7270
INFORMATIONAL
Cisco-Specific Information Elements Reused in IP Flow Information Export (IPFIX)
Authors: A. Yourtchenko, P. Aitken, B. Claise
Date: June 2014
Working Group: NON WORKING GROUP
Stream: IETF
Abstract
This document describes some additional IP Flow Information Export (IPFIX) Information Elements in the range of 1-127, which is the range compatible with field types used by NetFlow version 9 in RFC 3954, as specified in the IPFIX Information Model in RFC 7012.
RFC 7270
INFORMATIONAL
Errata Exist
Internet Engineering Task Force (IETF) A. Yourtchenko
Request for Comments: 7270 P. Aitken
Category: Informational B. Claise
ISSN: 2070-1721 Cisco Systems, Inc.
June 2014
<span class="h1">Cisco-Specific Information Elements</span>
<span class="h1">Reused in IP Flow Information Export (IPFIX)</span>
Abstract
This document describes some additional IP Flow Information Export
(IPFIX) Information Elements in the range of 1-127, which is the
range compatible with field types used by NetFlow version 9 in <a href="./rfc3954">RFC</a>
<a href="./rfc3954">3954</a>, as specified in the IPFIX Information Model in <a href="./rfc7012">RFC 7012</a>.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="https://www.rfc-editor.org/info/rfc7270">http://www.rfc-editor.org/info/rfc7270</a>.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
<span class="grey">Yourtchenko, et al. Informational [Page 1]</span><span id="page-2" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-2">2</a>
<a href="#section-2">2</a>. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-3">3</a>. Information Elements Overview . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-4">4</a>. Information Elements . . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.1">4.1</a>. samplingInterval . . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.2">4.2</a>. samplingAlgorithm . . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.3">4.3</a>. engineType . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-4.4">4.4</a>. engineId . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-4.5">4.5</a>. ipv4RouterSc . . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-4.6">4.6</a>. samplerId . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-4.7">4.7</a>. samplerMode . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-4.8">4.8</a>. samplerRandomInterval . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-4.9">4.9</a>. classId . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
<a href="#section-4.10">4.10</a>. samplerName . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
<a href="#section-4.11">4.11</a>. flagsAndSamplerId . . . . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
<a href="#section-4.12">4.12</a>. forwardingStatus . . . . . . . . . . . . . . . . . . . . <a href="#page-8">8</a>
<a href="#section-4.13">4.13</a>. srcTrafficIndex . . . . . . . . . . . . . . . . . . . . . <a href="#page-9">9</a>
<a href="#section-4.14">4.14</a>. dstTrafficIndex . . . . . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-4.15">4.15</a>. className . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-4.16">4.16</a>. layer2packetSectionOffset . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-4.17">4.17</a>. layer2packetSectionSize . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-4.18">4.18</a>. layer2packetSectionData . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-5">5</a>. Other Information Elements . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-5.1">5.1</a>. Performance Metrics IEs . . . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-5.2">5.2</a>. Application Information IEs . . . . . . . . . . . . . . . <a href="#page-11">11</a>
<a href="#section-5.3">5.3</a>. IEs Assigned for NetFlow v9 Compatibility . . . . . . . . <a href="#page-11">11</a>
<a href="#section-6">6</a>. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <a href="#page-12">12</a>
<a href="#section-7">7</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8">8</a>. References . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8.1">8.1</a>. Normative References . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#section-8.2">8.2</a>. Informative References . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<a href="#appendix-A">Appendix A</a>. XML Specification of IPFIX Information Elements . . <a href="#page-15">15</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
<a href="./rfc7012#section-4">Section 4 of [RFC7012]</a> defines the IPFIX Information Elements (IEs)
in the range of 1-127 to be compatible with the NetFlow version 9
fields, as specified in "Cisco Systems NetFlow Services Export
Version 9" [<a href="./rfc3954" title=""Cisco Systems NetFlow Services Export Version 9"">RFC3954</a>]. As [<a href="./rfc3954" title=""Cisco Systems NetFlow Services Export Version 9"">RFC3954</a>] was published in 2004, it does
not contain all NetFlow version 9 field types in the range of 1-127.
The question was asked whether IPFIX Devices should exclusively
report the IANA IPFIX IEs [<a href="#ref-IANA-IPFIX">IANA-IPFIX</a>]. In other words, when
upgrading from a NetFlow Metering Process to an IPFIX Metering
Process, should the IPFIX Devices stop reporting IEs specific to
NetFlow version 9 that were not registered in IANA [<a href="#ref-IANA-IPFIX">IANA-IPFIX</a>]?
<span class="grey">Yourtchenko, et al. Informational [Page 2]</span><span id="page-3" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
This document is intended to fill the gap in this IE range. It
describes some additional IPFIX Information Elements in the range of
1-127, which is the range compatible with field types used by NetFlow
version 9 in [<a href="./rfc3954" title=""Cisco Systems NetFlow Services Export Version 9"">RFC3954</a>], as specified in the IPFIX Information Model
[<a href="./rfc7012" title=""Information Model for IP Flow Information Export (IPFIX)"">RFC7012</a>]. With this, IPFIX implementations could export all the
Information Elements specified in IANA [<a href="#ref-IANA-IPFIX">IANA-IPFIX</a>], regardless of
the range.
This document follows the rules in "Guidelines for Authors and
Reviewers of IP Flow Export (IPFIX) Information Elements" [<a href="./rfc7013" title=""Guidelines for Authors and Reviewers of IP Flow Information Export (IPFIX) Information Elements"">RFC7013</a>].
This document does not extend [<a href="./rfc3954" title=""Cisco Systems NetFlow Services Export Version 9"">RFC3954</a>]. The IPFIX Protocol
[<a href="./rfc7011" title=""Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information"">RFC7011</a>] has its own Information Model ([<a href="./rfc7012" title=""Information Model for IP Flow Information Export (IPFIX)"">RFC7012</a>] and IANA
[<a href="#ref-IANA-IPFIX">IANA-IPFIX</a>]), which is extensible upon application to IANA, subject
to expert review by IE-DOCTORS [<a href="./rfc7013" title=""Guidelines for Authors and Reviewers of IP Flow Information Export (IPFIX) Information Elements"">RFC7013</a>]. This document extends the
IPFIX Information Model.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Terminology</span>
IPFIX-specific terminology used in this document is defined in
<a href="./rfc7011#section-2">Section 2 of [RFC7011]</a>. As in [<a href="./rfc7011" title=""Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information"">RFC7011</a>], these IPFIX-specific terms
have the first letter of a word capitalized when used in this
document.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Information Elements Overview</span>
The following Information Elements are discussed in the sections
below:
+----+-----------------------+-----+---------------------------+
| ID | Name | ID | Name |
+----+-----------------------+-----+---------------------------+
| 34 | samplingInterval | 84 | samplerName |
| 35 | samplingAlgorithm | 87 | flagsAndSamplerId |
| 38 | engineType | 89 | forwardingStatus |
| 39 | engineId | 92 | srcTrafficIndex |
| 43 | ipv4RouterSc | 93 | dstTrafficIndex |
| 48 | samplerId | 100 | className |
| 49 | samplerMode | 102 | layer2packetSectionOffset |
| 50 | samplerRandomInterval | 103 | layer2packetSectionSize |
| 51 | classId | 104 | layer2packetSectionData |
+----+-----------------------+-----+---------------------------+
Table 1
<span class="grey">Yourtchenko, et al. Informational [Page 3]</span><span id="page-4" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Information Elements</span>
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. samplingInterval</span>
Description:
Deprecated in favor of 305 samplingPacketInterval. When using
sampled NetFlow, the rate at which packets are sampled -- e.g., a
value of 100 indicates that one of every 100 packets is sampled.
Abstract Data Type: unsigned32
ElementId: 34
Semantics: quantity
Status: deprecated
Units: packets
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. samplingAlgorithm</span>
Description:
Deprecated in favor of 304 selectorAlgorithm. The type of
algorithm used for sampled NetFlow:
1 - Deterministic Sampling,
2 - Random Sampling.
The values are not compatible with the selectorAlgorithm IE, where
"Deterministic" has been replaced by "Systematic count-based" (1)
or "Systematic time-based" (2), and "Random" is (3). Conversion
is required; see "Packet Sampling (PSAMP) Parameters"
[<a href="#ref-IANA-PSAMP">IANA-PSAMP</a>].
Abstract Data Type: unsigned8
ElementId: 35
Semantics: identifier
Status: deprecated
<span class="grey">Yourtchenko, et al. Informational [Page 4]</span><span id="page-5" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h3"><a class="selflink" id="section-4.3" href="#section-4.3">4.3</a>. engineType</span>
Description:
Type of flow switching engine in a router/switch:
RP = 0,
VIP/Line card = 1,
PFC/DFC = 2.
Reserved for internal use on the Collector.
Abstract Data Type: unsigned8
ElementId: 38
Semantics: identifier
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.4" href="#section-4.4">4.4</a>. engineId</span>
Description:
Versatile Interface Processor (VIP) or line card slot number of
the flow switching engine in a router/switch. Reserved for
internal use on the Collector.
Abstract Data Type: unsigned8
ElementId: 39
Semantics: identifier
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.5" href="#section-4.5">4.5</a>. ipv4RouterSc</span>
Description:
This is a platform-specific field for the Catalyst 5000/Catalyst
6000 family. It is used to store the address of a router that is
being shortcut when performing MultiLayer Switching.
Abstract Data Type: ipv4Address
ElementId: 43
Semantics: default
<span class="grey">Yourtchenko, et al. Informational [Page 5]</span><span id="page-6" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Status: deprecated
Reference:
[<a href="#ref-CCO-MLS" title=""IP MultiLayer Switching Sample Configuration"">CCO-MLS</a>] describes MultiLayer Switching.
<span class="h3"><a class="selflink" id="section-4.6" href="#section-4.6">4.6</a>. samplerId</span>
Description:
Deprecated in favor of 302 selectorId. The unique identifier
associated with samplerName.
Abstract Data Type: unsigned8
ElementId: 48
Semantics: identifier
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.7" href="#section-4.7">4.7</a>. samplerMode</span>
Description:
Deprecated in favor of 304 selectorAlgorithm. The values are not
compatible: selectorAlgorithm=3 is random sampling. The type of
algorithm used for sampling data: 1 - Deterministic, 2 - Random
Sampling. Use with samplerRandomInterval.
Abstract Data Type: unsigned8
ElementId: 49
Semantics: identifier
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.8" href="#section-4.8">4.8</a>. samplerRandomInterval</span>
Description:
Deprecated in favor of 305 samplingPacketInterval. Packet
interval at which to sample -- in case of random sampling. Used
in connection with the samplerMode 0x02 (random sampling) value.
Abstract Data Type: unsigned32
ElementId: 50
<span class="grey">Yourtchenko, et al. Informational [Page 6]</span><span id="page-7" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Semantics: quantity
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.9" href="#section-4.9">4.9</a>. classId</span>
Description:
Deprecated in favor of 302 selectorId. Characterizes the traffic
class, i.e., QoS treatment.
Abstract Data Type: unsigned8
ElementId: 51
Semantics: identifier
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.10" href="#section-4.10">4.10</a>. samplerName</span>
Description:
Deprecated in favor of 335 selectorName. Name of the flow
sampler.
Abstract Data Type: string
ElementId: 84
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.11" href="#section-4.11">4.11</a>. flagsAndSamplerId</span>
Description:
Flow flags and the value of the sampler ID (samplerId) combined in
one bitmapped field. Reserved for internal use on the Collector.
Abstract Data Type: unsigned32
ElementId: 87
Semantics: identifier
Status: deprecated
<span class="grey">Yourtchenko, et al. Informational [Page 7]</span><span id="page-8" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h3"><a class="selflink" id="section-4.12" href="#section-4.12">4.12</a>. forwardingStatus</span>
Description:
This Information Element describes the forwarding status of the
flow and any attached reasons. The reduced-size encoding rules as
per [<a href="./rfc7011" title=""Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information"">RFC7011</a>] apply.
The basic encoding is 8 bits. The future extensions
could add one or three bytes. The layout of the basic
encoding is as follows:
MSB - 0 1 2 3 4 5 6 7 - LSB
+---+---+---+---+---+---+---+---+
| Status| Reason code or flags |
+---+---+---+---+---+---+---+---+
Status:
00b = Unknown
01b = Forwarded
10b = Dropped
11b = Consumed
Reason Code (status = 01b, Forwarded)
01 000000b = 64 = Unknown
01 000001b = 65 = Fragmented
01 000010b = 66 = Not Fragmented
Reason Code (status = 10b, Dropped)
10 000000b = 128 = Unknown
10 000001b = 129 = ACL deny
10 000010b = 130 = ACL drop
10 000011b = 131 = Unroutable
10 000100b = 132 = Adjacency
10 000101b = 133 = Fragmentation and DF set
10 000110b = 134 = Bad header checksum
10 000111b = 135 = Bad total Length
10 001000b = 136 = Bad header length
10 001001b = 137 = bad TTL
10 001010b = 138 = Policer
10 001011b = 139 = WRED
10 001100b = 140 = RPF
10 001101b = 141 = For us
10 001110b = 142 = Bad output interface
10 001111b = 143 = Hardware
<span class="grey">Yourtchenko, et al. Informational [Page 8]</span><span id="page-9" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Reason Code (status = 11b, Consumed)
11 000000b = 192 = Unknown
11 000001b = 193 = Punt Adjacency
11 000010b = 194 = Incomplete Adjacency
11 000011b = 195 = For us
Examples:
value : 0x40 = 64
binary: 01000000
decode: 01 -> Forward
000000 -> No further information
value : 0x89 = 137
binary: 10001001
decode: 10 -> Drop
001001 -> Fragmentation and DF set
Abstract Data Type: unsigned32
ElementId: 89
Semantics: identifier
Status: current
Reference:
See "NetFlow Version 9 Flow-Record Format" [<a href="#ref-CCO-NF9FMT">CCO-NF9FMT</a>].
<span class="h3"><a class="selflink" id="section-4.13" href="#section-4.13">4.13</a>. srcTrafficIndex</span>
Description:
BGP Policy Accounting Source Traffic Index.
Abstract Data Type: unsigned32
ElementId: 92
Semantics: identifier
Status: current
Reference:
BGP policy accounting as described in [<a href="#ref-CCO-BGPPOL">CCO-BGPPOL</a>].
<span class="grey">Yourtchenko, et al. Informational [Page 9]</span><span id="page-10" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h3"><a class="selflink" id="section-4.14" href="#section-4.14">4.14</a>. dstTrafficIndex</span>
Description:
BGP Policy Accounting Destination Traffic Index.
Abstract Data Type: unsigned32
ElementId: 93
Semantics: identifier
Status: current
Reference:
BGP policy accounting as described in [<a href="#ref-CCO-BGPPOL">CCO-BGPPOL</a>].
<span class="h3"><a class="selflink" id="section-4.15" href="#section-4.15">4.15</a>. className</span>
Description:
Deprecated in favor of 335 selectorName. Traffic Class Name,
associated with the classId Information Element.
Abstract Data Type: string
ElementId: 100
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.16" href="#section-4.16">4.16</a>. layer2packetSectionOffset</span>
Description:
Deprecated in favor of 409 sectionOffset. Layer 2 packet section
offset. Potentially a generic packet section offset.
Abstract Data Type: unsigned16
ElementId: 102
Semantics: quantity
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.17" href="#section-4.17">4.17</a>. layer2packetSectionSize</span>
Description:
Deprecated in favor of 312 dataLinkFrameSize. Layer 2 packet
section size. Potentially a generic packet section size.
<span class="grey">Yourtchenko, et al. Informational [Page 10]</span><span id="page-11" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Abstract Data Type: unsigned16
ElementId: 103
Semantics: quantity
Status: deprecated
<span class="h3"><a class="selflink" id="section-4.18" href="#section-4.18">4.18</a>. layer2packetSectionData</span>
Description:
Deprecated in favor of 315 dataLinkFrameSection. Layer 2 packet
section data.
Abstract Data Type: octetArray
ElementId: 104
Status: deprecated
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Other Information Elements</span>
<span class="h3"><a class="selflink" id="section-5.1" href="#section-5.1">5.1</a>. Performance Metrics IEs</span>
ElementId: 65 .. <a href="#page-69">69</a>
Performance metrics will need a consolidation in the industry, based
on [<a href="./rfc6390" title=""Guidelines for Considering New Performance Metric Development"">RFC6390</a>]. Once this consolidation happens, via a separate
document the IEs 65-69 will either be assigned in the IANA registry
or their status will be deprecated.
<span class="h3"><a class="selflink" id="section-5.2" href="#section-5.2">5.2</a>. Application Information IEs</span>
ElementId: 94 .. <a href="#page-96">96</a>
ElementId: 101
Please refer to [<a href="./rfc6759" title=""Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX)"">RFC6759</a>].
<span class="h3"><a class="selflink" id="section-5.3" href="#section-5.3">5.3</a>. IEs Assigned for NetFlow v9 Compatibility</span>
ElementId: 105..127
These element IDs are not covered by this document and are left "as
is", i.e., for NetFlow v9 compatibility.
<span class="grey">Yourtchenko, et al. Informational [Page 11]</span><span id="page-12" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IANA Considerations</span>
This document specifies several new IPFIX Information Elements in
IANA's "IPFIX Information Elements" registry [<a href="#ref-IANA-IPFIX">IANA-IPFIX</a>] as
summarized in <a href="#section-3">Section 3</a> and detailed in <a href="#section-4">Section 4</a> above. The
following Information Elements have been assigned:
o IE Number 34 for the samplingInterval IE
o IE Number 35 for the samplingAlgorithm IE
o IE Number 38 for the engineType IE
o IE Number 39 for the engineId IE
o IE Number 43 for the ipv4RouterSc IE
o IE Number 48 for the samplerId IE
o IE Number 49 for the samplerMode IE
o IE Number 50 for the samplerRandomInterval IE
o IE Number 51 for the classId IE
o IE Number 84 for the samplerName IE
o IE Number 87 for the flagsAndSamplerId IE
o IE Number 89 for the forwardingStatus IE
o IE Number 92 for the srcTrafficIndex IE
o IE Number 93 for the dstTrafficIndex IE
o IE Number 100 for the className IE
o IE Number 102 for the layer2packetSectionOffset IE
o IE Number 103 for the layer2packetSectionSize IE
o IE Number 104 for the layer2packetSectionData IE
<span class="grey">Yourtchenko, et al. Informational [Page 12]</span><span id="page-13" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
This document specifies the definitions of several Information
Elements and does not alter the security considerations of the base
protocol. Please refer to the security considerations sections of
[<a href="./rfc3954" title=""Cisco Systems NetFlow Services Export Version 9"">RFC3954</a>] and [<a href="./rfc7012" title=""Information Model for IP Flow Information Export (IPFIX)"">RFC7012</a>].
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. References</span>
<span class="h3"><a class="selflink" id="section-8.1" href="#section-8.1">8.1</a>. Normative References</span>
[<a id="ref-RFC7011">RFC7011</a>] Claise, B., Trammell, B., and P. Aitken, "Specification of
the IP Flow Information Export (IPFIX) Protocol for the
Exchange of Flow Information", STD 77, <a href="./rfc7011">RFC 7011</a>, September
2013.
<span class="h3"><a class="selflink" id="section-8.2" href="#section-8.2">8.2</a>. Informative References</span>
[<a id="ref-CCO-BGPPOL">CCO-BGPPOL</a>]
Cisco, "BGP Policy Accounting and BGP Policy Accounting
Output Interface Accounting Features", December 2005,
<<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">http://www.cisco.com/en/US/tech/tk365/</a>
<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">technologies_tech_note09186a0080094e88.shtml</a>>.
[<a id="ref-CCO-MLS">CCO-MLS</a>] Cisco, "IP MultiLayer Switching Sample Configuration",
November 2007,
<<a href="http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml">http://www.cisco.com/en/US/products/hw/switches/ps700/</a>
<a href="http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml">products_configuration_example09186a00800ab513.shtml</a>>.
[<a id="ref-CCO-NF9FMT">CCO-NF9FMT</a>]
Cisco, "NetFlow Version 9 Flow-Record Format", May 2011,
<<a href="http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html">http://www.cisco.com/en/US/technologies/tk648/tk362/</a>
<a href="http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html">technologies_white_paper09186a00800a3db9.html</a>>.
[<a id="ref-IANA-IPFIX">IANA-IPFIX</a>]
IANA, "IP Flow Information Export (IPFIX) Entities",
<<a href="http://www.iana.org/assignments/ipfix/">http://www.iana.org/assignments/ipfix/</a>>.
[<a id="ref-IANA-PSAMP">IANA-PSAMP</a>]
IANA, "Packet Sampling (PSAMP) Parameters",
<<a href="http://www.iana.org/assignments/psamp-parameters/">http://www.iana.org/assignments/psamp-parameters/</a>>.
[<a id="ref-RFC3954">RFC3954</a>] Claise, B., "Cisco Systems NetFlow Services Export Version
9", <a href="./rfc3954">RFC 3954</a>, October 2004.
[<a id="ref-RFC6390">RFC6390</a>] Clark, A. and B. Claise, "Guidelines for Considering New
Performance Metric Development", <a href="https://www.rfc-editor.org/bcp/bcp170">BCP 170</a>, <a href="./rfc6390">RFC 6390</a>,
October 2011.
<span class="grey">Yourtchenko, et al. Informational [Page 13]</span><span id="page-14" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
[<a id="ref-RFC6759">RFC6759</a>] Claise, B., Aitken, P., and N. Ben-Dvora, "Cisco Systems
Export of Application Information in IP Flow Information
Export (IPFIX)", <a href="./rfc6759">RFC 6759</a>, November 2012.
[<a id="ref-RFC7012">RFC7012</a>] Claise, B. and B. Trammell, "Information Model for IP Flow
Information Export (IPFIX)", <a href="./rfc7012">RFC 7012</a>, September 2013.
[<a id="ref-RFC7013">RFC7013</a>] Trammell, B. and B. Claise, "Guidelines for Authors and
Reviewers of IP Flow Information Export (IPFIX)
Information Elements", <a href="https://www.rfc-editor.org/bcp/bcp184">BCP 184</a>, <a href="./rfc7013">RFC 7013</a>, September 2013.
<span class="grey">Yourtchenko, et al. Informational [Page 14]</span><span id="page-15" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. XML Specification of IPFIX Information Elements</span>
<?xml version="1.0" encoding="UTF-8"?>
<fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
ipfix-info.xsd">
<field name="samplingInterval" dataType="unsigned32"
group=""
dataTypeSemantics="quantity"
elementId="34" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 305 samplingPacketInterval. When using
sampled NetFlow, the rate at which packets are sampled --
e.g., a value of 100 indicates that one of every 100 packets
is sampled.
</paragraph>
</description>
</field>
<field name="samplingAlgorithm" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="35" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 304 selectorAlgorithm. The type of
algorithm used for sampled NetFlow: 1 - Deterministic Sampling,
2 - Random Sampling. The values are not compatible with the
selectorAlgorithm IE, where "Deterministic" has been replaced
by "Systematic count-based" (1) or "Systematic time-based" (2),
and "Random" is (3). Conversion is required; see
[<a href="#ref-IANA-PSAMP">IANA-PSAMP</a>] PSAMP parameters.
</paragraph>
</description>
</field>
<field name="engineType" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="38" applicability="flow" status="deprecated">
<description>
<paragraph>
Type of flow switching engine in a router/switch: RP = 0,
VIP/Line card = 1, PFC/DFC = 2. Reserved for internal use on
the Collector.
</paragraph>
<span class="grey">Yourtchenko, et al. Informational [Page 15]</span><span id="page-16" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
</description>
</field>
<field name="engineId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="39" applicability="flow" status="deprecated">
<description>
<paragraph>
Versatile Interface Processor (VIP) or line card slot number of
the flow switching engine in a router/switch. Reserved for
internal use on the Collector.
</paragraph>
</description>
</field>
<field name="ipv4RouterSc" dataType="ipv4Address"
group=""
dataTypeSemantics="default"
elementId="43" applicability="flow" status="deprecated">
<description>
<paragraph>
This is a platform-specific field for the Catalyst 5000/Catalyst
6000 family. It is used to store the address of a router that
is being shortcut when performing MultiLayer Switching.
</paragraph>
</description>
<reference>
<a href="http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml">http://www.cisco.com/en/US/products/hw/switches/ps700/</a>
<a href="http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml">products_configuration_example09186a00800ab513.shtml</a>
describes MultiLayer Switching.
</reference>
</field>
<field name="samplerId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="48" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 302 selectorId. The unique identifier
associated with samplerName.
</paragraph>
</description>
</field>
<field name="samplerMode" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="49" applicability="flow" status="deprecated">
<description>
<paragraph>
<span class="grey">Yourtchenko, et al. Informational [Page 16]</span><span id="page-17" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
Deprecated in favor of 304 selectorAlgorithm. The values are
not compatible: selectorAlgorithm=3 is random sampling. The
type of algorithm used for sampled NetFlow: 1 - Deterministic
Sampling, 2 - Random Sampling. Use with samplerRandomInterval.
</paragraph>
</description>
</field>
<field name="samplerRandomInterval" dataType="unsigned32"
group=""
dataTypeSemantics="quantity"
elementId="50" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 305 samplingPacketInterval. Packet
interval at which to sample -- in case of random sampling. Used
in connection with the samplerMode 0x02 (random sampling) value.
</paragraph>
</description>
</field>
<field name="classId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="51" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 302 selectorId. Characterizes the
traffic class, i.e., QoS treatment.
</paragraph>
</description>
</field>
<field name="samplerName" dataType="string"
group=""
dataTypeSemantics=""
elementId="84" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 335 selectorName. Name of the flow
sampler.
</paragraph>
</description>
</field>
<field name="flagsAndSamplerId" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="87" applicability="flow" status="deprecated">
<description>
<paragraph>
Flow flags and the value of the sampler ID (samplerId) combined
<span class="grey">Yourtchenko, et al. Informational [Page 17]</span><span id="page-18" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
in one bitmapped field. Reserved for internal use on the
Collector.
</paragraph>
</description>
</field>
<field name="forwardingStatus" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="89" applicability="flow" status="current">
<description>
<paragraph>
This Information Element describes the forwarding status of the
flow and any attached reasons. The reduced-size encoding rules
as per [<a href="./rfc7011" title=""Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information"">RFC7011</a>] apply.
</paragraph>
<artwork>
The basic encoding is 8 bits. The future extensions
could add one or three bytes. The layout of the basic
encoding is as follows:
MSB - 0 1 2 3 4 5 6 7 - LSB
+---+---+---+---+---+---+---+---+
| Status| Reason code or flags |
+---+---+---+---+---+---+---+---+
Status:
00b = Unknown
01b = Forwarded
10b = Dropped
11b = Consumed
Reason Code (status = 01b, Forwarded)
01 000000b = 64 = Unknown
01 000001b = 65 = Fragmented
01 000010b = 66 = Not Fragmented
Reason Code (status = 10b, Dropped)
10 000000b = 128 = Unknown
10 000001b = 129 = ACL deny
10 000010b = 130 = ACL drop
10 000011b = 131 = Unroutable
10 000100b = 132 = Adjacency
10 000101b = 133 = Fragmentation and DF set
10 000110b = 134 = Bad header checksum
10 000111b = 135 = Bad total Length
10 001000b = 136 = Bad header length
<span class="grey">Yourtchenko, et al. Informational [Page 18]</span><span id="page-19" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
10 001001b = 137 = bad TTL
10 001010b = 138 = Policer
10 001011b = 139 = WRED
10 001100b = 140 = RPF
10 001101b = 141 = For us
10 001110b = 142 = Bad output interface
10 001111b = 143 = Hardware
Reason Code (status = 11b, Consumed)
11 000000b = 192 = Unknown
11 000001b = 193 = Punt Adjacency
11 000010b = 194 = Incomplete Adjacency
11 000011b = 195 = For us
Examples:
value : 0x40 = 64
binary: 01000000
decode: 01 -> Forward
000000 -> No further information
value : 0x89 = 137
binary: 10001001
decode: 10 -> Drop
001001 -> Fragmentation and DF set
</artwork>
</description>
<reference>
See <a href="http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html">http://www.cisco.com/en/US/technologies/tk648/tk362/</a>
<a href="http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html">technologies_white_paper09186a00800a3db9.html</a> -
NetFlow Version 9 Flow-Record Format.
</reference>
</field>
<field name="srcTrafficIndex" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="92" applicability="flow" status="current">
<description>
<paragraph>
BGP Policy Accounting Source Traffic Index.
</paragraph>
</description>
<reference>
BGP policy accounting as described in
<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">http://www.cisco.com/en/US/tech/tk365/</a>
<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">technologies_tech_note09186a0080094e88.shtml</a>
</reference>
<span class="grey">Yourtchenko, et al. Informational [Page 19]</span><span id="page-20" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
</field>
<field name="dstTrafficIndex" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="93" applicability="flow" status="current">
<description>
<paragraph>
BGP Policy Accounting Destination Traffic Index.
</paragraph>
</description>
<reference>
BGP policy accounting as described in
<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">http://www.cisco.com/en/US/tech/tk365/</a>
<a href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml">technologies_tech_note09186a0080094e88.shtml</a>
</reference>
</field>
<field name="className" dataType="string"
group=""
dataTypeSemantics=""
elementId="100" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 335 selectorName. Traffic Class Name,
associated with the classId Information Element.
</paragraph>
</description>
</field>
<field name="layer2packetSectionOffset" dataType="unsigned16"
group=""
dataTypeSemantics="quantity"
elementId="102" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 409 sectionOffset.
Layer 2 packet section offset. Potentially a generic packet
section offset.
</paragraph>
</description>
</field>
<field name="layer2packetSectionSize" dataType="unsigned16"
group=""
dataTypeSemantics="quantity"
elementId="103" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 312 dataLinkFrameSize.
Layer 2 packet section size. Potentially a generic packet
section size.
<span class="grey">Yourtchenko, et al. Informational [Page 20]</span><span id="page-21" ></span>
<span class="grey"><a href="./rfc7270">RFC 7270</a> Cisco Information Elements June 2014</span>
</paragraph>
</description>
</field>
<field name="layer2packetSectionData" dataType="octetArray"
group=""
dataTypeSemantics=""
elementId="104" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 315 dataLinkFrameSection.
Layer 2 packet section data.
</paragraph>
</description>
</field>
</fieldDefinitions>
Authors' Addresses
Andrew Yourtchenko
Cisco Systems, Inc.
De Kleetlaan, 7
Brussels, Diegem B-1831
Belgium
Phone: +32 2 704 5494
EMail: [email protected]
Paul Aitken
Cisco Systems, Inc.
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3616
EMail: [email protected]
Benoit Claise
Cisco Systems, Inc.
De Kleetlaan, 6a b1
Diegem B-1831
Belgium
Phone: +32 2 704 5622
EMail: [email protected]
Yourtchenko, et al. Informational [Page 21]
Annotations
Select text to annotate