IPFIX (IP Flow Information eXport)

Internet Protocol Flow Information eXport (IPFIX) is an IETF working group. It was created from the need for a common, universal standard of export for Internet Protocol flow information from routers, probes, and other devices that is used by mediation systems, accounting/billing systems, and network management systems to facilitate services such as measurement, accounting, and billing. The IPFIX standard will define how IP flow information is to be formatted and transferred from an exporter to a collector. Previously many data network operators were relying on the proprietary Cisco Systems Netflow or Juniper Networks CFlow standard for traffic flow information export.

The IPFIX standards requirements were outlined in the original RFC 3917. The working group chose Cisco Netflow Version 9 as the basis for IPFIX. The working group submitted the IPFIX Protocol Specification to the IESG for approval in 2006.

 

Architecture
The following figure shows a typical architecture of information flow in an IPFIX architecture:

      Metering,             
      Exporter      IPFIX         Collector
         O--------------------------->O
         |
         | Observation Point
         v
   ---- IP Traffic --->

A Metering Process collects data packets at an Observation Point, optionally filters them and aggregates information about these packets. Using the IPFIX protocol, an Exporter then sends this information to a Collector. Exporters and Collectors are in a many-to-many relationship: One Exporter can send data to many Collectors and one Collector can receive data from many Exporters.

 

Protocol
Similar to the Netflow Protocol, IPFIX considers a flow to be any number of packets observed in a specific timeslot and sharing a number of properties, e.g. "same source, same destination, same protocol". Using IPFIX, devices like routers can inform a central monitoring station about their view of a potentially larger network.

IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver.

The actual makeup of data in IPFIX messages is to a great extent up to the sender. IPFIX introduces the makeup of these messages to the receiver with the help of special Templates. The sender is also free to use user-defined data types in its messages, so the protocol is freely extensible and can adapt to different scenarios.

IPFIX prefers the Stream Control Transmission Protocol as its transport layer protocol, but also allows the use of the Transmission Control Protocol or User Datagram Protocol.

IPFIX Compatible Devices

The table below lists IPFIX compatible devices. Check your product documentation for details of how to configure IPFIX.

Nortel
Ethernet Routing Switch 5500 Series (ERS5510, 5520 and 5530)
Ethernet Routing Switch 8600 (Chassis-based) with R-modules only

 

Analyser Sales Limited
Courtyard Offices, Graylands
Langhurst Wood Road
Warnham, HORSHAM
West Sussex, RH12 4QD 		www.netflow-analyser.co.uk +44 (0) 1403 793 670 Voice
+44 (0) 1403 754 738 Fax
0800 328 8649 (UK ONLY)

© 2002-2008 Analyser Sales Ltd - ASL is a Trademark of Analyser Sales Ltd
    All other Registered Trademarks Acknowledged    

 

 

 

 

 

 

 

ASL | Security Solutions | Network Monitoring Tools | Network Toolsets Suite | Network Performance Monitor | NetFlow | Protocol Analyser | Codima | Virtualisation
SNMPc | WhatsUp Gold | Links to Useful Network Tools | Websense Internet Security | Celestix Security Appliances | Infrastructure Management | Wikipedia
Everest | TFTP Server | NetFlow Analyser | Network Healthcheck | Network Consulting | 2X6 | Network Training