idnits 2.17.1 

draft-trammell-ipfix-tcpcontrolbits-revision-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a Security Considerations section.

  ** The abstract seems to contain references ([RFC5102], [RFC0793]), which
     it shouldn't.  Please replace those with straight textual mentions of the
     documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == Line 105 has weird spacing: '...   bit    flag...'

  == Line 106 has weird spacing: '...  value  name ...'

  -- The document date (September 09, 2013) is 3876 days in the past.  Is
     this intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC  793 (Obsoleted by RFC 9293)

  -- Obsolete informational reference (is this intentional?): RFC 5102
     (Obsoleted by RFC 7012)


     Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	IPFIX Working Group                                          B. Trammell
3	Internet-Draft                                                ETH Zurich
4	Intended status: Informational                                 P. Aitken
5	Expires: March 13, 2014                               Cisco Systems, Inc
6	                                                      September 09, 2013

8	        Revision of the tcpControlBits IPFIX Information Element
9	          draft-trammell-ipfix-tcpcontrolbits-revision-02.txt

11	Abstract

13	   This document revises the tcpControlBits IPFIX Information Element
14	   defined in [RFC5102] to reflect changes to the TCP Flags header field
15	   since [RFC0793].

17	Status of This Memo

19	   This Internet-Draft is submitted in full conformance with the
20	   provisions of BCP 78 and BCP 79.

22	   Internet-Drafts are working documents of the Internet Engineering
23	   Task Force (IETF).  Note that other groups may also distribute
24	   working documents as Internet-Drafts.  The list of current Internet-
25	   Drafts is at http://datatracker.ietf.org/drafts/current/.

27	   Internet-Drafts are draft documents valid for a maximum of six months
28	   and may be updated, replaced, or obsoleted by other documents at any
29	   time.  It is inappropriate to use Internet-Drafts as reference
30	   material or to cite them other than as "work in progress."

32	   This Internet-Draft will expire on March 13, 2014.

34	Copyright Notice

36	   Copyright (c) 2013 IETF Trust and the persons identified as the
37	   document authors.  All rights reserved.

39	   This document is subject to BCP 78 and the IETF Trust's Legal
40	   Provisions Relating to IETF Documents
41	   (http://trustee.ietf.org/license-info) in effect on the date of
42	   publication of this document.  Please review these documents
43	   carefully, as they describe your rights and restrictions with respect
44	   to this document.  Code Components extracted from this document must
45	   include Simplified BSD License text as described in Section 4.e of
46	   the Trust Legal Provisions and are provided without warranty as
47	   described in the Simplified BSD License.

49	1.  Introduction

51	   Octets 12 and 13 of the TCP header encode the data offset (header
52	   length) in four bits, as well as 12 bits of flags.  The least
53	   significant 6 bits of these were defined in [RFC0793] as URG, ACK,
54	   PSH, RST, SYN, and FIN for TCP control.  Subsequently, [RFC3168]
55	   defined the CWR and ECE flags for Explicit Congestion Notification
56	   (ECN) negotiation and signaling; [RFC3540] additionally defined the
57	   NS flag for the ECN Nonce Sum.

59	   As defined in the IANA IPFIX Information Element Registry
60	   [IANA-IPFIX], taken from [RFC5102], the tcpControlBits Information
61	   Element for IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] only covers
62	   the original six bits from [RFC0793].  To allow IPFIX to be used to
63	   measure the use of ECN, and to bring the IPFIX Information Element
64	   definition in line with the current definition of the TCP Flags
65	   header field, it is necessary to revise this definition.

67	   The revised definition of the Information Element in Section 2 was
68	   developed and approved through the IE-DOCTORS process
69	   [I-D.ietf-ipfix-ie-doctors] in August 2013.  Section 5.1 of
70	   [I-D.ietf-ipfix-ie-doctors] states "This process should not in any
71	   way be construed as allowing the IE-DOCTORS to overrule IETF
72	   consensus.  Specifically, Information Elements in the IANA IE
73	   registry which were added with IETF consensus require IETF consensus
74	   for revision or deprecation".  Since the tcpControlBits Information
75	   Element was defined in [RFC5102], an IETF Proposed Standard, any
76	   revision of this Information Element definition requires IETF
77	   Consensus.  The publication of this document fulfills that
78	   requirement.

80	   The following section defines the revised tcpControlBits Information
81	   Element as in Section 9.1 of [I-D.ietf-ipfix-ie-doctors].

83	2.  The tcpControlBits Information Element

85	   ElementId:   6
86	   Data Type:   unsigned16
87	   Data Type Semantics:   flags
88	   Description:   TCP control bits observed for the packets of this
89	      Flow.  This information is encoded as a bit field; for each TCP
90	      control bit, there is a bit in this set.  The bit is set to 1 if
91	      any observed packet of this Flow has the corresponding TCP control
92	      bit set to 1.  The bit is cleared to 0 otherwise.

94	      The values of each bit are shown below, per the definition of the
95	      bits in the TCP header [RFC0793]:

97	    MSb                                                         LSb
98	     0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15
99	   +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
100	   |               |           | N | C | E | U | A | P | R | S | F |
101	   |     Zero      |   Future  | S | W | C | R | C | S | S | Y | I |
102	   | (Data Offset) |    Use    |   | R | E | G | K | H | T | N | N |
103	   +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

105	   bit    flag
106	   value  name  description
107	   ------+-----+-------------------------------------
108	   0x8000       Zero (see tcpHeaderLength)
109	   0x4000       Zero (see tcpHeaderLength)
110	   0x2000       Zero (see tcpHeaderLength)
111	   0x1000       Zero (see tcpHeaderLength)
112	   0x0800       Future Use
113	   0x0400       Future Use
114	   0x0200       Future Use
115	   0x0100   NS  ECN Nonce Sum
116	   0x0080  CWR  Congestion Window Reduced
117	   0x0040  ECE  ECN Echo
118	   0x0020  URG  Urgent Pointer field significant
119	   0x0010  ACK  Acknowledgment field significant
120	   0x0008  PSH  Push Function
121	   0x0004  RST  Reset the connection
122	   0x0002  SYN  Synchronize sequence numbers
123	   0x0001  FIN  No more data from sender

125	      As the most significant four bits of octets 12 and 13 of the TCP
126	      header [RFC0793] are used to encode the TCP data offset (header
127	      length), the corresponding bits in this IE must be exported as
128	      zero and must be ignored by the collector; use the tcpHeaderLength
129	      Information Element to encode this value.

131	      Each of the three future use bits (0x800, 0x400, and 0x200) should
132	      be exported as one if the corresponding bit is observed in the TCP
133	      headers of the packets of this Flow, as they may be subsequent to
134	      a future update of [RFC0793].

136	      If exported as a single octet with reduced length encoding, this
137	      Information Element covers the low-order octet of this field (i.e,
138	      bits 0x80 to 0x01), omitting the ECN Nonce Sum and the three
139	      Future Use bits.  A collector receiving this Information Element
140	      with reduced length encoding must not assume anything about the
141	      content of these four bits.

143	      Note that previous revisions of this Information Element's
144	      definition specified that the CWR and ECE bits must be exported as
145	      zero, even if observed.  Collectors should therefore not assume
146	      that a value of zero for these bits in this Information Element
147	      indicates the bits were never set in the observed traffic,
148	      especially if these bits are zero in every Flow Record sent by a
149	      given exporter.
150	   References:   [RFC0793][RFC3168][RFC3540]
151	   Revision:  1

153	3.  IANA Considerations

155	   IANA will update the definition of the tcpControlBits Information
156	   Element in the the IANA IPFIX Information Element Registry
157	   [IANA-IPFIX] to reflect the changes in Section 2 above.

159	4.  Security and Privacy Considerations

161	   This document has no security or privacy considerations; the security
162	   considerations for IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] apply.

164	5.  Acknowledgments

166	   Thanks to Andrew Feren for comments on the revised definition.  This
167	   work is partially supported by the European Commission under grant
168	   agreement FP7-ICT-318627 mPlane; this does not imply endorsement by
169	   the Commission.

171	6.  References

173	6.1.  Normative References

175	   [I-D.ietf-ipfix-protocol-rfc5101bis]
176	              Claise, B. and B. Trammell, "Specification of the IP Flow
177	              Information eXport (IPFIX) Protocol for the Exchange of
178	              Flow Information", draft-ietf-ipfix-protocol-rfc5101bis-10
179	              (work in progress), July 2013.

181	   [I-D.ietf-ipfix-ie-doctors]
182	              Trammell, B. and B. Claise, "Guidelines for Authors and
183	              Reviewers of IPFIX Information Elements", draft-ietf-
184	              ipfix-ie-doctors-07 (work in progress), October 2012.

186	   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7, RFC
187	              793, September 1981.

189	   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
190	              of Explicit Congestion Notification (ECN) to IP", RFC
191	              3168, September 2001.

193	   [RFC3540]  Spring, N., Wetherall, D., and D. Ely, "Robust Explicit
194	              Congestion Notification (ECN) Signaling with Nonces", RFC
195	              3540, June 2003.

197	6.2.  Informative References

199	   [RFC5102]  Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
200	              Meyer, "Information Model for IP Flow Information Export",
201	              RFC 5102, January 2008.

203	   [IANA-IPFIX]
204	              Internet Assigned Numbers Authority, ., "IP Flow
205	              Information Export Information Elements
206	              (http://www.iana.org/assignments/ipfix)", .

208	Authors' Addresses

210	   Brian Trammell
211	   Swiss Federal Institute of Technology Zurich
212	   Gloriastrasse 35
213	   8092 Zurich
214	   Switzerland

216	   Phone: +41 44 632 70 13
217	   Email: trammell@tik.ee.ethz.ch

219	   Paul Aitken
220	   Cisco Systems, Inc.
221	   96 Commercial Quay
222	   Commercial Street, Edinburgh EH6 6LX
223	   United Kingdom

225	   Phone: +44 131 561 3616
226	   Email: paitken@cisco.com