



Network Working Group                                             C. Lin
Internet-Draft                                      New H3C Technologies
Intended status: Standards Track                                  Y. Liu
Expires: 2 September 2026                                   China Mobile
                                                                  Y. Liu
                                                                     ZTE
                                                                   X. Li
                                                           China Telecom
                                                            1 March 2026


    Export of QUIC Information in IP Flow Information Export (IPFIX)
                 draft-lin-opsawg-ipfix-quic-header-04

Abstract

   This document introduces new IP Flow Information Export (IPFIX)
   Information Elements to identify a set of QUIC related information,
   which contained in QUIC Header, QUIC Frame and Stream that traffic is
   being forwarded along with.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 2 September 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components



Lin, et al.             Expires 2 September 2026                [Page 1]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  New IPFIX QUIC Information Elements . . . . . . . . . . . . .   4
   4.  Sample Use Cases  . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  New IPFIX QUIC Information Elements . . . . . . . . . . .   7
       6.1.1.  quicHeaderFlag  . . . . . . . . . . . . . . . . . . .   7
       6.1.2.  quicVersion . . . . . . . . . . . . . . . . . . . . .   8
       6.1.3.  quicDestinationConnectionID . . . . . . . . . . . . .   8
       6.1.4.  quicSourceConnectionID  . . . . . . . . . . . . . . .   8
       6.1.5.  quicPacketNumber  . . . . . . . . . . . . . . . . . .   9
       6.1.6.  quicFrameType . . . . . . . . . . . . . . . . . . . .   9
       6.1.7.  quicStreamID  . . . . . . . . . . . . . . . . . . . .  10
   7.  Operational Considerations  . . . . . . . . . . . . . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   QUIC Packets are carried in UDP datagrams and exchanged for
   communication of QUIC endpoints [RFC9000].  A QUIC packet normally
   consists of a QUIC Header and a QUIC Payload.

   QUIC Header is divided into Long Header and Short Header.  Long
   Headers are used for packets that are sent prior to the establishment
   of 1-RTT keys.  The Long Header contains an 8-bit Public Flag, a
   32-bit QUIC Version, a variable-length Destination Connection ID, a
   variable-length Source Connection ID and Type-Specific field which
   has different content based on the Packet type.  The Packet types
   that use the Long Header contain Version Negotiation Packet, Initial
   Packet, 0-RTT Packet, Handshake Packet and Retry Packet.  Once 1-RTT
   keys are available, a sender switches to sending 1-RTT packets using
   the Short Header.  The Short Header includes an 8-bit Public Flag, a
   variable-length Destination Connection ID and a Packet Number.

   QUIC payload MAY contain a sequence of Frames which begin with a
   Frame Type.  In the generic Frame Layout, the Frame Type is followed
   by additional type-dependent fields.  Since Stream in QUIC is the one
   core component to provide a lightweight, ordered byte-stream



Lin, et al.             Expires 2 September 2026                [Page 2]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


   abstraction to an application, the Stream ID of Frames related to
   Stream is an important information that indicates the stream in which
   the Frame is located or that the Frame affects.

   QUIC packets provide varying levels of cryptographic protection
   depending on their type [RFC9000].  While the entire QUIC payload
   MUST be encrypted, certain fields in the QUIC Header are not
   protected, as described in the Section 2.1 of [RFC9312].  For details
   on QUIC's packet protection mechanisms, refer to Section 5 of
   [RFC9001].  The protected fields of QUIC packets can only be accessed
   after successful decryption.

   This document specifies several new IPFIX Information Elements (IEs)
   within the "IPFIX Information Elements" registry [RFC7012] for
   purposes of getting QUIC related information.  These IEs are used to
   export the main fields of QUIC Header and Payload in QUIC packet.
   The protected values of some new IEs are accessible exclusively to
   devices capable of decrypting QUIC packets, specifically, the
   endpoints of a QUIC connection.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   This document makes use of the terms defined in [RFC7011] and
   [RFC9000].

   The following terms are used as defined in [RFC7011]:

   *  IPFIX

   *  IPFIX Information Elements

   The following terms are used as defined in [RFC9000]:

   *  QUIC

   *  Endpoint

   *  Server

   *  QUIC packet

   *  Connection ID



Lin, et al.             Expires 2 September 2026                [Page 3]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


   *  Frame

   *  Stream

   The term "flow" in this document aligns with the IPFIX definition,
   not the QUIC definition.

3.  New IPFIX QUIC Information Elements

   This section specifies the new IPFIX QUIC IEs.

   quicHeaderFlag
      8-bit flag defined in the QUIC Header (Section 17.2 and 17.3 of
      [RFC9000]), as the first byte of QUIC Packet.  Base on the first
      four bits of the Long Header flag and the first three bits of the
      Short Header flag, the QUIC Packet Type can be obtained.  the last
      four bits of the Long Header flag and last five bits of the Short
      Header flag are protected or encrypted, and the remaining bits are
      not protected.

   quicVersion
      32-bit QUIC Version that is in use or negotiation in QUIC Long
      Header Packets during connection establishment.  For Version
      Negotiation Packet, This Version is used to indicate the Supported
      Version, because the Version field of a Version Negotiation Packet
      MUST be set to 0x00000000.  The version field is not protected in
      QUIC packet.

   quicDestinationConnectionID
      The unprotected Destination Connection ID included in the Long
      Header or Short Header of QUIC Packet.  The Destination Connection
      ID is chosen by the recipient of the packet and is used to provide
      consistent routing.  Since the length of the Destination
      Connection ID is not included in 1-RTT Packet (Short Header), the
      Destination Connection ID of a 1-RTT Packet could be obtained by
      matching only if when the Destination Connection ID is known and
      preconfigured on the device.

   quicSourceConnectionID
      The unprotected Source Connection ID included by the Long Header
      of QUIC Packet.  The Source Connection ID is used to set the
      Destination Connection ID used by the peer during connection
      establishment.

   quicPacketNumber
      The protected Packet Number that appears in some QUIC packet types
      such as Initial packet, 0-RTT packet and Handshake packet.  The
      underlying packet number increases with each packet sent in a



Lin, et al.             Expires 2 September 2026                [Page 4]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


      given packet number space.  The Packet Number is an integer in the
      range 0 to 262-1.  When present in a Long or Short Header, packet
      numbers are reduced and encoded in 1 to 4 bytes.

   quicFrameType
      The protected Frame Type that indicates the type of Frame
      contained in the Payload of QUIC Packet.  The Frame Type value
      uses a variable-length integer encoding which means that integers
      are encoded on 1, 2, 4, or 8 bytes and can encode 6-, 14-, 30-, or
      62-bit values, respectively.  Some Frame Types are defined in
      section 12.4 of [RFC9000].

   quicStreamID
      The protected Stream ID included in the Frame related to Stream
      such as RESET_STREAM frame, STOP_SENDING frame, STREAM frame and
      MAX_STREAM_DATA frame.  A stream ID is a 62-bit integer (0 to
      262-1) that is unique for all streams on a connection.  Stream IDs
      are encoded as variable-length integers, which means that integers
      are encoded on 1, 2, 4, or 8 bytes and can encode 6-, 14-, 30-, or
      62-bit values, respectively.  The two least significant bits from
      a stream ID identify the stream types defined in section 2.1 of
      [RFC9000].

4.  Sample Use Cases

   The IPFIX IEs listed in the Section 3, forwardingStatus (89)
   [RFC7270] and some existing counter information [IANA-IPFIX] provide
   answers to the following questions (amongst others).

   *  How many packets are forwarded or dropped using QUIC in a network?
      If dropped, for which reasons?  These monitoring requirements
      align with the broader discard monitoring framework [discardmodel]
      and its associated IPFIX IEs [ipfix-discard-class-ie], which
      provide standardized approaches for classifying and reporting
      packet discard events.

   *  What is the type of QUIC packet?

   *  What is the QUIC version that is in use or negotiation?

   *  What is the Destination or Source Connection ID of QUIC packet?

   *  Have all the QUIC packets been fully received?

   *  Which frames does the QUIC packet carry?

   *  Which stream is the QUIC packet located in?




Lin, et al.             Expires 2 September 2026                [Page 5]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


   For QUIC Long Header Packets observed in the network, the Information
   Elements of following parameters can be exported in IPFIX Flow
   Records to provide QUIC-layer identification:

   *  Five-tuple (protocol, source and destination IP address, source
      and destination port)

   *  Source Connection ID.

   *  Destination Connection ID.

   Example:

   When a QUIC Long Header Packet is observed within an IPFIX Flow, the
   corresponding Flow Record MAY include the following identifying
   parameters:

   Five-tuple + Source Connection ID + Destination Connection ID +
   Header Flag

   For QUIC Short Header Packets observed in the network, the
   Information Elements of following parameters can be exported in IPFIX
   Flow Records to provide QUIC-layer identification:

   *  Five-tuple (protocol, source and destination IP address, source
      and destination port)

   *  Destination Connection ID.

   Example:

   When a specific QUIC frame type is observed within an IPFIX Flow, the
   corresponding Flow Record MAY include:

   Five-tuple + Destination Connection ID + Frame Type

   Similarly, when Stream ID information is available from observed
   frames, the corresponding Flow Record MAY include:

   Five-tuple + Destination Connection ID + Stream ID

5.  Security Considerations

   There exists no extra security considerations regarding allocation of
   these new IPFIX IEs compared to [RFC7012].

6.  IANA Considerations




Lin, et al.             Expires 2 September 2026                [Page 6]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


6.1.  New IPFIX QUIC Information Elements

   This document requests IANA to add new IPFIX QUIC IEs to the "IPFIX
   Information Elements" registry [RFC7012] available at [IANA-IPFIX].

   Table 1 lists the new IPFIX QUIC IEs:

        +============+=============================+===============+
        | Element ID | Name                        | Reference     |
        +============+=============================+===============+
        | TBD1       | quicHeaderFlag              | This document |
        +------------+-----------------------------+---------------+
        | TBD2       | quicVersion                 | This document |
        +------------+-----------------------------+---------------+
        | TBD3       | quicDestinationConnectionID | This document |
        +------------+-----------------------------+---------------+
        | TBD4       | quicSourceConnectionID      | This document |
        +------------+-----------------------------+---------------+
        | TBD5       | quicPacketNumber            | This document |
        +------------+-----------------------------+---------------+
        | TBD6       | quicFrameType               | This document |
        +------------+-----------------------------+---------------+
        | TBD7       | quicStreamID                | This document |
        +------------+-----------------------------+---------------+

     Table 1: New QUIC IEs in the "IPFIX Information Elements" Registry

6.1.1.  quicHeaderFlag

   Name:  quicHeaderFlag

   ElementID:  TBD1

   Description:  The 8-bit flag defined in the QUIC Header (Section 17.2
      and 17.3 of [RFC9000]).  The meanings of the flag are provided in
      the first byte of the QUIC Header Packet [RFC9000].

   Abstract Data Type:  unsigned8

   Data Type Semantics:  flags

   Additional Information:  See RFC9000 for the QUIC Header first byte
      specification.

   Reference:  [this document]






Lin, et al.             Expires 2 September 2026                [Page 7]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


6.1.2.  quicVersion

   Name:  quicVersion

   ElementID:  TBD2

   Description:  32-bit unsigned integer defining the number of Version,
      which is in use and negotiation.  Its values are provided in the
      "QUIC Versions" IANA registry.

   Abstract Data Type:  unsigned32

   Data Type Semantics:  default

   Additional Information:  See the assignments in the "QUIC Versions"
      IANA registry at https://www.iana.org/assignments/quic/
      quic.xhtml#quic-versions.  See also RFC9000 for the QUIC Versions
      specification.

   Reference:  [this document]

6.1.3.  quicDestinationConnectionID

   Name:  quicDestinationConnectionID

   ElementID:  TBD3

   Description:  The Destination Connection ID as defined in Section 7.2
      of [RFC9000] as a series of octets in IPFIX.  In QUIC version 1,
      this value MUST NOT exceed 20 bytes.

   Abstract Data Type:  octetArray

   Data Type Semantics:  default

   Additional Information:  See Section 7.2 of [RFC9000] for more
      details about The Destination Connection ID.

   Reference:  [this document]

6.1.4.  quicSourceConnectionID

   Name:  quicSourceConnectionID

   ElementID:  TBD4

   Description:  The Source Connection ID as defined in Section 7.2 of




Lin, et al.             Expires 2 September 2026                [Page 8]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


      [RFC9000] as a series of octets in IPFIX.  In QUIC version 1, this
      value MUST NOT exceed 20 bytes.

   Abstract Data Type:  octetArray

   Data Type Semantics:  default

   Additional Information:  See Section 7.2 of [RFC9000] for more
      details about The Source Connection ID.

   Reference:  [this document]

6.1.5.  quicPacketNumber

   Name:  quicPacketNumber

   ElementID:  TBD5

   Description:  8~32-bit unsigned integer defining the packet number of
      QUIC Header, which is used in determining the cryptographic nonce
      for packet protection.

   Abstract Data Type:  unsigned32

   Data Type Semantics:  default

   Additional Information:  See Section 12.3 of [RFC9000] for more
      details about The Packet Number.

   Reference:  [this document]

6.1.6.  quicFrameType

   Name:  quicFrameType

   ElementID:  TBD6

   Description:  62-bit unsigned integer defining the value of Frame
      Type, which indicates the type of QUIC Frame.  Its values are
      provided in the "QUIC Frame Types" IANA registry.

   Abstract Data Type:  unsigned64

   Data Type Semantics:  default

   Additional Information:  See the assignments in the "QUIC FrameTypes"





Lin, et al.             Expires 2 September 2026                [Page 9]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


      IANA registry at https://www.iana.org/assignments/quic/
      quic.xhtml#quic-frame-types.  See also RFC9000 for the Frame Types
      specification of QUIC.

   Reference:  [this document]

6.1.7.  quicStreamID

   Name:  quicStreamID

   ElementID:  TBD7

   Description:  62-bit unsigned integer defining the value of Stream
      ID, which identifies a Stream.  The two least significant bits
      from a stream ID identify the stream types defined in section 2.1
      of [RFC9000].

   Abstract Data Type:  unsigned64

   Data Type Semantics:  identifier

   Additional Information:  See Section 2.1 of [RFC9000] for more
      details about The Stream ID.

   Reference:  [this document]

7.  Operational Considerations

   The quicDestinationConnectionID can be used to track flow path
   consistency, but the Destination Connection ID in the Short Header
   Packet lacks a length indication, making it difficult to match on
   intermediate devices.  Therefore, the Destination Connection ID or
   its length must be preconfigured on the intermediate devices.

   The protected packet fields must be decrypted before they can be
   obtained.  quicHeaderFlag, quicVersion, quicDestinationConnectionID,
   and quicSourceConnectionID can be obtained in all on-path devices.
   quicPacketNumber, quicFrameType, and quicStreamID can be obtained in
   endpoint devices or on-path devices which are capable of decrypting
   QUIC packets.

8.  References

8.1.  Normative References







Lin, et al.             Expires 2 September 2026               [Page 10]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC7011]  Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
              "Specification of the IP Flow Information Export (IPFIX)
              Protocol for the Exchange of Flow Information", STD 77,
              RFC 7011, DOI 10.17487/RFC7011, September 2013,
              <https://www.rfc-editor.org/info/rfc7011>.

   [RFC7012]  Claise, B., Ed. and B. Trammell, Ed., "Information Model
              for IP Flow Information Export (IPFIX)", RFC 7012,
              DOI 10.17487/RFC7012, September 2013,
              <https://www.rfc-editor.org/info/rfc7012>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC9000]  Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
              Multiplexed and Secure Transport", RFC 9000,
              DOI 10.17487/RFC9000, May 2021,
              <https://www.rfc-editor.org/info/rfc9000>.

   [RFC9001]  Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
              QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
              <https://www.rfc-editor.org/info/rfc9001>.

8.2.  Informative References

   [IANA-IPFIX]
              "IANA, "IP Flow Information Export (IPFIX) Entities"",
              <https://www.iana.org/assignments/ipfix/ipfix.xhtml>.

   [RFC7270]  Yourtchenko, A., Aitken, P., and B. Claise, "Cisco-
              Specific Information Elements Reused in IP Flow
              Information Export (IPFIX)", RFC 7270,
              DOI 10.17487/RFC7270, June 2014,
              <https://www.rfc-editor.org/info/rfc7270>.

   [RFC9312]  Kuehlewind, M. and B. Trammell, "Manageability of the QUIC
              Transport Protocol", RFC 9312, DOI 10.17487/RFC9312,
              September 2022, <https://www.rfc-editor.org/info/rfc9312>.

   [discardmodel]
              Evans, J., Pylypenko, O., Haas, J., Kadosh, A., and M.
              Boucadair, "Information and Data Models for Packet Discard



Lin, et al.             Expires 2 September 2026               [Page 11]

Internet-Draft     Export of QUIC Information in IPFIX        March 2026


              Reporting", Work in Progress draft-ietf-opsawg-
              discardmodel, January 2026,
              <https://datatracker.ietf.org/doc/draft-ietf-opsawg-
              discardmodel/>.

   [ipfix-discard-class-ie]
              Evans, J., Pylypenko, O., and K. Cheaito, "Information
              Element for Flow Discard Classification", Work in
              Progress draft-evans-opsawg-ipfix-discard-class-ie,
              September 2025, <https://datatracker.ietf.org/doc/draft-
              evans-opsawg-ipfix-discard-class-ie/>.

Authors' Addresses

   Changwang Lin
   New H3C Technologies
   8 Yongjia North Road
   Beijing
   Haidian District, 100094
   China
   Email: linchangwang.04414@h3c.com


   Yisong Liu
   China Mobile
   32 Xuanwumen West Street
   Beijing
   Xicheng District, 100053
   China
   Email: liuyisong@chinamobile.com


   Yao Liu
   ZTE
   Nanjing
   China
   Email: liu.yao71@zte.com.cn


   Xueting Li
   China Telecom
   Beiqijia Town, Changping District
   Beijing
   Beijing, 102209
   China
   Email: lixt2@foxmail.com





Lin, et al.             Expires 2 September 2026               [Page 12]
