Internet Engineering Task Force (IETF)                         B. Claise
Request for Comments: 6759                                     P. Aitken
Category: Informational                                     N. Ben-Dvora
ISSN: 2070-1721                                      Cisco Systems, Inc.
                                                           November 2012
        
Internet Engineering Task Force (IETF)                         B. Claise
Request for Comments: 6759                                     P. Aitken
Category: Informational                                     N. Ben-Dvora
ISSN: 2070-1721                                      Cisco Systems, Inc.
                                                           November 2012
        

Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX)

Cisco Systems在IP流信息导出(IPFIX)中导出应用程序信息

Abstract

摘要

This document specifies a Cisco Systems extension to the IPFIX information model specified in RFC 5102 to export application information.

本文档指定了对RFC 5102中指定的IPFIX信息模型的Cisco Systems扩展,以导出应用程序信息。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6759.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6759.

Copyright Notice

版权公告

Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................3
      1.1. Application Information Use Cases ..........................5
      1.2. Conventions Used in This Document ..........................5
   2. IPFIX Documents Overview ........................................5
   3. Terminology .....................................................6
      3.1. New Terminology ............................................6
   4. applicationId Information Element Specification .................6
      4.1. Existing Classification Engine IDs .........................7
      4.2. Selector ID Length per Classification ID ..................11
      4.3. Application Name Options Template Record ..................12
      4.4. Resolving IANA L4 Port Discrepancies ......................13
   5. Grouping Applications with Attributes ..........................13
      5.1. Options Template Record for Attribute Values ..............15
   6. Application ID Examples ........................................15
      6.1. Example 1: Layer 2 Protocol ...............................15
      6.2. Example 2: Standardized IANA Layer 3 Protocol .............16
      6.3. Example 3: Proprietary Layer 3 Protocol ...................17
      6.4. Example 4: Standardized IANA Layer 4 Port .................18
      6.5. Example 5: Layer 7 Application ............................19
      6.6. Example 6: Layer 7 Application with Private
           Enterprise Number (PEN) ...................................21
      6.7. Example: Port Obfuscation .................................22
      6.8. Example: Application Name Mapping Options Template ........23
      6.9. Example: Attributes Values Options Template Record ........24
   7. IANA Considerations ............................................25
      7.1. New Information Elements ..................................25
           7.1.1. applicationDescription .............................25
           7.1.2. applicationId ......................................26
           7.1.3. applicationName ....................................26
           7.1.4. classificationEngineId .............................26
           7.1.5. applicationCategoryName ............................29
           7.1.6. applicationSubCategoryName .........................29
           7.1.7. applicationGroupName ...............................29
           7.1.8. p2pTechnology ......................................29
           7.1.9. tunnelTechnology ...................................30
           7.1.10. encryptedTechnology ...............................30
      7.2. Classification Engine ID Registry .........................30
   8. Security Considerations ........................................30
   9. References .....................................................31
      9.1. Normative References ......................................31
      9.2. Informative References ....................................32
   10. Acknowledgements ..............................................33
   Appendix A. Additions to XML Specification of IPFIX Information
               (Non-normative) .......................................34
   Appendix B. Port Collisions Tables (Non-normative) ................39
   Appendix C. Application Registry Example (Non-normative) ..........43
        
   1. Introduction ....................................................3
      1.1. Application Information Use Cases ..........................5
      1.2. Conventions Used in This Document ..........................5
   2. IPFIX Documents Overview ........................................5
   3. Terminology .....................................................6
      3.1. New Terminology ............................................6
   4. applicationId Information Element Specification .................6
      4.1. Existing Classification Engine IDs .........................7
      4.2. Selector ID Length per Classification ID ..................11
      4.3. Application Name Options Template Record ..................12
      4.4. Resolving IANA L4 Port Discrepancies ......................13
   5. Grouping Applications with Attributes ..........................13
      5.1. Options Template Record for Attribute Values ..............15
   6. Application ID Examples ........................................15
      6.1. Example 1: Layer 2 Protocol ...............................15
      6.2. Example 2: Standardized IANA Layer 3 Protocol .............16
      6.3. Example 3: Proprietary Layer 3 Protocol ...................17
      6.4. Example 4: Standardized IANA Layer 4 Port .................18
      6.5. Example 5: Layer 7 Application ............................19
      6.6. Example 6: Layer 7 Application with Private
           Enterprise Number (PEN) ...................................21
      6.7. Example: Port Obfuscation .................................22
      6.8. Example: Application Name Mapping Options Template ........23
      6.9. Example: Attributes Values Options Template Record ........24
   7. IANA Considerations ............................................25
      7.1. New Information Elements ..................................25
           7.1.1. applicationDescription .............................25
           7.1.2. applicationId ......................................26
           7.1.3. applicationName ....................................26
           7.1.4. classificationEngineId .............................26
           7.1.5. applicationCategoryName ............................29
           7.1.6. applicationSubCategoryName .........................29
           7.1.7. applicationGroupName ...............................29
           7.1.8. p2pTechnology ......................................29
           7.1.9. tunnelTechnology ...................................30
           7.1.10. encryptedTechnology ...............................30
      7.2. Classification Engine ID Registry .........................30
   8. Security Considerations ........................................30
   9. References .....................................................31
      9.1. Normative References ......................................31
      9.2. Informative References ....................................32
   10. Acknowledgements ..............................................33
   Appendix A. Additions to XML Specification of IPFIX Information
               (Non-normative) .......................................34
   Appendix B. Port Collisions Tables (Non-normative) ................39
   Appendix C. Application Registry Example (Non-normative) ..........43
        

List of Figures

数字一览表

   Figure 1: applicationId Information Element .......................7
   Figure 2: Selector ID Encoding ...................................12
        
   Figure 1: applicationId Information Element .......................7
   Figure 2: Selector ID Encoding ...................................12
        

List of Tables

表格一览表

   Table 1: Existing Classification Engine IDs .......................7
   Table 2: Selector ID Default Length per Classification
            Engine ID ...............................................11
   Table 3: Application ID Static Attributes ........................13
   Table 4: Different Protocols on UDP and TCP ......................39
   Table 5: Different Protocols on SCTP and TCP .....................40
        
   Table 1: Existing Classification Engine IDs .......................7
   Table 2: Selector ID Default Length per Classification
            Engine ID ...............................................11
   Table 3: Application ID Static Attributes ........................13
   Table 4: Different Protocols on UDP and TCP ......................39
   Table 5: Different Protocols on SCTP and TCP .....................40
        
1. Introduction
1. 介绍

Today, service providers and network administrators are looking for visibility into the packet content rather than just the packet header. Some network devices' Metering Processes inspect the packet content and identify the applications that are utilizing the network traffic. Applications in this context are defined as networking protocols used by networking processes that exchange packets between them (such as web applications, peer-to-peer applications, file transfer, e-mail applications, etc.). Applications can be further characterized by other criteria, some of which are application specific. Examples include: web application to a specific domain, per-user specific traffic, a video application with a specific codec, etc.

今天,服务提供商和网络管理员正在寻找数据包内容的可见性,而不仅仅是数据包头。一些网络设备的计量过程检查分组内容并识别正在利用网络流量的应用程序。此上下文中的应用程序定义为网络进程使用的网络协议,这些进程在它们之间交换数据包(如web应用程序、对等应用程序、文件传输、电子邮件应用程序等)。应用程序还可以由其他标准进一步描述,其中一些标准是特定于应用程序的。示例包括:特定域的web应用程序、特定于用户的流量、具有特定编解码器的视频应用程序等。

The application identification is based on several different methods or even a combination of methods:

应用程序标识基于几种不同的方法,甚至是多种方法的组合:

1. L2 (Layer 2) protocols (such as ARP (Address Resolution Protocol), PPP (Point-to-Point Protocol), LLDP (Link Layer Discovery Protocol))

1. L2(第2层)协议(如ARP(地址解析协议)、PPP(点对点协议)、LLDP(链路层发现协议))

2. IP protocols (such as ICMP (Internet Control Message Protocol), IGMP (Internet Group Management Protocol), GRE (Generic Routing Encapsulation)

2. IP协议(如ICMP(Internet控制消息协议)、IGMP(Internet组管理协议)、GRE(通用路由封装)

3. TCP or UDP ports (such as HTTP, Telnet, FTP)

3. TCP或UDP端口(如HTTP、Telnet、FTP)

4. Application layer header (of the application to be identified)

4. (待识别应用程序的)应用程序层标头

5. Packet data content

5. 分组数据内容

6. Packets and traffic behavior

6. 数据包与流量行为

The exact application identification methods are part of the Metering Process internals that aim to provide an accurate identification and minimize false identification. This task requires a sophisticated Metering Process since the protocols do not behave in a standard manner.

准确的应用识别方法是计量过程内部的一部分,旨在提供准确的识别并最大限度地减少错误识别。这项任务需要一个复杂的计量过程,因为协议的行为不符合标准。

1. Applications use port obfuscation where the application runs on a different port than the IANA assigned one. For example, an HTTP server might run on TCP port 23 (assigned to telnet in [IANA-PORTS]).

1. 应用程序使用端口混淆,其中应用程序运行在与IANA分配的端口不同的端口上。例如,HTTP服务器可能在TCP端口23(分配给[IANA-PORTS]中的telnet)上运行。

2. IANA port registries do not accurately reflect how certain ports are "commonly" used today. Some ports are reserved, but the application either never became prevalent or is not in use today.

2. IANA港口登记册不能准确反映某些港口目前的“常用”情况。有些端口是保留的,但该应用程序可能从未流行过,也可能今天未被使用。

3. The application behavior and identification logic become more and more complex.

3. 应用程序行为和识别逻辑变得越来越复杂。

For that reason, such Metering Processes usually detect applications based on multiple mechanisms in parallel. Detection based only on port matching might wrongly identify the application. If the Metering Process is capable of detecting applications more accurately, it is considered to be stronger and more accurate.

因此,此类计量过程通常检测基于多个并行机制的应用程序。仅基于端口匹配的检测可能会错误地识别应用程序。如果计量过程能够更准确地检测应用,则认为计量过程更强大、更准确。

Similarly, a reporting mechanism that uses L4 port based applications only, such as L4:<known port>, would have similar issues. The reporting system should be capable of reporting the applications classified using all types of mechanisms. In particular, applications that do not have any IANA port definition. While a mechanism to export application information should be defined, the L4 port being used must be exported using the destination port (destinationTransportPort at [IANA-IPFIX]) in the corresponding IPFIX record.

类似地,仅使用基于L4端口的应用程序(如L4:<known port>)的报告机制也会出现类似问题。报告系统应能够报告使用各种机制分类的应用程序。特别是,没有任何IANA端口定义的应用程序。虽然应该定义导出应用程序信息的机制,但所使用的L4端口必须使用相应IPFIX记录中的目标端口(位于[IANA-IPFIX]的destinationTransportPort)导出。

Applications could be identified at different OSI layers, from layer 2 to layer 7. For example, the Link Layer Distribution Protocol (LLDP) [LLDP] can be identified in layer 2, ICMP can be identified in layer 3 [IANA-PROTO], HTTP can be identified in layer 4 [IANA-PORTS], and Webex can be identified in layer 7.

应用程序可以在不同的OSI层进行识别,从第2层到第7层。例如,链路层分发协议(LLDP)[LLDP]可以在第2层中识别,ICMP可以在第3层[IANA-PROTO]中识别,HTTP可以在第4层[IANA-PORTS]中识别,Webex可以在第7层中识别。

While an ideal solution would be an IANA registry for applications above (or inside the payload of) the well-known ports [IANA-PORTS], this solution is not always possible. Indeed, the specifications for some applications embedded in the payload are not available. Some reverse engineering as well as a ubiquitous language for application identification would be required conditions to be able to manage an IANA registry for these types of applications. Clearly, these are blocking factors.

虽然理想的解决方案是为知名端口[IANA-ports]之上(或有效负载内)的应用程序提供IANA注册表,但这种解决方案并不总是可行的。事实上,负载中嵌入的某些应用程序的规范不可用。为了能够为这些类型的应用程序管理IANA注册表,需要一些逆向工程以及应用程序识别的通用语言。显然,这些都是阻碍因素。

This document specifies the Cisco Systems application information encoding (as described in Section 4) to export the application information with the IPFIX protocol [RFC5101]. However, the layer 7 application registry values are out of scope of this document.

本文件规定了Cisco Systems应用程序信息编码(如第4节所述),以使用IPFIX协议[RFC5101]导出应用程序信息。但是,第7层应用程序注册表值超出了本文档的范围。

1.1. Application Information Use Cases
1.1. 应用程序信息用例

There are several use cases for application information:

应用程序信息有几个用例:

1. Application Visibility

1. 应用程序可见性

This is one of the main cases for using application information. Network administrators are using application visibility to understand the main network consumers, network trends, and user behavior.

这是使用应用程序信息的主要情况之一。网络管理员正在使用应用程序可见性来了解主要的网络消费者、网络趋势和用户行为。

2. Security Functions

2. 安全功能

Application knowledge is sometimes used in security functions in order to provide comprehensive functions such as Application-based firewall, URL filtering, parental control, intrusion detection, etc.

应用程序知识有时用于安全功能,以提供综合功能,如基于应用程序的防火墙、URL过滤、家长控制、入侵检测等。

All of the above use cases require exporting application information to provide the network function itself or to log the network function operation.

以上所有用例都需要导出应用程序信息以提供网络功能本身或记录网络功能操作。

1.2. Conventions Used in This Document
1.2. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

2. IPFIX Documents Overview
2. IPFIX文档概述

The IPFIX protocol [RFC5101] provides network administrators with access to IP Flow information.

IPFIX协议[RFC5101]为网络管理员提供了访问IP流信息的权限。

The architecture for the export of measured IP Flow information out of an IPFIX Exporting Process to a Collecting Process is defined in the IPFIX Architecture [RFC5470], per the requirements defined in RFC 3917 [RFC3917].

根据RFC 3917[RFC3917]中定义的要求,IPFIX体系结构[RFC5470]中定义了将测量的IP流信息从IPFIX导出过程导出到收集过程的体系结构。

The IPFIX Architecture [RFC5470] specifies how IPFIX Data Records and Templates are carried via a congestion-aware transport protocol from IPFIX Exporting Processes to IPFIX Collecting Processes.

IPFIX体系结构[RFC5470]指定如何通过拥塞感知传输协议将IPFIX数据记录和模板从IPFIX导出进程传送到IPFIX收集进程。

IPFIX has a formal description of IPFIX Information Elements, their names, types, and additional semantic information, as specified in the IPFIX information model [RFC5102].

按照IPFIX信息模型[RFC5102]的规定,IPFIX对IPFIX信息元素、它们的名称、类型和附加语义信息有一个正式的描述。

In order to gain a level of confidence in the IPFIX implementation, probe the conformity and robustness, and allow interoperability, the Guidelines for IPFIX Testing [RFC5471] presents a list of tests for implementers of compliant Exporting Processes and Collecting Processes.

为了获得对IPFIX实施的信心,探索一致性和鲁棒性,并允许互操作性,《IPFIX测试指南》[RFC5471]为符合性导出过程和收集过程的实施者提供了一份测试列表。

The Bidirectional Flow Export [RFC5103] specifies a method for exporting bidirectional flow (biflow) information using the IPFIX protocol, representing each biflow using a single Flow Record.

双向流导出[RFC5103]指定使用IPFIX协议导出双向流(biflow)信息的方法,使用单个流记录表示每个biflow。

"Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports" [RFC5473] specifies a bandwidth-saving method for exporting Flow or packet information, by separating information common to several Flow Records from information specific to an individual Flow Record: common Flow information is exported only once.

“减少IP流信息导出(IPFIX)和数据包采样(PSAMP)报告中的冗余”[RFC5473]通过将多个流记录的公共信息与单个流记录的特定信息分离,指定了导出流或数据包信息的带宽节约方法:公共流信息仅导出一次。

3. Terminology
3. 术语

IPFIX-specific terminology used in this document is defined in Section 2 of the IPFIX protocol specification [RFC5101]. As in [RFC5101], these IPFIX-specific terms have the first letter of a word capitalized when used in this document.

本文件中使用的IPFIX专用术语在IPFIX协议规范[RFC5101]第2节中有定义。与[RFC5101]一样,这些IPFIX专用术语在本文档中使用时,单词的首字母大写。

3.1. New Terminology
3.1. 新术语

Application ID

应用程序ID

A unique identifier for an application.

应用程序的唯一标识符。

When an application is detected, the most granular application is encoded in the Application ID.

当检测到应用程序时,最细粒度的应用程序将编码在应用程序ID中。

4. applicationId Information Element Specification
4. 应用程序ID信息元素规范

This document specifies the applicationId Information Element, which is a single field composed of two parts:

本文档指定applicationId信息元素,该元素是由两部分组成的单个字段:

1. 8 bits of Classification Engine ID. The Classification Engine can be considered as a specific registry for application assignments.

1. 8位分类引擎ID。分类引擎可被视为应用程序分配的特定注册表。

2. n bits of Selector ID. The Selector ID length varies depending on the Classification Engine ID.

2. 选择器ID的n位。选择器ID的长度取决于分类引擎ID。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Class. Eng. ID|         Selector ID  ...                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             ...                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Class. Eng. ID|         Selector ID  ...                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             ...                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 1: applicationId Information Element

图1:applicationId信息元素

Classification Engine ID

分类引擎ID

A unique identifier for the engine that determined the Selector ID. Thus, the Classification Engine ID defines the context for the Selector ID.

确定选择器ID的引擎的唯一标识符。因此,分类引擎ID定义选择器ID的上下文。

Selector ID

选择器ID

A unique identifier of the application for a specific Classification Engine ID. Note that the Selector ID length varies depending on the Classification Engine ID.

特定分类引擎ID的应用程序的唯一标识符。请注意,选择器ID长度因分类引擎ID而异。

The Selector ID term is a similar concept to the selectorId Information Element, specified in the PSAMP Protocol [RFC5476][RFC5477].

选择器ID术语与PSAMP协议[RFC5476][RFC5477]中指定的选择器ID信息元素的概念类似。

4.1. Existing Classification Engine IDs
4.1. 现有分类引擎ID

The following Classification Engine IDs have been allocated:

已分配以下分类引擎ID:

Name Value Description

名称值描述

0 Invalid.

0无效。

IANA-L3 1 The Assigned Internet Protocol Number (layer 3 (L3)) is exported in the Selector ID. See [IANA-PROTO].

IANA-L3 1分配的互联网协议编号(第3层(L3))在选择器ID中导出。请参阅[IANA-PROTO]。

PANA-L3 2 Proprietary layer 3 definition. An enterprise can export its own layer 3 protocol numbers. The Selector ID has a global significance for all devices from the same enterprise.

PANA-L3 2专有第3层定义。企业可以导出自己的第3层协议编号。选择器ID对同一企业中的所有设备具有全局意义。

IANA-L4 3 The IANA layer 4 (L4) well-known port number is exported in the Selector ID. See [IANA-PORTS]. Note: as an IPFIX flow is unidirectional, it contains the destination port.

IANA-L4 3在选择器ID中导出IANA第4层(L4)已知端口号。请参阅[IANA-PORTS]。注意:由于IPFIX流是单向的,因此它包含目标端口。

PANA-L4 4 Proprietary layer 4 definition. An enterprise can export its own layer 4 port numbers. The Selector ID has global significance for devices from the same enterprise. Example: IPFIX was pre-assigned the port 4739 using the IANA early allocation process [RFC4020] years before the document was published as an RFC. While waiting for the RFC and its associated IANA registration, Selector ID 4739 was used with this PANA-L4.

PANA-L4 4专有第4层定义。企业可以导出自己的第4层端口号。选择器ID对于来自同一企业的设备具有全局意义。示例:在文件作为RFC发布前几年,IPFIX使用IANA早期分配过程[RFC4020]预先分配了端口4739。在等待RFC及其相关IANA注册时,选择器ID 4739用于此PANA-L4。

5 Reserved.

5保留。

USER- 6 The Selector ID represents Defined applications defined by the user (using CLI, GUI, etc.) based on the methods described in Section 1. The Selector ID has a local significance per device.

USER-6选择器ID表示用户根据第1节中描述的方法定义的应用程序(使用CLI、GUI等)。选择器ID对每个设备具有本地意义。

7 Reserved.

7保留。

8 Reserved.

8保留。

9 Reserved.

9保留。

10 Reserved.

10保留。

11 Reserved.

11保留。

PANA-L2 12 Proprietary layer 2 (L2) definition. An enterprise can export its own layer 2 identifiers. The Selector ID represents the enterprise's unique global layer 2 applications. The Selector ID has a global significance for all

PANA-L2 12专有第2层(L2)定义。企业可以导出自己的第2层标识符。选择器ID表示企业唯一的全局第2层应用程序。选择器ID对所有用户都具有全局意义

devices from the same enterprise. Examples include Cisco Subnetwork Access Protocol (SNAP).

来自同一企业的设备。示例包括Cisco子网访问协议(SNAP)。

PANA-L7 13 Proprietary layer 7 definition. The Selector ID represents the enterprise's unique global ID for layer 7 applications. The Selector ID has a global significance for all devices from the same enterprise. This Classification Engine ID is used when the application registry is owned by the Exporter manufacturer (referred to as the "enterprise" in this document).

PANA-L7 13专有第7层定义。选择器ID表示第7层应用程序的企业唯一全局ID。选择器ID对同一企业中的所有设备具有全局意义。当应用程序注册表归出口商制造商(在本文档中称为“企业”)所有时,使用此分类引擎ID。

14 Reserved.

14保留。

15 Reserved.

15保留。

16 Reserved.

16保留。

17 Reserved.

17保留。

ETHERTYPE 18 The Selector ID represents the well-known Ethertype. See [ETHERTYPE].

ETHERTYPE 18选择器ID表示已知的ETHERTYPE。参见[ETHERTYPE]。

LLC 19 The Selector ID represents the well-known IEEE 802.2 Link Layer Control (LLC) Destination Service Access Point (DSAP). See [LLC].

LLC 19选择器ID表示众所周知的IEEE 802.2链路层控制(LLC)目标服务接入点(DSAP)。见[LLC]。

PANA-L7- 20 Proprietary layer 7 definition, PEN including a Private Enterprise Number (PEN) [IANA-PEN] to identify that the application registry being used is not owned by the Exporter manufacturer or to identify the original enterprise in the case of a mediator or 3rd party device. The Selector ID represents the enterprise unique global ID for the layer 7 applications. The

PANA-L7-20专有第7层定义,PEN包括一个私有企业编号(PEN)[IANA-PEN],用于识别正在使用的应用程序注册不是出口商制造商所有,或者在中介或第三方设备的情况下识别原始企业。选择器ID表示第7层应用程序的企业唯一全局ID。这个

Selector ID has a global significance for all devices from the same enterprise.

选择器ID对来自同一企业的所有设备具有全局意义。

21 to 255 Available (255 is the maximum Engine ID)

21到255可用(255是最大发动机ID)

Table 1: Existing Classification Engine IDs

表1:现有分类引擎ID

"PANA = Proprietary Assigned Number Authority". In other words, an enterprise specific version of IANA for internal IDs.

“PANA=专有分配号码授权”。换句话说,一个企业特定版本的IANA用于内部ID。

The PANA-L7 Classification Engine ID SHOULD be used when the application registry is owned by the Exporter manufacturer. Even if the application registry is owned by the Exporter manufacturer, the PANA-L7-PEN MAY be used, specifying the manufacturer.

当应用程序注册表归出口商制造商所有时,应使用PANA-L7分类引擎ID。即使应用程序注册表归出口商制造商所有,也可以使用指定制造商的PANA-L7-PEN。

For example, if Exporter A (from enterprise-A) wants to export its enterprise-A L7 registry, then it uses the PANA-L7 Classification Engine ID. If Exporter B (from enterprise-B) wants to export its enterprise-B L7 registry, then it also uses the PANA-L7 Classification Engine ID.

例如,如果导出器A(来自enterprise-A)希望导出其enterprise-A L7注册表,则使用PANA-L7分类引擎ID。如果导出器B(来自enterprise-B)希望导出其enterprise-B L7注册表,则还使用PANA-L7分类引擎ID。

The mechanism for the Collector to know about the Exporter PEN is out of scope of this document. Possible tracks are SNMP polling, an Options Template exporting the privateEnterpriseNumber Information Element [IANA-IPFIX], hardcoded value, etc.

收集器了解导出器笔的机制不在本文档的范围内。可能的跟踪包括SNMP轮询、导出PrivateEnterpriseEnumber信息元素[IANA-IPFIX]的选项模板、硬编码值等。

An Exporter may classify the application according to another vendor's application registry. For example, an IPFIX Mediator [RFC6183] may need to re-export applications received from different Exporters using different PANA-L7 application registries. For example, if Exporter C (from enterprise-C) wants to reuse enterprise-D's application registry, then it uses PANA-L7-PEN with enterprise-D's PEN.

出口商可根据另一供应商的申请登记处对申请进行分类。例如,IPFIX中介程序[RFC6183]可能需要使用不同的PANA-L7应用程序注册中心重新导出从不同出口商收到的应用程序。例如,如果Exporter C(来自enterprise-C)希望重用enterprise-D的应用程序注册表,则它将PANA-L7-PEN与enterprise-D的PEN一起使用。

When reporting application information from multiple Exporters from different enterprises (different PENs), the PANA-L7-PEN Classification Engine MUST be used in exported Flow Records, which allows the original enterprise ID to be reported. The ID of the enterprise that defined the Application ID is identified by the enterprise's PEN. For example, an IPFIX Mediator aggregates traffic from some Exporters which report enterprise-E applications and other Exporters that report enterprise-F applications.

当报告来自不同企业(不同PEN)的多个出口商的应用程序信息时,必须在导出的流程记录中使用PANA-L7-PEN分类引擎,以便报告原始企业ID。定义应用程序ID的企业ID由企业的笔标识。例如,IPFIX中介器聚合来自报告enterprise-E应用程序的某些导出器和报告enterprise-F应用程序的其他导出器的流量。

An example is displayed in Section 6.6.

第6.6节给出了一个示例。

Note that the PANA-L7 Classification Engine ID is also used for resolving IANA L4 port Discrepancies (see Section 4.4).

请注意,PANA-L7分类引擎ID也用于解决IANA L4端口差异(参见第4.4节)。

The list in Table 1 is maintained by IANA thanks to the registry within the classificationEngineId Information Element. See the IANA Considerations section. The Classification Engine ID is part of the Application ID encoding, so the classificationEngineId Information Element is currently not required by the specifications in this document. However, this Information Element was created for completeness, as it was anticipated that this Information Element will be required in the future.

由于classificationEngineId信息元素中的注册表,IANA维护了表1中的列表。请参阅IANA注意事项部分。分类引擎ID是应用程序ID编码的一部分,因此本文档中的规范目前不需要classificationEngineId信息元素。但是,创建此信息元素是为了完整性,因为预计将来将需要此信息元素。

4.2. Selector ID Length per Classification ID
4.2. 选择器ID每个分类ID的长度

As the Selector ID part of the Application ID is variable based on the Classification Engine ID value, the applicationId SHOULD be encoded in a variable-length Information Element [RFC5101] for IPFIX export.

由于应用程序ID的选择器ID部分基于分类引擎ID值是可变的,因此应用程序ID应编码在用于IPFIX导出的可变长度信息元素[RFC5101]中。

The following table displays the Selector ID default length for the different Classification Engine IDs.

下表显示了不同分类引擎ID的选择器ID默认长度。

Classification Selector ID default Engine ID Name length (in bytes)

分类选择器ID默认引擎ID名称长度(字节)

IANA-L3 1

IANA-L3 1

PANA-L3 1

PANA-L3 1

IANA-L4 2

IANA-L4 2

PANA-L4 2

帕纳-L4 2

USER-Defined 3

用户定义3

PANA-L2 5

PANA-L2 5

PANA-L7 3

PANA-L7 3

ETHERTYPE 2

乙醚型2

LLC 1

有限责任公司1

PANA-L7-PEN 3 (*)

PANA-L7-PEN 3(*)

Table 2: Selector ID Default Length per Classification Engine ID

表2:选择器ID每个分类引擎ID的默认长度

(*) There are an extra 4 bytes for the PEN. However, the PEN is not considered part of the Selector ID.

(*)笔有额外的4个字节。但是,笔不被视为选择器ID的一部分。

If a legacy protocol such as NetFlow version 9 [RFC3954] is used, and this protocol doesn't support variable-length Information Elements, then either multiple Template Records (one per applicationId length), or a single Template Record corresponding to the maximum sized applicationId MUST be used.

如果使用传统协议,如NetFlow版本9[RFC3954],且该协议不支持可变长度信息元素,则必须使用多个模板记录(每个applicationId长度一个),或与最大大小的applicationId对应的单个模板记录。

Application IDs MAY be encoded in a smaller number of bytes, following the same rules as for IPFIX Reduced Size Encoding [RFC5101].

应用程序ID可以用更小的字节数编码,遵循与IPFIX缩减大小编码相同的规则[RFC5101]。

Application IDs MAY be encoded with a larger length. For example, a normal IANA L3 protocol encoding would take 2 bytes since the Selector ID represents the protocol field from the IP header encoded in one byte. However, an IANA L3 protocol encoding may be encoded with 3 bytes. In this case, the Selector ID value MUST always be encoded in the least significant bits as shown in Figure 2.

应用程序ID可以用更大的长度编码。例如,正常的IANA L3协议编码需要2个字节,因为选择器ID表示IP头中的协议字段,该IP头编码为一个字节。然而,IANA L3协议编码可以用3个字节进行编码。在这种情况下,选择器ID值必须始终以最低有效位编码,如图2所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |Class. Eng. ID |zero-valued upper-bits ... Selector ID         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |Class. Eng. ID |zero-valued upper-bits ... Selector ID         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 2: Selector ID Encoding

图2:选择器ID编码

4.3. Application Name Options Template Record
4.3. 应用程序名称选项模板记录

For Classification Engines that specify locally unique Application IDs (which means unique per engine and per router), an Options Template Record (see [RFC5101]) MUST be used to export the correspondence between the Application ID, the Application Name, and the Application Description.

对于指定本地唯一应用程序ID(即每个引擎和每个路由器唯一)的分类引擎,必须使用选项模板记录(请参见[RFC5101])导出应用程序ID、应用程序名称和应用程序描述之间的对应关系。

For Classification Engines that specify globally unique Application IDs, an Options Template Record MAY be used to export the correspondence between the Application ID, the Application Name and the Application Description, unless the mapping is hardcoded in the Collector, or known out of band (for example, by polling a MIB).

对于指定全局唯一应用程序ID的分类引擎,可使用选项模板记录导出应用程序ID、应用程序名称和应用程序描述之间的对应关系,除非映射在收集器中硬编码,或已知带外(例如,通过轮询MIB)。

An example Options Template is shown in Section 6.8.

选项模板示例见第6.8节。

Enterprises may assign company-wide Application ID values for the PANA-L7 Classification Engine. In this case, a possible optimization for the Collector is to keep the mappings between the Application IDs and the Application Names per enterprise, as opposed to per Exporter.

企业可以为PANA-L7分类引擎分配公司范围的应用程序ID值。在这种情况下,收集器的一个可能优化是保持每个企业(而不是每个导出器)的应用程序ID和应用程序名称之间的映射。

4.4. Resolving IANA L4 Port Discrepancies
4.4. 解决IANA L4端口差异

Even though IANA L4 ports usually point to the same protocols for both UDP, TCP or other transport types, there are some exceptions, as mentioned in Appendix B.

即使IANA L4端口通常指向UDP、TCP或其他传输类型的相同协议,也存在一些例外情况,如附录B所述。

Instead of imposing the transport protocol (UDP/TCP/SCTP/etc.) in the scope of the "Application Name Options Template Record" (Section 6.8) for all applications (in addition to having the transport protocol as a key-field in the Flow Record definition), the convention is that the L4 application is always TCP related. So, whenever the Collector has a conflict in looking up IANA, it would choose the TCP choice. As a result, the UDP L4 applications from Table 3 and the SCTP L4 applications from Table 4 are assigned in the PANA_L7 Application ID range, i.e., under Classification Engine ID 13.

对于所有应用程序(除了将传输协议作为流记录定义中的一个关键字段外),L4应用程序始终与TCP相关,而不是将传输协议(UDP/TCP/SCTP/等)强加在“应用程序名称选项模板记录”(第6.8节)的范围内。因此,每当收集器在查找IANA时发生冲突时,它都会选择TCP选项。因此,表3中的UDP L4应用程序和表4中的SCTP L4应用程序分配在PANA_L7应用程序ID范围内,即在分类引擎ID 13下。

Currently, there are no discrepancies between the well-known ports for TCP and the Datagram Congestion Control Protocol (DCCP).

目前,众所周知的TCP端口和数据报拥塞控制协议(DCCP)之间没有差异。

5. Grouping Applications with Attributes
5. 使用属性对应用程序进行分组

Due to the high number of different Application IDs, Application IDs MAY be categorized into groups. This offers the benefits of easier reporting and action, such as QoS policies. Indeed, most applications with the same characteristics should be treated the same way; for example, all video traffic.

由于不同应用程序ID的数量较多,应用程序ID可以分为多个组。这提供了更简单的报告和操作的好处,例如QoS策略。事实上,大多数具有相同特征的应用程序都应该以相同的方式处理;例如,所有视频流量。

Attributes are statically assigned per Application ID and are independent of the traffic. The attributes are listed below:

属性是根据应用程序ID静态分配的,并且与流量无关。属性如下所示:

Name Description

名称描述

Category An attribute that provides a first-level categorization for each Application ID. Examples include browsing, email, file-sharing, gaming, instant messaging, voice-and-video, etc. The category attribute is encoded by the applicationCategoryName Information Element.

类别为每个应用程序ID提供一级分类的属性。示例包括浏览、电子邮件、文件共享、游戏、即时消息、语音和视频等。类别属性由applicationCategoryName信息元素编码。

Sub-Category An attribute that provides a second-level categorization for each Application ID. Examples include backup-systems, client-server, database, routing-protocol, etc. The sub-category attribute is

子类别为每个应用程序ID提供二级分类的属性。示例包括备份系统、客户端服务器、数据库、路由协议等。子类别属性为

encoded by the applicationSubCategoryName Information Element.

由applicationSubCategoryName信息元素编码。

Application- An attribute that groups multiple Group Application IDs that belong to the same networking application. For example, the ftp-group contains ftp-data (port 20), ftp (port 20), ni-ftp (port 47), sftp (port 115), bftp (port 152), ftp-agent(port 574), ftps-data (port 989). The application-group attribute is encoded by the applicationGroupName Information Element.

Application—将属于同一网络应用程序的多个组应用程序ID分组的属性。例如,ftp组包含ftp数据(端口20)、ftp(端口20)、ni ftp(端口47)、sftp(端口115)、bftp(端口152)、ftp代理(端口574)、ftps数据(端口989)。应用程序组属性由applicationGroupName信息元素编码。

P2P-Technology Specifies if the Application ID is based on peer-to-peer technology. The P2P-technology attribute is encoded by the p2pTechnology Information Element.

P2P技术指定应用程序ID是否基于对等技术。P2P技术属性由P2P技术信息元素编码。

Tunnel- Specifies if the Application ID is Technology used as a tunnel technology. The tunnel-technology attribute is encoded by the tunnelTechnology Information Element.

隧道-指定应用程序ID是否为用作隧道技术的技术。隧道技术属性由隧道技术信息元素编码。

Encrypted Specifies if the Application ID is an encrypted networking protocol. The encrypted attribute is encoded by the encryptedTechnology Information Element.

加密指定应用程序ID是否为加密的网络协议。加密属性由encryptedTechnology信息元素编码。

Table 3: Application ID Static Attributes

表3:应用程序ID静态属性

Every application is assigned to one applicationCategoryName, one applicationSubCategoryName, one applicationGroupName, and it has one p2pTechnology, one tunnelTechnology, and one encryptedTechnology. These new Information Elements are specified in the IANA Considerations section (Section 7.1).

每个应用程序都分配给一个applicationCategoryName、一个applicationSubCategoryName、一个applicationGroupName,并且它有一个P2P技术、一个隧道技术和一个加密技术。IANA注意事项部分(第7.1节)规定了这些新信息元素。

Maintaining the attribute values in IANA seems impossible to realize. Therefore, the attribute values per application are enterprise specific.

在IANA中维护属性值似乎不可能实现。因此,每个应用程序的属性值都是特定于企业的。

5.1. Options Template Record for Attribute Values
5.1. 属性值的选项模板记录

An Options Template Record (see [RFC5101]) SHOULD be used to export the correspondence between each Application ID and its related Attribute values. An alternative way for the Collecting Process to learn the correspondence is to populate these mappings out of band, for example, by loading a CSV file containing the correspondence table.

应使用选项模板记录(参见[RFC5101])导出每个应用程序ID与其相关属性值之间的对应关系。收集过程了解对应关系的另一种方法是在带外填充这些映射,例如,通过加载包含对应关系表的CSV文件。

The Attributes Option Template contains the application ID as a scope field, followed by the applicationCategoryName, the applicationSubCategoryName, the applicationGroupName, the p2pTechnology, the tunnelTechnology, and the encryptedTechnology Information Elements.

Attributes选项模板包含应用程序ID作为范围字段,后跟applicationCategoryName、applicationSubCategoryName、applicationGroupName、p2pTechnology、TunnelTech和encryptedTechnology信息元素。

A list of attributes may conveniently be exported using a subTemplateList per [RFC6313].

可根据[RFC6313]使用子模板列表方便地导出属性列表。

An example is given in Section 6.9.

第6.9节给出了一个示例。

6. Application ID Examples
6. 应用程序ID示例

The following examples are created solely for the purpose of illustrating how the extensions proposed in this document are encoded.

以下示例仅用于说明如何对本文档中提出的扩展进行编码。

6.1. Example 1: Layer 2 Protocol
6.1. 示例1:第2层协议

The list of Classification Engine IDs in Table 1 shows that the layer 2 Classification Engine IDs are 12 (PANA-L2), 18, (ETHERTYPE) and 19 (LLC).

表1中的分类引擎ID列表显示,第2层分类引擎ID为12(PANA-L2)、18(ETHERTYPE)和19(LLC)。

From the Ethertype list, LLDP [LLDP] has the Selector ID value 0x88CC, so 35020 in decimal:

从Ethertype列表中,LLDP[LLDP]具有选择器ID值0x88CC,因此35020为十进制:

NAME Selector ID LLDP 35020

名称选择器ID LLDP 35020

So, in the case of LLDP, the Classification Engine ID is 18 (LLC) while the Selector ID has the value 35020.

因此,在LLDP的情况下,分类引擎ID为18(LLC),而选择器ID的值为35020。

Per Section 4, the applicationId Information Element is a single field composed of 8 bits of Classification Engine ID, followed by n bits of Selector ID. From Table 2, the Selector ID length n is 2 for the ETHERTYPE Engine ID.

根据第4节,applicationId信息元素是由8位分类引擎ID和n位选择器ID组成的单个字段。根据表2,ETHERTYPE引擎ID的选择器ID长度n为2。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       18      |             35020             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       18      |             35020             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

So the Application ID has the decimal value of 1214668. The format '18..35020' is used for simplicity in the examples below, to clearly express that two components of the Application ID.

因此,应用程序ID的十进制值为1214668。在下面的示例中,为了简单起见,使用格式“18..35020”,以清楚地表示应用程序ID的两个组件。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- applicationId (key field) - octetTotalCount (non-key field)

- applicationId(关键字段)-八位总计数(非关键字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { applicationId='18..35020',
         octetTotalCount=123456 }
        
       { applicationId='18..35020',
         octetTotalCount=123456 }
        

The Collector has all the required information to determine that the application is LLDP, because the Application ID uses a global and well-known registry, i.e., the Ethertype. The Collector can determine which application is represented by the Application ID by loading the registry out of band.

收集器具有确定应用程序是否为LLDP所需的所有信息,因为应用程序ID使用全局和众所周知的注册表,即Ethertype。收集器可以通过在带外加载注册表来确定哪个应用程序由应用程序ID表示。

6.2. Example 2: Standardized IANA Layer 3 Protocol
6.2. 示例2:标准化IANA第3层协议

From the list of Classification Engine IDs in Table 1, the IANA layer 3 Classification Engine ID (IANA-L3) is 1. From Table 2 the Selector ID length is 1 for the IANA-L3 Engine ID.

从表1中的分类引擎ID列表中,IANA第3层分类引擎ID(IANA-L3)为1。从表2中可以看出,IANA-L3发动机ID的选择器ID长度为1。

From the list of IANA layer 3 protocols (see [IANA-PROTO]), ICMP has the value 1:

从IANA第3层协议列表(参见[IANA-PROTO])中,ICMP的值为1:

Decimal Keyword Protocol Reference 1 ICMP Internet Control [RFC792] Message

十进制关键字协议参考1 ICMP互联网控制[RFC792]消息

So, in the case of the standardized IANA layer 3 protocol ICMP, the Classification Engine ID is 1, and the Selector ID has the value of 1.

因此,在标准化IANA第3层协议ICMP的情况下,分类引擎ID为1,选择器ID的值为1。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       1       |       1       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       1       |       1       |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

So, the Application ID has the value of 257. The format '1..1' is used for simplicity in the examples below.

因此,应用程序ID的值为257。在下面的示例中,为了简单起见,使用了格式“1..1”。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - ipDiffServCodePoint (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(关键字段)-destinationIPv4Address(关键字段)-ipDiffServCodePoint(关键字段)-applicationId(关键字段)-octetTotalCount(非关键字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='1..1',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='1..1',
         octetTotalCount=123456 }
        

The Collector has all the required information to determine that the application is ICMP, because the Application ID uses a global and well-known registry, i.e., the IANA L3 protocol number.

收集器具有确定应用程序是否为ICMP所需的所有信息,因为应用程序ID使用一个全局和众所周知的注册表,即IANA L3协议号。

6.3. Example 3: Proprietary Layer 3 Protocol
6.3. 示例3:专有第3层协议

Assume that an enterprise has specified a new layer 3 protocol called "foo".

假设一个企业已经指定了一个名为“foo”的新的第3层协议。

From the list of Classification Engine IDs in Table 1, the proprietary layer 3 Classification Engine ID (PANA-L3) is 2. From Table 2 the Selector ID length is 1 for the PANA-L3 Engine ID.

从表1中的分类引擎ID列表中,专有的第3层分类引擎ID(PANA-L3)为2。从表2中可以看出,对于PANA-L3发动机ID,选择器ID长度为1。

A global registry within the enterprise specifies that the "foo" protocol has the value 90:

企业内的全局注册表指定“foo”协议的值为90:

Protocol Protocol ID foo 90

协议ID foo 90

So, in the case of the layer 3 protocol foo specified by this enterprise, the Classification Engine ID is 2, and the Selector ID has the value of 90.

因此,在该企业指定的第3层协议foo的情况下,分类引擎ID为2,选择器ID的值为90。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       2       |       90      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       2       |       90      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

So the Application ID has the value of 602. The format '2..90' is used for simplicity in the examples below.

因此,应用程序ID的值为602。在下面的示例中,为了简单起见,使用了格式“2..90”。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - ipDiffServCodePoint (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(关键字段)-destinationIPv4Address(关键字段)-ipDiffServCodePoint(关键字段)-applicationId(关键字段)-octetTotalCount(非关键字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='2..90',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='2..90',
         octetTotalCount=123456 }
        

Along with this Flow Record, a new Options Template Record would be exported, as shown in Section 6.8.

与此流记录一起,将导出一个新的选项模板记录,如第6.8节所示。

6.4. Example 4: Standardized IANA Layer 4 Port
6.4. 示例4:标准化IANA第4层端口

From the list of Classification Engine IDs in Table 1, the IANA layer 4 Classification Engine ID (IANA-L4) is 3. From Table 2 the Selector ID length is 2 for the IANA-L4 Engine ID.

从表1中的分类引擎ID列表中,IANA第4层分类引擎ID(IANA-L4)为3。从表2中可以看出,IANA-L4发动机ID的选择器ID长度为2。

From the list of IANA layer 4 ports (see [IANA-PORTS]), SNMP has the value 161:

从IANA第4层端口列表(参见[IANA-ports])中,SNMP的值为161:

Keyword Decimal Description snmp 161/tcp SNMP snmp 161/udp SNMP

关键字十进制描述snmp 161/tcp snmp 161/udp snmp

So, in the case of the standardized IANA layer 4 SNMP port, the Classification Engine ID is 3, and the Selector ID has the value of 161.

因此,在标准化IANA第4层SNMP端口的情况下,分类引擎ID为3,选择器ID的值为161。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       3       |              161              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       3       |              161              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

So the Application ID has the value of 196769. The format '3..161' is used for simplicity in the examples below.

因此,应用程序ID的值为196769。在下面的示例中,为了简单起见,使用了格式“3..161”。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - protocol (key field) - ipDiffServCodePoint (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(密钥字段)-destinationIPv4Address(密钥字段)-协议(密钥字段)-ipDiffServCodePoint(密钥字段)-应用程序ID(密钥字段)-八位总计数(非密钥字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         protocol=17, ipDiffServCodePoint=0,
         applicationId='3..161',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         protocol=17, ipDiffServCodePoint=0,
         applicationId='3..161',
         octetTotalCount=123456 }
        

The Collector has all the required information to determine that the application is SNMP, because the Application ID uses a global and well-known registry, i.e., the IANA L4 protocol number.

收集器具有确定应用程序是否为SNMP所需的所有信息,因为应用程序ID使用全局和众所周知的注册表,即IANA L4协议号。

6.5. Example 5: Layer 7 Application
6.5. 示例5:第7层应用程序

In this example, the Metering Process has observed some Webex traffic.

在本例中,计量过程观察到一些Webex流量。

From the list of Classification Engine IDs in Table 1, the layer 7 unique Classification Engine ID (PANA-L7) is 13. From Table 2 the Selector ID length is 3 for the PANA-L7 Engine ID.

从表1中的分类引擎ID列表中,第7层唯一分类引擎ID(PANA-L7)为13。从表2中可以看出,对于PANA-L7发动机ID,选择器ID长度为3。

Suppose that the Metering Process returns the ID 10000 for Webex traffic.

假设计量过程返回Webex流量的ID 10000。

So, in the case of this Webex application, the Classification Engine ID is 13 and the Selector ID has the value of 10000.

因此,在这个Webex应用程序中,分类引擎ID为13,选择器ID的值为10000。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      13       |                     10000                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      13       |                     10000                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

So the Application ID has the value of 218113808. The format '13..10000' is used for simplicity in the examples below.

因此,应用程序ID的值为218113808。在下面的示例中,为了简单起见,使用了格式“13..10000”。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - ipDiffServCodePoint (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(关键字段)-destinationIPv4Address(关键字段)-ipDiffServCodePoint(关键字段)-applicationId(关键字段)-octetTotalCount(非关键字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='13..10000',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='13..10000',
         octetTotalCount=123456 }
        

The 10000 value is globally unique for the enterprise, so that the Collector can determine which application is represented by the Application ID by loading the registry out of band.

10000值对于企业来说是全局唯一的,因此收集器可以通过在带外加载注册表来确定哪个应用程序由应用程序ID表示。

Along with this Flow Record, a new Options Template Record would be exported, as shown in Section 6.8.

与此流记录一起,将导出一个新的选项模板记录,如第6.8节所示。

6.6. Example 6: Layer 7 Application with Private Enterprise Number (PEN)

6.6. 示例6:具有私有企业编号(PEN)的第7层应用程序

In this example, the layer 7 Webex traffic from Example 5 above have been classified by enterprise X. The exported records have been received by enterprise Y's mediation device, which wishes to forward them to a top-level Collector.

在本例中,来自上述示例5的第7层Webex通信已由enterprise X分类。导出的记录已由enterprise Y的中介设备接收,该设备希望将它们转发给顶级收集器。

In order for the top-level Collector to know that the records were classified by enterprise X, the enterprise Y mediation device must report the records using the PANA-L7-PEN Classification Engine ID with enterprise X's Private Enterprise Number.

为了让顶级收集器知道记录是由enterprise X分类的,enterprise Y中介设备必须使用带有enterprise X私有企业号的PANA-L7-PEN分类引擎ID报告记录。

The PANA-L7-PEN Classification Engine ID is 20, and enterprise X's Selector ID for Webex traffic has the value of 10000. From Table 2 the Selector ID length is 3 for the PANA-L7-PEN Engine ID.

PANA-L7-PEN分类引擎ID为20,enterprise X的Webex流量选择器ID的值为10000。从表2中可以看出,PANA-L7-PEN发动机ID的选择器ID长度为3。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      20       |               enterprise ID = X            ...|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |...Ent.ID.contd|                     10000                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |      20       |               enterprise ID = X            ...|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |...Ent.ID.contd|                     10000                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The format '20..X..10000' is used for simplicity in the examples below.

在下面的示例中,为了简单起见,使用了格式“20..X..10000”。

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - ipDiffServCodePoint (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(关键字段)-destinationIPv4Address(关键字段)-ipDiffServCodePoint(关键字段)-applicationId(关键字段)-octetTotalCount(非关键字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='20..X..10000',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         ipDiffServCodePoint=0,
         applicationId='20..X..10000',
         octetTotalCount=123456 }
        

The 10000 value is globally unique for enterprise X, so that the Collector can determine which application is represented by the Application ID by loading the registry out of band.

10000值对于enterprise X是全局唯一的,因此收集器可以通过带外加载注册表来确定哪个应用程序由应用程序ID表示。

Along with this Flow Record, a new Options Template Record would be exported, as shown in Section 6.8.

与此流记录一起,将导出一个新的选项模板记录,如第6.8节所示。

6.7. Example: Port Obfuscation
6.7. 示例:端口混淆

For example, an HTTP server might run on a TCP port 23 (assigned to telnet in [IANA-PORTS]). If the Metering Process is capable of detecting HTTP in the same case, the Application ID representation must contain HTTP. However, if the reporting application wants to determine whether or not the default HTTP port 80 or 8080 was used, the transport ports (sourceTransportPort and destinationTransportPort at [IANA-IPFIX]) must also be exported in the corresponding IPFIX record.

例如,HTTP服务器可能在TCP端口23(分配给[IANA-PORTS]中的telnet)上运行。如果计量进程能够在相同情况下检测HTTP,则应用程序ID表示必须包含HTTP。但是,如果报告应用程序希望确定是否使用了默认HTTP端口80或8080,则传输端口(位于[IANA-IPFIX]的sourceTransportPort和destinationTransportPort)也必须在相应的IPFIX记录中导出。

In the case of a standardized IANA layer 4 port, the Classification Engine ID (PANA-L4) is 3, and the Selector ID has the value of 80 for HTTP (see [IANA-PORTS]). From Table 2 the Selector ID length is 2 for the PANA-L4 Engine ID.

对于标准化的IANA第4层端口,分类引擎ID(PANA-L4)为3,选择器ID的HTTP值为80(参见[IANA-PORTS])。从表2中可以看出,对于PANA-L4发动机ID,选择器ID长度为2。

Therefore, the Application ID is encoded as:

因此,应用程序ID被编码为:

       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       3       |             80                |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
       0                   1                   2
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       3       |             80                |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The Exporting Process creates a Template Record with a few Information Elements: amongst other things, the Application ID. For example:

导出过程将创建一个模板记录,其中包含一些信息元素:应用程序ID。例如:

- sourceIPv4Address (key field) - destinationIPv4Address (key field) - protocol (key field) - destinationTransportPort (key field) - applicationId (key field) - octetTotalCount (non-key field)

- sourceIPv4Address(密钥字段)-destinationIPv4Address(密钥字段)-协议(密钥字段)-destinationTransportPort(密钥字段)-应用程序ID(密钥字段)-八位总计数(非密钥字段)

For example, a Flow Record corresponding to the above Template Record may contain:

例如,与上述模板记录对应的流记录可以包含:

       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         protocol=17,
         destinationTransportPort=23,
         applicationId='3..80',
         octetTotalCount=123456 }
        
       { sourceIPv4Address=192.0.2.1,
         destinationIPv4Address=192.0.2.2,
         protocol=17,
         destinationTransportPort=23,
         applicationId='3..80',
         octetTotalCount=123456 }
        

The Collector has all the required information to determine that the application is HTTP, but runs on port 23.

收集器具有确定应用程序是否为HTTP所需的所有信息,但在端口23上运行。

6.8. Example: Application Name Mapping Options Template
6.8. 示例:应用程序名称映射选项模板

Along with the Flow Records shown in the above examples, a new Options Template Record should be exported to express the Application Name and Application Description associated with each Application ID.

除了上面示例中显示的流记录外,还应导出一个新的选项模板记录,以表示与每个应用程序ID关联的应用程序名称和应用程序描述。

The Options Template Record contains the following Information Elements:

选项模板记录包含以下信息元素:

1. Scope = applicationId.

1. 范围=应用程序ID。

From RFC 5101: The scope, which is only available in the Options Template Set, gives the context of the reported Information Elements in the Data Records.

来自RFC 5101:范围(仅在选项模板集中可用)提供了数据记录中报告的信息元素的上下文。

2. applicationName.

2. 应用程序名。

3. applicationDescription.

3. 应用程序描述。

The Options Data Record associated with the examples above would contain, for example:

与上述示例关联的选项数据记录将包含,例如:

{ scope=applicationId='2..90', applicationName="foo", applicationDescription="The foo protocol",

{scope=applicationId='2..90',applicationName=“foo”,applicationDescription=“foo协议”,

         scope=applicationId='13..10000',
         applicationName="webex",
         applicationDescription="Webex application" }
        
         scope=applicationId='13..10000',
         applicationName="webex",
         applicationDescription="Webex application" }
        
         scope=applicationId='20..X..10000',
         applicationName="webex",
         applicationDescription="Webex application" }
        
         scope=applicationId='20..X..10000',
         applicationName="webex",
         applicationDescription="Webex application" }
        

When combined with the example Flow Records above, these Options Template Records tell the Collector:

当与上面的示例流记录组合时,这些选项模板记录告诉收集器:

1. A flow of 123456 bytes exists from sourceIPv4Address 192.0.2.1 to destinationIPv4address 192.0.2.2 with an applicationId of '12..90', which maps to the "foo" application.

1. 从sourceIPv4Address 192.0.2.1到destinationIPv4address 192.0.2.2之间存在123456字节的流,applicationId为“12..90”,映射到“foo”应用程序。

2. A flow of 123456 bytes exists from sourceIPv4Address 192.0.2.1 to destinationIPv4address 192.0.2.2 with an Application ID of '13..10000', which maps to the "Webex" application.

2. 从sourceIPv4Address 192.0.2.1到destinationIPv4address 192.0.2.2之间存在123456字节的流,应用程序ID为“13..10000”,映射到“Webex”应用程序。

3. A flow of 123456 bytes exists from sourceIPv4Address 192.0.2.1 to destinationIPv4address 192.0.2.2 with an Application ID of '20..PEN..10000', which maps to the "Webex" application, according to the application registry from the enterprise X.

3. 根据企业X的应用程序注册表,从sourceIPv4Address 192.0.2.1到destinationIPv4address 192.0.2.2存在一个123456字节的流,应用程序ID为“20..PEN..10000”,它映射到“Webex”应用程序。

6.9. Example: Attributes Values Options Template Record
6.9. 示例:属性值选项模板记录

Along with the Flow Records shown in the above examples, a new Options Template Record is exported to express the values of the different attributes related to the Application IDs.

除了上面示例中显示的流记录外,还将导出一个新的选项模板记录,以表示与应用程序ID相关的不同属性的值。

The Options Template Record would contain the following Information Elements:

选项模板记录将包含以下信息元素:

1. Scope = applicationId.

1. 范围=应用程序ID。

From RFC 5101: The scope, which is only available in the Options Template Set, gives the context of the reported Information Elements in the Data Records.

来自RFC 5101:范围(仅在选项模板集中可用)提供了数据记录中报告的信息元素的上下文。

2. applicationCategoryName.

2. applicationCategoryName。

3. applicationSubCategoryName.

3. applicationSubCategoryName。

4. applicationGroupName

4. 应用程序组名

5. p2pTechnology

5. P2P技术

6. tunnelTechnology

6. 隧道技术

7. encryptedTechnology

7. 加密技术

The Options Data Record associated with the examples above would contain, for example:

与上述示例关联的选项数据记录将包含,例如:

       { scope=applicationId='2..90',
         applicationCategoryName="foo-category",
         applicationSubCategoryName="foo-subcategory",
         applicationGroupName="foo-group",
         p2pTechnology=NO
         tunnelTechnology=YES
         encryptedTechnology=NO
        
       { scope=applicationId='2..90',
         applicationCategoryName="foo-category",
         applicationSubCategoryName="foo-subcategory",
         applicationGroupName="foo-group",
         p2pTechnology=NO
         tunnelTechnology=YES
         encryptedTechnology=NO
        

When combined with the example Flow Records above, these Options Template Records tell the Collector:

当与上面的示例流记录组合时,这些选项模板记录告诉收集器:

A flow of 123456 bytes exists from sourceIPv4Address 192.0.2.1 to destinationIPv4address 192.0.2.2 with a DSCP value of 0 and an applicationId of '12..90', which maps to the "foo" application. This application can be characterized by the relevant attributes values.

从sourceIPv4Address 192.0.2.1到destinationIPv4address 192.0.2.2存在123456字节的流,DSCP值为0,applicationId为“12..90”,映射到“foo”应用程序。此应用程序可以通过相关属性值来表征。

7. IANA Considerations
7. IANA考虑
7.1. New Information Elements
7.1. 新的信息要素

This document specifies 10 new IPFIX Information Elements: applicationDescription, applicationId, applicationName, classificationEngineId, applicationCategoryName, applicationSubCategoryName, applicationGroupName, p2pTechnology, tunnelTechnology, and encryptedTechnology.

本文档指定了10个新的IPFIX信息元素:applicationDescription、applicationId、applicationName、classificationEngineId、applicationCategoryName、applicationSubCategoryName、applicationGroupName、p2pTechnology、TunnelTech和encryptedTechnology。

The new Information Elements listed below have been added to the IPFIX Information Element registry at [IANA-IPFIX].

下面列出的新信息元素已添加到位于[IANA-IPFIX]的IPFIX信息元素注册表中。

7.1.1. applicationDescription
7.1.1. 应用程序说明

Name: applicationDescription Description: Specifies the description of an application. Abstract Data Type: string Data Type Semantics: ElementId: 94 Status: current

名称:applicationDescription描述:指定应用程序的描述。抽象数据类型:字符串数据类型语义:ElementId:94状态:当前

7.1.2. applicationId
7.1.2. 应用程序ID

Name: applicationId Description: Specifies an Application ID. Abstract Data Type: octetArray Data Type Semantics: identifier Reference: See Section 4 of [RFC6759] for the applicationId Information Element Specification. ElementId: 95 Status: current

名称:applicationId描述:指定应用程序ID。抽象数据类型:octetArray数据类型语义:标识符引用:有关applicationId信息元素规范,请参阅[RFC6759]的第4节。ElementId:95状态:当前

7.1.3. applicationName
7.1.3. 应用程序名

Name: applicationName Description: Specifies the name of an application. Abstract Data Type: string Data Type Semantics: ElementId: 96 Status: current

名称:applicationName描述:指定应用程序的名称。抽象数据类型:字符串数据类型语义:ElementId:96状态:当前

7.1.4. classificationEngineId
7.1.4. 分类引擎类

Name: classificationEngineId Description: A unique identifier for the engine that determined the Selector ID. Thus, the Classification Engine ID defines the context for the Selector ID. The Classification Engine can be considered as a specific registry for application assignments.

名称:classificationEngineId描述:确定选择器ID的引擎的唯一标识符。因此,分类引擎ID定义选择器ID的上下文。分类引擎可以被视为应用程序分配的特定注册表。

Initial values for this field are listed below. Further values may be assigned by IANA in the Classification Engine IDs registry per Section 7.2.

下面列出了此字段的初始值。IANA可根据第7.2节在分类引擎IDs注册表中分配更多值。

0 Invalid.

0无效。

1 IANA-L3: The Assigned Internet Protocol Number (layer 3 (L3)) is exported in the Selector ID. See http://www.iana.org/assignments/protocol-numbers.

1 IANA-L3:分配的Internet协议号(第3层(L3))在选择器ID中导出。请参阅http://www.iana.org/assignments/protocol-numbers.

2 PANA-L3: Proprietary layer 3 definition. An enterprise can export its own layer 3 protocol numbers. The Selector ID has a global significance for all devices from the same enterprise.

2 PANA-L3:专有第3层定义。企业可以导出自己的第3层协议编号。选择器ID对同一企业中的所有设备具有全局意义。

3 IANA-L4: The IANA layer 4 (L4) well-known port number is exported in the Selector ID. See [IANA-PORTS]. Note: as an IPFIX flow is unidirectional, it contains the destination port.

3 IANA-L4:IANA第4层(L4)已知端口号在选择器ID中导出。请参阅[IANA-PORTS]。注意:由于IPFIX流是单向的,因此它包含目标端口。

4 PANA-L4: Proprietary layer 4 definition. An enterprise can export its own layer 4 port numbers. The Selector ID has global significance for devices from the same enterprise. Example: IPFIX was pre-assigned port 4739 using the IANA early allocation process [RFC4020] years before the document was published as an RFC. While waiting for the RFC and it associated IANA registration, Selector ID 4739 was used with this PANA-L4.

4 PANA-L4:专有第4层定义。企业可以导出自己的第4层端口号。选择器ID对于来自同一企业的设备具有全局意义。示例:IPFIX在文档作为RFC发布前几年,使用IANA早期分配过程[RFC4020]预先分配了端口4739。在等待RFC和it相关IANA注册时,选择器ID 4739用于此PANA-L4。

5 Reserved

5保留

6 USER-Defined: The Selector ID represents applications defined by the user (using CLI, GUI, etc.) based on the methods described in Section 2. The Selector ID has a local significance per device.

6用户定义:选择器ID表示用户根据第2节中描述的方法定义的应用程序(使用CLI、GUI等)。选择器ID对每个设备具有本地意义。

7 Reserved

7保留

8 Reserved

8保留

9 Reserved

9保留

10 Reserved

10保留

11 Reserved

11保留

12 PANA-L2: Proprietary layer 2 (L2) definition. An enterprise can export its own layer 2 identifiers. The Selector ID represents the enterprise's unique global layer 2 applications. The Selector ID has a global significance for all devices from the same enterprise. Examples include the Cisco Subnetwork Access Protocol (SNAP).

12 PANA-L2:专有第2层(L2)定义。企业可以导出自己的第2层标识符。选择器ID表示企业唯一的全局第2层应用程序。选择器ID对同一企业中的所有设备具有全局意义。示例包括Cisco子网访问协议(SNAP)。

13 PANA-L7: Proprietary layer 7 definition. The Selector ID represents the enterprise's unique global ID for layer 7 applications. The Selector ID has a global significance for all devices from the same enterprise. This Classification Engine ID is used when the application registry is owned by the Exporter manufacturer (referred to as the "enterprise" in this document).

13 PANA-L7:专有第7层定义。选择器ID表示第7层应用程序的企业唯一全局ID。选择器ID对同一企业中的所有设备具有全局意义。当应用程序注册表归出口商制造商(在本文档中称为“企业”)所有时,使用此分类引擎ID。

14 Reserved

14保留

15 Reserved

15保留

16 Reserved

16保留

17 Reserved

17保留

18 ETHERTYPE: The Selector ID represents the well-known Ethertype. See [ETHERTYPE].

18 ETHERTYPE:选择器ID表示已知的ETHERTYPE。参见[ETHERTYPE]。

19 LLC: The Selector ID represents the well-known IEEE 802.2 Link Layer Control (LLC) Destination Service Access Point (DSAP). See [LLC].

19 LLC:选择器ID表示众所周知的IEEE 802.2链路层控制(LLC)目标服务接入点(DSAP)。见[LLC]。

20 PANA-L7-PEN: Proprietary layer 7 definition, including a Private Enterprise Number (PEN) [IANA-PEN] to identify that the application registry being used is not owned by the Exporter manufacturer or to identify the original enterprise in the case of a mediator or 3rd party device. The Selector ID represents the enterprise unique global ID for layer 7 applications. The Selector ID has a global significance for all devices from the same enterprise.

20 PANA-L7-PEN:专有的第7层定义,包括一个私有企业编号(PEN)[IANA-PEN],用于识别正在使用的应用程序注册中心不属于出口商制造商,或者在中介或第三方设备的情况下识别原始企业。选择器ID表示第7层应用程序的企业唯一全局ID。选择器ID对同一企业中的所有设备具有全局意义。

Some values (5, 7, 8, 9, 10, 11, 14, 15, 16, and 17), are reserved to be compliant with existing implementations already using the classificationEngineId.

一些值(5、7、8、9、10、11、14、15、16和17)保留为与已经使用classificationEngineId的现有实现兼容。

Abstract Data Type: unsigned8 Data Type Semantics: identifier ElementId: 101 Status: current

抽象数据类型:unsigned8数据类型语义:标识符ElementId:101状态:当前

7.1.5. applicationCategoryName
7.1.5. applicationCategoryName

Name: applicationCategoryName Description: An attribute that provides a first-level categorization for each Application Id. Abstract Data Type: string Data Type Semantics: ElementId: 372 Status: current

名称:applicationCategoryName描述:为每个应用程序Id提供一级分类的属性。抽象数据类型:字符串数据类型语义:ElementId:372状态:当前

7.1.6. applicationSubCategoryName
7.1.6. 应用程序子类别名称

Name: applicationSubCategoryName Description: An attribute that provides a second-level categorization for each Application Id. Abstract Data Type: string Data Type Semantics: ElementId: 373 Status: current

名称:applicationSubCategoryName描述:为每个应用程序Id提供二级分类的属性。抽象数据类型:字符串数据类型语义:ElementId:373状态:当前

7.1.7. applicationGroupName
7.1.7. 应用程序组名

Name: applicationGroupName Description: An attribute that groups multiple Application IDs that belong to the same networking application. Abstract Data Type: string Data Type Semantics: ElementId: 374 Status: current

名称:applicationGroupName描述:将属于同一网络应用程序的多个应用程序ID分组的属性。抽象数据类型:字符串数据类型语义:ElementId:374状态:当前

7.1.8. p2pTechnology
7.1.8. P2P技术
   Name: p2pTechnology
   Description:
    Specifies if the Application ID is based on peer-to-peer
    technology.  Possible values are { "yes", "y", 1 },
    { "no", "n", 2 }, and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 288
   Status: current
        
   Name: p2pTechnology
   Description:
    Specifies if the Application ID is based on peer-to-peer
    technology.  Possible values are { "yes", "y", 1 },
    { "no", "n", 2 }, and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 288
   Status: current
        
7.1.9. tunnelTechnology
7.1.9. 隧道技术
   Name: tunnelTechnology
   Description:
     Specifies if the Application ID is used as a tunnel technology.
     Possible values are { "yes", "y", 1 }, { "no", "n", 2 },
     and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 289
   Status: current
        
   Name: tunnelTechnology
   Description:
     Specifies if the Application ID is used as a tunnel technology.
     Possible values are { "yes", "y", 1 }, { "no", "n", 2 },
     and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 289
   Status: current
        
7.1.10. encryptedTechnology
7.1.10. 加密技术
   Name: encryptedTechnology
   Description:
    Specifies if the Application ID is an encrypted networking
    protocol.  Possible values are { "yes", "y", 1 },
    { "no", "n", 2 }, and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 290
   Status: current
        
   Name: encryptedTechnology
   Description:
    Specifies if the Application ID is an encrypted networking
    protocol.  Possible values are { "yes", "y", 1 },
    { "no", "n", 2 }, and { "unassigned", "u", 0 }.
   Abstract Data Type: string
   Data Type Semantics:
   ElementId: 290
   Status: current
        
7.2. Classification Engine ID Registry
7.2. 分类引擎ID注册表

The Information Element #101, named classificationEngineId, carries information about the context for the Selector ID, and can be considered as a specific registry for application assignments. For ensuring extensibility of this information, IANA has created a new registry for Classification Engine IDs and filled it with the initial list from the description Information Element #101, classificationEngineId, along with their respective default lengths (Table 2 in this document).

名为classificationEngineId的信息元素#101包含有关选择器ID上下文的信息,可以被视为应用程序分配的特定注册表。为了确保该信息的可扩展性,IANA为分类引擎ID创建了一个新的注册表,并用描述信息元素#101,classificationEngineId中的初始列表以及它们各自的默认长度(本文档中的表2)填充该注册表。

New assignments for Classification Engine IDs will be administered by IANA through Expert Review [RFC5226], i.e., review by one of a group of experts designated by an IETF Area Director. The group of experts must double-check the new definitions with already defined Classification Engine IDs for completeness, accuracy, and redundancy. The specification of Classification Engine IDs MUST be published using a well-established and persistent publication medium.

分类引擎ID的新任务将由IANA通过专家评审[RFC5226]进行管理,即由IETF区域总监指定的专家组之一进行评审。专家组必须使用已定义的分类引擎ID对新定义的完整性、准确性和冗余性进行双重检查。分类引擎ID的规范必须使用成熟的持久发布介质发布。

8. Security Considerations
8. 安全考虑

The same security considerations as for the IPFIX protocol [RFC5101] apply. The IPFIX extension specified in this memo allows to identify what applications are used on the network. Consequently, it is

适用与IPFIX协议[RFC5101]相同的安全注意事项。此备忘录中指定的IPFIX扩展允许识别网络上使用的应用程序。因此,它是

possible to identify what applications are being used by the users, potentially threatening the privacy of those users, if not handled with great care.

可以识别用户正在使用哪些应用程序,如果不小心处理,可能会威胁到这些用户的隐私。

As mentioned in Section 1.1, the application knowledge is useful in security based applications. Security applications may impose supplementary requirements on the export of application information, and these need to be examined on a case by case basis.

如第1.1节所述,应用程序知识在基于安全性的应用程序中非常有用。安全应用程序可能对应用程序信息的导出提出补充要求,这些要求需要逐案审查。

9. References
9. 工具书类
9.1. Normative References
9.1. 规范性引用文件

[ETHERTYPE] IEEE, <http://standards.ieee.org/develop/regauth/ ethertype/eth.txt>.

[ETHERTYPE]IEEE<http://standards.ieee.org/develop/regauth/ ethertype/eth.txt>。

[IANA-PEN] IANA, "PRIVATE ENTERPRISE NUMBERS", <http://www.iana.org/assignments/enterprise-numbers>.

[IANA-PEN]IANA,“私营企业编号”<http://www.iana.org/assignments/enterprise-numbers>.

[IANA-PORTS] IANA, "Service Name and Transport Protocol Port Number Registry", <http://www.iana.org/assignments/port-numbers>.

[IANA-PORTS]IANA,“服务名称和传输协议端口号注册表”<http://www.iana.org/assignments/port-numbers>.

[IANA-PROTO] IANA, "Protocol Numbers", <http://www.iana.org/assignments/protocol-numbers>.

[IANA-PROTO]IANA,“协议编号”<http://www.iana.org/assignments/protocol-numbers>.

[LLC] IEEE, "LOGICAL LINK CONTROL (LLC) PUBLIC LISTING", <http://standards.ieee.org /develop/regauth/llc /public.html>.

[LLC]IEEE,“逻辑链路控制(LLC)公开上市”<http://standards.ieee.org /develope/regauth/llc/public.html>。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC5101] Claise, B., Ed., "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information", RFC 5101, January 2008.

[RFC5101]Claise,B.,Ed.,“交换IP流量信息的IP流量信息导出(IPFIX)协议规范”,RFC 5101,2008年1月。

[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. Meyer, "Information Model for IP Flow Information Export", RFC 5102, January 2008.

[RFC5102]Quitek,J.,Bryant,S.,Claise,B.,Aitken,P.,和J.Meyer,“IP流信息导出的信息模型”,RFC 5102,2008年1月。

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。

9.2. Informative References
9.2. 资料性引用

[CISCO-APPLICATION-REGISTRY] Cisco, "Application Registry", <http://www.cisco.com/go/application_registry>.

[CISCO-APPLICATION-REGISTRY]CISCO,“应用程序注册表”<http://www.cisco.com/go/application_registry>.

[IANA-IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", <http://www.iana.org/assignments/ipfix>.

[IANA-IPFIX]IANA,“IP流信息导出(IPFIX)实体”<http://www.iana.org/assignments/ipfix>.

[LLDP] IEEE, Std 802.1AB-2005, "Standard for Local and metropolitan area networks - Station and Media Access Control Connectivity Discovery", IEEE Std 802.1AB-2005 IEEE Std, 2005.

[LLDP]IEEE,标准802.1AB-2005,“局域网和城域网标准-站点和媒体访问控制连接发现”,IEEE标准802.1AB-2005 IEEE标准,2005年。

[RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, September 1981.

[RFC792]Postel,J.,“互联网控制消息协议”,STD 5,RFC 792,1981年9月。

[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.

[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。

[RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004.

[RFC3954]Claise,B.,Ed.,“Cisco Systems NetFlow服务导出版本9”,RFC 3954,2004年10月。

[RFC4020] Kompella, K. and A. Zinin, "Early IANA Allocation of Standards Track Code Points", BCP 100, RFC 4020, February 2005.

[RFC4020]Kompella,K.和A.Zinin,“早期IANA标准轨道代码点分配”,BCP 100,RFC 4020,2005年2月。

[RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export Using IP Flow Information Export (IPFIX)", RFC 5103, January 2008.

[RFC5103]Trammell,B.和E.Boschi,“使用IP流量信息导出(IPFIX)的双向流量导出”,RFC 5103,2008年1月。

[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", RFC 5470, March 2009.

[RFC5470]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出架构”,RFC 54702009年3月。

[RFC5471] Schmoll, C., Aitken, P., and B. Claise, "Guidelines for IP Flow Information Export (IPFIX) Testing", RFC 5471, March 2009.

[RFC5471]Schmoll,C.,Aitken,P.,和B.Claise,“IP流信息导出(IPFIX)测试指南”,RFC 54712009年3月。

[RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports", RFC 5473, March 2009.

[RFC5473]Boschi,E.,Mark,L.,和B.Claise,“减少IP流信息导出(IPFIX)和数据包采样(PSAMP)报告中的冗余”,RFC 5473,2009年3月。

[RFC5476] Claise, B., Ed., Johnson, A., and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, March 2009.

[RFC5476]Claise,B.,Ed.,Johnson,A.,和J.Quittek,“数据包采样(PSAMP)协议规范”,RFC 54762009年3月。

[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. Carle, "Information Model for Packet Sampling Exports", RFC 5477, March 2009.

[RFC5477]Dietz,T.,Claise,B.,Aitken,P.,Dressler,F.,和G.Carle,“数据包抽样出口的信息模型”,RFC 5477,2009年3月。

[RFC5353] Xie, Q., Stewart, R., Stillman, M., Tuexen, M., and A. Silverton, "Endpoint Handlespace Redundancy Protocol (ENRP)", RFC 5353, September 2008.

[RFC5353]Xie,Q.,Stewart,R.,Stillman,M.,Tuexen,M.,和A.Silverton,“端点Handlespace冗余协议(ENRP)”,RFC 53532008年9月。

[RFC5811] Hadi Salim, J. and K. Ogawa, "SCTP-Based Transport Mapping Layer (TML) for the Forwarding and Control Element Separation (ForCES) Protocol", RFC 5811, March 2010.

[RFC5811]Hadi Salim,J.和K.Ogawa,“转发和控制元素分离(ForCES)协议的基于SCTP的传输映射层(TML)”,RFC 58112010年3月。

[RFC6183] Kobayashi, A., Claise, B., Muenz, G., and K. Ishibashi, "IP Flow Information Export (IPFIX) Mediation: Framework", RFC 6183, April 2011.

[RFC6183]Kobayashi,A.,Claise,B.,Muenz,G.,和K.Ishibashi,“IP流信息导出(IPFIX)中介:框架”,RFC 6183,2011年4月。

[RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, "Export of Structured Data in IP Flow Information Export (IPFIX)", RFC 6313, July 2011.

[RFC6313]Claise,B.,Dhandapani,G.,Aitken,P.,和S.Yates,“IP流信息导出(IPFIX)中结构化数据的导出”,RFC 63132011年7月。

10. Acknowledgements
10. 致谢

The authors would like to thank their many colleagues across Cisco Systems who made this work possible. Specifically, Patrick Wildi for his time and expertise.

作者要感谢思科系统公司的许多同事,他们使这项工作成为可能。具体来说,帕特里克·威尔迪感谢他的时间和专业知识。

Appendix A. Additions to XML Specification of IPFIX Information Elements (Non-normative)

附录A.对IPFIX信息元素XML规范的补充(非规范性)

This appendix contains additions to the machine-readable description of the IPFIX information model coded in XML in Appendix A and Appendix B in [RFC5102]. Note that this appendix is of informational nature, while the text in Section 7 (generated from this appendix) is normative.

本附录包含对[RFC5102]附录A和附录B中以XML编码的IPFIX信息模型的机器可读说明的补充。请注意,本附录为信息性附录,而第7节(由本附录产生)中的文本为规范性附录。

The following field definitions are appended to the IPFIX information model in Appendix A of [RFC5102].

[RFC5102]附录A中的IPFIX信息模型附加了以下字段定义。

     <field name="applicationDescription"
            dataType="string"
            group="application"
            elementId="94" applicability="all"
   status="current">
       <description>
         <paragraph>
            Specifies the description of an application.
         </paragraph>
       </description>
     </field>
        
     <field name="applicationDescription"
            dataType="string"
            group="application"
            elementId="94" applicability="all"
   status="current">
       <description>
         <paragraph>
            Specifies the description of an application.
         </paragraph>
       </description>
     </field>
        
     <field name="applicationId"
            dataType="octetArray"
            group="application"
            dataTypeSemantics="identifier"
            elementId="95" applicability="all"
   status="current">
       <description>
         <paragraph>
            Specifies an Application ID.
         </paragraph>
       </description>
       <reference>
         <paragraph>
            See Section 4 of [RFC6759]
           for the applicationId Information Element
           Specification.
         </paragraph>
       </reference>
     </field>
        
     <field name="applicationId"
            dataType="octetArray"
            group="application"
            dataTypeSemantics="identifier"
            elementId="95" applicability="all"
   status="current">
       <description>
         <paragraph>
            Specifies an Application ID.
         </paragraph>
       </description>
       <reference>
         <paragraph>
            See Section 4 of [RFC6759]
           for the applicationId Information Element
           Specification.
         </paragraph>
       </reference>
     </field>
        
     <field name="applicationName"
            dataType="string"
            group="application"
            elementId="96" applicability="all"
        
     <field name="applicationName"
            dataType="string"
            group="application"
            elementId="96" applicability="all"
        
   status="current">
       <description>
         <paragraph>
            Specifies the name of an application.
         </paragraph>
       </description>
     </field>
        
   status="current">
       <description>
         <paragraph>
            Specifies the name of an application.
         </paragraph>
       </description>
     </field>
        

<field name="classificationEngineId" dataType="unsigned8" group="application" dataTypeSemantics="identifier" elementId="101" applicability="all" status="current"> <description> <paragraph> 0 Invalid.

<field name=“classificationEngineId”dataType=“unsigned8”group=“application”dataTypeSemantics=“identifier”elementId=“101”application=“all”status=“current”><description><paragration>0无效。

1 IANA-L3: The Assigned Internet Protocol Number (layer 3 (L3)) is exported in the Selector ID. See http://www.iana.org/assignments/protocol-numbers.

1 IANA-L3:分配的Internet协议号(第3层(L3))在选择器ID中导出。请参阅http://www.iana.org/assignments/protocol-numbers.

2 PANA-L3: Proprietary layer 3 definition. An enterprise can export its own layer 3 protocol numbers. The Selector ID has a global significance for all devices from the same enterprise.

2 PANA-L3:专有第3层定义。企业可以导出自己的第3层协议编号。选择器ID对同一企业中的所有设备具有全局意义。

3 IANA-L4: The IANA layer 4 (L4) well-known port number is exported in the Selector ID. See [IANA-PORTS]. Note: as an IPFIX flow is unidirectional, it contains the destination port.

3 IANA-L4:IANA第4层(L4)已知端口号在选择器ID中导出。请参阅[IANA-PORTS]。注意:由于IPFIX流是单向的,因此它包含目标端口。

4 PANA-L4: Proprietary layer 4 definition. An enterprise can export its own layer 4 port numbers. The Selector ID has global significance for devices from the same enterprise. Example: IPFIX was pre-assigned port 4739 using the IANA early allocation process [RFC4020] years before the document was published as an RFC. While waiting for the RFC and its associated IANA registration, Selector ID 4739 was used with this PANA-L4.

4 PANA-L4:专有第4层定义。企业可以导出自己的第4层端口号。选择器ID对于来自同一企业的设备具有全局意义。示例:IPFIX在文档作为RFC发布前几年,使用IANA早期分配过程[RFC4020]预先分配了端口4739。在等待RFC及其相关IANA注册时,选择器ID 4739用于此PANA-L4。

5 Reserved

5保留

6 USER-Defined: The Selector ID represents applications defined by the user (using CLI, GUI, etc.) based on the methods described in Section 2. The Selector ID has a local significance per device.

6用户定义:选择器ID表示用户根据第2节中描述的方法定义的应用程序(使用CLI、GUI等)。选择器ID对每个设备具有本地意义。

7 Reserved

7保留

8 Reserved

8保留

9 Reserved

9保留

10 Reserved

10保留

11 Reserved

11保留

12 PANA-L2: Proprietary layer 2 (L2) definition. An enterprise can export its own layer 2 identifiers. The Selector ID represents the enterprise's unique global layer 2 applications. The Selector ID has a global significance for all devices from the same enterprise. Examples include the Cisco Subnetwork Access Protocol (SNAP).

12 PANA-L2:专有第2层(L2)定义。企业可以导出自己的第2层标识符。选择器ID表示企业唯一的全局第2层应用程序。选择器ID对同一企业中的所有设备具有全局意义。示例包括Cisco子网访问协议(SNAP)。

13 PANA-L7: Proprietary layer 7 definition. The Selector ID represents the enterprise's unique global ID for layer 7 applications. The Selector ID has a global significance for all devices from the same enterprise. This Classification Engine ID is used when the application registry is owned by the Exporter manufacturer (referred to as the "enterprise" in this document).

13 PANA-L7:专有第7层定义。选择器ID表示第7层应用程序的企业唯一全局ID。选择器ID对同一企业中的所有设备具有全局意义。当应用程序注册表归出口商制造商(在本文档中称为“企业”)所有时,使用此分类引擎ID。

14 Reserved

14保留

15 Reserved

15保留

16 Reserved

16保留

17 Reserved

17保留

18 ETHERTYPE: The Selector ID represents the well-known Ethertype. See [ETHERTYPE].

18 ETHERTYPE:选择器ID表示已知的ETHERTYPE。参见[ETHERTYPE]。

19 LLC: The Selector ID represents the well-known IEEE 802.2 Link Layer Control (LLC)

19 LLC:选择器ID表示众所周知的IEEE 802.2链路层控制(LLC)

Destination Service Access Point (DSAP). See [LLC].

目标服务接入点(DSAP)。见[LLC]。

20 PANA-L7-PEN: Proprietary layer 7 definition, including a Private Enterprise Number (PEN) [IANA-PEN] to identify that the application registry being used is not owned by the Exporter manufacturer or to identify the original enterprise in the case of a mediator or 3rd party device. The Selector ID represents the enterprise unique global ID for layer 7 applications. The Selector ID has a global significance for all devices from the same enterprise. </paragraph> </description> </field>

20 PANA-L7-PEN:专有的第7层定义,包括一个私有企业编号(PEN)[IANA-PEN],用于识别正在使用的应用程序注册中心不属于出口商制造商,或者在中介或第三方设备的情况下识别原始企业。选择器ID表示第7层应用程序的企业唯一全局ID。选择器ID对同一企业中的所有设备具有全局意义</段落></description></field>

     <field name="applicationCategoryName"
            dataType="string"
            group="application"
            elementId="372"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that provides a first-level categorization
            for each Application Id.
         </paragraph>
       </description>
     </field>
        
     <field name="applicationCategoryName"
            dataType="string"
            group="application"
            elementId="372"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that provides a first-level categorization
            for each Application Id.
         </paragraph>
       </description>
     </field>
        
     <field name="applicationSubCategoryName"
            dataType="string"
            group="application"
            elementId="373"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that provides a second-level
            categorization for each Application ID.
         </paragraph>
       </description>
     </field>
        
     <field name="applicationSubCategoryName"
            dataType="string"
            group="application"
            elementId="373"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that provides a second-level
            categorization for each Application ID.
         </paragraph>
       </description>
     </field>
        

<field name="applicationGroupName" dataType="string"

<field name=“applicationGroupName”dataType=“string”

            group="application"
            elementId="374"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that groups multiple Application IDs
            that belong to the same networking application.
         </paragraph>
       </description>
     </field>
        
            group="application"
            elementId="374"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            An attribute that groups multiple Application IDs
            that belong to the same networking application.
         </paragraph>
       </description>
     </field>
        
     <field name="p2pTechnology"
            dataType="string"
            group="application"
            elementId="288"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is based on peer-
            to-peer technology.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        
     <field name="p2pTechnology"
            dataType="string"
            group="application"
            elementId="288"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is based on peer-
            to-peer technology.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        
     <field name="tunnelTechnology"
            dataType="string"
            group="application"
            elementId="289"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is used as a
            tunnel technology.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        
     <field name="tunnelTechnology"
            dataType="string"
            group="application"
            elementId="289"
            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is used as a
            tunnel technology.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        

<field name="encryptedTechnology" dataType="string" group="application" elementId="290"

<field name=“encryptedTechnology”dataType=“string”group=“application”elementId=“290”

            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is an encrypted
            networking protocol.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        
            applicability="all"
            status="current">
       <description>
         <paragraph>
            Specifies if the Application ID is an encrypted
            networking protocol.  Possible values are
            { "yes", "y", 1 }, { "no", "n", 2 }, and
            { "unassigned", "u", 0 }.
         </paragraph>
       </description>
     </field>
        

Appendix B. Port Collisions Tables (Non-normative)

附录B.端口冲突表(非标准)

The following table lists the 10 ports that have different protocols assigned for TCP and UDP (at the time of writing this document):

下表列出了为TCP和UDP分配了不同协议的10个端口(在编写本文档时):

exec 512/tcp remote process execution; authentication performed using passwords and UNIX login names

exec512/tcp远程进程执行;使用密码和UNIX登录名执行身份验证

comsat/biff 512/udp used by mail system to notify users of new mail received; currently receives messages only from processes on the same machine

邮件系统使用comsat/biff 512/udp通知用户收到的新邮件;当前仅从同一台计算机上的进程接收消息

login 513/tcp remote login a la telnet; automatic authentication performed based on priviledged [sic] port numbers and distributed data bases which identify "authentication domains"

登录513/tcp远程登录la telnet;根据专用[sic]端口号和标识“认证域”的分布式数据库执行的自动认证

who 513/udp maintains data bases showing who's logged in to machines on a local net and the load average of the machine

who 513/udp维护数据库,显示谁登录到本地网络上的机器以及机器的平均负载

shell 514/tcp cmd like exec, but automatic authentication is performed as for login server

shell 514/tcp cmd类似于exec,但对登录服务器执行自动身份验证

syslog 514/udp

syslog 514/udp

oob-ws-https 664/tcp DMTF out-of-band secure web services management protocol Jim Davis <jim.davis@wbemsolutions.com>

oob ws-https 664/tcp DMTF带外安全web服务管理协议Jim Davis<Jim。davis@wbemsolutions.com>

asf-secure-rmcp 664/udp ASF Secure Remote Management and Control Protocol

asf安全rmcp 664/udp asf安全远程管理和控制协议

rfile 750/tcp kerberos-iv 750/udp kerberos version iv

rfile 750/tcp kerberos iv 750/udp kerberos版本iv

submit 773/tcp notify 773/udp

提交773/tcp通知773/udp

rpasswd 774/tcp acmaint_dbd 774/udp

rpasswd 774/tcp acmaint_dbd 774/udp

entomb 775/tcp acmaint_transd 775/udp

entomb 775/tcp acmaint_transd 775/udp

busboy 998/tcp puparp 998/udp

巴士男孩998/tcp puparp 998/udp

garcon 999/tcp applix 999/udp Applix ac

garcon 999/tcp applix 999/udp applix ac

Table 4: Different Protocols on UDP and TCP

表4:UDP和TCP上的不同协议

The following table lists the 19 ports that have different protocols assigned for TCP and SCTP (at the time of writing this document):

下表列出了为TCP和SCTP分配了不同协议的19个端口(在编写本文档时):

# 3097/tcp Reserved

#3097/tcp保留

       itu-bicc-stc    3097/sctp   ITU-T Q.1902.1/Q.2150.3
                                   Greg Sidebottom
                                   <gregside@home.com>
        
       itu-bicc-stc    3097/sctp   ITU-T Q.1902.1/Q.2150.3
                                   Greg Sidebottom
                                   <gregside@home.com>
        
       #               5090/tcp    <not assigned>
        
       #               5090/tcp    <not assigned>
        

car 5090/sctp Candidate AR

car 5090/sctp候选AR

       #               5091/tcp    <not assigned>
        
       #               5091/tcp    <not assigned>
        

cxtp 5091/sctp Context Transfer Protocol

cxtp 5091/sctp上下文传输协议

# 6704/tcp Reserved

#6704/tcp保留

frc-hp 6704/sctp ForCES HP (High Priority) channel [RFC5811]

frc hp 6704/sctp强制hp(高优先级)通道[RFC5811]

# 6705/tcp Reserved

#6705/tcp保留

frc-mp 6705/sctp ForCES MP (Medium Priority) channel [RFC5811]

frc mp 6705/sctp强制mp(中等优先级)信道[RFC5811]

# 6706/tcp Reserved

#6706/tcp保留

frc-lp 6706/sctp ForCES LP (Low Priority) channel [RFC5811]

frc lp 6706/sctp强制lp(低优先级)信道[RFC5811]

       #               9082/tcp    <not assigned>
        
       #               9082/tcp    <not assigned>
        

lcs-ap 9082/sctp LCS Application Protocol Kimmo Kymalainen <kimmo.kymalainen@etsi.org>

lcs ap 9082/sctp lcs应用协议Kimmo Kymalainen<Kimmo。kymalainen@etsi.org>

       #               9902/tcp    <not assigned>
        
       #               9902/tcp    <not assigned>
        

enrp-sctp-tls 9902/sctp enrp/tls server channel [RFC5353]

enrp sctp tls 9902/sctp enrp/tls服务器通道[RFC5353]

       #               11997/tcp   <not assigned>
       #               11998/tcp   <not assigned>
       #               11999/tcp   <not assigned>
        
       #               11997/tcp   <not assigned>
       #               11998/tcp   <not assigned>
       #               11999/tcp   <not assigned>
        

wmereceiving 11997/sctp WorldMailExpress wmedistribution 11998/sctp WorldMailExpress wmereporting 11999/sctp WorldMailExpress Greg Foutz <gregf@adminovation.com>

WMEREIVING 11997/sctp WorldMailExpress WMEDITRIBUTION 11998/sctp WorldMailExpress WMEREIVING 11999/sctp WorldMailExpress Greg Foutz<gregf@adminovation.com>

       #               25471/tcp   <not assigned>
        
       #               25471/tcp   <not assigned>
        

rna 25471/sctp RNSAP User Adaptation for Iurh Dario S. Tonesi <dario.tonesi@nsn.com> 07 February 2011

rna 25471/sctp RNSAP用户对Iurh Dario S.Tonesi<Dario的适应。tonesi@nsn.com>2011年2月7日

# 29118/tcp Reserved

#29118/tcp保留

sgsap 29118/sctp SGsAP in 3GPP

3GPP中的sgsap 29118/sctp sgsap

# 29168/tcp Reserved

#29168/tcp保留

sbcap 29168/sctp SBcAP in 3GPP

3GPP中的sbcap 29168/sctp sbcap

       #               29169/tcp   <not assigned>
        
       #               29169/tcp   <not assigned>
        

iuhsctpassoc 29169/sctp HNBAP and RUA Common Association John Meredith <John.Meredith@etsi.org> 08 September 2009

iuhsctpassoc 29169/sctp HNBAP和RUA共同协会John Meredith<John。Meredith@etsi.org>2009年9月8日

       #               36412/tcp   <not assigned>
        
       #               36412/tcp   <not assigned>
        

s1-control 36412/sctp S1-Control Plane (3GPP) Kimmo Kymalainen <kimmo.kymalainen@etsi.org> 01 September 2009

s1控制36412/sctp s1控制平面(3GPP)Kimmo Kymalainen<Kimmo。kymalainen@etsi.org>2009年9月1日

       #               36422/tcp   <not assigned>
        
       #               36422/tcp   <not assigned>
        

x2-control 36422/sctp X2-Control Plane (3GPP) Kimmo Kymalainen <kimmo.kymalainen@etsi.org> 01 September 2009

x2控制36422/sctp x2控制平面(3GPP)Kimmo Kymalainen<Kimmo。kymalainen@etsi.org>2009年9月1日

       #               36443/tcp   <not assigned>
        
       #               36443/tcp   <not assigned>
        

m2ap 36443/sctp M2 Application Part Dario S. Tonesi <dario.tonesi@nsn.com> 07 February 2011

m2ap 36443/sctp M2应用部件Dario S.Tonesi<Dario。tonesi@nsn.com>2011年2月7日

       #               36444/tcp   <not assigned>
        
       #               36444/tcp   <not assigned>
        

m3ap 36444/sctp M3 Application Part Dario S. Tonesi <dario.tonesi@nsn.com> 07 February 2011

m3ap 36444/sctp M3应用部件Dario S.Tonesi<Dario。tonesi@nsn.com>2011年2月7日

Table 5: Different Protocols on SCTP and TCP

表5:SCTP和TCP上的不同协议

Appendix C. Application Registry Example (Non-normative)

附录C.应用注册示例(非规范性)

A reference to the Cisco Systems assigned numbers for the Application ID and the different attribute assignments can be found at [CISCO-APPLICATION-REGISTRY].

可在[Cisco-Application-REGISTRY]上找到应用程序ID和不同属性分配的Cisco Systems分配编号的参考。

Authors' Addresses

作者地址

Benoit Claise Cisco Systems, Inc. De Kleetlaan 6a b1 Diegem 1813 Belgium

比利时Benoit Claise思科系统有限公司De Kleetlaan 6a b1 Diegem 1813

   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com
        
   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com
        

Paul Aitken Cisco Systems, Inc. 96 Commercial Quay Commercial Street Edinburgh, EH6 6LX United Kingdom

Paul Aitken Cisco Systems,Inc.英国爱丁堡商业码头商业街96号,EH6 6LX

   Phone: +44 131 561 3616
   EMail: paitken@cisco.com
        
   Phone: +44 131 561 3616
   EMail: paitken@cisco.com
        

Nir Ben-Dvora Cisco Systems, Inc. 32 HaMelacha St., P.O. Box 8735, I.Z.Sapir South Netanya, 42504 Israel

Nir Ben Dvora思科系统公司,地址:以色列内塔尼亚南萨皮尔市哈默拉查街32号邮政信箱8735号,邮编:42504

   Phone: +972 9 892 7187
   EMail: nirbd@cisco.com
        
   Phone: +972 9 892 7187
   EMail: nirbd@cisco.com