The IESG has approved the following document: - 'Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol' (draft-ietf-ipfix-a9n-08.txt) as Proposed Standard This document is the product of the IP Flow Information Export Working Group. The IESG contact persons are Ronald Bonica and Benoit Claise. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-ipfix-a9n/ Technical Summary This document provides a common implementation-independent basis for the interoperable application of the IP Flow Information Export (IPFIX) Protocol to the handling of Aggregated Flows, which are IPFIX Flows representing packets from multiple Original Flows that share some set of common properties. Working Group Summary This draft attracted real discussion on the IPFIX list, and took time to reach consensus on its final approach, i.e. "through a detailed terminology and a descriptive Intermediate Aggregation Process architecture, including a specification of methods for Original Flow counting and counter distribution across intervals." Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? I'm not aware of any, so far. Are there any reviewers that merit special mention as having done a thorough review ... ? Rahul Patel was a strong contributor to the discussion, Paul Aitken provided a very thorough review. Personnel Who is the Document Shepherd? Nevil Brownlee Who is the Responsible Area Director? Ron Bonica RFC Editor Note OLD: In certain circumstances, additional delay at the original Exporter may cause an IAP to close an interval before the last Original Flow(s) accountable to the interval arrives; in this case the IAP SHOULD drop the late Original Flow(s). Accounting of flows lost at an Intermediate Process due to such issues is covered in [I-D.ietf-ipfix-mediation-protocol]. NEW: In certain circumstances, additional delay at the original Exporter may cause an IAP to close an interval before the last Original Flow(s) accountable to the interval arrives; in this case the IAP MAY drop the late Original Flow(s). Accounting of flows lost at an Intermediate Process due to such issues is covered in [I-D.ietf-ipfix-mediation-protocol]. Section 5.3.1 OLD Certain Information Elements for these applications are already provided in the IANA IPFIX Information Elements registry (http://www.iana.org/assignments/ipfix/ipfix.html (e.g. minimumIpTotalLength). NEW Certain Information Elements for these applications are already provided in the IANA IPFIX Information Elements registry [iana-ipfix-assignments] (e.g. minimumIpTotalLength). ============================================ Section 7.2.4 OLD: [IANA NOTE: This Information Element is compatible with Information Element 3 as used in NetFlow version 9.] NEW ============================================ Section 10 OLD: [NOTE for IANA: The text TBDn should be replaced with the respective assigned Information Element numbers where they appear in this document. Note that the deltaFlowCount Information Element has been assigned the number 3, as it is compatible with the corresponding existing (reserved) NetFlow v9 Information Element. Other Information Element numbers should be assigned outside the NetFlow V9 compatibility range, as these Information Elements are not supported by NetFlow V9.] NEW ============================================ Section 2 OLD: Aggregated Flow: A Flow, as defined by [I-D.ietf-ipfix-protocol-rfc5101bis], derived from a set of zero or more original Flows within a defined Aggregation Interval. The primary difference between a Flow and an Aggregated Flow in the general case is that the time interval (i.e., the two-tuple of start and end times) of a Flow is derived from information about the timing of the packets comprising the Flow, while the time interval of an Aggregated Flow is often externally imposed. Note that an Aggregated Flow is defined in the context of an Intermediate Aggregation Process only. Once an Aggregated Flow is exported, it is essentially a Flow as in [I-D.ietf-ipfix-protocol-rfc5101bis] and can be treated as such. NEW Aggregated Flow: A Flow, as defined by [I-D.ietf-ipfix-protocol-rfc5101bis], derived from a set of zero or more original Flows within a defined Aggregation Interval. Note that an Aggregated Flow is defined in the context of an Intermediate Aggregation Process only. Once an Aggregated Flow is exported, it is essentially a Flow as in [I-D.ietf-ipfix-protocol-rfc5101bis] and can be treated as such. ============================================ Section 5.1.1 OLD: Proportional Uniform Distribution: This is like simple uniform distribution, but accounts for the fractional portions of a time interval covered by an Original Flow in the first and last time interval. Each counter for an Original Flow is divided by the number of time _units_ the Original Flow covers, to derive a mean count rate. This rate is then multiplied by the number of time units in the intersection of the duration of the Original Flow and the time interval of each Aggregated Flow. NEW: Proportional Uniform Distribution: This is like simple uniform distribution, but accounts for the fractional portions of a time interval covered by an Original Flow in the first and last time interval. Each counter for an Original Flow is divided by the number of time units the Original Flow covers, to derive a mean count rate. This rate is then multiplied by the number of time units in the intersection of the duration of the Original Flow and the time interval of each Aggregated Flow.
