| Internet-Draft | ECN Export in IPFIX | December 2025 |
| Song & Liu | Expires 29 June 2026 | [Page] |
This document defines a set of IP Flow Information Export (IPFIX) Information Elements for monitoring the Low Latency, Low Loss, and Scalable throughput (L4S) service. Specially, these elements enable network operators to monitor the Explicit Congestion Notification (ECN) information of L4S deployment and performance of traffic.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 29 June 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Low Latency, Low Loss, and Scalable throughput (L4S) service, defined in [RFC9331], introduces a new network service that enables low latency and high throughput for traffic using Scalable congestion controls. To deploy and operate L4S effectively, network operators need visibility into L4S traffic patterns, performance metrics, and interoperability with existing traffic.¶
IP Flow Information Export (IPFIX) [RFC7011] provides a standard protocol for exporting flow information from network devices. This document defines a set of IPFIX Information Elements specifically designed for monitoring L4S ECN traffic.¶
These Information Elements are particularly useful during the experimental phase of L4S deployment as specified in [RFC9331], allowing operators to gather data to examine performance and identify nodes where remediation may be necessary to provide the best performance.¶
This document makes use of the terms defined in [RFC9331], [RFC9330] and [RFC7011].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
For IPv4 packets, the ECN field is located in the Type of Service (TOS) byte of the IP header, specifically in bits 6 to 7. The ECN field in IPv4 [RFC3168] is showed as follows.¶
0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| DS Field, DSCP | ECN Field |
+-----+-----+-----+-----+-----+-----+-----+-----+
ECN Codepoint values:¶
For IPv6 packets, the ECN field is located in the Traffic Class octet, also in bits 6 to 7, as specified in [RFC2474] and [RFC3168].¶
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This section defines the Information Elements for L4S ECN. These elements are intended for experimental use in L4S monitoring.¶
ipv4HeaderEcn¶
TBD1¶
This element is used for capturing the complete ECN state of each packet, enabling detailed analysis of congestion notification. The ECN field is encoded in bits 6 to 7 of the IPv4 TOS byte as defined in [RFC3168]. L4S traffic is identified by the ECT(1) as specified in [RFC9331].¶
The Information Element encodes only these 2 bits. Therefore, its value may range from 0 to 3.¶
unsigned8¶
identifier¶
Refer to the "IPv4 TOS Byte " registry in section 5 of [RFC3168].¶
ipv6HeaderEcn¶
TBD2¶
This element is used for capturing the complete ECN state of each packet, enabling detailed analysis of congestion notification. The ECN field is encoded in bits 6 to 7 of the IPv6 Traffic Class octet as defined in [RFC3168]. L4S traffic is identified by the ECT(1) codepoint as specified in [RFC9331].¶
The Information Element encodes only these 2 bits. Therefore, its value may range from 0 to 3.¶
unsigned8¶
identifier¶
Refer to the "IPv6 Traffic Class Octet" registry in section 5 of [RFC3168].¶
mplsHeaderEcn¶
TBD3¶
The EXP field of the MPLS label header is used for carring ECN information in the MPLS domain. As recommended in [RFC5129], explicit congestion notification in MPLS should use codepoints in the EXP field.¶
The Information Element encodes only these 3 bits. Therefore, its value may range from 0 to 7.¶
It is noted that the information extraction of this information element is only used when the MPLS domain has ECN support.¶
unsigned8¶
identifier¶
see [RFC5129] for detailed information for MPLS ECN tunnel negotiation.¶
ipsecSaEcnMode¶
TBD4¶
The information element indicates whether ECN functionality is allowed for an IPsec Security Association (SA) in tunnel encapsulation mode. The IPsec SA Attribute value 10 is defined for ECN tunnel negotiation as defined in section 9.2.1 of [RFC3168]. The negotiation value includes allowed (value set 1) and forbidden (value set 2) attribute. The allowed value enables ECN congestion notifications and the forbidden value disables such notifications.¶
unsigned8¶
identifier¶
See [RFC3168] for detailed information for IPsec tunnel ECN negotiation.¶
l2tpEcnNego¶
TBD5¶
For L2TP tunnels, ECN processing is performed at the L2TP encapsulation layer. [RFC9601] defines an ECN Capability AVP (Type 103) for negotiation between L2TP Control Connection Endpoints. The presence of this AVP indicates support for ECN propagation.¶
unsigned16¶
identifier¶
See [RFC9601] for detailed information for L2TP tunnel ECN negotiation.¶
notEctPacketTotalCount¶
TBD7¶
The total number of packets of this Flow with ECN codepoint set to Not-ECT at the Observation Point since the Metering Process (re-)initialization for this Observation Point.¶
unsigned64¶
totalCounter¶
ect0PacketTotalCount¶
TBD9¶
The total number of packets of this Flow with ECN codepoint set to ECT(0) at the Observation Point since the Metering Process (re-)initialization for this Observation Point.¶
unsigned64¶
totalCounter¶
ect1PacketTotalCount¶
TBD11¶
The total number of packets of this Flow with ECN codepoint set to ECT(1) at the Observation Point since the Metering Process (re-)initialization for this Observation Point.¶
unsigned64¶
totalCounter¶
cePacketTotalCount¶
TBD13¶
The total number of packets of this Flow with ECN codepoint set to CE at the Observation Point since the Metering Process (re-)initialization for this Observation Point.¶
unsigned64¶
totalCounter¶
l4sCeMarkRatioDelta¶
TBD14¶
The proportion of L4S packets marked with the CE codepoint, calculated over the reporting interval since the previous report (if any). This element represents the incremental CE marking rate for L4S traffic within the Flow. It is calculated as:¶
CE-marked L4S packets (delta count) / Total L4S packets (delta count)¶
Where L4S packets are those identified by the ECN codepoint ECT(1). The result is a ratio ranging from 0.0 to 1.0.¶
float32¶
quantity¶
This ratio provides a near-real-time view of congestion dynamics for L4S traffic. It is useful for detecting transient congestion events and monitoring short-term performance.¶
l4sCeMarkRatioTotal¶
TBD15¶
The proportion of L4S packets marked with the CE codepoint, calculated over the total lifetime of the Flow. This element represents the total CE marking rate for L4S traffic within the Flow. It is calculated as:¶
CE-marked L4S packets (total count) / Total L4S packets (total count)¶
Where L4S packets are those identified by the ECN codepoint ECT(1). The result is a ratio ranging from 0.0 to 1.0.¶
float32¶
quantity¶
This ratio provides a long-term view of congestion experienced by L4S traffic. A value of 0.0 indicates no congestion marking, while a value approaching 1.0 indicates persistent or severe congestion.¶
For IPsec tunnels, monitoring ECN requires exporting both outer and inner IP header ECN fields (ipHeaderOuterEcn and ipHeaderInnerEcn), along with ipsecSaEcnMode (see section 4.4). Relying solely on the outer IP header ECN field may be insufficient, as it could be set to Not ECT due to tunnel mode restrictions. Similarly, for L2TP tunnels, ECN monitoring should be verified the l2tpEcnNego element (see section 4.5) except the ECN information extraction from tunnel outer header and inner header of packets.¶
For MPLS tunnels, the ECN handling mechanism differs fundamentally from IP based tunnels. ECN information is not carried in a dedicated IP header field but is encoded within the MPLS label stack using the EXP field, as defined in [RFC5129]. Therefore, monitoring ECN over MPLS requires exporting the mplsHeaderEcn element defined in Section 4.3. This element captures the congestion indication as conveyed within the MPLS domain, which is independent of the inner IP packet's ECN field.¶
When measuring the proportion of packets marked with the CE codepoint, the CE marking rate for L4S traffic should be calculated specifically for flows identified as ECT(1) (L4S traffic identifier) prior to marking, rather than aggregating all CE-marked packets irrespective of their original ECT codepoint. This ensures the performance of L4S services can be accurately monitored and distinguished from Classic ECN traffic, which may have different congestion response characteristics.¶
The security considerations for IPFIX [RFC7011] apply to this document. The elements for ECN reveal information about endpoint ECN capabilities. Although the information may generally be not sensitive, operators should consider applicable privacy regulations. IPFIX records containing L4S monitoring information SHOULD be transported using secure protocols such as TLS or DTLS and satisfy the mutual authentication between IPFIX Exporting Processes and IPFIX Collecting Processes as specified in [RFC7011].¶
IANA is requested to assign the following Information Elements in the IPFIX Information Elements registry.¶
| Element ID | Name | Reference |
|---|---|---|
| TBD1 | IPv4HeaderEcn | This document |
| TBD2 | IPv6HeaderEcn | This document |
| TBD3 | MPLSHeaderEcn | This document |
| TBD4 | ipsecSaEcnMode | This document |
| TBD5 | l2tpEcnNego | This document |
| TBD6 | notEctPacketDeltaCount | This document |
| TBD7 | notEctPacketTotalCount | This document |
| TBD8 | ect0PacketDeltaCount | This document |
| TBD9 | ect0PacketTotalCount | This document |
| TBD10 | ect1PacketDeltaCount | This document |
| TBD11 | ect1PacketTotalCount | This document |
| TBD12 | cePacketDeltaCount | This document |
| TBD13 | cePacketTotalCount | This document |
| TBD14 | l4sCeMarkRatioDelta | This document |
| TBD15 | cePacketTotalCount | This document |