Traffic Flow Measurement: Architecture
RFC 2063
Document | Type |
RFC - Experimental
(January 1997; No errata)
Obsoleted by RFC 2722
|
|
---|---|---|---|
Authors | Nevil Brownlee , Cynthia Mills , Greg Ruth | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 2063 (Experimental) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group N. Brownlee Request for Comments: 2063 The University of Auckland Category: Experimental C. Mills BBN Systems and Technologies G. Ruth GTE Laboratories, Inc. January 1997 Traffic Flow Measurement: Architecture Status of this Memo This memo defines an Experimental Protocol for the Internet community. This memo does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Abstract This document describes an architecture for the measurement and reporting of network traffic flows, discusses how this relates to an overall network traffic flow architecture, and describes how it can be used within the Internet. It is intended to provide a starting point for the Realtime Traffic Flow Measurement Working Group. Table of Contents 1 Statement of Purpose and Scope 2 2 Traffic Flow Measurement Architecture 4 2.1 Meters and Traffic Flows . . . . . . . . . . . . . . . . . . 4 2.2 Interaction Between METER and METER READER . . . . . . . . . 6 2.3 Interaction Between MANAGER and METER . . . . . . . . . . . 6 2.4 Interaction Between MANAGER and METER READER . . . . . . . . 7 2.5 Multiple METERs or METER READERs . . . . . . . . . . . . . . 7 2.6 Interaction Between MANAGERs (MANAGER - MANAGER) . . . . . . 8 2.7 METER READERs and APPLICATIONs . . . . . . . . . . . . . . . 8 3 Traffic Flows and Reporting Granularity 9 3.1 Flows and their Attributes . . . . . . . . . . . . . . . . . 9 3.2 Granularity of Flow Measurements . . . . . . . . . . . . . . 11 3.3 Rolling Counters, Timestamps, Report-in-One-Bucket-Only . . 13 4 Meters 15 4.1 Meter Structure . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Flow Table . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3 Packet Handling, Packet Matching . . . . . . . . . . . . . . 17 4.4 Rules and Rule Sets . . . . . . . . . . . . . . . . . . . . 21 4.5 Maintaining the Flow Table . . . . . . . . . . . . . . . . . 24 4.6 Handling Increasing Traffic Levels . . . . . . . . . . . . . 25 Brownlee, et. al. Experimental [Page 1] RFC 2063 Traffic Flow Measurement: Architecture January 1997 5 Meter Readers 26 5.1 Identifying Flows in Flow Records . . . . . . . . . . . . . 26 5.2 Usage Records, Flow Data Files . . . . . . . . . . . . . . . 27 5.3 Meter to Meter Reader: Usage Record Transmission. . . . . . 27 6 Managers 28 6.1 Between Manager and Meter: Control Functions . . . . . . . 28 6.2 Between Manager and Meter Reader: Control Functions . . . 29 6.3 Exception Conditions . . . . . . . . . . . . . . . . . . . . 31 6.4 Standard Rule Sets . . . . . . . . . . . . . . . . . . . . 32 7 APPENDICES 33 7.1 Appendix A: Network Characterisation . . . . . . . . . . . . 33 7.2 Appendix B: Recommended Traffic Flow Measurement Capabilities 34 7.3 Appendix C: List of Defined Flow Attributes . . . . . . . . 35 7.4 Appendix D: List of Meter Control Variables . . . . . . . . 36 8 Acknowledgments 36 9 References 37 10 Security Considerations 37 11 Authors' Addresses 37 1 Statement of Purpose and Scope This document describes an architecture for traffic flow measurement and reporting for data networks which has the following characteristics: - The traffic flow model can be consistently applied to any protocol/application at any network layer (e.g. network, transport, application layers). - Traffic flow attributes are defined in such a way that they are valid for multiple networking protocol stacks, and that traffic flow measurement implementations are useful in MULTI-PROTOCOL environments. - Users may specify their traffic flow measurement requirements in a simple manner, allowing them to collect the flow data they need while ignoring other traffic. - The data reduction effort to produce requested traffic flow information is placed as near as possible to the networkShow full document text