1 / 8

IPFIX – IP Flow Information Expor t Overview Tanja Zseby Fraunhofer FOKUS, Network Research

IPFIX – IP Flow Information Expor t Overview Tanja Zseby Fraunhofer FOKUS, Network Research. IPFIX Architecture. push protocol: periodically IPFIX messages to configured receivers Transport protocols: SCTP (, UDP, TCP). Router. Observation Point. IPFIX. Collector. Exporter. Metering.

jaimin
Download Presentation

IPFIX – IP Flow Information Expor t Overview Tanja Zseby Fraunhofer FOKUS, Network Research

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPFIX – IP Flow Information Export OverviewTanja ZsebyFraunhofer FOKUS, Network Research

  2. IPFIX Architecture • push protocol: periodically IPFIX messages to configured receivers • Transport protocols: SCTP (, UDP, TCP) Router Observation Point IPFIX Collector Exporter Metering IP Traffic

  3. Flow Information Packet Information IPFIX PSAMP Flow Export Packet Export Flow Selection Packet Record Generation Flow Record Generation Aggregation Rules Aggregation Classification Rules Classification Packet Processing Selection Rules Packet Selection Clock Signal Timestamping Snapsize Packet Capturing Core Functions Optional Functions Observation Point IPFIX/PSAMP Measurement Model

  4. Data Representation • Templates in the message stream describe the data sets • Allows flexible and efficient (binary) representation of flows on the wire message message template A template B data A1 data B1 data A2

  5. Information Model • The information model supports reporting a wide variety of information elements (IEs): • “Five-tuple” (IPv4, IPv6 header fields) and standard packet/byte counters • All ICMP, TCP, UDP header fields • Layer 2, VLAN, MPLS, and other sub-IP information • Timestamps down to nanosecond resolution • Packet treatment: e.g., routed next hop and AS • Detailed counters: e.g., sum of squares, flag counters • New IEs registered with IANA • Enterprise-specific IEs for private extensions • New defined IEs • location / GPS information, QoS parameters, spectrum measurements, …

  6. IPFIX Files (RFC5655) • Goal: facilitate interoperability and reusability among a variety of flow storage, processing, and analysis tools • An IPFIX file is any serialized stream of IPFIX Messages. • a “file transport” for IPFIX • binary flow data file format • Meta data via Options Templates • Exporter certificate, time, etc. • Several extensions • Error detection and recovery • Storage of NetFlow v9 data • Signing and encryption • Encapsulation of Non-IPFIX Data in IPFIX Files • Encapsulation of IPFIX Files within Other File Formats

  7. IPFIX Status • Core IPFIX protocol published as RFC in 2008 • RFC5101 - Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information • RFC5102 - Information Model for IP Flow Information Export • Additional RFCs  see http://tools.ietf.org/wg/ipfix/ • Current ongoing work • Configuration, Anonymization, IPFIX mediator, … • Several implementations exist • Use in testbeds • OneLab uses IPFIX for flow and packet data export • Additonal: Reporting sampling rates and CPU utilization • NOVI considers IPFIX as exporting protocol • Integration with OMF planned

  8. Thank You!Contact: tanja.zseby@fokus.fraunhofer.de

More Related