W-IPFIX: About

About W-IPFIX

Flow measurements in the Internet are becoming increasingly important for a number of applications, including traffic engineering, network planning, accounting and attack detection.

Monitoring of flows typically involves two separate entities: a meter and a collector. The former may be a sniffing probe or dedicated HW/SW in the routing equipment, while the collector is the recipient of the measurement data, transforming and/or storing it before it is processed by an application.

Currently, a variety of IP flow export systems are used in the practice, making it difficult to achieve an acceptable level of interoperability among tools and hindering the development of generalized flow analysis tools.

Exporting network traffic information from a probe and viewing the statistics on a per-flow basis gives network managers information they can use to make key decisions. Administrators who know how many packets and bytes are sent to and from certain IP addresses or across specific network interfaces can create usage-based departmental charge-back systems. They also can use the information to traffic-engineer their networks for optimum performance.

IPFIX defines the format by which IP flow information can be transferred from a meter to a collector. Applications that support IPFIX will understand and display statistics received from any meter that also supports the standard.

Figure 1 - Generic connections between server and "n" probes.

W-IPFIX is a workstation-based implementation of the Internet Protocol Flow Information eXport (IPFIX) extended with a centralized control platform. IPFIX has proposed by an IETF Working Group (IPFIX) as an effort to standardize the flow export process.

The IPFIX collecting process (server) should be able to receive the flow information passing through multiple network elements (probes) within the data network.