2.4.6 IP Flow Information Export (ipfix)

NOTE: This charter is a snapshot of the 68th IETF Meeting in Prague, Czech Republic. It may now be out-of-date.

Last Modified: 2007-03-06

Chair(s):

Nevil Brownlee <n.brownlee@auckland.ac.nz>
Juergen Quittek <quittek@netlab.nec.de>

Operations and Management Area Director(s):

Dan Romascanu <dromasca@avaya.com>
David Kessens <david.kessens@nokia.com>

Operations and Management Area Advisor:

Dan Romascanu <dromasca@avaya.com>

Mailing Lists:

General Discussion: ipfix@ietf.org
To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix
Archive: http://www1.ietf.org/mail-archive/web/ipfix/current/index.html

Description of Working Group:

There are a number of IP flow information export systems in common
use.  These systems differ significantly, even though some have
adopted a common transport mechanism; such differences make it
difficult to develop generalized flow analysis tools.  As such, there
is a need in industry and the Internet research community for IP
devices such as routers to export flow information in a standard way
to external systems such as mediation systems, accounting/billing
systems, and network management systems to facilitate services such as
Internet research, measurement, accounting, and billing.

An IP flow information export system includes a data model, which
represents the flow information, and a transport protocol.  An
"exporter," which is typically an IP router or IP traffic measurement
device, will employ the IP flow information export system to report
information about "IP flows," these being series of related IP packets
that have been either forwarded or dropped.  The reported flow
information will include both (1) those attributes derived from the IP
packet headers such as source and destination address, protocol, and
port number and (2) those attributes often known only to the exporter
such as ingress and egress ports, IP (sub)net mask, autonomous system
numbers and perhaps sub-IP-layer information.

This group will select a protocol by which IP flow information can be
transferred in a timely fashion from an "exporter" to a collection
station or stations and define an architecture which employs it.  The
protocol must run over an IETF approved congestion-aware transport
protocol such as TCP or SCTP.


Specific Goals

o Define the notion of a "standard IP flow."  The flow definition
  will be a practical one, similar to those currently in use by
  existing non-standard flow information export protocols which
  have attempted to achieve similar goals but have not documented
  their flow definition.

o Devise data encodings that support analysis of IPv4 and IPv6
  unicast and multicast flows traversing a network element at
  packet header level and other levels of aggregation as requested
  by the network operator according to the capabilities of the
  given router implementation.

o Consider the notion of IP flow information export based upon
  packet sampling.


o Identify and address any security privacy concerns affecting
  flow data.  Determine technology for securing the flow information
  export data, e.g. TLS.

o Specify the transport mapping for carrying IP flow information,
  one which is amenable to router and instrumentation implementers,
  and to deployment.

o Ensure that the flow export system is reliable in that it will
  minimize the likelihood of flow data being lost due to resource
  constraints in the exporter or receiver and to accurately report
  such loss if it occurs.

Goals and Milestones:

Done  Submit Revised Internet-Draft on IP Flow Export Requirements
Done  Submit Internet-Draft on IP Flow Export Architecture
Done  Submit Internet-Draft on IP Flow Export Data Model
Done  Submit Internet-Draft on IPFIX Protocol Evaluation Report
Done  Submit Internet-Draft on IP Flow Export Applicability Statement
Done  Select IPFIX protocol, revise Architecture and Data Model drafts
Done  Submit IPFX-REQUIREMENTS to IESG for publication as Informational RFC
Done  Submit IPFIX Protocol Evaluation Report to IESG for publication as Informational RFC
Done  Submit IPFX-ARCHITECTURE to IESG for publication as Proposed Standard RFC
Done  Submit IPFX-INFO_MODEL to IESG for publication as Informational RFC
Done  Submit IPFX-APPLICABILITY to IESG for publication as Informational RFC
Done  Submit IPFX-PROTOCOL to IESG for publication as Proposed Standard RFC
Done  Publish Internet Draft on IPFIX Implementation Guidelines
Done  Publish Internet Draft on Reducing Redundancy in IPFIX data transfer
Done  Publish Internet Draft on Handling IPFIX Bidirectional Flows
Done  Publish Internet Draft on IPFIX Testing
Done  Publish Internet Draft on IPFIX MIB
Nov 2006  Submit IPFIX Implementation Guidelines draft to IESG for publication as Informational RFC
Nov 2006  Submit IPFIX Testing draft to IESG for publication as Informational RFC
Nov 2006  Submit IPFIX Reducing Redundancy draft to IESG for publication as Informational RFC
Mar 2007  Submit IPFIX Biflows draft to IESG for publication as Informational RFC
Mar 2007  Submit IPFIX MIB draft to IESG for publication as Standards track RFC

Internet-Drafts:

  • draft-ietf-ipfix-architecture-12.txt
  • draft-ietf-ipfix-info-15.txt
  • draft-ietf-ipfix-protocol-24.txt
  • draft-ietf-ipfix-as-11.txt
  • draft-ietf-ipfix-implementation-guidelines-02.txt
  • draft-ietf-ipfix-reducing-redundancy-03.txt
  • draft-ietf-ipfix-biflow-03.txt
  • draft-ietf-ipfix-testing-00.txt
  • draft-ietf-ipfix-mib-00.txt

    Request For Comments:

    RFCStatusTitle
    RFC3917 I Requirements for IP Flow Information Export
    RFC3955 I Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX)

    Meeting Minutes


    Slides

    IPFIX WG Status
    'Old Draft' status
    Reducing Redundancy in IPFIX and PSAMP Reports
    IPFIX Implementation Guidelines
    Bidirectional Flow Export using IPFIX
    IPFIX Testing
    IPFIX MIB Status
    PSAMP WG Status
    IPFIX/NetFlow Mediator Implementation and Test Results
    An IPFIX-Based File Format
    Configuration Data Model
    Order of Information Elements