70 likes | 239 Vues
IPFIX Aggregation. draft-dressler-ipfix-aggregation-02.txt. Key Contributions in brief. Rule-based Description Language for complex Metering Processes Flexible definition of Flow Keys beyond the typical IP-5-tuple Specification of exported IEs (Flow Key or non-Flow Key)
E N D
IPFIX Aggregation draft-dressler-ipfix-aggregation-02.txt
Key Contributions in brief • Rule-based Description Language for complex Metering Processes • Flexible definition of Flow Keys beyond the typical IP-5-tuple • Specification of exported IEs (Flow Key or non-Flow Key) • implicit aggregation of non-Flow Key IEs • implicit definition of Templates • Filtering on IE values • Rule chaining • IPFIX Extensions • New template type: Data Template • contains fixed value fields (= common properties) • necessary to report filters and rule chaining to the collector • New abstract data types: • ipv4Network, portRanges • How these can be used for Flow Aggregation • Reduction of monitoring data bandwidth savings and performance savings at the collector • Speed-up of flow accounting by reducing concurrent streams in a monitor • Aggregation of multiple IPFIX streams concentrator functionality Focus of thispresentation 65th IETF Meeting
Description Language for Metering Processes field modifier IE pattern (optional) • Each rule specifies • Flow Key IEs • reported non-Flow Key IEs • Optional filters • Rule syntax: • field modifier := keep | mask/n | discard | aggregate • specifies how this IE is treated • defines if IE is reported in outgoing records or not • IE • mandatory field for incoming records • pattern (optional) • restricts rule to flow records that match this pattern implicit Template definition 65th IETF Meeting
Field Modifiers • keep • Specifies IE to be Flow Key in outgoing records • IE also has to be Flow Key in incoming records • Optional filtering on this IE using a pattern • mask/n • Modifies IP address information • Otherwise just like keep • discard • IE is removed from outgoing records • IE may not be Flow Key • Optional filtering on this IE using a pattern • aggregate • Specifies IE to be non-Flow Key in outgoing records • values are aggregated (how this is done depends on IE) 65th IETF Meeting
Example • Goal: • Meter flows to web servers (http/https) in 10.10.0.0/16 • Aggregate sources addresses into /24 network addresses • Rule: discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in 10.10.0.0/16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds 65th IETF Meeting
Example – cont’d discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in 10.10.0.0/16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds • Incoming records: • Outgoing records: Flow Key discarded discarded masked pattern mismatch aggregated 65th IETF Meeting
Conclusion • Flexible Flow Key definition enables flow aggregation • Filtering enables adaptive metering • Implicit Template definition 65th IETF Meeting