Requirements for IP Flow Information Export (IPFIX)
RFC 3917
Document Type RFC - Informational (October 2004; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3917 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Bert Wijnen
Send notices to <plonka@doit.wisc.edu>
Email authors Email WG IPR 5 References Referenced by Nits 
Network Working Group                                         J. Quittek
Request for Comments: 3917                               NEC Europe Ltd.
Category: Informational                                         T. Zseby
                                                        Fraunhofer FOKUS
                                                               B. Claise
                                                           Cisco Systems
                                                               S. Zander
                                                    Swinburne University
                                                            October 2004

          Requirements for IP Flow Information Export (IPFIX)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This memo defines requirements for the export of measured IP flow
   information out of routers, traffic measurement probes, and
   middleboxes.

Table of Contents

   1.   Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.   Terminology . . . . . . . . . . . . . . . . . . . . . . . . .  3
        2.1.   IP Traffic Flow. . . . . . . . . . . . . . . . . . . .  3
        2.2.   Observation Point. . . . . . . . . . . . . . . . . . .  4
        2.3.   Metering Process . . . . . . . . . . . . . . . . . . .  4
        2.4.   Flow Record. . . . . . . . . . . . . . . . . . . . . .  5
        2.5.   Exporting Process. . . . . . . . . . . . . . . . . . .  5
        2.6.   Collecting Process . . . . . . . . . . . . . . . . . .  5
   3.   Applications Requiring IP Flow Information Export . . . . . .  6
        3.1.   Usage-based Accounting . . . . . . . . . . . . . . . .  6
        3.2.   Traffic Profiling. . . . . . . . . . . . . . . . . . .  7
        3.3.   Traffic Engineering. . . . . . . . . . . . . . . . . .  7
        3.4.   Attack/Intrusion Detection . . . . . . . . . . . . . .  7
        3.5.   QoS Monitoring . . . . . . . . . . . . . . . . . . . .  8
   4.   Distinguishing Flows. . . . . . . . . . . . . . . . . . . . .  8
        4.1.   Encryption . . . . . . . . . . . . . . . . . . . . . .  9
        4.2.   Interfaces . . . . . . . . . . . . . . . . . . . . . .  9

Quittek, et al.              Informational                      [Page 1]
RFC 3917                   IPFIX Requirements               October 2004

        4.3.   IP Header Fields . . . . . . . . . . . . . . . . . . .  9
        4.4.   Transport Header Fields. . . . . . . . . . . . . . . . 10
        4.5.   MPLS Label . . . . . . . . . . . . . . . . . . . . . . 10
        4.6.   DiffServ Code Point. . . . . . . . . . . . . . . . . . 10
   5.   Metering Process. . . . . . . . . . . . . . . . . . . . . . . 10
        5.1.   Reliability. . . . . . . . . . . . . . . . . . . . . . 10
        5.2.   Sampling . . . . . . . . . . . . . . . . . . . . . . . 11
        5.3.   Overload Behavior. . . . . . . . . . . . . . . . . . . 11
        5.4.   Timestamps . . . . . . . . . . . . . . . . . . . . . . 12
        5.5.   Time Synchronization . . . . . . . . . . . . . . . . . 12
        5.6.   Flow Expiration. . . . . . . . . . . . . . . . . . . . 13
        5.7.   Multicast Flows. . . . . . . . . . . . . . . . . . . . 13
        5.8.   Packet Fragmentation . . . . . . . . . . . . . . . . . 13
        5.9.   Ignore Port Copy . . . . . . . . . . . . . . . . . . . 13
   6.   Data Export . . . . . . . . . . . . . . . . . . . . . . . . . 14
        6.1.   Information Model. . . . . . . . . . . . . . . . . . . 14
        6.2.   Data Model . . . . . . . . . . . . . . . . . . . . . . 16
        6.3.   Data Transfer. . . . . . . . . . . . . . . . . . . . . 16
               6.3.1. Congestion Awareness. . . . . . . . . . . . . . 16
               6.3.2. Reliability . . . . . . . . . . . . . . . . . . 17
               6.3.3. Security. . . . . . . . . . . . . . . . . . . . 18
        6.4.   Push and Pull Mode Reporting . . . . . . . . . . . . . 18
        6.5.   Regular Reporting Interval . . . . . . . . . . . . . . 18
        6.6.   Notification on Specific Events. . . . . . . . . . . . 18
        6.7.   Anonymization. . . . . . . . . . . . . . . . . . . . . 18
   7.   Configuration . . . . . . . . . . . . . . . . . . . . . . . . 19
        7.1.   Configuration of the Metering Process. . . . . . . . . 19
        7.2.   Configuration of the Exporting Process . . . . . . . . 19
   8.   General Requirements. . . . . . . . . . . . . . . . . . . . . 20
        8.1.   Openness . . . . . . . . . . . . . . . . . . . . . . . 20
        8.2.   Scalability. . . . . . . . . . . . . . . . . . . . . . 20
        8.3.   Several Collecting Processes . . . . . . . . . . . . . 20
   9.   Special Device Considerations . . . . . . . . . . . . . . . . 20
   10.  Security Considerations . . . . . . . . . . . . . . . . . . . 23
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools