1 / 9

Evaluation of NetFlow Version 9: Compliance and Changes in IPFIX Requirements

This document evaluates NetFlow Version 9 against the requirements specified in the IPFIX framework, highlighting key changes from version 03 to 04. The evaluation covers several aspects, including sampling, time synchronization, reliability, and congestion awareness. It addresses implementation status, commercial usage, and necessary extensions to meet compliance. The report emphasizes the importance of sampling functions, correct time records, and ensuring reliable data transfer in flow records. It concludes with a summary of compliance status across various dimensions of the standards.

stephen-hunter
Télécharger la présentation

Evaluation of NetFlow Version 9: Compliance and Changes in IPFIX Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluation of NetFlow Version 9 Against IPFIX Requirements:changes from version 03 to 04draft-claise-ipfix-eval-netflow-04.txt Benoit Claise, Cisco Systems

  2. Small Editorial Changes • Is it already implemented? • Is it already in commercial use? • ICMP • Etc... draft-claise-ipfix-eval-netflow-04.txt

  3. Sampling • From the evaluation team last report: Sampling, Extension Needed • Now, Total Compliance • Adding a sampling function to the metering process: Total Compliance • Removing a sampling function from the metering process: Total Compliance • Change sampling method: Total Compliance • Change sampling parameter: Total Compliance draft-claise-ipfix-eval-netflow-04.txt

  4. Time Synchronization • From the evaluation team last report: Time Synchronization, Partial Compliance • Total Compliance with proposed solution • The flow records contain both the flow start and the flow end sysUpTime. • The exporter could periodically send an Option Template containing a time synchronization pair composed of a sysUpTime and a unix_msecs (Number of milli seconds since 0000 UTC 1970), taken at the same point in time. • The collecting process could deduce the flow start and flow end UTC time of every single flow record. draft-claise-ipfix-eval-netflow-04.txt

  5. Congestion Awareness • “It was suggested that advocates must elaborate on how their protocol will be extended” • Upcoming Compliance with SCTP-PR • For more details on proposed implementations, refer to the draft:draft-djernaes-netflow-9-transport-00 draft-claise-ipfix-eval-netflow-04.txt

  6. Reliability Extensions • “The data transfer between exporting process and collecting process MUST be open to reliability extensions • Upcoming Compliance with SCTP-PR • refer to the draft:draft-djernaes-netflow-9-transport-00 draft-claise-ipfix-eval-netflow-04.txt

  7. Set of Properties for Distinguishing Flows • “it MUST be ensured that a collecting process is able to clearly identify for each received flow record which set of properties was used for distinguishing this flow from other ones” • From the Template ID and the Observation Domain we can find back the set of properties used to distinguish the flows. • Total Compliance draft-claise-ipfix-eval-netflow-04.txt

  8. Thank you for your attention ! Questions ?

  9. Summary • Reliability (metering) E • Sampling E -> T • Overload Behavior T • Timestamps T • Time Synchronization P -> T • Information Model T • Data Model T • Congestion Awareness F -> U • Reliability Extension P -> U • Security E • Push Mode Reporting T • Pull Mode Reporting F • Notifications on Events T • Anonymization E • Openness T • Scalability T • Several Collecting Proc. T draft-claise-ipfix-eval-netflow-04.txt

More Related