From: Romain Lenglet Date: Mon, 22 Apr 2013 17:01:14 +0000 (-0700) Subject: Implement IPFIX export X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=29089a540cfa30a834e3ee19a8b4c52ff2e331b2 Implement IPFIX export Define a new NXAST_SAMPLE OpenFlow vendor action and the corresponding OFPACT_SAMPLE OVS action, to do per-flow packet sampling, translated into a new SAMPLE "flow_sample" dp action. Make the userspace action's userdata size vary depending on the union member used. Add a new "flow_sample" upcall to do per-flow packet sampling. Add a new "ipfix" upcall to do per-bridge packet sampling to IPFIX collectors. Extend the OVSDB schema to support configuring IPFIX collector sets. Add support for configuring multiple IPFIX collectors for per-flow packet sampling. Add support for configuring per-bridge IPFIX sampling. Automatically generate standard IPFIX entity definitions from the IANA specs. Send one IPFIX data record message for every packet sampled by an OpenFlow sample action or received by a bridge configured with IPFIX sampling, and periodically send IPFIX template set messages. Signed-off-by: Romain Lenglet Signed-off-by: Ben Pfaff --- diff --git a/FAQ b/FAQ index 7488112c5..e7249cf00 100644 --- a/FAQ +++ b/FAQ @@ -9,12 +9,13 @@ General Q: What is Open vSwitch? A: Open vSwitch is a production quality open source software switch - designed to be used as a vswitch in virtualized server environments. A - vswitch forwards traffic between different VMs on the same physical host - and also forwards traffic between VMs and the physical network. Open - vSwitch supports standard management interfaces (e.g. sFlow, NetFlow, - RSPAN, CLI), and is open to programmatic extension and control using - OpenFlow and the OVSDB management protocol. + designed to be used as a vswitch in virtualized server + environments. A vswitch forwards traffic between different VMs on + the same physical host and also forwards traffic between VMs and + the physical network. Open vSwitch supports standard management + interfaces (e.g. sFlow, NetFlow, IPFIX, RSPAN, CLI), and is open to + programmatic extension and control using OpenFlow and the OVSDB + management protocol. Open vSwitch as designed to be compatible with modern switching chipsets. This means that it can be ported to existing high-fanout @@ -153,6 +154,11 @@ A: The following table lists the Linux kernel versions against which the It should build against almost any kernel, certainly against 2.6.18 and later. +Q: What Linux kernel versions does IPFIX flow monitoring work with? + +A: IPFIX flow monitoring requires the Linux kernel module from Open + vSwitch version 1.10.90 or later. + Q: Should userspace or kernel be upgraded first to minimize downtime? In general, the Open vSwitch userspace should be used with the diff --git a/NEWS b/NEWS index d3faeba77..98d300b40 100644 --- a/NEWS +++ b/NEWS @@ -82,6 +82,7 @@ v1.10.0 - xx xxx xxxx retire that meaning of ANY in favor of the OpenFlow 1.1 meaning. - Patch ports no longer require kernel support, so they now work with FreeBSD and the kernel module built into Linux 3.3 and later. + - New "sample" action. v1.9.0 - 26 Feb 2013 diff --git a/WHY-OVS b/WHY-OVS index e8c6f752b..f5f47ff2b 100644 --- a/WHY-OVS +++ b/WHY-OVS @@ -21,7 +21,7 @@ vSwitch cope with the above requirements. migratable between different hosts. This may include traditional "soft state" (such as an entry in an L2 learning table), L3 forwarding state, policy routing state, ACLs, QoS policy, monitoring - configuration (e.g. NetFlow, sFlow), etc. + configuration (e.g. NetFlow, IPFIX, sFlow), etc. Open vSwitch has support for both configuring and migrating both slow (configuration) and fast network state between instances. For @@ -38,13 +38,14 @@ vSwitch cope with the above requirements. environments, and so forth. Open vSwitch supports a number of features that allow a network - control system to respond and adapt as the environment changes. This - includes simple accounting and visibility support such as NetFlow and - sFlow. But perhaps more useful, Open vSwitch supports a network state - database (OVSDB) that supports remote triggers. Therefore, a piece of - orchestration software can "watch" various aspects of the network and - respond if/when they change. This is used heavily today, for example, - to respond to and track VM migrations. + control system to respond and adapt as the environment changes. + This includes simple accounting and visibility support such as + NetFlow, IPFIX, and sFlow. But perhaps more useful, Open vSwitch + supports a network state database (OVSDB) that supports remote + triggers. Therefore, a piece of orchestration software can "watch" + various aspects of the network and respond if/when they change. + This is used heavily today, for example, to respond to and track VM + migrations. Open vSwitch also supports OpenFlow as a method of exporting remote access to control traffic. There are a number of uses for this diff --git a/debian/control b/debian/control index aaf400ae1..fe58b3172 100644 --- a/debian/control +++ b/debian/control @@ -16,13 +16,13 @@ Architecture: all Depends: module-assistant, bzip2, debhelper (>= 5.0.37), ${misc:Depends} Suggests: openvswitch-switch Description: Open vSwitch datapath module source - module-assistant version - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package provides the Open vSwitch datapath module source code that is needed by openvswitch-switch. The kernel module can be built @@ -33,13 +33,13 @@ Package: openvswitch-datapath-dkms Architecture: all Depends: dkms (>= 1.95), make, libc6-dev, ${misc:Depends}, ${python:Depends} Description: Open vSwitch datapath module source - DKMS version - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package provides the Open vSwitch datapath module source code that is needed by openvswitch-switch. DKMS can built the kernel @@ -52,13 +52,13 @@ Depends: python (>= 2.7) | python-argparse Suggests: ethtool Description: Open vSwitch common components - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . openvswitch-common provides components required by both openvswitch-switch and openvswitch-controller. @@ -68,34 +68,34 @@ Architecture: linux-any Suggests: openvswitch-datapath-module Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, openvswitch-common (= ${binary:Version}), module-init-tools, procps, uuid-runtime, netbase Description: Open vSwitch switch implementations - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . openvswitch-switch provides the userspace components and utilities for - the Open vSwitch kernel-based switch. + the Open vSwitch kernel-based switch. Package: openvswitch-ipsec Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, python, - ipsec-tools (>=0.8~alpha20101208), + ipsec-tools (>=0.8~alpha20101208), racoon (>=0.8~alpha20101208), openvswitch-common (= ${binary:Version}), openvswitch-switch (= ${binary:Version}), python-openvswitch (= ${source:Version}) Description: Open vSwitch GRE-over-IPsec support - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . The ovs-monitor-ipsec script provides support for encrypting GRE tunnels with IPsec. @@ -106,13 +106,13 @@ Depends: ${misc:Depends}, openvswitch-common (>= ${source:Version}), openvswitch-common (<< ${source:Version}.1~) Description: Open vSwitch public key infrastructure dependency package - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . openvswitch-pki provides PKI (public key infrastructure) support for Open vSwitch switches and controllers, reducing the risk of @@ -124,13 +124,13 @@ Depends: ${shlibs:Depends}, openvswitch-common (= ${binary:Version}), openvswitch-pki (= ${source:Version}), ${misc:Depends} Description: Open vSwitch controller implementation - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . The Open vSwitch controller enables OpenFlow switches that connect to it to act as MAC-learning Ethernet switches. @@ -144,13 +144,13 @@ Depends: openvswitch-controller (= ${binary:Version}), openvswitch-switch (= ${binary:Version}) Description: Debug symbols for Open vSwitch packages - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package contains the debug symbols for all the other openvswitch-* packages. Install it to debug one of them or to examine a core dump @@ -161,13 +161,13 @@ Architecture: all Section: python Depends: ${misc:Depends}, ${python:Depends} Description: Python bindings for Open vSwitch - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package contains the full Python bindings for Open vSwitch database. @@ -176,13 +176,13 @@ Architecture: all Section: utils Depends: ${python:Depends}, python-openvswitch, ${misc:Depends} Description: Open vSwitch graphical monitoring tool - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package is a GUI tool for monitoring and troubleshooting local or remote Open vSwitch installations. It presents GUI tables that @@ -194,13 +194,13 @@ Package: openvswitch-test Architecture: all Depends: ${misc:Depends}, ${python:Depends}, python-twisted-web, python (>= 2.7) | python-argparse Description: Open vSwitch test package - Open vSwitch is a production quality, multilayer, software-based, Ethernet - virtual switch. It is designed to enable massive network automation through - programmatic extension, while still supporting standard management interfaces - and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In - addition, it is designed to support distribution across multiple physical - servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus - 1000V. + Open vSwitch is a production quality, multilayer, software-based, + Ethernet virtual switch. It is designed to enable massive network + automation through programmatic extension, while still supporting + standard management interfaces and protocols (e.g. NetFlow, IPFIX, + sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed + to support distribution across multiple physical servers similar to + VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. . This package contains utilities that are useful to diagnose performance and connectivity issues in Open vSwitch setup. diff --git a/include/openflow/nicira-ext.h b/include/openflow/nicira-ext.h index 54fc4f95e..c80ff9560 100644 --- a/include/openflow/nicira-ext.h +++ b/include/openflow/nicira-ext.h @@ -312,6 +312,7 @@ enum nx_action_subtype { NXAST_DEC_MPLS_TTL, /* struct nx_action_header */ NXAST_STACK_PUSH, /* struct nx_action_stack */ NXAST_STACK_POP, /* struct nx_action_stack */ + NXAST_SAMPLE, /* struct nx_action_sample */ }; /* Header for Nicira-defined actions. */ @@ -2233,4 +2234,29 @@ struct nx_action_mpls_ttl { }; OFP_ASSERT(sizeof(struct nx_action_mpls_ttl) == 16); +/* Action structure for NXAST_SAMPLE. + * + * Samples matching packets with the given probability and sends them + * each to the set of collectors identified with the given ID. The + * probability is expressed as a number of packets to be sampled out + * of USHRT_MAX packets, and must be >0. + * + * When sending packet samples to IPFIX collectors, the IPFIX flow + * record sent for each sampled packet is associated with the given + * observation domain ID and observation point ID. Each IPFIX flow + * record contain the sampled packet's headers when executing this + * rule. If a sampled packet's headers are modified by previous + * actions in the flow, those modified headers are sent. */ +struct nx_action_sample { + ovs_be16 type; /* OFPAT_VENDOR. */ + ovs_be16 len; /* Length is 24. */ + ovs_be32 vendor; /* NX_VENDOR_ID. */ + ovs_be16 subtype; /* NXAST_SAMPLE. */ + ovs_be16 probability; /* Fraction of packets to sample. */ + ovs_be32 collector_set_id; /* ID of collector set in OVSDB. */ + ovs_be32 obs_domain_id; /* ID of sampling observation domain. */ + ovs_be32 obs_point_id; /* ID of sampling observation point. */ +}; +OFP_ASSERT(sizeof(struct nx_action_sample) == 24); + #endif /* openflow/nicira-ext.h */ diff --git a/lib/odp-util.c b/lib/odp-util.c index a8889dc58..1988c637e 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -262,43 +262,60 @@ format_odp_userspace_action(struct ds *ds, const struct nlattr *attr) nl_attr_get_u32(a[OVS_USERSPACE_ATTR_PID])); userdata_attr = a[OVS_USERSPACE_ATTR_USERDATA]; - if (userdata_attr && nl_attr_get_size(userdata_attr) == sizeof(uint64_t)) { - uint64_t userdata = nl_attr_get_u64(a[OVS_USERSPACE_ATTR_USERDATA]); - union user_action_cookie cookie; - - memcpy(&cookie, &userdata, sizeof cookie); - - switch (cookie.type) { - case USER_ACTION_COOKIE_SFLOW: - ds_put_format(ds, ",sFlow(" - "vid=%"PRIu16",pcp=%"PRIu8",output=%"PRIu32")", - vlan_tci_to_vid(cookie.sflow.vlan_tci), - vlan_tci_to_pcp(cookie.sflow.vlan_tci), - cookie.sflow.output); - break; - case USER_ACTION_COOKIE_SLOW_PATH: - ds_put_cstr(ds, ",slow_path("); - format_flags(ds, slow_path_reason_to_string, - cookie.slow_path.reason, ','); - ds_put_format(ds, ")"); - break; + if (userdata_attr) { + const uint8_t *userdata = nl_attr_get(userdata_attr); + size_t userdata_len = nl_attr_get_size(userdata_attr); + bool userdata_unspec = true; + union user_action_cookie cookie; - case USER_ACTION_COOKIE_UNSPEC: - default: - ds_put_format(ds, ",userdata=0x%"PRIx64, userdata); - break; + if (userdata_len >= sizeof cookie.type + && userdata_len <= sizeof cookie) { + + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, userdata, userdata_len); + + userdata_unspec = false; + + if (userdata_len == sizeof cookie.sflow + && cookie.type == USER_ACTION_COOKIE_SFLOW) { + ds_put_format(ds, ",sFlow(" + "vid=%"PRIu16",pcp=%"PRIu8",output=%"PRIu32")", + vlan_tci_to_vid(cookie.sflow.vlan_tci), + vlan_tci_to_pcp(cookie.sflow.vlan_tci), + cookie.sflow.output); + } else if (userdata_len == sizeof cookie.slow_path + && cookie.type == USER_ACTION_COOKIE_SLOW_PATH) { + ds_put_cstr(ds, ",slow_path("); + format_flags(ds, slow_path_reason_to_string, + cookie.slow_path.reason, ','); + ds_put_format(ds, ")"); + } else if (userdata_len == sizeof cookie.flow_sample + && cookie.type == USER_ACTION_COOKIE_FLOW_SAMPLE) { + ds_put_format(ds, ",flow_sample(probability=%"PRIu16 + ",collector_set_id=%"PRIu32 + ",obs_domain_id=%"PRIu32 + ",obs_point_id=%"PRIu32")", + cookie.flow_sample.probability, + cookie.flow_sample.collector_set_id, + cookie.flow_sample.obs_domain_id, + cookie.flow_sample.obs_point_id); + } else if (userdata_len == sizeof cookie.ipfix + && cookie.type == USER_ACTION_COOKIE_IPFIX) { + ds_put_format(ds, ",ipfix"); + } else { + userdata_unspec = true; + } } - } else if (userdata_attr) { - const uint8_t *userdata = nl_attr_get(userdata_attr); - size_t len = nl_attr_get_size(userdata_attr); - size_t i; - ds_put_format(ds, ",userdata("); - for (i = 0; i < len; i++) { - ds_put_format(ds, "%02x", userdata[i]); + if (userdata_unspec) { + size_t i; + ds_put_format(ds, ",userdata("); + for (i = 0; i < userdata_len; i++) { + ds_put_format(ds, "%02x", userdata[i]); + } + ds_put_char(ds, ')'); } - ds_put_char(ds, ')'); } ds_put_char(ds, ')'); @@ -456,7 +473,10 @@ parse_odp_action(const char *s, const struct simap *port_names, { unsigned long long int pid; unsigned long long int output; - char userdata_s[32]; + unsigned long long int probability; + unsigned long long int collector_set_id; + unsigned long long int obs_domain_id; + unsigned long long int obs_point_id; int vid, pcp; int n = -1; @@ -477,7 +497,8 @@ parse_odp_action(const char *s, const struct simap *port_names, cookie.type = USER_ACTION_COOKIE_SFLOW; cookie.sflow.vlan_tci = htons(tci); cookie.sflow.output = output; - odp_put_userspace_action(pid, &cookie, sizeof cookie, actions); + odp_put_userspace_action(pid, &cookie, sizeof cookie.sflow, + actions); return n; } else if (sscanf(s, "userspace(pid=%lli,slow_path%n", &pid, &n) > 0 && n > 0) { @@ -499,15 +520,30 @@ parse_odp_action(const char *s, const struct simap *port_names, } n++; - odp_put_userspace_action(pid, &cookie, sizeof cookie, actions); + odp_put_userspace_action(pid, &cookie, sizeof cookie.slow_path, + actions); return n; - } else if (sscanf(s, "userspace(pid=%lli,userdata=" - "%31[x0123456789abcdefABCDEF])%n", &pid, userdata_s, - &n) > 0 && n > 0) { - uint64_t userdata; + } else if (sscanf(s, "userspace(pid=%lli,flow_sample(probability=%lli," + "collector_set_id=%lli,obs_domain_id=%lli," + "obs_point_id=%lli))%n", + &pid, &probability, &collector_set_id, + &obs_domain_id, &obs_point_id, &n) > 0 && n > 0) { + union user_action_cookie cookie; + + cookie.type = USER_ACTION_COOKIE_FLOW_SAMPLE; + cookie.flow_sample.probability = probability; + cookie.flow_sample.collector_set_id = collector_set_id; + cookie.flow_sample.obs_domain_id = obs_domain_id; + cookie.flow_sample.obs_point_id = obs_point_id; + odp_put_userspace_action(pid, &cookie, sizeof cookie.flow_sample, + actions); + return n; + } else if (sscanf(s, "userspace(pid=%lli,ipfix)%n", &pid, &n) > 0 + && n > 0) { + union user_action_cookie cookie; - userdata = strtoull(userdata_s, NULL, 0); - odp_put_userspace_action(pid, &userdata, sizeof(userdata), + cookie.type = USER_ACTION_COOKIE_IPFIX; + odp_put_userspace_action(pid, &cookie, sizeof cookie.ipfix, actions); return n; } else if (sscanf(s, "userspace(pid=%lli,userdata(%n", &pid, &n) > 0 diff --git a/lib/odp-util.h b/lib/odp-util.h index ad0fb30ef..0b34383ce 100644 --- a/lib/odp-util.h +++ b/lib/odp-util.h @@ -127,8 +127,10 @@ void commit_odp_actions(const struct flow *, struct flow *base, enum user_action_cookie_type { USER_ACTION_COOKIE_UNSPEC, - USER_ACTION_COOKIE_SFLOW, /* Packet for sFlow sampling. */ - USER_ACTION_COOKIE_SLOW_PATH /* Userspace must process this flow. */ + USER_ACTION_COOKIE_SFLOW, /* Packet for per-bridge sFlow sampling. */ + USER_ACTION_COOKIE_SLOW_PATH, /* Userspace must process this flow. */ + USER_ACTION_COOKIE_FLOW_SAMPLE, /* Packet for per-flow sampling. */ + USER_ACTION_COOKIE_IPFIX, /* Packet for per-bridge IPFIX sampling. */ }; /* user_action_cookie is passed as argument to OVS_ACTION_ATTR_USERSPACE. @@ -147,8 +149,20 @@ union user_action_cookie { uint16_t unused; uint32_t reason; /* enum slow_path_reason. */ } slow_path; + + struct { + uint16_t type; /* USER_ACTION_COOKIE_FLOW_SAMPLE. */ + uint16_t probability; /* Sampling probability. */ + uint32_t collector_set_id; /* ID of IPFIX collector set. */ + uint32_t obs_domain_id; /* Observation Domain ID. */ + uint32_t obs_point_id; /* Observation Point ID. */ + } flow_sample; + + struct { + uint16_t type; /* USER_ACTION_COOKIE_IPFIX. */ + } ipfix; }; -BUILD_ASSERT_DECL(sizeof(union user_action_cookie) == 8); +BUILD_ASSERT_DECL(sizeof(union user_action_cookie) == 16); size_t odp_put_userspace_action(uint32_t pid, const void *userdata, size_t userdata_size, diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index d405d2d4e..068699f66 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -217,6 +217,25 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids, return 0; } +static enum ofperr +sample_from_openflow(const struct nx_action_sample *nas, + struct ofpbuf *out) +{ + struct ofpact_sample *sample; + + sample = ofpact_put_SAMPLE(out); + sample->probability = ntohs(nas->probability); + sample->collector_set_id = ntohl(nas->collector_set_id); + sample->obs_domain_id = ntohl(nas->obs_domain_id); + sample->obs_point_id = ntohl(nas->obs_point_id); + + if (sample->probability == 0) { + return OFPERR_OFPBAC_BAD_ARGUMENT; + } + + return 0; +} + static enum ofperr decode_nxast_action(const union ofp_action *a, enum ofputil_action_code *code) { @@ -434,6 +453,11 @@ ofpact_from_nxast(const union ofp_action *a, enum ofputil_action_code code, ofpact_put_POP_MPLS(out)->ethertype = nxapm->ethertype; break; } + + case OFPUTIL_NXAST_SAMPLE: + error = sample_from_openflow( + (const struct nx_action_sample *) a, out); + break; } return error; @@ -1199,6 +1223,9 @@ ofpact_check__(const struct ofpact *a, const struct flow *flow, int max_ports, *dl_type = ofpact_get_POP_MPLS(a)->ethertype; return 0; + case OFPACT_SAMPLE: + return 0; + case OFPACT_CLEAR_ACTIONS: case OFPACT_WRITE_METADATA: case OFPACT_GOTO_TABLE: @@ -1393,6 +1420,19 @@ ofpact_fin_timeout_to_nxast(const struct ofpact_fin_timeout *fin_timeout, naft->fin_hard_timeout = htons(fin_timeout->fin_hard_timeout); } +static void +ofpact_sample_to_nxast(const struct ofpact_sample *os, + struct ofpbuf *out) +{ + struct nx_action_sample *nas; + + nas = ofputil_put_NXAST_SAMPLE(out); + nas->probability = htons(os->probability); + nas->collector_set_id = htonl(os->collector_set_id); + nas->obs_domain_id = htonl(os->obs_domain_id); + nas->obs_point_id = htonl(os->obs_point_id); +} + static void ofpact_to_nxast(const struct ofpact *a, struct ofpbuf *out) { @@ -1489,6 +1529,10 @@ ofpact_to_nxast(const struct ofpact *a, struct ofpbuf *out) ofpact_get_POP_MPLS(a)->ethertype; break; + case OFPACT_SAMPLE: + ofpact_sample_to_nxast(ofpact_get_SAMPLE(a), out); + break; + case OFPACT_OUTPUT: case OFPACT_ENQUEUE: case OFPACT_SET_VLAN_VID: @@ -1621,6 +1665,7 @@ ofpact_to_openflow10(const struct ofpact *a, struct ofpbuf *out) case OFPACT_EXIT: case OFPACT_PUSH_MPLS: case OFPACT_POP_MPLS: + case OFPACT_SAMPLE: ofpact_to_nxast(a, out); break; } @@ -1784,6 +1829,7 @@ ofpact_to_openflow11(const struct ofpact *a, struct ofpbuf *out) case OFPACT_MULTIPATH: case OFPACT_NOTE: case OFPACT_EXIT: + case OFPACT_SAMPLE: ofpact_to_nxast(a, out); break; } @@ -1912,6 +1958,7 @@ ofpact_outputs_to_port(const struct ofpact *ofpact, uint16_t port) case OFPACT_EXIT: case OFPACT_PUSH_MPLS: case OFPACT_POP_MPLS: + case OFPACT_SAMPLE: case OFPACT_CLEAR_ACTIONS: case OFPACT_GOTO_TABLE: default: @@ -2003,6 +2050,7 @@ ofpact_format(const struct ofpact *a, struct ds *s) const struct ofpact_controller *controller; const struct ofpact_metadata *metadata; const struct ofpact_tunnel *tunnel; + const struct ofpact_sample *sample; uint16_t port; switch (a->type) { @@ -2204,6 +2252,15 @@ ofpact_format(const struct ofpact *a, struct ds *s) ds_put_cstr(s, "exit"); break; + case OFPACT_SAMPLE: + sample = ofpact_get_SAMPLE(a); + ds_put_format( + s, "sample(probability=%"PRIu16",collector_set_id=%"PRIu32 + ",obs_domain_id=%"PRIu32",obs_point_id=%"PRIu32")", + sample->probability, sample->collector_set_id, + sample->obs_domain_id, sample->obs_point_id); + break; + case OFPACT_CLEAR_ACTIONS: ds_put_format(s, "%s", ofpact_instruction_name_from_type( diff --git a/lib/ofp-actions.h b/lib/ofp-actions.h index 0189c8aee..ffceb05b7 100644 --- a/lib/ofp-actions.h +++ b/lib/ofp-actions.h @@ -94,6 +94,7 @@ /* Other. */ \ DEFINE_OFPACT(NOTE, ofpact_note, data) \ DEFINE_OFPACT(EXIT, ofpact_null, ofpact) \ + DEFINE_OFPACT(SAMPLE, ofpact_sample, ofpact) \ \ /* Instructions */ \ /* XXX Write-Actions */ \ @@ -441,6 +442,17 @@ struct ofpact_note { uint8_t data[]; }; +/* OFPACT_SAMPLE. + * + * Used for NXAST_SAMPLE. */ +struct ofpact_sample { + struct ofpact ofpact; + uint16_t probability; // Always >0. + uint32_t collector_set_id; + uint32_t obs_domain_id; + uint32_t obs_point_id; +}; + /* OFPACT_DEC_TTL. * * Used for OFPAT11_DEC_NW_TTL, NXAST_DEC_TTL and NXAST_DEC_TTL_CNT_IDS. */ diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c index e8abc9f6d..295c03816 100644 --- a/lib/ofp-parse.c +++ b/lib/ofp-parse.c @@ -389,6 +389,34 @@ parse_metadata(struct ofpbuf *b, char *arg) om->metadata = htonll(str_to_u64(arg)); } +static void +parse_sample(struct ofpbuf *b, char *arg) +{ + struct ofpact_sample *os = ofpact_put_SAMPLE(b); + char *key, *value; + + while (ofputil_parse_key_value(&arg, &key, &value)) { + if (!strcmp(key, "probability")) { + os->probability = str_to_u16(value, "probability"); + if (os->probability == 0) { + ovs_fatal(0, "invalid probability value \"%s\"", value); + } + } else if (!strcmp(key, "collector_set_id")) { + os->collector_set_id = str_to_u32(value); + } else if (!strcmp(key, "obs_domain_id")) { + os->obs_domain_id = str_to_u32(value); + } else if (!strcmp(key, "obs_point_id")) { + os->obs_point_id = str_to_u32(value); + } else { + ovs_fatal(0, "invalid key \"%s\" in \"sample\" argument", + key); + } + } + if (os->probability == 0) { + ovs_fatal(0, "non-zero \"probability\" must be specified on sample"); + } +} + static void parse_named_action(enum ofputil_action_code code, const struct flow *flow, char *arg, struct ofpbuf *ofpacts) @@ -591,12 +619,17 @@ parse_named_action(enum ofputil_action_code code, const struct flow *flow, ofpact_put_POP_MPLS(ofpacts)->ethertype = htons(str_to_u16(arg, "pop_mpls")); break; + case OFPUTIL_NXAST_STACK_PUSH: nxm_parse_stack_action(ofpact_put_STACK_PUSH(ofpacts), arg); break; case OFPUTIL_NXAST_STACK_POP: nxm_parse_stack_action(ofpact_put_STACK_POP(ofpacts), arg); break; + + case OFPUTIL_NXAST_SAMPLE: + parse_sample(ofpacts, arg); + break; } } diff --git a/lib/ofp-util.def b/lib/ofp-util.def index b7dde4832..d88d4206c 100644 --- a/lib/ofp-util.def +++ b/lib/ofp-util.def @@ -71,6 +71,7 @@ NXAST_ACTION(NXAST_SET_MPLS_TTL, nx_action_mpls_ttl, 0, "set_mpls_ttl") NXAST_ACTION(NXAST_DEC_MPLS_TTL, nx_action_header, 0, "dec_mpls_ttl") NXAST_ACTION(NXAST_PUSH_MPLS, nx_action_push_mpls, 0, "push_mpls") NXAST_ACTION(NXAST_POP_MPLS, nx_action_pop_mpls, 0, "pop_mpls") +NXAST_ACTION(NXAST_SAMPLE, nx_action_sample, 0, "sample") #undef OFPAT10_ACTION #undef OFPAT11_ACTION diff --git a/ofproto/automake.mk b/ofproto/automake.mk index 69f014f1d..e4ea41d01 100644 --- a/ofproto/automake.mk +++ b/ofproto/automake.mk @@ -23,6 +23,8 @@ ofproto_libofproto_a_SOURCES = \ ofproto/ofproto-dpif.c \ ofproto/ofproto-dpif-governor.c \ ofproto/ofproto-dpif-governor.h \ + ofproto/ofproto-dpif-ipfix.c \ + ofproto/ofproto-dpif-ipfix.h \ ofproto/ofproto-dpif-sflow.c \ ofproto/ofproto-dpif-sflow.h \ ofproto/ofproto-provider.h \ @@ -33,4 +35,18 @@ ofproto_libofproto_a_SOURCES = \ ofproto/tunnel.c \ ofproto/tunnel.h +# Distribute this generated file in order not to require Python at +# build time if ofproto/ipfix.xml is not modified. +ofproto_libofproto_a_SOURCES += ofproto/ipfix-entities.def + +BUILT_SOURCES += ofproto/ipfix-entities.def + +CLEANFILES += ofproto/ipfix-entities.def + MAN_FRAGMENTS += ofproto/ofproto-unixctl.man ofproto/ofproto-dpif-unixctl.man + +# IPFIX entity definition macros generation from IANA's XML definition. +EXTRA_DIST += ofproto/ipfix.xml +dist_noinst_SCRIPTS = ofproto/ipfix-gen-entities +ofproto/ipfix-entities.def: ofproto/ipfix.xml ofproto/ipfix-gen-entities + $(run_python) $(srcdir)/ofproto/ipfix-gen-entities $< > $@ diff --git a/ofproto/ipfix-gen-entities b/ofproto/ipfix-gen-entities new file mode 100755 index 000000000..4d4e0de6a --- /dev/null +++ b/ofproto/ipfix-gen-entities @@ -0,0 +1,140 @@ +#!/usr/bin/python +# +# Copyright (C) 2012 Nicira, Inc. +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without warranty of any kind. + +import getopt +import re +import sys +import xml.sax +import xml.sax.handler + +class IpfixEntityHandler(xml.sax.handler.ContentHandler): + + RECORD_FIELDS = ['name', 'dataType', 'elementId', 'status'] + + # Cf. RFC 5101, Section 6. + DATA_TYPE_SIZE = { + 'unsigned8': 1, + 'unsigned16': 2, + 'unsigned32': 4, + 'unsigned64': 8, + 'signed8': 1, + 'signed16': 2, + 'signed32': 4, + 'signed64': 8, + 'float32': 4, + 'float64': 8, + 'boolean': 1, # Not clear. + 'macAddress': 6, + 'octetArray': 0, # Not clear. + 'string': 0, # Not clear. + 'dateTimeSeconds': 4, + 'dateTimeMilliseconds': 8, + 'dateTimeMicroseconds': 8, + 'dateTimeNanoseconds': 8, + 'ipv4Address': 4, + 'ipv6Address': 16, + } + + def __init__(self): + self.current_field_name = None + self.current_field_value = [] + self.current_record = dict() + + def startDocument(self): + print """\ +/* IPFIX entities. */ +#ifndef IPFIX_ENTITY +#define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) +#endif +""" + + def endDocument(self): + print """ +#undef IPFIX_ENTITY""" + + def startElement(self, name, attrs): + if name in self.RECORD_FIELDS: + self.current_field_name = name + else: + self.current_field_name = None + self.current_field_value = [] + + @staticmethod + def camelcase_to_uppercase(s): + return re.sub('(.)([A-Z]+)', r'\1_\2', s).upper() + + def endElement(self, name): + if self.current_field_name is not None: + self.current_record[self.current_field_name] = ''.join( + self.current_field_value).strip() + elif (name == 'record' + and self.current_record.get('status') == 'current' + and 'dataType' in self.current_record): + + self.current_record['enumName'] = self.camelcase_to_uppercase( + self.current_record['name']) + self.current_record['dataTypeSize'] = self.DATA_TYPE_SIZE.get( + self.current_record['dataType'], 0) + + print 'IPFIX_ENTITY(%(enumName)s, %(elementId)s, ' \ + '%(dataTypeSize)i, %(name)s)' % self.current_record + self.current_record.clear() + + def characters(self, content): + if self.current_field_name is not None: + self.current_field_value.append(content) + +def print_ipfix_entity_macros(xml_file): + xml.sax.parse(xml_file, IpfixEntityHandler()) + +def usage(name): + print """\ +%(name)s: IPFIX entity definition generator +Prints C macros defining IPFIX entities from the standard IANA file at + +usage: %(name)s [OPTIONS] XML +where XML is the standard IANA XML file defining IPFIX entities + +The following options are also available: + -h, --help display this help message + -V, --version display version information\ +""" % {'name': name} + sys.exit(0) + +if __name__ == '__main__': +# try: + try: + options, args = getopt.gnu_getopt(sys.argv[1:], 'hV', + ['help', 'version']) + except getopt.GetoptError, geo: + sys.stderr.write('%s: %s\n' % (sys.argv[0], geo.msg)) + sys.exit(1) + + for key, value in options: + if key in ['-h', '--help']: + usage() + elif key in ['-V', '--version']: + print 'ipfix-gen-entities (Open vSwitch)' + else: + sys.exit(0) + + if len(args) != 1: + sys.stderr.write('%s: exactly 1 non-option arguments required ' + '(use --help for help)\n' % sys.argv[0]) + sys.exit(1) + + print_ipfix_entity_macros(args[0]) + +# except Exception, e: +# sys.stderr.write('%s: %s\n' % (sys.argv[0], e)) +# sys.exit(1) + +# Local variables: +# mode: python +# End: diff --git a/ofproto/ipfix.xml b/ofproto/ipfix.xml new file mode 100644 index 000000000..845722f1a --- /dev/null +++ b/ofproto/ipfix.xml @@ -0,0 +1,8752 @@ + + + + + IP Flow Information Export (IPFIX) Entities + 2007-05-10 + 2012-12-05 + For the IPFIX schema, please see . + + + IPFIX Information Elements + Expert Review + Primary expert - Nevil Brownlee and Secondary expert - Juergen Quittek + + Values 0-127: NFv9-compatible + + Reserved + 0 + current + + + + + + octetDeltaCount + unsigned64 + flowCounter + deltaCounter + 1 + data + current + + + The number of octets since the previous report (if any) + in incoming packets for this Flow at the Observation Point. + The number of octets includes IP header(s) and IP payload. + + + octets + + + + + packetDeltaCount + unsigned64 + flowCounter + deltaCounter + 2 + data + current + + + The number of incoming packets since the previous report + (if any) for this Flow at the Observation Point. + + + packets + + + + + deltaFlowCount + unsigned64 + deltaCounter + 3 + current + + + The conservative count of Original Flows contributing + to this Aggregated Flow; may be distributed via any of the methods + expressed by the valueDistributionMethod Information Element. + + + + + + + protocolIdentifier + unsigned8 + ipHeader + identifier + 4 + all + current + + + The value of the protocol number in the IP packet header. + The protocol number identifies the IP packet payload type. + Protocol numbers are defined in the IANA Protocol Numbers + registry. + + + In Internet Protocol version 4 (IPv4), this is carried in the + Protocol field. In Internet Protocol version 6 (IPv6), this + is carried in the Next Header field in the last extension + header of the packet. + + + + + See for the specification of the IPv4 + protocol field. + See for the specification of the + IPv6 protocol field. + See the list of protocol numbers assigned by IANA at . + + + + + + + ipClassOfService + unsigned8 + ipHeader + identifier + 5 + all + current + + + For IPv4 packets, this is the value of the TOS field in + the IPv4 packet header. For IPv6 packets, this is the + value of the Traffic Class field in the IPv6 packet header. + + + + + See (Section 5.3.2) and for the definition of the IPv4 TOS field. + See for the definition of the IPv6 + Traffic Class field. + + + + + + + tcpControlBits + unsigned8 + minMax + flags + 6 + all + current + + + TCP control bits observed for packets of this Flow. + The information is encoded in a set of bit fields. + For each TCP control bit, there is a bit in this + set. A bit is set to 1 if any observed packet of this + Flow has the corresponding TCP control bit set to 1. + A value of 0 for a bit indicates that the corresponding + bit was not set in any of the observed packets + of this Flow. + + + 0 1 2 3 4 5 6 7 + +-----+-----+-----+-----+-----+-----+-----+-----+ + | Reserved | URG | ACK | PSH | RST | SYN | FIN | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + Reserved: Reserved for future use by TCP. Must be zero. + URG: Urgent Pointer field significant + ACK: Acknowledgment field significant + PSH: Push Function + RST: Reset the connection + SYN: Synchronize sequence numbers + FIN: No more data from sender + + + + + See for the definition of the TCP + control bits in the TCP header. + + + + + + + sourceTransportPort + unsigned16 + transportHeader + identifier + 7 + all + current + + + The source port identifier in the transport header. + For the transport protocols UDP, TCP, and SCTP, this is the + source port number given in the respective header. This + field MAY also be used for future transport protocols that + have 16-bit source port identifiers. + + + + + See for the definition of the UDP + source port field. + See for the definition of the TCP + source port field. + See for the definition of SCTP. + + + Additional information on defined UDP and TCP port numbers can be + found at . + + + + + + + sourceIPv4Address + ipv4Address + ipHeader + identifier + 8 + all + current + + + The IPv4 source address in the IP packet header. + + + + + See for the definition of the IPv4 + source address field. + + + + + + + sourceIPv4PrefixLength + unsigned8 + ipHeader + 9 + option + current + + + The number of contiguous bits that are relevant in the + sourceIPv4Prefix Information Element. + + + bits + 0-32 + + + + + ingressInterface + unsigned32 + scope + identifier + 10 + all + current + + + The index of the IP interface where packets of this Flow + are being received. The value matches the value of managed + object 'ifIndex' as defined in RFC 2863. + Note that ifIndex values are not assigned statically to an + interface and that the interfaces may be renumbered every + time the device's management system is re-initialized, as + specified in RFC 2863. + + + + + See for the definition of the + ifIndex object. + + + + + + + destinationTransportPort + unsigned16 + transportHeader + identifier + 11 + all + current + + + The destination port identifier in the transport header. + For the transport protocols UDP, TCP, and SCTP, this is the + destination port number given in the respective header. + This field MAY also be used for future transport protocols + that have 16-bit destination port identifiers. + + + + + See for the definition of the UDP + destination port field. + See for the definition of the TCP + destination port field. + See for the definition of SCTP. + + + Additional information on defined UDP and TCP port numbers can be + found at . + + + + + + + destinationIPv4Address + ipv4Address + ipHeader + identifier + 12 + all + current + + + The IPv4 destination address in the IP packet header. + + + + + See for the definition of the IPv4 + destination address field. + + + + + + + destinationIPv4PrefixLength + unsigned8 + ipHeader + 13 + option + current + + + The number of contiguous bits that are relevant in the + destinationIPv4Prefix Information Element. + + + bits + 0-32 + + + + + egressInterface + unsigned32 + scope + identifier + 14 + all + current + + + The index of the IP interface where packets of + this Flow are being sent. The value matches the value of + managed object 'ifIndex' as defined in RFC 2863. + Note that ifIndex values are not assigned statically to an + interface and that the interfaces may be renumbered every + time the device's management system is re-initialized, as + specified in RFC 2863. + + + + + See for the definition of the + ifIndex object. + + + + + + + ipNextHopIPv4Address + ipv4Address + derived + identifier + 15 + data + current + + + The IPv4 address of the next IPv4 hop. + + + + + + + bgpSourceAsNumber + unsigned32 + derived + identifier + 16 + all + current + + + The autonomous system (AS) number of the source IP address. + If AS path information for this Flow is only available as + an unordered AS set (and not as an ordered AS sequence), + then the value of this Information Element is 0. + + + + + See for a description of BGP-4, and + see for the definition of the AS + number. + + + + + + + bgpDestinationAsNumber + unsigned32 + derived + identifier + 17 + all + current + + + The autonomous system (AS) number of the destination IP + address. If AS path information for this Flow is only + available as an unordered AS set (and not as an ordered AS + sequence), then the value of this Information Element is 0. + + + + + See for a description of BGP-4, and + see for the definition of the AS + number. + + + + + + + bgpNextHopIPv4Address + ipv4Address + derived + identifier + 18 + all + current + + + The IPv4 address of the next (adjacent) BGP hop. + + + + + See for a description of BGP-4. + + + + + + + postMCastPacketDeltaCount + unsigned64 + flowCounter + deltaCounter + 19 + data + current + + + The number of outgoing multicast packets since the + previous report (if any) sent for packets of this Flow + by a multicast daemon within the Observation Domain. + This property cannot necessarily be observed at the + Observation Point, but may be retrieved by other means. + + + packets + + + + + postMCastOctetDeltaCount + unsigned64 + flowCounter + deltaCounter + 20 + data + current + + + The number of octets since the previous report (if any) + in outgoing multicast packets sent for packets of this + Flow by a multicast daemon within the Observation Domain. + This property cannot necessarily be observed at the + Observation Point, but may be retrieved by other means. + The number of octets includes IP header(s) and IP payload. + + + octets + + + + + flowEndSysUpTime + unsigned32 + timestamp + 21 + data + current + + + The relative timestamp of the last packet of this Flow. + It indicates the number of milliseconds since the + last (re-)initialization of the IPFIX Device (sysUpTime). + + + milliseconds + + + + + flowStartSysUpTime + unsigned32 + timestamp + 22 + data + current + + + The relative timestamp of the first packet of this Flow. + It indicates the number of milliseconds since the + last (re-)initialization of the IPFIX Device (sysUpTime). + + + milliseconds + + + + + postOctetDeltaCount + unsigned64 + flowCounter + deltaCounter + 23 + data + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'octetDeltaCount', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + octets + + + + + postPacketDeltaCount + unsigned64 + flowCounter + deltaCounter + 24 + data + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'packetDeltaCount', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + packets + + + + + minimumIpTotalLength + unsigned64 + minMax + 25 + all + current + + + Length of the smallest packet observed for this Flow. + The packet length includes the IP header(s) length and + the IP payload length. + + + octets + + + See for the specification of the IPv4 + total length. + See for the specification of the + IPv6 payload length. + See for the specification of the + IPv6 jumbo payload length. + + + + + + + maximumIpTotalLength + unsigned64 + minMax + 26 + all + current + + + Length of the largest packet observed for this Flow. + The packet length includes the IP header(s) length and + the IP payload length. + + + octets + + + See for the specification of the IPv4 + total length. + See for the specification of the + IPv6 payload length. + See for the specification of the + IPv6 jumbo payload length. + + + + + + + sourceIPv6Address + ipv6Address + ipHeader + identifier + 27 + all + current + + + The IPv6 source address in the IP packet header. + + + + + See for the definition of the Source + Address field in the IPv6 header. + + + + + + + destinationIPv6Address + ipv6Address + ipHeader + identifier + 28 + all + current + + + The IPv6 destination address in the IP packet header. + + + + + See for the definition of the + Destination Address field in the IPv6 header. + + + + + + + sourceIPv6PrefixLength + unsigned8 + ipHeader + 29 + option + current + + + The number of contiguous bits that are relevant in the + sourceIPv6Prefix Information Element. + + + bits + 0-128 + + + + + destinationIPv6PrefixLength + unsigned8 + ipHeader + 30 + option + current + + + The number of contiguous bits that are relevant in the + destinationIPv6Prefix Information Element. + + + bits + 0-128 + + + + + flowLabelIPv6 + unsigned32 + ipHeader + identifier + 31 + all + current + + + The value of the IPv6 Flow Label field in the IP packet header. + + + + + See for the definition of the + Flow Label field in the IPv6 packet header. + + + + + + + icmpTypeCodeIPv4 + unsigned16 + transportHeader + identifier + 32 + all + current + + + Type and Code of the IPv4 ICMP message. The combination of + both values is reported as (ICMP type * 256) + ICMP code. + + + + + See for the definition of the IPv4 + ICMP type and code fields. + + + + + + + igmpType + unsigned8 + transportHeader + identifier + 33 + all + current + + + The type field of the IGMP message. + + + + + See for the definition of the IGMP + type field. + + + + + + + 34-35 + + + + + + flowActiveTimeout + unsigned16 + misc + 36 + all + current + + + The number of seconds after which an active Flow is timed out + anyway, even if there is still a continuous flow of packets. + + + seconds + + + + + flowIdleTimeout + unsigned16 + misc + 37 + all + current + + + A Flow is considered to be timed out if no packets belonging + to the Flow have been observed for the number of seconds + specified by this field. + + + seconds + + + + + 38-39 + + + + + + exportedOctetTotalCount + unsigned64 + processCounter + totalCounter + 40 + data + current + + + The total number of octets that the Exporting Process + has sent since the Exporting Process (re-)initialization + to a particular Collecting Process. + The value of this Information Element is calculated by + summing up the IPFIX Message Header length values of all + IPFIX Messages that were successfully sent to the Collecting + Process. The reported number excludes octets in the IPFIX + Message that carries the counter value. + If this Information Element is sent to a particular + Collecting Process, then by default it specifies the number + of octets sent to this Collecting Process. + + + octets + + + + + exportedMessageTotalCount + unsigned64 + processCounter + totalCounter + 41 + data + current + + + The total number of IPFIX Messages that the Exporting Process + has sent since the Exporting Process (re-)initialization to + a particular Collecting Process. + The reported number excludes the IPFIX Message that carries + the counter value. + If this Information Element is sent to a particular + Collecting Process, then by default it specifies the number + of IPFIX Messages sent to this Collecting Process. + + + messages + + + + + exportedFlowRecordTotalCount + unsigned64 + processCounter + totalCounter + 42 + data + current + + + The total number of Flow Records that the Exporting + Process has sent as Data Records since the Exporting + Process (re-)initialization to a particular Collecting + Process. The reported number excludes Flow Records in + the IPFIX Message that carries the counter value. + If this Information Element is sent to a particular + Collecting Process, then by default it specifies the number + of Flow Records sent to this process. + + + flows + + + + + 43 + + + + + + sourceIPv4Prefix + ipv4Address + ipHeader + 44 + data + current + + + IPv4 source address prefix. + + + + + + + destinationIPv4Prefix + ipv4Address + ipHeader + 45 + data + current + + IPv4 destination address prefix. + + + + + + mplsTopLabelType + unsigned8 + derived + identifier + 46 + data + current + + + This field identifies the control protocol that allocated the + top-of-stack label. Values for this field are listed in the + MPLS label type registry. See + + + + + + See for the MPLS label structure. + See for the association of MPLS + labels with Virtual Private Networks (VPNs). + See for BGP and BGP routing. + See for Label Distribution Protocol + (LDP). + See the list of MPLS label types assigned by IANA at . + + + + + + + mplsTopLabelIPv4Address + ipv4Address + derived + identifier + 47 + data + current + + + The IPv4 address of the system that the MPLS top label will + cause this Flow to be forwarded to. + + + + + See for the association between MPLS + labels and IP addresses. + + + + + + + 48-51 + + + + + + minimumTTL + unsigned8 + minMax + 52 + data + current + + + Minimum TTL value observed for any packet in this Flow. + + + hops + + + See for the definition of the IPv4 + Time to Live field. + See for the definition of the IPv6 + Hop Limit field. + + + + + + + maximumTTL + unsigned8 + minMax + 53 + data + current + + + Maximum TTL value observed for any packet in this Flow. + + + hops + + + See for the definition of the IPv4 + Time to Live field. + See for the definition of the IPv6 + Hop Limit field. + + + + + + + fragmentIdentification + unsigned32 + ipHeader + identifier + 54 + data + current + + + The value of the Identification field + in the IPv4 packet header or in the IPv6 Fragment header, + respectively. The value is 0 for IPv6 if there is + no fragment header. + + + + + See for the definition of the IPv4 + Identification field. + See for the definition of the + Identification field in the IPv6 Fragment header. + + + + + + + postIpClassOfService + unsigned8 + ipHeader + identifier + 55 + all + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'ipClassOfService', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + + + See for the definition of the IPv4 + TOS field. + See for the definition of the IPv6 + Traffic Class field. + See for the definition of + middleboxes. + + + + + + + sourceMacAddress + macAddress + subIpHeader + identifier + 56 + data + current + + + The IEEE 802 source MAC address field. + + + + See IEEE.802-3.2002. + + + + + + postDestinationMacAddress + macAddress + subIpHeader + identifier + 57 + data + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'destinationMacAddress', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + + See IEEE.802-3.2002. + + + + + + vlanId + unsigned16 + subIpHeader + identifier + 58 + data + current + + + Virtual LAN identifier associated with ingress interface. For dot1q vlans, see 243 + dot1qVlanId. + + + + See IEEE.802-1Q.2003. + + + + + + postVlanId + unsigned16 + subIpHeader + identifier + 59 + data + current + + + Virtual LAN identifier associated with egress interface. For postdot1q vlans, see 254 postDot1qVlanId. + + + + See IEEE.802-1Q.2003. + + + + + + ipVersion + unsigned8 + ipHeader + identifier + 60 + all + current + + + The IP version field in the IP packet header. + + + + + See for the definition of the version + field in the IPv4 packet header. + See for the definition of the + version field in the IPv6 packet header. + Additional information on defined version numbers can be found at + . + + + + + + + flowDirection + unsigned8 + misc + identifier + 61 + data + current + + + The direction of the Flow observed at the Observation + Point. There are only two values defined. + + + 0x00: ingress flow + 0x01: egress flow + + + + + + + ipNextHopIPv6Address + ipv6Address + derived + identifier + 62 + data + current + + + The IPv6 address of the next IPv6 hop. + + + + + + + bgpNextHopIPv6Address + ipv6Address + derived + identifier + 63 + all + current + + + The IPv6 address of the next (adjacent) BGP hop. + + + + + See for a description of BGP-4. + + + + + + + ipv6ExtensionHeaders + unsigned32 + minMax + flags + 64 + all + current + + + IPv6 extension headers observed in packets of this Flow. + The information is encoded in a set of bit fields. For + each IPv6 option header, there is a bit in this set. + The bit is set to 1 if any observed packet of this Flow + contains the corresponding IPv6 extension header. + Otherwise, if no observed packet of this Flow contained + the respective IPv6 extension header, the value of the + corresponding bit is 0. + + + 0 1 2 3 4 5 6 7 + +-----+-----+-----+-----+-----+-----+-----+-----+ + | DST | HOP | Res | UNK |FRA0 | RH |FRA1 | Res | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 8 9 10 11 12 13 14 15 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | Reserved | MOB | ESP | AH | PAY | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 16 17 18 19 20 21 22 23 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | Reserved | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + 24 25 26 27 28 29 30 31 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | Reserved | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + Bit IPv6 Option Description + 0, DST 60 Destination option header + 1, HOP 0 Hop-by-hop option header + 2, Res Reserved + 3, UNK Unknown Layer 4 header + (compressed, encrypted, not supported) + 4, FRA0 44 Fragment header - first fragment + 5, RH 43 Routing header + 6, FRA1 44 Fragmentation header - not first fragment + 7, Res Reserved + 8 to 11 Reserved + 12, MOB 135 IPv6 mobility [RFC3775] + 13, ESP 50 Encrypted security payload + 14, AH 51 Authentication Header + 15, PAY 108 Payload compression header + 16 to 31 Reserved + + + + + See for the general definition of + IPv6 extension headers and for the specification of the hop-by-hop + options header, the routing header, the fragment header, and the + destination options header. + See for the specification of the + authentication header. + See for the specification of the + encapsulating security payload. + + The diagram provided in is incorrect. + The diagram in this registry is taken from Errata 1738. See + + + + + + + 65-69 + + + + + + mplsTopLabelStackSection + octetArray + subIpHeader + identifier + 70 + all + current + + + The Label, Exp, and S fields from the top MPLS label + stack entry, i.e., from the last label that was pushed. + + + The size of this Information Element is 3 octets. + + + 0 1 2 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Label | Exp |S| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Label: Label Value, 20 bits + Exp: Experimental Use, 3 bits + S: Bottom of Stack, 1 bit + + + + + See . + + + + + + + mplsLabelStackSection2 + octetArray + subIpHeader + identifier + 71 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsTopLabelStackSection. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection3 + octetArray + subIpHeader + identifier + 72 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection2. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection4 + octetArray + subIpHeader + identifier + 73 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection3. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection5 + octetArray + subIpHeader + identifier + 74 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection4. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection6 + octetArray + subIpHeader + identifier + 75 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection5. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection7 + octetArray + subIpHeader + identifier + 76 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection6. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection8 + octetArray + subIpHeader + identifier + 77 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection7. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection9 + octetArray + subIpHeader + identifier + 78 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection8. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + mplsLabelStackSection10 + octetArray + subIpHeader + identifier + 79 + all + current + + + The Label, Exp, and S fields from the label stack entry that + was pushed immediately before the label stack entry that would + be reported by mplsLabelStackSection9. See the definition of + mplsTopLabelStackSection for further details. + + + The size of this Information Element is 3 octets. + + + + + See . + + + + + + + destinationMacAddress + macAddress + subIpHeader + identifier + 80 + data + current + + + The IEEE 802 destination MAC address field. + + + + + See IEEE.802-3.2002. + + + + + + + postSourceMacAddress + macAddress + subIpHeader + identifier + 81 + data + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'sourceMacAddress', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + + + See IEEE.802-3.2002. + + + + + + + interfaceName + string + 82 + current + + + A short name uniquely describing an interface, eg "Eth1/0". + + + + + See for the definition of the ifName object. + + + + + + + interfaceDescription + string + 83 + current + + + The description of an interface, eg "FastEthernet 1/0" or "ISP + connection". + + + + + See for the definition of the ifDescr object. + + + + + + + 84 + + + + + + octetTotalCount + unsigned64 + flowCounter + totalCounter + 85 + all + current + + + The total number of octets in incoming packets + for this Flow at the Observation Point since the Metering + Process (re-)initialization for this Observation Point. The + number of octets includes IP header(s) and IP payload. + + + octets + + + + + packetTotalCount + unsigned64 + flowCounter + totalCounter + 86 + all + current + + + The total number of incoming packets for this Flow + at the Observation Point since the Metering Process + (re-)initialization for this Observation Point. + + + packets + + + + + 87 + + + + + + fragmentOffset + unsigned16 + ipHeader + identifier + 88 + all + current + + + The value of the IP fragment offset field in the + IPv4 packet header or the IPv6 Fragment header, + respectively. The value is 0 for IPv6 if there is + no fragment header. + + + + + See for the specification of the + fragment offset in the IPv4 header. + See for the specification of the + fragment offset in the IPv6 Fragment header. + + + + + + + 89 + + + + + mplsVpnRouteDistinguisher + octetArray + derived + identifier + 90 + all + current + + + The value of the VPN route distinguisher of a corresponding + entry in a VPN routing and forwarding table. Route + distinguisher ensures that the same address can be used in + several different MPLS VPNs and that it is possible for BGP to + carry several completely different routes to that address, one + for each VPN. According to RFC 4364, the size of + mplsVpnRouteDistinguisher is 8 octets. However, in RFC 4382 an + octet string with flexible length was chosen for representing a + VPN route distinguisher by object MplsL3VpnRouteDistinguisher. + This choice was made in order to be open to future changes of + the size. This idea was adopted when choosing octetArray as + abstract data type for this Information Element. The maximum + length of this Information Element is 256 octets. + + + + + See for the specification of the + route distinguisher. See for the + specification of the MPLS/BGP Layer 3 Virtual Private Network (VPN) + Management Information Base. + + + + + + + mplsTopLabelPrefixLength + unsigned8 + identifier + 91 + current + + + The prefix length of the subnet of the mplsTopLabelIPv4Address that + the MPLS top label will cause the Flow to be forwarded to. + + + bits + 0-32 + + + See for the association between + MPLS labels and prefix lengths. + + + + + + 92-93 + + + + + + applicationDescription + string + 94 + current + + + Specifies the description of an application. + + + + + + + + + + + applicationId + octetArray + identifier + 95 + current + + + Specifies an Application ID per . + + + + + See section 4 of for the applicationId Information Element Specification. + + + + + + + applicationName + string + 96 + current + + + Specifies the name of an application. + + + + + + + + + + + 97 + + + + + + postIpDiffServCodePoint + unsigned8 + identifier + 98 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'ipDiffServCodePoint', except + that it reports a potentially modified value caused by a + middlebox function after the packet passed the Observation + Point. + + + 0-63 + + + See for the definition of the Differentiated + Services Field. See section 5.3.2 of and + for the definition of the IPv4 TOS field. See + for the definition of the IPv6 Traffic Class + field. See the IPFIX Information Model for the + 'ipDiffServCodePoint' specification. + + + + + + + multicastReplicationFactor + unsigned32 + quantity + 99 + current + + + The amount of multicast replication that's applied to a traffic + stream. + + + + + See for the specification of reserved IPv4 + multicast addresses. See for the + specification of reserved IPv6 multicast addresses. + + + + + + + 100 + + + + + + classificationEngineId + unsigned8 + identifier + 101 + current + + + A unique identifier for the engine that determined the + Selector ID. Thus, the Classification Engine ID defines + the context for the Selector ID. The Classification + Engine can be considered a specific registry for + application assignments. + + + Values for this field are listed in the Classification + Engine IDs registry. See + + + + + + + + 102-127 + + + + + + bgpNextAdjacentAsNumber + unsigned32 + derived + identifier + 128 + all + current + + + The autonomous system (AS) number of the first AS in the AS + path to the destination IP address. The path is deduced + by looking up the destination IP address of the Flow in the + BGP routing information base. If AS path information for + this Flow is only available as an unordered AS set (and not + as an ordered AS sequence), then the value of this Information + Element is 0. + + + + + See for a description of BGP-4, and + see for the definition of the AS + number. + + + + + + + bgpPrevAdjacentAsNumber + unsigned32 + derived + identifier + 129 + all + current + + + The autonomous system (AS) number of the last AS in the AS + path from the source IP address. The path is deduced + by looking up the source IP address of the Flow in the BGP + routing information base. If AS path information for this + Flow is only available as an unordered AS set (and not as + an ordered AS sequence), then the value of this Information + Element is 0. In case of BGP asymmetry, the + bgpPrevAdjacentAsNumber might not be able to report the correct + value. + + + + + See for a description of BGP-4, and + see for the definition of the AS + number. + + + + + + + exporterIPv4Address + ipv4Address + config + identifier + 130 + all + current + + + The IPv4 address used by the Exporting Process. This is used + by the Collector to identify the Exporter in cases where the + identity of the Exporter may have been obscured by the use of + a proxy. + + + + + + + exporterIPv6Address + ipv6Address + config + identifier + 131 + all + current + + + The IPv6 address used by the Exporting Process. This is used + by the Collector to identify the Exporter in cases where the + identity of the Exporter may have been obscured by the use of + a proxy. + + + + + + + droppedOctetDeltaCount + unsigned64 + flowCounter + deltaCounter + 132 + data + current + + + The number of octets since the previous report (if any) + in packets of this Flow dropped by packet treatment. + The number of octets includes IP header(s) and IP payload. + + + octets + + + + + droppedPacketDeltaCount + unsigned64 + flowCounter + deltaCounter + 133 + data + current + + + The number of packets since the previous report (if any) + of this Flow dropped by packet treatment. + + + packets + + + + + droppedOctetTotalCount + unsigned64 + flowCounter + totalCounter + 134 + data + current + + + The total number of octets in packets of this Flow dropped + by packet treatment since the Metering Process + (re-)initialization for this Observation Point. + The number of octets includes IP header(s) and IP payload. + + + octets + + + + + droppedPacketTotalCount + unsigned64 + flowCounter + totalCounter + 135 + data + current + + + The number of packets of this Flow dropped by packet + treatment since the Metering Process + (re-)initialization for this Observation Point. + + + packets + + + + + flowEndReason + unsigned8 + misc + identifier + 136 + data + current + + + The reason for Flow termination. The range of values includes + the following: + + + 0x01: idle timeout + The Flow was terminated because it was considered to be + idle. + 0x02: active timeout + The Flow was terminated for reporting purposes while it was + still active, for example, after the maximum lifetime of + unreported Flows was reached. + 0x03: end of Flow detected + The Flow was terminated because the Metering Process + detected signals indicating the end of the Flow, + for example, the TCP FIN flag. + 0x04: forced end + The Flow was terminated because of some external event, + for example, a shutdown of the Metering Process initiated + by a network management application. + 0x05: lack of resources + The Flow was terminated because of lack of resources + available to the Metering Process and/or the Exporting + Process. + + + + + + + commonPropertiesId + unsigned64 + scope + identifier + 137 + option + current + + + An identifier of a set of common properties that is + unique per Observation Domain and Transport Session. + Typically, this Information Element is used to link to + information reported in separate Data Records. + + + + + + + observationPointId + unsigned32 + scope + identifier + 138 + option + current + + + An identifier of an Observation Point that is unique per + Observation Domain. It is RECOMMENDED that this identifier is + also unique per IPFIX Device. Typically, this Information + Element is used for limiting the scope of other Information + Elements. + + + + + + + icmpTypeCodeIPv6 + unsigned16 + transportHeader + identifier + 139 + all + current + + + Type and Code of the IPv6 ICMP message. The combination of + both values is reported as (ICMP type * 256) + ICMP code. + + + + + See for the definition of the IPv6 + ICMP type and code fields. + + + + + + + mplsTopLabelIPv6Address + ipv6Address + derived + identifier + 140 + data + current + + + The IPv6 address of the system that the MPLS top label will + cause this Flow to be forwarded to. + + + + + See for the association between MPLS + labels and IP addresses. + + + + + + + lineCardId + unsigned32 + scope + identifier + 141 + option + current + + + An identifier of a line card that is unique per IPFIX + Device hosting an Observation Point. Typically, this + Information Element is used for limiting the scope + of other Information Elements. + + + + + + + portId + unsigned32 + scope + identifier + 142 + option + current + + + An identifier of a line port that is unique per IPFIX + Device hosting an Observation Point. Typically, this + Information Element is used for limiting the scope + of other Information Elements. + + + + + + + meteringProcessId + unsigned32 + scope + identifier + 143 + option + current + + + An identifier of a Metering Process that is unique per + IPFIX Device. Typically, this Information Element is used + for limiting the scope of other Information Elements. + Note that process identifiers are typically assigned + dynamically. + The Metering Process may be re-started with a different ID. + + + + + + + exportingProcessId + unsigned32 + scope + identifier + 144 + option + current + + + An identifier of an Exporting Process that is unique per + IPFIX Device. Typically, this Information Element is used + for limiting the scope of other Information Elements. + Note that process identifiers are typically assigned + dynamically. The Exporting Process may be re-started + with a different ID. + + + + + + + templateId + unsigned16 + scope + identifier + 145 + option + current + + + An identifier of a Template that is locally unique within a + combination of a Transport session and an Observation Domain. + + + Template IDs 0-255 are reserved for Template Sets, Options + Template Sets, and other reserved Sets yet to be created. + Template IDs of Data Sets are numbered from 256 to 65535. + + + Typically, this Information Element is used for limiting + the scope of other Information Elements. + Note that after a re-start of the Exporting Process Template + identifiers may be re-assigned. + + + + + + + wlanChannelId + unsigned8 + subIpHeader + identifier + 146 + data + current + + + The identifier of the 802.11 (Wi-Fi) channel used. + + + + + See IEEE.802-11.1999. + + + + + + + wlanSSID + string + subIpHeader + 147 + data + current + + + The Service Set IDentifier (SSID) identifying an 802.11 + (Wi-Fi) network used. According to IEEE.802-11.1999, the + SSID is encoded into a string of up to 32 characters. + + + + + See IEEE.802-11.1999. + + + + + + + flowId + unsigned64 + scope + identifier + 148 + option + current + + + An identifier of a Flow that is unique within an Observation + Domain. This Information Element can be used to distinguish + between different Flows if Flow Keys such as IP addresses and + port numbers are not reported or are reported in separate + records. + + + + + + + observationDomainId + unsigned32 + scope + identifier + 149 + option + current + + + An identifier of an Observation Domain that is locally + unique to an Exporting Process. The Exporting Process uses + the Observation Domain ID to uniquely identify to the + Collecting Process the Observation Domain where Flows + were metered. It is RECOMMENDED that this identifier is + also unique per IPFIX Device. + + + A value of 0 indicates that no specific Observation Domain + is identified by this Information Element. + + + Typically, this Information Element is used for limiting + the scope of other Information Elements. + + + + + + + flowStartSeconds + dateTimeSeconds + timestamp + 150 + data + current + + + The absolute timestamp of the first packet of this Flow. + + + seconds + + + + + flowEndSeconds + dateTimeSeconds + timestamp + 151 + data + current + + + The absolute timestamp of the last packet of this Flow. + + + seconds + + + + + flowStartMilliseconds + dateTimeMilliseconds + timestamp + 152 + data + current + + + The absolute timestamp of the first packet of this Flow. + + + milliseconds + + + + + flowEndMilliseconds + dateTimeMilliseconds + timestamp + 153 + data + current + + + The absolute timestamp of the last packet of this Flow. + + + milliseconds + + + + + flowStartMicroseconds + dateTimeMicroseconds + timestamp + 154 + data + current + + + The absolute timestamp of the first packet of this Flow. + + + microseconds + + + + + flowEndMicroseconds + dateTimeMicroseconds + timestamp + 155 + data + current + + + The absolute timestamp of the last packet of this Flow. + + + microseconds + + + + + flowStartNanoseconds + dateTimeNanoseconds + timestamp + 156 + data + current + + + The absolute timestamp of the first packet of this Flow. + + + nanoseconds + + + + + flowEndNanoseconds + dateTimeNanoseconds + timestamp + 157 + data + current + + + The absolute timestamp of the last packet of this Flow. + + + nanoseconds + + + + + flowStartDeltaMicroseconds + unsigned32 + timestamp + 158 + data + current + + + This is a relative timestamp only valid within the scope + of a single IPFIX Message. It contains the negative time + offset of the first observed packet of this Flow relative + to the export time specified in the IPFIX Message Header. + + + microseconds + + + See the IPFIX protocol + specification for the definition of the IPFIX Message Header. + + + + + + + flowEndDeltaMicroseconds + unsigned32 + timestamp + 159 + data + current + + + This is a relative timestamp only valid within the scope + of a single IPFIX Message. It contains the negative time + offset of the last observed packet of this Flow relative + to the export time specified in the IPFIX Message Header. + + + microseconds + + + See the IPFIX protocol + specification for the definition of the IPFIX Message Header. + + + + + + + systemInitTimeMilliseconds + dateTimeMilliseconds + timestamp + 160 + data + current + + + The absolute timestamp of the last (re-)initialization of the + IPFIX Device. + + + milliseconds + + + + + flowDurationMilliseconds + unsigned32 + misc + 161 + data + current + + + The difference in time between the first observed packet + of this Flow and the last observed packet of this Flow. + + + milliseconds + + + + + flowDurationMicroseconds + unsigned32 + misc + 162 + data + current + + + The difference in time between the first observed packet + of this Flow and the last observed packet of this Flow. + + + microseconds + + + + + observedFlowTotalCount + unsigned64 + processCounter + totalCounter + 163 + data + current + + + The total number of Flows observed in the Observation Domain + since the Metering Process (re-)initialization for this + Observation Point. + + + flows + + + + + ignoredPacketTotalCount + unsigned64 + processCounter + totalCounter + 164 + data + current + + + The total number of observed IP packets that the + Metering Process did not process since the + (re-)initialization of the Metering Process. + + + packets + + + + + ignoredOctetTotalCount + unsigned64 + processCounter + totalCounter + 165 + data + current + + + The total number of octets in observed IP packets + (including the IP header) that the Metering Process + did not process since the (re-)initialization of the + Metering Process. + + + octets + + + + + notSentFlowTotalCount + unsigned64 + processCounter + totalCounter + 166 + data + current + + + The total number of Flow Records that were generated by the + Metering Process and dropped by the Metering Process or + by the Exporting Process instead of being sent to the + Collecting Process. There are several potential reasons for + this including resource shortage and special Flow export + policies. + + + flows + + + + + notSentPacketTotalCount + unsigned64 + processCounter + totalCounter + 167 + data + current + + + The total number of packets in Flow Records that were + generated by the Metering Process and dropped + by the Metering Process or by the Exporting Process + instead of being sent to the Collecting Process. + There are several potential reasons for this including + resource shortage and special Flow export policies. + + + packets + + + + + notSentOctetTotalCount + unsigned64 + processCounter + totalCounter + 168 + data + current + + + The total number of octets in packets in Flow Records + that were generated by the Metering Process and + dropped by the Metering Process or by the Exporting + Process instead of being sent to the Collecting Process. + There are several potential reasons for this including + resource shortage and special Flow export policies. + + + octets + + + + + destinationIPv6Prefix + ipv6Address + ipHeader + 169 + data + current + + IPv6 destination address prefix. + + + + + + sourceIPv6Prefix + ipv6Address + ipHeader + 170 + data + current + + + IPv6 source address prefix. + + + + + + + postOctetTotalCount + unsigned64 + flowCounter + totalCounter + 171 + all + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'octetTotalCount', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + octets + + + + + postPacketTotalCount + unsigned64 + flowCounter + totalCounter + 172 + all + current + + + The definition of this Information Element is identical + to the definition of Information Element + 'packetTotalCount', except that it reports a + potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + packets + + + + + flowKeyIndicator + unsigned64 + config + flags + 173 + all + current + + + This set of bit fields is used for marking the Information + Elements of a Data Record that serve as Flow Key. Each bit + represents an Information Element in the Data Record with + the n-th bit representing the n-th Information Element. + A bit set to value 1 indicates that the corresponding + Information Element is a Flow Key of the reported Flow. + A bit set to value 0 indicates that this is not the case. + + + If the Data Record contains more than 64 Information Elements, + the corresponding Template SHOULD be designed such that all + Flow Keys are among the first 64 Information Elements, because + the flowKeyIndicator only contains 64 bits. If the Data Record + contains less than 64 Information Elements, then the bits in + the flowKeyIndicator for which no corresponding Information + Element exists MUST have the value 0. + + + + + + + postMCastPacketTotalCount + unsigned64 + flowCounter + totalCounter + 174 + data + current + + + The total number of outgoing multicast packets sent for + packets of this Flow by a multicast daemon within the + Observation Domain since the Metering Process + (re-)initialization. This property cannot necessarily + be observed at the Observation Point, but may be retrieved + by other means. + + + packets + + + + + postMCastOctetTotalCount + unsigned64 + flowCounter + totalCounter + 175 + data + current + + + The total number of octets in outgoing multicast packets + sent for packets of this Flow by a multicast daemon in the + Observation Domain since the Metering Process + (re-)initialization. This property cannot necessarily be + observed at the Observation Point, but may be retrieved by + other means. + The number of octets includes IP header(s) and IP payload. + + + octets + + + + + icmpTypeIPv4 + unsigned8 + transportHeader + identifier + 176 + all + current + + + Type of the IPv4 ICMP message. + + + + + See for the definition of the IPv4 + ICMP type field. + + + + + + + icmpCodeIPv4 + unsigned8 + transportHeader + identifier + 177 + all + current + + + Code of the IPv4 ICMP message. + + + + + See for the definition of the IPv4 + ICMP code field. + + + + + + + icmpTypeIPv6 + unsigned8 + transportHeader + identifier + 178 + all + current + + + Type of the IPv6 ICMP message. + + + + + See for the definition of the IPv6 + ICMP type field. + + + + + + + icmpCodeIPv6 + unsigned8 + transportHeader + identifier + 179 + all + current + + + Code of the IPv6 ICMP message. + + + + + See for the definition of the IPv6 + ICMP code field. + + + + + + + udpSourcePort + unsigned16 + transportHeader + identifier + 180 + all + current + + + The source port identifier in the UDP header. + + + + + See for the definition of the UDP + source port field. + Additional information on defined UDP port numbers can be found at + . + + + + + + + udpDestinationPort + unsigned16 + transportHeader + identifier + 181 + all + current + + + The destination port identifier in the UDP header. + + + + + See for the definition of the UDP + destination port field. + Additional information on defined UDP port numbers can be found at + . + + + + + + + tcpSourcePort + unsigned16 + transportHeader + identifier + 182 + all + current + + + The source port identifier in the TCP header. + + + + + See for the definition of the TCP + source port field. + Additional information on defined TCP port numbers can be found at + . + + + + + + + tcpDestinationPort + unsigned16 + transportHeader + identifier + 183 + all + current + + + The destination port identifier in the TCP header. + + + + + See for the definition of the TCP + destination port field. + Additional information on defined TCP port numbers can be found at + . + + + + + + + tcpSequenceNumber + unsigned32 + transportHeader + 184 + all + current + + + The sequence number in the TCP header. + + + + + See for the definition of the TCP + sequence number. + + + + + + + tcpAcknowledgementNumber + unsigned32 + transportHeader + 185 + all + current + + + The acknowledgement number in the TCP header. + + + + + See for the definition of the TCP + acknowledgement number. + + + + + + + tcpWindowSize + unsigned16 + transportHeader + 186 + all + current + + + The window field in the TCP header. + If the TCP window scale is supported, + then TCP window scale must be known + to fully interpret the value of this information. + + + + + See for the definition of the TCP + window field. + See for the definition of the TCP + window scale. + + + + + + + tcpUrgentPointer + unsigned16 + transportHeader + 187 + all + current + + + The urgent pointer in the TCP header. + + + + + See for the definition of the TCP + urgent pointer. + + + + + + + tcpHeaderLength + unsigned8 + transportHeader + 188 + all + current + + + The length of the TCP header. Note that the value of this + Information Element is different from the value of the Data + Offset field in the TCP header. The Data Offset field + indicates the length of the TCP header in units of 4 octets. + This Information Elements specifies the length of the TCP + header in units of octets. + + + octets + + + See for the definition of the TCP + header. + + + + + + + ipHeaderLength + unsigned8 + ipHeader + 189 + all + current + + + The length of the IP header. For IPv6, the value of this + Information Element is 40. + + + octets + + + See for the definition of the IPv4 + header. + See for the definition of the IPv6 + header. + + + + + + + totalLengthIPv4 + unsigned16 + ipHeader + 190 + all + current + + + The total length of the IPv4 packet. + + + octets + + + See for the specification of the IPv4 + total length. + + + + + + + payloadLengthIPv6 + unsigned16 + ipHeader + 191 + all + current + + + This Information Element reports the value of the Payload + Length field in the IPv6 header. Note that IPv6 extension + headers belong to the payload. Also note that in case of a + jumbo payload option the value of the Payload Length field in + the IPv6 header is zero and so will be the value reported + by this Information Element. + + + octets + + + See for the specification of the IPv6 + payload length. + See for the specification of the IPv6 + jumbo payload option. + + + + + + + ipTTL + unsigned8 + ipHeader + 192 + all + current + + + For IPv4, the value of the Information Element matches + the value of the Time to Live (TTL) field in the IPv4 packet + header. For IPv6, the value of the Information Element + matches the value of the Hop Limit field in the IPv6 + packet header. + + + hops + + + See for the definition of the IPv4 + Time to Live field. + See for the definition of the IPv6 + Hop Limit field. + + + + + + + nextHeaderIPv6 + unsigned8 + ipHeader + 193 + all + current + + + The value of the Next Header field of the IPv6 header. + The value identifies the type of the following IPv6 + extension header or of the following IP payload. + Valid values are defined in the IANA + Protocol Numbers registry. + + + + + See for the definition of the IPv6 + Next Header field. + See the list of protocol numbers assigned by IANA at . + + + + + + + mplsPayloadLength + unsigned32 + subIpHeader + 194 + all + current + + + The size of the MPLS packet without the label stack. + + + octets + + + See for the specification of MPLS + packets. + See for the specification of the + MPLS label stack. + + + + + + + ipDiffServCodePoint + unsigned8 + ipHeader + identifier + 195 + all + current + + + The value of a Differentiated Services Code Point (DSCP) + encoded in the Differentiated Services field. The + Differentiated Services field spans the most significant + 6 bits of the IPv4 TOS field or the IPv6 Traffic Class + field, respectively. + + + This Information Element encodes only the 6 bits of the + Differentiated Services field. Therefore, its value may + range from 0 to 63. + + + 0-63 + + + See for the definition of the + Differentiated Services field. + See (Section 5.3.2) and for the definition of the IPv4 TOS field. + See for the definition of the IPv6 + Traffic Class field. + + + + + + + ipPrecedence + unsigned8 + ipHeader + identifier + 196 + all + current + + + The value of the IP Precedence. The IP Precedence value + is encoded in the first 3 bits of the IPv4 TOS field + or the IPv6 Traffic Class field, respectively. + + + This Information Element encodes only these 3 bits. + Therefore, its value may range from 0 to 7. + + + 0-7 + + + See (Section 5.3.3) and for the definition of the IP Precedence. + See (Section 5.3.2) and for the definition of the IPv4 TOS field. + See for the definition of the IPv6 + Traffic Class field. + + + + + + + fragmentFlags + unsigned8 + ipHeader + flags + 197 + all + current + + + Fragmentation properties indicated by flags in the IPv4 + packet header or the IPv6 Fragment header, respectively. + + + + Bit 0: (RS) Reserved. + The value of this bit MUST be 0 until specified + otherwise. + Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment. + Corresponds to the value of the DF flag in the + IPv4 header. Will always be 0 for IPv6 unless + a "don't fragment" feature is introduced to IPv6. + Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments. + Corresponds to the MF flag in the IPv4 header + or to the M flag in the IPv6 Fragment header, + respectively. The value is 0 for IPv6 if there + is no fragment header. + Bits 3-7: (DC) Don't Care. + The values of these bits are irrelevant. + + 0 1 2 3 4 5 6 7 + +---+---+---+---+---+---+---+---+ + | R | D | M | D | D | D | D | D | + | S | F | F | C | C | C | C | C | + +---+---+---+---+---+---+---+---+ + + + + + See for the specification of the IPv4 + fragment flags. + See for the specification of the + IPv6 Fragment header. + + + + + + + octetDeltaSumOfSquares + unsigned64 + flowCounter + 198 + data + current + + + The sum of the squared numbers of octets per incoming + packet since the previous report (if any) for this + Flow at the Observation Point. + The number of octets includes IP header(s) and IP payload. + + + + + + + octetTotalSumOfSquares + unsigned64 + flowCounter + 199 + all + current + + + The total sum of the squared numbers of octets in incoming + packets for this Flow at the Observation Point since the + Metering Process (re-)initialization for this Observation + Point. The number of octets includes IP header(s) and IP + payload. + + + octets + + + + + mplsTopLabelTTL + unsigned8 + subIpHeader + 200 + all + current + + + The TTL field from the top MPLS label stack entry, + i.e., the last label that was pushed. + + + hops + + + See for the specification of the TTL + field. + + + + + + + mplsLabelStackLength + unsigned32 + subIpHeader + 201 + all + current + + + The length of the MPLS label stack in units of octets. + + + octets + + + See for the specification of the + MPLS label stack. + + + + + + + mplsLabelStackDepth + unsigned32 + subIpHeader + 202 + all + current + + + The number of labels in the MPLS label stack. + + + label stack entries + + + See for the specification of the + MPLS label stack. + + + + + + + mplsTopLabelExp + unsigned8 + subIpHeader + flags + 203 + all + current + + + The Exp field from the top MPLS label stack entry, + i.e., the last label that was pushed. + + + Bits 0-4: Don't Care, value is irrelevant. + Bits 5-7: MPLS Exp field. + + 0 1 2 3 4 5 6 7 + +---+---+---+---+---+---+---+---+ + | don't care | Exp | + +---+---+---+---+---+---+---+---+ + + + + + See for the specification of the + Exp field. + See for usage of the Exp field. + + + + + + + ipPayloadLength + unsigned32 + derived + 204 + all + current + + + The effective length of the IP payload. + + + For IPv4 packets, the value of this Information Element is + the difference between the total length of the IPv4 packet + (as reported by Information Element totalLengthIPv4) and the + length of the IPv4 header (as reported by Information Element + headerLengthIPv4). + + + For IPv6, the value of the Payload Length field + in the IPv6 header is reported except in the case that + the value of this field is zero and that there is a valid + jumbo payload option. In this case, the value of the + Jumbo Payload Length field in the jumbo payload option + is reported. + + + octets + + + See for the specification of IPv4 + packets. + See for the specification of the + IPv6 payload length. + See for the specification of the + IPv6 jumbo payload length. + + + + + + + udpMessageLength + unsigned16 + transportHeader + 205 + all + current + + + The value of the Length field in the UDP header. + + + octets + + + See for the specification of the UDP + header. + + + + + + + isMulticast + unsigned8 + ipHeader + flags + 206 + data + current + + + If the IP destination address is not a reserved multicast + address, then the value of all bits of the octet (including + the reserved ones) is zero. + + + The first bit of this octet is set to 1 if the Version + field of the IP header has the value 4 and if the + Destination Address field contains a reserved multicast + address in the range from 224.0.0.0 to 239.255.255.255. + Otherwise, this bit is set to 0. + + + The second and third bits of this octet are reserved for + future use. + + + The remaining bits of the octet are only set to values + other than zero if the IP Destination Address is a + reserved IPv6 multicast address. Then the fourth bit + of the octet is set to the value of the T flag in the + IPv6 multicast address and the remaining four bits are + set to the value of the scope field in the IPv6 + multicast address. + + + 0 1 2 3 4 5 6 7 + +------+------+------+------+------+------+------+------+ + | IPv6 multicast scope | T | RES. | RES. | MCv4 | + +------+------+------+------+------+------+------+------+ + + Bits 0-3: set to value of multicast scope if IPv6 multicast + Bit 4: set to value of T flag, if IPv6 multicast + Bits 5-6: reserved for future use + Bit 7: set to 1 if IPv4 multicast + + + + + See for the specification of + reserved IPv4 multicast addresses. + See for the specification of + reserved IPv6 multicast addresses and the definition of the T flag and + the IPv6 multicast scope. + The diagram provided in is incorrect. + The diagram in this registry is taken from Errata 1736. See + + + + + + + ipv4IHL + unsigned8 + ipHeader + 207 + all + current + + + The value of the Internet Header Length (IHL) field in + the IPv4 header. It specifies the length of the header + in units of 4 octets. Please note that its unit is + different from most of the other Information Elements + reporting length values. + + + 4 octets + + + See for the specification of the IPv4 + header. + + + + + + + ipv4Options + unsigned32 + minMax + flags + 208 + all + current + + + IPv4 options in packets of this Flow. + The information is encoded in a set of bit fields. For + each valid IPv4 option type, there is a bit in this set. + The bit is set to 1 if any observed packet of this Flow + contains the corresponding IPv4 option type. Otherwise, + if no observed packet of this Flow contained the + respective IPv4 option type, the value of the + corresponding bit is 0. + + + The list of valid IPv4 options is maintained by IANA. + Note that for identifying an option not just the 5-bit + Option Number, but all 8 bits of the Option Type need to + match one of the IPv4 options specified at + http://www.iana.org/assignments/ip-parameters. + + + Options are mapped to bits according to their option numbers. + Option number X is mapped to bit X. + The mapping is illustrated by the figure below. + + + 0 1 2 3 4 5 6 7 + +------+------+------+------+------+------+------+------+ + ... | RR |CIPSO |E-SEC | TS | LSR | SEC | NOP | EOOL | + +------+------+------+------+------+------+------+------+ + + 8 9 10 11 12 13 14 15 + +------+------+------+------+------+------+------+------+ + ... |ENCODE| VISA | FINN | MTUR | MTUP | ZSU | SSR | SID | ... + +------+------+------+------+------+------+------+------+ + + 16 17 18 19 20 21 22 23 + +------+------+------+------+------+------+------+------+ + ... | DPS |NSAPA | SDB |RTRALT|ADDEXT| TR | EIP |IMITD | ... + +------+------+------+------+------+------+------+------+ + + 24 25 26 27 28 29 30 31 + +------+------+------+------+------+------+------+------+ + | | EXP | to be assigned by IANA | QS | UMP | ... + +------+------+------+------+------+------+------+------+ + + Type Option + Bit Value Name Reference + ---+-----+-------+------------------------------------ + 0 7 RR Record Route, RFC 791 + 1 134 CIPSO Commercial Security + 2 133 E-SEC Extended Security, RFC 1108 + 3 68 TS Time Stamp, RFC 791 + 4 131 LSR Loose Source Route, RFC791 + 5 130 SEC Security, RFC 1108 + 6 1 NOP No Operation, RFC 791 + 7 0 EOOL End of Options List, RFC 791 + 8 15 ENCODE + 9 142 VISA Experimental Access Control + 10 205 FINN Experimental Flow Control + 11 12 MTUR (obsoleted) MTU Reply, RFC 1191 + 12 11 MTUP (obsoleted) MTU Probe, RFC 1191 + 13 10 ZSU Experimental Measurement + 14 137 SSR Strict Source Route, RFC 791 + 15 136 SID Stream ID, RFC 791 + 16 151 DPS Dynamic Packet State + 17 150 NSAPA NSAP Address + 18 149 SDB Selective Directed Broadcast + 19 147 ADDEXT Address Extension + 20 148 RTRALT Router Alert, RFC 2113 + 21 82 TR Traceroute, RFC 3193 + 22 145 EIP Extended Internet Protocol, RFC 1385 + 23 144 IMITD IMI Traffic Descriptor + 25 30 EXP RFC3692-style Experiment + 25 94 EXP RFC3692-style Experiment + 25 158 EXP RFC3692-style Experiment + 25 222 EXP RFC3692-style Experiment + 30 25 QS Quick-Start + 31 152 UMP Upstream Multicast Pkt. + ... ... ... Further options numbers + may be assigned by IANA + + + + + + See for the definition of IPv4 + options. + See the list of IPv4 option numbers assigned by IANA at . + The diagram provided in is incorrect. + The diagram in this registry is taken from Errata 1737. See + + + + + + + tcpOptions + unsigned64 + minMax + flags + 209 + all + current + + + TCP options in packets of this Flow. + The information is encoded in a set of bit fields. For + each TCP option, there is a bit in this set. + The bit is set to 1 if any observed packet of this Flow + contains the corresponding TCP option. + Otherwise, if no observed packet of this Flow contained + the respective TCP option, the value of the + corresponding bit is 0. + + + Options are mapped to bits according to their option + numbers. Option number X is mapped to bit X. + TCP option numbers are maintained by IANA. + + + 0 1 2 3 4 5 6 7 + +-----+-----+-----+-----+-----+-----+-----+-----+ + | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 8 9 10 11 12 13 14 15 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 |... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + 16 17 18 19 20 21 22 23 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 |... + +-----+-----+-----+-----+-----+-----+-----+-----+ + + . . . + + 56 57 58 59 60 61 62 63 + +-----+-----+-----+-----+-----+-----+-----+-----+ + ... | 63 | 62 | 61 | 60 | 59 | 58 | 57 | 56 | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + + + + See for the definition of TCP + options. + See the list of TCP option numbers assigned by IANA at . + The diagram provided in is incorrect. + The diagram in this registry is taken from Errata 1739. See + + + + + + + paddingOctets + octetArray + padding + 210 + option + current + + + The value of this Information Element is always a sequence of + 0x00 values. + + + + + + + collectorIPv4Address + ipv4Address + config + identifier + 211 + all + current + + + An IPv4 address to which the Exporting Process sends Flow + information. + + + + + + + collectorIPv6Address + ipv6Address + config + identifier + 212 + all + current + + + An IPv6 address to which the Exporting Process sends Flow + information. + + + + + + + exportInterface + unsigned32 + config + identifier + 213 + all + current + + + The index of the interface from which IPFIX Messages sent + by the Exporting Process to a Collector leave the IPFIX + Device. The value matches the value of + managed object 'ifIndex' as defined in RFC 2863. + Note that ifIndex values are not assigned statically to an + interface and that the interfaces may be renumbered every + time the device's management system is re-initialized, as + specified in RFC 2863. + + + + + See for the definition of the + ifIndex object. + + + + + + + exportProtocolVersion + unsigned8 + config + identifier + 214 + all + current + + + The protocol version used by the Exporting Process for + sending Flow information. The protocol version is given + by the value of the Version Number field in the Message + Header. + + + The protocol version is 10 for IPFIX and 9 for NetFlow + version 9. + A value of 0 indicates that no export protocol is in use. + + + + + See the IPFIX protocol + specification for the definition of the IPFIX Message Header. + See for the definition of the + NetFlow version 9 message header. + + + + + + + exportTransportProtocol + unsigned8 + config + identifier + 215 + all + current + + + The value of the protocol number used by the Exporting Process + for sending Flow information. + The protocol number identifies the IP packet payload type. + Protocol numbers are defined in the IANA Protocol Numbers + registry. + + + In Internet Protocol version 4 (IPv4), this is carried in the + Protocol field. In Internet Protocol version 6 (IPv6), this + is carried in the Next Header field in the last extension + header of the packet. + + + + + See for the specification of the IPv4 + protocol field. + See for the specification of the + IPv6 protocol field. + See the list of protocol numbers assigned by IANA at . + + + + + + + collectorTransportPort + unsigned16 + config + identifier + 216 + all + current + + + The destination port identifier to which the Exporting + Process sends Flow information. For the transport protocols + UDP, TCP, and SCTP, this is the destination port number. + This field MAY also be used for future transport protocols + that have 16-bit source port identifiers. + + + + + See for the definition of the UDP + destination port field. + See for the definition of the TCP + destination port field. + See for the definition of SCTP. + + + Additional information on defined UDP and TCP port numbers can be + found at . + + + + + + + exporterTransportPort + unsigned16 + config + identifier + 217 + all + current + + + The source port identifier from which the Exporting + Process sends Flow information. For the transport protocols + UDP, TCP, and SCTP, this is the source port number. + This field MAY also be used for future transport protocols + that have 16-bit source port identifiers. This field may + be useful for distinguishing multiple Exporting Processes + that use the same IP address. + + + + + See for the definition of the UDP + source port field. + See for the definition of the TCP + source port field. + See for the definition of SCTP. + + + Additional information on defined UDP and TCP port numbers can be + found at . + + + + + + + tcpSynTotalCount + unsigned64 + flowCounter + totalCounter + 218 + data + current + + + The total number of packets of this Flow with + TCP "Synchronize sequence numbers" (SYN) flag set. + + + packets + + + See for the definition of the TCP SYN + flag. + + + + + + + tcpFinTotalCount + unsigned64 + flowCounter + totalCounter + 219 + data + current + + + The total number of packets of this Flow with + TCP "No more data from sender" (FIN) flag set. + + + packets + + + See for the definition of the TCP FIN + flag. + + + + + + + tcpRstTotalCount + unsigned64 + flowCounter + totalCounter + 220 + data + current + + + The total number of packets of this Flow with + TCP "Reset the connection" (RST) flag set. + + + packets + + + See for the definition of the TCP RST + flag. + + + + + + + tcpPshTotalCount + unsigned64 + flowCounter + totalCounter + 221 + data + current + + + The total number of packets of this Flow with + TCP "Push Function" (PSH) flag set. + + + packets + + + See for the definition of the TCP PSH + flag. + + + + + + + tcpAckTotalCount + unsigned64 + flowCounter + totalCounter + 222 + data + current + + + The total number of packets of this Flow with + TCP "Acknowledgment field significant" (ACK) flag set. + + + packets + + + See for the definition of the TCP ACK + flag. + + + + + + + tcpUrgTotalCount + unsigned64 + flowCounter + totalCounter + 223 + data + current + + + The total number of packets of this Flow with + TCP "Urgent Pointer field significant" (URG) flag set. + + + packets + + + See for the definition of the TCP URG + flag. + + + + + + + ipTotalLength + unsigned64 + ipHeader + 224 + all + current + + + The total length of the IP packet. + + + octets + + + See for the specification of the IPv4 + total length. + See for the specification of the + IPv6 payload length. + See for the specification of the + IPv6 jumbo payload length. + + + + + + + postNATSourceIPv4Address + ipv4Address + identifier + 225 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'sourceIPv4Address', except + that it reports a modified value caused by a NAT middlebox + function after the packet passed the Observation Point. + + + + + See for the definition of the IPv4 source + address field. See for the definition of + NAT. See for the definition of middleboxes. + + + + + + postNATDestinationIPv4Address + ipv4Address + identifier + 226 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'destinationIPv4Address', + except that it reports a modified value caused by a NAT + middlebox function after the packet passed the Observation + Point. + + + + + See for the definition of the IPv4 destination + address field. See for the definition of + NAT. See for the definition of middleboxes. + + + + + + + postNAPTSourceTransportPort + unsigned16 + identifier + 227 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'sourceTransportPort', except + that it reports a modified value caused by a Network Address + Port Translation (NAPT) middlebox function after the packet + passed the Observation Point. + + + + + See for the definition of the UDP source port + field. See for the definition of the TCP + source port field. See for the definition of + SCTP. + See for the definition of NAPT. See for the definition of middleboxes. + Additional information on defined UDP and TCP port numbers can + be found at http://www.iana.org/assignments/port-numbers. + + + + + + + postNAPTDestinationTransportPort + unsigned16 + identifier + 228 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'destinationTransportPort', + except that it reports a modified value caused by a Network + Address Port Translation (NAPT) middlebox function after the + packet passed the Observation Point. + + + + + See for the definition of the UDP source port + field. See for the definition of the TCP + source port field. See for the definition of + SCTP. + See for the definition of NAPT. See for the definition of middleboxes. + Additional information on defined UDP and TCP port numbers can + be found at http://www.iana.org/assignments/port-numbers. + + + + + + + natOriginatingAddressRealm + unsigned8 + flags + 229 + current + + + Indicates whether the session was created because traffic + originated in the private or public address realm. + postNATSourceIPv4Address, postNATDestinationIPv4Address, + postNAPTSourceTransportPort, and + postNAPTDestinationTransportPort are qualified with the address + realm in perspective. + + + The allowed values are: + + + Private: 1 + + + Public: 2 + + + + + See for the definition of NAT. + + + + + + natEvent + unsigned8 + 230 + current + + + Indicates a NAT event. The allowed values are: + + + 1 - Create event. + + + 2 - Delete event. + + + 3 - Pool exhausted. + + + A Create event is generated when a NAT translation is created, + whether dynamically or statically. A Delete event is generated + when a NAT translation is deleted. + + + + + See for the definition of NAT. + + + + + + initiatorOctets + unsigned64 + 231 + current + + + The total number of layer 4 payload bytes in a flow from the + initiator. The initiator is the device which triggered the + session creation, and remains the same for the life of the + session. + + + octets + + + See #298, initiatorPackets. + + + + + + responderOctets + unsigned64 + 232 + current + + + The total number of layer 4 payload bytes in a flow from the + responder. The responder is the device which replies to the + initiator, and remains the same for the life of the session. + + + octets + + + See #299, responderPackets. + + + + + + + + firewallEvent + unsigned8 + 233 + current + + + Indicates a firewall event. The allowed values are: + + + 0 - Ignore (invalid) + + + 1 - Flow Created + + + 2 - Flow Deleted + + + 3 - Flow Denied + + + 4 - Flow Alert + + + 5 - Flow Update + + + + + + + ingressVRFID + unsigned32 + 234 + current + + + An unique identifier of the VRFname where the packets of this + flow are being received. This identifier is unique per Metering + Process + + + + + + + egressVRFID + unsigned32 + 235 + current + + + An unique identifier of the VRFname where the packets of this + flow are being sent. This identifier is unique per Metering + Process + + + + + + + VRFname + string + 236 + current + + + The name of a VPN Routing and Forwarding table (VRF). + + + + + See for the definition of VRF. + + + + + + + postMplsTopLabelExp + unsigned8 + subIpHeader + flags + 237 + all + current + + + The definition of this Information Element is identical to the + definition of Information Element 'mplsTopLabelExp', except + that it reports a potentially modified value caused by a + middlebox function after the packet passed the Observation + Point. + + + + + See for the specification of the Exp + field. + See for usage of the Exp field. + + + + + + + tcpWindowScale + unsigned16 + transportHeader + 238 + all + current + + + The scale of the window field in the TCP header. + + + + + See for the definition of the TCP + window scale. + + + + + + + biflowDirection + unsigned8 + misc + identifier + 239 + all + current + + A description of the direction assignment method used to + assign the Biflow Source and Destination. This Information Element + MAY be present in a Flow Data Record, or applied to all flows exported + from an Exporting Process or Observation Domain using IPFIX Options. + If this Information Element is not present in a Flow Record or + associated with a Biflow via scope, it is assumed that the + configuration of the direction assignment method is done out-of-band. + Note that when using IPFIX Options to apply this Information Element + to all flows within an Observation Domain or from an Exporting + Process, the Option SHOULD be sent reliably. If reliable transport is + not available (i.e., when using UDP), this Information Element SHOULD + appear in each Flow Record. This field may take the following + values: + + +-------+------------------+----------------------------------------+ + | Value | Name | Description | + +-------+------------------+----------------------------------------+ + | 0x00 | arbitrary | Direction was assigned arbitrarily. | + | 0x01 | initiator | The Biflow Source is the flow | + | | | initiator, as determined by the | + | | | Metering Process' best effort to | + | | | detect the initiator. | + | 0x02 | reverseInitiator | The Biflow Destination is the flow | + | | | initiator, as determined by the | + | | | Metering Process' best effort to | + | | | detect the initiator. This value is | + | | | provided for the convenience of | + | | | Exporting Processes to revise an | + | | | initiator estimate without re-encoding | + | | | the Biflow Record. | + | 0x03 | perimeter | The Biflow Source is the endpoint | + | | | outside of a defined perimeter. The | + | | | perimeter's definition is implicit in | + | | | the set of Biflow Source and Biflow | + | | | Destination addresses exported in the | + | | | Biflow Records. | + +-------+------------------+----------------------------------------+ + + + + + + + ethernetHeaderLength + unsigned8 + identifier + 240 + current + + + The difference between the length of an Ethernet frame (minus the + FCS) and the length of its MAC Client Data section (including any + padding) as defined in section 3.1 of [IEEE.802-3.2005]. It does + not include the Preamble, SFD and Extension field lengths. + + + octets + + + [IEEE.802-3.2005] + + + + + + + ethernetPayloadLength + unsigned16 + identifier + 241 + current + + + The length of the MAC Client Data section (including any padding) + of a frame as defined in section 3.1 of [IEEE.802-3.2005]. + + + octets + + + [IEEE.802-3.2005] + + + + + + ethernetTotalLength + unsigned16 + identifier + 242 + current + + + The total length of the Ethernet frame (excluding the Preamble, + SFD, Extension and FCS fields) as described in section 3.1 of + [IEEE.802-3.2005]. + + + octets + + + [IEEE.802-3.2005] + + + + + + dot1qVlanId + unsigned16 + identifier + 243 + current + + + The value of the 12-bit VLAN Identifier portion of the Tag + Control Information field of an Ethernet frame as described in + section 3.5.5 of [IEEE.802-3.2005]. The structure and semantics + within the Tag Control Information field are defined in IEEE + P802.1Q. In case of a QinQ frame, it represents the outer tag's + VLAN identifier and in case of an IEEE 802.1ad frame it + represents the Service VLAN identifier in the S-TAG Tag Control + Information (TCI) field as described in [IEEE.802-1ad.2005]. + + + octets + + + [IEEE.802-3.2005] + + + + + + dot1qPriority + unsigned8 + identifier + 244 + current + + + The value of the 3-bit User Priority portion of the Tag Control + Information field of an Ethernet frame as described in section + 3.5.5 of [IEEE.802-3.2005]. The structure and semantics within + the Tag Control Information field are defined in IEEE P802.1Q. + In case of a QinQ frame, it represents the outer tag's 3-bit + Class of Service (CoS) identifier and in case of an IEEE 802.1ad + frame it represents the 3-bit Priority Code Point (PCP) portion + of the S-TAG Tag Control Information (TCI) field as described in + [IEEE.802-1ad.2005]. + + + + + [IEEE.802-3.2005] + [IEEE.802-1ad.2005] + + + + + + dot1qCustomerVlanId + unsigned16 + identifier + 245 + current + + + In case of a QinQ frame, it represents the inner tag's (*) VLAN + identifier and in case of an IEEE 802.1ad frame it represents the + Customer VLAN identifier in the C-TAG Tag Control Information + (TCI) field as described in [IEEE.802-1ad.2005]. + (*) Note: the 801.2Q tag directly following the outer one. + + + + + [IEEE.802-1ad.2005] + [IEEE.802-1Q.2003] + + + + + + dot1qCustomerPriority + unsigned8 + identifier + 246 + current + + + In case of a QinQ frame, it represents the inner tag's (*) Class + of Service (CoS) identifier and in case of an IEEE 802.1ad frame + it represents the 3-bit Priority Code Point (PCP) portion of the + C-TAG Tag Control Information (TCI) field as described in + [IEEE.802-1ad.2005]. + (*) Note: the 801.2Q tag directly following the outer one. + + + + + [IEEE.802-1ad.2005] + [IEEE.802-1Q.2003] + + + + + + metroEvcId + string + 247 + current + + + The EVC Service Attribute which uniquely identifies the Ethernet + Virtual Connection (EVC) within a Metro Ethernet Network, as + defined in section 6.2 of MEF 10.1. The MetroEVCID is encoded in + a string of up to 100 characters. + + + + + MEF 10.1 (Ethernet Services Attributes Phase 2) + MEF16 (Ethernet Local Management Interface) + + + + + + metroEvcType + unsigned8 + identifier + 248 + current + + + The 3-bit EVC Service Attribute which identifies the type of + service provided by an EVC. + + + + + MEF 10.1 (Ethernet Services Attributes Phase 2) + MEF16 (Ethernet Local Management Interface) + + + + + + pseudoWireId + unsigned32 + identifier + 249 + current + + + A 32-bit non-zero connection identifier, which together with the + pseudoWireType, identifies the Pseudo Wire (PW) as defined in RFC + 4447 [RFC4447]. + + + + + See for pseudowire definitions. + + + + + + pseudoWireType + unsigned16 + identifier + 250 + current + + + The value of this information element identifies the type of MPLS + Pseudo Wire (PW) as defined in RFC 4446. + + + + + See for the pseudowire type definition, and + http://www.iana.org/assignments/pwe3-parameters for the IANA + Pseudowire Types Registry. + + + + + + pseudoWireControlWord + unsigned32 + identifier + 251 + current + + + The 32-bit Preferred Pseudo Wire (PW) MPLS Control Word as + defined in Section 3 of . + + + + + See for the Pseudo Wire Control Word + definition. + + + + + + + ingressPhysicalInterface + unsigned32 + identifier + 252 + current + + + The index of a networking device's physical interface (example, a + switch port) where packets of this flow are being received. + + + + + See for the definition of the ifIndex object. + + + + + + + egressPhysicalInterface + unsigned32 + identifier + 253 + current + + + The index of a networking device's physical interface (example, a + switch port) where packets of this flow are being sent. + + + + + See for the definition of the ifIndex object. + + + + + + + postDot1qVlanId + unsigned16 + identifier + 254 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'dot1qVlanId', except that it + reports a potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + + + [IEEE.802-3.2005] + [IEEE.802-1ad.2005] + + + + + + + postDot1qCustomerVlanId + unsigned16 + identifier + 255 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'dot1qCustomerVlanId', except + that it reports a potentially modified value caused by a + middlebox function after the packet passed the Observation Point. + + + + + [IEEE.802-1ad.2005] + [IEEE.802-1Q.2003] + + + + + + ethernetType + unsigned16 + identifier + 256 + current + + + The Ethernet type field of an Ethernet frame that identifies the + MAC client protocol carried in the payload as defined in + paragraph 1.4.349 of [IEEE.802-3.2005]. + + + + + [IEEE.802-3.2005] + Ethertype registry available at + http://standards.ieee.org/regauth/ethertype/eth.txt + + + + + + + postIpPrecedence + unsigned8 + identifier + 257 + current + + + The definition of this Information Element is identical to the + definition of Information Element 'ipPrecedence', except that + it reports a potentially modified value caused by a middlebox + function after the packet passed the Observation Point. + + + 0-7 + + + See (Section 5.3.3) and + for the definition of the + IP Precedence. See + (Section 5.3.2) and for the + definition of the IPv4 TOS field. See + for the definition of the + IPv6 Traffic Class field. + + + + + + + collectionTimeMilliseconds + dateTimeMilliseconds + 258 + current + + + The absolute timestamp at which the data within the + scope containing this Information Element was received by a + Collecting Process. This Information Element SHOULD be bound to + its containing IPFIX Message via IPFIX Options and the + messageScope Information Element, as defined below. + + + + + + + exportSctpStreamId + unsigned16 + identifier + 259 + current + + + The value of the SCTP Stream Identifier used by the + Exporting Process for exporting IPFIX Message data. This is + carried in the Stream Identifier field of the header of the SCTP + DATA chunk containing the IPFIX Message(s). + + + + + + + maxExportSeconds + dateTimeSeconds + 260 + current + + + The absolute Export Time of the latest IPFIX Message + within the scope containing this Information Element. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via IPFIX Options and the sessionScope + Information Element. + + + seconds + + + + + maxFlowEndSeconds + dateTimeSeconds + 261 + current + + + The latest absolute timestamp of the last packet + within any Flow within the scope containing this Information + Element, rounded up to the second if necessary. This Information + Element SHOULD be bound to its containing IPFIX Transport Session + via IPFIX Options and the sessionScope Information Element. + + + seconds + + + + + messageMD5Checksum + octetArray + 262 + current + + + The MD5 checksum of the IPFIX Message containing this + record. This Information Element SHOULD be bound to its + containing IPFIX Message via an options record and the + messageScope Information Element, as defined below, and SHOULD + appear only once in a given IPFIX Message. To calculate the value + of this Information Element, first buffer the containing IPFIX + Message, setting the value of this Information Element to all + zeroes. Then calculate the MD5 checksum of the resulting buffer + as defined in [RFC1321], place the resulting value in this + Information Element, and export the buffered message. This + Information Element is intended as a simple checksum only; + therefore collision resistance and algorithm agility are not + required, and MD5 is an appropriate message digest. + + This Information Element has a fixed length of 16 octets. + + + + + + + + messageScope + unsigned8 + 263 + current + + + The presence of this Information Element as scope in + an Options Template signifies that the options described by the + Template apply to the IPFIX Message that contains them. It is + defined for general purpose message scoping of options, and + proposed specifically to allow the attachment a checksum to a + message via IPFIX Options. The value of this Information Element + MUST be written as 0 by the File Writer or Exporting Process. The + value of this Information Element MUST be ignored by the File + Reader or the Collecting Process. + + + + + + + minExportSeconds + dateTimeSeconds + 264 + current + + + The absolute Export Time of the earliest IPFIX Message + within the scope containing this Information Element. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via an options record and the sessionScope + Information Element. + + + seconds + + + + + minFlowStartSeconds + dateTimeSeconds + 265 + current + + + The earliest absolute timestamp of the first packet + within any Flow within the scope containing this Information + Element, rounded down to the second if necessary. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via an options record and the sessionScope + Information Element. + + + seconds + + + + + opaqueOctets + octetArray + 266 + current + + + This Information Element is used to encapsulate non- + IPFIX data into an IPFIX Message stream, for the purpose of + allowing a non-IPFIX data processor to store a data stream inline + within an IPFIX File. A Collecting Process or File Writer MUST + NOT try to interpret this binary data. This Information Element + differs from paddingOctets as its contents are meaningful in some + non-IPFIX context, while the contents of paddingOctets MUST be + 0x00 and are intended only for Information Element alignment. + + + + + + + sessionScope + unsigned8 + 267 + current + + + The presence of this Information Element as scope in + an Options Template signifies that the options described by the + Template apply to the IPFIX Transport Session that contains them. + Note that as all options are implicitly scoped to Transport + Session and Observation Domain, this Information Element is + equivalent to a "null" scope. It is defined for general purpose + session scoping of options, and proposed specifically to allow the + attachment of time window to an IPFIX File via IPFIX Options. The + value of this Information Element MUST be written as 0 by the File + Writer or Exporting Process. The value of this Information + Element MUST be ignored by the File Reader or the Collecting + Process. + + + + + + + maxFlowEndMicroseconds + dateTimeMicroseconds + 268 + current + + + The latest absolute timestamp of the last packet + within any Flow within the scope containing this Information + Element, rounded up to the microsecond if necessary. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via IPFIX Options and the sessionScope + Information Element. This Information Element SHOULD be used only + in Transport Sessions containing Flow Records with microsecond- + precision (or better) timestamp Information Elements. + + + microseconds + + + + + maxFlowEndMilliseconds + dateTimeMilliseconds + 269 + current + + + The latest absolute timestamp of the last packet + within any Flow within the scope containing this Information + Element, rounded up to the millisecond if necessary. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via IPFIX Options and the sessionScope + Information Element. This Information Element SHOULD be used only + in Transport Sessions containing Flow Records with millisecond- + precision (or better) timestamp Information Elements. + + + milliseconds + + + + + maxFlowEndNanoseconds + dateTimeNanoseconds + 270 + current + + + The latest absolute timestamp of the last packet + within any Flow within the scope containing this Information + Element. This Information Element SHOULD be bound to its + containing IPFIX Transport Session via IPFIX Options and the + sessionScope Information Element. This Information Element SHOULD + be used only in Transport Sessions containing Flow Records with + nanosecond-precision timestamp Information Elements. + + + nanoseconds + + + + + minFlowStartMicroseconds + dateTimeMicroseconds + 271 + current + + + The earliest absolute timestamp of the first packet + within any Flow within the scope containing this Information + Element, rounded down to the microsecond if necessary. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via an options record and the sessionScope + Information Element. This Information Element SHOULD be used only + in Transport Sessions containing Flow Records with microsecond- + precision (or better) timestamp Information Elements. + + + microseconds + + + + + minFlowStartMilliseconds + dateTimeMilliseconds + 272 + current + + + The earliest absolute timestamp of the first packet + within any Flow within the scope containing this Information + Element, rounded down to the millisecond if necessary. This + Information Element SHOULD be bound to its containing IPFIX + Transport Session via an options record and the sessionScope + Information Element. This Information Element SHOULD be used only + in Transport Sessions containing Flow Records with millisecond- + precision (or better) timestamp Information Elements. + + + milliseconds + + + + + minFlowStartNanoseconds + dateTimeNanoseconds + 273 + current + + + The earliest absolute timestamp of the first packet + within any Flow within the scope containing this Information + Element. This Information Element SHOULD be bound to its + containing IPFIX Transport Session via an options record and the + sessionScope Information Element. This Information Element SHOULD + be used only in Transport Sessions containing Flow Records with + nanosecond-precision timestamp Information Elements. + + + nanoseconds + + + + + collectorCertificate + octetArray + 274 + current + + + The full X.509 certificate, encoded in ASN.1 DER + format, used by the Collector when IPFIX Messages were transmitted + using TLS or DTLS. This Information Element SHOULD be bound to + its containing IPFIX Transport Session via an options record and + the sessionScope Information Element, or to its containing IPFIX + Message via an options record and the messageScope Information + Element. + + + + + + + exporterCertificate + octetArray + 275 + current + + + The full X.509 certificate, encoded in ASN.1 DER + format, used by the Collector when IPFIX Messages were transmitted + using TLS or DTLS. This Information Element SHOULD be bound to + its containing IPFIX Transport Session via an options record and + the sessionScope Information Element, or to its containing IPFIX + Message via an options record and the messageScope Information + Element. + + + + + + + dataRecordsReliability + boolean + identifier + 276 + current + + + The export reliability of Data Records, within this SCTP + stream, for the element(s) in the Options Template + scope. A typical example of an element for which the + export reliability will be reported is the templateID, + as specified in the Data Records Reliability Options + Template. A value of 'True' means that the Exporting + Process MUST send any Data Records associated with the + element(s) reliably within this SCTP stream. A value of + 'False' means that the Exporting Process MAY send any + Data Records associated with the element(s) unreliably + within this SCTP stream. + + + + + + observationPointType + unsigned8 + identifier + 277 + current + + + Type of observation point. Values assigned to date are: + + + 1. Physical port + + + 2. Port channel + + + 3. Vlan. + + + + + + connectionCountNew + unsigned32 + deltaCounter + 278 + current + + This information element counts the number of TCP or UDP + connections which were opened during the observation period. The + observation period may be specified by the flow start and end timestamps. + + + + + + + connectionSumDuration + unsigned64 + 279 + current + + This information element aggregates the total time in + seconds for all of the TCP or UDP connections which were in use during + the observation period. For example if there are 5 concurrent + connections each for 10 seconds, the value would be 50 s. + + + + + + + connectionTransactionId + unsigned64 + identifier + 280 + current + + This information element identifies a transaction within a + connection. A transaction is a meaningful exchange of application data + between two network devices or a client and server. A transactionId is + assigned the first time a flow is reported, so that later reports for + the same flow will have the same transactionId. A different + transactionId is used for each transaction within a TCP or UDP + connection. The identifiers need not be sequential. + + + + + + + postNATSourceIPv6Address + ipv6Address + 281 + current + + The definition of this Information Element is identical to + the definition of Information Element 'sourceIPv6Address', except that + it reports a modified value caused by a NAT64 middlebox function after + the packet passed the Observation Point. + + See [RFC2460] for the definition of the Source Address field in the IPv6 + header. See [RFC3234] for the definition of middleboxes. See + http://tools.ietf.org/html/draft-ietf-behave-v6v4-xlate-stateful-12 for + nat64 specification. + + + + + + + postNATDestinationIPv6Address + ipv6Address + 282 + current + + The definition of this Information Element is identical to + the definition of Information Element 'destinationIPv6Address', except + that it reports a modified value caused by a NAT64 middlebox function + after the packet passed the Observation Point. + + See [RFC2460] for the definition of the Destination Address field in the + IPv6 header. See [RFC3234] for the definition of middleboxes. See + http://tools.ietf.org/html/draft-ietf-behave-v6v4-xlate-stateful-12 for + nat64 specification. + + + + + + + natPoolId + unsigned32 + identifier + 283 + current + + Locally unique identifier of a NAT pool. + + + + + + + natPoolName + string + 284 + current + + The name of a NAT pool identified by a natPoolID. + + + + + + + anonymizationFlags + unsigned16 + flags + 285 + current + + A flag word describing specialized modifications to + the anonymization policy in effect for the anonymization technique + applied to a referenced Information Element within a referenced + Template. When flags are clear (0), the normal policy (as + described by anonymizationTechnique) applies without modification. + + + MSB 14 13 12 11 10 9 8 7 6 5 4 3 2 1 LSB + +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + | Reserved |LOR|PmA| SC | + +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + + anonymizationFlags IE + + +--------+----------+-----------------------------------------------+ + | bit(s) | name | description | + | (LSB = | | | + | 0) | | | + +--------+----------+-----------------------------------------------+ + | 0-1 | SC | Stability Class: see the Stability Class | + | | | table below, and section Section 5.1. | + | 2 | PmA | Perimeter Anonymization: when set (1), | + | | | source- Information Elements as described in | + | | | [RFC5103] are interpreted as external | + | | | addresses, and destination- Information | + | | | Elements as described in [RFC5103] are | + | | | interpreted as internal addresses, for the | + | | | purposes of associating | + | | | anonymizationTechnique to Information | + | | | Elements only; see Section 7.2.2 for details. | + | | | This bit MUST NOT be set when associated with | + | | | a non-endpoint (i.e., source- or | + | | | destination-) Information Element. SHOULD be | + | | | consistent within a record (i.e., if a | + | | | source- Information Element has this flag | + | | | set, the corresponding destination- element | + | | | SHOULD have this flag set, and vice-versa.) | + | 3 | LOR | Low-Order Unchanged: when set (1), the | + | | | low-order bits of the anonymized Information | + | | | Element contain real data. This modification | + | | | is intended for the anonymization of | + | | | network-level addresses while leaving | + | | | host-level addresses intact in order to | + | | | preserve host level-structure, which could | + | | | otherwise be used to reverse anonymization. | + | | | MUST NOT be set when associated with a | + | | | truncation-based anonymizationTechnique. | + | 4-15 | Reserved | Reserved for future use: SHOULD be cleared | + | | | (0) by the Exporting Process and MUST be | + | | | ignored by the Collecting Process. | + +--------+----------+-----------------------------------------------+ + + + The Stability Class portion of this flags word describes the + stability class of the anonymization technique applied to a + referenced Information Element within a referenced Template. + Stability classes refer to the stability of the parameters of the + anonymization technique, and therefore the comparability of the + mapping between the real and anonymized values over time. This + determines which anonymized datasets may be compared with each + other. Values are as follows: + + + +-----+-----+-------------------------------------------------------+ + | Bit | Bit | Description | + | 1 | 0 | | + +-----+-----+-------------------------------------------------------+ + | 0 | 0 | Undefined: the Exporting Process makes no | + | | | representation as to how stable the mapping is, or | + | | | over what time period values of this field will | + | | | remain comparable; while the Collecting Process MAY | + | | | assume Session level stability, Session level | + | | | stability is not guaranteed. Processes SHOULD assume | + | | | this is the case in the absence of stability class | + | | | information; this is the default stability class. | + | 0 | 1 | Session: the Exporting Process will ensure that the | + | | | parameters of the anonymization technique are stable | + | | | during the Transport Session. All the values of the | + | | | described Information Element for each Record | + | | | described by the referenced Template within the | + | | | Transport Session are comparable. The Exporting | + | | | Process SHOULD endeavour to ensure at least this | + | | | stability class. | + | 1 | 0 | Exporter-Collector Pair: the Exporting Process will | + | | | ensure that the parameters of the anonymization | + | | | technique are stable across Transport Sessions over | + | | | time with the given Collecting Process, but may use | + | | | different parameters for different Collecting | + | | | Processes. Data exported to different Collecting | + | | | Processes are not comparable. | + | 1 | 1 | Stable: the Exporting Process will ensure that the | + | | | parameters of the anonymization technique are stable | + | | | across Transport Sessions over time, regardless of | + | | | the Collecting Process to which it is sent. | + +-----+-----+-------------------------------------------------------+ + + + + + + + anonymizationTechnique + unsigned16 + identifier + 286 + current + + + A description of the anonymization technique applied + to a referenced Information Element within a referenced Template. + Each technique may be applicable only to certain Information + Elements and recommended only for certain Infomation Elements; + these restrictions are noted in the table below. + + + +-------+---------------------------+-----------------+-------------+ + | Value | Description | Applicable to | Recommended | + | | | | for | + +-------+---------------------------+-----------------+-------------+ + | 0 | Undefined: the Exporting | all | all | + | | Process makes no | | | + | | representation as to | | | + | | whether the defined field | | | + | | is anonymized or not. | | | + | | While the Collecting | | | + | | Process MAY assume that | | | + | | the field is not | | | + | | anonymized, it is not | | | + | | guaranteed not to be. | | | + | | This is the default | | | + | | anonymization technique. | | | + | 1 | None: the values exported | all | all | + | | are real. | | | + | 2 | Precision | all | all | + | | Degradation/Truncation: | | | + | | the values exported are | | | + | | anonymized using simple | | | + | | precision degradation or | | | + | | truncation. The new | | | + | | precision or number of | | | + | | truncated bits is | | | + | | implicit in the exported | | | + | | data, and can be deduced | | | + | | by the Collecting | | | + | | Process. | | | + | 3 | Binning: the values | all | all | + | | exported are anonymized | | | + | | into bins. | | | + | 4 | Enumeration: the values | all | timestamps | + | | exported are anonymized | | | + | | by enumeration. | | | + | 5 | Permutation: the values | all | identifiers | + | | exported are anonymized | | | + | | by permutation. | | | + | 6 | Structured Permutation: | addresses | | + | | the values exported are | | | + | | anonymized by | | | + | | permutation, preserving | | | + | | bit-level structure as | | | + | | appropriate; this | | | + | | represents | | | + | | prefix-preserving IP | | | + | | address anonymization or | | | + | | structured MAC address | | | + | | anonymization. | | | + | 7 | Reverse Truncation: the | addresses | | + | | values exported are | | | + | | anonymized using reverse | | | + | | truncation. The number | | | + | | of truncated bits is | | | + | | implicit in the exported | | | + | | data, and can be deduced | | | + | | by the Collecting | | | + | | Process. | | | + | 8 | Noise: the values | non-identifiers | counters | + | | exported are anonymized | | | + | | by adding random noise to | | | + | | each value. | | | + | 9 | Offset: the values | all | timestamps | + | | exported are anonymized | | | + | | by adding a single offset | | | + | | to all values. | | | + +-------+---------------------------+-----------------+-------------+ + + + + + + + informationElementIndex + unsigned16 + identifier + 287 + current + + A zero-based index of an Information Element + referenced by informationElementId within a Template referenced by + templateId; used to disambiguate scope for templates containing + multiple identical Information Elements. + + + + + + p2pTechnology + + string + 288 + current + + Specifies if the Application ID is based on peer-to-peer + technology. + + + Possible values are: { "yes", "y", 1 }, + { "no", "n", 2 } and { "unassigned", "u", 0 }. + + + + + + + tunnelTechnology + + string + 289 + current + + Specifies if the Application ID is used as a tunnel technology. + + + Possible values are: { "yes", "y", 1 }, { "no", "n", 2 } and + { "unassigned", "u", 0 }. + + + + + + + encryptedTechnology + + string + 290 + current + + Specifies if the Application ID is an encrypted networking + protocol. + + Possible values are: { "yes", "y", 1 }, + { "no", "n", 2 } and { "unassigned", "u", 0 }. + + + + + + + basicList + basicList + list + 291 + current + + + Specifies a generic Information Element with a basicList abstract + data type. For example, a list of port numbers, a list of + interface indexes, etc. + + + + + + + subTemplateList + subTemplateList + list + 292 + current + + + Specifies a generic Information Element with a subTemplateList + abstract data type. + + + + + + + subTemplateMultiList + subTemplateMultiList + list + 293 + current + + + Specifies a generic Information Element with a + subTemplateMultiList abstract data type. + + + + + + + bgpValidityState + unsigned8 + identifier + 294 + current + + + This element describes the "validity state" of the BGP route correspondent source or destination IP address. If the "validity state" for this Flow is only available, then the value of this Information Element is 255. + + + + + See for a description of BGP-4, + for the + definition of "validity states" and + + for the encoding of those "validity states". + + + + + + + IPSecSPI + unsigned32 + identifier + 295 + current + + + IPSec Security Parameters Index (SPI). + + + 0x0-0xFFFFFFFF + + + See for the definition of SPI. + + + + + + + greKey + unsigned32 + identifier + 296 + current + + + GRE key, which is used for identifying an individual traffic flow within a tunnel. + + + 0x0-0xFFFFFFFF + + + See for the definition of GRE and the GRE Key. + + + + + + + natType + unsigned8 + identifier + 297 + current + + + The type of NAT treatment: + + + 0 unknown + + + 1 NAT44 translated + + + 2 NAT64 translated + + + 3 NAT46 translated + + + 4 IPv4-->IPv4 (no NAT) + + + 5 NAT66 translated + + + 6 IPv6-->IPv6 (no NAT) + + + + + + See for the definition of NAT. + See for the definition of NAT44. + See for the definition of NAT64. + See for the definition of NAT46. + See for the definition of NAT66. + See for the definition of IPv4. + See for the definition of IPv6. + + + + + + + initiatorPackets + unsigned64 + identifier + 298 + current + + + The total number of layer 4 packets in a flow from the + initiator. The initiator is the device which triggered the + session creation, and remains the same for the life of the + session. + + + packets + + + See #231, initiatorOctets. + + + + + + + responderPackets + unsigned64 + identifier + 299 + current + + + The total number of layer 4 packets in a flow from the + responder. The responder is the device which replies to the + initiator, and remains the same for the life of the session. + + + packets + + + See #232, responderOctets. + + + + + + + observationDomainName + string + 300 + current + + + The name of an observation domain identified by an + observationDomainId. + + + + + See #149, observationDomainId. + + + + + + + selectionSequenceId + unsigned64 + identifier + 301 + current + + + From all the packets observed at an Observation Point, a subset of + the packets is selected by a sequence of one or more Selectors. + The selectionSequenceId is a unique value per Observation Domain, + specifying the Observation Point and the sequence of Selectors + through which the packets are selected. + + + + + + + selectorId + unsigned64 + identifier + 302 + current + + + The Selector ID is the unique ID identifying a Primitive Selector. + Each Primitive Selector must have a unique ID in the Observation + Domain. + + + + + + + + informationElementId + unsigned16 + identifier + 303 + current + + + This Information Element contains the ID of another Information + Element. + + + + + + + selectorAlgorithm + unsigned16 + identifier + 304 + current + + + This Information Element identifies the packet selection methods + (e.g., Filtering, Sampling) that are applied by the Selection + Process. + + Most of these methods have parameters. Further Information + Elements are needed to fully specify packet selection with these + methods and all their parameters. + + The methods listed below are defined in [RFC5475]. For their parameters, Information Elements are defined in + the information model document. The names of these Information + Elements are listed for each method identifier. + + Further method identifiers may be added to the list below. It + might be necessary to define new Information Elements to specify + their parameters. + The selectorAlgorithm registry is maintained by IANA. New + assignments for the registry will be administered by IANA, and + are subject to Expert Review [RFC5226]. + + The registry can be updated when specifications of the new + method(s) and any new Information Elements are provided. + + The group of experts must double check the selectorAlgorithm + definitions and Information Elements with already defined + selectorAlgorithms and Information Elements for completeness, + accuracy, and redundancy. Those experts will initially be drawn + from the Working Group Chairs and document editors of the IPFIX + and PSAMP Working Groups. + + The following packet selection methods identifiers are defined + here: + + + http://www.iana.org/assignments/psamp-parameters/psamp-parameters.xhtml + + + There is a broad variety of possible parameters that could be used + for Property match Filtering (5) but currently there are no agreed + parameters specified. + + + + + + + samplingPacketInterval + unsigned32 + quantity + 305 + current + + + This Information Element specifies the number of packets that are + consecutively sampled. A value of 100 means that 100 + consecutive packets are sampled. + + For example, this Information Element may be used to describe the + configuration of a systematic count-based Sampling Selector. + + + packets + + + + + samplingPacketSpace + unsigned32 + quantity + 306 + current + + + This Information Element specifies the number of packets between + two "samplingPacketInterval"s. A value of 100 means that the next + interval starts 100 packets (which are not sampled) after the + current "samplingPacketInterval" is over. + + For example, this Information Element may be used to describe the + configuration of a systematic count-based Sampling Selector. + + + packets + + + + + samplingTimeInterval + unsigned32 + quantity + 307 + current + + + This Information Element specifies the time interval in + microseconds during which all arriving packets are sampled. + + For example, this Information Element may be used to describe the + configuration of a systematic time-based Sampling Selector. + + + microseconds + + + + + samplingTimeSpace + unsigned32 + quantity + 308 + current + + + This Information Element specifies the time interval in + microseconds between two "samplingTimeInterval"s. A value of 100 + means that the next interval starts 100 microseconds (during which + no packets are sampled) after the current "samplingTimeInterval" + is over. + + For example, this Information Element may used to describe the + configuration of a systematic time-based Sampling Selector. + + + microseconds + + + + + samplingSize + unsigned32 + quantity + 309 + current + + + This Information Element specifies the number of elements taken + from the parent Population for random Sampling methods. + + For example, this Information Element may be used to describe the + configuration of a random n-out-of-N Sampling Selector. + + + packets + + + + + samplingPopulation + unsigned32 + quantity + 310 + current + + + This Information Element specifies the number of elements in the + parent Population for random Sampling methods. + + For example, this Information Element may be used to describe the + configuration of a random n-out-of-N Sampling Selector. + + + packets + + + + + samplingProbability + float64 + quantity + 311 + current + + + This Information Element specifies the probability that a packet + is sampled, expressed as a value between 0 and 1. The probability + is equal for every packet. A value of 0 means no packet was + sampled since the probability is 0. + + For example, this Information Element may be used to describe the + configuration of a uniform probabilistic Sampling Selector. + + + + + + + dataLinkFrameSize + unsigned16 + 312 + current + + + This Information Element specifies the length of the selected data + link frame. + + The data link layer is defined in [ISO/IEC 7498-1:1994]. + + + + + + + ipHeaderPacketSection + octetArray + 313 + current + + + This Information Element, which may have a variable length, + carries a series of octets from the start of the IP header of a + sampled packet. + + With sufficient length, this element also reports octets from the + IP payload, subject to [RFC2804]. See the Security Considerations + section. + + The size of the exported section may be constrained due to + limitations in the IPFIX protocol. + + The data for this field MUST NOT be padded. + + + + + + + ipPayloadPacketSection + octetArray + 314 + current + + + This Information Element, which may have a variable length, + carries a series of octets from the start of the IP payload of a + sampled packet. + + The IPv4 payload is that part of the packet that follows the IPv4 + header and any options, which [RFC0791] refers to as "data" or + "data octets". For example, see the examples in [RFC0791], APPENDIX A. + + The IPv6 payload is the rest of the packet following the 40 octet + IPv6 header. Note that any extension headers present are + considered part of the payload. See [RFC2460] for the IPv6 + specification. + + The size of the exported section may be constrained due to + limitations in the IPFIX protocol. + + The data for this field MUST NOT be padded. + + + + + + + dataLinkFrameSection + octetArray + 315 + current + + + This Information Element carries n octets from the data link frame + of a selected frame, starting sectionOffset octets into the frame. + + The sectionObservedOctets expresses how much data was observed, + while the remainder is padding. + + When the sectionObservedOctets field corresponding to this + Information Element exists, this Information Element MAY have a + fixed length and MAY be padded, or MAY have a variable length. + + When the sectionObservedOctets field corresponding to this + Information Element does not exist, this Information Element + SHOULD have a variable length and MUST NOT be padded. In this + case, the size of the exported section may be constrained due to + limitations in the IPFIX protocol. + + Further Information Elements, i.e., dataLinkFrameType and + dataLinkFrameSize are needed to specify the data link type and the + size of the data link frame of this Information Element. A set of + these Information Elements MAY be contained in a structured data + type, as expressed in . Or a set of these Information + Elements MAY be contained in one Flow Record as shown in Appendix + C of . + + The data link layer is defined in [ISO/IEC 7498-1:1994]. + + + + + + + mplsLabelStackSection + octetArray + 316 + current + + + This Information Element, which may have a variable length, + carries the first n octets from the MPLS label stack of a sampled + packet. + + With sufficient length, this element also reports octets from the + MPLS payload, subject to [RFC2804]. See the Security + Considerations section. + + See [RFC3031] for the specification of MPLS packets. + + See [RFC3032] for the specification of the MPLS label stack. + + The size of the exported section may be constrained due to + limitations in the IPFIX protocol. + + The data for this field MUST NOT be padded. + + + + + + + mplsPayloadPacketSection + octetArray + 317 + current + + + This Information Element, which may have a variable length, + carries the first n octets from the MPLS payload of a sampled + packet, being data that follows immediately after the MPLS label + stack. + + See [RFC3031] for the specification of MPLS packets. + + See [RFC3032] for the specification of the MPLS label stack. + + The size of the exported section may be constrained due to + limitations in the IPFIX protocol. + + The data for this field MUST NOT be padded. + + + + + + + selectorIdTotalPktsObserved + unsigned64 + totalCounter + 318 + current + + + This Information Element specifies the total number of packets + observed by a Selector, for a specific value of SelectorId. + + This Information Element should be used in an Options Template + scoped to the observation to which it refers. See Section 3.4.2.1 + of the IPFIX protocol document [RFC5101]. + + + packets + + + + + selectorIdTotalPktsSelected + unsigned64 + totalCounter + 319 + current + + + This Information Element specifies the total number of packets + selected by a Selector, for a specific value of SelectorId. + + This Information Element should be used in an Options Template + scoped to the observation to which it refers. See Section 3.4.2.1 + of the IPFIX protocol document [RFC5101]. + + + packets + + + + + absoluteError + float64 + quantity + 320 + current + + + This Information Element specifies the maximum possible + measurement error of the reported value for a given Information + Element. The absoluteError has the same unit as the Information + Element with which it is associated. The real value of the metric can + differ by absoluteError (positive or negative) from the measured + value. + + This Information Element provides only the error for measured + values. If an Information Element contains an estimated value + (from Sampling), the confidence boundaries and confidence level + have to be provided instead, using the upperCILimit, lowerCILimit, + and confidenceLevel Information Elements. + + This Information Element should be used in an Options Template + scoped to the observation to which it refers. See Section 3.4.2.1 + of the IPFIX protocol document [RFC5101]. + + + The units of the Information Element for which the error is specified. + + + + + relativeError + float64 + quantity + 321 + current + + + This Information Element specifies the maximum possible positive + or negative error ratio for the reported value for a given + Information Element as percentage of the measured value. The real + value of the metric can differ by relativeError percent (positive + or negative) from the measured value. + + This Information Element provides only the error for measured + values. If an Information Element contains an estimated value + (from Sampling), the confidence boundaries and confidence level + have to be provided instead, using the upperCILimit, lowerCILimit, + and confidenceLevel Information Elements. + + This Information Element should be used in an Options Template + scoped to the observation to which it refers. See Section 3.4.2.1 + of the IPFIX protocol document [RFC5101]. + + + + + + + observationTimeSeconds + dateTimeSeconds + quantity + 322 + current + + + This Information Element specifies the absolute time in seconds of + an observation. + + + seconds + + + + + observationTimeMilliseconds + dateTimeMilliseconds + quantity + 323 + current + + + This Information Element specifies the absolute time in + milliseconds of an observation. + + + milliseconds + + + + + observationTimeMicroseconds + dateTimeMicroseconds + quantity + 324 + current + + + This Information Element specifies the absolute time in + microseconds of an observation. + + + microseconds + + + + + observationTimeNanoseconds + dateTimeNanoseconds + quantity + 325 + current + + + This Information Element specifies the absolute time in + nanoseconds of an observation. + + + nanoseconds + + + + + digestHashValue + unsigned64 + quantity + 326 + current + + + This Information Element specifies the value from the digest hash + function. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashIPPayloadOffset + unsigned64 + quantity + 327 + current + + + This Information Element specifies the IP payload offset used by a + Hash-based Selection Selector. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashIPPayloadSize + unsigned64 + quantity + 328 + current + + + This Information Element specifies the IP payload size used by a + Hash-based Selection Selector. See also Sections 6.2, 3.8 and 7.1 of + [RFC5475]. + + + + + + + hashOutputRangeMin + unsigned64 + quantity + 329 + current + + + This Information Element specifies the value for the beginning of + a hash function's potential output range. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashOutputRangeMax + unsigned64 + quantity + 330 + current + + + This Information Element specifies the value for the end of a hash + function's potential output range. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashSelectedRangeMin + unsigned64 + quantity + 331 + current + + + This Information Element specifies the value for the beginning of + a hash function's selected range. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashSelectedRangeMax + unsigned64 + quantity + 332 + current + + + This Information Element specifies the value for the end of a hash + function's selected range. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashDigestOutput + boolean + quantity + 333 + current + + + This Information Element contains a boolean value that is TRUE if + the output from this hash Selector has been configured to be + included in the packet report as a packet digest, else FALSE. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + hashInitialiserValue + unsigned64 + quantity + 334 + current + + + This Information Element specifies the initialiser value to the + hash function. + + See also Sections 6.2, 3.8 and 7.1 of [RFC5475]. + + + + + + + selectorName + string + 335 + current + + + The name of a selector identified by a selectorID. Globally + unique per Metering Process. + + + + + + + upperCILimit + float64 + quantity + 336 + current + + + This Information Element specifies the upper limit of a confidence + interval. It is used to provide an accuracy statement for an + estimated value. The confidence limits define the range in which + the real value is assumed to be with a certain probability p. + Confidence limits always need to be associated with a confidence + level that defines this probability p. Please note that a + confidence interval only provides a probability that the real + value lies within the limits. That means the real value can lie + outside the confidence limits. + + The upperCILimit, lowerCILimit, and confidenceLevel Information + Elements should all be used in an Options Template scoped to the + observation to which they refer. See Section 3.4.2.1 of the IPFIX + protocol document [RFC5101]. + + Note that the upperCILimit, lowerCILimit, and confidenceLevel are + all required to specify confidence, and should be disregarded + unless all three are specified together. + + + + + + + lowerCILimit + float64 + quantity + 337 + current + + + This Information Element specifies the lower limit of a confidence + interval. For further information, see the description of + upperCILimit. + + The upperCILimit, lowerCILimit, and confidenceLevel Information + Elements should all be used in an Options Template scoped to the + observation to which they refer. See Section 3.4.2.1 of the IPFIX + protocol document [RFC5101]. + + Note that the upperCILimit, lowerCILimit, and confidenceLevel are + all required to specify confidence, and should be disregarded + unless all three are specified together. + + + + + + + confidenceLevel + float64 + quantity + 338 + current + + + This Information Element specifies the confidence level. It is + used to provide an accuracy statement for estimated values. The + confidence level provides the probability p with which the real + value lies within a given range. A confidence level always needs + to be associated with confidence limits that define the range in + which the real value is assumed to be. + + The upperCILimit, lowerCILimit, and confidenceLevel Information + Elements should all be used in an Options Template scoped to the + observation to which they refer. See Section 3.4.2.1 of the IPFIX + protocol document [RFC5101]. + + Note that the upperCILimit, lowerCILimit, and confidenceLevel are + all required to specify confidence, and should be disregarded + unless all three are specified together. + + + + + + informationElementDataType + unsigned8 + 339 + current + + + A description of the abstract data type of an IPFIX + information element.These are taken from the abstract data types + defined in section 3.1 of the IPFIX Information Model [RFC5102]; + see that section for more information on the types described + in the informationElementDataType sub-registry. + + These types are registered in the IANA IPFIX Information Element + Data Type subregistry. This subregistry is intended to assign + numbers for type names, not to provide a mechanism for adding data + types to the IPFIX Protocol, and as such requires a Standards + Action [RFC5226] to modify. + + + + + + + informationElementDescription + string + 340 + current + + + A UTF-8 [RFC3629] encoded Unicode string containing a + human-readable description of an Information Element. The content + of the informationElementDescription MAY be annotated with one or + more language tags [RFC4646], encoded in-line [RFC2482] within the + UTF-8 string, in order to specify the language in which the + description is written. Description text in multiple languages + MAY tag each section with its own language tag; in this case, the + description information in each language SHOULD have equivalent + meaning. In the absence of any language tag, the "i-default" + [RFC2277] language SHOULD be assumed. See the Security + Considerations section for notes on string handling for + Information Element type records. + + + + + + + informationElementName + string + 341 + current + + + A UTF-8 [RFC3629] encoded Unicode string containing + the name of an Information Element, intended as a simple + identifier. See the Security Considerations section for notes on + string handling for Information Element type records + + + + + + + informationElementRangeBegin + unsigned64 + quantity + 342 + current + + + Contains the inclusive low end of the range of + acceptable values for an Information Element. + + + + + + + informationElementRangeEnd + unsigned64 + quantity + 343 + current + + + Contains the inclusive high end of the range of + acceptable values for an Information Element. + + + + + + + informationElementSemantics + unsigned8 + 344 + current + + + A description of the semantics of an IPFIX Information + Element. These are taken from the data type semantics defined in + section 3.2 of the IPFIX Information Model [RFC5102]; see that + section for more information on the types defined in the informationElementSemantics sub-registry. This + field may take the values in Table ; the special value 0x00 + (default) is used to note that no semantics apply to the field; it + cannot be manipulated by a Collecting Process or File Reader that + does not understand it a priori. + + These semantics are registered in the IANA IPFIX Information + Element Semantics subregistry. This subregistry is intended to + assign numbers for semantics names, not to provide a mechanism for + adding semantics to the IPFIX Protocol, and as such requires a + Standards Action [RFC5226] to modify. + + + + + + + informationElementUnits + unsigned16 + 345 + current + + + A description of the units of an IPFIX Information + Element. These correspond to the units implicitly defined in the + Information Element definitions in section 5 of the IPFIX + Information Model [RFC5102]; see that section for more information + on the types described in the informationElementsUnits sub-registry. This field may take the values in + Table 3 below; the special value 0x00 (none) is used to note that + the field is unitless. + + These types are registered in the IANA IPFIX Information Element + Units subregistry; new types may be added on a First Come First + Served [RFC5226] basis. + + + + + + + privateEnterpriseNumber + unsigned32 + identifier + 346 + current + + + A private enterprise number, as assigned by IANA. + Within the context of an Information Element Type record, this + element can be used along with the informationElementId element to + scope properties to a specific Information Element. To export + type information about an IANA-assigned Information Element, set + the privateEnterpriseNumber to 0, or do not export the + privateEnterpriseNumber in the type record. To export type + information about an enterprise-specific Information Element, + export the enterprise number in privateEnterpriseNumber, and + export the Information Element number with the Enterprise bit + cleared in informationElementId. The Enterprise bit in the + associated informationElementId Information Element MUST be + ignored by the Collecting Process. + + + + + + + virtualStationInterfaceId + octetArray + identifier + 347 + current + + + Instance Identifier of the interface to a Virtual Station. A Virtual + Station is an end station instance: it can be a virtual machine or a + physical host. + + + + + See IEEE 802.1Qbg for the definition of Virtual Station Interface ID. + + + + + + + virtualStationInterfaceName + string + 348 + current + + + Name of the interface to a Virtual Station. A Virtual Station is an end station + instance: it can be a virtual machine or a physical host. + + + + + See IEEE 802.1Qbg for the definition of Virtual Station Interface. + + + + + + + virtualStationUUID + octetArray + identifier + 349 + current + + + Unique Identifier of a Virtual Station. A Virtual Station is an end station + instance: it can be a virtual machine or a physical host. + + + + + See IEEE 802.1Qbg for the definition of Virtual Station. + + + + + + + virtualStationName + string + 350 + current + + + Name of a Virtual Station. A Virtual Station is an end station + instance: it can be a virtual machine or a physical host. + + + + + See IEEE 802.1Qbg for the definition of Virtual Station. + + + + + + + layer2SegmentId + unsigned64 + identifier + 351 + current + + + Identifier of a layer 2 network segment in an overlay network. + The most significant byte identifies the layer 2 network + overlay network encapsulation type: + + + 0x00 reserved + + + 0x01 VxLAN + + + 0x02 NVGRE + + + The three lowest significant bytes + hold the value of the layer 2 + overlay network segment identifier. + + + For example: + + + - a 24 bit segment ID VXLAN Network + Identifier (VNI) + + + - a 24 bit Tenant Network Identifier + (TNI) for NVGRE + + + + + See VxLAN RFC at http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-00 + + + See NVGRE RFC at http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00 + + + + + + layer2OctetDeltaCount + unsigned64 + deltaCounter + 352 + current + + + The number of layer 2 octets since the previous report (if any) in + incoming packets for this Flow at the Observation Point. The + number of octets includes layer 2 header(s) and layer 2 payload. + # memo: layer 2 version of octetDeltaCount (field #1) + + + octets + + + + + + + + + + layer2OctetTotalCount + unsigned64 + totalCounter + 353 + current + + + The total number of layer 2 octets in incoming packets for this + Flow at the Observation Point since the Metering Process + (re-)initialization for this Observation Point. The number of + octets includes layer 2 header(s) and layer 2 payload. + # memo: layer 2 version of octetTotalCount (field #85) + + + octets + + + + + + + + + + ingressUnicastPacketTotalCount + unsigned64 + totalCounter + 354 + current + + + The total number of incoming unicast packets metered at the + Observation Point since the Metering Process (re-)initialization + for this Observation Point. + + + packets + + + + + + ingressMulticastPacketTotalCount + unsigned64 + totalCounter + 355 + current + + + The total number of incoming multicast packets metered at the + Observation Point since the Metering Process (re-)initialization + for this Observation Point. + + + packets + + + + + + ingressBroadcastPacketTotalCount + unsigned64 + totalCounter + 356 + current + + + The total number of incoming broadcast packets metered at the + Observation Point since the Metering Process (re-)initialization + for this Observation Point. + + + packets + + + + + + egressUnicastPacketTotalCount + unsigned64 + totalCounter + 357 + current + + + The total number of incoming unicast packets metered at the + Observation Point since the Metering Process (re-)initialization + for this Observation Point. + + + packets + + + + + + egressBroadcastPacketTotalCount + unsigned64 + totalCounter + 358 + current + + + The total number of incoming broadcast packets metered at the + Observation Point since the Metering Process (re-)initialization + for this Observation Point. + + + packets + + + + + + monitoringIntervalStartMilliSeconds + dateTimeMilliseconds + 359 + current + + + The absolute timestamp at which the monitoring interval + started. + A Monitoring interval is the period of time during which the Metering + Process is running. + + + milliseconds + + + + + monitoringIntervalEndMilliSeconds + dateTimeMilliseconds + 360 + current + + + The absolute timestamp at which the monitoring interval ended. + A Monitoring interval is the period of time during which the Metering + Process is running. + + + milliseconds + + + + + portRangeStart + unsigned16 + identifier + 361 + current + + + The port number identifying the start of a range of ports. A value + of zero indicates that the range start is not specified, ie the + range is defined in some other way. + + + Additional information on defined TCP port numbers can be found at + http://www.iana.org/assignments/service-names-port-numbers. + + + + + + + + portRangeEnd + unsigned16 + identifier + 362 + current + + + The port number identifying the end of a range of ports. A value + of zero indicates that the range end is not specified, ie the + range is defined in some other way. + + + Additional information on defined TCP port numbers can be found at + http://www.iana.org/assignments/service-names-port-numbers. + + + + + + + + portRangeStepSize + unsigned16 + identifier + 363 + current + + + The step size in a port range. The default step size is 1, + which indicates contiguous ports. A value of zero indicates + that the step size is not specified, ie the range is defined + in some other way. + + + + + + + + portRangeNumPorts + unsigned16 + identifier + 364 + current + + + The number of ports in a port range. A value of zero indicates + that the number of ports is not specified, ie the range is defined + in some other way. + + + + + + + + staMacAddress + macAddress + identifier + 365 + current + + + The IEEE 802 MAC address of a wireless station (STA). + + + + See section 1.4 of RFC5415 for the definition of STA. + + + + + + staIPv4Address + ipv4Address + identifier + 366 + current + + + The IPv4 address of a wireless station (STA). + + + + See section 1.4 of RFC5415 for the definition of STA. + + + + + + wtpMacAddress + macAddress + identifier + 367 + current + + + The IEEE 802 MAC address of a wireless access point (WTP). + + + + See section 1.4 of RFC5415 for the definition of WTP. + + + + + + ingressInterfaceType + unsigned32 + identifier + 368 + current + + + The type of interface where packets of this Flow are being received. + The value matches the value of managed object 'ifType' as defined in + http://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib + + + + http://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib + + + + + + egressInterfaceType + unsigned32 + identifier + 369 + current + + + The type of interface where packets of this Flow are being sent. + The value matches the value of managed object 'ifType' as defined in + http://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib + + + + http://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib + + + + + + rtpSequenceNumber + unsigned16 + 370 + current + + + The RTP sequence number per RFC3550. + + + + + + + + userName + string + 371 + current + + + User name associated with the flow. + + + + + + + applicationCategoryName + string + 372 + current + + + An attribute that provides a first level categorization for + each Application ID. + + + + + + + applicationSubCategoryName + string + 373 + current + + + An attribute that provides a second level categorization + for each Application ID. + + + + + + + applicationGroupName + string + 374 + current + + + An attribute that groups multiple Application IDs that + belong to the same networking application. + + + + + + + originalFlowsPresent + unsigned64 + deltaCounter + 375 + current + + + The non-conservative count of Original Flows + contributing to this Aggregated Flow. Non-conservative counts + need not sum to the original count on re-aggregation. + + + + + + + originalFlowsInitiated + unsigned64 + deltaCounter + 376 + current + + + The conservative count of Original Flows whose first + packet is represented within this Aggregated Flow. Conservative + counts must sum to the original count on re-aggregation. + + + + + + + originalFlowsCompleted + unsigned64 + deltaCounter + 377 + current + + + The conservative count of Original Flows whose last + packet is represented within this Aggregated Flow. Conservative + counts must sum to the original count on re-aggregation. + + + + + + + distinctCountOfSourceIPAddress + unsigned64 + totalCounter + 378 + current + + + The count of distinct source IP address values for + Original Flows contributing to this Aggregated Flow, without + regard to IP version. This Information Element is preferred to + the IP-version-specific counters, unless it is important to + separate the counts by version. + + + + + + + distinctCountOfDestinationIPAddress + unsigned64 + totalCounter + 379 + current + + + The count of distinct destination IP address values + for Original Flows contributing to this Aggregated Flow, without + regard to IP version. This Information Element is preferred to + the version-specific counters below, unless it is important to + separate the counts by version. + + + + + + + distinctCountOfSourceIPv4Address + unsigned32 + totalCounter + 380 + current + + + The count of distinct source IPv4 address values for + Original Flows contributing to this Aggregated Flow. + + + + + + + distinctCountOfDestinationIPv4Address + unsigned32 + totalCounter + 381 + current + + + The count of distinct destination IPv4 address values + for Original Flows contributing to this Aggregated Flow. + + + + + + + distinctCountOfSourceIPv6Address + unsigned64 + totalCounter + 382 + current + + + The count of distinct source IPv6 address values for + Original Flows contributing to this Aggregated Flow. + + + + + + + distinctCountOfDestinationIPv6Address + unsigned64 + totalCounter + 383 + current + + + The count of distinct destination IPv6 address values + for Original Flows contributing to this Aggregated Flow. + + + + + + + valueDistributionMethod + unsigned8 + 384 + current + + + A description of the method used to distribute the + counters from Contributing Flows into the Aggregated Flow records + described by an associated scope, generally a Template. The + method is deemed to apply to all the non-key Information Elements + in the referenced scope for which value distribution is a valid + operation; if the originalFlowsInitiated and/or + originalFlowsCompleted Information Elements appear in the + Template, they are not subject to this distribution method, as + they each infer their own distribution method. This is intended + to be a complete set of possible value distribution methods; it is + encoded as follows: + + + +-------+-----------------------------------------------------------+ + | Value | Description | + +-------+-----------------------------------------------------------+ + | 0 | Unspecified: The counters for an Original Flow are | + | | explicitly not distributed according to any other method | + | | defined for this Information Element; use for arbitrary | + | | distribution, or distribution algorithms not described by | + | | any other codepoint. | + | | --------------------------------------------------------- | + | | | + | 1 | Start Interval: The counters for an Original Flow are | + | | added to the counters of the appropriate Aggregated Flow | + | | containing the start time of the Original Flow. This | + | | should be assumed the default if value distribution | + | | information is not available at a Collecting Process for | + | | an Aggregated Flow. | + | | --------------------------------------------------------- | + | | | + | 2 | End Interval: The counters for an Original Flow are added | + | | to the counters of the appropriate Aggregated Flow | + | | containing the end time of the Original Flow. | + | | --------------------------------------------------------- | + | | | + | 3 | Mid Interval: The counters for an Original Flow are added | + | | to the counters of a single appropriate Aggregated Flow | + | | containing some timestamp between start and end time of | + | | the Original Flow. | + | | --------------------------------------------------------- | + | | | + | 4 | Simple Uniform Distribution: Each counter for an Original | + | | Flow is divided by the number of time intervals the | + | | Original Flow covers (i.e., of appropriate Aggregated | + | | Flows sharing the same Flow Key), and this number is | + | | added to each corresponding counter in each Aggregated | + | | Flow. | + | | --------------------------------------------------------- | + | | | + | 5 | Proportional Uniform Distribution: Each counter for an | + | | Original Flow is divided by the number of time units the | + | | Original Flow covers, to derive a mean count rate. This | + | | mean count rate is then multiplied by the number of time | + | | units in the intersection of the duration of the Original | + | | Flow and the time interval of each Aggregated Flow. This | + | | is like simple uniform distribution, but accounts for the | + | | fractional portions of a time interval covered by an | + | | Original Flow in the first and last time interval. | + | | --------------------------------------------------------- | + | | | + | 6 | Simulated Process: Each counter of the Original Flow is | + | | distributed among the intervals of the Aggregated Flows | + | | according to some function the Intermediate Aggregation | + | | Process uses based upon properties of Flows presumed to | + | | be like the Original Flow. This is essentially an | + | | assertion that the Intermediate Aggregation Process has | + | | no direct packet timing information but is nevertheless | + | | not using one of the other simpler distribution methods. | + | | The Intermediate Aggregation Process specifically makes | + | | no assertion as to the correctness of the simulation. | + | | --------------------------------------------------------- | + | | | + | 7 | Direct: The Intermediate Aggregation Process has access | + | | to the original packet timings from the packets making up | + | | the Original Flow, and uses these to distribute or | + | | recalculate the counters. | + +-------+-----------------------------------------------------------+ + + + + + + + rfc3550JitterMeanMilliseconds + unsigned32 + quantity + 385 + current + + + Interarrival jitter as defined in section 6.4.1 of , + measured in milliseconds. + + + milliseconds + + + + + rfc3550JitterMeanMicroseconds + unsigned32 + quantity + 386 + current + + + Interarrival jitter as defined in section 6.4.1 of , + measured in microseconds. + + + microseconds + + + + + rfc3550JitterMeanNanoseconds + unsigned32 + quantity + 387 + current + + + Interarrival jitter as defined in section 6.4.1 of , + measured in nanoseconds. + + + nanoseconds + + + + + + 388-32767 + + + + + + IPFIX MPLS label type (Value 46) + Expert Review + Primary expert - Nevil Brownlee and Secondary expert - Juergen Quittek + + + + 1 + TE-MIDPT: Any TE tunnel mid-point or tail label + + + + + 2 + Pseudowire: Any PWE3 or Cisco AToM based label + + + + + 3 + VPN: Any label associated with VPN + + + + + 4 + BGP: Any label associated with BGP or BGP routing + + + + + 5 + LDP: Any label associated with dynamically assigned labels using LDP + + + + + 6-255 + Unassigned + + + + + + + + Classification Engine IDs (Value 101) + Expert Review + Primary expert - Nevil Brownlee and Secondary expert - Juergen Quittek + + + + 0 + Invalid. + + + + + + 1 + IANA-L3: The Assigned Internet Protocol Number (layer 3 (L3)) is exported in the Selector ID. See http://www.iana.org/assignments/protocol-numbers. + + 1 + + + + + 2 + PANA-L3: Proprietary layer 3 definition. An enterprise can export its own layer 3 protocol numbers. The Selector ID has a global significance for all devices from the same enterprise. + + 1 + + + + + 3 + IANA-L4: The IANA layer 4 (L4) well-known port + number is exported in the Selector ID. See [http://www.iana.org/assignments/service-names-port-numbers]. Note: as an IPFIX flow is unidirectional, + it contains the destination port in a flow from + the client to the server. + + 2 + + + + + 4 + PANA-L4: Proprietary layer 4 definition. An + enterprise can export its own layer 4 port + numbers. The Selector ID has global significance + for devices from the same enterprise. Example: + IPFIX had the port 4739 pre-assigned in the IETF + draft for years. While waiting for the RFC and its + associated IANA registration, the Selector ID 4739 + was used with this PANA-L4. + + 2 + + + + + 5 + Reserved + + + + + + 6 + USER-Defined: The Selector ID represents + applications defined by the user (using CLI, GUI, + etc.) based on the methods described in section 2. + The Selector ID has a local significance per + device. + + 3 + + + + + 7 + Reserved + + + + + + 8 + Reserved + + + + + + 9 + Reserved + + + + + + 10 + Reserved + + + + + + 11 + Reserved + + + + + + 12 + PANA-L2: Proprietary layer 2 (L2) definition. An + enterprise can export its own layer 2 identifiers. + The Selector ID represents the enterprise's unique + global layer 2 applications. The Selector ID has a + global significance for all devices from the same + enterprise. Examples include Cisco Subnetwork + Access Protocol (SNAP). + + 5 + + + + + 13 + PANA-L7: Proprietary layer 7 definition. The + Selector ID represents the enterprise's unique + global ID for the layer 7 applications. The + Selector ID has a global significance for all + devices from the same enterprise. This + Classification Engine Id is used when the + application registry is owned by the Exporter + manufacturer (referred to as the "enterprise" in + this document). + + 3 + + + + + 14 + Reserved + + + + + + 15 + Reserved + + + + + + 16 + Reserved + + + + + + 17 + Reserved + + + + + + 18 + ETHERTYPE: The Selector ID represents the well- + known Ethertype. See http://standards.ieee.org/develop/regauth/ethertype/eth.txt. + Note that the Ethertype is usually expressed in + hexadecimal. However, the corresponding decimal + value is used in this Selector ID. + + 2 + + + + + 19 + LLC: The Selector ID represents the well-known + IEEE 802.2 Link Layer Control (LLC) Destination + Service Access Point (DSAP). + See http://standards.ieee.org/develop/regauth/llc/public.html. + Note that LLC DSAP is usually expressed in + hexadecimal. However, the corresponding decimal + value is used in this Selector ID. + + 1 + + + + + 20 + PANA-L7-PEN: Proprietary layer 7 definition, + including a Private Enterprise Number (PEN) + [http://www.iana.org/assignments/enterprise-numbers] + to identify that the application registry being + used is not owned by the Exporter manufacturer or to identify the + original enterprise in the case of a mediator or + 3rd party device. The Selector ID represents the + enterprise unique global ID for the layer 7 + applications. The Selector ID has a global + significance for all devices from the same + enterprise. + + 3 + + + + + + + + + + + IPFIX Version Numbers + + Standards Action + + + 0 + Reserved + + + + 1-8 + Reserved (historic) + + + + 9 + Cisco Systems NetFlow Version 9 (historic) + + + + + 10 + IPFIX as documented in RFC5101 + + + + + 11-65535 + Unassigned + + + + + + + + IPFIX Set IDs + + Standards Action + + + 0-1 + Not used (historic) + + + + + 2 + Template Set + + + + + 3 + Option Template Set + + + + + 4-255 + Unassigned + + + + + 256-65535 + Reserved for Data Sets + + + + + + + + + IPFIX Information Element Data Types + + Standards Action + + + + + 0 + octetArray + + + + + 1 + unsigned8 + + + + + 2 + unsigned16 + + + + + 3 + unsigned32 + + + + + 4 + unsigned64 + + + + + 5 + signed8 + + + + + 6 + signed16 + + + + + 7 + signed32 + + + + + 8 + signed64 + + + + + 9 + float32 + + + + + 10 + float64 + + + + + 11 + boolean + + + + + 12 + macAddress + + + + + 13 + string + + + + + 14 + dateTimeSeconds + + + + + 15 + dateTimeMilliseconds + + + + + 16 + dateTimeMicroseconds + + + + + 17 + dateTimeNanoseconds + + + + + 18 + ipv4Address + + + + + 19 + ipv6Address + + + + + 20 + basicList + + + + + 21 + subTemplateList + + + + + 22 + subTemplateMultiList + + + + + 23-255 + Unassigned + + + + + + + + IPFIX Information Element Semantics + + Standards Action + + + + + 0 + default + + + + + 1 + quantity + + + + + 2 + totalCounter + + + + + 3 + deltaCounter + + + + + 4 + identifier + + + + + 5 + flags + + + + + 6 + list + + + + + 7-255 + Unassigned + + + + + + + + + IPFIX Information Element Units + + Expert Review + + + 0 + none + + + + + + 1 + bits + + + + + + 2 + octets + + + + + + 3 + packets + + + + + + 4 + flows + + + + + + 5 + seconds + + + + + + 6 + milliseconds + + + + + + 7 + microseconds + + + + + + 8 + nanoseconds + + + + + + 9 + 4-octet words + for IPv4 header length + + + + + 10 + messages + for reliability reporting + + + + + 11 + hops + for TTL + + + + + 12 + entries + for MPLS label stack + + + + + 13-65535 + Unassigned + + + + + + + + + + IPFIX Structured Data Types Semantics + + Standards Action + + + 0x00 + noneOf + The "noneOf" structured data type semantic specifies + that none of the elements are actual properties of the Data + Record. + + + + + + 0x01 + exactlyOneOf + The "exactlyOneOf" structured data type semantic + specifies that only a single element from the structured data is + an actual property of the Data Record. This is equivalent to a + logical XOR operation. + + + + + + 0x02 + oneOrMoreOf + The "oneOrMoreOf" structured data type semantic + specifies that one or more elements from the list in the + structured data are actual properties of the Data Record. This is + equivalent to a logical OR operation. + + + + + + 0x03 + allOf + The "allOf" structured data type semantic specifies + that all of the list elements from the structured data are actual + properties of the Data Record. + + + + + + 0x04 + ordered + The "ordered" structured data type semantic specifies + that elements from the list in the structured data are ordered. + + + + + + 0x05-0xFE + + unassigned + + + + + 0xFF + undefined + The "undefined" structured data type semantic + specifies that the semantic of the list elements is not specified and + that, if a semantic exists, then it is up to the Collecting + Process to draw its own conclusions. The "undefined" structured + data type semantic is the default structured data type semantic. + + + + + + + + + ipfix-iana at cisco.com + mailto:ipfix-iana&cisco.com + 2012-09-20 + + + + diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c new file mode 100644 index 000000000..9de8b1cd0 --- /dev/null +++ b/ofproto/ofproto-dpif-ipfix.c @@ -0,0 +1,848 @@ +/* + * Copyright (c) 2012 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "ofproto-dpif-ipfix.h" +#include "byte-order.h" +#include "collectors.h" +#include "flow.h" +#include "hash.h" +#include "hmap.h" +#include "ofpbuf.h" +#include "ofproto.h" +#include "packets.h" +#include "sset.h" +#include "util.h" +#include "timeval.h" +#include "util.h" +#include "vlog.h" + +VLOG_DEFINE_THIS_MODULE(ipfix); + +static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + +/* Cf. IETF RFC 5101 Section 10.3.4. */ +#define IPFIX_DEFAULT_COLLECTOR_PORT 4739 + +struct dpif_ipfix_exporter { + struct collectors *collectors; + uint32_t seq_number; + time_t last_template_set_time; +}; + +struct dpif_ipfix_bridge_exporter { + struct dpif_ipfix_exporter exporter; + struct ofproto_ipfix_bridge_exporter_options *options; + uint32_t probability; +}; + +struct dpif_ipfix_flow_exporter { + struct dpif_ipfix_exporter exporter; + struct ofproto_ipfix_flow_exporter_options *options; +}; + +struct dpif_ipfix_flow_exporter_map_node { + struct hmap_node node; + struct dpif_ipfix_flow_exporter exporter; +}; + +struct dpif_ipfix { + struct dpif_ipfix_bridge_exporter bridge_exporter; + struct hmap flow_exporter_map; /* dpif_ipfix_flow_exporter_map_nodes. */ +}; + +#define IPFIX_VERSION 0x000a + +/* When using UDP, IPFIX Template Records must be re-sent regularly. + * The standard default interval is 10 minutes (600 seconds). + * Cf. IETF RFC 5101 Section 10.3.6. */ +#define IPFIX_TEMPLATE_INTERVAL 600 + +/* Cf. IETF RFC 5101 Section 3.1. */ +struct ipfix_header { + ovs_be16 version; /* IPFIX_VERSION. */ + ovs_be16 length; /* Length in bytes including this header. */ + ovs_be32 export_time; /* Seconds since the epoch. */ + ovs_be32 seq_number; /* Message sequence number. */ + ovs_be32 obs_domain_id; /* Observation Domain ID. */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_header) == 16); + +#define IPFIX_SET_ID_TEMPLATE 2 +#define IPFIX_SET_ID_OPTION_TEMPLATE 3 + +/* Cf. IETF RFC 5101 Section 3.3.2. */ +struct ipfix_set_header { + ovs_be16 set_id; /* IPFIX_SET_ID_* or valid template ID for Data Sets. */ + ovs_be16 length; /* Length of the set in bytes including header. */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_set_header) == 4); + +/* Alternatives for templates at each layer. A template is defined by + * a combination of one value for each layer. */ +enum ipfix_proto_l2 { + IPFIX_PROTO_L2_ETH = 0, /* No VLAN. */ + IPFIX_PROTO_L2_VLAN, + NUM_IPFIX_PROTO_L2 +}; +enum ipfix_proto_l3 { + IPFIX_PROTO_L3_UNKNOWN = 0, + IPFIX_PROTO_L3_IPV4, + IPFIX_PROTO_L3_IPV6, + NUM_IPFIX_PROTO_L3 +}; +enum ipfix_proto_l4 { + IPFIX_PROTO_L4_UNKNOWN = 0, + IPFIX_PROTO_L4_TCP_UDP, + NUM_IPFIX_PROTO_L4 +}; + +/* Any Template ID > 255 is usable for Template Records. */ +#define IPFIX_TEMPLATE_ID_MIN 256 + +/* Cf. IETF RFC 5101 Section 3.4.1. */ +struct ipfix_template_record_header { + ovs_be16 template_id; + ovs_be16 field_count; +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_template_record_header) == 4); + +enum ipfix_entity_id { +#define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ID_##ENUM = ID, +#include "ofproto/ipfix-entities.def" +}; + +enum ipfix_entity_size { +#define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_SIZE_##ENUM = SIZE, +#include "ofproto/ipfix-entities.def" +}; + +struct ipfix_template_field_specifier { + ovs_be16 element_id; /* IPFIX_ENTITY_ID_*. */ + ovs_be16 field_length; /* Length of the field's value, in bytes. */ + /* No Enterprise ID, since only standard element IDs are specified. */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_template_field_specifier) == 4); + +/* Part of data record for common metadata and Ethernet entities. */ +struct ipfix_data_record_common { + ovs_be32 observation_point_id; /* OBSERVATION_POINT_ID */ + ovs_be64 packet_delta_count; /* PACKET_DELTA_COUNT */ + ovs_be64 layer2_octet_delta_count; /* LAYER2_OCTET_DELTA_COUNT */ + uint8_t source_mac_address[6]; /* SOURCE_MAC_ADDRESS */ + uint8_t destination_mac_address[6]; /* DESTINATION_MAC_ADDRESS */ + ovs_be16 ethernet_type; /* ETHERNET_TYPE */ + ovs_be16 ethernet_total_length; /* ETHERNET_TOTAL_LENGTH */ + uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_common) == 37); + +/* Part of data record for VLAN entities. */ +struct ipfix_data_record_vlan { + ovs_be16 vlan_id; /* VLAN_ID */ + ovs_be16 dot1q_vlan_id; /* DOT1Q_VLAN_ID */ + uint8_t dot1q_priority; /* DOT1Q_PRIORITY */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_vlan) == 5); + +/* Part of data record for IP entities. */ +struct ipfix_data_record_ip { + uint8_t ip_version; /* IP_VERSION */ + uint8_t ip_ttl; /* IP_TTL */ + uint8_t protocol_identifier; /* PROTOCOL_IDENTIFIER */ + uint8_t ip_diff_serv_code_point; /* IP_DIFF_SERV_CODE_POINT */ + uint8_t ip_precedence; /* IP_PRECEDENCE */ + uint8_t ip_class_of_service; /* IP_CLASS_OF_SERVICE */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_ip) == 6); + +/* Part of data record for IPv4 entities. */ +struct ipfix_data_record_ipv4 { + ovs_be32 source_ipv4_address; /* SOURCE_IPV4_ADDRESS */ + ovs_be32 destination_ipv4_address; /* DESTINATION_IPV4_ADDRESS */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_ipv4) == 8); + +/* Part of data record for IPv4 entities. */ +struct ipfix_data_record_ipv6 { + uint8_t source_ipv6_address[16]; /* SOURCE_IPV6_ADDRESS */ + uint8_t destination_ipv6_address[16]; /* DESTINATION_IPV6_ADDRESS */ + ovs_be32 flow_label_ipv6; /* FLOW_LABEL_IPV6 */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_ipv6) == 36); + +/* Part of data record for TCP/UDP entities. */ +struct ipfix_data_record_tcpudp { + ovs_be16 source_transport_port; /* SOURCE_TRANSPORT_PORT */ + ovs_be16 destination_transport_port; /* DESTINATION_TRANSPORT_PORT */ +} __attribute__((packed)); +BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_tcpudp) == 4); + +static bool +ofproto_ipfix_bridge_exporter_options_equal( + const struct ofproto_ipfix_bridge_exporter_options *a, + const struct ofproto_ipfix_bridge_exporter_options *b) +{ + return (a->obs_domain_id == b->obs_domain_id + && a->obs_point_id == b->obs_point_id + && a->sampling_rate == b->sampling_rate + && sset_equals(&a->targets, &b->targets)); +} + +static struct ofproto_ipfix_bridge_exporter_options * +ofproto_ipfix_bridge_exporter_options_clone( + const struct ofproto_ipfix_bridge_exporter_options *old) +{ + struct ofproto_ipfix_bridge_exporter_options *new = + xmemdup(old, sizeof *old); + sset_clone(&new->targets, &old->targets); + return new; +} + +static void +ofproto_ipfix_bridge_exporter_options_destroy( + struct ofproto_ipfix_bridge_exporter_options *options) +{ + if (options) { + sset_destroy(&options->targets); + free(options); + } +} + +static bool +ofproto_ipfix_flow_exporter_options_equal( + const struct ofproto_ipfix_flow_exporter_options *a, + const struct ofproto_ipfix_flow_exporter_options *b) +{ + return (a->collector_set_id == b->collector_set_id + && sset_equals(&a->targets, &b->targets)); +} + +static struct ofproto_ipfix_flow_exporter_options * +ofproto_ipfix_flow_exporter_options_clone( + const struct ofproto_ipfix_flow_exporter_options *old) +{ + struct ofproto_ipfix_flow_exporter_options *new = + xmemdup(old, sizeof *old); + sset_clone(&new->targets, &old->targets); + return new; +} + +static void +ofproto_ipfix_flow_exporter_options_destroy( + struct ofproto_ipfix_flow_exporter_options *options) +{ + if (options) { + sset_destroy(&options->targets); + free(options); + } +} + +static void +dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter *exporter) +{ + collectors_destroy(exporter->collectors); + exporter->collectors = NULL; + exporter->seq_number = 1; + exporter->last_template_set_time = TIME_MIN; +} + +static bool +dpif_ipfix_exporter_set_options(struct dpif_ipfix_exporter *exporter, + const struct sset *targets) +{ + collectors_destroy(exporter->collectors); + collectors_create(targets, IPFIX_DEFAULT_COLLECTOR_PORT, + &exporter->collectors); + if (exporter->collectors == NULL) { + VLOG_WARN_RL(&rl, "no collectors could be initialized, " + "IPFIX exporter disabled"); + dpif_ipfix_exporter_clear(exporter); + return false; + } + return true; +} + +static void +dpif_ipfix_bridge_exporter_clear(struct dpif_ipfix_bridge_exporter *exporter) +{ + dpif_ipfix_exporter_clear(&exporter->exporter); + ofproto_ipfix_bridge_exporter_options_destroy(exporter->options); + exporter->options = NULL; + exporter->probability = 0; +} + +static void +dpif_ipfix_bridge_exporter_set_options( + struct dpif_ipfix_bridge_exporter *exporter, + const struct ofproto_ipfix_bridge_exporter_options *options) +{ + bool options_changed; + + if (!options || sset_is_empty(&options->targets)) { + /* No point in doing any work if there are no targets. */ + dpif_ipfix_bridge_exporter_clear(exporter); + return; + } + + options_changed = ( + !exporter->options + || !ofproto_ipfix_bridge_exporter_options_equal( + options, exporter->options)); + + /* Configure collectors if options have changed or if we're + * shortchanged in collectors (which indicates that opening one or + * more of the configured collectors failed, so that we should + * retry). */ + if (options_changed + || collectors_count(exporter->exporter.collectors) + < sset_count(&options->targets)) { + if (!dpif_ipfix_exporter_set_options(&exporter->exporter, + &options->targets)) { + return; + } + } + + /* Avoid reconfiguring if options didn't change. */ + if (!options_changed) { + return; + } + + ofproto_ipfix_bridge_exporter_options_destroy(exporter->options); + exporter->options = ofproto_ipfix_bridge_exporter_options_clone(options); + exporter->probability = + MAX(1, UINT32_MAX / exporter->options->sampling_rate); +} + +static struct dpif_ipfix_flow_exporter_map_node* +dpif_ipfix_find_flow_exporter_map_node( + const struct dpif_ipfix *di, const uint32_t collector_set_id) +{ + struct dpif_ipfix_flow_exporter_map_node *exporter_node; + + HMAP_FOR_EACH_WITH_HASH (exporter_node, node, + hash_int(collector_set_id, 0), + &di->flow_exporter_map) { + if (exporter_node->exporter.options->collector_set_id + == collector_set_id) { + return exporter_node; + } + } + + return NULL; +} + +static void +dpif_ipfix_flow_exporter_clear(struct dpif_ipfix_flow_exporter *exporter) +{ + dpif_ipfix_exporter_clear(&exporter->exporter); + ofproto_ipfix_flow_exporter_options_destroy(exporter->options); + exporter->options = NULL; +} + +static bool +dpif_ipfix_flow_exporter_set_options( + struct dpif_ipfix_flow_exporter *exporter, + const struct ofproto_ipfix_flow_exporter_options *options) +{ + bool options_changed; + + if (sset_is_empty(&options->targets)) { + /* No point in doing any work if there are no targets. */ + dpif_ipfix_flow_exporter_clear(exporter); + return true; + } + + options_changed = ( + !exporter->options + || !ofproto_ipfix_flow_exporter_options_equal( + options, exporter->options)); + + /* Configure collectors if options have changed or if we're + * shortchanged in collectors (which indicates that opening one or + * more of the configured collectors failed, so that we should + * retry). */ + if (options_changed + || collectors_count(exporter->exporter.collectors) + < sset_count(&options->targets)) { + if (!dpif_ipfix_exporter_set_options(&exporter->exporter, + &options->targets)) { + return false; + } + } + + /* Avoid reconfiguring if options didn't change. */ + if (!options_changed) { + return true; + } + + ofproto_ipfix_flow_exporter_options_destroy(exporter->options); + exporter->options = ofproto_ipfix_flow_exporter_options_clone(options); + + return true; +} + +void +dpif_ipfix_set_options( + struct dpif_ipfix *di, + const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options, + const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options, + size_t n_flow_exporters_options) +{ + int i; + struct ofproto_ipfix_flow_exporter_options *options; + struct dpif_ipfix_flow_exporter_map_node *node, *next; + size_t n_broken_flow_exporters_options = 0; + + dpif_ipfix_bridge_exporter_set_options(&di->bridge_exporter, + bridge_exporter_options); + + /* Add new flow exporters and update current flow exporters. */ + options = (struct ofproto_ipfix_flow_exporter_options *) + flow_exporters_options; + for (i = 0; i < n_flow_exporters_options; i++) { + node = dpif_ipfix_find_flow_exporter_map_node( + di, options->collector_set_id); + if (!node) { + node = xzalloc(sizeof *node); + dpif_ipfix_exporter_clear(&node->exporter.exporter); + hmap_insert(&di->flow_exporter_map, &node->node, + hash_int(options->collector_set_id, 0)); + } + if (!dpif_ipfix_flow_exporter_set_options(&node->exporter, options)) { + n_broken_flow_exporters_options++; + } + options++; + } + + ovs_assert(hmap_count(&di->flow_exporter_map) >= + (n_flow_exporters_options - n_broken_flow_exporters_options)); + + /* Remove dropped flow exporters, if any needs to be removed. */ + if (hmap_count(&di->flow_exporter_map) > n_flow_exporters_options) { + HMAP_FOR_EACH_SAFE (node, next, node, &di->flow_exporter_map) { + /* This is slow but doesn't take any extra memory, and + * this table is not supposed to contain many rows anyway. */ + options = (struct ofproto_ipfix_flow_exporter_options *) + flow_exporters_options; + for (i = 0; i < n_flow_exporters_options; i++) { + if (node->exporter.options->collector_set_id + == options->collector_set_id) { + break; + } + options++; + } + if (i == n_flow_exporters_options) { // Not found. + hmap_remove(&di->flow_exporter_map, &node->node); + dpif_ipfix_flow_exporter_clear(&node->exporter); + free(node); + } + } + } + + ovs_assert(hmap_count(&di->flow_exporter_map) == + (n_flow_exporters_options - n_broken_flow_exporters_options)); +} + +struct dpif_ipfix * +dpif_ipfix_create(void) +{ + struct dpif_ipfix *di; + di = xzalloc(sizeof *di); + dpif_ipfix_exporter_clear(&di->bridge_exporter.exporter); + hmap_init(&di->flow_exporter_map); + return di; +} + +uint32_t +dpif_ipfix_get_bridge_exporter_probability(const struct dpif_ipfix *di) +{ + return di->bridge_exporter.probability; +} + +static void +dpif_ipfix_clear(struct dpif_ipfix *di) +{ + struct dpif_ipfix_flow_exporter_map_node *node, *next; + + dpif_ipfix_bridge_exporter_clear(&di->bridge_exporter); + + HMAP_FOR_EACH_SAFE (node, next, node, &di->flow_exporter_map) { + hmap_remove(&di->flow_exporter_map, &node->node); + dpif_ipfix_flow_exporter_clear(&node->exporter); + free(node); + } +} + +void +dpif_ipfix_destroy(struct dpif_ipfix *di) +{ + if (di) { + dpif_ipfix_clear(di); + hmap_destroy(&di->flow_exporter_map); + free(di); + } +} + +static void +ipfix_init_header(uint32_t seq_number, uint32_t obs_domain_id, + struct ofpbuf *msg) +{ + struct ipfix_header *hdr; + + hdr = ofpbuf_put_zeros(msg, sizeof *hdr); + hdr->version = htons(IPFIX_VERSION); + hdr->length = htons(sizeof *hdr); /* Updated in ipfix_send_msg. */ + hdr->export_time = htonl(time_wall()); + hdr->seq_number = htonl(seq_number); + hdr->obs_domain_id = htonl(obs_domain_id); +} + +static void +ipfix_send_msg(const struct collectors *collectors, struct ofpbuf *msg) +{ + struct ipfix_header *hdr; + + /* Adjust the length in the header. */ + hdr = msg->data; + hdr->length = htons(msg->size); + + collectors_send(collectors, msg->data, msg->size); + msg->size = 0; +} + +static uint16_t +ipfix_get_template_id(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3, + enum ipfix_proto_l4 l4) +{ + uint16_t template_id; + template_id = l2; + template_id = template_id * NUM_IPFIX_PROTO_L3 + l3; + template_id = template_id * NUM_IPFIX_PROTO_L4 + l4; + return IPFIX_TEMPLATE_ID_MIN + template_id; +} + +static void +ipfix_define_template_entity(enum ipfix_entity_id id, + enum ipfix_entity_size size, struct ofpbuf *msg) +{ + struct ipfix_template_field_specifier *field; + + field = ofpbuf_put_zeros(msg, sizeof *field); + field->element_id = htons(id); + field->field_length = htons(size); +} + +static uint16_t +ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3, + enum ipfix_proto_l4 l4, struct ofpbuf *msg) +{ + uint16_t count = 0; + +#define DEF(ID) \ + { \ + ipfix_define_template_entity(IPFIX_ENTITY_ID_##ID, \ + IPFIX_ENTITY_SIZE_##ID, msg); \ + count++; \ + } + + DEF(OBSERVATION_POINT_ID); + DEF(PACKET_DELTA_COUNT); + DEF(LAYER2_OCTET_DELTA_COUNT); + + /* Common Ethernet entities. */ + DEF(SOURCE_MAC_ADDRESS); + DEF(DESTINATION_MAC_ADDRESS); + DEF(ETHERNET_TYPE); + DEF(ETHERNET_TOTAL_LENGTH); + DEF(ETHERNET_HEADER_LENGTH); + + if (l2 == IPFIX_PROTO_L2_VLAN) { + DEF(VLAN_ID); + DEF(DOT1Q_VLAN_ID); + DEF(DOT1Q_PRIORITY); + } + + if (l3 != IPFIX_PROTO_L3_UNKNOWN) { + DEF(IP_VERSION); + DEF(IP_TTL); + DEF(PROTOCOL_IDENTIFIER); + DEF(IP_DIFF_SERV_CODE_POINT); + DEF(IP_PRECEDENCE); + DEF(IP_CLASS_OF_SERVICE); + + if (l3 == IPFIX_PROTO_L3_IPV4) { + DEF(SOURCE_IPV4_ADDRESS); + DEF(DESTINATION_IPV4_ADDRESS); + } else { /* l3 == IPFIX_PROTO_L3_IPV6 */ + DEF(SOURCE_IPV6_ADDRESS); + DEF(DESTINATION_IPV6_ADDRESS); + DEF(FLOW_LABEL_IPV6); + } + } + + if (l4 != IPFIX_PROTO_L4_UNKNOWN) { + DEF(SOURCE_TRANSPORT_PORT); + DEF(DESTINATION_TRANSPORT_PORT); + } + +#undef DEF + + return count; +} + +static void +ipfix_send_template_msg(struct dpif_ipfix_exporter *exporter, + uint32_t obs_domain_id) +{ + uint64_t msg_stub[DIV_ROUND_UP(1500, 8)]; + struct ofpbuf msg; + size_t set_hdr_offset, tmpl_hdr_offset; + struct ipfix_set_header *set_hdr; + struct ipfix_template_record_header *tmpl_hdr; + uint16_t field_count; + enum ipfix_proto_l2 l2; + enum ipfix_proto_l3 l3; + enum ipfix_proto_l4 l4; + + ofpbuf_use_stub(&msg, msg_stub, sizeof msg_stub); + + ipfix_init_header(exporter->seq_number, obs_domain_id, &msg); + set_hdr_offset = msg.size; + + /* Add a Template Set. */ + set_hdr = ofpbuf_put_zeros(&msg, sizeof *set_hdr); + set_hdr->set_id = htons(IPFIX_SET_ID_TEMPLATE); + + /* Define one template for each possible combination of + * protocols. */ + for (l2 = 0; l2 < NUM_IPFIX_PROTO_L2; l2++) { + for (l3 = 0; l3 < NUM_IPFIX_PROTO_L3; l3++) { + for (l4 = 0; l4 < NUM_IPFIX_PROTO_L4; l4++) { + if (l3 == IPFIX_PROTO_L3_UNKNOWN && + l4 != IPFIX_PROTO_L4_UNKNOWN) { + continue; + } + tmpl_hdr_offset = msg.size; + tmpl_hdr = ofpbuf_put_zeros(&msg, sizeof *tmpl_hdr); + tmpl_hdr->template_id = htons( + ipfix_get_template_id(l2, l3, l4)); + field_count = ipfix_define_template_fields(l2, l3, l4, &msg); + tmpl_hdr = (struct ipfix_template_record_header*) + ((uint8_t*)msg.data + tmpl_hdr_offset); + tmpl_hdr->field_count = htons(field_count); + } + } + } + + set_hdr = (struct ipfix_set_header*)((uint8_t*)msg.data + set_hdr_offset); + set_hdr->length = htons(msg.size - set_hdr_offset); + + /* TODO: Add Options Template Sets, at least to define a Flow Keys + * Option Template. */ + + ipfix_send_msg(exporter->collectors, &msg); + + ofpbuf_uninit(&msg); +} + +static void +ipfix_send_data_msg(struct dpif_ipfix_exporter *exporter, struct ofpbuf *packet, + const struct flow *flow, uint64_t packet_delta_count, + uint32_t obs_domain_id, uint32_t obs_point_id) +{ + uint64_t msg_stub[DIV_ROUND_UP(1500, 8)]; + struct ofpbuf msg; + size_t set_hdr_offset; + struct ipfix_set_header *set_hdr; + enum ipfix_proto_l2 l2; + enum ipfix_proto_l3 l3; + enum ipfix_proto_l4 l4; + + ofpbuf_use_stub(&msg, msg_stub, sizeof msg_stub); + + ipfix_init_header(exporter->seq_number, obs_domain_id, &msg); + exporter->seq_number++; + set_hdr_offset = msg.size; + + /* Choose the right template ID matching the protocols in the + * sampled packet. */ + l2 = (flow->vlan_tci == 0) ? IPFIX_PROTO_L2_ETH : IPFIX_PROTO_L2_VLAN; + + switch(ntohs(flow->dl_type)) { + case ETH_TYPE_IP: + l3 = IPFIX_PROTO_L3_IPV4; + break; + case ETH_TYPE_IPV6: + l3 = IPFIX_PROTO_L3_IPV6; + break; + default: + l3 = IPFIX_PROTO_L3_UNKNOWN; + } + + l4 = IPFIX_PROTO_L4_UNKNOWN; + if (l3 != IPFIX_PROTO_L3_UNKNOWN) { + switch(flow->nw_proto) { + case IPPROTO_TCP: /* TCP */ + case IPPROTO_UDP: /* UDP */ + l4 = IPFIX_PROTO_L4_TCP_UDP; + break; + } + } + + /* Add a Data Set. */ + set_hdr = ofpbuf_put_zeros(&msg, sizeof *set_hdr); + set_hdr->set_id = htons(ipfix_get_template_id(l2, l3, l4)); + + /* The fields defined in the ipfix_data_record_* structs and sent + * below must match exactly the templates defined in + * ipfix_define_template_fields. */ + + /* Common Ethernet entities. */ + { + struct ipfix_data_record_common *data_common; + uint16_t ethernet_total_length; + uint8_t ethernet_header_length; + uint64_t layer2_octet_delta_count; + + ethernet_total_length = packet->size; + ethernet_header_length = (l2 == IPFIX_PROTO_L2_VLAN) + ? VLAN_ETH_HEADER_LEN : ETH_HEADER_LEN; + + /* Calculate the total matched octet count by considering as + * an approximation that all matched packets have the same + * length. */ + layer2_octet_delta_count = packet_delta_count * ethernet_total_length; + + data_common = ofpbuf_put_zeros(&msg, sizeof *data_common); + data_common->observation_point_id = htonl(obs_point_id); + data_common->packet_delta_count = htonll(packet_delta_count); + data_common->layer2_octet_delta_count = + htonll(layer2_octet_delta_count); + memcpy(data_common->source_mac_address, flow->dl_src, + sizeof flow->dl_src); + memcpy(data_common->destination_mac_address, flow->dl_dst, + sizeof flow->dl_dst); + data_common->ethernet_type = flow->dl_type; + data_common->ethernet_total_length = htons(ethernet_total_length); + data_common->ethernet_header_length = ethernet_header_length; + } + + if (l2 == IPFIX_PROTO_L2_VLAN) { + struct ipfix_data_record_vlan *data_vlan; + uint16_t vlan_id = vlan_tci_to_vid(flow->vlan_tci); + uint8_t priority = vlan_tci_to_pcp(flow->vlan_tci); + + data_vlan = ofpbuf_put_zeros(&msg, sizeof *data_vlan); + data_vlan->vlan_id = htons(vlan_id); + data_vlan->dot1q_vlan_id = htons(vlan_id); + data_vlan->dot1q_priority = priority; + } + + if (l3 != IPFIX_PROTO_L3_UNKNOWN) { + struct ipfix_data_record_ip *data_ip; + + data_ip = ofpbuf_put_zeros(&msg, sizeof *data_ip); + data_ip->ip_version = (l3 == IPFIX_PROTO_L3_IPV4) ? 4 : 6; + data_ip->ip_ttl = flow->nw_ttl; + data_ip->protocol_identifier = flow->nw_proto; + data_ip->ip_diff_serv_code_point = flow->nw_tos >> 2; + data_ip->ip_precedence = flow->nw_tos >> 5; + data_ip->ip_class_of_service = flow->nw_tos; + + if (l3 == IPFIX_PROTO_L3_IPV4) { + struct ipfix_data_record_ipv4 *data_ipv4; + data_ipv4 = ofpbuf_put_zeros(&msg, sizeof *data_ipv4); + data_ipv4->source_ipv4_address = flow->nw_src; + data_ipv4->destination_ipv4_address = flow->nw_dst; + } else { /* l3 == IPFIX_PROTO_L3_IPV6 */ + struct ipfix_data_record_ipv6 *data_ipv6; + + data_ipv6 = ofpbuf_put_zeros(&msg, sizeof *data_ipv6); + memcpy(data_ipv6->source_ipv6_address, &flow->ipv6_src, + sizeof flow->ipv6_src); + memcpy(data_ipv6->destination_ipv6_address, &flow->ipv6_dst, + sizeof flow->ipv6_dst); + data_ipv6->flow_label_ipv6 = flow->ipv6_label; + } + } + + if (l4 != IPFIX_PROTO_L4_UNKNOWN) { + struct ipfix_data_record_tcpudp *data_tcpudp; + + data_tcpudp = ofpbuf_put_zeros(&msg, sizeof *data_tcpudp); + data_tcpudp->source_transport_port = flow->tp_src; + data_tcpudp->destination_transport_port = flow->tp_dst; + } + + set_hdr = (struct ipfix_set_header*)((uint8_t*)msg.data + set_hdr_offset); + set_hdr->length = htons(msg.size - set_hdr_offset); + + ipfix_send_msg(exporter->collectors, &msg); + + ofpbuf_uninit(&msg); +} + +static void +dpif_ipfix_sample(struct dpif_ipfix_exporter *exporter, + struct ofpbuf *packet, const struct flow *flow, + uint64_t packet_delta_count, uint32_t obs_domain_id, + uint32_t obs_point_id) +{ + time_t now = time_wall(); + if ((exporter->last_template_set_time + IPFIX_TEMPLATE_INTERVAL) <= now) { + ipfix_send_template_msg(exporter, obs_domain_id); + exporter->last_template_set_time = now; + } + + ipfix_send_data_msg(exporter, packet, flow, packet_delta_count, + obs_domain_id, obs_point_id); +} + +void +dpif_ipfix_bridge_sample(struct dpif_ipfix *di, struct ofpbuf *packet, + const struct flow *flow) +{ + /* Use the sampling probability as an approximation of the number + * of matched packets. */ + uint64_t packet_delta_count = UINT32_MAX / di->bridge_exporter.probability; + + dpif_ipfix_sample(&di->bridge_exporter.exporter, packet, flow, + packet_delta_count, + di->bridge_exporter.options->obs_domain_id, + di->bridge_exporter.options->obs_point_id); +} + +void +dpif_ipfix_flow_sample(struct dpif_ipfix *di, struct ofpbuf *packet, + const struct flow *flow, uint32_t collector_set_id, + uint16_t probability, uint32_t obs_domain_id, + uint32_t obs_point_id) +{ + struct dpif_ipfix_flow_exporter_map_node *node; + /* Use the sampling probability as an approximation of the number + * of matched packets. */ + uint64_t packet_delta_count = USHRT_MAX / probability; + + node = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id); + + if (!node) { + return; + } + + dpif_ipfix_sample(&node->exporter.exporter, packet, flow, + packet_delta_count, obs_domain_id, obs_point_id); +} diff --git a/ofproto/ofproto-dpif-ipfix.h b/ofproto/ofproto-dpif-ipfix.h new file mode 100644 index 000000000..26b02f1d1 --- /dev/null +++ b/ofproto/ofproto-dpif-ipfix.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2012 Nicira, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OFPROTO_DPIF_IPFIX_H +#define OFPROTO_DPIF_IPFIX_H 1 + +#include +#include + +struct flow; +struct ofpbuf; +struct ofproto_ipfix_bridge_exporter_options; +struct ofproto_ipfix_flow_exporter_options; + +struct dpif_ipfix *dpif_ipfix_create(void); +uint32_t dpif_ipfix_get_bridge_exporter_probability(const struct dpif_ipfix *); +void dpif_ipfix_destroy(struct dpif_ipfix *); +void dpif_ipfix_set_options( + struct dpif_ipfix *, + const struct ofproto_ipfix_bridge_exporter_options *, + const struct ofproto_ipfix_flow_exporter_options *, size_t); + +void dpif_ipfix_bridge_sample(struct dpif_ipfix *, struct ofpbuf *, + const struct flow *); +void dpif_ipfix_flow_sample(struct dpif_ipfix *, struct ofpbuf *, + const struct flow *, uint32_t, uint16_t, uint32_t, + uint32_t); + +#endif /* ofproto/ofproto-dpif-ipfix.h */ diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 33b09c633..40e897f31 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -46,6 +46,7 @@ #include "ofp-parse.h" #include "ofp-print.h" #include "ofproto-dpif-governor.h" +#include "ofproto-dpif-ipfix.h" #include "ofproto-dpif-sflow.h" #include "poll-loop.h" #include "simap.h" @@ -325,7 +326,8 @@ static void xlate_table_action(struct action_xlate_ctx *, uint16_t in_port, static size_t put_userspace_action(const struct ofproto_dpif *, struct ofpbuf *odp_actions, const struct flow *, - const union user_action_cookie *); + const union user_action_cookie *, + const size_t); static void compose_slow_path(const struct ofproto_dpif *, const struct flow *, enum slow_path_reason, @@ -695,6 +697,7 @@ struct ofproto_dpif { /* Bridging. */ struct netflow *netflow; struct dpif_sflow *sflow; + struct dpif_ipfix *ipfix; struct hmap bundles; /* Contains "struct ofbundle"s. */ struct mac_learning *ml; struct ofmirror *mirrors[MAX_MIRRORS]; @@ -820,6 +823,9 @@ static int send_packet(const struct ofport_dpif *, struct ofpbuf *packet); static size_t compose_sflow_action(const struct ofproto_dpif *, struct ofpbuf *odp_actions, const struct flow *, uint32_t odp_port); +static void compose_ipfix_action(const struct ofproto_dpif *, + struct ofpbuf *odp_actions, + const struct flow *); static void add_mirror_actions(struct action_xlate_ctx *ctx, const struct flow *flow); /* Global variables. */ @@ -1349,6 +1355,7 @@ construct(struct ofproto *ofproto_) ofproto->netflow = NULL; ofproto->sflow = NULL; + ofproto->ipfix = NULL; ofproto->stp = NULL; hmap_init(&ofproto->bundles); ofproto->ml = mac_learning_create(MAC_ENTRY_DEFAULT_IDLE_TIME); @@ -1913,6 +1920,32 @@ set_sflow(struct ofproto *ofproto_, return 0; } +static int +set_ipfix( + struct ofproto *ofproto_, + const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options, + const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options, + size_t n_flow_exporters_options) +{ + struct ofproto_dpif *ofproto = ofproto_dpif_cast(ofproto_); + struct dpif_ipfix *di = ofproto->ipfix; + + if (bridge_exporter_options || flow_exporters_options) { + if (!di) { + di = ofproto->ipfix = dpif_ipfix_create(); + } + dpif_ipfix_set_options( + di, bridge_exporter_options, flow_exporters_options, + n_flow_exporters_options); + } else { + if (di) { + dpif_ipfix_destroy(di); + ofproto->ipfix = NULL; + } + } + return 0; +} + static int set_cfm(struct ofport *ofport_, const struct cfm_settings *s) { @@ -4006,9 +4039,11 @@ handle_miss_upcalls(struct dpif_backer *backer, struct dpif_upcall *upcalls, hmap_destroy(&todo); } -static enum { SFLOW_UPCALL, MISS_UPCALL, BAD_UPCALL } +static enum { SFLOW_UPCALL, MISS_UPCALL, BAD_UPCALL, FLOW_SAMPLE_UPCALL, + IPFIX_UPCALL } classify_upcall(const struct dpif_upcall *upcall) { + size_t userdata_len; union user_action_cookie cookie; /* First look at the upcall type. */ @@ -4030,23 +4065,30 @@ classify_upcall(const struct dpif_upcall *upcall) VLOG_WARN_RL(&rl, "action upcall missing cookie"); return BAD_UPCALL; } - if (nl_attr_get_size(upcall->userdata) != sizeof(cookie)) { + userdata_len = nl_attr_get_size(upcall->userdata); + if (userdata_len < sizeof cookie.type + || userdata_len > sizeof cookie) { VLOG_WARN_RL(&rl, "action upcall cookie has unexpected size %zu", - nl_attr_get_size(upcall->userdata)); + userdata_len); return BAD_UPCALL; } - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof(cookie)); - switch (cookie.type) { - case USER_ACTION_COOKIE_SFLOW: + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), userdata_len); + if (userdata_len == sizeof cookie.sflow + && cookie.type == USER_ACTION_COOKIE_SFLOW) { return SFLOW_UPCALL; - - case USER_ACTION_COOKIE_SLOW_PATH: + } else if (userdata_len == sizeof cookie.slow_path + && cookie.type == USER_ACTION_COOKIE_SLOW_PATH) { return MISS_UPCALL; - - case USER_ACTION_COOKIE_UNSPEC: - default: - VLOG_WARN_RL(&rl, "invalid user cookie : 0x%"PRIx64, - nl_attr_get_u64(upcall->userdata)); + } else if (userdata_len == sizeof cookie.flow_sample + && cookie.type == USER_ACTION_COOKIE_FLOW_SAMPLE) { + return FLOW_SAMPLE_UPCALL; + } else if (userdata_len == sizeof cookie.ipfix + && cookie.type == USER_ACTION_COOKIE_IPFIX) { + return IPFIX_UPCALL; + } else { + VLOG_WARN_RL(&rl, "invalid user cookie of type %"PRIu16 + " and size %zu", cookie.type, userdata_len); return BAD_UPCALL; } } @@ -4066,11 +4108,56 @@ handle_sflow_upcall(struct dpif_backer *backer, return; } - memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof(cookie)); + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.sflow); dpif_sflow_received(ofproto->sflow, upcall->packet, &flow, odp_in_port, &cookie); } +static void +handle_flow_sample_upcall(struct dpif_backer *backer, + const struct dpif_upcall *upcall) +{ + struct ofproto_dpif *ofproto; + union user_action_cookie cookie; + struct flow flow; + + if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, + &flow, NULL, &ofproto, NULL, NULL) + || !ofproto->ipfix) { + return; + } + + memset(&cookie, 0, sizeof cookie); + memcpy(&cookie, nl_attr_get(upcall->userdata), sizeof cookie.flow_sample); + + /* The flow reflects exactly the contents of the packet. Sample + * the packet using it. */ + dpif_ipfix_flow_sample(ofproto->ipfix, upcall->packet, &flow, + cookie.flow_sample.collector_set_id, + cookie.flow_sample.probability, + cookie.flow_sample.obs_domain_id, + cookie.flow_sample.obs_point_id); +} + +static void +handle_ipfix_upcall(struct dpif_backer *backer, + const struct dpif_upcall *upcall) +{ + struct ofproto_dpif *ofproto; + struct flow flow; + + if (ofproto_receive(backer, upcall->packet, upcall->key, upcall->key_len, + &flow, NULL, &ofproto, NULL, NULL) + || !ofproto->ipfix) { + return; + } + + /* The flow reflects exactly the contents of the packet. Sample + * the packet using it. */ + dpif_ipfix_bridge_sample(ofproto->ipfix, upcall->packet, &flow); +} + static int handle_upcalls(struct dpif_backer *backer, unsigned int max_batch) { @@ -4108,6 +4195,16 @@ handle_upcalls(struct dpif_backer *backer, unsigned int max_batch) ofpbuf_uninit(buf); break; + case FLOW_SAMPLE_UPCALL: + handle_flow_sample_upcall(backer, upcall); + ofpbuf_uninit(buf); + break; + + case IPFIX_UPCALL: + handle_ipfix_upcall(backer, upcall); + ofpbuf_uninit(buf); + break; + case BAD_UPCALL: ofpbuf_uninit(buf); break; @@ -5747,6 +5844,7 @@ send_packet(const struct ofport_dpif *ofport, struct ofpbuf *packet) ofp_port_to_odp_port(ofproto, flow.in_port)); compose_sflow_action(ofproto, &odp_actions, &flow, odp_port); + compose_ipfix_action(ofproto, &odp_actions, &flow); nl_msg_put_u32(&odp_actions, OVS_ACTION_ATTR_OUTPUT, odp_port); error = dpif_execute(ofproto->backer->dpif, @@ -5796,9 +5894,10 @@ compose_slow_path(const struct ofproto_dpif *ofproto, const struct flow *flow, ofpbuf_use_stack(&buf, stub, stub_size); if (slow & (SLOW_CFM | SLOW_LACP | SLOW_STP)) { uint32_t pid = dpif_port_get_pid(ofproto->backer->dpif, UINT32_MAX); - odp_put_userspace_action(pid, &cookie, sizeof cookie, &buf); + odp_put_userspace_action(pid, &cookie, sizeof cookie.slow_path, &buf); } else { - put_userspace_action(ofproto, &buf, flow, &cookie); + put_userspace_action(ofproto, &buf, flow, &cookie, + sizeof cookie.slow_path); } *actionsp = buf.data; *actions_lenp = buf.size; @@ -5808,14 +5907,43 @@ static size_t put_userspace_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, const struct flow *flow, - const union user_action_cookie *cookie) + const union user_action_cookie *cookie, + const size_t cookie_size) { uint32_t pid; pid = dpif_port_get_pid(ofproto->backer->dpif, ofp_port_to_odp_port(ofproto, flow->in_port)); - return odp_put_userspace_action(pid, cookie, sizeof *cookie, odp_actions); + return odp_put_userspace_action(pid, cookie, cookie_size, odp_actions); +} + +/* Compose SAMPLE action for sFlow or IPFIX. The given probability is + * the number of packets out of UINT32_MAX to sample. The given + * cookie is passed back in the callback for each sampled packet. + */ +static size_t +compose_sample_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow, + const uint32_t probability, + const union user_action_cookie *cookie, + const size_t cookie_size) +{ + size_t sample_offset, actions_offset; + int cookie_offset; + + sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); + + nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); + + actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); + cookie_offset = put_userspace_action(ofproto, odp_actions, flow, cookie, + cookie_size); + + nl_msg_end_nested(odp_actions, actions_offset); + nl_msg_end_nested(odp_actions, sample_offset); + return cookie_offset; } static void @@ -5850,7 +5978,7 @@ compose_sflow_cookie(const struct ofproto_dpif *ofproto, } } -/* Compose SAMPLE action for sFlow. */ +/* Compose SAMPLE action for sFlow bridge sampling. */ static size_t compose_sflow_action(const struct ofproto_dpif *ofproto, struct ofpbuf *odp_actions, @@ -5859,32 +5987,60 @@ compose_sflow_action(const struct ofproto_dpif *ofproto, { uint32_t probability; union user_action_cookie cookie; - size_t sample_offset, actions_offset; - int cookie_offset; if (!ofproto->sflow || flow->in_port == OFPP_NONE) { return 0; } - sample_offset = nl_msg_start_nested(odp_actions, OVS_ACTION_ATTR_SAMPLE); - - /* Number of packets out of UINT_MAX to sample. */ probability = dpif_sflow_get_probability(ofproto->sflow); - nl_msg_put_u32(odp_actions, OVS_SAMPLE_ATTR_PROBABILITY, probability); - - actions_offset = nl_msg_start_nested(odp_actions, OVS_SAMPLE_ATTR_ACTIONS); compose_sflow_cookie(ofproto, htons(0), odp_port, odp_port == OVSP_NONE ? 0 : 1, &cookie); - cookie_offset = put_userspace_action(ofproto, odp_actions, flow, &cookie); - nl_msg_end_nested(odp_actions, actions_offset); - nl_msg_end_nested(odp_actions, sample_offset); - return cookie_offset; + return compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.sflow); +} + +static void +compose_flow_sample_cookie(uint16_t probability, uint32_t collector_set_id, + uint32_t obs_domain_id, uint32_t obs_point_id, + union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_FLOW_SAMPLE; + cookie->flow_sample.probability = probability; + cookie->flow_sample.collector_set_id = collector_set_id; + cookie->flow_sample.obs_domain_id = obs_domain_id; + cookie->flow_sample.obs_point_id = obs_point_id; +} + +static void +compose_ipfix_cookie(union user_action_cookie *cookie) +{ + cookie->type = USER_ACTION_COOKIE_IPFIX; +} + +/* Compose SAMPLE action for IPFIX bridge sampling. */ +static void +compose_ipfix_action(const struct ofproto_dpif *ofproto, + struct ofpbuf *odp_actions, + const struct flow *flow) +{ + uint32_t probability; + union user_action_cookie cookie; + + if (!ofproto->ipfix || flow->in_port == OFPP_NONE) { + return; + } + + probability = dpif_ipfix_get_bridge_exporter_probability(ofproto->ipfix); + compose_ipfix_cookie(&cookie); + + compose_sample_action(ofproto, odp_actions, flow, probability, + &cookie, sizeof cookie.ipfix); } -/* SAMPLE action must be first action in any given list of actions. - * At this point we do not have all information required to build it. So try to - * build sample action as complete as possible. */ +/* SAMPLE action for sFlow must be first action in any given list of + * actions. At this point we do not have all information required to + * build it. So try to build sample action as complete as possible. */ static void add_sflow_action(struct action_xlate_ctx *ctx) { @@ -5895,6 +6051,14 @@ add_sflow_action(struct action_xlate_ctx *ctx) ctx->sflow_n_outputs = 0; } +/* SAMPLE action for IPFIX must be 1st or 2nd action in any given list + * of actions, eventually after the SAMPLE action for sFlow. */ +static void +add_ipfix_action(struct action_xlate_ctx *ctx) +{ + compose_ipfix_action(ctx->ofproto, ctx->odp_actions, &ctx->flow); +} + /* Fix SAMPLE action according to data collected while composing ODP actions. * We need to fix SAMPLE actions OVS_SAMPLE_ATTR_ACTIONS attribute, i.e. nested * USERSPACE action's user-cookie which is required for sflow. */ @@ -6540,6 +6704,23 @@ xlate_fin_timeout(struct action_xlate_ctx *ctx, } } +static void +xlate_sample_action(struct action_xlate_ctx *ctx, + const struct ofpact_sample *os) +{ + union user_action_cookie cookie; + /* Scale the probability from 16-bit to 32-bit while representing + * the same percentage. */ + uint32_t probability = (os->probability << 16) | os->probability; + + commit_odp_actions(&ctx->flow, &ctx->base_flow, ctx->odp_actions); + + compose_flow_sample_cookie(os->probability, os->collector_set_id, + os->obs_domain_id, os->obs_point_id, &cookie); + compose_sample_action(ctx->ofproto, ctx->odp_actions, &ctx->flow, + probability, &cookie, sizeof cookie.flow_sample); +} + static bool may_receive(const struct ofport_dpif *port, struct action_xlate_ctx *ctx) { @@ -6820,6 +7001,10 @@ do_xlate_actions(const struct ofpact *ofpacts, size_t ofpacts_len, } break; } + + case OFPACT_SAMPLE: + xlate_sample_action(ctx, ofpact_get_SAMPLE(a)); + break; } } @@ -6954,6 +7139,7 @@ xlate_actions(struct action_xlate_ctx *ctx, initial_vals.tunnel_ip_tos = ctx->base_flow.tunnel.ip_tos; add_sflow_action(ctx); + add_ipfix_action(ctx); if (tunnel_ecn_ok(ctx) && (!in_port || may_receive(in_port, ctx))) { do_xlate_actions(ofpacts, ofpacts_len, ctx); @@ -6963,6 +7149,7 @@ xlate_actions(struct action_xlate_ctx *ctx, if (in_port && !stp_forward_in_state(in_port->stp_state)) { ofpbuf_clear(ctx->odp_actions); add_sflow_action(ctx); + add_ipfix_action(ctx); } } @@ -8852,6 +9039,7 @@ const struct ofproto_class ofproto_dpif_class = { set_netflow, get_netflow_ids, set_sflow, + set_ipfix, set_cfm, get_cfm_status, set_stp, diff --git a/ofproto/ofproto-provider.h b/ofproto/ofproto-provider.h index d8db3aee7..2f429e0b7 100644 --- a/ofproto/ofproto-provider.h +++ b/ofproto/ofproto-provider.h @@ -1109,6 +1109,20 @@ struct ofproto_class { int (*set_sflow)(struct ofproto *ofproto, const struct ofproto_sflow_options *sflow_options); + /* Configures IPFIX on 'ofproto' according to the options in + * 'bridge_exporter_options' and the 'flow_exporters_options' + * array, or turns off IPFIX if 'bridge_exporter_options' and + * 'flow_exporters_options' is NULL. + * + * EOPNOTSUPP as a return value indicates that 'ofproto' does not support + * IPFIX, as does a null pointer. */ + int (*set_ipfix)( + struct ofproto *ofproto, + const struct ofproto_ipfix_bridge_exporter_options + *bridge_exporter_options, + const struct ofproto_ipfix_flow_exporter_options + *flow_exporters_options, size_t n_flow_exporters_options); + /* Configures connectivity fault management on 'ofport'. * * If 'cfm_settings' is nonnull, configures CFM according to its members. diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c index 03ca59b95..85fe781f1 100644 --- a/ofproto/ofproto.c +++ b/ofproto/ofproto.c @@ -640,6 +640,19 @@ ofproto_set_sflow(struct ofproto *ofproto, return oso ? EOPNOTSUPP : 0; } } + +int +ofproto_set_ipfix(struct ofproto *ofproto, + const struct ofproto_ipfix_bridge_exporter_options *bo, + const struct ofproto_ipfix_flow_exporter_options *fo, + size_t n_fo) +{ + if (ofproto->ofproto_class->set_ipfix) { + return ofproto->ofproto_class->set_ipfix(ofproto, bo, fo, n_fo); + } else { + return (bo || fo) ? EOPNOTSUPP : 0; + } +} /* Spanning Tree Protocol (STP) configuration. */ diff --git a/ofproto/ofproto.h b/ofproto/ofproto.h index b3a55a435..bb799b5e1 100644 --- a/ofproto/ofproto.h +++ b/ofproto/ofproto.h @@ -68,6 +68,19 @@ struct ofproto_sflow_options { char *control_ip; }; + +struct ofproto_ipfix_bridge_exporter_options { + struct sset targets; + uint32_t sampling_rate; + uint32_t obs_domain_id; /* Bridge-wide Observation Domain ID. */ + uint32_t obs_point_id; /* Bridge-wide Observation Point ID. */ +}; + +struct ofproto_ipfix_flow_exporter_options { + uint32_t collector_set_id; + struct sset targets; +}; + struct ofproto_stp_settings { stp_identifier system_id; uint16_t priority; @@ -229,6 +242,10 @@ int ofproto_set_snoops(struct ofproto *, const struct sset *snoops); int ofproto_set_netflow(struct ofproto *, const struct netflow_options *nf_options); int ofproto_set_sflow(struct ofproto *, const struct ofproto_sflow_options *); +int ofproto_set_ipfix(struct ofproto *, + const struct ofproto_ipfix_bridge_exporter_options *, + const struct ofproto_ipfix_flow_exporter_options *, + size_t); int ofproto_set_stp(struct ofproto *, const struct ofproto_stp_settings *); int ofproto_get_stp_status(struct ofproto *, struct ofproto_stp_status *); diff --git a/tests/odp.at b/tests/odp.at index 95cfba847..a6bcdf54c 100644 --- a/tests/odp.at +++ b/tests/odp.at @@ -88,8 +88,9 @@ userspace(pid=6633,sFlow(vid=9,pcp=7,output=10)) userspace(pid=9765,slow_path()) userspace(pid=9765,slow_path(cfm)) userspace(pid=9765,slow_path(cfm,match)) -userspace(pid=9123,userdata=0x815309) userspace(pid=1234567,userdata(0102030405060708090a0b0c0d0e0f)) +userspace(pid=6633,flow_sample(probability=123,collector_set_id=1234,obs_domain_id=2345,obs_point_id=3456)) +userspace(pid=6633,ipfix) set(in_port(2)) set(eth(src=00:01:02:03:04:05,dst=10:11:12:13:14:15)) set(eth_type(0x1234)) diff --git a/tests/ofp-actions.at b/tests/ofp-actions.at index 8a40eb4f4..2ecbdb517 100644 --- a/tests/ofp-actions.at +++ b/tests/ofp-actions.at @@ -114,6 +114,9 @@ ffff 0010 00002320 0014 04d2 162e 02 00 # actions=dec_ttl(32768,12345,90,765,1024) ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000 +# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) +ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E + ]) sed '/^[[#&]]/d' < test-data > input.txt sed -n 's/^# //p; /^$/p' < test-data > expout @@ -289,6 +292,9 @@ ffff 0010 00002320 0014 04d2 162e 02 00 # actions=dec_ttl(32768,12345,90,765,1024) ffff 0020 00002320 0015 000500000000 80003039005A02fd 0400000000000000 +# actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) +ffff 0018 00002320 001d 3039 00005BA0 00008707 0000B26E + ]) sed '/^[[#&]]/d' < test-data > input.txt sed -n 's/^# //p; /^$/p' < test-data > expout diff --git a/tests/ovs-ofctl.at b/tests/ovs-ofctl.at index d62b085d9..db19e0161 100644 --- a/tests/ovs-ofctl.at +++ b/tests/ovs-ofctl.at @@ -12,6 +12,7 @@ cookie=0x123456789abcdef hard_timeout=10 priority=60000 actions=controller actions=note:41.42.43,note:00.01.02.03.04.05.06.07,note actions=set_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src in_port=0 actions=resubmit:0 +actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CHECK([ovs-ofctl parse-flows flows.txt @@ -28,6 +29,7 @@ OFPT_FLOW_MOD: ADD priority=60000 cookie:0x123456789abcdef hard:10 actions=CONTR OFPT_FLOW_MOD: ADD actions=note:41.42.43.00.00.00,note:00.01.02.03.04.05.06.07.00.00.00.00.00.00,note:00.00.00.00.00.00 OFPT_FLOW_MOD: ADD actions=load:0xa6badbfffefe59fa->NXM_NX_IPV6_SRC[0..63],load:0xfe8001234567890a->NXM_NX_IPV6_SRC[64..127] OFPT_FLOW_MOD: ADD in_port=0 actions=resubmit:0 +OFPT_FLOW_MOD: ADD actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CLEANUP @@ -43,6 +45,7 @@ cookie=0x123456789abcdef hard_timeout=10 priority=60000 actions=controller actions=note:41.42.43,note:00.01.02.03.04.05.06.07,note actions=set_field:fe80:0123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src in_port=0 actions=resubmit:0 +actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CHECK([ovs-ofctl --protocols OpenFlow12 parse-flows flows.txt @@ -59,6 +62,7 @@ OFPT_FLOW_MOD (OF1.2): ADD table:255 priority=60000 cookie:0x123456789abcdef har OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=note:41.42.43.00.00.00,note:00.01.02.03.04.05.06.07.00.00.00.00.00.00,note:00.00.00.00.00.00 OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=set_field:fe80:123:4567:890a:a6ba:dbff:fefe:59fa->ipv6_src OFPT_FLOW_MOD (OF1.2): ADD table:255 in_port=0 actions=resubmit:0 +OFPT_FLOW_MOD (OF1.2): ADD table:255 actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CLEANUP @@ -116,6 +120,7 @@ send_flow_rem,actions=output:1,output:NXM_NX_REG0[],output:2,output:NXM_NX_REG1[ check_overlap,actions=output:1,exit,output:2 actions=fin_timeout(idle_timeout=5,hard_timeout=15) actions=controller(max_len=123,reason=invalid_ttl,id=555) +actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CHECK([ovs-ofctl parse-flows flows.txt @@ -150,6 +155,7 @@ NXT_FLOW_MOD: ADD table:255 send_flow_rem actions=output:1,output:NXM_NX_REG0[], NXT_FLOW_MOD: ADD table:255 check_overlap actions=output:1,exit,output:2 NXT_FLOW_MOD: ADD table:255 actions=fin_timeout(idle_timeout=5,hard_timeout=15) NXT_FLOW_MOD: ADD table:255 actions=controller(reason=invalid_ttl,max_len=123,id=555) +NXT_FLOW_MOD: ADD table:255 actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CLEANUP @@ -183,6 +189,7 @@ dl_dst=01:00:00:00:00:00/01:00:00:00:00:00,actions=drop dl_dst=00:00:00:00:00:00/01:00:00:00:00:00,actions=drop dl_dst=aa:bb:cc:dd:ee:ff/fe:ff:ff:ff:ff:ff,actions=drop dl_dst=aa:bb:cc:dd:ee:ff/00:00:00:00:00:00,actions=drop +actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]) AT_CHECK([ovs-ofctl -F nxm parse-flows flows.txt], [0], [stdout]) AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0], [dnl @@ -215,6 +222,7 @@ NXT_FLOW_MOD: ADD dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop NXT_FLOW_MOD: ADD dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=drop NXT_FLOW_MOD: ADD dl_dst=aa:bb:cc:dd:ee:ff/fe:ff:ff:ff:ff:ff actions=drop NXT_FLOW_MOD: ADD actions=drop +NXT_FLOW_MOD: ADD actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]) AT_CLEANUP @@ -245,6 +253,7 @@ reg0=123,actions=move:NXM_NX_REG0[0..5]->NXM_NX_REG1[26..31],load:55->NXM_NX_REG actions=move:OXM_OF_ETH_DST[]->OXM_OF_ETH_SRC[] actions=push:NXM_NX_REG0[0..31],pop:NXM_NX_REG0[] vlan_tci=0x1123/0x1fff,actions=drop +actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CHECK([ovs-ofctl -F nxm -mmm parse-flows flows.txt], [0], [stdout], [stderr]) AT_CHECK([[sed 's/ (xid=0x[0-9a-fA-F]*)//' stdout]], [0], @@ -274,6 +283,7 @@ NXT_FLOW_MOD: ADD NXM_NX_REG0(0000007b) actions=move:NXM_NX_REG0[0..5]->NXM_NX_R NXT_FLOW_MOD: ADD actions=move:NXM_OF_ETH_DST[]->NXM_OF_ETH_SRC[] NXT_FLOW_MOD: ADD actions=push:NXM_NX_REG0[],pop:NXM_NX_REG0[] NXT_FLOW_MOD: ADD NXM_OF_VLAN_TCI_W(1123/1fff) actions=drop +NXT_FLOW_MOD: ADD actions=sample(probability=12345,collector_set_id=23456,obs_domain_id=34567,obs_point_id=45678) ]]) AT_CLEANUP diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index d56c75825..439bd2d33 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -632,6 +632,7 @@ external_ids : {} fail_mode : [] flood_vlans : [] flow_tables : {} +ipfix : [] mirrors : [] name : "br0" netflow : [] @@ -822,7 +823,7 @@ AT_CHECK([RUN_OVS_VSCTL([clear netflow `cat netflow-uuid` targets])], AT_CHECK([RUN_OVS_VSCTL([destroy b br2])], [1], [], [ovs-vsctl: no row "br2" in table Bridge ], [OVS_VSCTL_CLEANUP]) -AT_CHECK([RUN_OVS_VSCTL([add i br1 name x])], +AT_CHECK([RUN_OVS_VSCTL([add in br1 name x])], [1], [], [ovs-vsctl: cannot modify read-only column name in table Interface ], [OVS_VSCTL_CLEANUP]) AT_CHECK([RUN_OVS_VSCTL([set port br1 name br2])], @@ -1123,6 +1124,7 @@ external_ids : {} fail_mode : [] flood_vlans : [] flow_tables : {} +ipfix : [] mirrors : [] name : "br0" netflow : [] diff --git a/utilities/ovs-ofctl.8.in b/utilities/ovs-ofctl.8.in index 3cc618d5a..f46b9dc08 100644 --- a/utilities/ovs-ofctl.8.in +++ b/utilities/ovs-ofctl.8.in @@ -1241,6 +1241,30 @@ flow's creation, not since the receipt of the FIN or RST.) .RE .IP This action was added in Open vSwitch 1.5.90. +. +.IP "\fBsample(\fIargument\fR[\fB,\fIargument\fR]...\fB)\fR" +Samples packets and sends one sample for every sampled packet. +.IP +\fIargument\fR takes the following forms: +.RS +.IP "\fBprobability=\fIpackets\fR" +The number of sampled packets out of 65535. Must be greater or equal to 1. +.IP "\fBcollector_set_id=\fIid\fR" +The unsigned 32-bit integer identifier of the set of sample collectors +to send sampled packets to. Defaults to 0. +.IP "\fBobs_domain_id=\fIid\fR" +When sending samples to IPFIX collectors, the unsigned 32-bit integer +Observation Domain ID sent in every IPFIX flow record. Defaults to 0. +.IP "\fBobs_point_id=\fIid\fR" +When sending samples to IPFIX collectors, the unsigned 32-bit integer +Observation Point ID sent in every IPFIX flow record. Defaults to 0. +.RE +.IP +Refer to \fBovs\-vswitchd.conf.db\fR(8) for more details on +configuring sample collector sets. +.IP +This action was added in Open vSwitch 1.10.90. +. .IP "\fBexit\fR" This action causes Open vSwitch to immediately halt execution of further actions. Those actions which have already been executed are unaffected. Any @@ -1555,3 +1579,4 @@ Prints the flow entries in the switch. .BR ovs\-appctl (8), .BR ovs\-controller (8), .BR ovs\-vswitchd (8) +.BR ovs\-vswitchd.conf.db (8) diff --git a/utilities/ovs-vsctl.8.in b/utilities/ovs-vsctl.8.in index 85149a97b..fd29b066f 100644 --- a/utilities/ovs-vsctl.8.in +++ b/utilities/ovs-vsctl.8.in @@ -172,10 +172,11 @@ Prints a brief overview of the database contents. .IP "\fBemer\-reset\fR" Reset the configuration into a clean state. It deconfigures OpenFlow controllers, OVSDB servers, and SSL, and deletes port mirroring, -\fBfail_mode\fR, NetFlow, and sFlow configuration. This command also -removes all \fBother\-config\fR keys from all database records, except -that \fBother\-config:hwaddr\fR is preserved if it is present in a -Bridge record. Other networking configuration is left as-is. +\fBfail_mode\fR, NetFlow, sFlow, and IPFIX configuration. This +command also removes all \fBother\-config\fR keys from all database +records, except that \fBother\-config:hwaddr\fR is preserved if it is +present in a Bridge record. Other networking configuration is left +as-is. . .SS "Bridge Commands" These commands examine and manipulate Open vSwitch bridges. @@ -526,8 +527,14 @@ The global SSL configuration for \fBovs\-vswitchd\fR. The record attached to the \fBOpen_vSwitch\fR table may be identified by specifying \fB.\fR as the record name. .IP "\fBsFlow\fR" -An sFlow configuration attached to a bridge. Records may be +An sFlow exporter configuration attached to a bridge. Records may be identified by bridge name. +.IP "\fBIPFIX\fR" +An IPFIX exporter configuration attached to a bridge. Records may be +identified by bridge name. +.IP "\fBFlow_Sample_Collector_Set\fR" +An IPFIX exporter configuration attached to a bridge for sampling +packets on a per-flow basis using OpenFlow \fBsample\fR actions. .PP Record names must be specified in full and with correct capitalization. Names of tables and columns are not case-sensitive, @@ -931,6 +938,20 @@ Deconfigure sFlow from \fBbr0\fR, which also destroys the sFlow record (since it is now unreferenced): .IP .B "ovs\-vsctl \-\- clear Bridge br0 sflow" +.SS "IPFIX" +.PP +Configure bridge \fBbr0\fR to send one IPFIX flow record per packet +sample to UDP port 4739 on host 192.168.0.34, with Observation Domain +ID 123 and Observation Point ID 456: +.IP +.B "ovs\-vsctl \-\- set Bridge br0 ipfix=@i \(rs" +.IP +.B "\-\- \-\-id=@i create IPFIX targets=\(rs\(dq192.168.0.34:4739\(rs\(dq obs_domain_id=123 obs_point_id=456" +.PP +Deconfigure the IPFIX settings from \fBbr0\fR, which also destroys the +IPFIX record (since it is now unreferenced): +.IP +.B "ovs\-vsctl clear Bridge br0 ipfix" .SS "802.1D Spanning Tree Protocol (STP)" .PP Configure bridge \fBbr0\fR to participate in an 802.1D spanning tree: diff --git a/utilities/ovs-vsctl.c b/utilities/ovs-vsctl.c index aed90fd79..19ab4728f 100644 --- a/utilities/ovs-vsctl.c +++ b/utilities/ovs-vsctl.c @@ -1453,6 +1453,7 @@ pre_cmd_emer_reset(struct vsctl_context *ctx) ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_mirrors); ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_netflow); ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_sflow); + ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_ipfix); ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_flood_vlans); ovsdb_idl_add_column(ctx->idl, &ovsrec_bridge_col_other_config); @@ -1477,6 +1478,8 @@ cmd_emer_reset(struct vsctl_context *ctx) const struct ovsrec_netflow *nf, *next_nf; const struct ovsrec_ssl *ssl, *next_ssl; const struct ovsrec_sflow *sflow, *next_sflow; + const struct ovsrec_ipfix *ipfix, *next_ipfix; + const struct ovsrec_flow_sample_collector_set *fscset, *next_fscset; /* Reset the Open_vSwitch table. */ ovsrec_open_vswitch_set_manager_options(ctx->ovs, NULL, 0); @@ -1490,6 +1493,7 @@ cmd_emer_reset(struct vsctl_context *ctx) ovsrec_bridge_set_mirrors(br, NULL, 0); ovsrec_bridge_set_netflow(br, NULL); ovsrec_bridge_set_sflow(br, NULL); + ovsrec_bridge_set_ipfix(br, NULL); ovsrec_bridge_set_flood_vlans(br, NULL, 0); /* We only want to save the "hwaddr" key from other_config. */ @@ -1539,6 +1543,14 @@ cmd_emer_reset(struct vsctl_context *ctx) ovsrec_sflow_delete(sflow); } + OVSREC_IPFIX_FOR_EACH_SAFE (ipfix, next_ipfix, idl) { + ovsrec_ipfix_delete(ipfix); + } + + OVSREC_FLOW_SAMPLE_COLLECTOR_SET_FOR_EACH_SAFE (fscset, next_fscset, idl) { + ovsrec_flow_sample_collector_set_delete(fscset); + } + vsctl_context_invalidate_cache(ctx); } @@ -1668,6 +1680,7 @@ del_bridge(struct vsctl_context *ctx, struct vsctl_bridge *br) { struct vsctl_bridge *child, *next_child; struct vsctl_port *port, *next_port; + const struct ovsrec_flow_sample_collector_set *fscset, *next_fscset; HMAP_FOR_EACH_SAFE (child, next_child, children_node, &br->children) { del_bridge(ctx, child); @@ -1677,6 +1690,13 @@ del_bridge(struct vsctl_context *ctx, struct vsctl_bridge *br) del_port(ctx, port); } + OVSREC_FLOW_SAMPLE_COLLECTOR_SET_FOR_EACH_SAFE (fscset, next_fscset, + ctx->idl) { + if (fscset->bridge == br->br_cfg) { + ovsrec_flow_sample_collector_set_delete(fscset); + } + } + del_cached_bridge(ctx, br); } @@ -2464,7 +2484,8 @@ struct vsctl_table_class { static const struct vsctl_table_class tables[] = { {&ovsrec_table_bridge, {{&ovsrec_table_bridge, &ovsrec_bridge_col_name, NULL}, - {NULL, NULL, NULL}}}, + {&ovsrec_table_flow_sample_collector_set, NULL, + &ovsrec_flow_sample_collector_set_col_bridge}}}, {&ovsrec_table_controller, {{&ovsrec_table_bridge, @@ -2518,6 +2539,17 @@ static const struct vsctl_table_class tables[] = { {{&ovsrec_table_flow_table, &ovsrec_flow_table_col_name, NULL}, {NULL, NULL, NULL}}}, + {&ovsrec_table_ipfix, + {{&ovsrec_table_bridge, + &ovsrec_bridge_col_name, + &ovsrec_bridge_col_ipfix}, + {&ovsrec_table_flow_sample_collector_set, NULL, + &ovsrec_flow_sample_collector_set_col_ipfix}}}, + + {&ovsrec_table_flow_sample_collector_set, + {{NULL, NULL, NULL}, + {NULL, NULL, NULL}}}, + {NULL, {{NULL, NULL, NULL}, {NULL, NULL, NULL}}} }; diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 09f98d5a5..899fd64c2 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -200,6 +200,7 @@ static void bridge_configure_netflow(struct bridge *); static void bridge_configure_forward_bpdu(struct bridge *); static void bridge_configure_mac_table(struct bridge *); static void bridge_configure_sflow(struct bridge *, int *sflow_bridge_number); +static void bridge_configure_ipfix(struct bridge *); static void bridge_configure_stp(struct bridge *); static void bridge_configure_tables(struct bridge *); static void bridge_configure_dp_desc(struct bridge *); @@ -388,8 +389,9 @@ bridge_init(const char *remote) ovsdb_idl_omit_alert(idl, &ovsrec_mirror_col_statistics); ovsdb_idl_omit(idl, &ovsrec_netflow_col_external_ids); - ovsdb_idl_omit(idl, &ovsrec_sflow_col_external_ids); + ovsdb_idl_omit(idl, &ovsrec_ipfix_col_external_ids); + ovsdb_idl_omit(idl, &ovsrec_flow_sample_collector_set_col_external_ids); ovsdb_idl_omit(idl, &ovsrec_manager_col_external_ids); ovsdb_idl_omit(idl, &ovsrec_manager_col_inactivity_probe); @@ -612,6 +614,7 @@ bridge_reconfigure_continue(const struct ovsrec_open_vswitch *ovs_cfg) bridge_configure_remotes(br, managers, n_managers); bridge_configure_netflow(br); bridge_configure_sflow(br, &sflow_bridge_number); + bridge_configure_ipfix(br); bridge_configure_stp(br); bridge_configure_tables(br); bridge_configure_dp_desc(br); @@ -944,6 +947,79 @@ bridge_configure_sflow(struct bridge *br, int *sflow_bridge_number) sset_destroy(&oso.targets); } +/* Set IPFIX configuration on 'br'. */ +static void +bridge_configure_ipfix(struct bridge *br) +{ + const struct ovsrec_ipfix *be_cfg = br->cfg->ipfix; + const struct ovsrec_flow_sample_collector_set *fe_cfg; + struct ofproto_ipfix_bridge_exporter_options be_opts; + struct ofproto_ipfix_flow_exporter_options *fe_opts = NULL; + size_t n_fe_opts = 0; + + OVSREC_FLOW_SAMPLE_COLLECTOR_SET_FOR_EACH(fe_cfg, idl) { + if (fe_cfg->bridge == br->cfg) { + n_fe_opts++; + } + } + + if (!be_cfg && n_fe_opts == 0) { + ofproto_set_ipfix(br->ofproto, NULL, NULL, 0); + return; + } + + if (be_cfg) { + memset(&be_opts, 0, sizeof be_opts); + + sset_init(&be_opts.targets); + sset_add_array(&be_opts.targets, be_cfg->targets, be_cfg->n_targets); + + if (be_cfg->sampling) { + be_opts.sampling_rate = *be_cfg->sampling; + } else { + be_opts.sampling_rate = SFL_DEFAULT_SAMPLING_RATE; + } + if (be_cfg->obs_domain_id) { + be_opts.obs_domain_id = *be_cfg->obs_domain_id; + } + if (be_cfg->obs_point_id) { + be_opts.obs_point_id = *be_cfg->obs_point_id; + } + } + + if (n_fe_opts > 0) { + struct ofproto_ipfix_flow_exporter_options *opts; + fe_opts = xcalloc(n_fe_opts, sizeof *fe_opts); + opts = fe_opts; + OVSREC_FLOW_SAMPLE_COLLECTOR_SET_FOR_EACH(fe_cfg, idl) { + if (fe_cfg->bridge == br->cfg) { + opts->collector_set_id = fe_cfg->id; + sset_init(&opts->targets); + sset_add_array(&opts->targets, fe_cfg->ipfix->targets, + fe_cfg->ipfix->n_targets); + opts++; + } + } + } + + ofproto_set_ipfix(br->ofproto, be_cfg ? &be_opts : NULL, fe_opts, + n_fe_opts); + + if (be_cfg) { + sset_destroy(&be_opts.targets); + } + + if (n_fe_opts > 0) { + struct ofproto_ipfix_flow_exporter_options *opts = fe_opts; + size_t i; + for (i = 0; i < n_fe_opts; i++) { + sset_destroy(&opts->targets); + opts++; + } + free(fe_opts); + } +} + static void port_configure_stp(const struct ofproto *ofproto, struct port *port, struct ofproto_port_stp_settings *port_s, diff --git a/vswitchd/vswitch.gv b/vswitchd/vswitch.gv index 210ae878b..56d666cc8 100644 --- a/vswitchd/vswitch.gv +++ b/vswitchd/vswitch.gv @@ -6,6 +6,7 @@ digraph Open_vSwitch { Bridge []; Bridge -> sFlow [label="sflow?"]; Bridge -> Mirror [label="mirrors*"]; + Bridge -> IPFIX [label="ipfix?"]; Bridge -> Port [label="ports*"]; Bridge -> Controller [label="controller*"]; Bridge -> Flow_Table [label="flow_tables value*"]; @@ -13,6 +14,10 @@ digraph Open_vSwitch { QoS [style=bold]; QoS -> Queue [label="queues value*"]; sFlow []; + Flow_Sample_Collector_Set [style=bold]; + Flow_Sample_Collector_Set -> Bridge [label="bridge"]; + Flow_Sample_Collector_Set -> IPFIX [label="ipfix?"]; + IPFIX []; Open_vSwitch [style=bold]; Open_vSwitch -> Bridge [label="bridges*"]; Open_vSwitch -> SSL [label="ssl?"]; diff --git a/vswitchd/vswitch.ovsschema b/vswitchd/vswitch.ovsschema index 594ffb46c..3f2ce3a28 100644 --- a/vswitchd/vswitch.ovsschema +++ b/vswitchd/vswitch.ovsschema @@ -1,6 +1,6 @@ {"name": "Open_vSwitch", "version": "7.1.0", - "cksum": "2234055133 17444", + "cksum": "432130924 19191", "tables": { "Open_vSwitch": { "columns": { @@ -70,6 +70,10 @@ "type": {"key": {"type": "uuid", "refTable": "sFlow"}, "min": 0, "max": 1}}, + "ipfix": { + "type": {"key": {"type": "uuid", + "refTable": "IPFIX"}, + "min": 0, "max": 1}}, "controller": { "type": {"key": {"type": "uuid", "refTable": "Controller"}, @@ -383,6 +387,48 @@ "external_ids": { "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}}, + "IPFIX": { + "columns": { + "targets": { + "type": {"key": "string", "min": 1, "max": "unlimited"}}, + "sampling": { + "type": {"key": {"type": "integer", + "minInteger": 1, + "maxInteger": 4294967295}, + "min": 0, "max": 1}}, + "obs_domain_id": { + "type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 4294967295}, + "min": 0, "max": 1}}, + "obs_point_id": { + "type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 4294967295}, + "min": 0, "max": 1}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}}, + "Flow_Sample_Collector_Set": { + "columns": { + "id": { + "type": {"key": {"type": "integer", + "minInteger": 0, + "maxInteger": 4294967295}, + "min": 1, "max": 1}}, + "bridge": { + "type": {"key": {"type": "uuid", + "refTable": "Bridge"}, + "min": 1, "max": 1}}, + "ipfix": { + "type": {"key": {"type": "uuid", + "refTable": "IPFIX"}, + "min": 0, "max": 1}}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}, + "isRoot": true, + "indexes": [["id", "bridge"]]}, "Controller": { "columns": { "target": { diff --git a/vswitchd/vswitch.pic b/vswitchd/vswitch.pic index e717e6f2b..81339d2e2 100644 --- a/vswitchd/vswitch.pic +++ b/vswitchd/vswitch.pic @@ -1,78 +1,92 @@ -.\" Generated from vswitch.gv with cksum "2197927206 1028" +.\" Generated from vswitch.gv with cksum "2412173910 1224" .PS linethick = 1; linethick = 1; -box at 3.269320992,2.78572 wid 0.5900294246 height 0.348215 "Bridge" +box at 1.639964024,1.91216 wid 0.4050050488 height 0.23902 "Bridge" linethick = 1; -box at 0.2708346627,1.9151825 wid 0.5416693254 height 0.348215 "sFlow" +box at 5.72978744,1.31461 wid 0.3718099512 height 0.23902 "sFlow" linethick = 1; -box at 0.996312758,1.9151825 wid 0.5706825992 height 0.348215 "Mirror" +box at 6.22790512,1.31461 wid 0.3917250976 height 0.23902 "Mirror" linethick = 1; -box at 2.795400377,1.9151825 wid 0.5223225 height 0.348215 "Port" +box at 0.2589399268,1.31461 wid 0.35853 height 0.23902 "IPFIX" linethick = 1; -box at 3.646577123,1.9151825 wid 0.831815992 height 0.348215 "Controller" +box at 0.736994268,1.31461 wid 0.35853 height 0.23902 "Port" linethick = 1; -box at 4.681541746,1.9151825 wid 0.889898254 height 0.348215 "Flow_Table" +box at 1.321254756,1.31461 wid 0.570970976 height 0.23902 "Controller" linethick = 1; -box at 6.103442877,1.9151825 wid 0.715790754 height 0.348215 "NetFlow" +box at 2.03167,1.31461 wid 0.610839512 height 0.23902 "Flow_Table" +linethick = 1; +box at 5.17191476,1.31461 wid 0.491329512 height 0.23902 "NetFlow" +linethick = 0.5; +box at 0.35853,0.71706 wid 0.35853 height 0.23902 "QoS" +box at 0.35853,0.71706 wid 0.302974444444444 height 0.183464444444444 linethick = 0.5; -box at 2.244036746,1.044645 wid 0.5223225 height 0.348215 "QoS" -box at 2.244036746,1.044645 wid 0.466766944444444 height 0.292659444444444 +box at 0.35853,0.11951 wid 0.4116450244 height 0.23902 "Queue" +box at 0.35853,0.11951 wid 0.356089468844444 height 0.183464444444444 linethick = 0.5; -box at 2.244036746,0.1741075 wid 0.5997028373 height 0.348215 "Queue" -box at 2.244036746,0.1741075 wid 0.544147281744444 height 0.292659444444444 +box at 0.683884024,2.50971 wid 1.367720244 height 0.23902 "Flow_Sample_Collector_Set" +box at 0.683884024,2.50971 wid 1.31216468844444 height 0.183464444444444 linethick = 0.5; -box at 4.052804742,3.6562575 wid 1.122018373 height 0.348215 "Open_vSwitch" -box at 4.052804742,3.6562575 wid 1.06646281744444 height 0.292659444444444 +box at 2.177759024,2.50971 wid 0.770170244 height 0.23902 "Open_vSwitch" +box at 2.177759024,2.50971 wid 0.714614688444444 height 0.183464444444444 +linethick = 1; +box at 2.177759024,1.91216 wid 0.35853 height 0.23902 "SSL" linethick = 1; -box at 4.052804742,2.78572 wid 0.5223225 height 0.348215 "SSL" +box at 2.728795732,1.91216 wid 0.511215976 height 0.23902 "Manager" linethick = 1; -box at 4.855649246,2.78572 wid 0.744762242 height 0.348215 "Manager" +box at 0.916259268,0.71706 wid 0.517860732 height 0.23902 "Interface" linethick = 1; -box at 3.056561627,1.044645 wid 0.754442619 height 0.348215 "Interface" +spline -> from 1.83949792,1.821380204 to 1.83949792,1.821380204 to 1.872052444,1.809763832 to 1.905897676,1.799533776 to 1.938739024,1.79265 to 2.331687904,1.7101881 to 5.21254816,1.889883336 to 5.55052244,1.67314 to 5.63322336,1.620173168 to 5.6791152,1.516773116 to 5.70397328,1.43459804 +"sflow?" at 5.80627384,1.613385 linethick = 1; -spline -> from 2.976332891,2.75298779 to 2.976332891,2.75298779 to 2.604160699,2.706535909 to 1.945268276,2.607573206 to 1.402540377,2.437505 to 1.042625353,2.324752983 to 0.970266276,2.249190328 to 0.6287230754,2.08929 to 0.6011862332,2.076406045 to 0.5725420673,2.06282566 to 0.5439884373,2.049105989 -"sflow?" at 1.620174752,2.35045125 +spline -> from 1.839450116,1.821284596 to 1.839450116,1.821284596 to 1.872052444,1.809668224 to 1.905897676,1.799485972 to 1.938739024,1.79265 to 2.378774844,1.701153144 to 5.58780956,1.888544824 to 5.98219256,1.67314 to 6.07541036,1.622133132 to 6.1404238,1.518541864 to 6.18010112,1.43579314 +"mirrors*" at 6.30725976,1.613385 linethick = 1; -spline -> from 2.97514896,2.6812555 to 2.97514896,2.6812555 to 2.785302142,2.613214289 to 2.533333768,2.52177303 to 2.311729742,2.437505 to 1.95348615,2.301283292 to 1.543358523,2.137134741 to 1.277600835,2.029675592 -"mirrors*" at 2.592251746,2.35045125 +spline -> from 1.44033452,1.898966096 to 1.44033452,1.898966096 to 1.223830204,1.877406492 to 0.873952728,1.820806556 to 0.610839512,1.67314 to 0.505861928,1.614245472 to 0.4118171188,1.51466974 to 0.3474107896,1.435362904 +"ipfix?" at 0.733647988,1.613385 linethick = 1; -spline -> from 3.102665293,2.610428569 to 3.102665293,2.610428569 to 3.058372345,2.557708818 to 3.013382967,2.497746195 to 2.979188254,2.437505 to 2.917484556,2.32886192 to 2.871032675,2.19584379 to 2.840250469,2.091240004 -"ports*" at 3.187142252,2.35045125 +spline -> from 1.439569656,1.871861228 to 1.439569656,1.871861228 to 1.302372176,1.836725288 to 1.12195988,1.775010324 to 0.989255976,1.67314 to 0.907176508,1.610086524 to 0.84111138,1.512853188 to 0.797179504,1.43555412 +"ports*" at 1.132046524,1.613385 linethick = 1; -spline -> from 3.345719363,2.60952321 to 3.345719363,2.60952321 to 3.41111414,2.458537186 to 3.504923261,2.242017099 to 3.570387681,2.091100718 -"controller*" at 3.849725754,2.35045125 +spline -> from 1.43842236,1.800203032 to 1.43842236,1.800203032 to 1.39420366,1.765545132 to 1.353140024,1.72309518 to 1.327899512,1.67314 to 1.291090432,1.600334508 to 1.29022996,1.508168396 to 1.298165424,1.435506316 +"controller*" at 1.573564268,1.613385 linethick = 1; -spline -> from 3.563284095,2.664959038 to 3.563284095,2.664959038 to 3.610362763,2.646503643 to 3.658695005,2.628187534 to 3.704589742,2.6116125 to 3.942559873,2.525881967 to 4.036647566,2.578949933 to 4.246272996,2.437505 to 4.380335771,2.347038743 to 4.495594936,2.203852735 to 4.573734382,2.090195359 -"flow_tables value*" at 5.063603244,2.35045125 +spline -> from 1.733755472,1.79241098 to 1.733755472,1.79241098 to 1.76205544,1.754837036 to 1.792697804,1.71281732 to 1.819229024,1.67314 to 1.870666128,1.596127756 to 1.923776372,1.506495256 to 1.96402734,1.436127768 +"flow_tables value*" at 2.327146524,1.613385 linethick = 1; -spline -> from 3.560568018,2.655696519 to 3.560568018,2.655696519 to 3.607925258,2.638425055 to 3.657093216,2.622894666 to 3.704589742,2.6116125 to 4.143340642,2.507426572 to 5.333887727,2.659805456 to 5.726186746,2.437505 to 5.863383456,2.359713769 to 5.963947948,2.209215246 to 6.026557005,2.089638215 -"netflow?" at 6.204982371,2.35045125 +spline -> from 1.83949792,1.821523616 to 1.83949792,1.821523616 to 1.872100248,1.809907244 to 1.90594548,1.799629384 to 1.938739024,1.79265 to 2.27451432,1.721230824 to 4.744929432,1.870188088 to 5.02611256,1.67314 to 5.103077,1.61912148 to 5.13940804,1.516964332 to 5.15661748,1.435458512 +"netflow?" at 5.32154128,1.613385 linethick = 0.5; -spline -> from 1.285331208,1.9151825 to 1.285331208,1.9151825 to 1.629994415,1.9151825 to 2.201067015,1.9151825 to 2.533403411,1.9151825 -"select_src_port*" at 1.905502123,2.00223625 +spline -> from 6.03429892,1.412082356 to 6.03429892,1.412082356 to 6.01469928,1.420209036 to 5.9946216,1.427714264 to 5.9755,1.43412 to 5.56247344,1.571030656 to 5.44869992,1.583650912 to 5.01607372,1.626674512 to 4.690146048,1.65903782 to 4.606536852,1.636187508 to 4.279127256,1.626674512 to 2.80920206,1.583842128 to 2.396749148,1.813492544 to 0.976014268,1.43412 to 0.956271216,1.42886156 to 0.936289144,1.421882176 to 0.916689504,1.413898908 +"select_src_port*" at 4.647600488,1.613385 linethick = 0.5; -spline -> from 1.262209732,1.740239284 to 1.262209732,1.740239284 to 1.2953598,1.724778538 to 1.329693799,1.711546368 to 1.363818869,1.702353492 to 1.82882518,1.577483593 to 1.983711212,1.571981796 to 2.447185377,1.702353492 to 2.479917587,1.711616011 to 2.512649797,1.724848181 to 2.544128433,1.740239284 -"output_port?" at 1.905502123,1.789407242 +spline -> from 6.03429892,1.412082356 to 6.03429892,1.412082356 to 6.01469928,1.420209036 to 5.9946216,1.427714264 to 5.9755,1.43412 to 5.56247344,1.571030656 to 5.44869992,1.583650912 to 5.01607372,1.626674512 to 4.690146048,1.65903782 to 4.606536852,1.636187508 to 4.279127256,1.626674512 to 2.80920206,1.583842128 to 2.396749148,1.813492544 to 0.976014268,1.43412 to 0.956271216,1.42886156 to 0.936289144,1.421882176 to 0.916689504,1.413898908 +"output_port?" at 4.647600488,1.613385 linethick = 0.5; -spline -> from 1.066861117,1.739821426 to 1.066861117,1.739821426 to 1.126266596,1.618155105 to 1.224115011,1.465428006 to 1.363818869,1.39286 to 1.791148317,1.171047045 to 2.022641649,1.165684534 to 2.447185377,1.39286 to 2.583616014,1.465915507 to 2.675823346,1.618572963 to 2.730910959,1.740169641 -"select_dst_port*" at 1.905502123,1.47991375 +spline -> from 6.03429892,1.412082356 to 6.03429892,1.412082356 to 6.01469928,1.420209036 to 5.9946216,1.427714264 to 5.9755,1.43412 to 5.56247344,1.571030656 to 5.44869992,1.583650912 to 5.01607372,1.626674512 to 4.690146048,1.65903782 to 4.606536852,1.636187508 to 4.279127256,1.626674512 to 2.80920206,1.583842128 to 2.396749148,1.813492544 to 0.976014268,1.43412 to 0.956271216,1.42886156 to 0.936289144,1.421882176 to 0.916689504,1.413898908 +"select_dst_port*" at 4.647600488,1.613385 +linethick = 1; +spline -> from 0.659121552,1.193092232 to 0.659121552,1.193092232 to 0.63507614,1.155470484 to 0.60854492,1.1138332 to 0.584260488,1.07559 to 0.533827268,0.996091948 to 0.4774089872,0.906459448 to 0.43358228,0.836713412 +"qos?" at 0.6871825,1.015835 +linethick = 1; +spline -> from 0.773277504,1.19366588 to 0.773277504,1.19366588 to 0.804350104,1.090026808 to 0.848951236,0.941404172 to 0.880023836,0.837812904 +"interfaces+" at 1.108765976,1.015835 linethick = 1; -spline -> from 2.682021573,1.738149994 to 2.682021573,1.738149994 to 2.646921501,1.683340953 to 2.608269636,1.6226819 to 2.572890992,1.5669675 to 2.49948727,1.451151191 to 2.417238887,1.320570566 to 2.353376256,1.218961429 -"qos?" at 2.722832371,1.47991375 +spline -> from 0.35853,0.59611588 to 0.35853,0.59611588 to 0.35853,0.492476808 to 0.35853,0.3438732936 to 0.35853,0.2402533432 +"queues value*" at 0.690480976,0.418285 linethick = 1; -spline -> from 2.848259414,1.73898571 to 2.848259414,1.73898571 to 2.893527364,1.587999686 to 2.958504283,1.371479599 to 3.003772233,1.220563218 -"interfaces+" at 3.337083631,1.47991375 +spline -> from 0.877346812,2.38876588 to 0.877346812,2.38876588 to 1.043226692,2.285126808 to 1.280955984,2.136504172 to 1.446740256,2.032912904 +"bridge" at 1.390952988,2.210935 linethick = 1; -spline -> from 2.244036746,0.86844821 to 2.244036746,0.86844821 to 2.244036746,0.717462186 to 2.244036746,0.5009699562 to 2.244036746,0.3500117894 -"queues value*" at 2.727707381,0.60937625 +spline -> from 0.640764816,2.38852686 to 0.640764816,2.38852686 to 0.559115584,2.158876444 to 0.3827570672,1.66286214 to 0.3015046084,1.434311216 +"ipfix?" at 0.640717012,1.91216 linethick = 1; -spline -> from 3.657511074,3.480617854 to 3.657511074,3.480617854 to 3.582018062,3.433121328 to 3.509171484,3.375735496 to 3.453108869,3.3080425 to 3.370999772,3.208801225 to 3.324478248,3.070350941 to 3.298849624,2.960941788 -"bridges*" at 3.733630873,3.22098875 +spline -> from 1.906375716,2.389148312 to 1.906375716,2.389148312 to 1.85455618,2.356545984 to 1.804553196,2.317155488 to 1.766070976,2.27069 to 1.70971006,2.2025693 to 1.677776988,2.107534948 to 1.660185116,2.032434864 +"bridges*" at 1.958625488,2.210935 linethick = 1; -spline -> from 4.052804742,3.48006071 to 4.052804742,3.48006071 to 4.052804742,3.329074686 to 4.052804742,3.112554599 to 4.052804742,2.961638218 -"ssl?" at 4.173774633,3.22098875 +spline -> from 2.177759024,2.38876588 to 2.177759024,2.38876588 to 2.177759024,2.285126808 to 2.177759024,2.136504172 to 2.177759024,2.032912904 +"ssl?" at 2.260746768,2.210935 linethick = 1; -spline -> from 4.215281861,3.48006071 to 4.215281861,3.48006071 to 4.354567861,3.329074686 to 4.554234342,3.112554599 to 4.693450699,2.961638218 -"manager_options*" at 5.140976617,3.22098875 +spline -> from 2.289237952,2.38876588 to 2.289237952,2.38876588 to 2.384845952,2.285126808 to 2.52190002,2.136504172 to 2.617460216,2.032912904 +"manager_options*" at 2.924696524,2.210935 .PE diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index 21bcbc2e5..2744325a0 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -340,7 +340,11 @@ - sFlow configuration. + sFlow(R) configuration. + + + + IPFIX configuration. @@ -3129,8 +3133,8 @@ -

An sFlow(R) target. sFlow is a protocol for remote monitoring - of switches.

+

A set of sFlow(R) targets. sFlow is a protocol for remote + monitoring of switches.

Name of the network device whose IP address should be reported as the @@ -3171,4 +3175,75 @@
+ +

A set of IPFIX collectors. IPFIX is a protocol that exports a + number of details about flows.

+ + + IPFIX target collectors in the form + ip:port. + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the rate at which packets should + be sampled and sent to each target collector. If not specified, + defaults to 400, which means one out of 400 packets, on average, + will be sent to each target collector. Ignored for per-flow + sampling, i.e. when this row is referenced from a . + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the IPFIX Observation Domain ID + sent in each IPFIX packet. If not specified, defaults to 0. + Ignored for per-flow sampling, i.e. when this row is referenced + from a . + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the IPFIX Observation Point ID + sent in each IPFIX flow record. If not specified, defaults to + 0. Ignored for per-flow sampling, i.e. when this row is + referenced from a . + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
+ + +

A set of IPFIX collectors of packet samples generated by + OpenFlow sample actions.

+ + + The ID of this collector set, unique among the bridge's + collector sets, to be used as the collector_set_id + in OpenFlow sample actions. + + + + The bridge into which OpenFlow sample actions can + be added to send packet samples to this set of IPFIX collectors. + + + + Configuration of the set of IPFIX collectors to send one flow + record per sampled packet to. + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
+