Internet Protocol Flow Information Export (IPFIX) is an

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...

protocol, as well as the name of the IETF

working group A working group, or working party, is a group of experts working together to achieve specified goals. The groups are domain-specific and focus on discussion or activity around a specific subject area. The term can sometimes refer to an interdis ...

defining the protocol. It was created based on the need for a common, universal standard of export for

Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP h ...

flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing. The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector. Previously many data network operators were relying on

Cisco Systems Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...

' proprietary

NetFlow NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine thin ...

technology for traffic flow information export. The IPFIX standards requirements were outlined in the original RFC 3917. Cisco

Version 9 was the basis for IPFIX. The basic specifications for IPFIX are documented in RFC 7011 through RFC 7015, and RFC 5103.

Architecture

The following figure shows a typical architecture of information flow in an IPFIX architecture: Exporter IPFIX Collector O--------------------------->O , , Observation , Domain , Metering #1 , Metering #2 O----------------O----------------O Metering #3 , , , , Observation , Observation , Observation , Point #1 , Point #2 , Point #3 v , , ---- IP Traffic ---> , , v , --------------- More IP Traffic ---> , v ---------------------------------- More IP Traffic ---> A pool of Metering Processes collects data packets at one or more Observation Points, optionally filters them and aggregates information about these packets. An Exporter then gathers each of the Observation Points together into an Observation Domain and sends this information via the IPFIX protocol to a Collector. Exporters and Collectors are in a

many-to-many Many-to-many communication occurs when information is shared between groups. Members of a group receive information from multiple senders. Wikis are a type of many-to-many communication, where multiple editors collaborate to create content that is ...

relationship: One Exporter can send data to many Collectors and one Collector can receive data from many Exporters. IEEE communications magazine,http://ieeexplore.ieee.org.lcproxy.shu.ac.uk/stamp/stamp.jsp?tp=&arnumber=5741152

Protocol

Similar to the NetFlow Protocol, IPFIX considers a flow to be any number of packets observed in a specific timeslot and sharing a number of properties, e.g. "same source, same destination, same protocol". Using IPFIX, devices like routers can inform a central monitoring station about their view of a potentially larger network. IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver. The actual makeup of data in IPFIX messages is to a great extent up to the sender. IPFIX introduces the makeup of these messages to the receiver with the help of special Templates. The sender is also free to use user-defined data types in its messages, so the protocol is freely extensible and can adapt to different scenarios. IPFIX prefers the Stream Control Transmission Protocol (SCTP) as its

transport layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...

protocol, but also allows the use of the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).

Example

A simple information set sent via IPFIX might look like this: Source Destination Packets ------------------------------------------ 192.168.0.201 192.168.0.1 235 192.168.0.202 192.168.0.1 42 This information set would be sent in the following IPFIX message: As can be seen, the message contains the IPFIX header and two IPFIX Sets: One Template Set that introduces the build-up of the Data Set used, as well as one Data Set, which contains the actual data. When IPFIX is sent over a protocol which keeps a session state (TCP or SCTP), the Template Set need not be retransmitted since it is buffered in Collectors. Since the Template Set can change over time, it must be retransmitted if a new session state is established or if IPFIX is sent over UDP which is a session-less protocol.

References

{{reflist

External links

Architecture

Protocol

Example

See also

References

External links