS, 1216 and proper selection of TLS policies as specified in the IPFIX 1217 Protocol. It specifically does NOT purport to test the security of 1218 IPFIX Message transport over TLS or DTLS, as evaluating the security 1219 of a transport session is really a test of the TLS or DTLS 1220 implementation over which a given IPFIX implementation runs, and as 1221 such is out of scope for this document. 1223 Refer to section 11 of [RFC5101] for the security specifications. 1225 3.7.1. TLS test setup 1227 Setting up for TLS connectivity and policy testing requires the 1228 creation of appropriate X.509 certificates and private keys for a 1229 test environment, and the configuration of a DNS server to answer 1230 with consistent information for the hosts used in the test. 1232 The tester must configure the following certificates: 1234 1. A Certificate Authority (CA) certificate and associated 1235 private key for signing the following certificates. 1237 2. One certificate and associated private key, with a CN (Common 1238 Name) or subjectAltName extension of type dNSName containing the 1239 fully qualified domain name of the host, signed by the CA 1240 certificate in 1, for each IPFIX Exporting Process in the test. 1242 3. One certificate and associated private key, with a CN (common 1243 name) or subjectAltName extension of type dNSName containing the 1244 fully qualified domain name of the host, signed by the CA 1245 certificate in 1, for each IPFIX Collecting Process in the test. 1247 The tester must configure consistent forward (A, AAAA) and reverse 1248 (PTR) DNS records for each host in the test on a DNS server used by 1249 the hosts for name resolution. 1251 The tester must ensure that the Exporting Process and Collecting 1252 Process are on different hosts. 1254 3.7.2. TLS over TCP connectivity test 1256 The tester must set up certificates and DNS as in Section 3.7.1. 1258 The tester must configure one Exporting Process and one Collecting 1259 Process with their appropriate certificates to transfer IPFIX 1260 Messages over TLS over TCP. 1262 The tester must create an IPFIX Template and associated Data Record, 1263 and cause them to be exported over the TCP connection. 1265 The tester must ensure that a TCP connection and a TLS connection 1266 were established, must ensure that data was exchanged, and must 1267 ensure that the data received at the Collecting Process is correct. 1269 3.7.3. DTLS over UDP connectivity test 1271 The tester must set up certificates and DNS as in Section 3.7.1. 1273 The tester must configure one Exporting Process and one Collecting 1274 Process with their appropriate certificates to transfer IPFIX 1275 Messages over DTLS over UDP. 1277 The tester must create an IPFIX Template and associated Data Record, 1278 and cause them to be exported over the UDP connection. 1280 The tester must ensure that UDP packets were sent and a DTLS 1281 connection was established, must ensure that data was exchanged, and 1282 must ensure that the data received at the Collecting Process is 1283 correct. 1285 3.7.4. DTLS over PR-SCTP connectivity test 1287 The tester must set up certificates and DNS as in Section 3.7.1. 1289 The tester must configure one Exporting Process and one Collecting 1290 Process with their appropriate certificates to transfer IPFIX 1291 Messages over DTLS over PR-SCTP. 1293 The tester must create an IPFIX Template and associated Data Record, 1294 and cause them to be exported over the SCTP association. 1296 The tester must ensure that an SCTP association and a DTLS connection 1297 were established, must ensure that data was exchanged, and must 1298 ensure that the data received at the Collecting Process is correct. 1300 3.7.5. TLS bidirectional authentication policy test 1302 This is an optional test for Collecting Processes only; it requires 1303 the modification of an Exporting Process to NOT present a 1304 certificate. 1306 The tester must modify an Exporting Process to NOT present a 1307 certificate. 1309 The tester must perform the connectivity tests in Section 3.7.2, 1310 Section 3.7.3, and Section 3.7.4. 1312 The tester must ensure that the Collecting Process rejects the TLS or 1313 DTLS connection establishment. 1315 3.7.6. Exporting Process Identity Mismatch TLS Policy test 1317 The tester must set up certificates and DNS as in Section 3.7.1. 1319 The tester must use a certificate for the Exporting Process that does 1320 NOT match the fully qualified domain name of the host on which the 1321 Exporting Process runs. 1323 The tester must Perform the connectivity tests in Section 3.7.2, 1324 Section 3.7.3, and Section 3.7.4. 1326 The tester must ensure that the Collecting Process rejects the TLS or 1327 DTLS connection establishment. 1329 3.7.7. Collecting Process Identity Mismatch TLS Policy test 1331 The tester must set up certificates and DNS as in Section 3.7.1. 1333 The tester must use a certificate for the Collecting Process that 1334 does NOT match the fully qualified domain name of the host on which 1335 the Collecting Process runs. 1337 The tester must perform the connectivity tests in Section 3.7.2, 1338 Section 3.7.3, and Section 3.7.4. 1340 The tester must ensure that the Exporting Process rejects the TLS or 1341 DTLS connection establishment. 1343 4. Security considerations 1345 This memo raises no security issues. 1347 5. IANA considerations 1349 This memo raises no IANA considerations. 1351 6. Acknowledgements 1353 The authors wish to thank Brian Trammell for contributing the initial 1354 text for Section 3.7. 1356 7. Normative references 1358 [I-D.ietf-ipfix-architecture] 1359 Sadasivan, G., "Architecture for IP Flow Information 1360 Export", draft-ietf-ipfix-architecture-12 (work in 1361 progress), September 2006. 1363 [I-D.ietf-ipfix-as] 1364 Zseby, T., "IPFIX Applicability", draft-ietf-ipfix-as-12 1365 (work in progress), July 2007. 1367 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1368 Requirement Levels", BCP 14, RFC 2119, March 1997. 1370 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 1371 "Requirements for IP Flow Information Export (IPFIX)", 1372 RFC 3917, October 2004. 1374 [RFC5101] Claise, B., "Specification of the IP Flow Information 1375 Export (IPFIX) Protocol for the Exchange of IP Traffic 1376 Flow Information", RFC 5101, January 2008. 1378 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 1379 Meyer, "Information Model for IP Flow Information Export", 1380 RFC 5102, January 2008. 1382 Authors' Addresses 1384 Carsten Schmoll 1385 Fraunhofer FOKUS 1386 Kaiserin-Augusta-Allee 31 1387 Berlin D-10589 1388 Germany 1390 Phone: +49 30 3463 7136 1391 Email: carsten.schmoll@fokus.fraunhofer.de 1392 URI: http://www.fokus.fraunhofer.de 1394 Paul Aitken 1395 Cisco Systems 1396 96 Commercial Quay 1397 Edinburgh EH6 6LX 1398 Scotland 1400 Phone: +44 131 561 3616 1401 Email: paitken@cisco.com 1402 URI: http://www.cisco.com 1404 Benoit Claise 1405 Cisco Systems 1406 De Kleetlaan 6a b1 1407 1831 Diegem 1408 Belgium 1410 Phone: +32 2 704 5622 1411 Email: bclaise@cisco.com 1412 URI: http://www.cisco.com 1414 Full Copyright Statement 1416 Copyright (C) The IETF Trust (2008). 1418 This document is subject to the rights, licenses and restrictions 1419 contained in BCP 78, and except as set forth therein, the authors 1420 retain all their rights. 1422 This document and the information contained herein are provided on an 1423 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1424 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1425 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1426 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1427 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1428 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1430 Intellectual Property 1432 The IETF takes no position regarding the validity or scope of any 1433 Intellectual Property Rights or other rights that might be claimed to 1434 pertain to the implementation or use of the technology described in 1435 this document or the extent to which any license under such rights 1436 might or might not be available; nor does it represent that it has 1437 made any independent effort to identify any such rights. Information 1438 on the procedures with respect to rights in RFC documents can be 1439 found in BCP 78 and BCP 79. 1441 Copies of IPR disclosures made to the IETF Secretariat and any 1442 assurances of licenses to be made available, or the result of an 1443 attempt made to obtain a general license or permission for the use of 1444 such proprietary rights by implementers or users of this 1445 specification can be obtained from the IETF on-line IPR repository at 1446 http://www.ietf.org/ipr. 1448 The IETF invites any interested party to bring to its attention any 1449 copyrights, patents or patent applications, or other proprietary 1450 rights that may cover technology that may be required to implement 1451 this standard. Please address the information to the IETF at 1452 ietf-ipr@ietf.org.