==============================

Minutes of the IPFIX session at IETF 68

Prague Tuesday March 20 at 1740-1950

Taken by Rolf Wolter

==============================

 

Session Summary

The IPFIX protocol and architecture I-Ds have entered the RFC editor queue, the IPFIX info model is close to passing the IESG review and the IPFIX applicability statement passed IETF last call. Since the last meeting three further WG documents (reducing redundancy in IPFIX records, reporting bi-directional flows, implementation guidelines) have passed working group last call and all will have been submitted to the IESG for publication as RFC by the end of March. The two remaining documents (IPFIX MIB, IPFIX testing are progressing and are expected to pass working group last call until the next meeting. At the next meeting potential candidates for new IPFIX work items will be discussed. Four of them were briefly introduced at the end of this session.

 

Chairs:

Nevil Brownlee  <n.brownlee@auckland.ac.nz>

Juergen Quittek <quittek@netlab.nec.de>

 

AGENDA:

 

1. Agenda review WG Status

 

2. Documents from the old charter (Juergen)

   - draft-ietf-ipfix-architecture-12.txt

   - draft-ietf-ipfix-protocol-24.txt

Both documents are in the editors queue

   - draft-ietf-ipfix-info-15.txt

Passed IESG review, one issue to be solved (some time stamps details haven't been defined, leap seconds and be clear about the starting date). Requires changes to protocol

   - draft-ietf-ipfix-as-11.txt

Went into last call, some comments received, ready for IESG last call. References to PSAMP might cause extra delay

 

3. Drafts from the current charter

   a) Reducing Redundancy (Elisa Boschi)

      - draft-ietf-ipfix-reducing-redundancy-02.txt

WG last call started in December, revised version included all comments, currently under IESG review. Main change in the structure, new section 3 (specification for bandwidth saving information export) added and new section 7 (cascading common properties). Minor changes, such as aligning with the ipfix-proto and editorial changes, plus 3 examples added. Lots of feedback received on the mailing list.

 

   b) Implementation Guidelines (Elisa Boschi)

      - draft-ietf-ipfix-implementation-guidelines-02.txt

In WG last call since last week, version 03 will be published after the meeting. Editorial changes applied and security guidelines modified, based on 3rd interop event. Also improved SCTP section, including guidelines how to use streams, partial reliability and in-order delivery and some clarifications about unreliable. Last call is closed, feedback still welcome. More details are available at http://ants.fokus.fraunhofer.de/ipfix/interop06/

 

   c) Bidirectional Flow Export (Brian Trammell)

      - draft-ietf-ipfix-biflow-03.txt

Bidirectional flows can be used for varies cases. Each bidirectional flow is represented with a single record. Forward/reverse direction definition depends on application. Private enterprise number (PEN) used to represent the reverse information model elements. Recommended to reserve a bit of the IE number. Version 03 was sent to IANA in February, response was ok. IANA will assign PEN at review time. Minor changes between version 01, 02, 03. Last call concerns addressed and now in IESG submission.

Q&A:

Benoit: some last comments posted to the list yesterday, need more clarifications.

Juergen: next step is IETF last call

Paul: PEN seems to be a random number – can we have something meaningful?

Brian: the assignment is done by an automated tool, so this is not an easy task, worth taking a look

Emile: question about the Enterprise bit, does this impact the protocol?

Brian: this causes no issues

 

   d) IPFIX Testing (Paul Aitken)

      - draft-ietf-ipfix-testing-00.txt

Version 01 will be published after this week, aim is to go for last WG call asap. Changes applied: security testing, feedback added, clarification and editorial changes.

 

   e) IPFIX MIB (Benoit Claise)

      - draft-dietz-ipfix-mib-01.txt

Most of the work was done by Thomas. Changes in the MIB structure: two different modules have been combined into one MIB. Four main tables exists, some are new: transport session, observation domain, template table and template definition. Basic objects for filtering/sampling to allow interop with PSAMP. 

Transport session table is the index and covers the various transport protocols. Observation domain table offers a link to the entity MIB for additional details (if implemented). Template allows seeing the flow definitions. Sector table is a placeholder for PSAMP operations. Also a placeholder for future MIB extensions added.

Dan: we have bad experiences with OID pointing to "something else", e.g. in IF-MIB.

Benoit: no strong opinions, to be removed

Read/Write issue: previous discussions. Option for RO implementations.

Transport Session Table is RO as SCTP/TCP MIB variables are not writable.

Observation Domain Table: RO

Template Table: RO

Selector Table: RO

Q&A on RO/RW MIB:

Emile: it is possible to create an extra entry in the SCTP MIB with the internal API

Benoit: we could alternatively copy the whole SCTP MIB

Juergen: we should not use the backdoor into the SCTP MIB by turning a RO MIB into a writable one

Benoit: compromise to make the Template definition table RW with minimum statement RO

Juergen: send one more time to the list and then decide quickly to close it soon.

Open issues: elaborate on security; explain ipfixPhysicalEntity, some more objects (copy from NetFlow MIB). Next version will be ready in 1 month.

 

4. PSAMP drafts (Juergen Quittek)

Status of PSAMP WG: info model is blocking applicability status. 5 documents defined in the charter (Framework for packet selection and reporting. Drafts ready since 1,5 yrs, waiting for IPFIX to be ready. Framework needs to be updated, Nick will do it within 1 month. Minor changes to Tanja's draft as well. Protocol and info model were waiting on corresponding IPFIX documents. AD should review all docs together. Info model needs more editorial work. PSAMP MIB model is the least complete document, several parts were moved to the IPFIX MIB, to be discussed if PSAMP MIB remains a separate document or being merged with IPFIX MIB. At the next meeting we should discuss if we will close the PSAMP WG or if there is interesting new work.

   - draft-ietf-psamp-framework-10.txt

   - draft-ietf-psamp-sample-tech-07.txt

   - draft-ietf-psamp-protocol-07.txt

   - draft-ietf-psamp-info-05.txt

 

5. New drafts

   a) IPFIX Mediation:

      Implementation and Evaluation  (Daisuke Matsubara)

      - draft-kobayashi-ipfix-mediator-00.txt

Mediator concept was introduced at 65th and 67th IETF, it allows monitoring of traffic matrix and retrieve specific flow records at any time. NTT/Hitachi implemented a prototype. Scenario: 1 monitoring server monitors 200 routers with 100Gbps, sampling of 1/1000 applied. Still results is 43,000 flows/s, while the server can handle max 10,000 flows/sec. Adding mediators reduces the flows from 43,000 to 8,170 flows/s. Multiple graphs from the testing displayed. Average reduction rate is 30%. Further studies and tests will be performed in the testbed.

 

   b) IPFIX File Format (Brian Trammell)

      - draft-trammell-ipfix-file-02.txt

The idea is to have a standard flow storage format for interoperability etc. usage. Flat binary files are ideal for flow storage, IPFIX message format is ideal for flow records. Various requirements incorporated, file format description details explained. Self-description of IE proposed. Other changes in 02: finished description of IPFIX options for self-descriptions; security roles for these options added; new open issues identified. Future: continue to address open issues and gain implementation experiences, there are two open source implementations.

Danny: why are we specifying this in the IPFIX WG, as this has nothing to do with the bits on the wire? It might mislead implementers, in general it's useful.

Juergen: this is not a WG topic, it's just "interesting work", potentially ends as in informational

Paul: time stamps missing, this might be an issue

Brian: could be worth adding

Paul: self-describing is a very good idea!

Emile: storage looks like a specific function of a mediator

 

   c) Configuration Data Model (Gerhard Muenz)

      - draft-muenz-ipfix-configuration-01.txt

Configuration of IPFIX and PSAMP compliant systems for metering, exporting collecting processes. Goal is to have a vendor independent representation of configuration data, which should be easy to implement and transferred to/from devices. Format: XML. Several changes, including title to include PSAMP, rewrite of most parts of the text, and some small changes in the XML schema. Implementation exists already: VERMONT system uses NETCONF: http://www.history-project.net/

Benoit: this is a nice alternative to the read-write issues we have with MIBs.

Juergen: agreed, this is a good use case for NETCONF. To be discussed at the next meeting if this becomes WG work.

 

   c) Order of Information Elements (Hitoshi Irino)

      - draft-irino-ipfix-ie-order-00.txt

Differences between 00 and 01 explained: basic length classification rule. Compare speed of processing of 2 types of templates

Gerhard: the draft mentions that you cannot change the ordering as it has a semantic behind

Juergen: there might be cases where this applies

 

6. Wrap up, milestone review

 

Presentation slides are available at:  https://datatracker.ietf.org/public/meeting_materials.cgi?meeting_num=68

 (search for IPFIX in the Operations and Management Area)

 

 

OTHER DRAFTS:

 

IPFIX Aggregation

http://www.ietf.org/internet-drafts/draft-dressler-ipfix-aggregation-03.txt