IP Flow Information Export

The Internet Protocol Flow Information Export ( IPFIX ) is an evolution of the Netflow protocol of Cisco Systems. It is developed by the IETF to standardize the exchange of network monitoring information.

As a flow while packets of a data stream are called having common characteristics such as " same source, same destination and the same protocol ." IPFIX agent can now, for example, a router information about his view of the current network utilization Send to a central monitoring station, which can react suited to this information.

IPFIX is a pure push protocol, i.e., the transmitting station sends on its own periodically IPFIX data packets.

The composition of IPFIX data packets is the transmitter largely exempted, as he does in IPFIX prior to shipment of flow of information to build the packages by means of so-called templates known. The data types used in data packets are freely extensible.

IPFIX preferred transport protocol SCTP ​​, the alternative use of TCP or UDP is also provided.

Architecture

The architecture of IPFIX information flow typically looks like:

Metering,        Exporter IPFIX Collector           O --------------------------- > O           |           | Observation Point           v ---- IP Traffic ---> A Metering Process accumulated at Observation Point data packets, filters it before, if appropriate, and aggregated information about these packages. This information is then sent by the Exporter to the Collector. It is a many-to -many relationship between exporter and collector, that is an exporter can both deliver multiple collectors as well as a Collector relating information from several Exportern.

Example

A simple, shipped via IPFIX record might look like this:

The IPFIX message used in this case for example, could be constructed as follows:

It contains header after the obligatory two IPFIX Sets: A template set, which makes the structure of the used datasets known and a Data Set, which transmits the actual user data. The template set is thereby buffered in the receiver and must be so in the future no longer be transferred.

415111
de