Skip to main content

8. Security Considerations

This section preserves the RFC text for IPFIX delay performance metric export, including On-Path Telemetry, OAM nodes, Flow Records, performance metric IDs 27-30, IPFIX Information Elements 530-533, IANA registrations, operational guidance, and encoding examples.

Original RFC Text

8.  Security Considerations

The IPFIX Information Elements introduced in this document do not
directly introduce security issues. Rather, they define a set of
performance metrics that may, for privacy or business issues, be
considered sensitive information.

For example, exporting delay metrics may make attacks possible by the
receiver of this information; otherwise, this would only be possible
for direct observers of the reported Flows along the data path.

IPFIX collectors MUST ensure that IPFIX data originates from trusted
sources. Accepting IPFIX data from unauthenticated sources could
lead to data spoofing, policy misapplication, or denial of service.

Therefore, the underlying protocol used to exchange the information
described here must apply appropriate procedures to guarantee the
integrity and confidentiality of the exported information. These
protocols are defined in separate documents; specifically, see the
IPFIX security considerations in Section 11 of [RFC7011].
Implementations SHOULD also refer to [BCP195] for additional details.