SFC Netmod R. Penno
Internet-Draft B. Claise
Intended status: Standards Track C. Pignataro
Expires: December 3, 2016 Cisco
C. Fontaine
June 1, 2016

Using Application Identification in Services Function Chaining Metadata


This document proposes to use the structured application information in the service function chaining metadata, and specifies a YANG model for the configuration of the application registry.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on December 3, 2016.

Copyright Notice

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Open Issues

  1. Corrected all the pyang compilation errors, except: bclaise@bclaise-VirtualBox:/media/sf_ubuntu-share/temp$ pyang --ietf ipfix-application-information@2015-04-28.yang ipfix-application-information@2015-04-28.yang:1: warning: IETF rule (RFC 6087: 4.9): too many top-level data nodes: class-id-dictionary, application-id-dictionary
  2. Any reasons why those attributes are not modeled as boolean: P2P-technology, tunnel-technology, encrypted?
  3. The connection between the YANG Model in this document and [I-D.penno-sfc-yang] must be explained

2. Introduction

The "Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX) [RFC6759] specifies an extension to the IPFIX information model [RFC7012] to export application information. This IPFIX information element is registered as the identifier 95 in the IPFIX registry [IANA-IPFIX]. Applications could be identified at different OSI layers, from layer 2 to layer 7. For example, the Link Layer Distribution Protocol [LLDP] can be identified in layer 2, ICMP can be identified in layer 3 [IANA-PROTO], HTTP can be identified in layer 4 [IANA-PORTS], and Webex can be identified in layer 7. However, the layer 7 application registry values are out of scope of [RFC6759]

This document purposes the use of IPFIX [RFC7011] application information to be carried in the NSH context metadata of a MDType-1 packet. The information in the metadata will be the result of packet processing done by a firewall, Intrusion Protection Service, Deep Packet Inspection, amongst others. These are defined as providers of application information.

The consumers of application information are Service Functions that apply policy provides application statistics based on the metadata contained in the packet.

2.1. Terminology

The reader should be familiar with the terms contained in the following documents:

2.2. Tree Diagrams

A simplified graphical representation of the data model is used in this document. The meaning of the symbols in these diagrams is as follows:

The meaning of the symbols in these diagrams is as follows:

3. Application Information Structure

The application information data structure can be seen in Figure 1. It was extracted and adapted from [RFC6759].

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
| Class. Eng. ID|    Zero-valued upper-bits ... Selector ID     |

Figure 1: Application Identification Data Format

Table 1 displays the currently allocated Classification Engine IDs, including their name and value, as well as their corresponding Selector ID default length.

Existing Classification Engine IDs
Classification Engine ID Value Classification Engine ID Name Selector ID default length (in octets)
1 IANA-L3 1
2 PANA-L3 1
3 IANA-L4 2
4 PANA-L4 2
6 USER-Defined 3
12 PANA-L2 5
13 PANA-L7 3
19 LLC 1
20 PANA-L7-PEN 3 (*)


  • "PANA = Proprietary Assigned Number Authority". In other words, an enterprise specific version of IANA for internal IDs.
  • PEN = Private Enterprise Number
  • (*) There are an extra 4 bytes for the PEN. However, the PEN is not considered part of the Selector ID.

4. Application Information Yang Model

4.1. Module Structure

module: ietf-ipfix-application-information
   +--rw class-id-dictionary
   |  +--rw class-id* [name]
   |     +--rw id?            uint8
   |     +--rw name           string
   |     +--rw description?   string
   +--rw application-id-dictionary
      +--rw application-id* [application-name]
         +--rw class-id      -> /class-id-dictionary/class-id/id
         +--rw pen                              uint32
         +--rw selector-id                      uint32
         +--rw application-name                 string
         +--rw application-description?         string
         +--rw application-category-name?       string
         +--rw application-sub-category-name?   string
         +--rw application-group-name?          string

4.2. Application Information Configuration Module

<CODE BEGINS> file "ietf-ipfix-application-information@2015-04-28.yang"

module ietf-ipfix-application-information {
  yang-version 1;

  namespace "urn:ietf:params:xml:ns:yang:"
            + "ietf-ipfix-application-information";

  prefix ipfix-app-info;

     "IETF SFC (Service Function Chaining) Working Group";

      "Editor: Christophe Fontaine

       Editor: Reinaldo Penno

     "This module contains a collection of YANG definitions for
      the configuration of application ids.

      Copyright (c) 2015 IETF Trust and the persons identified as
      authors of the code.  All rights reserved.

      Redistribution and use in source and binary forms, with or
      without modification, is permitted pursuant to, and subject
      to the license terms contained in, the Simplified BSD License
      set forth in Section 4.c of the IETF Trust's Legal Provisions
      Relating to IETF Documents

  revision 2015-04-28 {
    description "Initial revision";
       "draft-penno-sfc-appid : Using Application Identification in
        Services Function Chaining Metadata";
   * Typedefs
  typedef application-id-ref {
      type leafref {
          path "/ipfix-app-info:application-id-dictionary/"
          + "ipfix-app-info:application-id/ipfix-app-info"
          + ":application-name";
      description "This type is used by data models that need 
                   to reference an application-id";

  typedef classification-engine-id {
    type enumeration {
      enum "IANA-L3" {
        value 1;
      enum "PANA-L3" {
        value 2;
      enum "IANA-L4" {
        value 3;
      enum "PANA-L4" {
        value 4;
      enum "USER-Defined" {
        value 6;
      enum "PANA-L2" {
        value 12;
      enum "PANA-L7" {
        value 13;
      enum "ETHERTYPE" {
        value 18;
      enum "LLC" {
        value 19;
      enum "PANA-L7-PEN" {
        value 20;
      "The definitions for Classification engine ID names."; 
       "RFC 6759: Cisco Systems Export of Application Information 
        in IP Flow Information Export (IPFIX)";
   * Configuration data nodes
  container class-id-dictionary {
      description "Dictionary for classification ids";
      list class-id {
          key "name";
          unique "id";
          leaf id {
              type uint8;
              description "Classification identifier";
          leaf name {
              type string;
              description "classification Engine name";
          leaf description {
              type string;
              description "Description of the class-id";
          description "A list of all classification ids";

  container application-id-dictionary {
      description "Dictionary for application ids";
      list application-id {
          key "application-name";
          unique "class-id pen selector-id";
          leaf class-id {
              type leafref {
                  path "/ipfix-app-info:class-id-dictionary/"
                       + "ipfix-app-info:class-id/ipfix-app-info:id";
              mandatory true;
              description "Application Name";
          leaf pen {
              type uint32;
              mandatory true;
              description "Private Entreprise Number, only relevant 
                           when used with appropriate class-id. 
                           Set to 0 when not used.";
          leaf selector-id {
              type uint32 {
                  range "0..16777216";
              mandatory true;
              description "Selector identifier";
          leaf application-name {
              type string;
              mandatory true;
              description "The name of the application";
          leaf application-description {
              type string;
              description "The description of the application";
          leaf application-category-name {
              type string;
              description "An attribute that provides a first-
                           level categorization for each
                           Application ID.  Examples include
                           browsing, email, file-sharing,
                           gaming, instant messaging, voice-
                           and-video, etc.
                           The category attribute is encoded by
                           the application-category-name
                           Information Element";
          leaf application-sub-category-name {
              type string;
              description "An attribute that provides a second-
                           level categorization for each
                           Application ID.  Examples include
                           backup-systems, client-server,
                           database, routing-protocol, etc.
                           The sub-category attribute is
                           encoded by the 
                           Information Element";
          leaf application-group-name {
              type string;
              description "An attribute that groups multiple
                           Application IDs that belong to the
                           same networking application.  For
                           example, the ftp-group contains
                           ftp-data (port 20), ftp (port 20),
                           ni-ftp (port 47), sftp (port 115),
                           bftp (port 152), ftp-agent(port
                           574), ftps-data (port 989).  The
                           application-group attribute is
                           encoded by the application-group-name
                           Information Element";
          description "A list of all applications";


5. Service Function Chaining Metadata

When a Deep Packet Inspection (DPI), Firewall or any other Service Function (SF) that can identify applications want to convey this knowledge to other SFs it encoded in the format discussed earlier and add to the context metadata. The Example in Figure 2 shows the encoding of the SNMP application.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|       3       |        0      |              161              |
|                  Network Shared Context                       |
|                  Service Platform Context                     |
|                  Service Shared Context                       |

Figure 2: Example of Metadata Including the SNMP Application Identification

In this example, the Classification Engine IDs of 3 indicates "IANA-L4", and 161 is the well-known port number for SNMP (with its upper bits zero-valued).

Other Services Functions that need application information associated with a packet or flow can look at this metadata and easily find out its value.

6. Relationship to existing YANG Modules

[RFC6728] specifies a data model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) protocols. It is for configuring and monitoring Selection Processes, Caches, Exporting Processes, and Collecting Processes of IPFIX- and PSAMP-compliant Monitoring Devices using the Network Configuration Protocol (NETCONF). The data model is defined using UML (Unified Modeling Language) class diagrams and formally specified using YANG.

The YANG model is this document allows the configuration of the application id IPFIX information elements (ieId), which in turn, may be used in a template definition (TemplateId).

[I-D.penno-sfc-yang] To be done

7. Expected Usage

Devices or controllers will download the [ETHERTYPE], [IANA-PROTO] and [IANA-PORTS] from the appropriate URIs. However, the configuration of the applications is required for applications not registered in an industry-wide agreed-upon registry. In this case, the Proprietary Assigned Number Authority (PANA) registries (PANA-L2, PANA-L3, PANA-L4, PANA-L7), or the User-Defined registry, must be used to identify new application.

Furthermore, the following attributes are statically assigned per Application ID, and needs to be configured: category, sub-category, application-group.

8. IANA Considerations


9. Security Considerations

TODO: Update with privacy and security considerations, as requested in Prague IETF93.

10. Acknowledgements

11. Changes

12. Informative References

, "
[I-D.ietf-nvo3-vxlan-gpe] Kreeger, L. and U. Elzur, "Generic Protocol Extension for VXLAN", Internet-Draft draft-ietf-nvo3-vxlan-gpe-02, April 2016.
[I-D.ietf-sfc-nsh] Quinn, P. and U. Elzur, "Network Service Header", Internet-Draft draft-ietf-sfc-nsh-05, May 2016.
[I-D.penno-sfc-yang] Penno, R., Quinn, P., Zhou, D. and J. Li, "Yang Data Model for Service Function Chaining", Internet-Draft draft-penno-sfc-yang-14, January 2016.
[IANA-IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities"", 2015.
[LLDP] IEEE, "Std 802.1AB-2005, "Standard for Local and metropolitan area networks - Station and Media Access Control Connectivity Discovery", IEEE Std 802.1AB-2005", 2005.
[RFC6728] Muenz, G., Claise, B. and P. Aitken, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols", RFC 6728, DOI 10.17487/RFC6728, October 2012.
[RFC6759] Claise, B., Aitken, P. and N. Ben-Dvora, "Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX)", RFC 6759, DOI 10.17487/RFC6759, November 2012.
[RFC7011] Claise, B., Trammell, B. and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013.
[RFC7012] Claise, B. and B. Trammell, "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, DOI 10.17487/RFC7012, September 2013.
[RFC7665] Halpern, J. and C. Pignataro, "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015.

Appendix A. Application Information Examples

Below as some examples from [RFC6759]


6.4. Example 4: Standardized IANA Layer 4 Port

   From the list of Classification Engine IDs in Table 1, the IANA layer
   4 Classification Engine ID (IANA-L4) is 3.  From Table 2 the Selector
   ID length is 2 for the IANA-L4 Engine ID.

   From the list of IANA layer 4 ports (see [IANA-PORTS]), SNMP has the
   value 161:

   Keyword    Decimal    Description
   snmp       161/tcp    SNMP
   snmp       161/udp    SNMP

   So, in the case of the standardized IANA layer 4 SNMP port, the
   Classification Engine ID is 3, and the Selector ID has the value of

   Therefore, the Application ID is encoded as:

       0                   1
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      |       3       |              161              |

Example 6: Layer 7 Application with Private Enterprise Number

   In this example, the layer 7 Webex traffic from Example 5 above have
   been classified by enterprise X.  The exported records have been
   received by enterprise Y's mediation device, which wishes to forward
   them to a top-level Collector.

   In order for the top-level Collector to know that the records were
   classified by enterprise X, the enterprise Y mediation device must
   report the records using the PANA-L7-PEN Classification Engine ID
   with enterprise X's Private Enterprise Number.

   The PANA-L7-PEN Classification Engine ID is 20, and enterprise X's
   Selector ID for Webex traffic has the value of 10000.  From Table 2
   the Selector ID length is 3 for the PANA-L7-PEN Engine ID.

   Therefore, the Application ID is encoded as:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    |      20       |               enterprise ID = X            ...|
    |...Ent.ID.contd|                     10000                     |

   The format '20..X..10000' is used for simplicity in the examples


Authors' Addresses

Reinaldo Penno Cisco Systems, Inc. 170 West Tasman Dr San Jose, CA USA EMail: repenno@cisco.com
Benoit Claise Cisco Systems, Inc. De Kleetlaan 6a b1 1831 Diegem, Belgium EMail: bclaise@cisco.com
Carlos Pignataro Cisco Systems, Inc. 7200-12 Kit Creek Road Research Triangle Park, NC 27709-4987 USA EMail: cpignata@cisco.com
Christophe Fontaine Qosmos 8 rue Bernard Buffer Paris, France EMail: christophe.fontaine@qosmos.com