idnits 2.17.1 draft-trammell-ipfix-tcpcontrolbits-revision-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The abstract seems to contain references ([RFC5102], [RFC0793]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 105 has weird spacing: '... bit flag...' == Line 106 has weird spacing: '... value name ...' -- The document date (September 17, 2013) is 3874 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5102 (Obsoleted by RFC 7012) Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPFIX Working Group B. Trammell 3 Internet-Draft ETH Zurich 4 Intended status: Informational P. Aitken 5 Expires: March 21, 2014 Cisco Systems, Inc 6 September 17, 2013 8 Revision of the tcpControlBits IPFIX Information Element 9 draft-trammell-ipfix-tcpcontrolbits-revision-03.txt 11 Abstract 13 This document revises the tcpControlBits IPFIX Information Element 14 defined in [RFC5102] to reflect changes to the TCP Flags header field 15 since [RFC0793]. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on March 21, 2014. 34 Copyright Notice 36 Copyright (c) 2013 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 1. Introduction 51 Octets 12 and 13 of the TCP header encode the data offset (header 52 length) in four bits, as well as 12 bits of flags. The least 53 significant 6 bits of these were defined in [RFC0793] as URG, ACK, 54 PSH, RST, SYN, and FIN for TCP control. Subsequently, [RFC3168] 55 defined the CWR and ECE flags for Explicit Congestion Notification 56 (ECN) negotiation and signaling; [RFC3540] additionally defined the 57 NS flag for the ECN Nonce Sum. 59 As defined in the IANA IPFIX Information Element Registry 60 [IANA-IPFIX], taken from [RFC5102], the tcpControlBits Information 61 Element for IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] only covers 62 the original six bits from [RFC0793]. To allow IPFIX to be used to 63 measure the use of ECN, and to bring the IPFIX Information Element 64 definition in line with the current definition of the TCP Flags 65 header field, it is necessary to revise this definition. 67 The revised definition of the Information Element in Section 2 was 68 developed and approved through the IE-DOCTORS process 69 [I-D.ietf-ipfix-ie-doctors] in August 2013. Section 5.1 of 70 [I-D.ietf-ipfix-ie-doctors] states "This process should not in any 71 way be construed as allowing the IE-DOCTORS to overrule IETF 72 consensus. Specifically, Information Elements in the IANA IE 73 registry which were added with IETF consensus require IETF consensus 74 for revision or deprecation". Since the tcpControlBits Information 75 Element was defined in [RFC5102], an IETF Proposed Standard, any 76 revision of this Information Element definition requires IETF 77 Consensus. The publication of this document fulfills that 78 requirement. 80 The following section defines the revised tcpControlBits Information 81 Element as in Section 9.1 of [I-D.ietf-ipfix-ie-doctors]. 83 2. The tcpControlBits Information Element 85 ElementId: 6 86 Data Type: unsigned16 87 Data Type Semantics: flags 88 Description: TCP control bits observed for the packets of this 89 Flow. This information is encoded as a bit field; for each TCP 90 control bit, there is a bit in this set. The bit is set to 1 if 91 any observed packet of this Flow has the corresponding TCP control 92 bit set to 1. The bit is cleared to 0 otherwise. 94 The values of each bit are shown below, per the definition of the 95 bits in the TCP header [RFC0793]: 97 MSb LSb 98 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 99 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 100 | | | N | C | E | U | A | P | R | S | F | 101 | Zero | Future | S | W | C | R | C | S | S | Y | I | 102 | (Data Offset) | Use | | R | E | G | K | H | T | N | N | 103 +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 105 bit flag 106 value name description 107 ------+-----+------------------------------------- 108 0x8000 Zero (see tcpHeaderLength) 109 0x4000 Zero (see tcpHeaderLength) 110 0x2000 Zero (see tcpHeaderLength) 111 0x1000 Zero (see tcpHeaderLength) 112 0x0800 Future Use 113 0x0400 Future Use 114 0x0200 Future Use 115 0x0100 NS ECN Nonce Sum 116 0x0080 CWR Congestion Window Reduced 117 0x0040 ECE ECN Echo 118 0x0020 URG Urgent Pointer field significant 119 0x0010 ACK Acknowledgment field significant 120 0x0008 PSH Push Function 121 0x0004 RST Reset the connection 122 0x0002 SYN Synchronize sequence numbers 123 0x0001 FIN No more data from sender 125 As the most significant four bits of octets 12 and 13 of the TCP 126 header [RFC0793] are used to encode the TCP data offset (header 127 length), the corresponding bits in this IE must be exported as 128 zero and must be ignored by the collector; use the tcpHeaderLength 129 Information Element to encode this value. 131 Each of the three future use bits (0x800, 0x400, and 0x200) should 132 be exported as observed in the TCP headers of the packets of this 133 Flow, as they may be used subsequent to a future update of 134 [RFC0793]. 136 If exported as a single octet with reduced size encoding, this 137 Information Element covers the low-order octet of this field (i.e, 138 bits 0x80 to 0x01), omitting the ECN Nonce Sum and the three 139 Future Use bits. A collector receiving this Information Element 140 with reduced size encoding must not assume anything about the 141 content of these four bits. 143 Exporting Processes exporting this Information Element on behalf 144 of a Metering Process that is not capable of observing any of the 145 ECN Nonce Sum or Future Use bits should use reduced size encoding, 146 and only export the least significant 8 bits of this Information 147 Element. 149 Note that previous revisions of this Information Element's 150 definition specified that the CWR and ECE bits must be exported as 151 zero, even if observed. Collectors should therefore not assume 152 that a value of zero for these bits in this Information Element 153 indicates the bits were never set in the observed traffic, 154 especially if these bits are zero in every Flow Record sent by a 155 given exporter. 156 References: [RFC0793][RFC3168][RFC3540] 157 Revision: 1 159 3. IANA Considerations 161 IANA will update the definition of the tcpControlBits Information 162 Element in the the IANA IPFIX Information Element Registry 163 [IANA-IPFIX] to reflect the changes in Section 2 above. 165 4. Security and Privacy Considerations 167 This document has no security or privacy considerations; the security 168 considerations for IPFIX [I-D.ietf-ipfix-protocol-rfc5101bis] apply. 170 5. Acknowledgments 172 Thanks to Andrew Feren and Lothar Braun for comments on the revised 173 definition. This work is partially supported by the European 174 Commission under grant agreement FP7-ICT-318627 mPlane; this does not 175 imply endorsement by the Commission. 177 6. References 179 6.1. Normative References 181 [I-D.ietf-ipfix-protocol-rfc5101bis] 182 Claise, B. and B. Trammell, "Specification of the IP Flow 183 Information eXport (IPFIX) Protocol for the Exchange of 184 Flow Information", draft-ietf-ipfix-protocol-rfc5101bis-10 185 (work in progress), July 2013. 187 [I-D.ietf-ipfix-ie-doctors] 188 Trammell, B. and B. Claise, "Guidelines for Authors and 189 Reviewers of IPFIX Information Elements", draft-ietf- 190 ipfix-ie-doctors-07 (work in progress), October 2012. 192 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 193 793, September 1981. 195 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 196 of Explicit Congestion Notification (ECN) to IP", RFC 197 3168, September 2001. 199 [RFC3540] Spring, N., Wetherall, D., and D. Ely, "Robust Explicit 200 Congestion Notification (ECN) Signaling with Nonces", RFC 201 3540, June 2003. 203 6.2. Informative References 205 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 206 Meyer, "Information Model for IP Flow Information Export", 207 RFC 5102, January 2008. 209 [IANA-IPFIX] 210 Internet Assigned Numbers Authority, ., "IP Flow 211 Information Export Information Elements 212 (http://www.iana.org/assignments/ipfix)", . 214 Authors' Addresses 216 Brian Trammell 217 Swiss Federal Institute of Technology Zurich 218 Gloriastrasse 35 219 8092 Zurich 220 Switzerland 222 Phone: +41 44 632 70 13 223 Email: trammell@tik.ee.ethz.ch 225 Paul Aitken 226 Cisco Systems, Inc. 227 96 Commercial Quay 228 Commercial Street, Edinburgh EH6 6LX 229 United Kingdom 231 Phone: +44 131 561 3616 232 Email: paitken@cisco.com