1 / 7

IPFIX Aggregation

This presentation introduces a rule-based description language for complex metering processes within the IPFIX framework. It highlights flexible definitions of flow keys beyond the typical IP-5-tuple and specifies the treatment of exported information elements (IEs), supporting implicit aggregation and filtering based on IE values. The proposal's focus is on enhancing flow aggregation efficiency, saving bandwidth and improving performance at collectors. By detailing new templating mechanisms and abstract data types, it facilitates seamless flow accounting and optimizations in network monitoring.

phelan-bonner
Download Presentation

IPFIX Aggregation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPFIX Aggregation draft-dressler-ipfix-aggregation-02.txt

  2. Key Contributions in brief • Rule-based Description Language for complex Metering Processes • Flexible definition of Flow Keys beyond the typical IP-5-tuple • Specification of exported IEs (Flow Key or non-Flow Key) • implicit aggregation of non-Flow Key IEs • implicit definition of Templates • Filtering on IE values • Rule chaining • IPFIX Extensions • New template type: Data Template • contains fixed value fields (= common properties) • necessary to report filters and rule chaining to the collector • New abstract data types: • ipv4Network, portRanges • How these can be used for Flow Aggregation • Reduction of monitoring data  bandwidth savings and performance savings at the collector • Speed-up of flow accounting by reducing concurrent streams in a monitor • Aggregation of multiple IPFIX streams  concentrator functionality Focus of thispresentation 65th IETF Meeting

  3. Description Language for Metering Processes field modifier IE pattern (optional) • Each rule specifies • Flow Key IEs • reported non-Flow Key IEs • Optional filters • Rule syntax: • field modifier := keep | mask/n | discard | aggregate • specifies how this IE is treated • defines if IE is reported in outgoing records or not • IE • mandatory field for incoming records • pattern (optional) • restricts rule to flow records that match this pattern  implicit Template definition 65th IETF Meeting

  4. Field Modifiers • keep • Specifies IE to be Flow Key in outgoing records • IE also has to be Flow Key in incoming records • Optional filtering on this IE using a pattern • mask/n • Modifies IP address information • Otherwise just like keep • discard • IE is removed from outgoing records • IE may not be Flow Key • Optional filtering on this IE using a pattern • aggregate • Specifies IE to be non-Flow Key in outgoing records • values are aggregated (how this is done depends on IE) 65th IETF Meeting

  5. Example • Goal: • Meter flows to web servers (http/https) in 10.10.0.0/16 • Aggregate sources addresses into /24 network addresses • Rule: discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in 10.10.0.0/16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds 65th IETF Meeting

  6. Example – cont’d discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in 10.10.0.0/16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds • Incoming records: • Outgoing records: Flow Key discarded discarded masked pattern mismatch aggregated 65th IETF Meeting

  7. Conclusion • Flexible Flow Key definition  enables flow aggregation • Filtering  enables adaptive metering • Implicit Template definition 65th IETF Meeting

More Related