Internet Engineering Task Force (IETF)                         B. Claise
Request for Comments: 7119                           Cisco Systems, Inc.
Category: Standards Track                                   A. Kobayashi
ISSN: 2070-1721                                                      NTT
                                                             B. Trammell
                                                              ETH Zurich
                                                           February 2014
        
Internet Engineering Task Force (IETF)                         B. Claise
Request for Comments: 7119                           Cisco Systems, Inc.
Category: Standards Track                                   A. Kobayashi
ISSN: 2070-1721                                                      NTT
                                                             B. Trammell
                                                              ETH Zurich
                                                           February 2014
        

Operation of the IP Flow Information Export (IPFIX) Protocol on IPFIX Mediators

IP流信息导出(IPFIX)协议在IPFIX中介上的操作

Abstract

摘要

This document specifies the operation of the IP Flow Information Export (IPFIX) protocol specific to IPFIX Mediators, including Template and Observation Point management, timing considerations, and other Mediator-specific concerns.

本文档指定了特定于IPFIX中介体的IP流信息导出(IPFIX)协议的操作,包括模板和观察点管理、计时注意事项以及其他特定于中介体的问题。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7119.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7119.

Copyright Notice

版权公告

Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. IPFIX Documents Overview ...................................3
      1.2. IPFIX Mediator Documents Overview ..........................4
      1.3. Relationship with the IPFIX and PSAMP Protocols ............5
   2. Terminology .....................................................5
   3. Handling IPFIX Message Headers ..................................8
   4. Template Management ............................................10
      4.1. Passing Unmodified Templates through an IPFIX Mediator ....11
           4.1.1. Template Mapping and Information Element Ordering ..15
      4.2. Creating New Templates at an IPFIX Mediator ...............17
      4.3. Handling Unknown Information Elements .....................17
   5. Preserving Original Observation Point Information ..............17
      5.1. originalExporterIPv4Address Information Element ...........20
      5.2. originalExporterIPv6Address Information Element ...........20
   6. Managing Observation Domain IDs ................................20
      6.1. originalObservationDomainId Information Element ...........21
   7. Timing Considerations ..........................................21
   8. Transport Considerations .......................................23
   9. Collecting Process Considerations ..............................23
   10. Specific Reporting Requirements ...............................23
      10.1. Intermediate Process Reliability Statistics
            Options Template .........................................24
      10.2. Flow Key Options Template ................................26
      10.3. intermediateProcessId Information Element ................26
      10.4. ignoredDataRecordTotalCount Information Element ..........27
   11. Operations and Management Considerations ......................27
   12. Security Considerations .......................................28
   13. IANA Considerations ...........................................28
   14. Acknowledgments ...............................................29
   15. References ....................................................29
      15.1. Normative References .....................................29
      15.2. Informative References ...................................30
        
   1. Introduction ....................................................2
      1.1. IPFIX Documents Overview ...................................3
      1.2. IPFIX Mediator Documents Overview ..........................4
      1.3. Relationship with the IPFIX and PSAMP Protocols ............5
   2. Terminology .....................................................5
   3. Handling IPFIX Message Headers ..................................8
   4. Template Management ............................................10
      4.1. Passing Unmodified Templates through an IPFIX Mediator ....11
           4.1.1. Template Mapping and Information Element Ordering ..15
      4.2. Creating New Templates at an IPFIX Mediator ...............17
      4.3. Handling Unknown Information Elements .....................17
   5. Preserving Original Observation Point Information ..............17
      5.1. originalExporterIPv4Address Information Element ...........20
      5.2. originalExporterIPv6Address Information Element ...........20
   6. Managing Observation Domain IDs ................................20
      6.1. originalObservationDomainId Information Element ...........21
   7. Timing Considerations ..........................................21
   8. Transport Considerations .......................................23
   9. Collecting Process Considerations ..............................23
   10. Specific Reporting Requirements ...............................23
      10.1. Intermediate Process Reliability Statistics
            Options Template .........................................24
      10.2. Flow Key Options Template ................................26
      10.3. intermediateProcessId Information Element ................26
      10.4. ignoredDataRecordTotalCount Information Element ..........27
   11. Operations and Management Considerations ......................27
   12. Security Considerations .......................................28
   13. IANA Considerations ...........................................28
   14. Acknowledgments ...............................................29
   15. References ....................................................29
      15.1. Normative References .....................................29
      15.2. Informative References ...................................30
        
1. Introduction
1. 介绍

The IPFIX architectural components in [RFC5470] consist of IPFIX Devices and IPFIX Collectors communicating using the IPFIX protocol [RFC7011], which specifies how to export IP Flow information. This protocol is designed to export information about IP traffic Flows and related measurement data, where a Flow is defined by a set of key attributes (e.g., source and destination IP address, source and destination port, etc.).

[RFC5470]中的IPFIX体系结构组件包括使用IPFIX协议[RFC7011]进行通信的IPFIX设备和IPFIX收集器,该协议指定了如何导出IP流信息。该协议旨在导出有关IP流量和相关测量数据的信息,其中流量由一组关键属性(例如,源和目标IP地址、源和目标端口等)定义。

However, thanks to its Template mechanism, the IPFIX protocol can export any type of information, as long as the relevant Information Element is specified in the IPFIX Information Model [RFC7012],

但是,由于其模板机制,IPFIX协议可以导出任何类型的信息,只要在IPFIX信息模型[RFC7012]中指定了相关的信息元素,

registered with IANA, or specified as an enterprise-specific Information Element. The IPFIX protocol [RFC7011] was not originally written with IPFIX Mediators in mind. Therefore, the IPFIX protocol must be adapted for Intermediate Processes, as defined in the IPFIX Mediation Reference Model as specified in Figure A of [RFC6183], which is based on the IPFIX Mediation Problem Statement [RFC5982].

在IANA注册,或指定为企业特定信息元素。IPFIX协议[RFC7011]最初编写时没有考虑IPFIX中介。因此,IPFIX协议必须适用于中间进程,如[RFC6183]图A中指定的IPFIX中介参考模型所定义,该模型基于IPFIX中介问题陈述[RFC5982]。

This document specifies the IP Flow Information Export (IPFIX) protocol in the context of the implementation and deployment of IPFIX Mediators. The use of the IPFIX protocol within an IPFIX Mediator -- a device that contains both a Collecting Process and an Exporting Process -- has an impact on the technical details of the usage of the protocol. An overview of the technical problem is covered in Section 6 of [RFC5982]: loss of original Exporter information, loss of base time information, transport sessions management, loss of Options Template Information, Template Id management, considerations for network topology, IPFIX mediation interpretation, and considerations for aggregation.

本文档在IPFIX中介的实现和部署上下文中指定了IP流信息导出(IPFIX)协议。在IPFIX中介(一个同时包含收集进程和导出进程的设备)中使用IPFIX协议会影响协议使用的技术细节。[RFC5982]第6节概述了技术问题:原始导出器信息丢失、基本时间信息丢失、传输会话管理、选项模板信息丢失、模板Id管理、网络拓扑注意事项、IPFIX中介解释和聚合注意事项。

The specifications in this document are based on the IPFIX protocol specifications [RFC7011], but they are adapted according to the IPFIX Mediation Framework [RFC6183].

本文档中的规范基于IPFIX协议规范[RFC7011],但根据IPFIX中介框架[RFC6183]进行了调整。

1.1. IPFIX Documents Overview
1.1. IPFIX文档概述

The IPFIX protocol [RFC7011] provides network administrators with access to IP Flow information.

IPFIX协议[RFC7011]为网络管理员提供了访问IP流信息的权限。

The architecture for the export of measured IP Flow information out of an IPFIX Exporting Process to a Collecting Process is defined in the IPFIX Architecture [RFC5470], per the requirements defined in the IPFIX Requirements document, [RFC3917].

根据IPFIX需求文件[RFC3917]中定义的要求,IPFIX体系结构[RFC5470]中定义了将测量的IP流信息从IPFIX导出过程导出到收集过程的体系结构。

The IPFIX Architecture [RFC5470] specifies how IPFIX Data Records and Templates are carried via a congestion-aware transport protocol from IPFIX Exporting Processes to IPFIX Collecting Processes.

IPFIX体系结构[RFC5470]指定如何通过拥塞感知传输协议将IPFIX数据记录和模板从IPFIX导出进程传送到IPFIX收集进程。

   IPFIX has a formal description of IPFIX Information Elements, their
   names, types, and additional semantic information, as specified in
   the IPFIX Information Model [RFC7012].  The IPFIX Information Element
   registry [IANA-IPFIX] is maintained by IANA.  New Information Element
   definitions can be added to this registry subject to an Expert Review
   [RFC5226], with additional process considerations described in
   [RFC7013]; that document also provides guidelines for authors and
   reviewers of new Information Element definitions.  The inline export
   of the Information Element type information is specified in
   [RFC5610].
        
   IPFIX has a formal description of IPFIX Information Elements, their
   names, types, and additional semantic information, as specified in
   the IPFIX Information Model [RFC7012].  The IPFIX Information Element
   registry [IANA-IPFIX] is maintained by IANA.  New Information Element
   definitions can be added to this registry subject to an Expert Review
   [RFC5226], with additional process considerations described in
   [RFC7013]; that document also provides guidelines for authors and
   reviewers of new Information Element definitions.  The inline export
   of the Information Element type information is specified in
   [RFC5610].
        

The IPFIX Applicability Statement [RFC5472] describes what type of applications can use the IPFIX protocol and how they can use the information provided. It furthermore shows how the IPFIX framework relates to other architectures and frameworks.

IPFIX适用性声明[RFC5472]描述了什么类型的应用程序可以使用IPFIX协议以及它们如何使用提供的信息。它还展示了IPFIX框架与其他体系结构和框架的关系。

1.2. IPFIX Mediator Documents Overview
1.2. IPFIX中介文件概述

"IP Flow Information Export (IPFIX) Mediation: Problem Statement" [RFC5982] provides an overview of the applicability of IPFIX Mediators and defines requirements for IPFIX Mediators in general terms. This document is of use largely to define the problems to be solved through the deployment of IPFIX Mediators and to provide scope to the role of IPFIX Mediators within an IPFIX collection infrastructure.

“IP流信息导出(IPFIX)中介:问题陈述”[RFC5982]概述了IPFIX中介的适用性,并定义了IPFIX中介的一般要求。本文档主要用于定义要通过部署IPFIX中介来解决的问题,并提供IPFIX中介在IPFIX收集基础架构中的作用范围。

"IP Flow Information Export (IPFIX) Mediation: Framework" [RFC6183], which details the IPFIX Mediation reference model and the components of an IPFIX Mediator, provides more architectural details of the arrangement of Intermediate Processes within an IPFIX Mediator.

“IP流信息导出(IPFIX)中介:框架”[RFC6183]详细介绍了IPFIX中介参考模型和IPFIX中介的组件,提供了IPFIX中介中中间进程安排的更多体系结构细节。

Documents specifying the operations of specific Intermediate Processes cover the operation of these Processes within the IPFIX Mediator framework and comply with the specifications given in this document; additionally, they may specify the operation of the process independently, outside the context of an IPFIX Mediator, when this is appropriate. The details of specific Intermediate Processes, when they have additional export specifications (e.g., metadata about the intermediate processing conveyed through IPFIX Options Templates), are each addressed in their own document. As of today, these documents are:

指定特定中间过程操作的文件涵盖IPFIX中介框架内这些过程的操作,并符合本文件中给出的规范;此外,如果合适,它们可以在IPFIX中介的上下文之外独立指定流程的操作。特定中间过程的详细信息,如果它们有额外的导出规范(例如,关于通过IPFIX选项模板传递的中间处理的元数据),则在各自的文档中进行说明。截至今天,这些文件是:

1. "IP Flow Anonymization Support", [RFC6235], which describes anonymization techniques for IP flow data and the export of anonymized data using the IPFIX protocol.

1. “IP流匿名化支持”[RFC6235],描述了IP流数据的匿名化技术以及使用IPFIX协议导出匿名化数据。

2. "Flow Selection Techniques" [RFC7014], which describes the process of selecting a subset of Flows from all Flows observed at an Observation Point, the flow selection motivations, and some specific flow selection techniques.

2. “流量选择技术”[RFC7014],描述了从观测点观察到的所有流量中选择流量子集的过程、流量选择动机和一些特定流量选择技术。

3. "Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol" [RFC7015], which describes Aggregated Flow export within the framework of IPFIX Mediators and defines an interoperable, implementation-independent method for Aggregated Flow export.

3. “IP流信息导出(IPFIX)协议的流聚合”[RFC7015],它描述了IPFIX中介框架内的聚合流导出,并定义了用于聚合流导出的可互操作、独立于实现的方法。

This document specifies the IP Flow Information Export (IPFIX) protocol specific to Mediation, to which all Intermediate Processes must comply. Some extra specifications might be required per Intermediate Process type (in which case, the document specific to the Intermediate Process would apply).

本文档指定了特定于中介的IP流信息导出(IPFIX)协议,所有中间进程都必须遵守该协议。每个中间过程类型可能需要一些额外的规范(在这种情况下,将应用特定于中间过程的文档)。

1.3. Relationship with the IPFIX and PSAMP Protocols
1.3. 与IPFIX和PSAMP协议的关系

The specification in this document is based on the IPFIX protocol specification [RFC7011]. All specifications from [RFC7011] apply unless specified otherwise in this document.

本文档中的规范基于IPFIX协议规范[RFC7011]。除非本文件另有规定,否则[RFC7011]中的所有规范均适用。

As the Packet Sampling (PSAMP) protocol specifications [RFC5476] are based on the IPFIX protocol specifications, the specifications in this document are also valid for the PSAMP protocol. Therefore, the method specified by this document also applies to PSAMP.

由于数据包采样(PSAMP)协议规范[RFC5476]基于IPFIX协议规范,因此本文档中的规范也适用于PSAMP协议。因此,本文件规定的方法也适用于PSAMP。

2. Terminology
2. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照[RFC2119]中的说明进行解释。

IPFIX-specific terms, such as Observation Domain, Flow, Flow Key, Metering Process, Exporting Process, Exporter, IPFIX Device, Collecting Process, Collector, Template, IPFIX Message, Message Header, Template Record, Data Record, Options Template Record, Set, Data Set, Information Element, Scope and Transport Session, used in this document are defined in [RFC7011]. The PSAMP-specific terms used in this document, such as Filtering and Sampling, are defined in [RFC5476].

IPFIX特定术语,如观察域、流、流密钥、计量过程、导出过程、导出器、IPFIX设备、采集过程、收集器、模板、IPFIX消息、消息头、模板记录、数据记录、选项模板记录、集合、数据集、信息元素、范围和传输会话,本文件中使用的定义见[RFC7011]。本文件中使用的PSAMP特定术语,如过滤和采样,在[RFC5476]中定义。

IPFIX Mediation terms related to aggregation, such as the Interval, Aggregated Flow and Aggregated Function, are defined in [RFC7015].

[RFC7015]中定义了与聚合相关的IPFIX中介术语,如间隔、聚合流和聚合函数。

The terminology specific to IPFIX Mediation that is used in this document is defined in "IP Flow Information Export (IPFIX) Mediation: Problem Statement" [RFC5982] and reused in "IP Flow Information Export (IPFIX) Mediation: Framework" [RFC6183]. However, since both of those documents are Informational RFCs, the definitions have been reproduced and elaborated on here.

本文档中使用的特定于IPFIX中介的术语在“IP流信息导出(IPFIX)中介:问题声明”[RFC5982]中定义,并在“IP流信息导出(IPFIX)中介:框架”[RFC6183]中重用。然而,由于这两份文件都是信息性RFC,因此此处对定义进行了复制和详细阐述。

Similarly, since [RFC6235] is an Experimental RFC, the Anonymization Record, Anonymized Data Record, and Intermediate Anonymization Process terms, specified in [RFC6235], are also reproduced here.

类似地,由于[RFC6235]是实验性RFC,因此这里也再现了[RFC6235]中规定的匿名化记录、匿名化数据记录和中间匿名化过程术语。

In this document, as in [RFC7011], [RFC5476], [RFC7015], and [RFC6235], the first letter of each IPFIX-specific and PSAMP-specific term is capitalized along with the IPFIX Mediation-specific term defined here.

在本文件中,与[RFC7011]、[RFC5476]、[RFC7015]和[RFC6235]中一样,每个特定于IPFIX和PSAMP的术语的首字母与此处定义的特定于IPFIX中介的术语一起大写。

In this document, we call a stream of records carrying flow- or packet-based information a "record stream". The records may be encoded as IPFIX Data Records or any other format.

在本文中,我们将承载基于流或包的信息的记录流称为“记录流”。记录可以编码为IPFIX数据记录或任何其他格式。

Transport Session: The Transport Session is specified in [RFC7011]. In Stream Control Transmission Protocol (SCTP), the Transport Session information is the SCTP association. In TCP and UDP, the Transport Session information corresponds to a 5-tuple {Exporter IP address, Collector IP address, Exporter transport port, Collector transport port, transport protocol}.

传输会话:传输会话在[RFC7011]中指定。在流控制传输协议(SCTP)中,传输会话信息是SCTP关联。在TCP和UDP中,传输会话信息对应于5元组{导出器IP地址、收集器IP地址、导出器传输端口、收集器传输端口、传输协议}。

Original Exporter: An Original Exporter is the source from which a Mediator receives its record stream. For simple IPFIX mediation without protocol conversion, this is an IPFIX Device that hosts the Observation Points where the metered IP packets are observed.

原始导出器:原始导出器是中介从中接收其记录流的源。对于没有协议转换的简单IPFIX中介,这是一个IPFIX设备,它承载观测点,在那里观测到计量的IP数据包。

Original Observation Point: An Observation Point on a Metering Process associated with the Original Exporter. In the case of the Intermediate Aggregation Process on an IPFIX Mediator, the Original Observation Point can be composed of, but not limited to, a (set of) specific Exporter(s), a (set of) specific interface(s) on an Exporter, a (set of) line card(s) on an Exporter, or any combinations of these.

原始观察点:与原始导出器关联的计量过程上的观察点。对于IPFIX中介上的中间聚合过程,原始观察点可以由(但不限于)特定导出器的(一组)、导出器上的(一组)特定接口、导出器上的(一组)线路卡或这些的任意组合组成。

IPFIX Mediation: IPFIX Mediation is the manipulation and conversion of a record stream for subsequent export using the IPFIX protocol.

IPFIX中介:IPFIX中介是使用IPFIX协议操纵和转换记录流以进行后续导出。

Template Mapping: A mapping from Template Records and/or Options Template Records received by an IPFIX Mediator to Template Records and/or Options Template Records sent by that IPFIX Mediator. Each entry in a Template Mapping is scoped by incoming or outgoing Transport Session and Observation Domain, as with Templates and Options Templates in the IPFIX Protocol.

模板映射:从IPFIX中介接收的模板记录和/或选项模板记录到该IPFIX中介发送的模板记录和/或选项模板记录的映射。与IPFIX协议中的模板和选项模板一样,模板映射中的每个条目都受传入或传出传输会话和观察域的限制。

Anonymization Record: A record that defines the properties of the anonymization applied to a single Information Element within a single Template or Options Template, as in [RFC6235].

匿名化记录:定义应用于单个模板或选项模板中单个信息元素的匿名化属性的记录,如[RFC6235]。

Anonymized Data Record: A Data Record within a Data Set containing at least one Information Element with anonymized values. The Information Element(s) within the Template or Options Template describing this Data Record SHOULD have a corresponding Anonymization Record, as in [RFC6235].

匿名数据记录:数据集中的数据记录,包含至少一个具有匿名值的信息元素。模板或选项模板中描述此数据记录的信息元素应具有相应的匿名记录,如[RFC6235]所示。

The following terms are used in this document to describe the architectural entities used by IPFIX Mediation.

本文档中使用以下术语来描述IPFIX中介使用的体系结构实体。

Intermediate Process: An Intermediate Process takes a record stream as its input from Collecting Processes, Metering Processes, IPFIX File Readers, other Intermediate Processes, or other record sources; performs some transformations on this stream, based upon the content of each record, states maintained across multiple records, or other data sources; and passes the transformed record stream as its output to Exporting Processes, IPFIX File Writers, or other Intermediate Processes, in order to perform IPFIX Mediation. Typically, an Intermediate Process is hosted by an IPFIX Mediator. Alternatively, an Intermediate Process may be hosted by an Original Exporter.

中间进程:中间进程从收集进程、计量进程、IPFIX文件读取器、其他中间进程或其他记录源获取记录流作为其输入;根据每个记录的内容、跨多个记录维护的状态或其他数据源在此流上执行一些转换;并将转换后的记录流作为其输出传递给导出进程、IPFIX文件编写器或其他中间进程,以便执行IPFIX中介。通常,中间进程由IPFIX中介托管。或者,中间过程可以由原始导出器托管。

IPFIX Mediator: An IPFIX Mediator is an IPFIX Device that provides IPFIX Mediation by receiving a record stream from some data sources, hosting one or more Intermediate Processes to transform that stream, and exporting the transformed record stream into IPFIX Messages via an Exporting Process. In the common case, an IPFIX Mediator receives a record stream from a Collecting Process, but it could also receive a record stream from data sources not encoded using IPFIX, e.g., in the case of conversion from the NetFlow V9 protocol [RFC3954] to IPFIX protocol.

IPFIX中介器:IPFIX中介器是一种IPFIX设备,它通过从某些数据源接收记录流、承载一个或多个中间进程来转换该流,并通过导出进程将转换后的记录流导出为IPFIX消息来提供IPFIX中介。在常见情况下,IPFIX中介从收集进程接收记录流,但也可以从未使用IPFIX编码的数据源接收记录流,例如,在从NetFlow V9协议[RFC3954]转换为IPFIX协议的情况下。

Specific Intermediate Processes are described below.

具体的中间过程如下所述。

Intermediate Conversion Process (as in [RFC6183]): An Intermediate Conversion Process is an Intermediate Process that transforms non-IPFIX into IPFIX or manages the relation among Templates and states of incoming/outgoing Transport Sessions in the case of transport protocol conversion (e.g., from UDP to SCTP).

中间转换过程(如[RFC6183]):中间转换过程是在传输协议转换(如从UDP到SCTP)的情况下,将非IPFIX转换为IPFIX或管理传入/传出传输会话的模板和状态之间的关系的中间过程。

Intermediate Aggregation Process (as in [RFC7015]): an Intermediate Process (IAP), as in [RFC6183], that aggregates records, based upon a set of Flow Keys or functions applied to fields from the record.

中间聚合过程(如[RFC7015]):一种中间过程(IAP),如[RFC6183]中所述,它基于应用于记录字段的一组流键或函数来聚合记录。

Intermediate Correlation Process (as in [RFC6183]): An Intermediate Correlation Process is an Intermediate Process that adds information to records, noting correlations among them, or generates new records with correlated data from multiple records (e.g., the production of bidirectional flow records from unidirectional flow records).

中间关联过程(如[RFC6183]中所述):中间关联过程是一种中间过程,它向记录中添加信息,注意记录之间的关联,或使用多个记录中的相关数据生成新记录(例如,从单向流记录生成双向流记录)。

Intermediate Anonymization Process (as in [RFC6235]): An intermediate process that takes Data Records and transforms them into Anonymized Data Records.

中间匿名化过程(如[RFC6235]):一种中间过程,用于获取数据记录并将其转换为匿名数据记录。

Intermediate Selection Process (as in [RFC6183]): An Intermediate Selection Process is an Intermediate Process that selects records from a sequence based upon criteria-evaluated record values and passes only those records that match the criteria (e.g., Filtering only records from a given network to a given Collector).

中间选择过程(如[RFC6183]中所述):中间选择过程是一个中间过程,它根据标准评估的记录值从序列中选择记录,并仅传递符合标准的记录(例如,仅过滤来自给定网络的记录到给定收集器)。

Intermediate Flow Selection Process (as in [RFC7014]: An Intermediate Flow Selection Process is an Intermediate Process, as in [RFC6183] that takes Flow Records as its input and selects a subset of this set as its output. The Intermediate Flow Selection Process is a more general concept than the Intermediate Selection Process as defined in [RFC6183]. While an Intermediate Selection Process selects Flow Records from a sequence based upon criteria-evaluated Flow record values and only passes on those Flow Records that match the criteria, an Intermediate Flow Selection Process selects Flow Records using selection criteria applicable to a larger set of Flow characteristics and information.

中间流选择过程(如[RFC7014]中所述):中间流选择过程是一个中间过程,如[RFC6183]中所述,它以流记录作为输入,并选择该集合的子集作为输出。中间流选择过程是一个比中定义的中间选择过程更一般的概念[RFC6183].中间选择过程根据标准评估的流量记录值从序列中选择流量记录,并仅传递符合标准的流量记录,而中间流量选择过程使用适用于更大流量特征和信息集的选择标准选择流量记录。

Note: for more information on the difference between Intermediate Flow Selection Process and Intermediate Selection Process, see Section 4 in [RFC7014].

注:有关中间流选择过程和中间选择过程之间差异的更多信息,请参阅[RFC7014]中的第4节。

3. Handling IPFIX Message Headers
3. 处理IPFIX消息头

The format of the IPFIX Message Header as exported by an IPFIX Mediator is shown in Figure 1. This is identical to the format defined for IPFIX in [RFC7011], though Export Time and Observation Domain ID may be handled differently at certain Mediators, as noted below.

IPFIX中介导出的IPFIX消息头的格式如图1所示。这与[RFC7011]中为IPFIX定义的格式相同,尽管导出时间和观察域ID在某些中介中的处理方式可能不同,如下所述。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             Version           |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           Export Time                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Sequence Number                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Observation Domain ID                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             Version           |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           Export Time                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Sequence Number                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Observation Domain ID                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Figure 1: IPFIX Message Header format

图1:IPFIX消息头格式

The header fields as exported by an IPFIX Mediator are described below.

IPFIX中介导出的头字段如下所述。

Version:

版本:

Version of IPFIX to which this Message conforms. The value of this field is 0x000a for the current version, incrementing by one the version used in the NetFlow services export version 9 [RFC3954].

此消息所符合的IPFIX版本。对于当前版本,此字段的值为0x000a,将NetFlow服务导出版本9[RFC3954]中使用的版本增加1。

Length:

长度:

Total length of the IPFIX Message, measured in octets, including Message Header and Set(s).

IPFIX消息的总长度,以八位字节为单位,包括消息头和集合。

Export Time:

导出时间:

Time at which the IPFIX Message Header leaves the IPFIX Mediator, expressed in seconds since the UNIX epoch of 1 January 1970 at 00:00 UTC, encoded as an unsigned 32-bit integer.

IPFIX消息头离开IPFIX中介程序的时间,以秒为单位表示,自1970年1月1日UTC 00:00的UNIX纪元起,编码为无符号32位整数。

However, in the specific case of an IPFIX Mediator containing an Intermediate Conversion Process, the IPFIX Mediator MAY use the export time received from the incoming Transport Session.

但是,在包含中间转换过程的IPFIX中介的特定情况下,IPFIX中介可以使用从传入传输会话接收的导出时间。

Sequence Number:

序列号:

Incremental sequence counter modulo 2^32 of all IPFIX Data Records sent in the current stream from the current Observation Domain by the Exporting Process. Each SCTP Stream counts sequence numbers separately, while all messages in a TCP connection or UDP Transport Session are considered to be part of the same stream. This value can be used by the Collecting Process to identify whether any IPFIX Data Records have been missed. Template and Options Template Records do not increase the Sequence Number.

增量序列计数器,以导出进程从当前观测域在当前流中发送的所有IPFIX数据记录的2^32为模。每个SCTP流分别统计序列号,而TCP连接或UDP传输会话中的所有消息都被视为同一流的一部分。收集过程可以使用此值来确定是否丢失了任何IPFIX数据记录。模板和选项模板记录不会增加序列号。

Observation Domain ID:

观察域ID:

A 32-bit identifier of the Observation Domain that is locally unique to the Exporting Process. The Exporting Process uses the Observation Domain ID to uniquely identify to the Collecting Process the Observation Domain that metered the Flows. It is RECOMMENDED that this identifier also be unique per IPFIX Device. Collecting Processes can use the Transport Session and the Observation Domain ID field to separate different export streams originating from the same Exporter. The Observation Domain ID is set to 0 when no specific Observation Domain ID is relevant for

观察域的32位标识符,在本地对导出进程是唯一的。导出进程使用观察域ID向收集进程唯一标识测量流的观察域。建议每个IPFIX设备的此标识符也是唯一的。收集进程可以使用传输会话和观察域ID字段来分离来自同一导出器的不同导出流。当没有特定的观察域ID与之相关时,观察域ID设置为0

the entire IPFIX Message, for example, when exporting the Exporting Process Statistics, or in case of a hierarchy of Collectors when aggregated Data Records are exported.

整个IPFIX消息,例如,在导出导出过程统计信息时,或者在导出聚合数据记录时,在收集器层次结构的情况下。

See Section 4.1 for special considerations for Observation Domain management while passing unmodified templates through an IPFIX Mediator, and Section 5 for guidelines for preservation of original Observation Domain information at an IPFIX Mediator.

请参见第4.1节,了解通过IPFIX中介传递未修改模板时观察域管理的特殊注意事项,以及第5节,了解IPFIX中介保存原始观察域信息的指南。

The following specifications, copied over from [RFC7011] have some implications in this document:

从[RFC7011]复制的以下规范在本文件中有一些含义:

Template Withdrawals MAY appear interleaved with Template Sets, Options Template Sets, and Data Sets within an IPFIX Message. In this case, the Templates and Template Withdrawals shall be interpreted as taking effect in the order in which they appear in the IPFIX Message.

模板提取可能与IPFIX消息中的模板集、选项模板集和数据集交错出现。在这种情况下,模板和模板撤回应按照其在IPFIX消息中出现的顺序解释为生效。

If an IPFIX Mediator receives an IPFIX Message composed of Template Withdrawals and Template Sets, and if the IPFIX Mediator forwards this IPFIX Message, it MUST NOT modify the Set order. If an IPFIX Mediator receives IPFIX Messages composed of Template Withdrawals and Template Sets, and if the IPFIX Mediator forwards these IPFIX Messages, it MUST NOT modify the IPFIX Message order. Note that the Template Mapping (see Section 4.1) is the authoritative source of information on the IPFIX Mediator to decide whether the entire IPFIX Messages can be forwarded as such.

如果IPFIX中介接收到由模板提取和模板集组成的IPFIX消息,并且如果IPFIX中介转发此IPFIX消息,则不得修改设置顺序。如果IPFIX中介接收由模板提取和模板集组成的IPFIX消息,并且如果IPFIX中介转发这些IPFIX消息,则不得修改IPFIX消息顺序。请注意,模板映射(参见第4.1节)是IPFIX中介的权威信息源,用于决定是否可以转发整个IPFIX消息。

4. Template Management
4. 模板管理

How an IPFIX Mediator handles the Templates it receives from the Original Exporter depends entirely on the nature of the Intermediate Process running on that IPFIX Mediator. There are two cases here:

IPFIX中介器如何处理从原始导出器接收的模板完全取决于在该IPFIX中介器上运行的中间进程的性质。这里有两种情况:

1. IPFIX Mediators that pass substantially the same Data Records from the Original Exporter downstream (e.g., an Intermediate Selection Process), pass unmodified Templates as described in Section 4.1; this section describes a Template Mapping required to make this work in the general case, and the correlation between the received and generated IPFIX Message Withdrawals.

1. IPFIX中介从原始出口商下游传递基本相同的数据记录(例如,中间选择过程),传递未修改的模板,如第4.1节所述;本节描述了在一般情况下执行此操作所需的模板映射,以及接收到的和生成的IPFIX消息撤回之间的相关性。

2. IPFIX Mediators that export Data Records that are substantially changed from the Data Records received from the Original Exporter follow the guidelines in Section 4.2 instead: in this case, the IPFIX Mediator generates new (Options) Template Records as a result of the Intermediate Process, and no Template Mapping is required.

2. 导出从原始导出器接收的数据记录发生重大更改的数据记录的IPFIX中介器遵循第4.2节中的指导原则:在这种情况下,IPFIX中介器通过中间过程生成新的(选项)模板记录,无需模板映射。

Subsequent subsections deal with specific issues in Template management that may occur at IPFIX Mediators.

随后的小节将讨论在IPFIX中介中可能出现的模板管理中的特定问题。

4.1. Passing Unmodified Templates through an IPFIX Mediator
4.1. 通过IPFIX中介传递未修改的模板

For some Intermediate Processes, the IPFIX Mediator doesn't modify the (Options) Template Record(s) content. A typical example is an Intermediate Flow Selection Process acting as distributor, which collects Flow Records from one or more Exporters, and based on the content of the Information Elements, redirects the Flow Records to the appropriate Collector. This example is a typical case of a single network operation center managing multiple universities: a unique IPFIX Collector collects all Flow Records for the common infrastructure, but might be re-exporting specific university Flow Records to the responsible system administrator.

对于某些中间进程,IPFIX中介程序不会修改(选项)模板记录内容。一个典型的例子是充当分发服务器的中间流选择过程,它从一个或多个导出器收集流记录,并根据信息元素的内容将流记录重定向到适当的收集器。此示例是单个网络运营中心管理多所大学的典型案例:唯一的IPFIX收集器收集公共基础结构的所有流量记录,但可能会将特定的大学流量记录重新导出给负责的系统管理员。

As specified in [RFC7011], the Template IDs are unique per Exporter, per Transport Session, and per Observation Domain. As there is no guarantee that, for similar Template Records, the Template IDs received on the incoming Transport Session and exported to the outgoing Transport Session would be same, the IPFIX Mediator MUST maintain a Template Mapping composed of related received and exported (Options) Template Records:

如[RFC7011]所述,每个导出器、每个传输会话和每个观察域的模板ID都是唯一的。由于无法保证,对于类似的模板记录,在传入传输会话上接收并导出到传出传输会话的模板ID是相同的,因此IPFIX中介必须维护由相关的接收和导出(选项)模板记录组成的模板映射:

o for each received (Options) Template Record: Template Record Information Elements, Template ID, Observation Domain ID, and Transport Session information, metadata scoped to the Template (*)

o 对于每个接收到的(选项)模板记录:模板记录信息元素、模板ID、观察域ID和传输会话信息、模板(*)范围内的元数据

o for each exported (Options) Template Record: Template Record Information Elements, Template ID, Collector, Observation Domain ID, and Transport Session information metadata scoped to the Template (*)

o 对于每个导出的(选项)模板记录:模板记录信息元素、模板ID、收集器、观察域ID和范围为模板(*)的传输会话信息元数据

(*) The "metadata scoped to the Template" encompasses the metadata, that are scoped to the Template, and that help to determine the semantics of the Template Record. Note that these metadata are typically sent in Data Records described by an Options Template. An example is the flowKeyIndicator. An IPFIX Mediator could potentially receive two different Template IDs, from the same Exporter, with the same Information Elements, but with a different set of Flow Keys (indicated by the flowKeyIndicator in an Options Template Record). Another example is the combination of anonymizationFlags and anonymizationTechnique [RFC6235]). This metadata information must be present in the Template Mapping, to stress that the two Template Record semantics are different.

(*)“元数据作用于模板”包含元数据,其作用于模板,并有助于确定模板记录的语义。请注意,这些元数据通常在选项模板描述的数据记录中发送。flowKeyIndicator就是一个例子。IPFIX中介可能会从同一导出器接收两个不同的模板ID,它们具有相同的信息元素,但具有不同的流键集(由选项模板记录中的flowKeyIndicator指示)。另一个例子是匿名标志和匿名技术[RFC6235]的组合。此元数据信息必须存在于模板映射中,以强调两个模板记录语义不同。

If an IPFIX Mediator receives an IPFIX Withdrawal Message for a (Options) Template Record that is not used anymore in any other Template Mappings, the IPFIX Mediator SHOULD export the appropriate IPFIX Withdrawal Message(s) on the outgoing Transport Session and remove the corresponding entry in the Template Mapping.

如果IPFIX中介收到(选项)模板记录的IPFIX撤回消息,而该记录在任何其他模板映射中都不再使用,则IPFIX中介应在传出传输会话上导出相应的IPFIX撤回消息,并删除模板映射中的相应条目。

If a (Options) Template Record is not used anymore in an outgoing Transport Session, it MUST be withdrawn with an IPFIX Template Withdrawal Message on that specific outgoing Transport Session, and its entry, MUST be removed from the Template Mapping.

如果(选项)模板记录不再在传出传输会话中使用,则必须使用该特定传出传输会话上的IPFIX模板撤回消息将其撤回,并且必须从模板映射中删除其条目。

If an incoming or outgoing Transport Session is gracefully shut down or reset, the (Options) Template Records corresponding to that Transport Session MUST be removed from the Template Mapping.

如果传入或传出传输会话正常关闭或重置,则必须从模板映射中删除与该传输会话对应的(选项)模板记录。

For example, Figure 2 displays an example of an Intermediate Flow Selection Process, redistributing Data Records to Collectors on the basis of customer networks, i.e., the Route Distinguisher (RD). In this example, the Template Record received from the Exporter #1 is reused towards Collector #1, Collector #2, and Collector #3, for the customer #1, customer #2, and customer #3, respectively. In this example, the outgoing Template Records exported to the different Collectors are identical. As a reminder that the Template ID uniqueness is local to the Transport Session and Observation Domain that generated the Template ID, a mix of Template ID 256 and 257 has been used.

例如,图2显示了一个中间流选择过程的示例,该过程基于客户网络(即路由识别器(RD))将数据记录重新分发给收集器。在本例中,从导出器1接收到的模板记录分别对客户1、客户2和客户3的收集器1、收集器2和收集器3重复使用。在此示例中,导出到不同收集器的传出模板记录是相同的。提醒您,模板ID唯一性是生成模板ID的传输会话和观察域的本地唯一性,使用了模板ID 256和257的混合。

                                               .---------.
                                   Tmpl.       |         |
                                   ID    .---->|Collector|<==>Customer 1
                                   256   |     |   #1    |
                                         |     |         |
                                      RD=100:1 '---------'
         .--------.        .--------.    |
         |        | Tmpl.  |        |----'
         |        | Id     |        |          .---------.
         |        | 258    |        | RD=100:2 |         |
         | IPFIX  |------->| IPFIX  |--------->|Collector|<==>Customer 2
         |Exporter|        |Mediator| Tmpl.    |   #2    |
         |   #1   |        |        | ID 257   |         |
         |        |        |        |          '---------'
         |        |        |        |----.
         '--------'        '--------'    |
                                      RD=100:3
                                         |     .---------.
                                   Tmpl. |     |         |
                                   ID    '---->|Collector|<==>Customer 3
                                   257         |   #3    |
                                               |         |
                                               '---------'
        
                                               .---------.
                                   Tmpl.       |         |
                                   ID    .---->|Collector|<==>Customer 1
                                   256   |     |   #1    |
                                         |     |         |
                                      RD=100:1 '---------'
         .--------.        .--------.    |
         |        | Tmpl.  |        |----'
         |        | Id     |        |          .---------.
         |        | 258    |        | RD=100:2 |         |
         | IPFIX  |------->| IPFIX  |--------->|Collector|<==>Customer 2
         |Exporter|        |Mediator| Tmpl.    |   #2    |
         |   #1   |        |        | ID 257   |         |
         |        |        |        |          '---------'
         |        |        |        |----.
         '--------'        '--------'    |
                                      RD=100:3
                                         |     .---------.
                                   Tmpl. |     |         |
                                   ID    '---->|Collector|<==>Customer 3
                                   257         |   #3    |
                                               |         |
                                               '---------'
        

Figure 2: Intermediate Flow Selection Process Example

图2:中间流选择过程示例

Figure 3 shows the Template Mapping for the system shown in Figure 2.

图3显示了图2中所示系统的模板映射。

   +-----------------------------------------------------------------+
   | Template Entry A:                                               |
   | Incoming Transport Session information (from Exporter#1):       |
   |   Source IP: <Exporter#1 export IP address>                     |
   |   Destination IP: <IPFIX Mediator IP address>                   |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 258                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry B:                                               |
   | Outgoing Transport Session information (to Collector#1):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#1 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 256                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry C:                                               |
   | Outgoing Transport Session information (to Collector#2):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#2 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 257                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry D:                                               |
   | Outgoing Transport Session information (to Collector#3):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#3 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 257                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   +-----------------------------------------------------------------+
        
   +-----------------------------------------------------------------+
   | Template Entry A:                                               |
   | Incoming Transport Session information (from Exporter#1):       |
   |   Source IP: <Exporter#1 export IP address>                     |
   |   Destination IP: <IPFIX Mediator IP address>                   |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 258                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry B:                                               |
   | Outgoing Transport Session information (to Collector#1):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#1 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 256                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry C:                                               |
   | Outgoing Transport Session information (to Collector#2):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#2 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 257                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   |                                                                 |
   | Template Entry D:                                               |
   | Outgoing Transport Session information (to Collector#3):        |
   |   Source IP: <IPFIX Mediator IP address>                        |
   |   Destination IP: <IPFIX Collector#3 IP address>                |
   |   Protocol: SCTP                                                |
   |   Source Port: <source port>                                    |
   |   Destination Port: 4739 (IPFIX)                                |
   | Observation Domain ID: <Observation Domain ID>                  |
   | Template ID: 257                                                |
   | Metadata scoped to the Template : <not applicable in this case> |
   +-----------------------------------------------------------------+
        

Figure 3: Template Mapping Example: Templates

图3:模板映射示例:模板

The Template Mapping corresponding to Figure 3 is displayed in Figure 4:

图3对应的模板映射如图4所示:

   Template Entry A   <----> Template Entry B
   Template Entry A   <----> Template Entry C
   Template Entry A   <----> Template Entry D
        
   Template Entry A   <----> Template Entry B
   Template Entry A   <----> Template Entry C
   Template Entry A   <----> Template Entry D
        

Figure 4: Template Mapping Example: Mappings

图4:模板映射示例:映射

Alternatively, the Template Mapping may be optimized as in Figure 5:

或者,可以如图5所示优化模板映射:

                         +--> Template Entry B
                         |
   Template Entry A   <--+--> Template Entry C
                         |
                         +--> Template Entry D
        
                         +--> Template Entry B
                         |
   Template Entry A   <--+--> Template Entry C
                         |
                         +--> Template Entry D
        

Figure 5: Template Mapping Example 2: Mappings

图5:模板映射示例2:映射

Note that all examples use Transport Sessions based on the SCTP, as simplified use cases. However, the transport protocol would be important in situations such as an Intermediate Conversion Process doing transport protocol conversion.

注意,所有示例都使用基于SCTP的传输会话作为简化用例。然而,在诸如中间转换过程进行传输协议转换的情况下,传输协议将非常重要。

4.1.1. Template Mapping and Information Element Ordering
4.1.1. 模板映射与信息元素排序

In the situation where Original Exporters each export an (Options) Template Record to a single IPFIX Mediator, and the (Options) Template Record contains the same Information Elements, but in different order, should the IPFIX Mediator maintain a Template Mapping with a single Export Template Record (see Figure 6) or should the IPFIX Mediator maintain multiple independent Template Records (see Figure 7) before re-exporting to the Collector?

如果原始导出器将(选项)模板记录导出到单个IPFIX中介器,并且(选项)模板记录包含相同的信息元素,但顺序不同,那么IPFIX中介器是否应该使用单个导出模板记录维护模板映射(见图6)或者在重新导出到收集器之前,IPFIX中介应该维护多个独立的模板记录(参见图7)?

           Template Entry A   <--+
                                 |
           Template Entry B   <--+--> Template Entry D
                                 |
           Template Entry C   <--+
        
           Template Entry A   <--+
                                 |
           Template Entry B   <--+--> Template Entry D
                                 |
           Template Entry C   <--+
        

Figure 6: Template Mapping and Ordering: A single Export Template Record

图6:模板映射和排序:单个导出模板记录

           Template Entry A   <--+--> Template Entry D
        
           Template Entry A   <--+--> Template Entry D
        
           Template Entry B   <--+--> Template Entry E
        
           Template Entry B   <--+--> Template Entry E
        
           Template Entry C   <--+--> Template Entry F
        
           Template Entry C   <--+--> Template Entry F
        

Figure 7: Template Mapping and Ordering: Multiple Export Template Records

图7:模板映射和排序:多个导出模板记录

The answer depends on whether the order of the Information Elements implies some specific semantic. One of the guiding principles in IPFIX protocol specifications is that the semantic meaning of one Information Element doesn't depend on the value of any other Information Element. However, there is one noticeable exception, as mentioned in [RFC7011]:

答案取决于信息元素的顺序是否意味着某种特定的语义。IPFIX协议规范的指导原则之一是,一个信息元素的语义不依赖于任何其他信息元素的值。然而,正如[RFC7011]中提到的,有一个明显的例外:

Multiple Scope Fields MAY be present in the Options Template Record, in which case the composite scope is the combination of the scopes. For example, if the two scopes are meteringProcessId and templateId, the combined scope is this Template for this Metering Process. If a different order of Scope Fields would result in a Record having a different semantic meaning, then the order of Scope Fields MUST be preserved by the Exporting Process. For example, in the context of PSAMP [RFC5476], if the first scope defines the filtering function, while the second scope defines the sampling function, the order of the scope is important. Applying the sampling function first, followed by the filtering function, would lead to potentially different Data Records than applying the filtering function first, followed by the sampling function.

选项模板记录中可能存在多个范围字段,在这种情况下,复合范围是范围的组合。例如,如果这两个作用域是meteringProcessId和templateId,则组合的作用域就是此计量流程的此模板。如果范围字段的不同顺序会导致记录具有不同的语义,则导出过程必须保留范围字段的顺序。例如,在PSAMP[RFC5476]的上下文中,如果第一个作用域定义过滤函数,而第二个作用域定义采样函数,则作用域的顺序很重要。先应用采样函数,再应用过滤函数,可能会导致与先应用过滤函数,再应用采样函数可能不同的数据记录。

If an IPFIX Mediator receives, from multiple Exporters, Template Records with identical Information Elements, but ordered differently, it SHOULD consider those Template Records as identical, subject to metadata information in the associated Options Template (for example, the Flow Key Options Template, see Section 10.2).

如果IpFIX中介器从多个出口商接收具有相同信息元素的模板记录,但按不同顺序排序,则应将这些模板记录视为相同,受关联选项模板中的元数据信息的影响(例如,流密钥选项模板,见第10.2节)。

If an IPFIX Mediator receives, from multiple Exporters, Options Template Records with identical and ordered Information Elements in the Scope fields, and with identical Information Elements, but ordered differently, in the non-Scope fields, it SHOULD consider those Template Records as identical.

如果IpFIX中介器从多个出口商接收具有范围域中相同和有序的信息元素的选项模板记录,并且具有相同的信息元素,但顺序不同,则在非范围字段中,应该将这些模板记录视为相同。

If an IPFIX Mediator receives, from multiple Exporters, Options Template Records with identical Information Elements in the Scope field, but ones that are ordered differently, it MUST consider those Template Records as semantically different.

如果IpFIX中介器从多个出口商接收具有范围域中相同信息元素的选项模板记录,但不同顺序排序的记录模板记录必须将这些模板记录视为语义上不同的。

4.2. Creating New Templates at an IPFIX Mediator
4.2. 在IPFIX中介中创建新模板

For other Intermediate Processes, the IPFIX Mediator generates new (Options) Template Records as a result of the Intermediate Process.

对于其他中间进程,IPFIX中介程序将作为中间进程的结果生成新的(选项)模板记录。

In these cases, the IPFIX Mediator doesn't need to maintain a Template Mapping, as it generates its own series of (Options) Template Records. However, some special cases might still require a Template Mapping. Consider a situation where the IPFIX Mediator generates new (Options) Template Records based on what it receives from the Exporter(s) based on the Intermediate Process function: for example, an Intermediate Anonymization process that performs black-marker anonymization [RFC6235] on certain Information Elements. In such cases, it's important to keep the correlation between the received (Options) Template Records and derived (Options) Template Records in the Template Mapping. These Template Mappings would be kept as in Section 4.1, except that the exported Template would not be identical to the received Template.

在这些情况下,IPFIX中介不需要维护模板映射,因为它生成自己的一系列(选项)模板记录。但是,某些特殊情况可能仍然需要模板映射。考虑一种情况,其中IpFIX中介器基于中间进程函数从出口商接收的新的(选项)模板记录:例如,在某些信息元素上执行黑标记匿名化[RCF6265]的中间匿名化过程。在这种情况下,在模板映射中保持接收(选项)模板记录和派生(选项)模板记录之间的相关性非常重要。这些模板映射将如第4.1节所述保留,但导出的模板与接收的模板不同。

Similar to Exporting Processes in any Exporter, an IPFIX Mediator may use the technique for reducing redundancy in IPFIX described in [RFC5473].

与任何导出器中的导出过程类似,IPFIX中介可以使用[RFC5473]中描述的技术来减少IPFIX中的冗余。

4.3. Handling Unknown Information Elements
4.3. 处理未知信息元素

Depending on application requirements, Mediators that do not generate new Records SHOULD re-export values for unknown Information Elements, for which the Mediator does not have information about Information Element data type and semantics. However, as there may be presence or ordering dependencies among the unknown Information Elements, the Mediator MUST NOT omit fields from such re-exported Records or reorder any fields within the Records.

根据应用程序需求,不生成新记录的中介应该重新导出未知信息元素的值,因为中介没有关于信息元素数据类型和语义的信息。但是,由于未知信息元素之间可能存在存在或排序依赖关系,因此调解人不得从此类重新导出的记录中省略字段或对记录中的任何字段重新排序。

Mediators that generate new Records, as in Section 4.2, MUST ignore values of Information Elements they do not understand. If a Mediator passes values of Information Elements it does not understand (for example, when re-exporting Flow Records), it MUST pass them in the order in which they were originally received.

如第4.2节所述,生成新记录的中介必须忽略他们不了解的信息元素的值。如果中介传递它不理解的信息元素的值(例如,在重新导出流记录时),它必须按照最初接收它们的顺序传递它们。

In any case, Mediators handling unknown Information Elements SHOULD log this fact, as it is likely that mediation of records containing unknown values will have unintended consequences.

在任何情况下,处理未知信息元素的中介都应该记录这一事实,因为对包含未知值的记录进行中介很可能会产生意外的后果。

5. Preserving Original Observation Point Information
5. 保留原始观测点信息

Depending on the use case, the Collector in an Exporter/IPFIX Mediator/Collector structure (for example, tiered Mediators) may need to receive information about the Original Observation Point(s);

根据用例的不同,导出器/IPFIX中介器/收集器结构中的收集器(例如,分层中介器)可能需要接收有关原始观察点的信息;

otherwise, it may wrongly conclude that the IPFIX Device exporting the Flow Records, i.e., the IPFIX Mediator, directly observed the packets that generated the Flow Records. Two new Information Elements are introduced to address this use case: originalExporterIPv4Address and originalExporterIPv6Address. Practically, the Original Exporters will not be exporting these Information Elements. Therefore, the Intermediate Process will report the Original Observation Point(s) to the best of its knowledge. Note that the Configuration Data Model for IPFIX and PSAMP [RFC6728] may report the Original Exporter information out of band.

否则,它可能会错误地认为导出流记录的IPFIX设备,即IPFIX中介,直接观察到生成流记录的数据包。引入了两个新的信息元素来解决这个用例:originalExporterIPv4Address和originalExporterIPv6Address。实际上,原始出口商不会输出这些信息元素。因此,中间过程将尽其所知报告原始观测点。请注意,IPFIX和PSAMP[RFC6728]的配置数据模型可能会在带外报告原始导出器信息。

In the IPFIX Mediator, the Observation Point(s) may be represented by:

在IPFIX调解器中,观察点可表示为:

o A single Original Exporter (represented by the originalExporterIPv4Address or originalExporterIPv6Address Information Elements).

o 单个原始导出器(由originalExporterIPv4Address或originalExporterIPv6Address信息元素表示)。

o A list of Original Exporters (represented by a list of originalExporterIPv4Address or originalExporterIPv6Address Information Elements).

o 原始出口商列表(由OriginalAlexPorterIPV4Address或OriginalAlexPorterIPV6Address信息元素列表表示)。

o Any combination or list of Information Elements representing Observation Points. For example:

o 表示观测点的信息元素的任何组合或列表。例如:

* A list of Original Exporter interfaces (represented by the originalExporterIPv4Address or originalExporterIPv6Address, the ingressInterface, and/or egressInterface Information Elements, respectively).

* 原始导出器接口列表(分别由originalExporterIPv4Address或originalExporterIPv6Address、入口接口和/或出口接口信息元素表示)。

* A list of Original Exporter line card (represented by the originalExporterIPv4Address, originalExporterIPv6Address, or lineCardId Information Elements, respectively).

* 原始导出器线路卡的列表(分别由originalExporterIPv4Address、originalExporterIPv6Address或linecardd信息元素表示)。

Some Information Elements characterizing the Observation Point may be added. For example, the flowDirection Information Element specifies the direction of the observation, and, as such, characterizes the Observation Point.

可以添加一些表征观测点的信息元素。例如,flowDirection信息元素指定了观测的方向,并以此来表征观测点。

Any combination of the above representations is possible. An example of an Original Observation Point for an Intermediate Aggregation Process is displayed in Figure 8.

上述表述的任何组合都是可能的。图8显示了中间聚合过程的原始观察点示例。

exporterIPv4Address 192.0.2.1 exporterIPv4Address 192.0.2.2, interface ethernet 0, direction ingress interface ethernet 1, direction ingress interface serial 1, direction egress interface serial 2, direction egress exporterIPv4Address 192.0.2.3, lineCardId 1, direction ingress

exporterIPv4Address 192.0.2.1 exporterIPv4Address 192.0.2.2,接口以太网0,方向入口接口以太网1,方向入口接口串行1,方向出口接口串行2,方向出口exporterIPv4Address 192.0.2.3,lineCardId 1,方向入口

Figure 8: Complex Observation Point Definition Example

图8:复杂观测点定义示例

A Mediator MAY export such complex Original Observation Point information, depending on application requirements. If such information is exported, the Mediator MUST use [RFC6313] to do so, as described below.

根据应用程序的要求,中介可以导出此类复杂的原始观测点信息。如果导出此类信息,则中介必须使用[RFC6313]进行导出,如下所述。

The most generic way to export the Original Observation Point is to use a subTemplateMultiList, with the semantic "exactlyOneOf". Taking the previous example, the encoding in Figure 9 can be used.

导出原始观测点的最通用方法是使用语义为“exactlyOneOf”的subTemplateMultiList。在前面的示例中,可以使用图9中的编码。

Template Record 257: exporterIPv4Address Template Record 258: exporterIPv4Address, basicList of ingressInterface, flowDirection Template Record 259: exporterIPv4Address, lineCardId, flowDirection

模板记录257:exporterIPv4Address模板记录258:exporterIPv4Address,入口界面的基本列表,流向模板记录259:exporterIPv4Address,lineCardId,流向

Figure 9: Complex Observation Point Definition Example: Templates

图9:复杂观测点定义示例:模板

The Original Observation Point is modeled with the Data Records corresponding to either Template Record 1, Template Record 2, or Template Record 3 but not more than one of these ("exactlyOneOf" semantic). This implies that the Flow was observed at exactly one of the Observation Points reported.

原始观测点使用与模板记录1、模板记录2或模板记录3相对应的数据记录建模,但不超过其中一个(“exactlyOneOf”语义)。这意味着在报告的观测点中正好有一个观测到流量。

When an IPFIX Mediator receives Flow Records containing the Original Observation Point Information Element, i.e., originalExporterIPv4Address or originalExporterIPv6Address, the IPFIX Mediator SHOULD NOT modify its value(s) when composing new Flow Records in the general case. Known exceptions include anonymization per Section 7.2.4 of [RFC6235] and an Intermediate Correlation Process rewriting addresses across NAT. In other words, the Original Observation Point should not be replaced with the IPFIX Mediator Observation Point. The daisy chain of (Exporter, Observation Point) representing the path the Flow Records took from the Exporter to the top Collector in the Exporter/IPFIX Mediator(s)/Collector structure model is out of the scope of this specification.

当IPFIX中介接收到包含原始观测点信息元素的流记录时,即originalExporterIPv4Address或originalExporterIPv6Address,在一般情况下,IPFIX中介在编写新流记录时不应修改其值。已知的例外情况包括[RFC6235]第7.2.4节规定的匿名化,以及跨NAT重写地址的中间关联过程。换句话说,不应将原始观察点替换为IPFIX Mediator观察点。表示流记录从导出器到导出器/IPFIX中介器/收集器结构模型中的顶级收集器的路径的菊花链(导出器,观察点)不在本规范的范围内。

The following subsections describe Information Elements for reporting Original Exporter addresses as seen by the Collecting Process; note they may be subject to network address translation upstream; see [NAT-LOGGING] for more on logging in this situation.

以下小节描述了收集过程中报告原始出口商地址的信息要素;注:它们可能需要进行上游网络地址转换;有关这种情况下的日志记录的更多信息,请参阅[NAT-LOGGING]。

5.1. originalExporterIPv4Address Information Element
5.1. originalexporteripv4地址信息元素

Name: originalExporterIPv4Address

姓名:originalexporteripv4地址

Description: The IPv4 address used by the Exporting Process on an Original Exporter, as seen by the Collecting Process on an IPFIX Mediator. Used to provide information about the Original Observation Points to a downstream Collector.

描述:原始导出器上的导出进程使用的IPv4地址,如IPFIX中介器上的收集进程所示。用于向下游收集器提供有关原始观测点的信息。

Data Type: ipv4Address

数据类型:ipv4Address

ElementId: 403

元素ID:403

5.2. originalExporterIPv6Address Information Element
5.2. originalexporteripv6地址信息元素

Name: originalExporterIPv6Address

姓名:originalexporteripv6地址

Description: The IPv6 address used by the Exporting Process on an Original Exporter, as seen by the Collecting Process on an IPFIX Mediator. Used to provide information about the Original Observation Points to a downstream Collector.

描述:原始导出器上的导出进程使用的IPv6地址,如IPFIX中介器上的收集进程所示。用于向下游收集器提供有关原始观测点的信息。

Data Type: ipv6Address

数据类型:IPV6地址

ElementId: 404

元素ID:404

6. Managing Observation Domain IDs
6. 管理观测域ID

The Observation Domain ID of any IPFIX Message containing Flow Records relevant to no particular Observation Domain, or to multiple Observation Domains, MUST have an Observation Domain ID of 0.

包含与任何特定观察域或多个观察域无关的流记录的任何IPFIX邮件的观察域ID必须具有0的观察域ID。

IPFIX Mediators that do not change (Options) Template Records MUST maintain a Template Mapping, as detailed in Section 4.1, to ensure that the combination of Observation Domain IDs and Template IDs do not collide on export.

如第4.1节所述,不更改(选项)模板记录的IPFIX中介必须维护模板映射,以确保观察域ID和模板ID的组合在导出时不会发生冲突。

For IPFIX Mediators that export New (Options) Template Records, as in Section 4.2, there are two options for Observation Domain ID management. The first and simplest of these is to completely decouple exported Observation Domain IDs from received Observation

对于导出新(选项)模板记录的IPFIX中介,如第4.2节所述,有两个用于观察域ID管理的选项。第一个也是最简单的方法是将导出的观测域ID与接收到的观测域ID完全解耦

Domain IDs; the IPFIX Mediator, in this case, comprises its own set of Observation Domain(s) independent of the Observation Domain(s) of the Original Exporters.

域ID;在这种情况下,IPFIX中介器包含自己的一组观察域,独立于原始导出器的观察域。

The second option is to provide or maintain a Template Mapping for received (Options) Template Records and exported inferred (Options) Template Records, along with the appropriate Observation Domain IDs per Transport Session, which ensures that the combination of Observation Domain IDs and Template IDs do not collide on export.

第二个选项是为接收的(选项)模板记录和导出的推断(选项)模板记录提供或维护模板映射,以及每个传输会话的适当观察域ID,以确保观察域ID和模板ID的组合在导出时不会冲突。

In some cases where the IPFIX Message Header can't contain a consistent Observation Domain for the entire IPFIX Message, but the Flow Records exported from the IPFIX Mediator should contain the Observation Domain of the Original Exporter anyway, the (Options) Template Record must contain the originalObservationDomainId Information Element, specified in Section 6.1. When an IPFIX Mediator receives Flow Records containing the originalObservationDomainId Information Element, the IPFIX Mediator MUST NOT modify its value(s) when composing new Flow Records with the originalObservationDomainId Information Element.

在某些情况下,如果IPFIX消息头不能包含整个IPFIX消息的一致观察域,但从IPFIX中介导出的流记录无论如何都应该包含原始导出器的观察域,(选项)模板记录必须包含originalObservationDomainId信息元素,第6.1节中规定。当IPFIX中介接收到包含originalObservationDomainId信息元素的流记录时,IPFIX中介在使用originalObservationDomainId信息元素编写新流记录时,不得修改其值。

6.1. originalObservationDomainId Information Element
6.1. originalObservationDomainId信息元素

Name: originalObservationDomainId

名称:originalObservationDomainId

Description: The Observation Domain ID reported by the Exporting Process on an Original Exporter, as seen by the Collecting Process on an IPFIX Mediator. Used to provide information about the Original Observation Domain to a downstream Collector. When cascading through multiple Mediators, this identifies the initial Observation Domain in the cascade.

描述:原始导出器上的导出进程报告的观察域ID,如IPFIX中介器上的收集进程所示。用于向下游收集器提供有关原始观测域的信息。当通过多个中介进行级联时,这将标识级联中的初始观察域。

Data Type: unsigned32

数据类型:unsigned32

Data Type Semantics: identifier

数据类型语义:标识符

ElementId: 405

元素ID:405

7. Timing Considerations
7. 时机考虑

The IPFIX Message Header "Export Time" field is the time in seconds since 0000 UTC Jan 1, 1970, at which the IPFIX Message leaves the IPFIX Mediator. However, in the specific case of an IPFIX Mediator containing an Intermediate Conversion Process, the IPFIX Mediator MAY use the export time received from the incoming Transport Session.

IPFIX消息头“导出时间”字段是自1970年1月1日UTC 0000起IPFIX消息离开IPFIX中介的时间(以秒为单位)。但是,在包含中间转换过程的IPFIX中介的特定情况下,IPFIX中介可以使用从传入传输会话接收的导出时间。

It is RECOMMENDED that IPFIX Mediators handle time using absolute timestamps (e.g., flowStartSeconds, flowStartMilliseconds, or flowStartNanoseconds), which are specified relative to the UNIX epoch (00:00 UTC 1 Jan 1970) [POSIX.1], where possible rather than relative timestamps (e.g., flowStartSysUpTime or flowStartDeltaMicroseconds), which are specified relative to protocol structures such as system initialization or message export time.

建议IPFIX中介使用绝对时间戳(例如flowStartSeconds、FlowStartMillSeconds或FlowStartAnoseconds)处理时间,这些时间戳是相对于UNIX纪元(UTC 1970年1月1日00:00)[POSIX.1]指定的,如果可能,而不是相对时间戳(例如flowStartSysUpTime或flowStartDeltaMicroseconds),它们是相对于协议结构(如系统初始化或消息导出时间)指定的。

The latter are difficult to manage for two reasons. First, they require constant translation, as the system initialization time of an intermediate system and the export time of an intermediate message will change across mediation operations. Further, relative timestamps introduce range problems. For example, when using the flowStartDeltaMicroseconds and flowEndDeltaMicroseconds Information Elements [IANA-IPFIX], the Data Record must be exported within a maximum of 71 minutes after its creation. Otherwise, the 32-bit counter would not be sufficient to contain the flow start time offset. Those time constraints might be incompatible with some of the application requirements of some Intermediate Processes.

后者很难管理,原因有二。首先,它们需要不断的转换,因为中间系统的系统初始化时间和中间消息的导出时间将随着中介操作而变化。此外,相对时间戳引入了范围问题。例如,当使用flowStartDeltaMicroseconds和flowEndDeltaMicroseconds信息元素[IANA-IPFIX]时,数据记录必须在创建后最多71分钟内导出。否则,32位计数器将不足以包含流开始时间偏移。这些时间限制可能与某些中间过程的某些应用程序需求不兼容。

Intermediate Processes MUST NOT assume that received records appear in flowStartTime, flowEndTime, or observationTime order. An Intermediate Process processing timing information (e.g., an Intermediate Aggregation Process) MAY ignore records that are significantly out of order, in order to meet application-specific state and latency requirements, but SHOULD report that records were dropped.

中间流程不得假定收到的记录以flowStartTime、flowEndTime或observationTime顺序出现。处理定时信息的中间进程(例如,中间聚合进程)可能会忽略明显无序的记录,以满足特定于应用程序的状态和延迟要求,但应报告记录已删除。

When an Intermediate Process aggregates information from different Flow Records, the timestamps on exported records SHOULD be the minimum of the start times and the maximum of the end times in the general case. However, if the Flow Records do not overlap, i.e., if there is a time gap between the times in the Flow Records, then the report may be inaccurate. The IPFIX Mediator is only reporting what it knows, on the basis of the information made available to it, and there may not have been any data to observe during the gap. Then again, if there is an overlap in timestamps, there's the potential of double-accounting: different Observation Points may have observed the same traffic simultaneously. The specification of the precise rules for applying Flow Record timestamps at IPFIX Mediators for all the different situations is out of the scope of this document.

当中间流程聚合来自不同流记录的信息时,在一般情况下,导出记录上的时间戳应为开始时间的最小值和结束时间的最大值。但是,如果流量记录不重叠,即,如果流量记录中的时间之间存在时间间隔,则报告可能不准确。IPFIX中介机构仅根据提供给它的信息报告它所知道的,并且在间隙期间可能没有任何可观察的数据。此外,如果时间戳重叠,则可能存在双重计算:不同的观察点可能同时观察到相同的流量。为所有不同情况在IPFIX中介应用流记录时间戳的精确规则的规范不在本文档的范围内。

Note that [RFC7015] provides additional specifications for handling of timestamps at an Intermediate Aggregation Process.

注意,[RFC7015]提供了在中间聚合过程中处理时间戳的附加规范。

8. Transport Considerations
8. 运输考虑

SCTP [RFC4960] using the Partially Reliable SCTP (PR-SCTP) extension specified in [RFC3758] MUST be implemented by all compliant IPFIX Mediator implementations. TCP [RFC0793] MAY also be implemented by implementations compliant with the IPFIX Mediator. UDP [RFC0768] MAY also be implemented by compliant IPFIX Mediator implementations. Transport-specific considerations for IPFIX Exporters as specified in Sections 8.3, 8.4, 9.1, 9.2, and 10 of [RFC7011] apply to IPFIX Mediators as well.

使用[RFC3758]中指定的部分可靠SCTP(PR-SCTP)扩展的SCTP[RFC4960]必须由所有兼容的IPFIX中介器实现来实现。TCP[RFC0793]也可以通过符合IPFIX中介的实现来实现。UDP[RFC0768]也可以通过兼容的IPFIX中介实现来实现。[RFC7011]第8.3节、第8.4节、第9.1节、第9.2节和第10节中规定的IPFIX出口商的运输特定注意事项也适用于IPFIX调解人。

SCTP SHOULD be used in deployments where IPFIX Mediators and Collectors are communicating over links that are susceptible to congestion. SCTP is capable of providing any required degree of reliability. TCP MAY be used in deployments where IPFIX Mediators and Collectors communicate over links that are susceptible to congestion, but SCTP is preferred due to its ability to limit back pressure on Exporters and its message versus stream orientation. UDP MAY be used, although it is not a congestion-aware protocol. However, in this case, the IPFIX traffic between IPFIX Mediator and Collector MUST run in an environment where IPFIX traffic has been provisioned for and/or separated from non-IPFIX traffic, whether physically or virtually.

在IPFIX中介和收集器通过易受拥塞影响的链路进行通信的部署中,应使用SCTP。SCTP能够提供任何所需的可靠性。TCP可用于IPFIX中介器和收集器通过易受拥塞影响的链路进行通信的部署中,但由于SCTP能够限制导出器的背压以及消息与流的方向,因此SCTP是首选。可以使用UDP,尽管它不是拥塞感知协议。但是,在这种情况下,IPFIX中介器和收集器之间的IPFIX流量必须在IPFIX流量已为非IPFIX流量提供和/或与非IPFIX流量分离(无论是物理还是虚拟)的环境中运行。

9. Collecting Process Considerations
9. 收集过程注意事项

Any Collecting Process compliant with [RFC7011] can receive IPFIX Messages from an IPFIX Mediator. If the IPFIX Mediator uses IPFIX Structured Data [RFC6313] to export Original Exporter Information, as in Section 5, the Collecting Process MUST support [RFC6313].

任何符合[RFC7011]的收集进程都可以从IPFIX中介接收IPFIX消息。如果IPFIX中介使用IPFIX结构化数据[RFC6313]导出原始导出器信息,如第5节所述,则收集过程必须支持[RFC6313]。

10. Specific Reporting Requirements
10. 具体报告要求

IPFIX provides Options Templates for the reporting the reliability of processes within the IPFIX Architecture. As each Mediator includes at least one IPFIX Exporting Process, they MAY use the Exporting Process Reliability Statistics Options Template, as specified in [RFC7011].

IPFIX提供了用于报告IPFIX体系结构中流程可靠性的选项模板。由于每个中介体至少包括一个IPFIX导出过程,它们可以使用[RFC7011]中指定的导出过程可靠性统计选项模板。

Analogous to the Metering Process Reliability Statistics Options Template, also specified in [RFC7011], Mediators MAY implement the Intermediate Process Reliability Statistics Options Template, specified in Sections 10.1, 10.3, and 10.4 define Information Elements used by this Options Template.

与[RFC7011]中规定的计量过程可靠性统计选项模板类似,调解人可实施第10.1、10.3和10.4节中规定的中间过程可靠性统计选项模板,定义该选项模板使用的信息元素。

The Flow Keys Options Template, as specified in [RFC7011], may require special handling at an IPFIX Mediator, as described in Section 10.2.

[RFC7011]中规定的流密钥选项模板可能需要在IPFIX中介进行特殊处理,如第10.2节所述。

In addition, each Intermediate Process may have its own specific reporting requirements (e.g., Anonymization Records as in [RFC6235], or the Aggregation Counter Distribution Options Template as in [RFC7015]); these SHOULD be implemented as necessary, as described in the specification for each Intermediate Process.

此外,每个中间过程可能有自己的特定报告要求(例如,[RFC6235]中的匿名记录,或[RFC7015]中的聚合计数器分配选项模板);如各中间过程规范所述,必要时应实施这些措施。

10.1. Intermediate Process Reliability Statistics Options Template
10.1. 中间过程可靠性统计选项模板

The Intermediate Process Statistics Options Template specifies the structure of a Data Record for reporting Intermediate Process statistics. It SHOULD contain the following Information Elements; the intermediateProcessId Information Element is defined in Section 10.3 and the ignoredDataRecordTotalCount Information Element is defined in Section 10.4:

中间过程统计信息选项模板指定用于报告中间过程统计信息的数据记录的结构。它应包含以下信息元素:;中间过程ID信息元素在第10.3节中定义,ignoredDataRecordTotalCount信息元素在第10.4节中定义:

   +-----------------------------+-------------------------------------+
   | IE                          | Description                         |
   +-----------------------------+-------------------------------------+
   | observationDomainId [scope] | An identifier of the Observation    |
   |                             | Domain (of messages exported by     |
   |                             | this Mediator), locally unique to   |
   |                             | the Intermediate Process, to which  |
   |                             | this statistics record applies.     |
   |                             | ----------------------------------  |
   | intermediateProcessId       | An identifier for the Intermediate  |
   | [scope]                     | Process to which this statistics    |
   |                             | record applies.                     |
   |                             | ----------------------------------  |
   | ignoredDataRecordTotalCount | The total number of Data Records    |
   |                             | received but not processed by the   |
   |                             | Intermediate Process.               |
   |                             | ----------------------------------  |
   | time first record ignored   | The timestamp of the first record   |
   |                             | that was ignored by the             |
   |                             | Intermediate Process.  For Data     |
   |                             | Records containing timestamp        |
   |                             | ranges, this SHOULD be taken from   |
   |                             | the start timestamp of the range;   |
   |                             | for data records containing no      |
   |                             | timing information, this SHOULD be  |
   |                             | taken from the Export Time in the   |
   |                             | message header of the IPFIX Message |
   |                             | that contains it.  For this         |
   |                             | timestamp, any of the following     |
   |                             | timestamp can be used:              |
   |                             | observationTimeSeconds,             |
   |                             | observationTimeMilliseconds,        |
   |                             | observationTimeMicroseconds, or     |
   |                             | observationTimeNanoseconds.         |
   +-----------------------------+-------------------------------------+
        
   +-----------------------------+-------------------------------------+
   | IE                          | Description                         |
   +-----------------------------+-------------------------------------+
   | observationDomainId [scope] | An identifier of the Observation    |
   |                             | Domain (of messages exported by     |
   |                             | this Mediator), locally unique to   |
   |                             | the Intermediate Process, to which  |
   |                             | this statistics record applies.     |
   |                             | ----------------------------------  |
   | intermediateProcessId       | An identifier for the Intermediate  |
   | [scope]                     | Process to which this statistics    |
   |                             | record applies.                     |
   |                             | ----------------------------------  |
   | ignoredDataRecordTotalCount | The total number of Data Records    |
   |                             | received but not processed by the   |
   |                             | Intermediate Process.               |
   |                             | ----------------------------------  |
   | time first record ignored   | The timestamp of the first record   |
   |                             | that was ignored by the             |
   |                             | Intermediate Process.  For Data     |
   |                             | Records containing timestamp        |
   |                             | ranges, this SHOULD be taken from   |
   |                             | the start timestamp of the range;   |
   |                             | for data records containing no      |
   |                             | timing information, this SHOULD be  |
   |                             | taken from the Export Time in the   |
   |                             | message header of the IPFIX Message |
   |                             | that contains it.  For this         |
   |                             | timestamp, any of the following     |
   |                             | timestamp can be used:              |
   |                             | observationTimeSeconds,             |
   |                             | observationTimeMilliseconds,        |
   |                             | observationTimeMicroseconds, or     |
   |                             | observationTimeNanoseconds.         |
   +-----------------------------+-------------------------------------+
        
   +-----------------------------+-------------------------------------+
   | IE                          | Description                         |
   +-----------------------------+-------------------------------------+
   | time last record ignored    | The timestamp of the last record    |
   |                             | that was ignored by the             |
   |                             | Intermediate Process.  For Data     |
   |                             | Records containing timestamp        |
   |                             | ranges, this SHOULD be taken from   |
   |                             | the end timestamp of the range; for |
   |                             | data records containing no timing   |
   |                             | information, this SHOULD be taken   |
   |                             | from the Export Time in the message |
   |                             | header of the containing IPFIX      |
   |                             | Message.  For this timestamp, any   |
   |                             | of the following timestamp can be   |
   |                             | used: observationTimeSeconds,       |
   |                             | observationTimeMilliseconds,        |
   |                             | observationTimeMicroseconds, or     |
   |                             | observationTimeNanoseconds.         |
   +-----------------------------+-------------------------------------+
        
   +-----------------------------+-------------------------------------+
   | IE                          | Description                         |
   +-----------------------------+-------------------------------------+
   | time last record ignored    | The timestamp of the last record    |
   |                             | that was ignored by the             |
   |                             | Intermediate Process.  For Data     |
   |                             | Records containing timestamp        |
   |                             | ranges, this SHOULD be taken from   |
   |                             | the end timestamp of the range; for |
   |                             | data records containing no timing   |
   |                             | information, this SHOULD be taken   |
   |                             | from the Export Time in the message |
   |                             | header of the containing IPFIX      |
   |                             | Message.  For this timestamp, any   |
   |                             | of the following timestamp can be   |
   |                             | used: observationTimeSeconds,       |
   |                             | observationTimeMilliseconds,        |
   |                             | observationTimeMicroseconds, or     |
   |                             | observationTimeNanoseconds.         |
   +-----------------------------+-------------------------------------+
        
10.2. Flow Key Options Template
10.2. 流键选项模板

The Flow Keys Options Template specifies the structure of a Data Record for reporting the Flow Keys of reported Flows. A Flow Keys Data Record extends a particular Template Record that is referenced by its templateId identifier. The Template Record is extended by specifying which of the Information Elements contained in the corresponding Data Records describe Flow properties that serve as Flow Keys of the reported Flow. This Options Template is defined in Section 4.4 of [RFC7011] and SHOULD be used by Mediators for export as defined there.

“流键选项”模板指定用于报告所报告流的流键的数据记录的结构。流键数据记录扩展由其templateId标识符引用的特定模板记录。通过指定相应数据记录中包含的哪些信息元素描述用作报告流的流键的流属性,可以扩展模板记录。[RFC7011]第4.4节定义了该选项模板,调解人应使用该模板进行导出。

When an Intermediate Process exports Data Records containing different Flow Keys from those received from the Original Exporter, and the Original Exporter sent a Flow Keys Options record to the IPFIX Mediator, the IPFIX Mediator MUST export a Flow Keys Options record defining the new set of Flow Keys.

当中间进程导出包含不同于从原始导出器接收的流键的数据记录,并且原始导出器将流键选项记录发送给IPFIX中介器时,IPFIX中介器必须导出定义新流键集的流键选项记录。

10.3. intermediateProcessId Information Element
10.3. 中间进程信息元素

Name: intermediateProcessId

名称:intermediateProcessId

Description: An identifier of an Intermediate Process that is unique per IPFIX Device. Typically, this Information Element is used for limiting the scope of other Information Elements. Note that process identifiers may be assigned dynamically; that is, an Intermediate Process may be restarted with a different ID.

描述:每个IPFIX设备唯一的中间进程的标识符。通常,此信息元素用于限制其他信息元素的范围。注意,过程标识符可以动态分配;也就是说,可以使用不同的ID重新启动中间进程。

Data Type: unsigned32

数据类型:unsigned32

Data Type Semantics: identifier

数据类型语义:标识符

ElementId: 406

元素ID:406

10.4. ignoredDataRecordTotalCount Information Element
10.4. ignoredDataRecordTotalCount信息元素

Name: ignoredDataRecordTotalCount

名称:ignoredDataRecordTotalCount

Description: The total number of received Data Records that the Intermediate Process did not process since the (re-)initialization of the Intermediate Process; includes only Data Records not examined or otherwise handled by the Intermediate Process due to resource constraints, not Data Records that were examined or otherwise handled by the Intermediate Process but those that merely do not contribute to any exported Data Record due to the operations performed by the Intermediate Process.

描述:自中间进程(重新)初始化以来,中间进程未处理的接收数据记录总数;仅包括由于资源限制而未由中间流程检查或处理的数据记录,不包括由中间流程检查或处理的数据记录,但仅包括由于中间流程执行的操作而对任何导出数据记录没有贡献的数据记录。

Data Type: unsigned64

数据类型:unsigned64

Data Type Semantics: totalCounter

数据类型语义:totalCounter

ElementId: 407

ElementId:407

11. Operations and Management Considerations
11. 业务和管理考虑

In general, using IPFIX Mediators to combine information from multiple Original Exporters requires a consistent configuration of the Metering Processes behind these Original Exporters. The details of this consistency are specific to each Intermediate Process. Consistency of configuration should be verified out of band, with the MIB modules ([RFC6615] and [RFC6727]) or with the Configuration Data Model for IPFIX and PSAMP [RFC6728].

通常,使用IPFIX中介组合来自多个原始导出器的信息需要对这些原始导出器后面的计量过程进行一致的配置。这种一致性的细节针对每个中间过程。应使用MIB模块([RFC6615]和[RFC6727])或IPFIX和PSAMP的配置数据模型[RFC6728]在带外验证配置的一致性。

From an operational perspective, this specification provides all the information required to set up IPFIX Mediators and Collectors behind IPFIX Mediators. While configuring the IPFIX Mediators, care must be taken to include all the relevant information so that the Collectors deduce the Data Records precise semantic. This is covered by the Template Mapping specifications in Section 4.1. Also, caution must be taken that if something is not carefully configured in the processing chain, this can lead to the wrong interpretation of collected IPFIX data, and the associated applications can produce results that are not operationally meaningful.

从操作角度来看,本规范提供了在IPFIX中介器之后设置IPFIX中介器和收集器所需的所有信息。在配置IPFIX中介时,必须注意包含所有相关信息,以便收集器推断数据记录的精确语义。第4.1节中的模板映射规范涵盖了这一点。此外,必须注意,如果在处理链中未仔细配置某些内容,这可能会导致对收集的IPFIX数据的错误解释,并且相关应用程序可能会产生没有操作意义的结果。

12. Security Considerations
12. 安全考虑

As they act as both IPFIX Collecting Processes and Exporting Processes, the Security Considerations for the IPFIX Protocol [RFC7011] also apply to IPFIX Mediators. The Security Considerations for IPFIX Files [RFC5655] also apply to IPFIX Mediators that write IPFIX Files or use them for internal storage. However, there are a few specific considerations that IPFIX Mediator implementations must also take into account.

由于它们同时充当IPFIX收集进程和导出进程,IPFIX协议[RFC7011]的安全注意事项也适用于IPFIX中介。IPFIX文件[RFC5655]的安全注意事项也适用于编写IPFIX文件或将其用于内部存储的IPFIX中介。但是,IPFIX中介器实现还必须考虑一些特定的注意事项。

By design, IPFIX Mediators are "men in the middle": they intercede in the communication between an Original Exporter (or another upstream IPFIX Mediator) and a downstream Collecting Process. This has two important implications for the level of confidentiality provided across an IPFIX Mediator and the ability to protect data integrity and Original Exporter authenticity across an IPFIX Mediator. These are addressed in more detail in the Security Considerations for IPFIX Mediators in [RFC6183].

根据设计,IPFIX调解人是“中间人”:他们在原始出口商(或另一上游IPFIX调解人)和下游采集流程之间的通信中进行调解。这对IPFIX中介提供的机密性级别以及跨IPFIX中介保护数据完整性和原始导出器真实性的能力有两个重要影响。[RFC6183]中IPFIX中介的安全注意事项中对这些问题进行了更详细的讨论。

Note that while IPFIX Mediators can use the exporterCertificate and collectorCertificate Information Elements defined in [RFC5655] as described in Section 9.3 of [RFC6183] to export information about X.509 identities in upstream TLS-protected Transport Sessions, this mechanism cannot be used to provide true end-to-end assertions about a chain of IPFIX Mediators: any IPFIX Mediator in the chain can simply falsify the information about upstream Transport Sessions. In situations where information about the chain of mediation is important, it must be determined out of band. Note as well that an Exporting Process has no in-band way to determine whether or not a given Collecting Process will act as a Mediator. Trust placed in Collecting Processes is absolute, so care should be taken when exporting IPFIX Messages between Exporting Processes and Collecting Processes controlled by different entities.

请注意,虽然IPFIX中介可以使用[RFC5655]中定义的exporterCertificate和collectorCertificate信息元素(如[RFC6183]第9.3节所述)导出上游TLS保护传输会话中X.509身份的信息,此机制不能用于提供有关IPFIX中介链的真正端到端断言:链中的任何IPFIX中介都可以简单地伪造有关上游传输会话的信息。在有关调解链的信息很重要的情况下,必须在带外确定。还要注意,导出进程没有带内方式来确定给定的收集进程是否将充当中介。收集进程中的信任是绝对的,因此在导出进程和由不同实体控制的收集进程之间导出IPFIX消息时应小心。

13. IANA Considerations
13. IANA考虑

This document specifies new IPFIX Information Elements, originalExporterIPv4Address in Section 5.1, originalExporterIPv6Address in Section 5.2, originalObservationDomainId in Section 6.1, intermediateProcessId in Section 10.3, and ignoredDataRecordTotalCount in Section 10.4, which have been added to the IPFIX Information Element registry [IANA-IPFIX].

本文档指定了新的IPFIX信息元素,第5.1节中的OriginalAlexPorterIPV4Address,第5.2节中的OriginalAlexPorterIPV6Address,第6.1节中的originalObservationDomainId,第10.3节中的intermediateProcessId,以及第10.4节中的ignoredDataRecordTotalCount,这些元素已添加到IPFIX信息元素注册表中[IANA-IPFIX]。

14. Acknowledgments
14. 致谢

We would like to thank the IPFIX contributors, specifically Paul Aitken (THE ultimate IPFIX document reviewer) and Andrew Feren for their thorough reviews; Nevil Brownlee and Juergen Quittek for shepherding this document and chairing the IPFIX Working Group; and to Rahul Patel, Meral Shirazipour, and Juergen Schoenwaelder for their feedback and comments. This work is materially supported by the European Union Seventh Framework Programme under grant agreements 257315 (DEMONS) and 318627 (mPlane).

我们要感谢IPFIX的贡献者,特别是Paul Aitken(最终的IPFIX文档审阅者)和Andrew Feren,感谢他们的全面审阅;Nevil Brownlee和Juergen Quitek负责指导本文件并担任IPFIX工作组主席;以及Rahul Patel、Meral Shirazipour和Juergen Schoenwaeld的反馈和评论。这项工作得到了欧洲联盟第七框架方案根据赠款协议257315(DEMONS)和318627(mPlane)的实质性支持。

15. References
15. 工具书类
15.1. Normative References
15.1. 规范性引用文件

[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.

[RFC0768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,1980年8月。

[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981.

[RFC0793]Postel,J.,“传输控制协议”,标准7,RFC 793,1981年9月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. Conrad, "Stream Control Transmission Protocol (SCTP) Partial Reliability Extension", RFC 3758, May 2004.

[RFC3758]Stewart,R.,Ramalho,M.,Xie,Q.,Tuexen,M.,和P.Conrad,“流控制传输协议(SCTP)部分可靠性扩展”,RFC 3758,2004年5月。

[RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, September 2007.

[RFC4960]Stewart,R.,“流控制传输协议”,RFC 49602007年9月。

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。

[RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T., and A. Wagner, "Specification of the IP Flow Information Export (IPFIX) File Format", RFC 5655, October 2009.

[RFC5655]Trammell,B.,Boschi,E.,Mark,L.,Zseby,T.,和A.Wagner,“IP流信息导出(IPFIX)文件格式规范”,RFC 56552009年10月。

[RFC6313] Claise, B., Dhandapani, G., Aitken, P., and S. Yates, "Export of Structured Data in IP Flow Information Export (IPFIX)", RFC 6313, July 2011.

[RFC6313]Claise,B.,Dhandapani,G.,Aitken,P.,和S.Yates,“IP流信息导出(IPFIX)中结构化数据的导出”,RFC 63132011年7月。

[RFC6615] Dietz, T., Kobayashi, A., Claise, B., and G. Muenz, "Definitions of Managed Objects for IP Flow Information Export", RFC 6615, June 2012.

[RFC6615]Dietz,T.,Kobayashi,A.,Claise,B.,和G.Muenz,“IP流信息导出的托管对象定义”,RFC 66152012年6月。

[RFC6727] Dietz, T., Claise, B., and J. Quittek, "Definitions of Managed Objects for Packet Sampling", RFC 6727, October 2012.

[RFC6727]Dietz,T.,Claise,B.,和J.Quittek,“用于数据包采样的托管对象的定义”,RFC 6727,2012年10月。

[RFC6728] Muenz, G., Claise, B., and P. Aitken, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols", RFC 6728, October 2012.

[RFC6728]Muenz,G.,Claise,B.,和P.Aitken,“IP流信息导出(IPFIX)和数据包采样(PSAMP)协议的配置数据模型”,RFC 6728,2012年10月。

[RFC7011] Claise, B., Trammell, B., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, September 2013.

[RFC7011]Claise,B.,Trammell,B.,和P.Aitken,“流量信息交换的IP流量信息导出(IPFIX)协议规范”,STD 77,RFC 7011,2013年9月。

[RFC7012] Claise, B. and B. Trammell, "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, September 2013.

[RFC7012]Claise,B.和B.Trammell,“IP流信息导出(IPFIX)的信息模型”,RFC 7012,2013年9月。

[RFC7013] Trammell, B. and B. Claise, "Guidelines for Authors and Reviewers of IP Flow Information Export (IPFIX) Information Elements", BCP 184, RFC 7013, September 2013.

[RFC7013]Trammell,B.和B.Claise,“IP流信息导出(IPFIX)信息元素的作者和评审员指南”,BCP 184,RFC 7013,2013年9月。

[RFC7014] D'Antonio, S., Zseby, T., Henke, C., and L. Peluso, "Flow Selection Techniques", RFC 7014, September 2013.

[RFC7014]D'Antonio,S.,Zseby,T.,Henke,C.,和L.Peluso,“流量选择技术”,RFC 70142013年9月。

[RFC7015] Trammell, B., Wagner, A., and B. Claise, "Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol", RFC 7015, September 2013.

[RFC7015]Trammell,B.,Wagner,A.,和B.Claise,“IP流信息导出(IPFIX)协议的流聚合”,RFC 7015,2013年9月。

15.2. Informative References
15.2. 资料性引用

[RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004.

[RFC3917]Quitek,J.,Zseby,T.,Claise,B.,和S.Zander,“IP流信息导出(IPFIX)的要求”,RFC 39172004年10月。

[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, October 2004.

[RFC3954]Claise,B.,“Cisco Systems NetFlow服务导出版本9”,RFC 3954,2004年10月。

[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, "Architecture for IP Flow Information Export", RFC 5470, March 2009.

[RFC5470]Sadasivan,G.,Brownlee,N.,Claise,B.,和J.Quitek,“IP流信息导出架构”,RFC 54702009年3月。

[RFC5472] Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IP Flow Information Export (IPFIX) Applicability", RFC 5472, March 2009.

[RFC5472]Zseby,T.,Boschi,E.,Brownlee,N.,和B.Claise,“IP流信息导出(IPFIX)适用性”,RFC 54722009年3月。

[RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports", RFC 5473, March 2009.

[RFC5473]Boschi,E.,Mark,L.,和B.Claise,“减少IP流信息导出(IPFIX)和数据包采样(PSAMP)报告中的冗余”,RFC 5473,2009年3月。

[RFC5476] Claise, B., Johnson, A., and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, March 2009.

[RFC5476]Claise,B.,Johnson,A.,和J.Quittek,“数据包采样(PSAMP)协议规范”,RFC 54762009年3月。

[RFC5610] Boschi, E., Trammell, B., Mark, L., and T. Zseby, "Exporting Type Information for IP Flow Information Export (IPFIX) Information Elements", RFC 5610, July 2009.

[RFC5610]Boschi,E.,Trammell,B.,Mark,L.,和T.Zseby,“为IP流信息导出(IPFIX)信息元素导出类型信息”,RFC 56102009年7月。

[RFC5982] Kobayashi, A. and B. Claise, "IP Flow Information Export (IPFIX) Mediation: Problem Statement", RFC 5982, August 2010.

[RFC5982]Kobayashi,A.和B.Claise,“IP流信息导出(IPFIX)调解:问题陈述”,RFC 59822010年8月。

[RFC6183] Kobayashi, A., Claise, B., Muenz, G., and K. Ishibashi, "IP Flow Information Export (IPFIX) Mediation: Framework", RFC 6183, April 2011.

[RFC6183]Kobayashi,A.,Claise,B.,Muenz,G.,和K.Ishibashi,“IP流信息导出(IPFIX)中介:框架”,RFC 6183,2011年4月。

[RFC6235] Boschi, E. and B. Trammell, "IP Flow Anonymization Support", RFC 6235, May 2011.

[RFC6235]Boschi,E.和B.Trammell,“IP流匿名化支持”,RFC 62352011年5月。

[NAT-LOGGING] Sivakumar, S. and R. Penno, "IPFIX Information Elements for logging NAT Events", Work in Progress, November 2013.

[NAT-LOGGING]Sivakumar,S.和R.Penno,“用于记录NAT事件的IPFIX信息元素”,正在进行的工作,2013年11月。

[IANA-IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities", <http://www.iana.org/assignments/ipfix>.

[IANA-IPFIX]IANA,“IP流信息导出(IPFIX)实体”<http://www.iana.org/assignments/ipfix>.

[POSIX.1] IEEE, "IEEE Standard for Information Technology - Portable Operating System Interface", IEEE 1003.1-2008, 2008.

[POSIX.1]IEEE,“IEEE信息技术标准-便携式操作系统接口”,IEEE 1003.1-2008,2008年。

Authors' Addresses

作者地址

Benoit Claise Cisco Systems, Inc. De Kleetlaan 6a b1 1831 Diegem Belgium

Benoit Claise Cisco Systems,Inc.De Kleetlaan 6a b1 1831 Diegem比利时

   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com
        
   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com
        

Atsushi Kobayashi NTT Information Sharing Platform Laboratories 3-9-11 Midori-cho Musashino-shi, Tokyo 180-8585 Japan

Atsushi Kobayashi NTT信息共享平台实验室3-9-11 Midori cho Musashino shi,东京180-8585

   Phone: +81 422 59 3978
   EMail: akoba@nttv6.net
        
   Phone: +81 422 59 3978
   EMail: akoba@nttv6.net
        

Brian Trammell Swiss Federal Institute of Technology Zurich Gloriastrasse 35 8092 Zurich Switzerland

Brian Trammell瑞士联邦理工学院苏黎世Gloriastrasse 35 8092瑞士苏黎世

   Phone: +41 44 632 70 13
   EMail: trammell@tik.ee.ethz.ch
        
   Phone: +41 44 632 70 13
   EMail: trammell@tik.ee.ethz.ch