Hi Brian,
Thanks a lot for your answer.
Our IPFIX exporter is a bit specific, and we'd like to export
periodically a list of hostname, ipaddress and related data (that are
not available from the collector: owner, serial number, ...)
It should be easier to send this list using IPFIX stream (and this deals
with all security/filtering policy)...
The transmission frequency of this list will be quite low. What is the
right way to dothat ? Do I have to use IPFIX option templates to send
such data, or not ?
Thanks a lot. Cheers
Thierry
On 01/07/2013 11:28, Brian Trammell wrote:
Hi, Thierry,
Have a look in the IANA information element registry (http://www.iana.org/assignments/ipfix) to see if there are existing IEs for the information you want to export.
Hostnames, I think, are not there -- in general, IPFIX exporters deal in addresses taken from observed packets and leave it up to the collector to do reverse resolution, due to (1) the amount of time DNS reverse lookups can take, blocking measurement activity on a (presumably) resource-constrained metering process, as well as (2) the ambiguity inherent within reverse lookups (due to e.g. misconfigured local and/or authoritative resolvers). In an environment where you have a good, internal database of hostnames (e.g. because the metering process is colocated with a DHCP server), this is more likely to be useful, though.
If you'd like to export information _not_ in the IANA Information Element registry, you have two options; (1) defining new enterprise-specific IEs scoped by your Private Enterprise Number (see Section 3.2 and example A.2.2. in http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis) or (2) submitting a new Information Element definition for addition to the IANA registry (see http://tools.ietf.org/html/draft-ietf-ipfix-ie-doctors-07/ for guidelines on writing such a definition).
Keep in mind, for strings, you'll almost certainly be dealing with variable-length IE export; see section 7 of http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis.
Cheers,
Brian
On 1 Jul 2013, at 11:06 , DESCOMBES Thierry <descombes@xxxxxxxxxxxxx> wrote:
Hello,
Not sure if this is the right list for this type of message ...
I am developing an IPFIX exporter. It exports IP flows, and I'd like now to export some extra information (strings) about the machines on the LAN (the hostname of the machine, and others information ...)
What is the right way to do that (IPFIX fields to use, template options or not ...)
Thank you very much in advance. Regards
T. Descombes