In der folgenden Tabelle sind die Definitionen der IPFIX-Informationselemente aufgelistet.
384 | valueDistributionMethod | Eine Beschreibung der Methode, die verwendet wird, um die Zähler aus den beitragenden Flows auf die aggregierten Flow-Datensätze zu verteilen, die durch einen zugehörigen Geltungsbereich, in der Regel eine Vorlage, beschrieben werden. Es wird davon ausgegangen, dass die Methode auf alle nicht wichtigen Informationselemente im referenzierten Geltungsbereich angewendet wird, für die die Werteverteilung ein gültiger Vorgang ist. Wenn die Informationselemente „originalFlowsInitiated“ und/oder „originalFlowsCompleted“ in der Vorlage angezeigt werden, unterliegen sie nicht dieser Verteilungsmethode, da sie jeweils ihre eigene Verteilungsmethode ableiten. Dies ist ein vollständiger Satz möglicher Werteverteilungsmethoden. Er wird wie folgt codiert: +-------+-----------------------------------------------------------+ | Value | Description | +-------+-----------------------------------------------------------+ | 0 | Unspecified: The counters for an Original Flow are | | | explicitly not distributed according to any other method | | | defined for this Information Element; use for arbitrary | | | distribution, or distribution algorithms not described by | | | any other codepoint. | | | --------------------------------------------------------- | | | | | 1 | Start Interval: The counters for an Original Flow are | | | added to the counters of the appropriate Aggregated Flow | | | containing the start time of the Original Flow. This | | | must be assumed the default if value distribution | | | information is not available at a Collecting Process for | | | an Aggregated Flow. | | | --------------------------------------------------------- | | | | | 2 | End Interval: The counters for an Original Flow are added | | | to the counters of the appropriate Aggregated Flow | | | containing the end time of the Original Flow. | | | --------------------------------------------------------- | | | | | 3 | Mid Interval: The counters for an Original Flow are added | | | to the counters of a single appropriate Aggregated Flow | | | containing some timestamp between start and end time of | | | the Original Flow. | | | --------------------------------------------------------- | | | | | 4 | Simple Uniform Distribution: Each counter for an Original | | | Flow is divided by the number of time intervals the | | | Original Flow covers (that is, of appropriate Aggregated | | | Flows sharing the same Flow Key), and this number is | | | added to each corresponding counter in each Aggregated | | | Flow. | | | --------------------------------------------------------- | | | | | 5 | Proportional Uniform Distribution: Each counter for an | | | Original Flow is divided by the number of time units the | | | Original Flow covers, to derive a mean count rate. This | | | mean count rate is then multiplied by the number of times | | | units in the intersection of the duration of the Original | | | Flow and the time interval of each Aggregated Flow. This | | | is like simple uniform distribution, but accounts for the | | | fractional portions of a time interval covered by an | | | Original Flow in the first- and last-time interval. | | | --------------------------------------------------------- | | | | | 6 | Simulated Process: Each counter of the Original Flow is | | | distributed among the intervals of the Aggregated Flows | | | according to some function the Intermediate Aggregation | | | Process uses based upon properties of Flows presumed to | | | be like the Original Flow. This is essentially an | | | assertion that the Intermediate Aggregation Process has | | | no direct packet timing information but is nevertheless | | | not using one of the other simpler distribution methods. | | | The Intermediate Aggregation Process specifically makes | | | no assertion as to the correctness of the simulation. | | | --------------------------------------------------------- | | | | | 7 | Direct: The Intermediate Aggregation Process has access | | | to the original packet timings from the packets making up | | | the Original Flow, and uses these to distribute or | | | recalculate the counters. | +-------+-----------------------------------------------------------+ |
239 | biflowDirection | Eine Beschreibung der Richtungszuweisungsmethode, die zur Zuweisung von Biflow-Quelle und -Ziel verwendet wird. Dieses Informationselement kann in einem Flow-Datensatz vorhanden sein oder mithilfe von IPFIX-Optionen auf alle durch einen Exportvorgang oder aus einer Beobachtungsdomäne exportierten Flows angewendet werden. Wenn dieses Informationselement in einem Flow-Datensatz nicht vorhanden ist oder über den Geltungsbereich einem Biflow zugewiesen ist, wird davon ausgegangen, dass für die Richtungszuweisungsmethode eine Out-of-Band-Konfiguration durchgeführt wird.
Hinweis: Wenn Sie IPFIX-Optionen verwenden, um dieses Informationselement auf alle Flows in einer Beobachtungsdomäne oder von einem Exportvorgang aus anzuwenden, muss die Option zuverlässig gesendet werden. Wenn kein zuverlässiger Transport verfügbar ist (d. h. bei Verwendung von UDP) muss dieses Informationselement in jedem Flow-Datensatz angezeigt werden.
Dieses Feld kann die folgenden Werte annehmen: +-------+------------------+----------------------------------------+ | Value | Name | Description | +-------+------------------+----------------------------------------+ | 0x00 | arbitrary | Direction is assigned arbitrarily. | | 0x01 | initiator | The Biflow Source is the flow | | | | initiator, as determined by the | | | | Metering Process' best effort to | | | | detect the initiator. | | 0x02 | reverseInitiator | The Biflow Destination is the flow | | | | initiator, as determined by the | | | | Metering Process' best effort to | | | | detect the initiator. This value is | | | | provided for the convenience of | | | | Exporting Processes to revise an | | | | initiator estimate without re-encoding | | | | the Biflow Record. | | 0x03 | perimeter | The Biflow Source is the endpoint | | | | outside of a defined perimeter. The | | | | perimeter's definition is implicit in | | | | the set of Biflow Source and Biflow | | | | Destination addresses exported in the | | | | Biflow Records. | +-------+------------------+----------------------------------------+ |