1 / 8

IPFIX Architecture in Network Monitoring

Learn about the architecture and terminology of IPFIX, defining flows, flow recording, and important components within an IPFIX device. Explore encoding control and flow data information, exporting control, and error handling in this informative guide.

galenk
Download Presentation

IPFIX Architecture in Network Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPFIX Architecture draft-ietf-ipfix-arch-01.txt Ganesh Sadasivan / Nevil Brownlee

  2. Flow Definition A flow is defined as a set of IP packets passing an observation point in a network during a certain time interval. All packets that belong to a particular flow have a set of common properties derived from the data contained in the packet and from the packet treatment at the observation point. A 'flow' is a set of IP packets, or encapsulated IP packets,passing an observation point in the network during a certain time interval.

  3. Terminology • In sync with draft-ietf-ipfix-reqs-10.txt for most of the definitions • Some extra definitions: • Collector:The device which hosts one or more collecting processes. • Flow Recording Process: The flows generated from the metering device(s) in an Observation Domain MAY be collected into one or more database before exporting. This is an optional block.

  4. Architecture Diagrams • Reference Model • A typical IPFIX device – shows the association between various components within an IPFIX device • Logical Blocks and Functional flow within an IPFIX device

  5. New Sections • IPFIX Protocol • List of rule categories • List of functions • Encoding Control Information • Encoding Flow Data Information • Exporting Control Information • Export Error Handling

  6. New Sections (Contd.) • Selected IPFIX Protocol • Brief overview of Netflow V9 • IPFIX Specific DoS attack

  7. Need More Inputs • Encoding Control Information (network order or host order etc.) • Encoding Flow Data Information – need clearer guidelines • Export Models • Anonymization of IPFIX export packets • IPFIX Specific DoS attack (sec. 13.3.3) • No section on exporter overloading

  8. Questions?

More Related