Internet DRAFT - draft-inacio-ipfix-penie

draft-inacio-ipfix-penie



 



IPFIX Working Group                                            C. Inacio
Internet-Draft                                Carnegie Mellon University
Intended Status: Standards Track                        November 9, 2012
Expires May 13, 2013                                    

       Private Enterprise Information Elements Registry Exchange
                   <draft-inacio-ipfix-penie-00.txt>

Abstract

   This extension to the IPFIX protocol is intended to provide a
   mechanism for IPFIX exporters which export private information
   elements to also transmit information to the collectors.  The
   mechanism is designed to be able to send a URI with information about
   the private information elements via an options template.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire in May 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
 


Inacio                    Expires May 13, 2013                  [Page 1]

Internet Draft                   PENIE                  November 9, 2012


   carefully, as they describe your rights and restrictions with respect
   to this document.














































 


Inacio                    Expires May 13, 2013                  [Page 2]

Internet Draft                   PENIE                  November 9, 2012


Table of Contents

   1. Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2. Options Record Format . . . . . . . . . . . . . . . . . . . . .  4
   3.  Registry Design  . . . . . . . . . . . . . . . . . . . . . . .  5
     3.1. Registry Introduction . . . . . . . . . . . . . . . . . . .  6
     3.2. Registry Informational Elements . . . . . . . . . . . . . .  6
     3.3. Registry Formatting . . . . . . . . . . . . . . . . . . . .  7
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     6.1.  Normative References . . . . . . . . . . . . . . . . . . .  7
     6.2.  Informative References . . . . . . . . . . . . . . . . . .  8
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .  8
   Appendix A.  . . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     99.0.  To be removed . . . . . . . . . . . . . . . . . . . . . . 10
     99.1.  Formatting End of Page  . . . . . . . . . . . . . . . . . 12
































 


Inacio                    Expires May 13, 2013                  [Page 3]

Internet Draft                   PENIE                  November 9, 2012


1. Introduction

   The IPFIX protocol [RFC5101] defined a significant information
   element set for a large number of relevant network activities.  The
   IPFIX protocol was also designed with the ability to extend its
   information model both via a standards based mechanism, via an IANA
   registry, to add elements of general interest, but also the ability
   to add elements via private enterprise numbers to define elements of
   limited interest.  Beyond adding the ability to pass new information
   elements, the IPFIX protocol is designed to allow collectors the
   ability to skip information elements which cannot be comprehended.

   IPFIX was extended in RFC 5610 IPFIX Semantic Type Information to
   allow IPFIX send type semantic information about information
   elements.  This mechanism allows an IPFIX exporter to send type
   semantic information along with a common name about an information
   element to the collector.  This allows information elements that the
   collector would otherwise not be able to comprehend to provide much
   more information.

   The mechanism proposed here extends the Semantic Type Information in
   two ways.  First, it allows a more complex definition of information
   to be presented, capturing the possible relationships contained
   within the IPFIX Structured Data extension.  The IPFIX Structured
   Data extension, having completed after the Semantic Type Information,
   is not covered in the Semantic Type Information.  Secondly, by moving
   the information element metadata out from the potentially resource
   constrained IPFIX data channel, this extension allows a richer and
   comprehensive set of metadata to be expressed.

2. Options Record Format

   The mechanism used to transmit the URI information from the exporter
   to the collector is an options template with a URI.  The URI contains
   a pointer which provides well formatted, as specified in section 3,
   information about the semantic type information and description of
   the private information elements.

                        1                   2                   3   
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1  
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
   |      Set ID = 3               |        Length = 14            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Template ID = 257          |        Field Count =          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Scope Field Count =           |0| private ent. number     346 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Field Length = 4           |   PEN Registry URI        XXX |
 


Inacio                    Expires May 13, 2013                  [Page 4]

Internet Draft                   PENIE                  November 9, 2012


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Field Length = 65536       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 1: Example PENIE Template Definition

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Set ID = 257         |            Length = 46          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Private Enterprise Number                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Length = 39          |                                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                                 +
   |          "http://tools.netsa.cert.org/yaf_pen.xml"            |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                                                               +
   |                                                               |
   +                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                  Figure 2: Example PENIE Data Record



   The options record allows for creating a URI reference for a private
   enterprise number.  It is important to note that more than one URI
   per a single private enterprise number.  The burden of resolving all
   declared registries falls onto the collector to be able to decode all
   information elements received from the exporters.

3.  Registry Design

 


Inacio                    Expires May 13, 2013                  [Page 5]

Internet Draft                   PENIE                  November 9, 2012


3.1. Registry Introduction

   The registry design goals are to capture all the information that
   IPFIX Type Information [RFC5610] provides about individual elements,
   but to also present more metadata about both individual elements as
   well as have the ability to provide more information about a
   collection of elements.

3.2. Registry Informational Elements

   The top level of a registry contains the following additional
   elements:
      o Registry ID - This is an ID that can be used by the creator of
         the registry to be able to track the registry as a unique item.

      o Version - Indicates the release version of the registry.

      o Name - A common name that can be used to refer to the registry.

      o Security Type - This is a new entry type that allows the
         complete set of elements defined in the registry to be
         contained within a security type class.  By allowing the
         collector to understand the security type, if present, of the
         information elements a new class of actions may be taken by a
         collector implementation.

      o Policy Type -  Similar to the security type, this new entry
         allows the complete set of elements defined in the registry to
         be contained within a policy type class.  Again, similar to the
         security type class, the collector may take new actions based
         upon understanding the policy type of an information element.

      o Canonical URI - This is the canonical URI to be able to locate
         the authoritative version of the registry.

      o Root EID - This defines the Private Enterprise ID for all
         elements defined in the registry.

      o Copyright - Optionally the copyright information for the
         registry

      o Contact - Contact information to be able to contact the
         publisher of the registry.

      o Directory - (I can't remember, but its a URI).

   Each information element defined in the registry are as follows:

 


Inacio                    Expires May 13, 2013                  [Page 6]

Internet Draft                   PENIE                  November 9, 2012


      o ID - The information element ID.

      o PEN - The private enterprise number.

      o Data type - The data type of the element, as defined in RFC
         5610.

      o Semantics - The semantic of the element, as defined in RFC 5610.

      o Units - The units of the element, as defined in RFC 5610.

      o Description - The human readable (and hopefully understandable)
         description of the element.

      o MIME Path - An optional MIME path definition of the element.

3.3. Registry Formatting

   XML or JSON or ???? format to be added here.

   5.  Security Considerations

   There are no security considerations relevant to this document,
   beyond the security considerations necessary in the IPFIX protocol
   specification [RFC5101] and its successors.

6.  IANA Considerations

   IANA needs to create two registries with expert review:

   Security types Policy types

   and create a code point for a new information element.


6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5101] Claise, B., "Specification of the IP Flow Information
              Export (IPFIX) Protocol for the Exchange of IP Traffic
              Flow Information", RFC 5101, January 2008.

   [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and Meyer,
              J., "Information Model for IP Flow Information Export",
 


Inacio                    Expires May 13, 2013                  [Page 7]

Internet Draft                   PENIE                  November 9, 2012


              RFC 5102, January 2008.

   [RFC5610] Boschi, E., Trammell, B., Mark, L., and Zseby, T.,
              "Exporting Type Information for IP Flow Information Export
              (IPFIX) Information Elements", RFC 5610, July 2009.

   [RFC4234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", RFC 4234, October 2005.

6.2.  Informative References

   [2223BIS]  Reynolds, J. and R. Braden, "Instructions to Request for
              Comments (RFC) Authors", draft-rfc-editor-rfc2223bis-
              08.txt, August 2004.  

Authors' Addresses

   Christopher Inacio
   Carnegie Mellon University
   4500 5th Avenue
   Pittsburgh, PA 15213
   USA

   EMail: inacio@sei.cmu.edu

Appendix A.

   Relax-NG based definition of a proposed schema.  Can be processed with trang to create a well defined XML XSD file.

   namespace r = "http://www.ietf.org/ipfix/ipfix-private-element-registry/1.0"

   # It's unclear what the right way of referencing an info element ought
   # to be.  By PEN/ID pair?  By some XML ID?  Both has problems.  Leave it
   # text for now.
   info-elem-ref = text

   r-data-type = element r:data-type {
    "octetArray" |
    "unsigned8" |
    "unsigned16" |
    "unsigned32" |
    "unsigned64" |
    "signed8" |
    "signed16" |
    "signed32" |
    "signed64" |
    "float32" |
    "float64" |
 


Inacio                    Expires May 13, 2013                  [Page 8]

Internet Draft                   PENIE                  November 9, 2012


    "boolean" |
    "macAddress" |
    "string" |
    "dateTimeSeconds" |
    "dateTimeMilliseconds" |
    "dateTimeMicroseconds" |
    "dateTimeNanoseconds" |
    "ipv4Address" |
    "ipv6Address" |
    "basicList" |
    "subTemplateList" |
    "subTemplateMultiList"
   }

   r-semantics = element r:semantics {
    "default" |
    "quantity" |
    "totalCounter" |
    "deltaCounter" |
    "identifier" |
    "flags" |
    "list"
   }

   r-units = element r:units {
    "none" |
    "bits" |
    "octets" |
    "packets" |
    "flows" |
    "seconds" |
    "milliseconds" |
    "microseconds" |
    "nanoseconds" |
    "4-octet words" |
    "messages" |
    "hops" |
    "entries"
   }

   #r-value-map = element r:value-map {
   #       attribute type {"integer" | "text" },
   #       {element value }
   #}

   r-element = element r:element {
    element r:id { xsd:integer {minInclusive="0" maxInclusive="65535"}} &
    element r:private-enterprise-number { xsd:integer {minInclusive="0" maxInclusive="4294967295"}}? &
 


Inacio                    Expires May 13, 2013                  [Page 9]

Internet Draft                   PENIE                  November 9, 2012


    r-data-type &
    r-semantics? &
    r-units? &
    element r:range-begin { text }? &
    element r:range-end { text }? &
    element r:name { xsd:token } &
    element r:description { text } &

    element r:mime-path { text }?

   # element r:value-map {
   #        attribute type {"integer" | "text"},
   # }
   }

   r-registry = element r:registry {
    element r:id { xsd:anyURI } &
    element r:name { text } &

    # Should these two be required or optional?
    element r:security-type { text } &
    element r:policy-type { text } &

    element r:url { xsd:anyURI } &
    element r:root-eid { xsd:integer } &
    (r-registry | r-element)*
   }

   r-enterprise-registry = element r:enterprise-registry {
    element r:name { text } &
    element r:copyright { text } &
    element r:contact { text } &
    element r:private-enterprise-number { xsd:integer } &
    element r:directory { xsd:anyURI } &
    r-registry*
   }

   start = r-enterprise-registry

99.0.  To be removed 

   The RFC Editor generally uses the simplest nroff features, basically
   the "-ms" macro package and the following few basic nroff directives:

   DIRECTIVE        FUNCTION

   .ce              Center following line.

 


Inacio                    Expires May 13, 2013                 [Page 10]

Internet Draft                   PENIE                  November 9, 2012


   .ti #            'temporary indent' -- # is number of spaces.
                    Indents only the line immediately following.

   .in #            Change indentation to # spaces

   .nf              'No fill': begin block of text to be displayed.

   .fi              Fill (i.e., left-justify, line wrap)

   .ne #            'need' -- Keep following # lines on same page

   .bp              Break page

   .br              Break line

   .KS		 'Keep Start' -- lines up to .KE on same page

   .KE		 'Keep End' -- end of 'keep' block

   Nroff also has a '.sp' (space) directive to insert a blank line.
   However, it is far easier (and more readable) to use the fact that
   each blank line in the nroff source creates a blank line in the
   output.

   Nroff includes many variations on the trivial commands shown above. 
   For example, indentation can be specified relative to the current
   indentation, using '.in +#' or '.in -#'.  Authors are welcome to use
   such features, but for simplicity this template uses only the
   simplest set of commands.

   Some authors who are proficient in nroff will wish to use more
   advanced features, including perhaps their own macros.  This is a
   private matter for the author, unless and until the document is
   submitted to the RFC Editor for publication as an RFC.  Upon document
   submission, the RFC Editor will request the nroff source, if any.  If
   the source is sufficiently straightforward, it will be used by the
   RFC Editor to speed the publication process.  If not, the RFC Editor
   will generate a new nroff source, generally using the simple subset
   above.

   The considerations here are as follows:

      o  Defined macros (beyond the -ms package) must be in-line at the
         front of the source.  The RFC Editor is currently prepared to
         maintain only one source file for each published RFC.

      o  Some of the editors are not nroff experts, and even those who
         may be do not have the time to figure out some complex/obscure
 


Inacio                    Expires May 13, 2013                 [Page 11]

Internet Draft                   PENIE                  November 9, 2012


         macro.  If any special knowledge about these macros is needed
         to modify the text for editorial purposes, the RFC Editor will
         find it more expedient to generate a new .nroff source for the
         document.

      o  The RFC Editor does not keep a distinct Make file for each RFC,
         so it is not helpful to send us a tar file or shar script that
         magically makes a directory and builds an RFC.  Our primary
         input is a .txt file, with a .nroff file as a possible
         secondary input.  When the RFC is published, the RFC Editor
         will archive a .txt file and a corresponding \&.nroff file.

   In other words, keep it simple and you can help us a lot; don't show
   off your programming prowess and waste our time.

99.1.  Formatting End of Page

   The Unix command to create a formatted Internet Draft is:

         "nroff -ms input-file.nroff > output-file.txt"

   However, nroff will not follow the RFC standard format for a page: a
   Form feed (FF or Control-L)) after the last visible line on the page
   and no extra line feeds before the first visible line of the next
   page.  We want:

   	last visible line on page i
   	^L
   	first visible line on page i+1

   We invented hacks to fix this.  The original hack was a "sed" script
   that called a "C" program called "pg".  More recently, we have been
   using a simple Perl script (see Appendix A). Then the command to
   process the nroff source file becomes:

         nroff -ms input-file.nroff | fix.pl > output-file.txt

   For example:

         nroff -ms 2-nroff.template | fix.pl > 2-nroff.template.txt











Inacio                    Expires May 13, 2013                 [Page 12]