ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: sending strings data into IPfix stream

2013-07-02 08:56:32
from [DESCOMBES Thierry] [Permanent Link] 
Hi Brian,
Thanks a lot for your answer.
Our IPFIX exporter is a bit specific, and we'd like to export periodically a list of hostname, ipaddress and related data (that are not available from the collector: owner, serial number, ...) It should be easier to send this list using IPFIX stream (and this deals with all security/filtering policy)... The transmission frequency of this list will be quite low. What is the right way to dothat ? Do I have to use IPFIX option templates to send such data, or not ? 
Thanks a lot. Cheers
Thierry



On 01/07/2013 11:28, Brian Trammell wrote:

Hi, Thierry,

Have a look in the IANA information element registry 
(http://www.iana.org/assignments/ipfix) to see if there are existing IEs for 
the information you want to export.

Hostnames, I think, are not there -- in general, IPFIX exporters deal in 
addresses taken from observed packets and leave it up to the collector to do 
reverse resolution, due to (1) the amount of time DNS reverse lookups can take, 
blocking measurement activity on a (presumably) resource-constrained metering 
process, as well as (2) the ambiguity inherent within reverse lookups (due to 
e.g. misconfigured local and/or authoritative resolvers). In an environment 
where you have a good, internal database of hostnames (e.g. because the 
metering process is colocated with a DHCP server), this is more likely to be 
useful, though.

If you'd like to export information _not_ in the IANA Information Element 
registry, you have two options; (1) defining new enterprise-specific IEs scoped 
by your Private Enterprise Number (see Section 3.2 and example A.2.2. in 
http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis) or (2) 
submitting a new Information Element definition for addition to the IANA 
registry (see http://tools.ietf.org/html/draft-ietf-ipfix-ie-doctors-07/ for 
guidelines on writing such a definition).

Keep in mind, for strings, you'll almost certainly be dealing with 
variable-length IE export; see section 7 of 
http://tools.ietf.org/html/draft-ietf-ipfix-protocol-rfc5101bis.

Cheers,

Brian


On 1 Jul 2013, at 11:06 , DESCOMBES Thierry 
<descombes(_at_)lpsc(_dot_)in2p3(_dot_)fr> wrote:


Hello,
Not sure if this is the right list for this type of message ...
I am developing an IPFIX exporter. It exports IP flows, and I'd like now to 
export some extra information (strings) about the machines on the LAN (the 
hostname of the machine, and others information ...)
What is the right way to do that (IPFIX fields to use, template options or not 
...)
Thank you very much in advance. Regards
T. Descombes
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  NOMCOM 2013-14 Volunteering - 3rd and Final Call for Volunteers, NomCom Chair 2013
Next by Date:  Invitation to request an IETF mentor, IETF Chair
Previous by Thread:  Re: sending strings data into IPfix stream, Brian Trammell
Next by Thread:  Nomcom 2013-14 - Timeline and Seeds for Random Selection, NomCom Chair 2013
Indexes:  [Date] [Thread] [Top] [All Lists]