Network Working Group                                        B. Trammell
Request for Comments: 5103                                    CERT/NetSA
Category: Standards Track                                      E. Boschi
                                                          Hitachi Europe
                                                            January 2008
        
Network Working Group                                        B. Trammell
Request for Comments: 5103                                    CERT/NetSA
Category: Standards Track                                      E. Boschi
                                                          Hitachi Europe
                                                            January 2008
        

Bidirectional Flow Export Using IP Flow Information Export (IPFIX)

使用IP流信息导出(IPFIX)的双向流导出

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Abstract

摘要

This document describes an efficient method for exporting bidirectional flow (Biflow) information using the IP Flow Information Export (IPFIX) protocol, representing each Biflow using a single Flow Record.

本文档描述了使用IP流信息导出(IPFIX)协议导出双向流(Biflow)信息的有效方法,该协议使用单个流记录表示每个Biflow。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  IPFIX Documents Overview . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Rationale and History  . . . . . . . . . . . . . . . . . . . .  5
   4.  Biflow Semantics . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Direction Assignment . . . . . . . . . . . . . . . . . . . . .  8
     5.1.  Direction by Initiator . . . . . . . . . . . . . . . . . .  9
     5.2.  Direction by Perimeter . . . . . . . . . . . . . . . . . . 10
     5.3.  Arbitrary Direction  . . . . . . . . . . . . . . . . . . . 10
   6.  Record Representation  . . . . . . . . . . . . . . . . . . . . 11
     6.1.  Reverse Information Element Private Enterprise Number  . . 11
     6.2.  Enterprise-Specific Reverse Information Elements . . . . . 13
     6.3.  biflowDirection Information Element  . . . . . . . . . . . 13
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
   9.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 15
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
     10.2. Informative References . . . . . . . . . . . . . . . . . . 15
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . . 17
   Appendix B.  XML Specification of biflowDirection Information
                Element . . . . . . . . . . . . . . . . . . . . . . . 21
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  IPFIX Documents Overview . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Rationale and History  . . . . . . . . . . . . . . . . . . . .  5
   4.  Biflow Semantics . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Direction Assignment . . . . . . . . . . . . . . . . . . . . .  8
     5.1.  Direction by Initiator . . . . . . . . . . . . . . . . . .  9
     5.2.  Direction by Perimeter . . . . . . . . . . . . . . . . . . 10
     5.3.  Arbitrary Direction  . . . . . . . . . . . . . . . . . . . 10
   6.  Record Representation  . . . . . . . . . . . . . . . . . . . . 11
     6.1.  Reverse Information Element Private Enterprise Number  . . 11
     6.2.  Enterprise-Specific Reverse Information Elements . . . . . 13
     6.3.  biflowDirection Information Element  . . . . . . . . . . . 13
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
   9.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 15
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 15
     10.2. Informative References . . . . . . . . . . . . . . . . . . 15
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . . 17
   Appendix B.  XML Specification of biflowDirection Information
                Element . . . . . . . . . . . . . . . . . . . . . . . 21
        
1. Introduction
1. 介绍

Many flow analysis tasks benefit from association of the upstream and downstream flows of a bidirectional communication, e.g., separating answered and unanswered TCP requests, calculating round trip times, etc. Metering processes that are not part of an asymmetric routing infrastructure, especially those deployed at a single point through which bidirectional traffic flows, are well positioned to observe bidirectional flows (Biflows). In such topologies, the total resource requirements for Biflow assembly are often lower if the Biflows are assembled at the measurement interface as opposed to the Collector. The IPFIX Protocol requires only information model extensions to be complete as a solution for exporting Biflow data.

许多流分析任务受益于双向通信的上游和下游流的关联,例如,分离已应答和未应答的TCP请求,计算往返时间等。计量过程不属于非对称路由基础设施的一部分,特别是那些部署在单点上的双向交通流,能够很好地观察双向交通流(双向流)。在这种拓扑结构中,如果在测量接口而不是收集器处组装Biflow,则Biflow组装的总资源需求通常较低。IPFIX协议只需要完成信息模型扩展,作为导出双流数据的解决方案。

To that end, we propose a Biflow export method using a single Flow Record per Biflow in this document. We explore the semantics of bidirectional flow data in Section 4, "Biflow Semantics"; examine the various possibilities for determining the direction of Biflows in Section 5, "Direction Assignment"; then define the Biflow export method in Section 6, "Record Representation".

为此,我们在本文档中提出了一种双流量导出方法,每个双流量使用一个流量记录。我们在第4节“双向流语义”中探讨了双向流数据的语义;检查第5节“方向分配”中确定分流方向的各种可能性;然后在第6节“记录表示”中定义双流导出方法。

This export method requires additional Information Elements to represent data values for the reverse direction of each Biflow, and a single additional Information Element to represent direction assignment information, as described in Sections 6.1 through 6.3. The selection of this method was motivated by an exploration of other possible methods of Biflow export using IPFIX; however, these methods have important drawbacks, as discussed in Section 3, "Rationale and History".

如第6.1节至第6.3节所述,该导出方法需要额外的信息元素来表示每个双向流反向的数据值,以及单个额外的信息元素来表示方向分配信息。选择该方法的动机是探索使用IPFIX的其他可能的Biflow导出方法;然而,如第3节“基本原理和历史”所述,这些方法存在重要缺陷。

1.1. IPFIX Documents Overview
1.1. IPFIX文档概述

"Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information" [RFC5101] (informally, the IPFIX Protocol document) and its associated documents define the IPFIX Protocol, which provides network engineers and administrators with access to IP traffic flow information.

“交换IP流量信息的IPFIX协议规范”[RFC5101](非正式地称为IPFIX协议文件)及其相关文件定义了IPFIX协议,该协议为网络工程师和管理员提供了访问IP流量信息的权限。

"Architecture for IP Flow Information Export" [IPFIX-ARCH] (the IPFIX Architecture document) defines the architecture for the export of measured IP flow information out of an IPFIX Exporting Process to an IPFIX Collecting Process, and the basic terminology used to describe the elements of this architecture, per the requirements defined in "Requirements for IP Flow Information Export" [RFC3917]. The IPFIX Protocol document [RFC5101] then covers the details of the method for transporting IPFIX Data Records and Templates via a congestion-aware transport protocol from an IPFIX Exporting Process to an IPFIX Collecting Process.

“IP流信息导出体系结构”[IPFIX-ARCH](IPFIX体系结构文档)定义了将测量的IP流信息从IPFIX导出过程导出到IPFIX收集过程的体系结构,以及用于描述该体系结构元素的基本术语,符合中定义的要求“IP流信息导出要求”[RFC3917]。然后,IPFIX协议文档[RFC5101]详细介绍了通过拥塞感知传输协议将IPFIX数据记录和模板从IPFIX导出过程传输到IPFIX收集过程的方法。

"Information Model for IP Flow Information Export" [RFC5102] (informally, the IPFIX Information Model document) describes the Information Elements used by IPFIX, including details on Information Element naming, numbering, and data type encoding. Finally, "IPFIX Applicability" [IPFIX-AS] describes the various applications of the IPFIX protocol and their use of information exported via IPFIX, and relates the IPFIX architecture to other measurement architectures and frameworks.

“IP流信息导出的信息模型”[RFC5102](非正式地称为IPFIX信息模型文档)描述了IPFIX使用的信息元素,包括信息元素命名、编号和数据类型编码的详细信息。最后,“IPFIX适用性”[IPFIX-AS]描述了IPFIX协议的各种应用及其对通过IPFIX导出的信息的使用,并将IPFIX体系结构与其他度量体系结构和框架联系起来。

This document references the Protocol and Architecture documents for terminology, uses the IPFIX Protocol to define a bidirectional flow export method, and proposes additions to the information model defined in the IPFIX Information Model document.

本文档参考协议和体系结构文档中的术语,使用IPFIX协议定义双向流导出方法,并建议添加IPFIX信息模型文档中定义的信息模型。

2. Terminology
2. 术语

Capitalized terms used in this document that are defined in the Terminology section of the IPFIX Protocol document [RFC5101] are to be interpreted as defined there. The following additional terms are defined in terms of the IPFIX Protocol document terminology.

IPFIX协议文件[RFC5101]术语部分中定义的本文件中使用的大写术语应按照此处定义进行解释。以下附加术语是根据IPFIX协议文件术语定义的。

Directional Key Field: A Directional Key Field is a single field in a Flow Key as defined in the IPFIX Protocol document [RFC5101] that is specifically associated with a single endpoint of the Flow. sourceIPv4Address and destinationTransportPort are example Directional Key Fields.

方向密钥字段:方向密钥字段是IPFIX协议文档[RFC5101]中定义的流密钥中的单个字段,该字段专门与流的单个端点关联。sourceIPv4Address和destinationTransportPort是示例方向键字段。

Non-directional Key Field: A Non-directional Key Field is a single field within a Flow Key as defined in the IPFIX Protocol document [RFC5101] that is not specifically associated with either endpoint of the Flow. protocolIdentifier is an example Non-directional Key Field.

非方向性密钥字段:非方向性密钥字段是IPFIX协议文档[RFC5101]中定义的流密钥中的单个字段,该字段与流的任一端点都没有特定关联。protocolIdentifier是一个示例非定向键字段。

Uniflow (Unidirectional Flow): A Uniflow is a Flow as defined in the IPFIX Protocol document [RFC5101], restricted such that the Flow is composed only of packets sent from a single endpoint to another single endpoint.

Uniflow(单向流):Uniflow是IPFIX协议文档[RFC5101]中定义的流,受到限制,因此该流仅由从一个端点发送到另一个端点的数据包组成。

Biflow (Bidirectional Flow): A Biflow is a Flow as defined in the IPFIX Protocol document [RFC5101], composed of packets sent in both directions between two endpoints. A Biflow is composed from two Uniflows such that:

Biflow(双向流):Biflow是IPFIX协议文档[RFC5101]中定义的流,由两个端点之间双向发送的数据包组成。双流程由两个单流程组成,以便:

1. the value of each Non-directional Key Field of each Uniflow is identical to its counterpart in the other, and

1. 每个Uniflow的每个非方向键字段的值与另一个Uniflow中的对应值相同,并且

2. the value of each Directional Key Field of each Uniflow is identical to its reverse direction counterpart in the other.

2. 每个Uniflow的每个方向键字段的值与另一个Uniflow中的反向对应项相同。

A Biflow contains two non-key fields for each value it represents associated with a single direction or endpoint: one for the forward direction and one for the reverse direction, as defined below.

对于与单个方向或端点关联的每个值,Biflow包含两个非关键字段:一个用于正向,另一个用于反向,定义如下。

Biflow Source: The Biflow Source is the endpoint identified by the source Directional Key Fields in the Biflow.

Biflow源:Biflow源是由Biflow中的源方向键字段标识的端点。

Biflow Destination: The Biflow Destination is the endpoint identified by the destination Directional Key Fields in the Biflow.

Biflow Destination:Biflow Destination是由Biflow中的Destination directive Key字段标识的端点。

forward direction (of a Biflow): The direction of a Biflow composed of packets sent by the Biflow Source. Values associated with the forward direction of a Biflow are represented using normal Information Elements. In other words, a Uniflow may be defined as a Biflow having only a forward direction.

正向(双向流):由双向流源发送的数据包组成的双向流的方向。与双流向前方向相关的值使用正常信息元素表示。换言之,单流可定义为仅具有向前方向的双流。

reverse direction (of a Biflow): The direction of a Biflow composed of packets sent by the Biflow Destination. Values associated with the reverse direction of a Biflow are represented using Reverse Information Elements, as defined below.

反向(双向流):由双向流目的地发送的数据包组成的双向流的方向。与双向流反向相关的值使用反向信息元素表示,定义如下。

Reverse Information Element: An Information Element defined as corresponding to a normal (or forward) Information Element, but associated with the reverse direction of a Biflow.

反向信息元素:定义为与正常(或正向)信息元素相对应的信息元素,但与双向流的反向相关。

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

3. Rationale and History
3. 理由和历史

In selecting the Single Record Biflow export method described in this document as the recommendation for bidirectional flow export using IPFIX, we considered several other possible methods.

在选择本文档中描述的单记录双流导出方法作为使用IPFIX进行双向流导出的建议时,我们考虑了其他几种可能的方法。

The first and most obvious would be simply to export Biflows as two Uniflows adjacent in the record stream; a Collecting Process could then reassemble them with minimal state requirements. However, this has the drawbacks that it is merely an informal arrangement the Collecting Process cannot rely upon, and that it is not bandwidth-efficient, duplicating the export of Flow Key data in each Uniflow record.

第一个也是最明显的就是将双流导出为记录流中相邻的两个单流;然后,收集过程可以以最低的状态要求重新组装它们。然而,这有缺点,即它只是收集过程不能依赖的非正式安排,并且它不是带宽效率高的,在每个Uniflow记录中重复流密钥数据的导出。

We then considered the method outlined in Reducing Redundancy in IPFIX and Packet Sampling (PSAMP) Reports [IPFIX-REDUCING] for reducing this bandwidth inefficiency. This would also formally link

然后,我们考虑了在IPFIX和数据包采样(PSAMP)报告[IPFIX-Reduction]中介绍的减少冗余的方法,以降低这种带宽效率。这也将正式联系起来

the two Uniflows into a single construct, by exporting the Flow Key as Common Properties then exporting each direction's information as Specific Properties. However, it would do so at the expense of additional overhead to transmit the commonPropertiesId, and additional state management requirements at both the Collecting and Exporting Processes.

通过将流键导出为公共属性,然后将每个方向的信息导出为特定属性,将两个流统一为一个构造。但是,这样做的代价是传输公共属性ID的额外开销,以及收集和导出过程中的额外状态管理要求。

A proposal was made on the IPFIX mailing list to use the Multiple Information Element feature of the protocol to export forward and reverse counters using identical Information Elements in the same Flow Record. In this approach, the first instance of a counter would represent the forward direction, and the second instance of the same counter would represent the reverse. This had the disadvantage of conflicting with the presently defined semantics for these counters, and, as such, was abandoned.

IPFIX邮件列表建议使用协议的多信息元素功能,使用相同流记录中的相同信息元素导出正向和反向计数器。在这种方法中,计数器的第一个实例将表示正向,同一计数器的第二个实例将表示反向。这样做的缺点是与当前为这些计数器定义的语义冲突,因此被放弃。

4. Biflow Semantics
4. 双流语义

As stated in the Terminology section above, a Biflow is simply a Flow representing packets flowing in both directions between two endpoints on a network. There are compelling reasons to treat Biflows as single entities (as opposed to merely ad-hoc combinations of Uniflows) within IPFIX. First, as most application-layer network protocols are inherently bidirectional, a Biflow-based data model more accurately represents the behavior of the network, and enables easier application of flow data to answering interesting questions about network behavior. Second, exporting Biflow data can result in improved export efficiency by eliminating the duplication of Flow Key data in an IPFIX message stream, and improve collection efficiency by removing the burden of Biflow matching from the Collecting Process where possible.

如上文术语部分所述,双向流只是表示网络上两个端点之间双向流动的数据包的流。在IPFIX中,有令人信服的理由将biflow视为单个实体(而不仅仅是uniflow的临时组合)。首先,由于大多数应用层网络协议本质上是双向的,因此基于双流的数据模型更准确地表示网络的行为,并使流数据的应用更容易回答有关网络行为的有趣问题。其次,导出双流数据可以通过消除IPFIX消息流中的流密钥数据的重复来提高导出效率,并通过尽可能消除收集过程中的双流匹配负担来提高收集效率。

Biflows are somewhat more semantically complicated than Uniflows. When handling Uniflows, the semantics of source and destination Information Elements are clearly defined by the semantics of the underlying packet header data: the source Information Elements represent the source header fields, and the destination Information Elements represent the destination header fields. When representing Biflows with single IPFIX Data Records, the definitions of source and destination must be chosen more carefully.

双流在语义上比单流复杂一些。处理Uniflow时,源和目标信息元素的语义由底层数据包头数据的语义明确定义:源信息元素表示源头字段,目标信息元素表示目标头字段。当使用单个IPFIX数据记录表示Biflows时,必须更仔细地选择源和目标的定义。

As in the Terminology section above, we define the Source of a Biflow to be that identified by the source Directional Key Field(s), and the Destination of the Biflow to be that identified by the destination Directional Key Field(s). Note that, for IANA-registered Information Elements, or those defined by the IPFIX Information Model [RFC5102], Directional Key Fields associated with the Biflow Source are represented by Information Elements whose names begin with "source",

如上面的术语部分所述,我们将双流的源定义为由源方向键字段标识的源,将双流的目标定义为由目标方向键字段标识的目标。请注意,对于IANA注册的信息元素,或由IPFIX信息模型[RFC5102]定义的信息元素,与Biflow源关联的方向键字段由名称以“源”开头的信息元素表示,

and Directional Key Fields associated with the Biflow Destination are represented by Information Elements whose names begin with "destination"; it is recommended that enterprise-specific Information Elements follow these conventions, as well.

和双向流目的地相关联的方向键字段由名称以“目的地”开头的信息元素表示;建议特定于企业的信息元素也遵循这些约定。

Methods for assignment of Source and Destination by the Metering and Exporting Processes are described in the following section.

计量和导出过程分配源和目标的方法将在下一节中介绍。

As the Source and Destination of a Biflow are defined in terms of its Directional Keys, Biflow values are also split info forward and reverse directions. As in the Terminology section above, the forward direction of a Biflow is composed of packets sent by the Biflow Source, and the reverse direction of a Biflow is composed of packets sent by the Destination. In other words, the two directions of a Biflow may be roughly thought of as the two Uniflows that were matched to compose the Biflow. A Biflow record, then, contains each Flow Key record once, and both forward Information Elements and Reverse Information Elements for each non-key field. See Figure 1 for an illustration of the composition of Biflows from Uniflows.

由于Biflow的源和目的地是根据其方向键定义的,因此Biflow值也是正向和反向分割信息。如在上面的术语部分中,双向流的正向由双向流源发送的分组组成,反向由目的地发送的分组组成。换句话说,双流的两个方向可以粗略地认为是构成双流的两个匹配的单流。然后,一个双流记录包含每个流键记录一次,以及每个非键字段的正向信息元素和反向信息元素。请参见图1,以了解Uniflows的Biflows的组成。

              Uniflow                             Uniflow
 +-------+-------+-----------------+ +-------+-------+-----------------+
 | src A | dst B | counters/values | | src B | dst A | counters/values |
 +-------+-------+-----------------+ +-------+-------+-----------------+
        |       |          |                                   |
        V       V          V                                   V
       +-------+-------+---------------------+---------------------+
       | src A | dst B | fwd counters/values | rev counters/values |
       +-------+-------+---------------------+---------------------+
                                 Biflow
        
              Uniflow                             Uniflow
 +-------+-------+-----------------+ +-------+-------+-----------------+
 | src A | dst B | counters/values | | src B | dst A | counters/values |
 +-------+-------+-----------------+ +-------+-------+-----------------+
        |       |          |                                   |
        V       V          V                                   V
       +-------+-------+---------------------+---------------------+
       | src A | dst B | fwd counters/values | rev counters/values |
       +-------+-------+---------------------+---------------------+
                                 Biflow
        

Figure 1: Bidirectional Flow Conceptual Diagram

图1:双向流概念图

The reverse direction values are represented by Reverse Information Elements. The representation of these Reverse Information Elements within Templates is detailed in Section 5. A Flow Record may be considered to be a Biflow record by the Collecting Process if it contains at least one Reverse Information Element AND at least one Directional Key Field. Flow Records containing Reverse Information Elements but no Directional Key Fields are illegal, MUST NOT be sent by the Exporting Process, and SHOULD be dropped by the Collecting Process. The Collecting Process SHOULD log the receipt of such illegal Flow Records.

反向值由反向信息元素表示。第5节详细介绍了这些反向信息元素在模板中的表示。如果流记录包含至少一个反向信息元素和至少一个方向键字段,则收集过程可将其视为双流记录。包含反向信息元素但没有方向键字段的流记录是非法的,不能由导出进程发送,应该由收集进程删除。收集过程应记录收到此类非法流量记录的情况。

When exporting Uniflows, Exporting Processes SHOULD use a Template containing no Reverse Information Elements. Note that a Template whose only Reverse Information Elements are counters MAY be used to

导出Uniflow时,导出过程应使用不包含反向信息元素的模板。请注意,可以使用其唯一反向信息元素为计数器的模板

export Uniflows, as counters with values of 0 are semantically equivalent to no reverse direction. However, this approach is not possible for Reverse Information Elements whose zero values have a distinct meaning (e.g., tcpControlBits).

导出统一流,因为值为0的计数器在语义上等同于无反向。然而,对于零值具有不同含义的反向信息元素(例如,tcpControlBits),这种方法是不可能的。

Note that a Biflow traversing a middlebox [RFC3234] may show different flow properties on each side of the middlebox due to changes to the packet header or payload performed by the middlebox itself. Therefore, it MUST be clear at a Collecting Process whether packets were observed and metered before or after modification. The Observation Process SHOULD be located on one side of a middlebox, and the Exporting Process SHOULD communicate to the Collecting Process both the incoming value of the flow property changed within the middlebox and the changed value on the "other side". The IPFIX Information Model [RFC5102] provides Information Elements with prefix "post" for this purpose. The location of the Observation Point(s) with respect to the middlebox can be communicated using Options with Observation Point as Scope and elements such as lineCardID or samplerID.

注意,由于中间盒本身对数据包报头或有效载荷的改变,穿过中间盒[RFC3234]的双流可能在中间盒的每一侧显示不同的流属性。因此,在收集过程中,必须清楚数据包是在修改之前还是之后被观察和计量的。观察过程应位于中间箱的一侧,输出过程应将中间箱内流动特性的输入值和“另一侧”的变化值与采集过程进行通信。IPFIX信息模型[RFC5102]为此目的提供了前缀为“post”的信息元素。观察点相对于中间箱的位置可以使用选项进行沟通,观察点作为范围和元素,如lineCardID或samplerID。

For further information on the effect of middleboxes within the IPFIX architecture, refer to Section 7 of the IPFIX Implementation Guidelines [IPFIX-IMPLEMENTATION].

有关IPFIX体系结构中的中间盒影响的更多信息,请参阅IPFIX实施指南[IPFIX-Implementation]第7节。

By the definition of Observation Domain in Section 2 of the IPFIX Protocol document [RFC5101], Biflows may be composed only of packets observed within the same Observation Domain. This implies that Metering Processes that build Biflows out of Uniflows must ensure that the two Uniflows were observed within the same Observation Domain.

根据IPFIX协议文件[RFC5101]第2节中观察域的定义,双流可能仅由在同一观察域内观察到的数据包组成。这意味着,用单流构建双流的计量过程必须确保在同一观测域内观测到两个单流。

5. Direction Assignment
5. 方向分配

Due to the variety of flow measurement applications and restrictions on Metering Process deployment, one single method of assigning the directions of a Biflow will not apply in all cases. This section describes three methods of direction assignment, and recommends them based upon Metering Process position and measurement application requirements. In each of the figures in this section, the "MP" box represents the Metering Process.

由于流量测量应用的多样性和计量过程部署的限制,一种分配双流体方向的单一方法并不适用于所有情况。本节描述了三种方向分配方法,并根据计量过程位置和计量应用要求推荐它们。在本节中的每个图中,“MP”框表示计量过程。

As the method selection is dependent on Metering Process position, it is sufficient to configure the direction assignment method at the Collecting and/or the Exporting Process out-of-band. For example, a Collecting Process might be configured that a specific Exporting Process identified by exporterIPv4Address is assigning direction by initiator; or both a Collecting Process and an Exporting Process could be simultaneously configured with a specific direction

由于方法选择取决于计量过程位置,因此在采集和/或带外导出过程中配置方向分配方法就足够了。例如,收集过程可能被配置为由exporterIPv4Address标识的特定导出过程正在由启动器分配方向;或者收集过程和导出过程都可以同时配置特定的方向

assignment perimeter. However, for Exporting Processes that use multiple direction selection methods, or for Collecting Processes accepting data from Exporting Processes using a variety of methods, a biflowDirection Information Element is provided for optional representation of direction assignment information.

任务范围。然而,对于使用多个方向选择方法的导出过程,或者对于从使用各种方法的导出过程中接收数据的收集过程,提供了双向信息元素,用于方向分配信息的可选表示。

5.1. Direction by Initiator
5.1. 发起者的指示

If the measurement application requires the determination of the initiator and responder of a given communication, the Metering Process SHOULD define the Biflow Source to be the initiator of the Biflow, where possible. This can be roughly approximated by a Metering Process observing packets in both directions simply assuming that the first packet seen in a given Biflow is the packet initiating the Biflow. A Metering Process may improve upon this method by using knowledge of the transport or application protocols (e.g., TCP flags, DNS question/answer counts) to better approximate the flow-initiating packet.

如果测量应用需要确定给定通信的发起者和响应者,计量过程应尽可能将双流源定义为双流的发起者。这可以通过在两个方向上观察数据包的计量过程来大致近似,简单地假设在给定的双向流中看到的第一个数据包是发起双向流的数据包。通过使用传输或应用协议(例如,TCP标志、DNS问题/答案计数)的知识来更好地近似流发起分组,计量过程可以改进该方法。

Note that direction assignment by initiator is most easily done by a single Metering Process positioned on a local link layer, as in Figure 2, or a single Metering Process observing bidirectional packet flows at a symmetric perimeter routing point, as in Figure 3.

请注意,启动器的方向分配最容易通过位于本地链路层上的单个计量过程完成,如图2所示,或者通过在对称周界路由点处观察双向分组流的单个计量过程完成,如图3所示。

Note also that many Metering Processes have an "active" timeout, such that any flow with a duration longer than the active timeout is expired and any further packets belonging to that flow are accounted for as part of a new flow. This mechanism may cause issues with the assumption that a first packet seen is from the flow initiator, if the "first" packet is a middle packet in a long-duration flow.

还请注意,许多计量过程具有“活动”超时,使得持续时间长于活动超时的任何流都将过期,并且属于该流的任何其他数据包都将作为新流的一部分进行说明。如果“第一”数据包是长持续时间流中的中间数据包,则该机制可能导致假设看到的第一数据包来自流启动器的问题。

   +-------+   +-------+
   | node  |   | node  |
   +---+---+   +---+---+
       |           |       +---------+
   <===+=====+=====+======>+         +<===> Internet
             |             | router  |
         +---+---+         +---------+
         |   MP  |
         +---+---+
        
   +-------+   +-------+
   | node  |   | node  |
   +---+---+   +---+---+
       |           |       +---------+
   <===+=====+=====+======>+         +<===> Internet
             |             | router  |
         +---+---+         +---------+
         |   MP  |
         +---+---+
        

Figure 2: Local Link Metering Process Position

图2:本地链路计量过程位置

   +-------+   +-------+
   | node  |   | node  |
   +---+---+   +---+---+
       |           |       +---------+
   <===+===========+======>+         +<===> Internet
                           | router  |
                           |    +----+--+
                           +----+  MP   |
                                +-------+
        
   +-------+   +-------+
   | node  |   | node  |
   +---+---+   +---+---+
       |           |       +---------+
   <===+===========+======>+         +<===> Internet
                           | router  |
                           |    +----+--+
                           +----+  MP   |
                                +-------+
        

Figure 3: Symmetric Routing Point Metering Process Position

图3:对称路由点计量过程位置

5.2. Direction by Perimeter
5.2. 周长方向

If the measurement application is deployed at a network perimeter, as illustrated in Figure 4, such that there is a stable set of addresses that can be defined as "inside" that perimeter, and there is no measurement application requirement to determine the initiator and responder of a given communication, then the Metering Process SHOULD assign the Biflow Source to be the endpoint outside the perimeter.

如果测量应用程序部署在网络周界,如图4所示,有一组稳定的地址可以定义为“在”该周界内,并且不需要测量应用程序来确定给定通信的发起方和响应方,然后,计量过程应将双流源指定为周界外的端点。

No facility is provided for exporting the address set defining the interior of a perimeter; this set may be deduced by the Collecting Process observing the set of Biflow Source and Biflow Destination addresses, or configured out-of-band.

没有提供用于导出定义周界内部的地址集的设施;该集合可以通过收集过程观察双流源地址和双流目标地址的集合来推断,或者在带外进行配置。

                 +---------+               +---------+
            ====>+ access  +====>     ====>+ access  +====>
   Internet      | router  |   Local Net   | router  |      Internet
   (link A) <====+    A    +<====     <====+    B    +<==== (link B)
                 +----+----+               +---------+
                      |
                  +---+---+
                  |  MP   |
                  +-------+
        
                 +---------+               +---------+
            ====>+ access  +====>     ====>+ access  +====>
   Internet      | router  |   Local Net   | router  |      Internet
   (link A) <====+    A    +<====     <====+    B    +<==== (link B)
                 +----+----+               +---------+
                      |
                  +---+---+
                  |  MP   |
                  +-------+
        

Figure 4: Perimeter Metering Process Position

图4:周边计量过程位置

5.3. Arbitrary Direction
5.3. 任意方向

If the measurement application is deployed in a network core, such that there is no stable set of addresses defining a perimeter (e.g., due to BGP updates), as in Figure 5, and no requirement or ability to determine the initiator or responder of a given communication, then the Metering Process MAY assign the Biflow Source and Biflow Destination endpoints arbitrarily.

如果测量应用程序部署在网络核心中,因此没有定义周界的稳定地址集(例如,由于BGP更新),如图5所示,并且没有确定给定通信的发起方或响应方的要求或能力,然后,计量过程可以任意分配双流源和双流目的地端点。

In this case, the Metering Process SHOULD be consistent in its choice of direction. Once assigned, direction SHOULD be maintained for the lifetime of the Biflow, even in the case of active timeout of a long-lived Biflow.

在这种情况下,计量过程的方向选择应一致。一旦分配,应在双流的整个生命周期内保持方向,即使在长寿命双流活动超时的情况下也是如此。

            |
            V
       +----+----+          +---------+
   <===+ core    |          | core    +===>
       | router  +<========>+ router  |
   ===>+         |          |         +<===
       +----+----+          +----+----+
            |                    |
        +---+---+                V
        |  MP   |
        +-------+
        
            |
            V
       +----+----+          +---------+
   <===+ core    |          | core    +===>
       | router  +<========>+ router  |
   ===>+         |          |         +<===
       +----+----+          +----+----+
            |                    |
        +---+---+                V
        |  MP   |
        +-------+
        

Figure 5: Transit/Core Metering Process Position

图5:运输/堆芯计量过程位置

6. Record Representation
6. 记录表示

As noted above, Biflows are exported using a single Flow Record, each of which contains the Flow Key fields once, and both forward Information Elements and Reverse Information Elements for each non-key field. The IPFIX Information Model is extended to provide a Reverse Information Element counterpart to each presently defined forward Information Element, as required by any Information Element that may be a non-key field in a Biflow.

如上所述,biflow使用单个流记录导出,每个流记录包含一次流键字段,每个非键字段包含正向信息元素和反向信息元素。IPFIX信息模型被扩展,以提供与当前定义的每个正向信息元素对应的反向信息元素,如Biflow中可能是非关键字段的任何信息元素所需。

6.1. Reverse Information Element Private Enterprise Number
6.1. 反向信息元素私有企业编号

Reverse Information Elements are specified as a separate "dimension" in the Information Element space, assigning Private Enterprise Number (PEN) 29305 to this document, and defining that PEN to signify "IPFIX Reverse Information Element" (the Reverse PEN). This Reverse PEN serves as a "reverse direction flag" in the Template; each Information Element number within this PEN space is assigned to the reverse counterpart of the corresponding IANA-assigned public Information Element number. In other words, to generate a Reverse Information Element in a Template corresponding to a given forward Information Element, simply set the enterprise bit and define the Information Element within the Reverse PEN space, as in Figure 6 below.

反向信息元素在信息元素空间中指定为一个单独的“维度”,将私人企业编号(PEN)29305分配给本文档,并将该笔定义为表示“IPFIX反向信息元素”(反向笔)。该反向笔在模板中充当“反向标志”;该笔空间内的每个信息元素编号都分配给相应IANA分配的公共信息元素编号的反向对应项。换句话说,要在与给定正向信息元素对应的模板中生成反向信息元素,只需设置企业位并在反向笔空间中定义信息元素,如下图6所示。

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

forward | | reverse V

正向| |反向V

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| (rev) flowStartSeconds  150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                      29305      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| (rev) flowStartSeconds  150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                      29305      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 6: Example Mapping between Forward and Reverse IEs

图6:正向和反向IEs之间的映射示例

As the Reverse Information Element dimension is treated explicitly as such, new Information Elements can be added freely to the IANA-managed space without concern for whether a Reverse Information Element should also be added. Aside from the initial allocation of a Private Enterprise Number for this purpose, there is no additional maintenance overhead for supporting Reverse Information Elements in the IPFIX Information Model.

由于反向信息元素维度被明确地视为这样,因此新的信息元素可以自由地添加到IANA管理的空间中,而无需考虑是否也应添加反向信息元素。除了为此目的初始分配一个私有企业编号外,在IPFIX信息模型中支持反向信息元素没有额外的维护开销。

Note that certain Information Elements in the IPFIX Information Model [RFC5102] are not reversible; that is, they are semantically meaningless as Reverse Information Elements. An Exporting Process MUST NOT export a Template containing the reverse counterpart of a non-reversible Information Element. A Collecting Process receiving the reverse counterpart of a non-reversible Information Element MAY discard that Information Element from the Flow Record. Non-reversible Information Elements represent properties of the Biflow record as a whole, or are intended for internal the use of the IPFIX Protocol itself. Therefore, by definition, they cannot be associated with a single direction or endpoint of the Flow.

注意,IPFIX信息模型[RFC5102]中的某些信息元素是不可逆的;也就是说,它们作为反向信息元素在语义上没有意义。导出过程不得导出包含不可逆信息元素的反向副本的模板。接收不可逆信息元素的反向副本的收集过程可以从流记录中丢弃该信息元素。不可逆信息元素作为一个整体表示Biflow记录的属性,或者用于IPFIX协议本身的内部使用。因此,根据定义,它们不能与流的单个方向或端点相关联。

The following specific Information Elements are not reversible:

以下特定信息元素是不可逆的:

1. Identifiers defined in Section 5.1 of [RFC5102] that cannot be associated with a single direction of Uniflow collection: flowId (5.1.7), templateId (5.1.8), observationDomainId (5.1.9), and commonPropertiesId (5.1.11).

1. [RFC5102]第5.1节中定义的不能与单向Uniflow集合关联的标识符:flowId(5.1.7)、templateId(5.1.8)、observationDomainId(5.1.9)和commonPropertiesId(5.1.11)。

2. Process configuration elements defined in Section 5.2 of [RFC5102].

2. [RFC5102]第5.2节中定义的过程配置元素。

3. Process statistics elements defined in Section 5.3 of [RFC5102].

3. [RFC5102]第5.3节中定义的过程统计要素。

4. paddingOctets defined in Section 5.12.1 of [RFC5102].

4. [RFC5102]第5.12.1节中定义的填充CTET。

5. biflowDirection (defined in Section 6.3 of this document).

5. 双向流动方向(定义见本文件第6.3节)。

Any future addition to the Information Element Registry by IANA that meets the criteria defined above SHOULD also be considered to be non-reversible by the Collecting Process.

IANA将来向信息元素注册中心添加的任何符合上述标准的信息元素,也应被认为是收集过程中不可逆的。

Note that Information Elements commonly used as Flow Keys (e.g., header fields defined in Sections 5.4 and 5.5 of the Information Model) are reversible, as they may be used as value fields in certain contexts, as when associating ICMP error messages with the flows that caused them.

请注意,通常用作流键的信息元素(例如,信息模型第5.4节和第5.5节中定义的标题字段)是可逆的,因为它们可以在某些上下文中用作值字段,如将ICMP错误消息与导致它们的流相关联时。

6.2. Enterprise-Specific Reverse Information Elements
6.2. 特定于企业的逆向信息要素

Note that the Reverse PEN defined above is only available for allocating reverse counterparts of IANA-registered IPFIX Information Elements. No facility is provided for allocating reverse counterparts of enterprise-specific Information Elements.

请注意,上面定义的反向笔仅可用于分配IANA注册的IPFIX信息元素的反向对应项。没有为分配企业特定信息元素的反向副本提供任何便利。

The allocation of enterprise-specific Information Elements for IPFIX is left to the discretion of the organization allocating them. Note that, as enterprise-specific Information Elements are designed for the internal use of private enterprises, the lack of any guidance or standard on Information Element allocation policies poses no interoperability issues. However, if a private enterprise's own Information Element registry anticipates the allocation of reversible Information Elements, and the use of this specification for the export of Biflow data, that registry MAY reserve one of the fifteen available bits in the Information Element ID to signify the reverse direction. For example, if the most significant bit were selected, this would reserve Information Element IDs 0x4000 to 0x7FFF for the reverse direction of Information Element IDs 0x0000 to 0x3FFF.

IPFIX的企业特定信息元素的分配由分配它们的组织自行决定。请注意,由于特定于企业的信息元素是为私营企业内部使用而设计的,因此缺乏关于信息元素分配策略的任何指导或标准不会造成互操作性问题。然而,如果私营企业自己的信息元素注册中心预期可逆信息元素的分配,并且使用本规范导出Biflow数据,则该注册中心可保留信息元素ID中15个可用位中的一个,以表示反向。例如,如果选择了最高有效位,这将为信息元素ID 0x0000到0x3FFF的反向保留信息元素ID 0x4000到0x7FFF。

6.3. biflowDirection Information Element
6.3. 双向信息元

Description: A description of the direction assignment method used to assign the Biflow Source and Destination. This Information Element MAY be present in a Flow Record, or applied to all flows exported from an Exporting Process or Observation Domain using IPFIX Options. If this Information Element is not present in a Flow Record or associated with a Biflow via scope, it is assumed that the configuration of the direction assignment method is done out-of-band. Note that when using IPFIX Options to apply this Information Element to all flows within an Observation Domain or from an Exporting Process, the Option SHOULD be sent reliably. If reliable transport is not available (i.e., when using UDP), this

描述:用于分配双流量源和目标的方向分配方法的描述。此信息元素可能存在于流记录中,或者使用IPFIX选项应用于从导出流程或观察域导出的所有流。如果该信息元素不存在于流量记录中或与双流量通孔范围无关,则假定方向分配方法的配置在带外完成。请注意,当使用IPFIX选项将此信息元素应用于观测域内或导出过程中的所有流时,应可靠地发送该选项。如果可靠传输不可用(即使用UDP时),则

Information Element SHOULD appear in each Flow Record. This field may take the following values:

信息元素应出现在每个流程记录中。此字段可以采用以下值:

   +-------+------------------+----------------------------------------+
   | Value | Name             | Description                            |
   +-------+------------------+----------------------------------------+
   | 0x00  | arbitrary        | Direction was assigned arbitrarily.    |
   | 0x01  | initiator        | The Biflow Source is the flow          |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.                  |
   | 0x02  | reverseInitiator | The Biflow Destination is the flow     |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.  This value is   |
   |       |                  | provided for the convenience of        |
   |       |                  | Exporting Processes to revise an       |
   |       |                  | initiator estimate without re-encoding |
   |       |                  | the Biflow Record.                     |
   | 0x03  | perimeter        | The Biflow Source is the endpoint      |
   |       |                  | outside of a defined perimeter.  The   |
   |       |                  | perimeter's definition is implicit in  |
   |       |                  | the set of Biflow Source and Biflow    |
   |       |                  | Destination addresses exported in the  |
   |       |                  | Biflow Records.                        |
   +-------+------------------+----------------------------------------+
        
   +-------+------------------+----------------------------------------+
   | Value | Name             | Description                            |
   +-------+------------------+----------------------------------------+
   | 0x00  | arbitrary        | Direction was assigned arbitrarily.    |
   | 0x01  | initiator        | The Biflow Source is the flow          |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.                  |
   | 0x02  | reverseInitiator | The Biflow Destination is the flow     |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.  This value is   |
   |       |                  | provided for the convenience of        |
   |       |                  | Exporting Processes to revise an       |
   |       |                  | initiator estimate without re-encoding |
   |       |                  | the Biflow Record.                     |
   | 0x03  | perimeter        | The Biflow Source is the endpoint      |
   |       |                  | outside of a defined perimeter.  The   |
   |       |                  | perimeter's definition is implicit in  |
   |       |                  | the set of Biflow Source and Biflow    |
   |       |                  | Destination addresses exported in the  |
   |       |                  | Biflow Records.                        |
   +-------+------------------+----------------------------------------+
        

Abstract Data Type: unsigned8

抽象数据类型:unsigned8

Data Type Semantics: identifier

数据类型语义:标识符

ElementId: 239

元素ID:239

Status: current

状态:当前

7. IANA Considerations
7. IANA考虑

This document specifies the creation of a new dimension in the Information Element space defined by the IPFIX Information Model [RFC5102]. This new dimension is defined by the allocation of a new Private Enterprise Number (PEN). The Internet Assigned Numbers Authority (IANA) has assigned Private Enterprise Number 29305 to this document as the "IPFIX Reverse Information Element Private Enterprise", with this document's authors as point of contact.

本文档指定在IPFIX信息模型[RFC5102]定义的信息元素空间中创建新维度。此新维度通过分配新的私人企业编号(PEN)来定义。互联网分配号码管理局(IANA)已将私人企业编号29305分配给本文件,称为“IPFIX反向信息元素私人企业”,本文件作者作为联系点。

This document specifies the creation of a new IPFIX Information Element, biflowDirection, as defined in Section 6.3. IANA has assigned Information Element number 239 in the IPFIX Information

本文件规定了第6.3节中定义的新IPFIX信息元素biflowDirection的创建。IANA已在IPFIX信息中分配了信息元素编号239

Element registry for the biflowDirection Information Element. The values defined for this Information Element are static, and as such do not need to be maintained by IANA in a sub-registry.

biflowDirection信息元素的元素注册表。为此信息元素定义的值是静态的,因此不需要IANA在子注册表中维护。

8. Security Considerations
8. 安全考虑

The same security considerations as for the IPFIX Protocol [RFC5101] apply.

适用与IPFIX协议[RFC5101]相同的安全注意事项。

9. Acknowledgments
9. 致谢

We would like to thank Lutz Mark, Juergen Quittek, Andrew Johnson, Paul Aitken, Benoit Claise, and Carsten Schmoll for their contributions and comments. Special thanks to Michelle Cotton for her assistance in navigating the IANA process for Enterprise Number assignment, and for the IANA pre-review of the document.

我们要感谢Lutz Mark、Juergen Quitek、Andrew Johnson、Paul Aitken、Benoit Claise和Carsten Schmoll的贡献和评论。特别感谢Michelle Cotton在IANA企业编号分配流程中提供的帮助,以及IANA对本文件的预审查。

10. References
10. 工具书类
10.1. Normative References
10.1. 规范性引用文件

[RFC5101] Claise, B., Ed., "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, January 2008.

[RFC5101]Claise,B.,Ed.,“交换IP流量信息的IP流量信息导出(IPFIX)协议规范”,RFC 5101,2008年1月。

[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, January 2008.

[RFC5102]Quitek,J.,Bryant,S.,Claise,B.,Aitken,P.,和J.Meyer,“IP流信息导出的信息模型”,RFC 5102,2008年1月。

10.2. Informative References
10.2. 资料性引用

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3234] Carpenter, B. and S. Brim, "Middleboxes: Taxonomy and Issues", RFC 3234, February 2002.

[RFC3234]Carpenter,B.和S.Brim,“中间盒:分类和问题”,RFC 32342002年2月。

[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.

[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。

[IPFIX-ARCH] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", Work in Progress, September 2006.

[IPFIX-ARCH]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出的体系结构”,正在进行的工作,2006年9月。

[IPFIX-AS] Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IPFIX Applicability", Work in Progress, July 2007.

[IPFIX-AS]Zseby,T.,Boschi,E.,Brownlee,N.,和B.Claise,“IPFIX适用性”,正在进行的工作,2007年7月。

[IPFIX-IMPLEMENTATION] Boschi, E., Mark, L., Quittek, j., Stiemerling, M., and P. Aitken, "IPFIX Implementation Guidelines", Work in Progress, September 2007.

[IPFIX实施]Boschi,E.,Mark,L.,Quitek,j.,Stieemering,M.,和P.Aitken,“IPFIX实施指南”,正在进行的工作,2007年9月。

[IPFIX-REDUCING] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports", Work in Progress, May 2007.

[IPFIX-减少]Boschi,E.,Mark,L.,和B.Claise,“减少IP流信息导出(IPFIX)和数据包采样(PSAMP)报告中的冗余”,正在进行的工作,2007年5月。

Appendix A. Examples
附录A.示例

The following example describes a Biflow record as specified in Section 6, above. The Reverse PEN is assigned for the purpose of differentiating forward from Reverse Information Elements.

以下示例描述了上文第6节中规定的双流记录。指定反向笔的目的是区分正向和反向信息元素。

The information exported in this case is:

本例中导出的信息为:

o The start time of the flow: flowStartSeconds in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o 流的开始时间:IPFIX信息模型[RFC5102]中的flowStartSeconds,长度为4个八位字节。

o The reverse start time of the flow: flowStartSeconds in the IPFIX Information Model [RFC5102], with a length of 4 octets, and the enterprise bit set to 1. The following PEN is the Reverse PEN.

o 流的反向开始时间:IPFIX信息模型[RFC5102]中的flowStartSeconds,长度为4个八位字节,企业位设置为1。下面的笔是反向笔。

o The IPv4 source IP address: sourceIPv4Address in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o IPv4源IP地址:IPFIX信息模型[RFC5102]中的sourceIPv4Address,长度为4个八位字节。

o The IPv4 destination IP address: destinationIPv4Address in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o IPv4目标IP地址:IPFIX信息模型[RFC5102]中的destinationIPv4Address,长度为4个八位字节。

o The source port: sourceTransportPort in the IPFIX Information Model [RFC5102], with a length of 2 octets.

o 源端口:IPFIX信息模型[RFC5102]中的sourceTransportPort,长度为2个八位字节。

o The destination port: destinationTransportPort in the IPFIX Information Model [RFC5102], with a length of 2 octets.

o 目标端口:IPFIX信息模型[RFC5102]中的destinationTransportPort,长度为2个八位字节。

o The protocol identifier: protocolIdentifier in the IPFIX Information Model [RFC5102], with a length of 1 octet.

o 协议标识符:IPFIX信息模型[RFC5102]中的protocolIdentifier,长度为1个八位字节。

o The number of octets of the Flow: octetTotalCount in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o 流的八位字节数:IPFIX信息模型[RFC5102]中的octetTotalCount,长度为4个八位字节。

o The reverse number of octets of the Flow: octetTotalCount in the IPFIX Information Model [RFC5102], with a length of 4 octets, and the enterprise bit set to 1. The following PEN is the Reverse PEN.

o 流的反向八位字节数:IPFIX信息模型[RFC5102]中的octetTotalCount,长度为4个八位字节,企业位设置为1。下面的笔是反向笔。

o The number of packets of the Flow: packetTotalCount in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o 流的数据包数:IPFIX信息模型[RFC5102]中的packetTotalCount,长度为4个八位字节。

o The reverse number of packets of the Flow: packetTotalCount in the IPFIX Information Model [RFC5102], with a length of 4 octets, and the enterprise bit set to 1. The following PEN is the Reverse PEN.

o 流的反向数据包数:IPFIX信息模型[RFC5102]中的packetTotalCount,长度为4个八位字节,企业位设置为1。下面的笔是反向笔。

and the resulting Template Set would look like the diagram below:

生成的模板集如下图所示:

                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Set ID = 2           |          Length =  64         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Template ID >= 256       |        Field Count = 11       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                      29305      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| sourceIPv4Address         8 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| destinationIPv4Address   12 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| sourceTransportPort       7 |       Field Length =  2       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| destinationTransportPort 11 |       Field Length =  2       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| protocolIdentifier        4 |       Field Length =  1       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| octetTotalCount          85 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| octetTotalCount          85 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                     29305       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| packetTotalCount         86 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| packetTotalCount         86 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                     29305       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Set ID = 2           |          Length =  64         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Template ID >= 256       |        Field Count = 11       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| flowStartSeconds        150 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                      29305      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| sourceIPv4Address         8 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| destinationIPv4Address   12 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| sourceTransportPort       7 |       Field Length =  2       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| destinationTransportPort 11 |       Field Length =  2       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| protocolIdentifier        4 |       Field Length =  1       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| octetTotalCount          85 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| octetTotalCount          85 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                     29305       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |0| packetTotalCount         86 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |1| packetTotalCount         86 |       Field Length =  4       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Reverse PEN                                     29305       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 7: Single Record Biflow Template Set

图7:单记录双流模板集

The following example Data Set represents a typical HTTP transaction. Its format is defined by the example Template, above.

下面的示例数据集表示一个典型的HTTP事务。其格式由上面的示例模板定义。

                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Set ID >= 256           |          Length =  41         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     2006-02-01  17:00:00                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     2006-02-01  17:00:01                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           192.0.2.2                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           192.0.2.3                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          32770                |               80              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       6       |                 18000                     . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                128000                     . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                  65                       . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                 110                       . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |
    +-+-+-+-+-+-+-+-+
        
                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Set ID >= 256           |          Length =  41         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     2006-02-01  17:00:00                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     2006-02-01  17:00:01                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           192.0.2.2                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           192.0.2.3                           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          32770                |               80              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       6       |                 18000                     . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                128000                     . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                  65                       . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |                 110                       . . .
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    . . .           |
    +-+-+-+-+-+-+-+-+
        

Figure 8: Single Record Biflow Data Set

图8:单记录双流数据集

The following example demonstrates the use of the biflowDirection Information Element, as specified in Section 6.2, using the IPFIX Options mechanism to specify that perimeter direction selection is in effect for a given Observation Domain.

下面的示例演示如何使用第6.2节中指定的biflowDirection信息元素,使用IPFIX选项机制指定周界方向选择对给定观测域有效。

The information exported in this case is:

本例中导出的信息为:

o The Observation Domain: observationDomainId in the IPFIX Information Model [RFC5102], with a length of 4 octets.

o 观察域:IPFIX信息模型[RFC5102]中的observationDomainId,长度为4个八位字节。

o The direction assignment method: biflowDirection as defined in Section 6.2, above, with a length of 1 octet.

o 方向分配方法:上文第6.2节中定义的双流向,长度为1个八位字节。

and the resulting Options Template Set would look like the diagram below:

生成的选项模板集如下图所示:

                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Set ID = 3           |          Length =  18         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Template ID >= 256       |        Field Count = 2        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Scope Count = 1         |0| observationDomainId     149 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Field Length = 4        |0| biflowDirection         239 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Field Length = 1        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Set ID = 3           |          Length =  18         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      Template ID >= 256       |        Field Count = 2        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Scope Count = 1         |0| observationDomainId     149 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Field Length = 4        |0| biflowDirection         239 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Field Length = 1        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 9: Biflow Direction Options Template Set

图9:Biflow方向选项模板集

The following example Data Set would specify that perimeter direction selection is in effect for the Observation Domain with ID 33. Its format is defined by the example Options Template, above. Note that this example data set would be sent reliably, as specified in the description of the biflowDirection Information Element.

以下示例数据集将指定周长方向选择对ID为33的观测域有效。其格式由上面的示例选项模板定义。注意,该示例数据集将可靠地发送,如biflowDirection信息元素的描述中所述。

                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Set ID >= 256           |          Length =  9          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              33                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       3       |
    +-+-+-+-+-+-+-+-+
        
                         1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       Set ID >= 256           |          Length =  9          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                              33                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |       3       |
    +-+-+-+-+-+-+-+-+
        

Figure 10: Biflow Direction Options Data Set

图10:双流向选项数据集

Appendix B. XML Specification of biflowDirection Information Element
附录B.双向信息元素的XML规范

This appendix contains a machine-readable description of the biflowDirection information element defined in this document, coded in XML. Note that this appendix is of informational nature, while the text in Section 6.3 is normative.

本附录包含本文档中定义的双流向信息元素的机器可读描述,以XML编码。请注意,本附录为信息性附录,而第6.3节中的文本为规范性附录。

The format in which this specification is given is described by the XML Schema in Appendix B of the IPFIX Information Model [RFC5102].

IPFIX信息模型[RFC5102]附录B中的XML模式描述了给出本规范的格式。

   <?xml version="1.0" encoding="UTF-8"?>
        
   <?xml version="1.0" encoding="UTF-8"?>
        
   <fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
                ipfix-info.xsd">
        
   <fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
                ipfix-info.xsd">
        

<field name="biflowDirection" dataType="unsigned8" dataTypeSemantics="identifier" group="misc" elementId="239" applicability="all" status="current"> <description> <paragraph> A description of the direction assignment method used to assign the Biflow Source and Destination. This Information Element MAY be present in a Flow Data Record, or applied to all flows exported from an Exporting Process or Observation Domain using IPFIX Options. If this Information Element is not present in a Flow Record or associated with a Biflow via scope, it is assumed that the configuration of the direction assignment method is done out-of-band. Note that when using IPFIX Options to apply this Information Element to all flows within an Observation Domain or from an Exporting Process, the Option SHOULD be sent reliably. If reliable transport is not available (i.e., when using UDP), this Information Element SHOULD appear in each Flow Record. This field may take the following values: </paragraph>

<field name=“biflowDirection”dataType=“unsigned8”dataTypeSemantics=“identifier”group=“misc”elementId=“239”applicativity=“all”status=“current”><description><paragration>用于分配Biflow源和目标的方向分配方法的说明。此信息元素可能存在于流数据记录中,或者使用IPFIX选项应用于从导出流程或观察域导出的所有流。如果该信息元素不存在于流量记录中或与双流量通孔范围无关,则假定方向分配方法的配置在带外完成。请注意,当使用IPFIX选项将此信息元素应用于观测域内或导出过程中的所有流时,应可靠地发送该选项。如果可靠传输不可用(即使用UDP时),则此信息元素应出现在每个流记录中。此字段可以采用以下值:</段落>

              <artwork>
   +-------+------------------+----------------------------------------+
   | Value | Name             | Description                            |
   +-------+------------------+----------------------------------------+
   | 0x00  | arbitrary        | Direction was assigned arbitrarily.    |
   | 0x01  | initiator        | The Biflow Source is the flow          |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.                  |
   | 0x02  | reverseInitiator | The Biflow Destination is the flow     |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.  This value is   |
   |       |                  | provided for the convenience of        |
   |       |                  | Exporting Processes to revise an       |
   |       |                  | initiator estimate without re-encoding |
   |       |                  | the Biflow Record.                     |
   | 0x03  | perimeter        | The Biflow Source is the endpoint      |
   |       |                  | outside of a defined perimeter.  The   |
   |       |                  | perimeter's definition is implicit in  |
   |       |                  | the set of Biflow Source and Biflow    |
   |       |                  | Destination addresses exported in the  |
   |       |                  | Biflow Records.                        |
   +-------+------------------+----------------------------------------+
              </artwork>
       </description>
     </field>
   </fieldDefinitions>
        
              <artwork>
   +-------+------------------+----------------------------------------+
   | Value | Name             | Description                            |
   +-------+------------------+----------------------------------------+
   | 0x00  | arbitrary        | Direction was assigned arbitrarily.    |
   | 0x01  | initiator        | The Biflow Source is the flow          |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.                  |
   | 0x02  | reverseInitiator | The Biflow Destination is the flow     |
   |       |                  | initiator, as determined by the        |
   |       |                  | Metering Process' best effort to       |
   |       |                  | detect the initiator.  This value is   |
   |       |                  | provided for the convenience of        |
   |       |                  | Exporting Processes to revise an       |
   |       |                  | initiator estimate without re-encoding |
   |       |                  | the Biflow Record.                     |
   | 0x03  | perimeter        | The Biflow Source is the endpoint      |
   |       |                  | outside of a defined perimeter.  The   |
   |       |                  | perimeter's definition is implicit in  |
   |       |                  | the set of Biflow Source and Biflow    |
   |       |                  | Destination addresses exported in the  |
   |       |                  | Biflow Records.                        |
   +-------+------------------+----------------------------------------+
              </artwork>
       </description>
     </field>
   </fieldDefinitions>
        

Authors' Addresses

作者地址

Brian H. Trammell CERT Network Situational Awareness Software Engineering Institute 4500 Fifth Avenue Pittsburgh, PA 15213 United States

Brian H.Trammell CERT网络态势感知软件工程研究所美国宾夕法尼亚州匹兹堡第五大道4500号,邮编15213

   Phone: +1 412 268 9748
   EMail: bht@cert.org
        
   Phone: +1 412 268 9748
   EMail: bht@cert.org
        

Elisa Boschi Hitachi Europe c/o ETH Zurich Gloriastrasse 35 8092 Zurich Switzerland

Elisa Boschi Hitachi Europe,转交ETH苏黎世Gloriastrasse 35 8092苏黎世瑞士

   Phone: +41 44 6327057
   EMail: elisa.boschi@hitachi-eu.com
        
   Phone: +41 44 6327057
   EMail: elisa.boschi@hitachi-eu.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The IETF Trust (2008).

版权所有(C)IETF信托基金(2008年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.