Exporting Type Information for IP Flow Information Export (IPFIX) Information Elements
RFC 5610
| Document | Type | RFC - Proposed Standard (July 2009) Errata | |
|---|---|---|---|
| Authors | Lutz Mark , Elisa Boschi , Tanja Zseby , Brian Trammell | ||
| Last updated | 2020-01-21 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| IESG | Responsible AD | Dan Romascanu | |
| Send notices to | (None) |
RFC 5610
Network Working Group E. Boschi
Request for Comments: 5610 B. Trammell
Category: Standards Track Hitachi Europe
L. Mark
Fraunhofer IFAM
T. Zseby
Fraunhofer FOKUS
July 2009
Exporting Type Information for
IP Flow Information Export (IPFIX) Information Elements
Abstract
This document describes an extension to the IP Flow Information
Export (IPFIX) protocol, which is used to represent and transmit data
from IP flow measurement devices for collection, storage, and
analysis, to allow the encoding of IPFIX Information Model properties
within an IPFIX Message stream. This enables the export of extended
type information for enterprise-specific Information Elements and the
storage of such information within IPFIX Files, facilitating
interoperability and reusability among a wide variety of applications
and tools.
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Boschi, et al. Standards Track [Page 1]
RFC 5610 IPFIX Type Information July 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Type Information Export . . . . . . . . . . . . . . . . . . . 5
3.1. informationElementDataType . . . . . . . . . . . . . . . . 5
3.2. informationElementDescription . . . . . . . . . . . . . . 6
3.3. informationElementName . . . . . . . . . . . . . . . . . . 7
3.4. informationElementRangeBegin . . . . . . . . . . . . . . . 7
3.5. informationElementRangeEnd . . . . . . . . . . . . . . . . 7
3.6. informationElementSemantics . . . . . . . . . . . . . . . 8
3.7. informationElementUnits . . . . . . . . . . . . . . . . . 9
3.8. privateEnterpriseNumber . . . . . . . . . . . . . . . . . 9
3.9. Information Element Type Options Template . . . . . . . . 10
3.10. Data Type and Semantics Restrictions . . . . . . . . . . . 12
4. Security Considerations . . . . . . . . . . . . . . . . . . . 13
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.1. Normative References . . . . . . . . . . . . . . . . . . . 15
7.2. Informative References . . . . . . . . . . . . . . . . . . 16
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 17
Boschi, et al. Standards Track [Page 2]
RFC 5610 IPFIX Type Information July 2009
1. Introduction
IP Flow Information Export (IPFIX) provides a template mechanism for
the flexible description of Data Records, by defining a record as a
collection of Information Elements defined in an IANA registry,
However, these Templates provide limited information about the type
of described data; indeed, they encode only the size of the fields
defined by these Information Elements. There presently exists no
mechanism to provide full type information for these Information
Elements, as is defined for the Information Elements in the IPFIX
Information Model [RFC5102].
This especially limits the interoperability of enterprise-specific
Information Elements. It is not possible to use analysis tools on
IPFIX records containing these partially defined Information Elements
that have not been developed with a priori knowledge of their types,
since such tools will not be able to decode them; these tools can
only treat and store them as opaque octet arrays. However, if richer
information is available, additional operations such as efficient
storage, display, and limited analysis of records containing
enterprise-specific Information Elements become possible, even for
Collecting Processes that have not been specifically developed to
understand them.
This document defines a general mechanism to encode the full set of
properties available for the definition of Information Elements
within the IPFIX Information Model inline within an IPFIX Message
stream using IPFIX Options. This mechanism may be used to fully
define type information for Information Elements used within a
message stream, without resorting to an external reference or
reliance on out-of-band configuration, thereby improving the
interoperability of enterprise-specific Information Elements.
Note that the solution described in this document is not intended as
a replacement for registration with IANA of generally useful
Information Elements. It introduces overhead and does not lead to
real interoperability as provided by standardization. Therefore, we
highly recommend standardizing all new generally useful Information
Elements by registering them with IANA. Standardization is
straightforward, and the type information that needs to be specified
in order to support the proposed solution provides a perfect basis
for the description required for standardizing the Information
Element.
It might happen that an Information Element previously described by
the mechanism in this document later becomes an IANA-registered,
standard Information Element. In such environments, old and new
versions of the Information Element can coexist. A translation
Boschi, et al. Standards Track [Page 3]
RFC 5610 IPFIX Type Information July 2009
between Information Elements expressed by the described solution and
standardized Information Elements is therefore not necessary and is
out of scope for this document.
1.1. IPFIX Documents Overview
"Specification of the IP Flow Information Export (IPFIX) Protocol for
the Exchange of IP Traffic Flow Information" [RFC5101] (informally,
the IPFIX Protocol document) and its associated documents define the
IPFIX Protocol, which provides network engineers and administrators
with access to IP traffic flow information.
"Architecture for IP Flow Information Export" [RFC5470] (the IPFIX
Architecture document) defines the architecture for the export of
measured IP flow information out of an IPFIX Exporting Process to an
IPFIX Collecting Process, and the basic terminology used to describe
the elements of this architecture, per the requirements defined in
"Requirements for IP Flow Information Export" [RFC3917]. The IPFIX
Protocol document [RFC5101] then covers the details of the method for
transporting IPFIX Data Records and Templates via a congestion-aware
transport protocol from an IPFIX Exporting Process to an IPFIX
Collecting Process.
"Information Model for IP Flow Information Export" [RFC5102]
(informally, the IPFIX Information Model document) describes the
Information Elements used by IPFIX, including details on Information
Element naming, numbering, and data type encoding.
This document references the Protocol and Architecture documents for
terminology and extends the IPFIX Information Model to provide new
Information Elements for the representation of Information Element
properties. It draws data type definitions and data type semantics
definitions from the Information Model; the encodings of these data
types are defined in [RFC5101].
2. Terminology
Terms used in this document that are defined in the Terminology
section of the IPFIX Protocol [RFC5101] document are to be
interpreted as defined there.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD[[RFC editor: please remove the remainder of this section before
publication.]]
The version number for the final version of this specification
(0x00000001), is reserved for the version of the protocol that is
published as an RFC.
Version numbers used to identify IETF drafts are created by adding
the draft number to 0xff000000. For example, draft-ietf-quic-
transport-13 would be identified as 0xff00000d.
Implementors are encouraged to register version numbers of QUIC that
they are using for private experimentation on the GitHub wiki at
https://github.com/quicwg/base-drafts/wiki/QUIC-Versions.
16. Variable-Length Integer Encoding
QUIC packets and frames commonly use a variable-length encoding for
non-negative integer values. This encoding ensures that smaller
integer values need fewer bytes to encode.
The QUIC variable-length integer encoding reserves the two most
significant bits of the first byte to encode the base 2 logarithm of
the integer encoding length in bytes. The integer value is encoded
on the remaining bits, in network byte order.
This means that integers are encoded on 1, 2, 4, or 8 bytes and can
encode 6, 14, 30, or 62 bit values respectively. Table 4 summarizes
the encoding properties.
+======+========+=============+=======================+
| 2Bit | Length | Usable Bits | Range |
+======+========+=============+=======================+
| 00 | 1 | 6 | 0-63 |
+------+--------+-------------+-----------------------+
| 01 | 2 | 14 | 0-16383 |
+------+--------+-------------+-----------------------+
| 10 | 4 | 30 | 0-1073741823 |
+------+--------+-------------+-----------------------+
| 11 | 8 | 62 | 0-4611686018427387903 |
+------+--------+-------------+-----------------------+
Table 4: Summary of Integer Encodings
Iyengar & Thomson Expires 23 April 2021 [Page 106]
Internet-Draft QUIC Transport Protocol October 2020
For example, the eight byte sequence c2 19 7c 5e ff 14 e8 8c (in
hexadecimal) decodes to the decimal value 151288809941952652; the
four byte sequence 9d 7f 3e 7d decodes to 494878333; the two byte
sequence 7b bd decodes to 15293; and the single byte 25 decodes to 37
(as does the two byte sequence 40 25).
Versions (Section 15) and packet numbers sent in the header
(Section 17.1) are described using integers, but do not use this
encoding.
17. Packet Formats
All numeric values are encoded in network byte order (that is, big-
endian) and all field sizes are in bits. Hexadecimal notation is
used for describing the value of fields.
17.1. Packet Number Encoding and Decoding
Packet numbers are integers in the range 0 to 2^62-1 (Section 12.3).
When present in long or short packet headers, they are encoded in 1
to 4 bytes. The number of bits required to represent the packet
number is reduced by including only the least significant bits of the
packet number.
The encoded packet number is protected as described in Section 5.4 of
[QUIC-TLS].
Prior to receiving an acknowledgement for a packet number space, the
full packet number MUST be included; it is not to be truncated as
described below.
After an acknowledgement is received for a packet number space, the
sender MUST use a packet number size able to represent more than
twice as large a range than the difference between the largest
acknowledged packet and packet number being sent. A peer receiving
the packet will then correctly decode the packet number, unless the
packet is delayed in transit such that it arrives after many higher-
numbered packets have been received. An endpoint SHOULD use a large
enough packet number encoding to allow the packet number to be
recovered even if the packet arrives after packets that are sent
afterwards.
As a result, the size of the packet number encoding is at least one
bit more than the base-2 logarithm of the number of contiguous
unacknowledged packet numbers, including the new packet.
Iyengar & Thomson Expires 23 April 2021 [Page 107]
Internet-Draft QUIC Transport Protocol October 2020
For example, if an endpoint has received an acknowledgment for packet
0xabe8bc, sending a packet with a number of 0xac5c02 requires a
packet number encoding with 16 bits or more; whereas the 24-bit
packet number encoding is needed to send a packet with a number of
0xace8fe.
At a receiver, protection of the packet number is removed prior to
recovering the full packet number. The full packet number is then
reconstructed based on the number of significant bits present, the
value of those bits, and the largest packet number received on a
successfully authenticated packet. Recovering the full packet number
is necessary to successfully remove packet protection.
Once header protection is removed, the packet number is decoded by
finding the packet number value that is closest to the next expected
packet. The next expected packet is the highest received packet
number plus one. For example, if the highest successfully
authenticated packet had a packet number of 0xa82f30ea, then a packet
containing a 16-bit value of 0x9b32 will be decoded as 0xa82f9b32.
Example pseudo-code for packet number decoding can be found in
Appendix A.
17.2. Long Header Packets
Long Header Packet {
Header Form (1) = 1,
Fixed Bit (1) = 1,
Long Packet Type (2),
Type-Specific Bits (4),
Version (32),
Destination Connection ID Length (8),
Destination Connection ID (0..160),
Source Connection ID Length (8),
Source Connection ID (0..160),
}
Figure 13: Long Header Packet Format
Long headers are used for packets that are sent prior to the
establishment of 1-RTT keys. Once 1-RTT keys are available, a sender
switches to sending packets using the short header (Section 17.3).
The long form allows for special packets - such as the Version
Negotiation packet - to be represented in this uniform fixed-length
packet format. Packets that use the long header contain the
following fields:
Header Form: The most significant bit (0x80) of byte 0 (the first
byte) is set to 1 for long headers.
Iyengar & Thomson Expires 23 April 2021 [Page 108]
Internet-Draft QUIC Transport Protocol October 2020
Fixed Bit: The next bit (0x40) of byte 0 is set to 1. Packets
containing a zero value for this bit are not valid packets in this
version and MUST be discarded.
Long Packet Type: The next two bits (those with a mask of 0x30) of
byte 0 contain a packet type. Packet types are listed in Table 5.
Type-Specific Bits: The lower four bits (those with a mask of 0x0f)
of byte 0 are type-specific.
Version: The QUIC Version is a 32-bit field that follows the first
byte. This field indicates the version of QUIC that is in use and
determines how the rest of the protocol fields are interpreted.
Destination Connection ID Length: The byte following the version
contains the length in bytes of the Destination Connection ID
field that follows it. This length is encoded as an 8-bit
unsigned integer. In QUIC version 1, this value MUST NOT exceed
20. Endpoints that receive a version 1 long header with a value
larger than 20 MUST drop the packet. In order to properly form a
Version Negotiation packet, servers SHOULD be able to read longer
connection IDs from other QUIC versions.
Destination Connection ID: The Destination Connection ID field
follows the Destination Connection ID Length field, which
indicates the length of this field. Section 7.2 describes the use
of this field in more detail.
Source Connection ID Length: The byte following the Destination
Connection ID contains the length in bytes of the Source
Connection ID field that follows it. This length is encoded as a
8-bit unsigned integer. In QUIC version 1, this value MUST NOT
exceed 20 bytes. Endpoints that receive a version 1 long header
with a value larger than 20 MUST drop the packet. In order to
properly form a Version Negotiation packet, servers SHOULD be able
to read longer connection IDs from other QUIC versions.
Source Connection ID: The Source Connection ID field follows the
Source Connection ID Length field, which indicates the length of
this field. Section 7.2 describes the use of this field in more
detail.
In this version of QUIC, the following packet types with the long
header are defined:
Iyengar & Thomson Expires 23 April 2021 [Page 109]
Internet-Draft QUIC Transport Protocol October 2020
+======+===========+================+
| Type | Name | Section |
+======+===========+================+
| 0x0 | Initial | Section 17.2.2 |
+------+-----------+----------------+
| 0x1 | 0-RTT | Section 17.2.3 |
+------+-----------+----------------+
| 0x2 | Handshake | Section 17.2.4 |
+------+-----------+----------------+
| 0x3 | Retry | Section 17.2.5 |
+------+-----------+----------------+
Table 5: Long Header Packet Types
The header form bit, Destination and Source Connection ID lengths,
Destination and Source Connection ID fields, and Version fields of a
long header packet are version-independent. The other fields in the
first byte are version-specific. See [QUIC-INVARIANTS] for details
on how packets from different versions of QUIC are interpreted.
The interpretation of the fields and the payload are specific to a
version and packet type. While type-specific semantics for this
version are described in the following sections, several long-header
packets in this version of QUIC contain these additional fields:
Reserved Bits: Two bits (those with a mask of 0x0c) of byte 0 are
reserved across multiple packet types. These bits are protected
using header protection; see Section 5.4 of [QUIC-TLS]. The value
included prior to protection MUST be set to 0. An endpoint MUST
treat receipt of a packet that has a non-zero value for these bits
after removing both packet and header protection as a connection
error of type PROTOCOL_VIOLATION. Discarding such a packet after
only removing header protection can expose the endpoint to
attacks; see Section 9.3 of [QUIC-TLS].
Packet Number Length: In packet types that contain a Packet Number
field, the least significant two bits (those with a mask of 0x03)
of byte 0 contain the length of the packet number, encoded as an
unsigned, two-bit integer that is one less than the length of the
packet number field in bytes. That is, the length of the packet
number field is the value of this field, plus one. These bits are
protected using header protection; see Section 5.4 of [QUIC-TLS].
Length: The length of the remainder of the packet (that is, the
Packet Number and Payload fields) in bytes, encoded as a variable-
length integer (Section 16).
Packet Number: The packet number field is 1 to 4 bytes long. The
Iyengar & Thomson Expires 23 April 2021 [Page 110]
Internet-Draft QUIC Transport Protocol October 2020
packet number is protected using header protection; see
Section 5.4 of [QUIC-TLS]. The length of the packet number field
is encoded in the Packet Number Length bits of byte 0; see above.
17.2.1. Version Negotiation Packet
A Version Negotiation packet is inherently not version-specific.
Upon receipt by a client, it will be identified as a Version
Negotiation packet based on the Version field having a value of 0.
The Version Negotiation packet is a response to a client packet that
contains a version that is not supported by the server, and is only
sent by servers.
The layout of a Version Negotiation packet is:
Version Negotiation Packet {
Header Form (1) = 1,
Unused (7),
Version (32) = 0,
Destination Connection ID Length (8),
Destination Connection ID (0..2040),
Source Connection ID Length (8),
Source Connection ID (0..2040),
Supported Version (32) ...,
}
Figure 14: Version Negotiation Packet
The value in the Unused field is selected randomly by the server.
Clients MUST ignore the value of this field. Servers SHOULD set the
most significant bit of this field (0x40) to 1 so that Version
Negotiation packets appear to have the Fixed Bit field.
The Version field of a Version Negotiation packet MUST be set to
0x00000000.
The server MUST include the value from the Source Connection ID field
of the packet it receives in the Destination Connection ID field.
The value for Source Connection ID MUST be copied from the
Destination Connection ID of the received packet, which is initially
randomly selected by a client. Echoing both connection IDs gives
clients some assurance that the server received the packet and that
the Version Negotiation packet was not generated by an off-path
attacker.
Iyengar & Thomson Expires 23 April 2021 [Page 111]
Internet-Draft QUIC Transport Protocol October 2020
Future versions of QUIC may have different requirements for the
lengths of connection IDs. In particular, connection IDs might have
a smaller minimum length or a greater maximum length. Version-
specific rules for the connection ID therefore MUST NOT influence a
server decision about whether to send a Version Negotiation packet.
The remainder of the Version Negotiation packet is a list of 32-bit
versions that the server supports.
A Version Negotiation packet is not acknowledged. It is only sent in
response to a packet that indicates an unsupported version; see
Section 5.2.2.
The Version Negotiation packet does not include the Packet Number and
Length fields present in other packets that use the long header form.
Consequently, a Version Negotiation packet consumes an entire UDP
datagram.
A server MUST NOT send more than one Version Negotiation packet in
response to a single UDP datagram.
See Section 6 for a description of the version negotiation process.
17.2.2. Initial Packet
An Initial packet uses long headers with a type value of 0x0. It
carries the first CRYPTO frames sent by the client and server to
perform key exchange, and carries ACKs in either direction.
Initial Packet {
Header Form (1) = 1,
Fixed Bit (1) = 1,
Long Packet Type (2) = 0,
Reserved Bits (2),
Packet Number Length (2),
Version (32),
Destination Connection ID Length (8),
Destination Connection ID (0..160),
Source Connection ID Length (8),
Source Connection ID (0..160),
Token Length (i),
Token (..),
Length (i),
Packet Number (8..32),
Packet Payload (..),
}
Figure 15: Initial Packet
Iyengar & Thomson Expires 23 April 2021 [Page 112]
Internet-Draft QUIC Transport Protocol October 2020
The Initial packet contains a long header as well as the Length and
Packet Number fields; see Section 17.2. The first byte contains the
Reserved and Packet Number Length bits; see also Section 17.2.
Between the Source Connection ID and Length fields, there are two
additional fields specific to the Initial packet.
Token Length: A variable-length integer specifying the length of the
Token field, in bytes. This value is zero if no token is present.
Initial packets sent by the server MUST set the Token Length field
to zero; clients that receive an Initial packet with a non-zero
Token Length field MUST either discard the packet or generate a
connection error of type PROTOCOL_VIOLATION.
Token: The value of the token that was previously provided in a
Retry packet or NEW_TOKEN frame; see Section 8.1.
Packet Payload: The payload of the packet.
In order to prevent tampering by version-unaware middleboxes, Initial
packets are protected with connection- and version-specific keys
(Initial keys) as described in [QUIC-TLS]. This protection does not
provide confidentiality or integrity against on-path attackers, but
provides some level of protection against off-path attackers.
The client and server use the Initial packet type for any packet that
contains an initial cryptographic handshake message. This includes
all cases where a new packet containing the initial cryptographic
message needs to be created, such as the packets sent after receiving
a Retry packet (Section 17.2.5).
A server sends its first Initial packet in response to a client
Initial. A server may send multiple Initial packets. The
cryptographic key exchange could require multiple round trips or
retransmissions of this data.
The payload of an Initial packet includes a CRYPTO frame (or frames)
containing a cryptographic handshake message, ACK frames, or both.
PING, PADDING, and CONNECTION_CLOSE frames of type 0x1c are also
permitted. An endpoint that receives an Initial packet containing
other frames can either discard the packet as spurious or treat it as
a connection error.
The first packet sent by a client always includes a CRYPTO frame that
contains the start or all of the first cryptographic handshake
message. The first CRYPTO frame sent always begins at an offset of
0; see Section 7.
Iyengar & Thomson Expires 23 April 2021 [Page 113]
Internet-Draft QUIC Transport Protocol October 2020
Note that if the server sends a HelloRetryRequest, the client will
send another series of Initial packets. These Initial packets will
continue the cryptographic handshake and will contain CRYPTO frames
starting at an offset matching the size of the CRYPTO frames sent in
the first flight of Initial packets.
17.2.2.1. Abandoning Initial Packets
A client stops both sending and processing Initial packets when it
sends its first Handshake packet. A server stops sending and
processing Initial packets when it receives its first Handshake
packet. Though packets might still be in flight or awaiting
acknowledgment, no further Initial packets need to be exchanged
beyond this point. Initial packet protection keys are discarded (see
Section 4.9.1 of [QUIC-TLS]) along with any loss recovery and
congestion control state; see Section 6.4 of [QUIC-RECOVERY].
Any data in CRYPTO frames is discarded - and no longer retransmitted
- when Initial keys are discarded.
17.2.3. 0-RTT
A 0-RTT packet uses long headers with a type value of 0x1, followed
by the Length and Packet Number fields; see Section 17.2. The first
byte contains the Reserved and Packet Number Length bits; see
Section 17.2. A 0-RTT packet is used to carry "early" data from the
client to the server as part of the first flight, prior to handshake
completion. As part of the TLS handshake, the server can accept or
reject this early data.
See Section 2.3 of [TLS13] for a discussion of 0-RTT data and its
limitations.
0-RTT Packet {
Header Form (1) = 1,
Fixed Bit (1) = 1,
Long Packet Type (2) = 1,
Reserved Bits (2),
Packet Number Length (2),
Version (32),
Destination Connection ID Length (8),
Destination Connection ID (0..160),
Source Connection ID Length (8),
Source Connection ID (0..160),
Length (i),
Packet Number (8..32),
Packet Payload (..),
}
Iyengar & Thomson Expires 23 April 2021 [Page 114]
Internet-Draft QUIC Transport Protocol October 2020
Figure 16: 0-RTT Packet
Packet numbers for 0-RTT protected packets use the same space as
1-RTT protected packets.
After a client receives a Retry packet, 0-RTT packets are likely to
have been lost or discarded by the server. A client SHOULD attempt
to resend data in 0-RTT packets after it sends a new Initial packet.
New packet numbers MUST be used for any new packets that are sent; as
described in Section 17.2.5.3, reusing packet numbers could
compromise packet protection.
A client only receives acknowledgments for its 0-RTT packets once the
handshake is complete, as defined Section 4.1.1 of [QUIC-TLS].
A client MUST NOT send 0-RTT packets once it starts processing 1-RTT
packets from the server. This means that 0-RTT packets cannot
contain any response to frames from 1-RTT packets. For instance, a
client cannot send an ACK frame in a 0-RTT packet, because that can
only acknowledge a 1-RTT packet. An acknowledgment for a 1-RTT
packet MUST be carried in a 1-RTT packet.
A server SHOULD treat a violation of remembered limits
(Section 7.4.1) as a connection error of an appropriate type (for
instance, a FLOW_CONTROL_ERROR for exceeding stream data limits).
17.2.4. Handshake Packet
A Handshake packet uses long headers with a type value of 0x2,
followed by the Length and Packet Number fields; see Section 17.2.
The first byte contains the Reserved and Packet Number Length bits;
see Section 17.2. It is used to carry cryptographic handshake
messages and acknowledgments from the server and client.
Iyengar & Thomson Expires 23 April 2021 [Page 115]
Internet-Draft QUIC Transport Protocol October 2020
Handshake Packet {
Header Form (1) = 1,
Fixed Bit (1) = 1,
Long Packet Type (2) = 2,
Reserved Bits (2),
Packet Number Length (2),
Version (32),
Destination Connection ID Length (8),
Destination Connection ID (0..160),
Source Connection ID Length (8),
Source Connection ID (0..160),
Length (i),
Packet Number (8..32),
Packet Payload (..),
}
Figure 17: Handshake Protected Packet
Once a client has received a Handshake packet from a server, it uses
Handshake packets to send subsequent cryptographic handshake messages
and acknowledgments to the server.
The Destination Connection ID field in a Handshake packet contains a
connection ID that is chosen by the recipient of the packet; the
Source Connection ID includes the connection ID that the sender of
the packet wishes to use; see Section 7.2.
Handshake packets are their own packet number space, and thus the
first Handshake packet sent by a server contains a packet number of
0.
The payload of this packet contains CRYPTO frames and could contain
PING, PADDING, or ACK frames. Handshake packets MAY contain
CONNECTION_CLOSE frames of type 0x1c. Endpoints MUST treat receipt
of Handshake packets with other frames as a connection error.
Like Initial packets (see Section 17.2.2.1), data in CRYPTO frames
for Handshake packets is discarded - and no longer retransmitted -
when Handshake protection keys are discarded.
17.2.5. Retry Packet
A Retry packet uses a long packet header with a type value of 0x3.
It carries an address validation token created by the server. It is
used by a server that wishes to perform a retry; see Section 8.1.
Iyengar & Thomson Expires 23 April 2021 [Page 116]
Internet-Draft QUIC Transport Protocol October 2020
Retry Packet {
Header Form (1) = 1,
Fixed Bit (1) = 1,
Long Packet Type (2) = 3,
Unused (4),
Version (32),
Destination Connection ID Length (8),
Destination Connection ID (0..160),
Source Connection ID Length (8),
Source Connection ID (0..160),
Retry Token (..),
Retry Integrity Tag (128),
}
Figure 18: Retry Packet
A Retry packet (shown in Figure 18) does not contain any protected
fields. The value in the Unused field is set to an arbitrary value
by the server; a client MUST ignore these bits. In addition to the
fields from the long header, it contains these additional fields:
Retry Token: An opaque token that the server can use to validate the
client's address.
Retry Integrity Tag: See the Retry Packet Integrity section of
[QUIC-TLS].
17.2.5.1. Sending a Retry Packet
The server populates the Destination Connection ID with the
connection ID that the client included in the Source Connection ID of
the Initial packet.
The server includes a connection ID of its choice in the Source
Connection ID field. This value MUST NOT be equal to the Destination
Connection ID field of the packet sent by the client. A client MUST
discard a Retry packet that contains a Source Connection ID field
that is identical to the Destination Connection ID field of its
Initial packet. The client MUST use the value from the Source
Connection ID field of the Retry packet in the Destination Connection
ID field of subsequent packets that it sends.
A server MAY send Retry packets in response to Initial and 0-RTT
packets. A server can either discard or buffer 0-RTT packets that it
receives. A server can send multiple Retry packets as it receives
Initial or 0-RTT packets. A server MUST NOT send more than one Retry
packet in response to a single UDP datagram.
Iyengar & Thomson Expires 23 April 2021 [Page 117]
Internet-Draft QUIC Transport Protocol October 2020
17.2.5.2. Handling a Retry Packet
A client MUST accept and process at most one Retry packet for each
connection attempt. After the client has received and processed an
Initial or Retry packet from the server, it MUST discard any
subsequent Retry packets that it receives.
Clients MUST discard Retry packets that have a Retry Integrity Tag
that cannot be validated; see the Retry Packet Integrity section of
[QUIC-TLS]. This diminishes an off-path attacker's ability to inject
a Retry packet and protects against accidental corruption of Retry
packets. A client MUST discard a Retry packet with a zero-length
Retry Token field.
The client responds to a Retry packet with an Initial packet that
includes the provided Retry Token to continue connection
establishment.
A client sets the Destination Connection ID field of this Initial
packet to the value from the Source Connection ID in the Retry
packet. Changing Destination Connection ID also results in a change
to the keys used to protect the Initial packet. It also sets the
Token field to the token provided in the Retry. The client MUST NOT
change the Source Connection ID because the server could include the
connection ID as part of its token validation logic; see
Section 8.1.4.
A Retry packet does not include a packet number and cannot be
explicitly acknowledged by a client.
17.2.5.3. Continuing a Handshake After Retry
Subsequent Initial packets from the client include the connection ID
and token values from the Retry packet. The client copies the Source
Connection ID field from the Retry packet to the Destination
Connection ID field and uses this value until an Initial packet with
an updated value is received; see Section 7.2. The value of the
Token field is copied to all subsequent Initial packets; see
Section 8.1.2.
Other than updating the Destination Connection ID and Token fields,
the Initial packet sent by the client is subject to the same
restrictions as the first Initial packet. A client MUST use the same
cryptographic handshake message it included in this packet. A server
MAY treat a packet that contains a different cryptographic handshake
message as a connection error or discard it.
Iyengar & Thomson Expires 23 April 2021 [Page 118]
Internet-Draft QUIC Transport Protocol October 2020
A client MAY attempt 0-RTT after receiving a Retry packet by sending
0-RTT packets to the connection ID provided by the server. A client
MUST NOT change the cryptographic handshake message it sends in
response to receiving a Retry.
A client MUST NOT reset the packet number for any packet number space
after processing a Retry packet. In particular, 0-RTT packets
contain confidential information that will most likely be
retransmitted on receiving a Retry packet. The keys used to protect
these new 0-RTT packets will not change as a result of responding to
a Retry packet. However, the data sent in these packets could be
different than what was sent earlier. Sending these new packets with
the same packet number is likely to compromise the packet protection
for those packets because the same key and nonce could be used to
protect different content. A server MAY abort the connection if it
detects that the client reset the packet number.
The connection IDs used on Initial and Retry packets exchanged
between client and server are copied to the transport parameters and
validated as described in Section 7.3.
17.3. Short Header Packets
This version of QUIC defines a single packet type that uses the short
packet header.
Short Header Packet {
Header Form (1) = 0,
Fixed Bit (1) = 1,
Spin Bit (1),
Reserved Bits (2),
Key Phase (1),
Packet Number Length (2),
Destination Connection ID (0..160),
Packet Number (8..32),
Packet Payload (..),
}
Figure 19: Short Header Packet Format
The short header can be used after the version and 1-RTT keys are
negotiated. Packets that use the short header contain the following
fields:
Header Form: The most significant bit (0x80) of byte 0 is set to 0
for the short header.
Fixed Bit: The next bit (0x40) of byte 0 is set to 1. Packets
Iyengar & Thomson Expires 23 April 2021 [Page 119]
Internet-Draft QUIC Transport Protocol October 2020
", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Boschi, et al. Standards Track [Page 4]
RFC 5610 IPFIX Type Information July 2009
3. Type Information Export
This section describes the mechanism used to encode Information
Element type information within an IPFIX Message stream. This
mechanism consists of an Options Template Record used to define
Information Element type records, and a set of Information Elements
required by these type records. We first specify the necessary
Information Elements, followed by the structure of the Options
Template describing the type records.
Note that Information Element type records require one Information
Element, informationElementId, that is defined in the Packet Sampling
(PSAMP) Information Model [RFC5477]. This Information Element
supports references only to IANA-defined Information Elements; the
privateEnterpriseNumber Information Element is required alongside
informationElementId to describe enterprise-specific Information
Elements.
3.1. informationElementDataType
Description: A description of the abstract data type of an IPFIX
information element. These are taken from the abstract data types
defined in Section 3.1 of the IPFIX Information Model [RFC5102];
see that section for more information on the types described
below. This field may take the values defined in Table 1 below.
Boschi, et al. Standards Track [Page 5]
RFC 5610 IPFIX Type Information July 2009
+-------+----------------------+
| Value | Description |
+-------+----------------------+
| 0 | octetArray |
| 1 | unsigned8 |
| 2 | unsigned16 |
| 3 | unsigned32 |
| 4 | unsigned64 |
| 5 | signed8 |
| 6 | signed16 |
| 7 | signed32 |
| 8 | signed64 |
| 9 | float32 |
| 10 | float64 |
| 11 | boolean |
| 12 | macAddress |
| 13 | string |
| 14 | dateTimeSeconds |
| 15 | dateTimeMilliseconds |
| 16 | dateTimeMicroseconds |
| 17 | dateTimeNanoseconds |
| 18 | ipv4Address |
| 19 | ipv6Address |
+-------+----------------------+
Table 1: IE Data Type Values
These types are registered in the IANA IPFIX Information Element
Data Type subregistry. This subregistry is intended to assign
numbers for type names, not to provide a mechanism for adding data
types to the IPFIX Protocol, and as such requires a Standards
Action [RFC5226] to modify.
Abstract Data Type: unsigned8
ElementId: 339
Status: current
Reference: Section 3.1 of the IPFIX Information Model [RFC5102]
3.2. informationElementDescription
Description: A UTF-8 [RFC3629] encoded Unicode string containing a
human-readable description of an Information Element. The content
of the informationElementDescription MAY be annotated with one or
more language tags [RFC4646], encoded in-line [RFC2482] within the
UTF-8 string, in order to specify the language in which the
Boschi, et al. Standards Track [Page 6]
RFC 5610 IPFIX Type Information July 2009
description is written. Description text in multiple languages
MAY tag each section with its own language tag; in this case, the
description information in each language SHOULD have equivalent
meaning. In the absence of any language tag, the "i-default"
[RFC2277] language SHOULD be assumed. See the Security
Considerations (Section 4) for notes on string handling for
Information Element type records.
Abstract Data Type: string
ElementId: 340
Status: current
3.3. informationElementName
Description: A UTF-8 [RFC3629] encoded Unicode string containing
the name of an Information Element, intended as a simple
identifier. See the Security Considerations (Section 4) for notes
on string handling for Information Element type records.
Abstract Data Type: string
ElementId: 341
Status: current
3.4. informationElementRangeBegin
Description: Contains the inclusive low end of the range of
acceptable values for an Information Element.
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 342
Status: current
3.5. informationElementRangeEnd
Description: Contains the inclusive high end of the range of
acceptable values for an Information Element.
Boschi, et al. Standards Track [Page 7]
RFC 5610 IPFIX Type Information July 2009
Abstract Data Type: unsigned64
Data Type Semantics: quantity
ElementId: 343
Status: current
3.6. informationElementSemantics
Description: A description of the semantics of an IPFIX Information
Element. These are taken from the data type semantics defined in
Section 3.2 of the IPFIX Information Model [RFC5102]; see that
section for more information on the types described below. This
field may take the values in Table 2 below. The special value
0x00 (default) is used to note that no semantics apply to the
field; it cannot be manipulated by a Collecting Process or File
Reader that does not understand it a priori.
+-------+--------------+
| Value | Description |
+-------+--------------+
| 0 | default |
| 1 | quantity |
| 2 | totalCounter |
| 3 | deltaCounter |
| 4 | identifier |
| 5 | flags |
+-------+--------------+
Table 2: IE Semantics Values
These semantics are registered in the IANA IPFIX Information
Element Semantics subregistry. This subregistry is intended to
assign numbers for semantics names, not to provide a mechanism for
adding semantics to the IPFIX Protocol, and as such requires a
Standards Action [RFC5226] to modify.
Abstract Data Type: unsigned8
ElementId: 344
Status: current
Reference: Section 3.2 of the IPFIX Information Model [RFC5102]
Boschi, et al. Standards Track [Page 8]
RFC 5610 IPFIX Type Information July 2009
3.7. informationElementUnits
Description: A description of the units of an IPFIX Information
Element. These correspond to the units implicitly defined in the
Information Element definitions in Section 5 of the IPFIX
Information Model [RFC5102]; see that section for more information
on the types described below. This field may take the values in
Table 3 below; the special value 0x00 (none) is used to note that
the field is unitless.
+-------+---------------+---------------------------+
| Value | Name | Notes |
+-------+---------------+---------------------------+
| 0 | none | |
| 1 | bits | |
| 2 | octets | |
| 3 | packets | |
| 4 | flows | |
| 5 | seconds | |
| 6 | milliseconds | |
| 7 | microseconds | |
| 8 | nanoseconds | |
| 9 | 4-octet words | for IPv4 header length |
| 10 | messages | for reliability reporting |
| 11 | hops | for TTL |
| 12 | entries | for MPLS label stack |
+-------+---------------+---------------------------+
Table 3: IE Units Values
These types are registered in the IANA IPFIX Information Element
Units subregistry; new types may be added on a First Come First
Served [RFC5226] basis.
Abstract Data Type: unsigned16
ElementId: 345
Status: current
Reference: Section 5 of the IPFIX Information Model [RFC5102]
3.8. privateEnterpriseNumber
Description: A private enterprise number, as assigned by IANA.
Within the context of an Information Element Type record, this
element can be used along with the informationElementId element to
scope properties to a specific Information Element. To export
Boschi, et al. Standards Track [Page 9]
RFC 5610 IPFIX Type Information July 2009
type information about an IANA-assigned Information Element, set
the privateEnterpriseNumber to 0, or do not export the
privateEnterpriseNumber in the type record. To export type
information about an enterprise-specific Information Element,
export the enterprise number in privateEnterpriseNumber, and
export the Information Element number with the Enterprise bit
cleared in informationElementId. The Enterprise bit in the
associated informationElementId Information Element MUST be
ignored by the Collecting Process.
Abstract Data Type: unsigned32
Data Type Semantics: identifier
ElementId: 346
Status: current
Reference: Sections 3.2 and 3.4.1 of the IPFIX Protocol [RFC5101];
Section 8.2.3 of the PSAMP Information Model [RFC5477].
3.9. Information Element Type Options Template
The Information Element Type Options Template attaches type
information to Information Elements used within Template Records, as
scoped to an Observation Domain within a Transport Session. This
provides a mechanism for representing an IPFIX Information Model
inline within an IPFIX Message stream. Data Records described by
this template are referred to as Information Element type records.
In deployments in which interoperability across vendor
implementations of IPFIX is important, an Exporting Process exporting
data using Templates containing enterprise-specific Information
Elements SHOULD export an Information Element type record for each
enterprise-specific Information Element it exports. Collecting
Processes MAY use these type records to improve handling of unknown
enterprise-specific Information Elements. Exporting Processes using
enterprise-specific Information Elements to implement proprietary
features MAY omit type records for those Information Elements.
Information Element type records MUST be handled by Collecting
Processes as scoped to the Transport Session in which they are sent;
this facility is not intended to provide a method for the permanent
definition of Information Elements.
Similarly, for security reasons, type information for a given
Information Element MUST NOT be redefined by Information Element type
records, and a Collecting Process MUST NOT allow an Information
Boschi, et al. Standards Track [Page 10]
RFC 5610 IPFIX Type Information July 2009
Element type record to replace its own internal definition of an
Information Element. Information Element type records SHOULD NOT be
duplicated in a given Observation Domain within a Transport Session.
Once an Information Element type record has been exported for a given
Information Element within a given Transport Session, all subsequent
type records for that Information Element MUST be identical.
Information Elements for which a Collecting Process receives
conflicting semantic or type information MUST be ignored.
Note that while this template MAY be used to export information about
any Information Element, including those registered with IANA,
Exporting Processes SHOULD NOT export any type records that could be
reasonably assumed to duplicate type information available at the
Collecting Process. This mechanism is not intended as a replacement
for Exporting and Collecting Processes keeping up to date with
changes to the IANA registry; such an update mechanism is out of
scope for this document.
The template SHOULD contain the Information Elements in Table 4,
below, as defined in the PSAMP Information Model [RFC5477] and in
this document, above.
+-------------------------------+-----------------------------------+
| IE | Description |
+-------------------------------+-----------------------------------+
| informationElementId [scope] | The Information Element |
| | identifier of the Information |
| | Element described by this type |
| | record. This Information Element |
| | MUST be defined as a Scope Field. |
| | See the PSAMP Information Model |
| | [RFC5477] for a definition of |
| | this field. |
| privateEnterpriseNumber | The Private Enterprise number of |
| [scope] | the Information Element described |
| | by this type record. This |
| | Information Element MUST be |
| | defined as a Scope Field. |
| informationElementDataType | The storage type of the specified |
| | Information Element. |
| informationElementSemantics | The semantic type of the |
| | specified Information Element. |
| informationElementUnits | The units of the specified |
| | Information Element. This |
| | element SHOULD be omitted if the |
| | Information Element is a unitless |
| | quantity, or a not a quantity or |
| | counter. |
Boschi, et al. Standards Track [Page 11]
RFC 5610 IPFIX Type Information July 2009
+-------------------------------+-----------------------------------+
| IE (Continued) | Description (Continued) |
+-------------------------------+-----------------------------------+
| informationElementRangeBegin | The low end of the range of |
| | acceptable values for the |
| | specified Information Element. |
| | This element SHOULD be omitted if |
| | the beginning of the Information |
| | Element's acceptable range is |
| | defined by its data type. |
| informationElementRangeEnd | The high end of the range of |
| | acceptable values for the |
| | specified Information Element. |
| | This element SHOULD be omitted if |
| | the end Information Element's |
| | acceptable range is defined by |
| | its data type. |
| informationElementName | The name of the specified |
| | Information Element. |
| informationElementDescription | A human-readable description of |
| | the specified Information |
| | Element. This element MAY be |
| | omitted in the interest of export |
| | efficiency. |
+-------------------------------+-----------------------------------+
Table 4: IE Type Options
3.10. Data Type and Semantics Restrictions
Note that the informationElementSemantics values defined in Section
3.2 of [RFC5102] are primarily intended to differentiate semantic
interpretation of numeric values, and that not all combinations of
the informationElementDataType and informationElementSemantics
Information Elements are valid; e.g., a counter cannot be encoded as
an IPv4 address. The following are acceptable values of
informationElementSemantics:
o Any value is valid for unsigned informationElementDataType values
("unsigned8", "unsigned16", "unsigned32", or "unsigned64").
o Any value except "flags" is valid for signed
informationElementDataType values ("signed8", "signed16",
"signed32", or "signed64").
o Any value except "identifier" or "flags" is valid for floating-
point informationElementDataType values ("float32" or "float64").
Boschi, et al. Standards Track [Page 12]
RFC 5610 IPFIX Type Information July 2009
o Only "default" is valid for all other informationElementDataType
values ("octetArray", "boolean", "macAddress", "string",
"dateTimeSeconds", "dateTimeMilliseconds", "dateTimeMicroseconds",
"dateTimeNanoseconds", "ipv4Address", or "ipv6Address").
Information Element type records containing invalid combinations of
informationElementSemantics and informationElementDataType MUST NOT
be sent by Exporting Processes, and MUST be ignored by Collecting
Processes.
Future Standards Actions that modify the Information Element Data
Type subregistry or the Information Element Semantics subregistry
should contain a Data Type and Semantics Restrictions section such as
this one to define allowable combinations of type and semantics
information.
4. Security Considerations
The same security considerations as for the IPFIX Protocol [RFC5101]
apply.
In addition, attention must be paid to the handling of Information
Element type records at the Collecting Process. Type information
precedence rules defined above (a Collecting Process' current
knowledge overrides type records; types are not redefinable during a
session) are designed to minimize the opportunity for an attacker to
maliciously redefine the data model.
Note that Information Element type records may contain two strings
describing Information Elements: informationElementName and
informationElementDescription. IPFIX strings on the wire are length-
prefixed and UTF-8 [RFC3629] encoded, most often within an IPFIX
variable-length Information Element, which mitigates the risk of
unterminated-string attacks against IPFIX Collecting Processes.
However, care should still be taken when handling strings within the
type system of the Collecting Process.
First, Collecting Processes should pay particular attention to buffer
sizes converting between length-prefixed and null-terminated strings.
Exporting Processes MUST NOT export, and Collecting Processes MUST
ignore, any informationElementName or informationElementDescription
content that contains null characters (U+0000) in order to ensure
buffer and string lengths are consistent.
Also, note that there is no limit to IPFIX string length beyond that
inherent in the protocol. The maximum IPFIX string length is 65512
octets (maximum message length (65535), minus message header (16),
minus set header (4), minus long variable length field (3)).
Boschi, et al. Standards Track [Page 13]
RFC 5610 IPFIX Type Information July 2009
Specifically, although the informationElementName of all IANA
Information Elements at the time of this writing is less than about
40 octets, and the informationElementDescription is less than 4096
octets, either of these Information Elements may contain strings up
to 65512 octets long.
5. IANA Considerations
This document specifies several new IPFIX Information Elements in the
IPFIX Information Element registry as defined in Section 3 above.
IANA has assigned the following Information Element numbers for their
respective Information Elements as specified below:
o Information Element Number 339 for the informationElementDataType
Information Element
o Information Element Number 340 for the
informationElementDescription Information Element
o Information Element Number 341 for the informationElementName
Information Element
o Information Element Number 342 for the
informationElementRangeBegin Information Element
o Information Element Number 343 for the informationElementRangeEnd
Information Element
o Information Element Number 344 for the informationElementSemantics
Information Element
o Information Element Number 345 for the informationElementUnits
Information Element
o Information Element Number 346 for the privateEnterpriseNumber
Information Element
IANA has created an Information Element Data Type subregistry for the
values defined for the informationElementDataType Information
Element. Entries may be added to this subregistry subject to a
Standards Action [RFC5226].
IANA has created an Information Element Semantics subregistry for the
values defined for the informationElementSemantics Information
Element. Entries may be added to this subregistry subject to a
Standards Action [RFC5226].
Boschi, et al. Standards Track [Page 14]
RFC 5610 IPFIX Type Information July 2009
IANA has created an Information Element Units subregistry for the
values defined for the informationElementUnits Information Element.
Entries may be added to this subregistry on an Expert Review
[RFC5226] basis.
6. Acknowledgements
Thanks to Paul Aitken and Gerhard Muenz for the detailed reviews, and
to David Moore for first raising this issue to the IPFIX mailing
list. Thanks to the PRISM project for its support of this work.
7. References
7.1. Normative References
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
Meyer, "Information Model for IP Flow Information Export",
RFC 5102, January 2008.
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G.
Carle, "Information Model for Packet Sampling Exports",
RFC 5477, March 2009.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and
Languages", BCP 18, RFC 2277, January 1998.
[RFC2482] Whistler, K. and G. Adams, "Language Tagging in Unicode
Plain Text", RFC 2482, January 1999.
[RFC4646] Phillips, A. and M. Davis, "Tags for Identifying
Languages", BCP 47, RFC 4646, September 2006.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Boschi, et al. Standards Track [Page 15]
RFC 5610 IPFIX Type Information July 2009
7.2. Informative References
[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander,
"Requirements for IP Flow Information Export (IPFIX)",
RFC 3917, October 2004.
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture for IP Flow Information Export", RFC 5470,
March 2009.
Boschi, et al. Standards Track [Page 16]
RFC 5610 IPFIX Type Information July 2009
Appendix A. Examples
The following example illustrates how the type information extension
mechanism defined in this document may be used to describe the
semantics of enterprise-specific Information Elements. The
Information Elements used in this example are as follows:
o initialTCPFlags, an example private IE 14, 1 octet, the TCP flags
on the first TCP packet in the flow.
o unionTCPFlags, an example private IE 15, 1 octet, the union of the
TCP flags on all packets after the first TCP packet in the flow.
An Exporting Process exporting flows containing these Information
Elements might use a Template like the following:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 2 | Length = 52 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 256 | Field Count = 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| flowStartSeconds 150 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| sourceIPv4Address 8 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| destinationIPv4Address 12 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| sourceTransportPort 7 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| destinationTransportPort 11 | Field Length = 2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| octetTotalCount 85 | Field Length = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1| (initialTCPFlags) 14 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private Enterprise Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1| (unionTCPFlags) 15 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private Enterprise Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| protocolIdentifier 4 | Field Length = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Template with Enterprise-Specific IEs
Boschi, et al. Standards Track [Page 17]
RFC 5610 IPFIX Type Information July 2009
However, a Collecting Process receiving Data Sets described by this
Template can only treat the enterprise-specific Information Elements
as opaque octets; specifically, there is no hint to the collector
that they contain flag information. To use the type information
extension mechanism to address this problem, the Exporting Process
would first export the Information Element Type Options Template
described in Section 3.9 above:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 3 | Length = 26 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Template ID = 257 | Field Count = 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Scope Field Count = 2 |0| priv.EnterpriseNumber 346 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 4 |0| informationElementId 303 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 2 |0| inf.El.DataType 339 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| inf.El.Semantics 344 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 1 |0| inf.El.Name 341 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Field Length = 65536 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Example Information Element Type Options Template
Then, the Exporting Process would export two records described by the
Example Information Element Type Options Template to describe the
enterprise-specific Information Elements:
Boschi, et al. Standards Track [Page 18]
RFC 5610 IPFIX Type Information July 2009
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set ID = 257 | Length = 50 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private Enterprise Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|X| IE 14 |0x01 unsigned8 |0x05 flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 15 length | |
+-+-+-+-+-+-+-+-+ |
| "initialTCPFlags" |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private Enterprise Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|X| IE 15 |0x01 unsigned8 |0x05 flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 13 length | |
+-+-+-+-+-+-+-+-+ "unionTCPFlags" |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Type Record Example
Boschi, et al. Standards Track [Page 19]
RFC 5610 IPFIX Type Information July 2009
Authors' Addresses
Elisa Boschi
Hitachi Europe
c/o ETH Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Phone: +41 44 632 70 57
EMail: elisa.boschi@hitachi-eu.com
Brian Trammell
Hitachi Europe
c/o ETH Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Phone: +41 44 632 70 13
EMail: brian.trammell@hitachi-eu.com
Lutz Mark
Fraunhofer Institute for Manufacturing Technology
and Applied Materials Research
Wiener Str. 12
28359 Bremen
Germany
Phone: +49 421 2246206
EMail: lutz.mark@ifam.fraunhofer.de
Tanja Zseby
Fraunhofer Institute for Open Communication Systems
Kaiserin-Augusta-Allee 31
10589 Berlin
Germany
Phone: +49 30 3463 7153
EMail: tanja.zseby@fokus.fraunhofer.de
Boschi, et al. Standards Track [Page 20]