< draft-ietf-ipfix-structured-data-05.txt   draft-ietf-ipfix-structured-data-06.txt >
IPFIX Working Group B. Claise IPFIX Working Group B. Claise
Internet-Draft G. Dhandapani Internet-Draft G. Dhandapani
Intended Status: Standards Track P. Aitken Update: RFC5102 P. Aitken
Expires: September 20, 2011 S. Yates Intended Status: Standards Track S. Yates
Cisco Systems, Inc. Expires: November 3, 2011 Cisco Systems, Inc.
March 5, 2011 May 3, 2011
Export of Structured Data in IPFIX Export of Structured Data in IPFIX
draft-ietf-ipfix-structured-data-05.txt draft-ietf-ipfix-structured-data-06.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance This Internet-Draft is submitted to IETF in full conformance
with the provisions of BCP 78 and BCP 79. with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas, and its working Engineering Task Force (IETF), its areas, and its working
groups. Note that other groups may also distribute working groups. Note that other groups may also distribute working
documents as Internet-Drafts. documents as Internet-Drafts.
skipping to change at page 3, line 7 skipping to change at page 3, line 7
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described "OPTIONAL" in this document are to be interpreted as described
in RFC 2119 [RFC2119]. in RFC 2119 [RFC2119].
Table of Contents Table of Contents
1. Overview....................................................7 1. Overview...................................................7
1.1. IPFIX Documents Overview...............................7 1.1. IPFIX Documents Overview..............................7
1.2. Relationship between IPFIX and PSAMP...................8 1.2. Relationship between IPFIX and PSAMP..................8
2. Introduction................................................8 2. Introduction...............................................8
2.1. The IPFIX Track........................................9 2.1. The IPFIX Track.......................................9
2.2. The IPFIX Limitations.................................10 2.2. The IPFIX Limitations................................10
2.3. Structured Data Use Cases.............................10 2.3. Structured Data Use Cases............................10
2.4. The Proposal..........................................12 2.4. Specifications Summary...............................12
3. Terminology................................................13 3. Terminology...............................................13
3.1. New Terminology.......................................13 3.1. New Terminology......................................13
4. Linkage with the IPFIX Information Model...................13 4. Linkage with the IPFIX Information Model..................13
4.1. New Abstract Data Types...............................14 4.1. New Abstract Data Types..............................14
4.1.1. basicList........................................14 4.1.1. basicList.......................................14
4.1.2. subTemplateList..................................14 4.1.2. subTemplateList.................................14
4.1.3. subTemplateMultiList.............................14 4.1.3. subTemplateMultiList............................14
4.2. New Data Type Semantic................................14 4.2. New Data Type Semantic...............................14
4.2.1. List.............................................15 4.2.1. List............................................15
4.3. New Information Elements..............................15 4.3. New Information Elements.............................15
4.3.1. basicList........................................15 4.3.1. basicList.......................................15
4.3.2. subTemplateList..................................15 4.3.2. subTemplateList.................................15
4.3.3. subTemplateMultiList.............................15 4.3.3. subTemplateMultiList............................15
4.4. New Structured Data Type Semantics....................16 4.4. New Structured Data Type Semantics...................16
4.4.1. undefined........................................16 4.4.1. undefined.......................................16
4.4.2. noneOf...........................................16 4.4.2. noneOf..........................................16
4.4.3. exactlyOneOf.....................................17 4.4.3. exactlyOneOf....................................17
4.4.4. oneOrMoreOf......................................18 4.4.4. oneOrMoreOf.....................................18
4.4.5. allOf............................................18 4.4.5. allOf...........................................18
4.4.6. ordered..........................................19 4.4.6. ordered.........................................19
4.5. Encoding of IPFIX Data Types..........................19 4.5. Encoding of IPFIX Data Types.........................19
4.5.1. basicList........................................19 4.5.1. basicList.......................................19
Figure B: basicList Encoding with Enterprise Number...........21 4.5.2. subTemplateList.................................22
4.5.2. subTemplateList..................................22 4.5.3. subTemplateMultiList............................24
4.5.3. subTemplateMultiList.............................24 5. Structured Data Format....................................28
5. Structured Data Format.....................................28 5.1. Length Encoding Considerations.......................29
5.1. Length Encoding Considerations........................28 5.2. Recursive Structured Data............................29
5.2. Recursive Structured Data.............................29
5.3. Structured Data Information Elements Applicability in 5.3. Structured Data Information Elements Applicability in
Options Template Sets......................................30 Options Template Sets.....................................30
5.4. Usage Guidelines for Equivalent Data Representations..30 5.4. Usage Guidelines for Equivalent Data Representations.31
5.5. Padding...............................................32 5.5. Padding..............................................32
5.6. Semantic..............................................32 5.6. Semantic.............................................32
6. Template Management........................................36 6. Template Management.......................................36
7. The Collecting Process's Side..............................37 7. The Collecting Process's Side.............................37
8. Defining New Information Elements Based on the New 8. Defining New Information Elements Based on the New
Abstract Data Types...........................................38 Abstract Data Types..........................................38
9. Structured Data Encoding Examples..........................38 9. Structured Data Encoding Examples.........................38
9.1. Encoding a Multicast Data Record with basicList.......38 9.1. Encoding a Multicast Data Record with basicList......38
9.2. Encoding a Load-balanced Data Record with a basicList.40 9.2. Encoding a Load-balanced Data Record with a basicList40
9.3. Encoding subTemplateList..............................41 9.3. Encoding subTemplateList.............................41
9.4. Encoding subTemplateMultiList.........................44 9.4. Encoding subTemplateMultiList........................44
9.5. Encoding an Options Template Set using Structured Data49 9.5. Encoding an Options Template Set using Structured
10. Relationship with the Other IFPIX Documents...............54 Data......................................................49
10.1. Relationship with Reducing Redundancy................54 10. Relationship with the Other IFPIX Documents..............54
10.1. Relationship with Reducing Redundancy...............54
10.1.1. Encoding Structured Data Element using Common 10.1.1. Encoding Structured Data Element using Common
Properties..............................................54 Properties.............................................54
10.1.2. Encoding Common Properties elements With 10.1.2. Encoding Common Properties elements With
Structured Data Information Element.....................54 Structured Data Information Element....................54
10.2. Relationship with Guidelines for IPFIX Testing.......56 10.2. Relationship with Guidelines for IPFIX Testing......56
10.3. Relationship with IPFIX Mediation Function...........57 10.3. Relationship with IPFIX Mediation Function..........57
11. IANA Considerations.......................................57 11. IANA Considerations......................................57
11.1. New Abstract Data Types..............................58 11.1. New Abstract Data Types.............................58
11.1.1. basicList.......................................58 11.1.1. basicList......................................58
11.1.2. subTemplateList.................................58 11.1.2. subTemplateList................................58
11.1.3. subTemplateMultiList............................58 11.1.3. subTemplateMultiList...........................58
11.2. New Data Type Semantics..............................58 11.2. New Data Type Semantics.............................58
11.2.1. list............................................59 11.2.1. list...........................................59
11.3. New Information Elements.............................59 11.3. New Information Elements............................59
11.3.1. basicList.......................................59 11.3.1. basicList......................................59
11.3.2. subTemplateList.................................59 11.3.2. subTemplateList................................59
11.3.3. subTemplateMultiList............................60 11.3.3. subTemplateMultiList...........................60
11.4. New Structured Data Semantics........................60 11.4. New Structured Data Semantics.......................60
11.4.1. undefined.......................................60 11.4.1. undefined......................................60
11.4.2. noneOf..........................................60 11.4.2. noneOf.........................................60
11.4.3. exactlyOneOf....................................61 11.4.3. exactlyOneOf...................................61
11.4.4. oneOrMoreOf.....................................61 11.4.4. oneOrMoreOf....................................61
11.4.5. allOf...........................................61 11.4.5. allOf..........................................61
11.4.6. ordered.........................................61 11.4.6. ordered........................................61
12. Security Considerations...................................62 12. Security Considerations..................................62
13. References................................................62 13. References...............................................62
13.1. Normative References.................................62 13.1. Normative References................................62
13.2. Informative References...............................62 13.2. Informative References..............................62
14. Acknowledgement...........................................63 14. Acknowledgement..........................................63
15. Authors' Addresses........................................63 15. Authors' Addresses.......................................64
Appendix A. Additions to XML Specification of IPFIX Appendix A. Additions to XML Specification of IPFIX
Information Elements and Abstract Data Types..................64 Information Elements and Abstract Data Types.................65
Appendix B. Encoding IPS Alert using Structured Data Appendix B. Encoding IPS Alert using Structured Data
Information Elements..........................................69 Information Elements.........................................70
Table of Figures Table of Figures
Figure A: basicList Encoding................................... 19 Figure A: basicList Encoding...................................19
Figure B: basicList Encoding with Enterprise Number............21
Figure C: Variable-Length basicList Encoding (Length < 255 octets) Figure C: Variable-Length basicList Encoding (Length < 255 octets)
........................................................... 21 ...........................................................21
Figure D: Variable-Length basicList Encoding (Length 0 to 65535 Figure D: Variable-Length basicList Encoding (Length 0 to 65535
octets) .................................................... 22 octets) ....................................................22
Figure E: subTemplateList Encoding............................. 22 Figure E: subTemplateList Encoding.............................22
Figure F: Variable-Length subTemplateList Encoding (Length < 255 Figure F: Variable-Length subTemplateList Encoding (Length < 255
octets) .................................................... 23 octets) ....................................................23
Figure G: Variable-Length subTemplateList Encoding (Length 0 to Figure G: Variable-Length subTemplateList Encoding (Length 0 to
65535 octets) .............................................. 24 65535 octets) ..............................................24
Figure H: subTemplateMultiList Encoding........................ 25 Figure H: subTemplateMultiList Encoding........................25
Figure I: Variable-Length subTemplateMultiList Encoding (Length < Figure I: Variable-Length subTemplateMultiList Encoding (Length <
255 octets) ................................................ 27 255 octets) ................................................27
Figure J: Variable-Length subTemplateMultiList Encoding (Length 0 Figure J: Variable-Length subTemplateMultiList Encoding (Length 0
to 65535 octets) ........................................... 28 to 65535 octets) ...........................................28
Figure K: Encoding basicList, Template Record.................. 39 Figure K: Encoding basicList, Template Record..................39
Figure L: Encoding basicList, Data Record, Semantic allOf...... 40 Figure L: Encoding basicList, Data Record, Semantic allOf......40
Figure M: Encoding basicList, Data Record with Variable-Length Figure M: Encoding basicList, Data Record with Variable-Length
Elements, Semantic allOf ................................... 40 Elements, Semantic allOf ...................................40
Figure N: Encoding basicList, Data Record, Semantic ExactlyOneOf41 Figure N: Encoding basicList, Data Record, Semantic ExactlyOneOf
...........................................................41
Figure O: Encoding subTemplateList, Template for One-Way Delay Figure O: Encoding subTemplateList, Template for One-Way Delay
Metrics .................................................... 42 Metrics ....................................................42
Figure P: Encoding subTemplateList, Template Record............ 43 Figure P: Encoding subTemplateList, Template Record............43
Figure Q: Encoding subTemplateList, Data Set................... 44 Figure Q: Encoding subTemplateList, Data Set...................44
Figure R: Encoding subTemplateMultiList, Template for Filtering Figure R: Encoding subTemplateMultiList, Template for Filtering
Attributes ................................................. 47 Attributes .................................................47
Figure S: Encoding subTemplateMultiList, Template for Sampling Figure S: Encoding subTemplateMultiList, Template for Sampling
Attributes ................................................. 47 Attributes .................................................47
Figure T: Encoding subTemplateMultiList, Template for Flow Record48 Figure T: Encoding subTemplateMultiList, Template for Flow Record
Figure U: Encoding subTemplateMultiList, Data Set.............. 49 ...........................................................48
Figure U: Encoding subTemplateMultiList, Data Set..............49
Note that the example could further be improved with a basicList Note that the example could further be improved with a basicList
of selectorId if many Selector IDs have to be reported. .... 51 of selectorId if many Selector IDs have to be reported. ....51
Figure V: PSAMP SSRI to be encoded............................. 51 Figure V: PSAMP SSRI to be encoded.............................51
Figure W: Options Template Record for PSAMP SSRI using Figure W: Options Template Record for PSAMP SSRI using
subTemplateMultiList ....................................... 51 subTemplateMultiList .......................................51
Figure X: PSAMP SSRI, Template Record for interface............ 52 Figure X: PSAMP SSRI, Template Record for interface............52
Figure Y: PSAMP SSRI, Template Record for linecard............. 52 Figure Y: PSAMP SSRI, Template Record for linecard.............52
Figure Z: PSAMP SSRI, Template Record for linecard and interface52 Figure Z: PSAMP SSRI, Template Record for linecard and interface
...........................................................52
Figure ZA: Example of a PSAMP SSRI Data Record, Encoded using a Figure ZA: Example of a PSAMP SSRI Data Record, Encoded using a
subTemplateMultiList ....................................... 53 subTemplateMultiList .......................................53
Figure ZB: Common and Specific Properties Exported Together Figure ZB: Common and Specific Properties Exported Together
[RFC5473] .................................................. 55 [RFC5473] ..................................................55
Figure ZC: Common and Specific Properties Exported Separately Figure ZC: Common and Specific Properties Exported Separately
according to [RFC5473] ..................................... 55 according to [RFC5473] .....................................55
Figure ZD: Common and Specific Properties Exported with Structured Figure ZD: Common and Specific Properties Exported with Structured
Data Information Element ................................... 55 Data Information Element ...................................55
Figure B0: Encoding IPS Alert, Template for Target............. 72 Figure B0: Encoding IPS Alert, Template for Target.............72
Figure B1: Encoding IPS Alert, Template for Attacker........... 72 Figure B1: Encoding IPS Alert, Template for Attacker...........72
Figure B2: Encoding IPS Alert, Template for Participant........ 72 Figure B2: Encoding IPS Alert, Template for Participant........73
Figure B3: Encoding IPS Alert, Template for IPS Alert.......... 73 Figure B3: Encoding IPS Alert, Template for IPS Alert..........73
Figure B4: Encoding IPS Alert, Data Set........................ 74 Figure B4: Encoding IPS Alert, Data Set........................75
1. Overview 1. Overview
1.1. IPFIX Documents Overview 1.1. IPFIX Documents Overview
The IPFIX Protocol [RFC5101] provides network administrators with The IPFIX Protocol [RFC5101] provides network administrators with
access to IP Flow information. access to IP Flow information.
The architecture for the export of measured IP Flow information The architecture for the export of measured IP Flow information
out of an IPFIX Exporting Process to a Collecting Process is out of an IPFIX Exporting Process to a Collecting Process is
defined in the IPFIX Architecture [RFC5470], per the requirements defined in the IPFIX Architecture [RFC5470], per the requirements
skipping to change at page 8, line 32 skipping to change at page 8, line 32
Indeed, the major difference between IPFIX and PSAMP is that the Indeed, the major difference between IPFIX and PSAMP is that the
IPFIX protocol exports Flow Records while the PSAMP protocol IPFIX protocol exports Flow Records while the PSAMP protocol
exports Packet Reports. From a pure export point of view, IPFIX exports Packet Reports. From a pure export point of view, IPFIX
will not distinguish a Flow Record composed of several packets will not distinguish a Flow Record composed of several packets
aggregated together, from a Flow Record composed of a single aggregated together, from a Flow Record composed of a single
packet. So the PSAMP export can be seen as a special IPFIX Flow packet. So the PSAMP export can be seen as a special IPFIX Flow
Record containing information about a single packet. Record containing information about a single packet.
2. Introduction 2. Introduction
While collecting the interface counters every five minutes has While collecting the interface counters every five minutes has
proven to be useful in the past, more and more granular proven to be useful in the past, more and more granular
information is required from network elements for a series of information is required from network elements for a series of
applications: performance assurance, capacity planning, security, applications: performance assurance, capacity planning, security,
billing, or simply monitoring. However, the amount of information billing, or simply monitoring. However, the amount of information
has become so important that, when dealing with highly granular has become so large that, when dealing with highly granular
information such as Flow information, a push mechanism (as opposed information such as Flow information, a push mechanism (as opposed
to a pull mechanism, such as SNMP) is the only solution for to a pull mechanism, such as SNMP) is the only solution for
routers whose primary function is to route packets. Indeed, routers whose primary function is to route packets. Indeed,
polling short-lived Flows via SNMP is not an option: high end polling short-lived Flows via SNMP is not an option: high end
routers can support hundreds of thousands of Flows simultaneously. routers can support hundreds of thousands of Flows simultaneously.
Furthermore, in order to reduce the export bandwidth requirements, Furthermore, in order to reduce the export bandwidth requirements,
the network elements have to integrate mediation functions to the network elements have to integrate mediation functions to
aggregate the collected information, both in space and time. aggregate the collected information, both in space (typically from
different line cards or different Exporters) and in time.
Typically, it would be beneficial if access routers could export Typically, it would be beneficial if access routers could export
Flow Records, composed of the counters before and after an Flow Records, composed of the counters before and after an
optimization mechanism on the egress interface, instead of optimization mechanism on the egress interface, instead of
exporting two Flow Records with identical tuple information. exporting two Flow Records with identical tuple information.
In terms of aggregation in time, let us imagine that, for In terms of aggregation in time, let us imagine that, for
performance assurance, the network management application must performance assurance, the network management application must
receive the performance metrics associated with a specific flow, receive the performance metrics associated with a specific flow,
every millisecond. Since the performance metrics will be every millisecond. Since the performance metrics will be
skipping to change at page 12, line 34 skipping to change at page 12, line 34
flattened (thus losing the hierarchical relationships) and a new flattened (thus losing the hierarchical relationships) and a new
IPFIX Template created for each alert, according to the number of IPFIX Template created for each alert, according to the number of
applicationId elements in each target, the number of targets and applicationId elements in each target, the number of targets and
attackers in each participant, and the number of participants in attackers in each participant, and the number of participants in
each alert. Clearly each Template will be unique to each alert, each alert. Clearly each Template will be unique to each alert,
and a large amount of CPU, memory and export bandwidth will be and a large amount of CPU, memory and export bandwidth will be
wasted creating, exporting, maintaining, and withdrawing the wasted creating, exporting, maintaining, and withdrawing the
Templates. See Appendix B for a specific example related to this Templates. See Appendix B for a specific example related to this
case study. case study.
2.4. The Proposal 2.4. Specifications Summary
This document specifies an IPFIX extension to support hierarchical This document specifies an IPFIX extension to support hierarchical
structured data and variable-length lists by defining three new structured data and variable-length lists by defining three new
Information Elements and three corresponding new abstract data Information Elements and three corresponding new abstract data
types called basicList, subTemplateList, and subTemplateMultiList. types called basicList, subTemplateList, and subTemplateMultiList.
These are defined in Section 4.1. These are defined in Section 4.1.
The three Structured Data Information Elements carry some semantic The three Structured Data Information Elements carry some semantic
information so that the Collecting Process can understand the information so that the Collecting Process can understand the
relationship between the different list elements. The semantic in relationship between the different list elements. The semantic in
skipping to change at page 21, line 4 skipping to change at page 21, line 4
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Semantic |1| Field ID | Element... | | Semantic |1| Field ID | Element... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ...Length | Enterprise Number ... | | ...Length | Enterprise Number ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | basicList Content ... | | ... | basicList Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure B: basicList Encoding with Enterprise Number Figure B: basicList Encoding with Enterprise Number
Also note that, if a basicList has zero elements, the encoded data Also note that, if a basicList has zero elements, the encoded data
contains the Semantic field, Field ID, the Element Length field contains the Semantic field, Field ID, the Element Length field
and the four-byte Enterprise Number (if present), while basicList and the four-byte Enterprise Number (if present), while basicList
Content is empty. Content is empty.
If the basicList is encoded as a variable-length Information If the basicList is encoded as a variable-length Information
Element in less than 255 octets, it is encoded with the Length Element in less than 255 octets, it MAY be encoded with the Length
field per Section 7 of [RFC5101] as follows: field per Section 7 of [RFC5101] as shown in Figure C. However,
the three-byte length encoding, as shown Figure D, is RECOMMENDED
(see section 5.1. ).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (< 255)| Semantic |0| Field ID | | Length (< 255)| Semantic |0| Field ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Element Length | basicList Content ... | | Element Length | basicList Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure C: Variable-Length basicList Encoding (Length < 255 Figure C: Variable-Length basicList Encoding (Length < 255
octets) octets)
If the basicList is encoded as a variable-length Information If the basicList is encoded as a variable-length Information
Element in 255 or more octets, it is encoded with the Length field Element in 255 or more octets, it MUST be encoded with the Length
per Section 7 of [RFC5101] as follows: field per Section 7 of [RFC5101] as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 255 | Length (0 to 65535) | Semantic | | 255 | Length (0 to 65535) | Semantic |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| Field ID | Element Length | |0| Field ID | Element Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| basicList Content ... | | basicList Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 23, line 19 skipping to change at page 23, line 19
subTemplateList is decoded. Encoding and decoding are subTemplateList is decoded. Encoding and decoding are
performed recursively if the specified Template itself performed recursively if the specified Template itself
contains Structured Data Information Elements as described contains Structured Data Information Elements as described
here. here.
Note that, if a subTemplateList has zero elements, the encoded Note that, if a subTemplateList has zero elements, the encoded
data contains only the Semantic field and the Template ID field, data contains only the Semantic field and the Template ID field,
while subTemplateList Content is empty. while subTemplateList Content is empty.
If the subTemplateList is encoded as a variable-length Information If the subTemplateList is encoded as a variable-length Information
Element in less than 255 octets, it is encoded with the Length Element in less than 255 octets, it MAY be encoded with the Length
field per Section 7 of [RFC5101] as follows: field per Section 7 of [RFC5101] as shown in Figure F. However,
the three-byte length encoding, as shown Figure G, is RECOMMENDED
(see section 5.1. ).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (< 255)| Semantic | Template ID | | Length (< 255)| Semantic | Template ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| subTemplateList Content ... | | subTemplateList Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure F: Variable-Length subTemplateList Encoding (Length < 255 Figure F: Variable-Length subTemplateList Encoding (Length < 255
octets) octets)
If the subTemplateList is encoded as a variable-length Information If the subTemplateList is encoded as a variable-length Information
Element in 255 or more octets, it is encoded with the Length field Element in 255 or more octets, it MUST be encoded with the Length
per Section 7 of [RFC5101] as follows: field per Section 7 of [RFC5101] as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 255 | Length (0 to 65535) | Semantic | | 255 | Length (0 to 65535) | Semantic |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID | subTemplateList Content ... | | Template ID | subTemplateList Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 26, line 21 skipping to change at page 26, line 21
decoded. Encoding and decoding are performed recursively if decoded. Encoding and decoding are performed recursively if
the specified Template itself contains Structured Data the specified Template itself contains Structured Data
Information Elements as described here. Information Elements as described here.
In the exceptional case of zero instances in the In the exceptional case of zero instances in the
subTemplateMultiList, no data is encoded, only the Semantic field subTemplateMultiList, no data is encoded, only the Semantic field
and Template ID field(s), and the Data Record Length field is set and Template ID field(s), and the Data Record Length field is set
to zero. to zero.
If the subTemplateMultiList is encoded as a variable-length If the subTemplateMultiList is encoded as a variable-length
Information Element in less than 255 octets, it is encoded with Information Element in less than 255 octets, it MAY be encoded
the Length field per Section 7 of [RFC5101] as follows: with the Length field per Section 7 of [RFC5101] as shown in
Figure I. However, the three-byte length encoding, as shown
Figure J, is RECOMMENDED (see section 5.1. ).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length (< 255)| Semantic | Template ID X | | Length (< 255)| Semantic | Template ID X |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Records Length X | Data Record X.1 Content ... | | Data Records Length X | Data Record X.1 Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 27, line 31 skipping to change at page 27, line 34
| ... | Data Record Z.N Content ... | | ... | Data Record Z.N Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... | | ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure I: Variable-Length subTemplateMultiList Encoding (Length < Figure I: Variable-Length subTemplateMultiList Encoding (Length <
255 octets) 255 octets)
If the subTemplateMultiList is encoded as a Variable-Length If the subTemplateMultiList is encoded as a variable-length
Information Element in 255 or more octets, it is encoded with the Information Element in 255 or more octets, it MUST be encoded with
Length field per Section 7 of [RFC5101] as follows: the Length field per Section 7 of [RFC5101] as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 255 | Length (0 to 65535) | Semantic | | 255 | Length (0 to 65535) | Semantic |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID X | Data Records Length X | | Template ID X | Data Records Length X |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Record X.1 Content ... | | Data Record X.1 Content ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 62, line 13 skipping to change at page 62, line 13
Name: ordered Name: ordered
Description: The "ordered" structured data type semantic specifies Description: The "ordered" structured data type semantic specifies
that elements from the list in the structured data are ordered. that elements from the list in the structured data are ordered.
Value: 0x04 Value: 0x04
Reference: <this future RFC> Reference: <this future RFC>
12. Security Considerations 12. Security Considerations
The same security considerations as for the IPFIX Protocol The addition of complex data types necessarily complicates the
[RFC5101] and the IPFIX information model [RFC5102] apply. implementation of the Collector. This could easily result in new
security vulnerabilities (e.g., buffer overflows); this creates
additional risk in cases where either DTLS is not used, or if the
Observation Point and Collector belong to different trust domains.
Otherwise, the same security considerations as for the IPFIX
Protocol [RFC5101] and the IPFIX information model [RFC5102]
apply.
13. References 13. References
13.1. Normative References 13.1. Normative References
[RFC2119] S. Bradner, Key words for use in RFCs to Indicate [RFC2119] S. Bradner, Key words for use in RFCs to Indicate
Requirement Levels, BCP 14, RFC 2119, March 1997. Requirement Levels, BCP 14, RFC 2119, March 1997.
[RFC5101] Claise, B., Ed., "Specification of the IP Flow [RFC5101] Claise, B., Ed., "Specification of the IP Flow
Information Export (IPFIX) Protocol for the Exchange of Information Export (IPFIX) Protocol for the Exchange of
skipping to change at page 67, line 40 skipping to change at page 68, line 6
<paragraph> <paragraph>
The "ordered" structured data type semantic specifies The "ordered" structured data type semantic specifies
that elements from the list in the structured data are that elements from the list in the structured data are
ordered. ordered.
</paragraph> </paragraph>
</description> </description>
</structuredDataTypeSemantic> </structuredDataTypeSemantic>
</structuredDataTypeSemantics> </structuredDataTypeSemantics>
The following schema definitions are appended to the abstract data The following schema definitions are appended to the abstract data
types defined in Appendix B of [RFC5102]. types defined in Appendix B of [RFC5102]. This schema and its
namespace are registered by IANA at
http://www.iana.org/assignments/xml-registry/schema/ipfix.xsd
<simpleType name="dataType"> <simpleType name="dataType">
<restriction base="string"> <restriction base="string">
<enumeration value="basicList"> <enumeration value="basicList">
<annotation> <annotation>
<documentation> <documentation>
Represents a list of zero or more instances of Represents a list of zero or more instances of
any Information Element, primarily used for any Information Element, primarily used for
single-valued data types. For example, a list of port single-valued data types. For example, a list of port
numbers, list of interface indexes, list of AS in a numbers, list of interface indexes, list of AS in a
 End of changes. 37 change blocks. 
153 lines changed or deleted 172 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/