Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt.

Published byAnnabella Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt."— Presentation transcript:

1 IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt

2 Motivation Reduction of monitoring data Speed-up of flow accounting
Bandwidth savings and performance savings at the collector Speed-up of flow accounting Reduction of concurrent active streams in a monitor Concentrating multiple IPFIX streams Definition of concentrator functionality Transport of information about the aggregation rules For improved processing of IPFIX data 63rd IETF Meeting, Paris, 2005

3 Architecture EP EP EP AP AP MP MP MP CP CP
exported monitoring data (IPFIX Protocol) exported monitoring data (IPFIX Protocol) EP EP EP AP AP MP MP MP CP CP exported monitoring data (IPFIX Protocol) EP: Exporting Process AP: Aggregation Process MP: Metering Process 63rd IETF Meeting, Paris, 2005

4 Aggregation Rules Specify Comprise aggregation instructions containing
which flow records to aggregate into a meta-flow record how the meta-flow record and the corresponding data template looks like Comprise aggregation instructions containing IPFIX field ID mandatory field for incoming records included in meta-flow record or data template depending on field modifier pattern (optional) restricts aggregated flow records to those that match this pattern field modifier (discard, keep, mask/n, or aggregate) specifies how this field is treated implicitly defines if the field appears in meta-flow or data template 63rd IETF Meeting, Paris, 2005

5 Field Modifiers Rule instruction Result Field modifier Pattern exist
Field in meta-flow record contains Fixed-value field in Data Template contains discard no n/a yes pattern keep original value original value, if pattern is range of values mask/n IP network address 63rd IETF Meeting, Paris, 2005

6 Field Modifier – cont’d
Special field modifier aggregate for counters, timestamps etc. Result depends on field: minimum in case of minimumPacketLength, minimumTtl, flowStartSeconds, flowStartMilliSeconds maximum in case of maximumPacketLenth, maximumTtl, flowEndSeconds, flowEndMilliSeconds binary OR (as suggested by IPFIX-INFO) in case of ipv6OptionHeaders, tcpControlBits sum in case of octetDeltaCount, packetDeltaCount 63rd IETF Meeting, Paris, 2005

7 Example Goal: Aggregation Rule:
monitor flows to web servers (http/https) in /16 aggregate sources addresses into /24 network addresses Aggregation Rule: discard protocolIdentifier discard sourceTransportPort mask/24 sourceIpv4Address discard destinationTransportPort in 80,443 keep destinationIpv4Address in /16 aggregate packetDeltaCount aggregate octetDeltaCount aggregate flowStartMilliSeconds aggregate flowEndMilliSeconds 63rd IETF Meeting, Paris, 2005

8 Example – cont’d Data Template: 63rd IETF Meeting, Paris, 2005
| Template ID | Field Count = | | Data Count = | Preceding Rule | | Field 1 Type = sourceIpv4SourceNetwork | | Field 2 Type = destinationIpv4Address | | Field 3 Type = packetDeltaCount | | Field 4 Type = octetDeltaCount | | Field 5 Type = flowStartMilliSeconds | | Field 6 Type = flowEndMilliSecondsess | | Data 1 Type = destinationTransportPort | | Data 1 Value = 80, | | Data 2 Type = destinationIpv4Network | | Data 2 Value = / | 63rd IETF Meeting, Paris, 2005

9 Example – cont’d Incoming flows: Resulting meta-flow: pattern in
data template Incoming flows: Resulting meta-flow: Prot Src Port Src Addr Dst Port Dst Addr # Pkt # Oct Start End TCP 64235 80 4 144 1055 1090 64236 3 56 1071 1103 6889 2 34 1083 1100 5555 6 155 1201 6666 77 1095 1199 discarded fixed-value in data template Src Net Dst Addr # Pkt # Oct Start End /24 9 234 1055 1103 /24 6 155 1090 1201 3 77 1095 1199 63rd IETF Meeting, Paris, 2005

10 Cascading Aggregation Rules
Goal: Allows other semantics than “match-any”, i.e. may be used to avoid that an incoming flow contributes to more than one meta-flow Cascading aggregation rules: Use preceding rule field in data template header Get incoming flow preceding rule Apply rule 1? no preceding rule Apply rule 2? no yes Aggregate yes Aggregate 63rd IETF Meeting, Paris, 2005

11 Conclusions IPFIX Aggregation -00 received only positive feedback
-01 has reached a good state Already two implementations supporting aggregation IBM Erlangen University / Tuebingen University Next steps To be continued as an individual I-D? To be added to the IPFIX charter? 63rd IETF Meeting, Paris, 2005

Download ppt "IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt."

Similar presentations

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net
VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.

VCRIB: Virtual Cloud Rule Information Base Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan HotCloud 2012.
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 5-1 Internet Protocol (IP): Packet Format, Fragmentation, Options Shivkumar Kalyanaraman Rensselaer.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Chapter 5 - Transport and Network Layers TCP/IP (Part 1) Dr. V.T. Raja Oregon State University Chapter Objectives: Understand primary functions of transport.

Chapter 5 - Transport and Network Layers TCP/IP (Part 1) Dr. V.T. Raja Oregon State University Chapter Objectives: Understand primary functions of transport.
EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Oct 19, 2004CS573: Network Protocols and Standards1 IP: Datagram and Addressing Network Protocols and Standards Autumn 2004-2005.

Oct 19, 2004CS573: Network Protocols and Standards1 IP: Datagram and Addressing Network Protocols and Standards Autumn
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.

CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.
1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.
Draft-molina-flow-selection-00 Maurizio Molina,. 2 © NEC Europe Ltd., 2002 Network Laboratories, Heidelberg Motivation, Background (1/2) Flow selection.

Draft-molina-flow-selection-00 Maurizio Molina,. 2 © NEC Europe Ltd., 2002 Network Laboratories, Heidelberg Motivation, Background (1/2) Flow selection.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Similar presentations

Ads by Google