Network Working Group A. Yourtchenko Internet-Draft P. Aitken Intended status: Informational B. Claise Expires: January 4, 2012 Cisco Systems, Inc. July 3, 2011 IPFIX Cisco Vendor Specific Information Elements draft-yourtchenko-cisco-ies-00 Abstract This document describes some additional Information Elements of Cisco Systems, Inc. that are not listed in RFC3954. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 4, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Yourtchenko, et al. Expires January 4, 2012 [Page 1] Internet-Draft IPFIX-VSIE July 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Information Elements . . . . . . . . . . . . . . . . . . . . . 3 2.1. SAMPLING_INTERVAL . . . . . . . . . . . . . . . . . . . . 3 2.2. SAMPLING_ALORITHM . . . . . . . . . . . . . . . . . . . . 3 2.3. ENGINE_TYPE . . . . . . . . . . . . . . . . . . . . . . . 4 2.4. ENGINE_ID . . . . . . . . . . . . . . . . . . . . . . . . 4 2.5. FLOW_SAMPLER_ID . . . . . . . . . . . . . . . . . . . . . 4 2.6. FLOW_SAMPLER_MODE . . . . . . . . . . . . . . . . . . . . 4 2.7. FLOW_SAMPLER_RANDOM_INTERVAL . . . . . . . . . . . . . . . 5 2.8. CLASS_ID . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.9. IF_NAME . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.10. IF_DESC . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.11. SAMPLER_NAME . . . . . . . . . . . . . . . . . . . . . . . 6 2.12. mplsTopLabelPrefixLength . . . . . . . . . . . . . . . . . 6 2.13. SRC TRAFFIC INDEX . . . . . . . . . . . . . . . . . . . . 7 2.14. DST TRAFFIC INDEX . . . . . . . . . . . . . . . . . . . . 7 2.15. postipDiffServCodePoint . . . . . . . . . . . . . . . . . 7 2.16. replication factor . . . . . . . . . . . . . . . . . . . . 8 2.17. CLASS NAME . . . . . . . . . . . . . . . . . . . . . . . . 8 2.18. layer2packetSectionOffset . . . . . . . . . . . . . . . . 8 2.19. layer2packetSectionSize . . . . . . . . . . . . . . . . . 9 2.20. layer2packetSectionData . . . . . . . . . . . . . . . . . 9 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 4. Security Considerations . . . . . . . . . . . . . . . . . . . 9 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1. Normative References . . . . . . . . . . . . . . . . . . . 9 5.2. Informative References . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Yourtchenko, et al. Expires January 4, 2012 [Page 2] Internet-Draft IPFIX-VSIE July 2011 1. Introduction The RFC5102 [RFC5102], section 4, defines the IPFIX Information Elements in the range of 1-127 to be compatible with the Netflow version 9 fields, as defined in the RFC3954 [RFC3954]. This document describes some of the fields that are being used, but which appeared later than the RFC3954 [RFC3954] was published. 2. Information Elements 2.1. SAMPLING_INTERVAL Description: When using sampled NetFlow, the rate at which packets are sampled e.g. a value of 100 indicates that one of every 100 packets is sampled. Deprecated in favor of 305 samplingPacketInterval and 307 samplingTimeInterval. Abstract Data Type: unsigned32 ElementId: 34 Semantics: Quantity Status: Deprecated Units: packets 2.2. SAMPLING_ALORITHM Description: Deprecated in favor of 304 selectorAlgorithm. The type of algorithm used for sampled NetFlow: 0x01 Deterministic Sampling, 0x02 Random Sampling. The values are not compatible with the selectorAlgorithm field, where "Deterministic" has been replaced by "Systematic count-based" (1) or "Systematic time-based" (2), and Random is (3). Conversion is required, see http://www.iana.org/assignments/psamp-parameters/psamp-parameters.xml Abstract Data Type: unsigned8 ElementId: 35 Semantics: Identifier Status: Deprecated Units: n/a Yourtchenko, et al. Expires January 4, 2012 [Page 3] Internet-Draft IPFIX-VSIE July 2011 2.3. ENGINE_TYPE Description: Type of flow switching engine: RP = 0, VIP/Linecard = 1 Abstract Data Type: unsigned8 ElementId: 38 Semantics: Identifier Status: Current Units: n/a 2.4. ENGINE_ID Description: ID number of the flow switching engine Abstract Data Type: unsigned8 ElementId: 39 Status: Current Units: n/a 2.5. FLOW_SAMPLER_ID Description: Deprecated in favour of 302 selectorId. Identifier shown in "show flow-sampler" Abstract Data Type: unsigned8 ElementId: 48 Semantics: Identifier Status: Deprecated Units: n/a 2.6. FLOW_SAMPLER_MODE Description: The type of algorithm used for sampling data:A 0x02 random sampling. Use with FLOW_SAMPLER_RANDOM_INTERVAL. Deprecated in favour of 304 selectorAlgorithm. The values are not compatible: selectorAlgorithm=3 is random sampling. Yourtchenko, et al. Expires January 4, 2012 [Page 4] Internet-Draft IPFIX-VSIE July 2011 Abstract Data Type: unsigned8 ElementId: 49 Status: Deprecated Units: n/a 2.7. FLOW_SAMPLER_RANDOM_INTERVAL Description: Deprecated in favour of 305 samplingPacketInterval. Packet interval at which to sample. Use in connection with FLOW_SAMPLER_MODE. Abstract Data Type: unsigned32 ElementId: 50 Semantics: Quantity Status: Deprecated Units: n/a 2.8. CLASS_ID Characterizes the traffic class. Deprecated in favour of 302 selectorId. Abstract Data Type: unsigned8 ElementId: 51 Semantics: Identifier Status: Deprecated Units: n/a 2.9. IF_NAME Description: A short name uniquely identifying the interface, e.g. "FE1/0". Abstract Data Type: string ElementId: 82 Yourtchenko, et al. Expires January 4, 2012 [Page 5] Internet-Draft IPFIX-VSIE July 2011 Semantics: Name Status: Current Units: n/a 2.10. IF_DESC Description: The description of the interface. Abstract Data Type: string ElementId: 83 Semantics: Name Status: Current Units: n/a 2.11. SAMPLER_NAME Description: Deprecated in favor of 335 selectorName. Name of the flow sampler. Abstract Data Type: N (see template) ElementId: 84 Semantics: Name Status: Deprecated Units: n/a Reference: TBD 2.12. mplsTopLabelPrefixLength Description: The prefix length of the subnet of the mplsTopLabelIPv4Address that the MPLS top label will cause the Flow to be forwarded to. Abstract Data Type: unsigned8 ElementId: 91 Status: Current Yourtchenko, et al. Expires January 4, 2012 [Page 6] Internet-Draft IPFIX-VSIE July 2011 Units: n/a 2.13. SRC TRAFFIC INDEX Description: BGP Policy Accounting Source Traffic Index Abstract Data Type: unsigned32 ElementId: 92 Status: Current Units: n/a 2.14. DST TRAFFIC INDEX Description: BGP Policy Accounting Destination Traffic Index Abstract Data Type: unsigned32 ElementId: 93 Status: Current Units: n/a Reference: TBD 2.15. postipDiffServCodePoint Description: The definition of this Information Element is identical to the definition of Information Element 'ipDiffServCodePoint', except that it reports a potentially modified value caused by a middlebox function after the packet passed the Observation Point. Abstract Data Type: unsigned8 ElementId: 98 Status: Current Units: n/a Reference: See RFC3260 [RFC3260] for the definition of the Differentiated Services Field. See section 5.3.2 of RFC1812 [RFC1812] and [RFC791] for the definition of the IPv4 TOS field. See RFC2460 [RFC2460] for the definition of the IPv6 Traffic Class field. See the IPFIX Information Model RFC5102 [RFC5102] for the Yourtchenko, et al. Expires January 4, 2012 [Page 7] Internet-Draft IPFIX-VSIE July 2011 'ipDiffServCodePoint' specification. 2.16. replication factor Description: The amount of multicast replication that's applied to a traffic stream. Abstract Data Type: unsigned32 ElementId: 99 Semantics: Quantity Status: Current Units: n/a Reference: See RFC1112 [RFC1112] for the specification of reserved IPv4 multicast addresses. See RFC4291 [RFC4291] for the specification of reserved IPv6 multicast addresses. 2.17. CLASS NAME Description: Deprecated in favor of 335 selectorName. Traffic Class Name. Abstract Data Type: N (see template) ElementId: 100 Status: Deprecated Units: n/a 2.18. layer2packetSectionOffset Description: Layer 2 packet section offset. Layer 2 packet section offset.A When used with the packet section fields. Abstract Data Type: N (see template) ElementId: 102 Status: Current Units: n/a Yourtchenko, et al. Expires January 4, 2012 [Page 8] Internet-Draft IPFIX-VSIE July 2011 2.19. layer2packetSectionSize Description: Layer 2 packet section size. A generic packet section size, when used in conjunction with the packet section fields. Abstract Data Type: N (see template) ElementId: 103 Status: Current Units: n/a 2.20. layer2packetSectionData Description: Layer 2 packet section data. Abstract Data Type: octetArray ElementId: 104 Status: Current Units: n/a 3. IANA Considerations The descriptions would need to update the registry. The new semantic ("Name" will need to be defined). 4. Security Considerations This document specifies the definitions and does not alter the security considerations of the base protocol. Please refer to the security considerations sections of RFC 3954 [RFC3954] and RFC 5102 [RFC5102]. 5. References 5.1. Normative References [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, RFC 1112, August 1989. [RFC1812] Baker, F., "Requirements for IP Version 4 Routers", Yourtchenko, et al. Expires January 4, 2012 [Page 9] Internet-Draft IPFIX-VSIE July 2011 RFC 1812, June 1995. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. 5.2. Informative References [RFC3260] Grossman, D., "New Terminology and Clarifications for Diffserv", RFC 3260, April 2002. [RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004. [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, January 2008. Authors' Addresses Andrew Yourtchenko Cisco Systems, Inc. De Kleetlaan, 7 Brussels, Diegem B-1831 Belgium Phone: +32 2 704 5494 Email: ayourtch@cisco.com Paul Aitken Cisco Systems, Inc. 96 Commercial Quay Edinburgh EH6 6LX Scotland Phone: +44 131 561 3616 Email: paitken@cisco.com Yourtchenko, et al. Expires January 4, 2012 [Page 10] Internet-Draft IPFIX-VSIE July 2011 Benoit Claise Cisco Systems, Inc. De Kleetlaan, 6a b1 Diegem B-1831 Belgium Phone: +32 2 704 5622 Email: bclaise@cisco.com Yourtchenko, et al. Expires January 4, 2012 [Page 11]