IP Flow Information Export (ipfix) ---------------------------------- Charter Last Modified: 2007-03-06 Current Status: Active Working Group Chair(s): Nevil Brownlee Juergen Quittek Operations and Management Area Director(s): Dan Romascanu Ronald Bonica Operations and Management Area Advisor: Dan Romascanu Mailing Lists: General Discussion:ipfix@ietf.org To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix Archive: http://www1.ietf.org/mail-archive/web/ipfix/current/index.html Description of Working Group: The IPFIX working group has specified the Information Model (to describe IP flows) and the IPFIX protocol (to transfer IP flow data from IPFIX exporters to collectors). The PSAMP working group has specified the usage of the IPFIX protocol for exporting packet records. With both specifications available, several implementers have started building applications using the IPFIX protocol. At two interoperability testing events, several IPFIX protocol implementations were tested. The experiences made at these events were fed back to IPFIX protocol specification, particularly for removing ambiguities. In addition, several lessons were learned about how to implement and use IPFIX correctly and efficiently. The exchange among different implementers further led to new ideas for advanced usage of IPFIX. Many of these ideas are currently documented in individual Internet drafts. The goal of the IPFIX working group is now to produce 'best current practice' and 'guideline' documents concerning implementation, application and usage of the IPFIX protocol. Modifications to the core IPFIX and PSAMP protocol specifications is out of scope for this charter. However, the definition of new IPFIX and PSAMP information elements is within the scope of this charter. Specific Goals o Develop guidelines for implementers based on experiences gained individually by implementers and jointly at interoperability testing events. The guidelines will give recommendations for integrating IPFIX observation points, metering processes, exporting processes and collecting processes into the packet flow at different kinds of IPFIX devices. They will make suggestions for efficient implementation of the IPFIX protocol features and identify parts of the IPFIX specification that have already been misunderstood by several implementors. For some implementation choices that the protocol specification leaves to the implementer, the guidelines will discuss advantages and disadvantages of the different choices. Several recent individual drafts call for new Information Elements; The implementation guidelines will explain procedures for requesting, reviewing and approving new IEs. Deliverables: 1. IPFIX Implementation Guidelines draft, to be an Informational RFC (6 months) 2. IPFIX Testing draft, to be an Informational RFC (6 months) o Develop methods and means for an efficient use of the IPFIX protocol by reducing redundancy in flow reports. The basic idea to be followed is very simple. For multiple flow records that all report the same value in one or more of the contained IPFIX information elements, those values are removed from the flow records and instead reported once for all in a separate record. Such an approach integrates very well with the IPFIX protocol and only needs a few simple methods for expressing the relationship between flow records and corresponding separate records. Deliverable: 3. IPFIX Reducing Redundancy, to be an Informational RFC (6 months) o Create an IPFIX MIB, for reporting information and statistics of IPFIX metering, exporting and collecing processes. Much of this work has already been done by the PSAMP working group, and by individuals working on IPFIX collectors. Deliverable: 4. IPFIX MIB, to be a Standards Track RFC (12 months) o Develop an effective method for exporting information about bidirectional flows ('biflows'). The IP security community has expressed a strong need to collect data on bidrectional flows. A recent individual draft discusses several different ways to support biflows in IPFIX - this work will produce a single, best-practice method for handling them, without requiring changes to the IPFIX protocol. Deliverable: 5. IPFIX Biflow draft, to be an Informational RFC (12 months) Goals and Milestones: Done Submit Revised Internet-Draft on IP Flow Export Requirements Done Submit Internet-Draft on IP Flow Export Architecture Done Submit Internet-Draft on IP Flow Export Data Model Done Submit Internet-Draft on IPFIX Protocol Evaluation Report Done Submit Internet-Draft on IP Flow Export Applicability Statement Done Select IPFIX protocol, revise Architecture and Data Model drafts Done Submit IPFX-REQUIREMENTS to IESG for publication as Informational RFC Done Submit IPFIX Protocol Evaluation Report to IESG for publication as Informational RFC Done Submit IPFX-ARCHITECTURE to IESG for publication as Proposed Standard RFC Done Submit IPFX-INFO_MODEL to IESG for publication as Informational RFC Done Submit IPFX-APPLICABILITY to IESG for publication as Informational RFC Done Submit IPFX-PROTOCOL to IESG for publication as Proposed Standard RFC Done Publish Internet Draft on IPFIX Implementation Guidelines Done Publish Internet Draft on Reducing Redundancy in IPFIX data transfer Done Publish Internet Draft on Handling IPFIX Bidirectional Flows Done Publish Internet Draft on IPFIX Testing Done Publish Internet Draft on IPFIX MIB Nov 2006 Submit IPFIX Implementation Guidelines draft to IESG for publication as Informational RFC Nov 2006 Submit IPFIX Testing draft to IESG for publication as Informational RFC Nov 2006 Submit IPFIX Reducing Redundancy draft to IESG for publication as Informational RFC Mar 2007 Submit IPFIX Biflows draft to IESG for publication as Informational RFC Mar 2007 Submit IPFIX MIB draft to IESG for publication as Standards track RFC Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Feb 2002 Sep 2006 Architecture for IP Flow Information Export Jun 2003 Feb 2007 Information Model for IP Flow Information Export Jun 2003 Nov 2006 Specification of the IPFIX Protocol for the Exchange Jun 2003 Feb 2007 IPFIX Applicability Sep 2006 Jun 2007 IPFIX Implementation Guidelines Sep 2006 May 2007 Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports Sep 2006 Apr 2007 Bidirectional Flow Export using IPFIX Feb 2007 Feb 2007 Definitions of Managed Objects for IP Flow Information Export Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC3917 I Oct 2004 Requirements for IP Flow Information Export RFC3955 I Nov 2004 Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX)