Operations and Management Area Working Group M. Boucadair Internet-Draft Orange Intended status: Informational B. Claise Expires: 3 June 2023 Huawei 30 November 2022 Simple Fixes to the IP Flow Information Export (IPFIX) IANA Registry draft-boucla-opsawg-ipfix-fixes-00 Abstract This document describes simple fixes to the IANA IP Flow Information Export (IPFIX) registry. These fixes are mainly updates to point to newer IANA registries and also updates to the description of some Information Elements (IEs). Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Operations and Management Area Working Group Working Group mailing list (opsawg@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/opsawg/. Source for this draft and an issue tracker can be found at https://github.com/boucadair/simple-ipfix-fixes. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 3 June 2023. Boucadair & Claise Expires 3 June 2023 [Page 1] Internet-Draft IPFIX IANA Fixes November 2022 Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Update the Description . . . . . . . . . . . . . . . . . . . 3 3.1. tcpOptions . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. ipv6ExtensionHeaders . . . . . . . . . . . . . . . . . . 4 4. Point to An Existing IANA Registry . . . . . . . . . . . . . 4 5. Consistent Citation of Registries . . . . . . . . . . . . . . 5 5.1. flowEndReason . . . . . . . . . . . . . . . . . . . . . . 5 5.2. natOriginatingAddressRealm . . . . . . . . . . . . . . . 6 5.3. natEvent . . . . . . . . . . . . . . . . . . . . . . . . 6 5.4. firewallEvent . . . . . . . . . . . . . . . . . . . . . . 7 5.5. biflowDirection . . . . . . . . . . . . . . . . . . . . . 8 5.6. observationPointType . . . . . . . . . . . . . . . . . . 8 5.7. anonymizationTechnique . . . . . . . . . . . . . . . . . 9 5.8. natType . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.9. selectorAlgorithm . . . . . . . . . . . . . . . . . . . . 10 5.10. informationElementDataType . . . . . . . . . . . . . . . 11 5.11. informationElementSemantics . . . . . . . . . . . . . . . 12 5.12. informationElementUnits . . . . . . . . . . . . . . . . . 13 5.13. portRangeStart . . . . . . . . . . . . . . . . . . . . . 13 5.14. portRangeEnd . . . . . . . . . . . . . . . . . . . . . . 14 5.15. ingressInterfaceType . . . . . . . . . . . . . . . . . . 14 5.16. egressInterfaceType . . . . . . . . . . . . . . . . . . . 15 5.17. valueDistributionMethod . . . . . . . . . . . . . . . . . 15 5.18. flowSelectorAlgorithm . . . . . . . . . . . . . . . . . . 16 5.19. dataLinkFrameType . . . . . . . . . . . . . . . . . . . . 17 5.20. mibCaptureTimeSemantics . . . . . . . . . . . . . . . . . 17 5.21. natQuotaExceededEvent . . . . . . . . . . . . . . . . . . 18 5.22. natThresholdEvent . . . . . . . . . . . . . . . . . . . . 19 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 Boucadair & Claise Expires 3 June 2023 [Page 2] Internet-Draft IPFIX IANA Fixes November 2022 8.1. Normative References . . . . . . . . . . . . . . . . . . 20 8.2. Informative References . . . . . . . . . . . . . . . . . 20 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 1. Introduction As the OPSAWG is currently considering [I-D.boucadair-opsawg-rfc7125-update] that updates [RFC7125], the WG realized that some other parts of the IANA IPFIX registry [IANA-IPFIX] were not up to date. Indeed, since its initial creation in 2007, some IPFIX Information Elements (IEs) are not adequately specified any longer (while they were at some point in time in the past). This document intends to update the registry and bringing some consistency. This document lists a set of simple fixes to the IPFIX IANA registry [IANA-IPFIX]. These fixes are classified as follows: * Updates that fix a shortcoming in the description of an IE (Section 3). * Updates that require adding a pointer to an existing IANA registry (Section 4). * Updates that are meant to ensure a consistent structure when calling an existing IANA registry (Section 5). Note that, as per Section 5 of [RFC7012], [IANA-IPFIX] is the normative reference for the IPFIX IEs that were defined in [RFC5102]. Therefore, the updates in this document do not update any part of [RFC7125]. Fixes that require defining new IEs may be moved to a separate document. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Update the Description The IEs listed in the following subsections cannot echo some values that can be seen in a packet. Boucadair & Claise Expires 3 June 2023 [Page 3] Internet-Draft IPFIX IANA Fixes November 2022 3.1. tcpOptions Only options having a kind =< 56 can be included in a tcpOptions IE. An update is required to specify how any observed TCP option in a packet can be exported using IPFIX. 3.2. ipv6ExtensionHeaders The description should be updated to: - reflect missing IPv6 EHs, specifically 139, 140, 253, and 254. - specify how to automatically update the registry when a new value is assigned in [IPv6-EH]. - specify the procedure to follow when all bits are exhausted. 4. Point to An Existing IANA Registry IANA is requested to update the following entries by adding the indicated pointer to an IANA registry under "Additional Information" of [IANA-IPFIX]: Boucadair & Claise Expires 3 June 2023 [Page 4] Internet-Draft IPFIX IANA Fixes November 2022 +=======================+===========================================+ |IE |Additional Information | +=======================+===========================================+ |icmpTypeCodeIPv4 |https://www.iana.org/assignments/icmp- | | |parameters/icmp-parameters.xhtml | +-----------------------+-------------------------------------------+ |igmpType |https://www.iana.org/assignments/igmp-type-| | |numbers/igmp-type-numbers.xhtml#igmp-type- | | |numbers-1 | +-----------------------+-------------------------------------------+ |icmpTypeCodeIPv6 |https://www.iana.org/assignments/icmpv6- | | |parameters/icmpv6-parameters.xhtml | +-----------------------+-------------------------------------------+ |icmpTypeIPv4 |https://www.iana.org/assignments/icmp- | | |parameters/icmp-parameters.xhtml#icmp- | | |parameters-types | +-----------------------+-------------------------------------------+ |icmpCodeIPv4 |https://www.iana.org/assignments/icmp- | | |parameters/icmp-parameters.xhtml#icmp- | | |parameters-codes | +-----------------------+-------------------------------------------+ |icmpTypeIPv6 |https://www.iana.org/assignments/icmpv6- | | |parameters/ | | |icmpv6-parameters.xhtml#icmpv6-parameters-2| +-----------------------+-------------------------------------------+ |icmpCodeIPv6 |https://www.iana.org/assignments/icmpv6- | | |parameters/ | | |icmpv6-parameters.xhtml#icmpv6-parameters-3| +-----------------------+-------------------------------------------+ |privateEnterpriseNumber|https://www.iana.org/assignments/ | | |enterprise-numbers/enterprise-numbers | +-----------------------+-------------------------------------------+ Table 1: Cite an IANA Registry under Additional Information 5. Consistent Citation of Registries IANA is requested to update [IANA-IPFIX] for each of the IE entries listed in the following subsections. 5.1. flowEndReason * OLD: - Description: The reason for Flow termination. Values are listed in the flowEndReason registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-flow- end-reason. Boucadair & Claise Expires 3 June 2023 [Page 5] Internet-Draft IPFIX IANA Fixes November 2022 - Additional Information: * NEW: - Description: The reason for Flow termination. Values are listed in the flowEndReason registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-flow- end-reason. 5.2. natOriginatingAddressRealm * OLD: - Description: Indicates whether the session was created because traffic originated in the private or public address realm. postNATSourceIPv4Address, postNATDestinationIPv4Address, postNAPTSourceTransportPort, and postNAPTDestinationTransportPort are qualified with the address realm in perspective. Values are listed in the natOriginatingAddressRealm registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- originating-address-realm. - Additional Information: See [RFC3022] for the definition of NAT. * NEW: - Description: Indicates whether the session was created because traffic originated in the private or public address realm. postNATSourceIPv4Address, postNATDestinationIPv4Address, postNAPTSourceTransportPort, and postNAPTDestinationTransportPort are qualified with the address realm in perspective. Values are listed in the natOriginatingAddressRealm registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- originating-address-realm. See [RFC3022] for the definition of NAT. 5.3. natEvent * OLD: Boucadair & Claise Expires 3 June 2023 [Page 6] Internet-Draft IPFIX IANA Fixes November 2022 - Description: This Information Element identifies a NAT event. This IE identifies the type of a NAT event. Examples of NAT events include, but are not limited to, NAT translation create, NAT translation delete, Threshold Reached, or Threshold Exceeded, etc. Values for this Information Element are listed in the "NAT Event Type" registry, see https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- event-type. - Additional Information: See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. See [RFC8158] for the definitions of values 4-16. * NEW: - Description: This Information Element identifies a NAT event. This IE identifies the type of a NAT event. Examples of NAT events include, but are not limited to, NAT translation create, NAT translation delete, Threshold Reached, or Threshold Exceeded, etc. Values for this Information Element are listed in the "NAT Event Type" registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- event-type. See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. See [RFC8158] for the definitions of values 4-16. 5.4. firewallEvent * OLD: - Description: Indicates a firewall event. Allowed values are listed in the firewallEvent registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- firewall-event. - Additional Information: * NEW: - Description: Indicates a firewall event. Allowed values are listed in the firewallEvent registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- firewall-event. Boucadair & Claise Expires 3 June 2023 [Page 7] Internet-Draft IPFIX IANA Fixes November 2022 5.5. biflowDirection * OLD: - Description: A description of the direction assignment method used to assign the Biflow Source and Destination. This Information Element MAY be present in a Flow Data Record, or applied to all flows exported from an Exporting Process or Observation Domain using IPFIX Options. If this Information Element is not present in a Flow Record or associated with a Biflow via scope, it is assumed that the configuration of the direction assignment method is done out-of-band. Note that when using IPFIX Options to apply this Information Element to all flows within an Observation Domain or from an Exporting Process, the Option SHOULD be sent reliably. If reliable transport is not available (i.e., when using UDP), this Information Element SHOULD appear in each Flow Record. Values are listed in the biflowDirection registry. See [https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- biflow-direction]. - Additional Information: * NEW: - Description: A description of the direction assignment method used to assign the Biflow Source and Destination. This Information Element MAY be present in a Flow Data Record, or applied to all flows exported from an Exporting Process or Observation Domain using IPFIX Options. If this Information Element is not present in a Flow Record or associated with a Biflow via scope, it is assumed that the configuration of the direction assignment method is done out-of-band. Note that when using IPFIX Options to apply this Information Element to all flows within an Observation Domain or from an Exporting Process, the Option SHOULD be sent reliably. If reliable transport is not available (i.e., when using UDP), this Information Element SHOULD appear in each Flow Record. Values are listed in the biflowDirection registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- biflow-direction. 5.6. observationPointType * OLD: Boucadair & Claise Expires 3 June 2023 [Page 8] Internet-Draft IPFIX IANA Fixes November 2022 - Description: Type of observation point. Values are listed in the observationPointType registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- observation-point-type. - Additional Information: * NEW: - Description: Type of observation point. Values are listed in the observationPointType registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- observation-point-type. 5.7. anonymizationTechnique * OLD: - Description: A description of the anonymization technique applied to a referenced Information Element within a referenced Template. Each technique may be applicable only to certain Information Elements and recommended only for certain Information Elements. Values are listed in the anonymizationTechnique registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- anonymization-technique. - Additional Information: * NEW: - Description: A description of the anonymization technique applied to a referenced Information Element within a referenced Template. Each technique may be applicable only to certain Information Elements and recommended only for certain Information Elements. Values are listed in the anonymizationTechnique registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- anonymization-technique. 5.8. natType * OLD: Boucadair & Claise Expires 3 June 2023 [Page 9] Internet-Draft IPFIX IANA Fixes November 2022 - Description: Values are listed in the natType registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- type. - Additional Information: See [RFC3022] for the definition of NAT. See [RFC1631] for the definition of NAT44. See [RFC6144] for the definition of NAT64. See [RFC6146] for the definition of NAT46. See [RFC6296] for the definition of NAT66. See [RFC0791] for the definition of IPv4. See [RFC8200] for the definition of IPv6. * NEW: - Description: Values are listed in the natType registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- type. See [RFC3022] for the definition of NAT. See [RFC1631] for the definition of NAT44. See [RFC6144] for the definition of NAT64. See [RFC6146] for the definition of NAT46. See [RFC6296] for the definition of NAT66. See [RFC0791] for the definition of IPv4. See [RFC8200] for the definition of IPv6. 5.9. selectorAlgorithm * OLD: - Description: This Information Element identifies the packet selection methods (e.g., Filtering, Sampling) that are applied by the Selection Process. Most of these methods have parameters. Further Information Elements are needed to fully specify packet selection with these methods and all their parameters. The methods listed below are defined in [RFC5475]. For their parameters, Information Elements are defined in the information model document. The names of these Information Elements are listed for each method identifier. Further method identifiers may be added to the list below. It might be necessary to define new Information Elements to specify their parameters. The following packet selection methods identifiers are defined here: https://www.iana.org/assignments/psamp- parameters. There is a broad variety of possible parameters that could be used for Property match Filtering (5) but currently there are no agreed parameters specified. - Additional Information: * NEW: Boucadair & Claise Expires 3 June 2023 [Page 10] Internet-Draft IPFIX IANA Fixes November 2022 - Description: This Information Element identifies the packet selection methods (e.g., Filtering, Sampling) that are applied by the Selection Process. Most of these methods have parameters. Further Information Elements are needed to fully specify packet selection with these methods and all their parameters. The methods listed below are defined in [RFC5475]. For their parameters, Information Elements are defined in the information model document. The names of these Information Elements are listed for each method identifier. Further method identifiers may be added to the list. It might be necessary to define new Information Elements to specify their parameters. There is a broad variety of possible parameters that could be used for Property match Filtering (5) but currently there are no agreed parameters specified. - Additional Information: See https://www.iana.org/assignments/ psamp-parameters 5.10. informationElementDataType * OLD: - Description: A description of the abstract data type of an IPFIX information element.These are taken from the abstract data types defined in section 3.1 of the IPFIX Information Model [RFC5102]; see that section for more information on the types described in the [informationElementDataType] subregistry. These types are registered in the IANA IPFIX Information Element Data Type subregistry. This subregistry is intended to assign numbers for type names, not to provide a mechanism for adding data types to the IPFIX Protocol, and as such requires a Standards Action [RFC8126] to modify. - Additional Information: * NEW: - Description: A description of the abstract data type of an IPFIX information element.These are taken from the abstract data types defined in section 3.1 of the IPFIX Information Model [RFC5102]; see that section for more information on the types described in the [informationElementDataType] subregistry. These types are registered in the IANA IPFIX Information Element Data Type subregistry. This subregistry is intended to assign numbers for type names, not to provide a mechanism for adding data types to the IPFIX Protocol, and as such requires a Standards Action [RFC8126] to modify. Boucadair & Claise Expires 3 June 2023 [Page 11] Internet-Draft IPFIX IANA Fixes November 2022 - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- information-element-data-types 5.11. informationElementSemantics * OLD: - Description: A description of the semantics of an IPFIX Information Element. These are taken from the data type semantics defined in section 3.2 of the IPFIX Information Model [RFC5102]; see that section for more information on the types defined in the [IPFIX Information Element Semantics] subregistry. This field may take the values in the semantics registry; the special value 0x00 (default) is used to note that no semantics apply to the field; it cannot be manipulated by a Collecting Process or File Reader that does not understand it a priori. These semantics are registered in the IANA IPFIX Information Element Semantics subregistry. This subregistry is intended to assign numbers for semantics names, not to provide a mechanism for adding semantics to the IPFIX Protocol, and as such requires a Standards Action [RFC8126] to modify. - Additional Information: * NEW: - Description: A description of the semantics of an IPFIX Information Element. These are taken from the data type semantics defined in section 3.2 of the IPFIX Information Model [RFC5102]; see that section for more information on the types defined in the [IPFIX Information Element Semantics] subregistry. This field may take the values in the semantics registry; the special value 0x00 (default) is used to note that no semantics apply to the field; it cannot be manipulated by a Collecting Process or File Reader that does not understand it a priori. These semantics are registered in the IANA IPFIX Information Element Semantics subregistry. This subregistry is intended to assign numbers for semantics names, not to provide a mechanism for adding semantics to the IPFIX Protocol, and as such requires a Standards Action [RFC8126] to modify. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- information-element-semantic Boucadair & Claise Expires 3 June 2023 [Page 12] Internet-Draft IPFIX IANA Fixes November 2022 5.12. informationElementUnits * OLD: - Description: A description of the units of an IPFIX Information Element. These correspond to the units implicitly defined in the Information Element definitions in section 5 of the IPFIX Information Model [RFC5102]; see that section for more information on the types described in the informationElementsUnits subregistry. This field may take the values in Table 3 below; the special value 0x00 (none) is used to note that the field is unitless. These types are registered in the [IANA IPFIX Information Element Units] subregistry. - Additional Information: * NEW: - Description: A description of the units of an IPFIX Information Element. These correspond to the units implicitly defined in the Information Element definitions in section 5 of the IPFIX Information Model [RFC5102]; see that section for more information on the types described in the informationElementsUnits subregistry. This field may take the values in Table 3 below; the special value 0x00 (none) is used to note that the field is unitless. These types are registered in the [IANA IPFIX Information Element Units] subregistry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- information-element-units 5.13. portRangeStart * OLD: - Description: The port number identifying the start of a range of ports. A value of zero indicates that the range start is not specified, ie the range is defined in some other way. Additional information on defined TCP port numbers can be found at https://www.iana.org/assignments/service-names-port-numbers. - Additional Information: * NEW: Boucadair & Claise Expires 3 June 2023 [Page 13] Internet-Draft IPFIX IANA Fixes November 2022 - Description: The port number identifying the start of a range of ports. A value of zero indicates that the range start is not specified, i.e., the range is defined in some other way. - Additional Information: Additional information on defined TCP port numbers can be found at https://www.iana.org/assignments/ service-names-port-numbers. 5.14. portRangeEnd * OLD: - Description: The port number identifying the end of a range of ports. A value of zero indicates that the range end is not specified, ie the range is defined in some other way. Additional information on defined TCP port numbers can be found at https://www.iana.org/assignments/service-names-port-numbers. - Additional Information: * NEW: - Description: The port number identifying the end of a range of ports. A value of zero indicates that the range end is not specified, i.e., the range is defined in some other way. - Additional Information: Additional information on defined TCP port numbers can be found at https://www.iana.org/assignments/ service-names-port-numbers. 5.15. ingressInterfaceType * OLD: - Description: The type of interface where packets of this Flow are being received. The value matches the value of managed object 'ifType' as defined in https://www.iana.org/assignments/ ianaiftype-mib. - Additional Information: https://www.iana.org/assignments/ ianaiftype-mib * NEW: - Description: The type of interface where packets of this Flow are being received. The value matches the value of managed object 'ifType'. Boucadair & Claise Expires 3 June 2023 [Page 14] Internet-Draft IPFIX IANA Fixes November 2022 - Additional Information: See https://www.iana.org/assignments/ ianaiftype-mib 5.16. egressInterfaceType * OLD: - Description: The type of interface where packets of this Flow are being sent. The value matches the value of managed object 'ifType' as defined in https://www.iana.org/assignments/ ianaiftype-mib. - Additional Information: https://www.iana.org/assignments/ ianaiftype-mib * NEW: - Description: The type of interface where packets of this Flow are being sent. The value matches the value of managed object 'ifType'. - Additional Information: See https://www.iana.org/assignments/ ianaiftype-mib 5.17. valueDistributionMethod * OLD: - Description: A description of the method used to distribute the counters from Contributing Flows into the Aggregated Flow records described by an associated scope, generally a Template. The method is deemed to apply to all the non-key Information Elements in the referenced scope for which value distribution is a valid operation; if the originalFlowsInitiated and/or originalFlowsCompleted Information Elements appear in the Template, they are not subject to this distribution method, as they each infer their own distribution method. The valueDistributionMethod registry is intended to list a complete set of possible value distribution methods. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-value- distribution-method. - Additional Information: * NEW: Boucadair & Claise Expires 3 June 2023 [Page 15] Internet-Draft IPFIX IANA Fixes November 2022 - Description: A description of the method used to distribute the counters from Contributing Flows into the Aggregated Flow records described by an associated scope, generally a Template. The method is deemed to apply to all the non-key Information Elements in the referenced scope for which value distribution is a valid operation; if the originalFlowsInitiated and/or originalFlowsCompleted Information Elements appear in the Template, they are not subject to this distribution method, as they each infer their own distribution method. The valueDistributionMethod registry is intended to list a complete set of possible value distribution methods. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-value- distribution-method. 5.18. flowSelectorAlgorithm * OLD: - Description: This Information Element identifies the Intermediate Flow Selection Process technique (e.g., Filtering, Sampling) that is applied by the Intermediate Flow Selection Process. Most of these techniques have parameters. Its configuration parameter(s) MUST be clearly specified. Further Information Elements are needed to fully specify packet selection with these methods and all their parameters. Further method identifiers may be added to the flowSelectorAlgorithm registry. It might be necessary to define new Information Elements to specify their parameters. Please note that the purpose of the flow selection techniques described in this document is the improvement of measurement functions as defined in the Scope (Section 1). The Intermediate Flow Selection Process Techniques identifiers are defined at https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- flowselectoralgorithm. - Additional Information: * NEW: - Description: This Information Element identifies the Intermediate Flow Selection Process technique (e.g., Filtering, Sampling) that is applied by the Intermediate Flow Selection Process. Most of these techniques have parameters. Its configuration parameter(s) MUST be clearly specified. Further Information Elements are needed to fully specify packet selection with these methods and all their parameters. Further Boucadair & Claise Expires 3 June 2023 [Page 16] Internet-Draft IPFIX IANA Fixes November 2022 method identifiers may be added to the flowSelectorAlgorithm registry. It might be necessary to define new Information Elements to specify their parameters. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix- flowselectoralgorithm. 5.19. dataLinkFrameType * OLD: - Description: This Information Element specifies the type of the selected data link frame. Data link types are defined in the dataLinkFrameType registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-data- link-frame-type. Further values may be assigned by IANA. Note that the assigned values are bits so that multiple observations can be OR'd together. The data link layer is defined in [ISO/ IEC.7498-1:1994]. - Additional Information: [IEEE802.3][IEEE802.11][ISO/ IEC.7498-1:1994] * NEW: - Description: This Information Element specifies the type of the selected data link frame. Data link types are defined in the dataLinkFrameType registry. Further values may be assigned by IANA. Note that the assigned values are bits so that multiple observations can be OR'd together. The data link layer is defined in [ISO/IEC.7498-1:1994]. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-data- link-frame-type. [IEEE802.3][IEEE802.11][ISO/IEC.7498-1:1994] 5.20. mibCaptureTimeSemantics * OLD: - Description: Indicates when in the lifetime of the Flow the MIB value was retrieved from the MIB for a mibObjectIdentifier. This is used to indicate if the value exported was collected from the MIB closer to Flow creation or Flow export time and refers to the Timestamp fields included in the same Data Record. This field SHOULD be used when exporting a mibObjectValue that specifies counters or statistics. If the Boucadair & Claise Expires 3 June 2023 [Page 17] Internet-Draft IPFIX IANA Fixes November 2022 MIB value was sampled by SNMP prior to the IPFIX Metering Process or Exporting Process retrieving the value (i.e., the data is already stale) and it is important to know the exact sampling time, then an additional observationTime* element should be paired with the OID using IPFIX Structured Data [RFC6313]. Similarly, if different MIB capture times apply to different mibObjectValue elements within the Data Record, then individual mibCaptureTimeSemantics Information Elements should be paired with each OID using IPFIX Structured Data. Values are listed in the mibCaptureTimeSemantics registry. See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-mib- capture-time-semantics. - Additional Information: * NEW: - Description: Indicates when in the lifetime of the Flow the MIB value was retrieved from the MIB for a mibObjectIdentifier. This is used to indicate if the value exported was collected from the MIB closer to Flow creation or Flow export time and refers to the Timestamp fields included in the same Data Record. This field SHOULD be used when exporting a mibObjectValue that specifies counters or statistics. If the MIB value was sampled by SNMP prior to the IPFIX Metering Process or Exporting Process retrieving the value (i.e., the data is already stale) and it is important to know the exact sampling time, then an additional observationTime* element should be paired with the OID using IPFIX Structured Data [RFC6313]. Similarly, if different MIB capture times apply to different mibObjectValue elements within the Data Record, then individual mibCaptureTimeSemantics Information Elements should be paired with each OID using IPFIX Structured Data. Values are listed in the mibCaptureTimeSemantics registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-mib- capture-time-semantics 5.21. natQuotaExceededEvent * OLD: - Description: This Information Element identifies the type of a NAT Quota Exceeded event. Values for this Information Element are listed in the "NAT Quota Exceeded Event Type" registry, see https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- quota-exceeded-event. Boucadair & Claise Expires 3 June 2023 [Page 18] Internet-Draft IPFIX IANA Fixes November 2022 - Additional Information: See [RFC0791] for the definition of the IPv4 source address field. See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. * NEW: - Description: This Information Element identifies the type of a NAT Quota Exceeded event. Values for this Information Element are listed in the "NAT Quota Exceeded Event Type" registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- quota-exceeded-event. See [RFC0791] for the definition of the IPv4 source address field. See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. 5.22. natThresholdEvent * OLD: - Description: This Information Element identifies a type of a NAT Threshold event. Values for this Information Element are listed in the "NAT Threshold Event Type" registry, see https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- threshold-event. - Additional Information: See [RFC0791] for the definition of the IPv4 source address field. See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. * NEW: - Description: This Information Element identifies a type of a NAT Threshold event. Values for this Information Element are listed in the "NAT Threshold Event Type" registry. - Additional Information: See https://www.iana.org/assignments/ipfix/ipfix.xhtml#ipfix-nat- threshold-event. See [RFC0791] for the definition of the IPv4 source address field. See [RFC3022] for the definition of NAT. See [RFC3234] for the definition of middleboxes. 6. Security Considerations IPFIX security considerations are discussed in Section 8 of [RFC7012]. Boucadair & Claise Expires 3 June 2023 [Page 19] Internet-Draft IPFIX IANA Fixes November 2022 7. IANA Considerations Requested IANA actions are described in the main document. These actions are not repeated here. 8. References 8.1. Normative References [IANA-IPFIX] "IP Flow Information Export (IPFIX) Entities", November 2022, . [IPv6-EH] "Internet Protocol Version 6 (IPv6) Parameters, IPv6 Extension Header Types", November 2022, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, DOI 10.17487/RFC7012, September 2013, . [RFC7125] Trammell, B. and P. Aitken, "Revision of the tcpControlBits IP Flow Information Export (IPFIX) Information Element", RFC 7125, DOI 10.17487/RFC7125, February 2014, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 8.2. Informative References [I-D.boucadair-opsawg-rfc7125-update] Boucadair, M., "An Update to the tcpControlBits IP Flow Information Export (IPFIX) Information Element", Work in Progress, Internet-Draft, draft-boucadair-opsawg-rfc7125- update-01, 20 September 2022, . Boucadair & Claise Expires 3 June 2023 [Page 20] Internet-Draft IPFIX IANA Fixes November 2022 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . [RFC1631] Egevang, K. and P. Francis, "The IP Network Address Translator (NAT)", RFC 1631, DOI 10.17487/RFC1631, May 1994, . [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, DOI 10.17487/RFC3022, January 2001, . [RFC3234] Carpenter, B. and S. Brim, "Middleboxes: Taxonomy and Issues", RFC 3234, DOI 10.17487/RFC3234, February 2002, . [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, DOI 10.17487/RFC5102, January 2008, . [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. Raspall, "Sampling and Filtering Techniques for IP Packet Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009, . [RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for IPv4/IPv6 Translation", RFC 6144, DOI 10.17487/RFC6144, April 2011, . [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, April 2011, . [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, . [RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, "Export of Structured Data in IP Flow Information Export (IPFIX)", RFC 6313, DOI 10.17487/RFC6313, July 2011, . Boucadair & Claise Expires 3 June 2023 [Page 21] Internet-Draft IPFIX IANA Fixes November 2022 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8158] Sivakumar, S. and R. Penno, "IP Flow Information Export (IPFIX) Information Elements for Logging NAT Events", RFC 8158, DOI 10.17487/RFC8158, December 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . Acknowledgments TODO acknowledge. Authors' Addresses Mohamed Boucadair Orange Email: mohamed.boucadair@orange.com Benoit Claise Huawei Email: benoit.claise@huawei.com Boucadair & Claise Expires 3 June 2023 [Page 22]