中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetwork Protocol Suite Directory IndexTCP/IP Protocol Suite OverviewTCP/IP Application Layer

IPFIX: Internet Protocol Flow Information eXport

Internet Protocol Flow Information eXport (IPFIX), based on the Cisco Netflow Version 9, is an IETF standard of export for Internet Protocol flow information from routers, probes, and other devices that is used by mediation systems, accounting/billing systems, and network management systems to facilitate services such as measurement, accounting, and billing. The IPFIX standard will define how IP flow information is to be formatted and transferred from an exporter to a collector. Previously many data network operators were relying on the proprietary Cisco Systems Netflow or Juniper Networks CFlow standard for traffic flow information export.

The following figure shows a typical IPFIX architecture

Internet Protocol Flow Information eXport

IPFIX: Internet Protocol Flow Information eXport

An IPFIX device collects data packets at an Observation Point, optionally filters them and aggregates information about these packets. Using the IPFIX protocol, it exports the information to an IPFIX Collector or a meter manager. IPFIX devices, exporters and collectors are in a many-to-many relationship: One device can send data to many collectors and one collector can receive data from many exporters.

IPFIX considers a flow to be any number of packets observed in a specific timeslot and sharing a number of properties, e.g. "same source, same destination, same protocol". Using IPFIX, devices like routers can inform a central monitoring station about their view of a potentially larger network.

IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver.

The actual makeup of data in IPFIX messages is to a great extent up to the sender. IPFIX introduces the makeup of these messages to the receiver with the help of special Templates. The sender is also free to use user-defined data types in its messages, so the protocol is freely extensible and can adapt to different scenarios.

IPFIX prefers the Stream Control Transmission Protocol(SCTP) as its transport layer protocol, but also allows the use of the Transmission Control Protocol(TCP) or User Datagram Protocol(UDP).

Protocol Structure

IPFIX message header structure:

16 32bit
Version Message Length
Export Time
Sequence Number
Observation Domain ID
Record set n (variable)
  • Version - Version of Flow Record format exported in this message. The value of this field is 0x000a.
  • Length - Total length of the IPFIX Message, measured in octets, including Message Header and Set(s).
  • Export Time - Time in seconds since 0000 UTC Jan 1st 1970, at which the IPFIX Message Header leaves the Exporter.
  • Sequence Number - Incremental sequence counter modulo 2^32 of all IPFIX Data Records sent on this PR-SCTP stream from the current Observation Domain by the Exporting Process.
  • Observation Domain ID - A 32-bit identifier of the Observation Domain that is locally unique to the Exporting Process.

Related Terms: NetFlow, CFlow

Sponsor Source: IPFIX is defined by IETF (www.ietf.org ) in RFC 3917 and some documents in drafting status.

Reference: http://www.javvin.com/protocol/rfc3917.pdf: Requirements for IP Flow Information Export (IPFIX)

‹ IMAP & IMAP4: Internet Message Access Protocol (IMAP version 4)upIRCP (IRC): Internet Relay Chat Protocol ›