RFC 7270 Cisco

Data Type: unsigned16 ElementId: 103 Semantics: quantity Status: deprecated 4.18. layer2packetSectionData Description: Deprecated in favor of 315 dataLinkFrameSection. Layer 2 packet section data. Abstract Data Type: octetArray ElementId: 104 Status: deprecated 5. Other Information Elements 5.1. Performance Metrics IEs ElementId: 65 .. 69 Performance metrics will need a consolidation in the industry, based on [RFC6390]. Once this consolidation happens, via a separate document the IEs 65-69 will either be assigned in the IANA registry or their status will be deprecated. 5.2. Application Information IEs ElementId: 94 .. 96 ElementId: 101 Please refer to [RFC6759]. 5.3. IEs Assigned for NetFlow v9 Compatibility ElementId: 105..127 These element IDs are not covered by this document and are left "as is", i.e., for NetFlow v9 compatibility. Yourtchenko, et al. Informational [Page 11] RFC 7270 Cisco Information Elements June 2014 6. IANA Considerations This document specifies several new IPFIX Information Elements in IANA’s "IPFIX Information Elements" registry [IANA-IPFIX] as summarized in Section 3 and detailed in Section 4 above. The following Information Elements have been assigned: o IE Number 34 for the samplingInterval IE o IE Number 35 for the samplingAlgorithm IE o IE Number 38 for the engineType IE o IE Number 39 for the engineId IE o IE Number 43 for the ipv4RouterSc IE o IE Number 48 for the samplerId IE o IE Number 49 for the samplerMode IE o IE Number 50 for the samplerRandomInterval IE o IE Number 51 for the classId IE o IE Number 84 for the samplerName IE o IE Number 87 for the flagsAndSamplerId IE o IE Number 89 for the forwardingStatus IE o IE Number 92 for the srcTrafficIndex IE o IE Number 93 for the dstTrafficIndex IE o IE Number 100 for the className IE o IE Number 102 for the layer2packetSectionOffset IE o IE Number 103 for the layer2packetSectionSize IE o IE Number 104 for the layer2packetSectionData IE Yourtchenko, et al. Informational [Page 12] RFC 7270Cisco Information ElementsJune 2014 7. Security ConsiderationsThis document specifies the definitions of several InformationElements and does not alter the security considerations of the baseprotocol. Please refer to the security considerations sections of[RFC3954] and [RFC7012].8. References8.1. Normative References[RFC7011] Claise, B., Trammell, B., and P. Aitken, "Specification ofthe IP Flow Information Export (IPFIX) Protocol for theExchange of Flow Information", STD 77, RFC 7011, September2013.8.2. Informative References[CCO-BGPPOL]Cisco, "BGP Policy Accounting and BGP Policy AccountingOutput Interface Accounting Features", December 2005,technologies_tech_note09186a0080094e88.shtml>.[CCO-MLS] Cisco, "IP MultiLayer Switching Sample Configuration",November 2007,products_configuration_example09186a00800ab513.shtml>.[CCO-NF9FMT]Cisco, "NetFlow Version 9 Flow-Record Format", May 2011,technologies_white_paper09186a00800a3db9.html>.[IANA-IPFIX]IANA, "IP Flow Information Export (IPFIX) Entities",.[IANA-PSAMP]IANA, "Packet Sampling (PSAMP) Parameters",.[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version9", RFC 3954, October 2004.[RFC6390] Clark, A. and B. Claise, "Guidelines for Considering NewPerformance Metric Development", BCP 170, RFC 6390,October 2011. Yourtchenko, et al.Informational[Page 13] RFC 7270Cisco Information ElementsJune 2014 [RFC6759] Claise, B., Aitken, P., and N. Ben-Dvora, "Cisco SystemsExport of Application Information in IP Flow InformationExport (IPFIX)", RFC 6759, November 2012.[RFC7012] Claise, B. and B. Trammell, "Information Model for IP FlowInformation Export (IPFIX)", RFC 7012, September 2013.[RFC7013] Trammell, B. and B. Claise, "Guidelines for Authors andReviewers of IP Flow Information Export (IPFIX)Information Elements", BCP 184, RFC 7013, September 2013. Yourtchenko, et al.Informational[Page 14] RFC 7270Cisco Information ElementsJune 2014 Appendix A. XML Specification of IPFIX Information Elementsxmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-infoipfix-info.xsd">group=""dataTypeSemantics="quantity"elementId="34" applicability="flow" status="deprecated">Deprecated in favor of 305 samplingPacketInterval. When usingsampled NetFlow, the rate at which packets are sampled --e.g., a value of 100 indicates that one of every 100 packetsis sampled.group=""dataTypeSemantics="identifier"elementId="35" applicability="flow" status="deprecated">Deprecated in favor of 304 selectorAlgorithm. The type ofalgorithm used for sampled NetFlow: 1 Deterministic Sampling,2 Random Sampling. The values are not compatible with theselectorAlgorithm IE, where "Deterministic" has been replacedby "Systematic count-based" (1) or "Systematic time-based" (2),and "Random" is (3). Conversion is required; see[IANA-PSAMP] PSAMP parameters.group=""dataTypeSemantics="identifier"elementId="38" applicability="flow" status="deprecated">Type of flow switching engine in a router/switch: RP = 0,VIP/Line card = 1, PFC/DFC = 2. Reserved for internal use onthe Collector. Yourtchenko, et al.Informational[Page 15] RFC 7270Cisco Information ElementsJune 2014 group=""dataTypeSemantics="identifier"elementId="39" applicability="flow" status="deprecated">Versatile Interface Processor (VIP) or line card slot number ofthe flow switching engine in a router/switch. Reserved forinternal use on the Collector.group=""dataTypeSemantics="default"elementId="43" applicability="flow" status="deprecated">This is a platform-specific field for the Catalyst 5000/Catalyst6000 family. It is used to store the address of a router thatis being shortcut when performing MultiLayer Switching.http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtmldescribes MultiLayer Switching.group=""dataTypeSemantics="identifier"elementId="48" applicability="flow" status="deprecated">Deprecated in favor of 302 selectorId. The unique identifierassociated with samplerName.group=""dataTypeSemantics="identifier"elementId="49" applicability="flow" status="deprecated"> Yourtchenko, et al.Informational[Page 16] RFC 7270Cisco Information ElementsJune 2014 Deprecated in favor of 304 selectorAlgorithm. The values arenot compatible: selectorAlgorithm=3 is random sampling. Thetype of algorithm used for sampled NetFlow: 1 DeterministicSampling, 2 Random Sampling. Use with samplerRandomInterval.group=""dataTypeSemantics="quantity"elementId="50" applicability="flow" status="deprecated">Deprecated in favor of 305 samplingPacketInterval. Packetinterval at which to sample -in case of random sampling. Usedin connection with the samplerMode 0x02 (random sampling) value.group=""dataTypeSemantics="identifier"elementId="51" applicability="flow" status="deprecated">Deprecated in favor of 302 selectorId. Characterizes thetraffic class, i.e., QoS treatment.group=""dataTypeSemantics=""elementId="84" applicability="flow" status="deprecated">Deprecated in favor of 335 selectorName. Name of the flowsampler.group=""dataTypeSemantics="identifier"elementId="87" applicability="flow" status="deprecated">Flow flags and the value of the sampler ID (samplerId) combined Yourtchenko, et al.Informational[Page 17] RFC 7270Cisco Information ElementsJune 2014 in one bitmapped field. Reserved for internal use on theCollector.group=""dataTypeSemantics="identifier"elementId="89" applicability="flow" status="current">This Information Element describes the forwarding status of theflow and any attached reasons. The reduced-size encoding rulesas per [RFC7011] apply.The basic encoding is 8 bits. The future extensionscould add one or three bytes. The layout of the basicencoding is as follows:MSB 0 1 2 3 4 5 6 7 LSB+---+---+---+---+---+---+---+---+| Status| Reason code or flags |+---+---+---+---+---+---+---+---+Status:00b = Unknown01b = Forwarded10b = Dropped11b = ConsumedReason Code (status = 01b, Forwarded)01 000000b = 64 = Unknown01 000001b = 65 = Fragmented01 000010b = 66 = Not FragmentedReason Code (status = 10b, Dropped)10 000000b = 128 = Unknown10 000001b = 129 = ACL deny10 000010b = 130 = ACL drop10 000011b = 131 = Unroutable10 000100b = 132 = Adjacency10 000101b = 133 = Fragmentation and DF set10 000110b = 134 = Bad header checksum10 000111b = 135 = Bad total Length10 001000b = 136 = Bad header length Yourtchenko, et al.Informational[Page 18] RFC 7270Cisco Information ElementsJune 2014 10 001001b = 137 = bad TTL10 001010b = 138 = Policer10 001011b = 139 = WRED10 001100b = 140 = RPF10 001101b = 141 = For us10 001110b = 142 = Bad output interface10 001111b = 143 = HardwareReason Code (status = 11b, Consumed)11 000000b = 192 = Unknown11 000001b = 193 = Punt Adjacency11 000010b = 194 = Incomplete Adjacency11 000011b = 195 = For usExamples:value : 0x40 = 64binary: 01000000decode: 01 -> Forward000000 -> No further informationvalue : 0x89 = 137binary: 10001001decode: 10 -> Drop001001 -> Fragmentation and DF setSee http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html -NetFlow Version 9 Flow-Record Format.group=""dataTypeSemantics="identifier"elementId="92" applicability="flow" status="current">BGP Policy Accounting Source Traffic Index.BGP policy accounting as described inhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml Yourtchenko, et al.Informational[Page 19] RFC 7270Cisco Information ElementsJune 2014 group=""dataTypeSemantics="identifier"elementId="93" applicability="flow" status="current">BGP Policy Accounting Destination Traffic Index.BGP policy accounting as described inhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtmlgroup=""dataTypeSemantics=""elementId="100" applicability="flow" status="deprecated">Deprecated in favor of 335 selectorName. Traffic Class Name,associated with the classId Information Element.group=""dataTypeSemantics="quantity"elementId="102" applicability="flow" status="deprecated">Deprecated in favor of 409 sectionOffset.Layer 2 packet section offset. Potentially a generic packetsection offset.group=""dataTypeSemantics="quantity"elementId="103" applicability="flow" status="deprecated">Deprecated in favor of 312 dataLinkFrameSize.Layer 2 packet section size. Potentially a generic packetsection size. Yourtchenko, et al.Informational[Page 20] RFC 7270Cisco Information ElementsJune 2014 group=""dataTypeSemantics=""elementId="104" applicability="flow" status="deprecated">Deprecated in favor of 315 dataLinkFrameSection.Layer 2 packet section data.Authors’ AddressesAndrew YourtchenkoCisco Systems, Inc.De Kleetlaan, 7Brussels, Diegem B-1831BelgiumPhone: +32 2 704 5494EMail: [email protected] Paul AitkenCisco Systems, Inc.96 Commercial QuayEdinburgh EH6 6LXScotlandPhone: +44 131 561 3616EMail: [email protected] Benoit ClaiseCisco Systems, Inc.De Kleetlaan, 6a b1Diegem B-1831BelgiumPhone: +32 2 704 5622EMail: [email protected] Yourtchenko, et al.Informational[Page 21]