• Network & Internet
• Accès Internet
• Réseau des hautes écoles
  • Infrastructure
  • Opération
  • Tools
  • Services
  • Contact

FloMA: Pointers and References

Contents

• General information
• Conferences
• Papers about NetFlow applications
• Standardization efforts
  • ipfix (new IETF Working Group)
  • RTFM (IETF Working Group)
  • PSAMP (IETF Working Group)
  • sFlow (Industry Consortium)
  • IPDR.org (Industry Consortium)

Note: for NetFlow post-processing software, please see the software section.

General Information on Accounting and Traffic Analysis

Network Analysis Times

Electronic newsletter about NLANR's network analysis activities, and a forum for open discussions and requests for collaboration

Cisco Netflow

Flow-based accounting built into routers. See the software section for pointers to software that processes Netflow accounting data.

NetFlow Howto

"How to build detailed Network Usage Reports using RRDTool, flow-tools, FlowScan, and CUFlow", by Robert S. Galloway

flowmon.org

A Web site for CESNET projects dealing with flow monitoring, including the FlowMon probe and flow processing software. Could be used for other information related to flow monitoring.

Conferences

FloCon

Flow analysis workshops organized by the CERT Coordination Center. The proceedings are available for the 2004, 2005, and 2006 editions.

Papers about NetFlow applications

Properties and Prediction of Flow Statistics from Sampled Packet Streams

Nick Duffield, Carsten Lund, Mikkel Thorup, Proc. ACM SIGCOMM IMC, 2002. A detailed investigation of the effects of packet sampling on flow-based traffic accounting.

TCP Use and Performance on Internet2

Stanislav Shalunov, Benjamin Teitelbaum, ACL SIGCOMM IMW, 2001. See the pointer to the Abilene usage report page in the projects section of these pages.

Traffic analysis and infrastructure monitoring in CESNET2 Network

Tom Kosnar, PAM 2001.

Flow-Based Traffic Analysis at SWITCH

Simon Leinen, PAM 2001 (poster).

FlowScan Presentation and BOF

Dave Plonka, NANOG 21, 2001. Slide presentation and RealVideo recording. Slides also available here.

FlowScan: A Network Traffic Flow Reporting and Visualization Tool

by Dave Plonka, Usenix LISA 2000. Also available in full as HTML and PS, as well as the slides of the presentation.

Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics

by Bill Nickless, John-Paul Navarro, and Linda Winkler, Usenix LISA 2000.

The OSU Flow-tools Package and CISCO NetFlow Logs

by Steve Romig, Mark Fullmer, and Ron Luman, Usenix LISA 2000.

Cisco Flow Logs and Intrusion Detection at the Ohio State University

by Steve Romig, Mark Fullmer, Suresh Ramachandran, Usenix ;login: vol.9, 1999. Describes the use of the OSU flow tools for Intrusion Detection.

Deriving traffic demands for operational IP networks: Methodology and experience

by Anja Feldmann, Albert Greenberg, Carsten Lund, Nick Reingold, Jennifer Rexford, and Fred True, ACM TON, June 2001. Also available: slides from a presentation to the ISMA workshop.

Standardization Efforts

ipfix (IP Flow Information Export)

The IETF ipfix working group has been established in September 2001 in the Operations and Management Area. See its charter on the IETF site for more information and for how to join the mailing list. There was a BOF at the 51th IETF meeting in August 2001.

Jürgen Quittek has written an IPFIX Information Element Browser.

IANA has set up a number of registrations for IPFIX-related parameters:

• IPFIX Version Numbers http://www.iana.org/assignments/ipfix-parameters
• IPFIX Set IDs http://www.iana.org/assignments/ipfix-parameters
• IPFIX Information Elements http://www.iana.org/assignments/ipfix
• IPFIX MPLS Label Types http://www.iana.org/assignments/ipfix

Documents

See also the IPFIX WG drafts page provided by Henrik Levkowetz.

RFC 3917: Requirements for IP Flow Information Export (IPFIX)

J. Quittek, T. Zseby, B. Claise, S. Zander, October 2004

RFC 3954: Cisco Systems NetFlow Services Export Version 9

B. Claise, Ed., October 2004

RFC 3955: Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX)

S. Leinen, October 2004

RFC 5101: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information

B. Claise, Ed., January 2008

Specification of the IP Flow Information eXport (IPFIX) Protocol for the Exchange of IP Traffic Flow Information

Benoit Claise, Brian Trammell, November 2011 (work in progress)

RFC 5102: Information Model for IP Flow Information Export

J. Quittek, S. Bryant, B. Claise, P. Aitken, J. Meyer, January 2008

Information Model for IP Flow Information eXport (IPFIX)

Benoit Claise, Brian Trammell, January 2012 (work in progress)

RFC 5103: Bidirectional Flow Export Using IP Flow Information Export (IPFIX)

B. Trammell, E. Boschi, January 2008

RFC 5153: IPFIX Implementation Guidelines

E. Boschi, L. Mark, J. Quittek, M. Stiemerling, P. Aitken, April 2008

RFC 5470: Architecture for IP Flow Information Export

G. Sadasivan, N. Brownlee, B. Claise, J. Quittek, March 2009

RFC 5471: Guidelines for IP Flow Information Export (IPFIX) Testing

C. Schmoll, P. Aitken, B. Claise, March 2009

RFC 5472: IP Flow Information Export (IPFIX) Applicability

T. Zseby, E. Boschi, N. Brownlee, B. Claise, March 2009

RFC 5473: Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports

E. Boschi, L. Mark, B. Claise, March 2009

RFC 5610: Exporting Type Information for IP Flow Information Export (IPFIX) Information Elements

E. Boschi, B. Trammell, L. Mark, T. Zseby, July 2009

Reporting Unobserved Fields in IPFIX

Paul Aitken, January 2012 (work in progress)

RFC 6313: Export of Structured Data in IP Flow Information Export (IPFIX)

B. Claise, G. Dhandapani,, P. Aitken, S. Yates, July 2011

RFC 5655: Specification of the IP Flow Information Export (IPFIX) File Format

B. Trammell, E. Boschi, L. Mark, T. Zseby, A. Wagner, October 2009

Flow Selection Techniques

Salvatore D'Antonio, Tanja Zseby, Christian Henke, Lorenzo Peluso, MONTH_NAME([11]) [2011] (work in progress)

A Composite IP Packet Selector

Guang Cheng, Jian Gong, Hua Wu, June 2011 (work in progress)

Configuration Data Model for IPFIX and PSAMP

G. Muenz, et al, July 2011 (work in progress)

RFC 5815: Definitions of Managed Objects for IP Flow Information Export

T. Dietz, Ed., A. Kobayashi, B. Claise, G. Muenz, April 2010

Definitions of Managed Objects for IP Flow Information Export

Thomas Dietz, Atsushi Kobayashi, Benoit Claise, Gerhard Muenz, January 2012 (work in progress)

Reliable Server Pooling Applicability for IP Flow Information Exchange

Thomas Dreibholz, Lode Coene, Phillip Conrad, December 2011 (work in progress)

RFC 5982: IP Flow Information Export (IPFIX) Mediation: Problem Statement

A. Kobayashi, Ed., B. Claise, Ed., August 2010

RFC 6183: IP Flow Information Export (IPFIX) Mediation: Framework

A. Kobayashi, B. Claise, G. Muenz, K. Ishibashi, April 2011

Specification of the Protocol for IPFIX Mediation

Benoit Claise, Atsushi Kobayashi, Brian Trammell, December 2011 (work in progress)

RFC 6235: IP Flow Anonymization Support

E. Boschi, B. Trammell, May 2011

Flow Aggregation for the IP Flow Information Export (IPFIX) Protocol

Brian Trammell, Arno Wagner, Benoit Claise, February 2012 (work in progress)

RFC 3423: XACCT's Common Reliable Accounting for Network Element (CRANE) Protocol Specification Version 1.0

K. Zhang, E. Elkin, November 2002

RFC 5695: MPLS Forwarding Benchmarking Methodology for IP Flows

A. Akhter, R. Asati, C. Pignataro, November 2009

Compressed IPFIX for smart meters in constrained networks

L. Braun, et al, September 2011 (work in progress)

IP Flow Information Accounting and Export Benchmarking Methodology

Jan Novak, January 2012 (work in progress)

Recommendations for Implementing IPFIX over DTLS

D. Mentz, et al., March 2011 (work in progress)

SIP Message Information Export using IPFIX

Brian Trammell, Saverio Niccolini, Benoit Claise, Hadriel Kaplan, October 2011 (work in progress)

IPFIX Information Elements for Flow Performance Measurement

Aamer Akhter, September 2011 (work in progress)

Export of Application Information in IPFIX

Benoit Claise, Paul Aitken, Nir Ben-Dvora, December 2011 (work in progress)

Exporting MIB Variables using the IPFIX Protocol

Andrew Johnson, Benoit Claise, Paul Aitken, Juergen Schoenwaelder, October 2011 (work in progress)

Information Elements for Short Timer

Shingo Kashima, September 2011 (work in progress)

Guidelines for Authors and Reviewers of IPFIX Information Elements

Brian Trammell, Benoit Claise, November 2011 (work in progress)

Cisco Specific Information Elements for IPFIX

Andrew Yourtchenko, Paul Aitken, Benoit Claise, October 2011 (work in progress)

RTFM (Real-Time Flow Measurement) IETF Working Group

This group is standardizing protocols to configure and access traffic meters which perform flow capture, filtering, and aggregation. RTFM flows are bidirectional. See the software section for pointers to RTFM implementations, and the references page for pointers to RFCs and working documents.

PSAMP (Packet Sampling) IETF Working Group

Documents

RFC 5474: A Framework for Packet Selection and Reporting

N. Duffield, Ed., D. Chiou, B. Claise, A. Greenberg, M. Grossglauser, J. Rexford, March 2009

RFC 5475: Sampling and Filtering Techniques for IP Packet Selection

T. Zseby, M. Molina, N. Duffield, S. Niccolini, F. Raspall, March 2009

RFC 5476: Packet Sampling (PSAMP) Protocol Specifications

B. Claise, Ed., A. Johnson, J. Quittek, March 2009

RFC 5477: Information Model for Packet Sampling Exports

T. Dietz, B. Claise, P. Aitken, F. Dressler, G. Carle, March 2009

Definitions of Managed Objects for Packet Sampling

Thomas Dietz, Benoit Claise, Juergen Quittek, October 2011 (work in progress)

sFlow

sFlow is an emerging multi-vendor, flow monitoring technology making use of statistical sampling. sFlow.org is an international, multi-vendor forum and gathering place for developers and users of products, services and tools based on the sFlow traffic monitoring technology. The Web site features lists of network devices capable of generating sFlow data, of sFlow applications, and of sFlow-related documents.

There's also a blog on blog.sflow.com that contains a lot of information about the sFlow protocol and recent developments, particularly in data center network monitoring.

RFC 3176: InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks

P. Phaal, S. Panchen, N. McKee, September 2001

Traffic Monitoring using sFlow, InMon Corp., 2001.

Overview of sFlow including a comparison with other accounting technologies.

sFlow - I can feel your traffic, E. Jasinska, Chaos Computer Congress, Dec. 2006. (alternative link from Elisa's home page)

Describes the use of sFlow for traffic accounting at AMS-IX, the world's busiest Internet exchange point. Includes notes about performance limitations of some implementations, in particular on Foundry Networks switches. See also the slides that accompanied the presentation.

Building Business Intelligence from the Network

Foundry Networks, 2001.

Foundry Enterprise Configuration and Management Guide

Foundry Networks, 2001.

IPDR.org

A membership-based industry initiative to standardize an IP-based usage record format and delivery protocol (NDMU) and keep a repository of NDMU specifications for common higher-level service definitions and core and optional usage metrics.