| Internet-Draft | IPFIX for PSID | February 2025 |
| Liu, et al. | Expires 22 August 2025 | [Page] |
This document introduces a new IPFIX Information Element to identify the Path Segment Identifier(PSID) in the SRH for SRv6 path identification purpose.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 August 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
[RFC9487] introduces new IP Flow Information Export (IPFIX) Information Elements (IEs) to identify a set of information related to Segment Routing over IPv6 (SRv6). For the SRv6 segment list, two IPFIX IPv6 SRH IEs are defined in [RFC9487], srhSegmentIPv6BasicList (elementID:496) and srhSegmentIPv6ListSection (elementID:497), both encoding the Segment List in the SRH starting from Segment List[0].¶
When monitoring a traffic flow in an SR network, a typical use case is to answer the following questions:¶
To answer these questions, when exporting the flow record using IPFIX messages, the SR path information needs to be included.¶
An SRv6 path could be identified by the content of a segment list in IPFIX using IE496 or IE497, but the segment list is not always the best key identifier due to the following reasons:¶
Path Segment is a type of Segment Routing (SR) segment, and a Path Segment Identifier (PSID) is used to identify an SR path. PSID in SRv6 networks is defined in [I-D.ietf-spring-srv6-path-segment]. In SRH, the PSID appears as the last entry in the segment list.¶
This document introduces a new IPFIX Information Element to identify the Path Segment Identifier(PSID) in the SRH for SRv6 path identification purpose.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document makes use of the terms defined in [RFC7011], [RFC8402], and [RFC8754].¶
The following terms are used as defined in [RFC7011]:¶
This document requests IANA to create one new IE under the "IPFIX Information Elements" registry [RFC7012] available at [IANA-IPFIX].¶
+-------+--------------------------------+
|Element| Name |
| ID | |
+-------+--------------------------------+
| TBD1 | srhPSID |
+-------+--------------------------------+
¶
As specified in [I-D.ietf-spring-srv6-path-segment], the P-flag in the SRH is set to indicate the presence of PSID. In order to generate Flow Records with PSID included, the metering process MUST understand the P-flag. Only when the P-flag is set SHOULD the metering process capture the last entry in the SRH to get the PSID. If the P-flag in the packet is unset, when the srhPSID appears in the template record, the corresponding field in the data record is RECOMMENDED to set to all zero.¶
After decoding the IPFIX messages to get the flow record with PSID included in it at the collector, the collector might process the flow record locally or send it to an analyzer for further analysis purpose. In order to recognize the SR path, the analysis node SHOULD be aware of which SR path the PSID identifies. How to get this information the is out of the scope of this document.¶
The IE srhPSID can be used together with srhSegmentIPv6BasicList or srhSegmentIPv6ListSection. As in [I-D.ietf-spring-srv6-path-segment] section 3, the PSID allocate metering is depending on the use case, including:¶
So if srhPSID and srhSegmentIPv6BasicList/srhSegmentIPv6ListSection appear together, the srhPSID MAY be used to identify an SR Policy or candidate path, and the information carried in srhSegmentIPv6BasicList/srhSegmentIPv6ListSection shows the detailed segment list belonging to this SR Policy or candidate path. This document does not limit how to use srhPSID and the detail is out of scope.¶
There are no additional security considerations regarding allocation of these new IPFIX IEs compared to [RFC7012].¶
Other security considerations for SRv6 PSID described in [I-D.ietf-spring-srv6-path-segment] apply to this document.¶