Internet-Draft Reporting Equivalent IPFIX IEs Dec 2013 IPFIX Working Group P. Aitken Internet-Draft Cisco Systems Intended status: Standards Track Expires: July 1, 2014 December 27, 2013 Reporting Equivalent IPFIX Information Elements draft-aitken-ipfix-equivalent-ies-01 Abstract This document specifies a method for an IPFIX Exporting Process to inform an IPFIX Collecting Process of equivalence between different Information Elements, so that the Collecting Process can understand the equivalence and be enabled to process data across a change of Information Elements. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 1, 2014. Aitken Expires Jul 2014 [Page 1] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Table of Contents 1 Introduction ........................................... 4 2 Terminology ............................................ 6 3 Method ................................................. 6 3.1 Equivalence Message Format ............................. 6 4 The Collecting Process's Side .......................... 9 5 Security Considerations ................................ 9 6 IANA Considerations .................................... 10 7 References ............................................. 11 7.1 Normative References ................................... 11 7.2 Informative References ................................. 12 8 Acknowledgements ....................................... 12 9 Author's Addresses ..................................... 12 Aitken Expires Jul 2014 [Page 2] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 1 Introduction The IPFIX Protocol [RFC7011] can export a large number of Information Elements, including standard Information Elements specified in the IPFIX information model [RFC7012], Information Elements in IANA's IPFIX registry [IANA-IPFIX], enterprise-specific Information Elements [RFC7011], and Information Elements that are backwards compatible with NetFlow Version 9 [RFC3954]. From time to time, an Exporting Process may export the same information using different Information Elements from before. Use cases include: * Enterprise-specific Information Elements have been standardized, so the Exporting Process is changed to export the IANA standard Information Elements [IANA-IPFIX] rather than the enterprise-specific Information Elements. * The Exporting Process is changed to export IANA standard Information Elements [IANA-IPFIX] rather than NetFlow version 9 fields [RFC3954]. * The Exporting Process is updated to export different enterprise-specific Information Elements. * An updated Metering Process requests that the Exporting Process exports using different Information Elements from before. * An Exporting Process which does not implement [IPFIX-MIB-VARIABLE-EXPORT] indicates that an enterprise-specific Information Element contains the same information as a specific MIB OID. In each case it's important to note that the same information is being exported. The only change is in the Information Element used to export the information. Since different Information Elements are now being used to express the same information, the Collecting Process cannot process data received before the change with data received after the change, because the Collecting Process does not know that these Information Elements are related. It's not possible to compare, aggregate, or sort data across such a change without first understanding that the old and new Information Elements are equivalent. Aitken Expires Jul 2014 [Page 3] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 Furthermore, it's impossible for every Collecting Process to know how each IANA standard Information Element [IANA-IPFIX] relates to every company's enterprise-specific Information Elements. i.e., a Collecting Process from company X cannot be expected to know that company Y's Exporting Process exports enterprise-specific field Z which is equivalent to a certain IANA standard element. This document specifies a method for an Exporting Process to inform a Collecting Process of such equivalence, so that the Collecting Process is able to process data across the change. 2 Terminology Original Information Element: The Original Information Element specifies the old Information Element which has been exported until now. Equivalent Information Element: The Equivalent Information Element specifies the new Information Element which will been exported in future. IE: Shorthand for "Information Element" in the figures. Other terms used in this document are defined in the Terminology section of the IPFIX Protocol [RFC7011] and are to be interpreted as defined there. Aitken Expires Jul 2014 [Page 4] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 3 Method An Exporting Process informs a Collecting Process of the equivalence of a pair of IPFIX Information Elements by exporting an IPFIX Equivalence Message. Equivalence Messages SHOULD be sent by the Exporting Process upon opening a new Transport Session, before any other IPFIX Messages are exported. In any case, an Equivalence Message MUST be sent before exporting the Equivalent Information Element(s) to which it pertains. i.e. Equivalence Messages do not apply retrospectively. An Equivalence Message may be sent in an Options Record Scoped to the Exporter. Multiple Equivalence Messages may be sent using IPFIX Structured Data [RFC6313]. 3.1 Equivalence Message Format The Equivalence Message consists of an original Information Element in the "informationElementId" field (#303), followed by the equivalent Information Element in the "equivalentElementId" field (#TBD), using the Template shown in Figure 1 and Data Record shown in Figure 2: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |E| informationElementId #303 | Field Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |E| equivalentElementId #TBD | Field Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Template for Equivalence Message --+-+---------------+-+---------------+-- ... |E| Original IE |E| Equivalent IE | ... --+-+---------------+-+---------------+-- Figure 2: Equivalence Message Data Record The encoding of these Information Elements follows the rules specified in [RFC7011]. Aitken Expires Jul 2014 [Page 5] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 3.1.1 Equivalence between IANA standard Information Elements When the Original Information Element and the Equivalent Information Element are both IANA standard elements [IANA-IPFIX], both of the E bits are zero and the Equivalence Message is as shown in Figure 1. 3.1.2 Equivalence Message with an Enterprise-Specific Original Information Element When the Original Information Element is enterprise-specific, the Original Information Element's E bit is set and the Information Element number is immediately followed by the corresponding Private Enterprise Number [PEN], as shown in Figure 3: +-+---------------+----------------------------------+-+---------------+ |1| Original IE | Private Enterprise Number |0| Equivalent IE | +-+---------------+----------------------------------+-+---------------+ Figure 3: Equivalence Message with an Enterprise-Specific Original Information Element This allows an enterprise-specific Information Element to be specified as equivalent to an IANA standard Information Element. 3.1.3 Equivalence Message with an Enterprise-Specific Equivalent Information Element When the Equivalent Information Element is enterprise-specific, the Equivalent Information Element's E bit is set and the Information Element number is immediately followed by the corresponding Private Enterprise Number [PEN] as shown in Figure 4: +-+---------------+-+---------------+----------------------------------+ |0| Original IE |1| Equivalent IE | Private Enterprise Number | +-+---------------+-+---------------+----------------------------------+ Figure 4: Equivalence Message with an Enterprise-Specific Equivalent Information Element This allows an IANA standard Information Element to be specified as equivalent to an enterprise-specific Information Element. Aitken Expires Jul 2014 [Page 6] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 3.1.4 Equivalence Message with an Enterprise-Specific Original Information Element and Enterprise-Specific Equivalent Information Element When both of the Information Elements are enterprise-specific, both of the E bits are set and both Information Element numbers are immediately followed by their corresponding Private Enterprise Number [PEN] as shown in Figure 5: +-+---------------+----------------------------------+ |1| Original IE | Private Enterprise Number | ... +-+---------------+----------------------------------+ +-+---------------+----------------------------------+ ... |1| Equivalent IE | Private Enterprise Number | +-+---------------+----------------------------------+ Figure 5: Equivalence Message with two enterprise-specific Information Elements This allows two enterprise-specific Information Elements to be specified as equivalent. Note that the Private Enterprise Numbers do not have to be equal. i.e., the Information Elements may belong to different Private Enterprises. Aitken Expires Jul 2014 [Page 7] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 3.1.5 Equivalence Message with a MIB Object Original Information Element In this special case, the Equivalence Message Template contains a MIB Object Identifier [IPFIX-MIB-VARIABLE-EXPORT] with the corresponding E bit set to zero, followed by the equivalentElementId, as shown in Figure 6: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| mibObjectIdentifier #MIB | Field Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |E| equivalentElementId #TBD | Field Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: Template for MIB Object Equivalence Message The MIB object details for the Original Information Element are specified per [IPFIX-MIB-VARIABLE-EXPORT]. The Equivalent Information Element may be an IANA standard Information Element as shown in Figure 7, or an enterprise-specific Information Element as shown in Figure 8. +-+---------------+-+---------------+ |0|mibObjectIdent.|0| Equivalent IE | +-+---------------+-+---------------+ Figure 7: MIB Equivalence Message with an IANA-standard Information Element +-+---------------+-+---------------+----------------------------------+ |0|mibObjectIdent.|1| Equivalent IE | Private Enterprise Number | +-+---------------+-+---------------+----------------------------------+ Figure 8: MIB Equivalence Message with an Enterprise-Specific Information Element 4 The Collecting Process's Side Equivalence Messages have global scope, unless they're sent in an Options Message with a more restrictive scope, e.g. an Options Record Scoped to the Exporter. i.e., unless otherwise restricted, the specified equivalence applies to all devices. Therefore the Collecting Process does not need to maintain equivalence per device. Aitken Expires Jul 2014 [Page 8] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 5 Security Considerations The same security considerations apply as for the IPFIX Protocol [RFC7011]. 6 IANA Considerations A new Information Element "equivalentElementId" must be allocated in IANA's IPFIX registry, [IANA-IPFIX]: Description: This Information Element contains the ID of an equivalent Information Element, which is specified in an IPFIX Equivalence Message. Abstract Data Type: Unsigned16 Data Type Semantics: identifier ElementId: TBD Status: current Reference: [this document] [RFC-EDITOR: The assigned value "TBD" is to be replaced throughout this document.] Aitken Expires Jul 2014 [Page 9] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 7 References 7.1 Normative References [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, September 2013. [RFC7012] Claise, B., Ed., and B. Trammell, Ed., "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, September 2013. [IANA-IPFIX] IANA, "IPFIX Information Elements registry", . [IPFIX-MIB-VARIABLE-EXPORT] Aitken, P, Claise, B, McDowell, C, and Schonwalder, J, "Exporting MIB Variables using the IPFIX Protocol" (WIP) [RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, BCP 14, RFC 2119, March 1997 7.2 Informative References [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004. [RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, "Export of Structured Data in IP Flow Information Export (IPFIX)", RFC 6313, July 2011. [PEN] IANA, "Private Enterprise Numbers registry", . 8 Acknowledgements Thanks to you, dear reader. Aitken Expires Jul 2014 [Page 10] Internet-Draft Reporting Equivalent IPFIX IEs Feb 2013 9 Author's Address Paul Aitken Cisco Systems, Inc. 96 Commercial Quay Commercial Street Edinburgh, EH6 6LX, UK Phone: +44 131 561 3616 Email: paitken@cisco.com Aitken Expires Jul 2014 [Page 11]