Change Control Notice
IPfix general clarification
30th March 2020
HSCN Obligations Framework – Technical and Security Obligations – SO1
New obligation to read as follows:
Amend the current SO1 obligation: The HSCN Supplier’s Solution shall generate network monitoring data at all ingress and egress points, except peering, for all traffic passing across it, except where explicitly determined by the HSCN Authority to be optional or exempt elsewhere in these obligations, in a format in line with the IETF IP Flow Information Export (IPFix) standard. The source address shall be that of the original HSCN source (e.g. CPE Endpoint) and original destination of the traffic.
The format supplied will be agreed between the HSCN Authority and the HSCN Supplier.
To correct mistakes or add clarity
Clarifying which flows must be captured and at which points in the network as implementations differed between CN-SPs. Also reworded NAS to generic name to cater for pending re-procurement of capability.
Comments due back by: 30th April 2020.
No comment is assumed to be acceptance.
Date posted – 6th April
Comment 1 –
Is this request to say that all IPFIX that is sent to the NAS service must be the true source IP address and no requirement for any NAT IPFIX data (which was required due to ANM). Is this to be in place when people move to Secure Boundary?
Comment 2 –
We have reviewed the change request. This would require us to rollout changes across our entire CPE estate which is a considerable task to undertake, and any mass change carries risk. Given the circumstances we all find ourselves in with Covid-19 we want to reject the change at this time so that our efforts can be redirected to something that would have more benefit to our end users.
Post expires at 10:28am on Tuesday October 6th, 2020