idnits 2.17.1 draft-boydseda-ipfix-psamp-bulk-data-yang-model-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 964 has weird spacing: '...main-id uin...' == Line 1160 has weird spacing: '...nterval uin...' == Line 1164 has weird spacing: '...nterval uin...' == Line 1170 has weird spacing: '...ulation uin...' == Line 1173 has weird spacing: '...ability dec...' == (8 more instances...) -- The document date (November 3, 2019) is 1635 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IANA-IPFIX' ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Boyd 3 Internet-Draft ADTRAN 4 Obsoletes: 6728 (if approved) M. Seda 5 Intended status: Standards Track Calix 6 Expires: May 6, 2020 November 3, 2019 8 YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, 9 Packet Sampling (PSAMP) Protocol, and Bulk Data Export 10 draft-boydseda-ipfix-psamp-bulk-data-yang-model-02 12 Abstract 14 This document defines a flexible, modular YANG model for packet 15 sampling (PSAMP) and bulk data collection and export via the IPFIX 16 protocol. This new model is an alternative to the model defined in 17 RFC 6728, "Configuration Data Model for the IP Flow Information 18 Export (IPFIX) and Packet Sampling (PSAMP) Protocols". All 19 functionality modeled in RFC 6728 has been carried over to this new 20 model. 22 The YANG data model in this document conforms to the Network 23 Management Datastore Architecture (NMDA) defined in RFC 8342. 25 This document obsoletes RFC 6728 (if approved). 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on May 6, 2020. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (https://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 1.1. Historical Perspective . . . . . . . . . . . . . . . . . 4 63 1.2. Relationship to RFC 6728 . . . . . . . . . . . . . . . . 5 64 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 65 1.4. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 14 66 2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 14 67 3. Structure of the Configuration Data Model . . . . . . . . . . 14 68 3.1. PSAMP-IPFIX Metered Decomposition . . . . . . . . . . . . 16 69 3.1.1. Metering Process Decomposition in Selection Process 70 and Cache . . . . . . . . . . . . . . . . . . . . . . 16 71 3.1.2. Exporter Configuration . . . . . . . . . . . . . . . 17 72 3.2. Collector/Exporter Model . . . . . . . . . . . . . . . . 19 73 3.2.1. Collector/Exporter Decomposition . . . . . . . . . . 20 74 3.3. Bulk Data Exporter Model . . . . . . . . . . . . . . . . 20 75 3.3.1. Bulk Data Exporter Decomposition . . . . . . . . . . 20 76 4. Configuration and State Parameters . . . . . . . . . . . . . 21 77 4.1. Observation Point Class . . . . . . . . . . . . . . . . . 21 78 4.2. Selection Process Class . . . . . . . . . . . . . . . . . 23 79 4.2.1. Selection Process Class Method . . . . . . . . . . . 24 80 4.2.2. Selection Process Filter Classes . . . . . . . . . . 27 81 4.3. Cache Class . . . . . . . . . . . . . . . . . . . . . . . 30 82 4.3.1. Immediate Cache Type Class . . . . . . . . . . . . . 31 83 4.3.2. Timeout Cache, Natural Cache, and Permanent Cache 84 Type Class . . . . . . . . . . . . . . . . . . . . . 32 85 4.3.3. Cache Layout Class . . . . . . . . . . . . . . . . . 34 86 4.4. Exporting Process Class . . . . . . . . . . . . . . . . . 37 87 4.4.1. SCTP Exporter Class . . . . . . . . . . . . . . . . . 39 88 4.4.2. UDP Exporter Class . . . . . . . . . . . . . . . . . 42 89 4.4.3. TCP Exporter Class . . . . . . . . . . . . . . . . . 44 90 4.4.4. File Writer Class . . . . . . . . . . . . . . . . . . 44 91 4.4.5. Options Class . . . . . . . . . . . . . . . . . . . . 46 92 4.5. Collecting Process Class . . . . . . . . . . . . . . . . 47 93 4.5.1. SCTP Collector Class . . . . . . . . . . . . . . . . 48 94 4.5.2. UDP Collector Class . . . . . . . . . . . . . . . . . 49 95 4.5.3. TCP Collector Class . . . . . . . . . . . . . . . . . 50 96 4.5.4. File Reader Class . . . . . . . . . . . . . . . . . . 51 98 4.6. Transport Layer Security Class . . . . . . . . . . . . . 52 99 4.7. Transport Session Class . . . . . . . . . . . . . . . . . 55 100 4.8. Template Class . . . . . . . . . . . . . . . . . . . . . 58 101 4.9. Bulk Data Class . . . . . . . . . . . . . . . . . . . . . 60 102 5. Adaptation to Device Capabilities . . . . . . . . . . . . . . 62 103 6. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 64 104 6.1. ietf-ipfix . . . . . . . . . . . . . . . . . . . . . . . 64 105 6.1.1. ietf-ipfix Module Structure . . . . . . . . . . . . . 64 106 6.1.2. ietf-ipfix YANG Module . . . . . . . . . . . . . . . 65 107 6.2. ietf-ipfix-packet-sampling . . . . . . . . . . . . . . . 108 108 6.2.1. ietf-ipfix-packet-sampling Module Structure . . . . . 108 109 6.2.2. ietf-ipfix-packet-sampling YANG module . . . . . . . 108 110 6.3. ietf-ipfix-bulk-data-export . . . . . . . . . . . . . . . 137 111 6.3.1. ietf-ipfix-bulk-data-export Module Structure . . . . 137 112 6.3.2. ietf-ipfix-bulk-data-export YANG module . . . . . . . 137 113 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 143 114 8. Security Considerations . . . . . . . . . . . . . . . . . . . 144 115 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 146 116 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 146 117 10.1. Normative References . . . . . . . . . . . . . . . . . . 146 118 10.2. Informative References . . . . . . . . . . . . . . . . . 148 119 Appendix A. Example: ietf-ipfix Usage . . . . . . . . . . . . . 150 120 Appendix B. Example: ietf-ipfix-packet-sampling Usage . . . . . 152 121 Appendix C. Example: ietf-ipfix-bulk-data-export Usage . . . . . 155 122 Appendix D. Tree diagrams . . . . . . . . . . . . . . . . . . . 157 123 D.1. ietf-ipfix . . . . . . . . . . . . . . . . . . . . . . . 157 124 D.2. ietf-ipfix-packet-sampling . . . . . . . . . . . . . . . 168 125 D.3. ietf-ipfix-bulk-data-export . . . . . . . . . . . . . . . 171 126 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 172 128 1. Introduction 130 Bulk data collection is an automated collection of device data that 131 is packaged together and delivered to an IPFIX collector. The IPFIX 132 protocol may be used to transport bulk data such as: 134 o Sampled (metered) Packet SAMPling (PSAMP) data: [RFC5476] defines 135 PSAMP operations that a device may implement to sample packets 136 passing through a network element for reporting purposes. 138 o Statistics from interfaces and sessions: YANG models define 139 statistics that can be retrieved via protocols such as NETCONF 140 [RFC6241] or RESTCONF [RFC8040]. These statistics can be streamed 141 using an IPFIX transport to an IPFIX collector that supports 142 analytics tools. An operator may wish to take the bulk data and 143 analyze it for trend analysis purposes or other usages (e.g., 144 collect octet counts every 5 minutes for service level agreement 145 purposes or collect reported device temperature for network health 146 purposes). 148 IPFIX can also be used to meet the bulk transport requirements of 149 other protocols. For example: 151 o [BBF.TR-352] ICTP (Inter-Channel Transport Protocol): ICTP uses 152 IPFIX to transport dynamic data (e.g., lease information) across 153 participating NG-PON2 (Next-Generation Passive Optical Network 2) 154 systems. 156 The YANG data model in this document conforms to the Network 157 Management Datastore Architecture (NMDA) defined in [RFC8342]. 159 1.1. Historical Perspective 161 Below is a historical timeline of IETF IPFIX and YANG RFCs: 163 o [RFC7011] (2013) defines the IPFIX protocol; it obsoleted RFC 5101 164 (2008). 166 o [RFC5476] (2009) defines the PSAMP operations of selection (random 167 selection, deterministic selection or hash-based selection) for 168 capturing or metering packets arriving on a device. 170 o RFC 6020 (2010) and [RFC7950] (2016) define v1.0 and v1.1 of the 171 YANG data modeling language (respectively), and [RFC8342] (2018) 172 updates RFC 7950 to define NMDA (Network Management Datastore 173 Architecture). 175 o [RFC6728] (2012) defined a Packet SAMPling (PSAMP) YANG model for 176 devices that use PSAMP for capturing (for metering purposes) a 177 subset of all packets traversing a device. 179 o [RFC8343] (2018) defines a YANG data model for interfaces; it 180 obsoleted RFC 7223 (2014). 182 o IETF, IEEE, Broadband Forum etc. (2015 to 2018) have incorporated 183 reporting of statistics into corresponding YANG models (G.fast, 184 PON, etc.). 186 [RFC6728] defines a single YANG module for the IP Flow Information 187 Export (IPFIX) and Packet Sampling (PSAMP) protocols. The PSAMP 188 collecting process and the IPFIX exporting process are tightly 189 coupled in this module. Moreover, the exporting process requires a 190 device to support SCTP. This coupling and transport requirement 191 makes it difficult for a device, which does not support SCTP, to use 192 the model for collecting and exporting non-PSAMP bulk data. 194 o [BBF.TR-352] supports only TCP and TLS as IPFIX transport 195 protocols. The [RFC6728] YANG model does not allow for explicit 196 non-support for SCTP, therefore requiring the need for YANG 197 deviations to announce non-support. 199 o The PSAMP meter does not need to be configured if the observation 200 point is already defined by other YANG models. One could attempt 201 to augment PSAMP YANG to reference where the observation point is 202 being configured (but then would have to express feature "non- 203 support" on features unlikely to be needed or required by 204 devices). 206 Rather than this approach, a new YANG model has been developed where 207 functionality is separated into different modules such that the 208 functions can be independently leveraged. 210 These are some of the other issues with the current model: 212 o The PSAMP YANG model defines the frequency of export in the PSAMP 213 cache. Bulk data needs the export frequency to be controlled by 214 the exporting process. 216 o The PSAMP YANG model supports IPFIX mediators. Devices may need 217 to support large IPFIX mediation functions. 219 o The PSAMP YANG model contains references which correlate to MIB 220 definitions. For example, interfaces are referenced via ifIndex. 221 For most NETCONF managed devices, interfaces are referenced by 222 name as defined in [RFC8343]. 224 1.2. Relationship to RFC 6728 226 This RFC adheres to all principles defined in [RFC6728], however, in 227 order to address the issues identified in the previous section, the 228 YANG model has changed as follows: 230 o The YANG model is divided into the following three modules: 232 * ietf-ipfix: Defines the IPFIX collector and exporter functions. 234 * ietf-ipfix-packet-sampling: Defines the PSAMP functions for 235 configuring a device to sample/meter a subset of packets from 236 the network. 238 * ietf-ipfix-bulk-data-export: Defines the bulk data IPFIX 239 templates used to export bulk data. 241 o SCTP data nodes are made optional via the 'sctp' feature for 242 applications not requiring to support SCTP. 244 o The YANG model adds support for [RFC8343] interface references. 246 * The ability to reference via the interface list in ietf- 247 interfaces [RFC8343] is added alongside the ifName and ifIndex. 249 * The ability to reference via the hardware component list in 250 ietf-hardware [RFC8348] is added alongside the entPhysicalName 251 and entPhysicalIndex. 253 o IPFIX transport sessions allow transport session information to be 254 retrieved individually. 256 * The transport sessions are modeled such that they can be 257 retrieved individually in addition to retrieving the entire 258 list (which may be quite large for devices such as an NG-PON2 259 OLT). 261 o Source and destination address type choice statements are added to 262 improve extensibility of the model. 264 o This RFC conforms to the [RFC8407] YANG data model guidelines. 266 Applications that use this RFC are expected to only need to import 267 the applicable YANG modules. For example: 269 o PSAMP uses the ietf-ipfix and ietf-ipfix-packet-sampling modules. 271 o Bulk data export uses the ietf-ipfix and ietf-ipfix-bulk-data- 272 export modules. 274 o Mediators and file readers/writers use only the ietf-ipfix module. 276 1.3. Terminology 278 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 279 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 280 "OPTIONAL" in this document are to be interpreted as described in BCP 281 14 [RFC2119] [RFC8174] when, and only when, they appear in all 282 capitals, as shown here. 284 The following terms are used in this RFC: 286 Bulk Data 287 Bulk data is the collection of configuration and/or state data 288 from a device. 290 Cache 291 The Cache is a functional block in a Metering Process that 292 generates IPFIX Flow Records or PSAMP Packet Reports from a 293 Selected Packet Stream, in accordance with its configuration. If 294 Flow Records are generated, the Cache performs tasks like creating 295 new records, updating existing ones, computing Flow statistics, 296 deriving further Flow properties, detecting Flow expiration, 297 passing Flow Records to the Exporting Process, and deleting Flow 298 Records. If Packet Reports are generated, the Cache performs 299 tasks like extracting packet contents and derived packet 300 properties from the Selected Packet Stream, creating new records, 301 and passing them as Packet Reports to the Exporting Process. 302 [RFC6728] 304 Cache Layout 305 The Cache Layout defines the superset of fields that are included 306 in the Packet Reports or Flow Records maintained by the Cache. 307 The fields are specified by the corresponding Information 308 Elements. In general, the largest possible subset of the 309 specified fields is derived for every Packet Report or Flow 310 Record. More specific rules about which fields must be included 311 are given in Section 4.3.3. [RFC6728] 313 Collector 314 A device that hosts one or more Collecting Processes is termed a 315 Collector. [RFC7011] 317 Collecting Process 318 A Collecting Process received IPFIX messages from one or more 319 Exporting Processes. The Collecting Process might process or 320 store received Flow Records received within these Messages, but 321 such actions are out of scope for this document. [RFC7011] 323 Composite Selector 324 A Composite Selector is an ordered composition of Selectors, in 325 which the output Packet Stream issuing from one Selector forms the 326 input Packet Stream to the succeeding Selector. [RFC5476] 328 Data Record 329 A Data Record is a record that contains values of the parameters 330 corresponding to a Template Record. [RFC7011] 332 Exporter 333 A device that hosts one or more Exporting Process is termed an 334 Exporter. [RFC7011] 336 Exporting Process 337 Depending on its deployment as part of an IPFIX Device or PSAMP 338 Device, the Exporting Process sends IPFIX Flow Records or PSAMP 339 Packet Reports to one or more Collecting Processes. The IPFIX 340 Flow Records or PSAMP Packet Reports are generated by one or more 341 Metering Processes. [RFC6728] 343 Filtering 344 A filter is a Selector that selects a packet deterministically 345 based on the Packet Content, or its treatment, or functions of 346 these occurring in the Selection State. Two examples are: 348 * Property Match filtering: A packet is selected if the specific 349 field in the packet equals a predefined value. 351 * Hash-based Selection: A Hash Function is applied to the packet 352 content and the packet is selected if the result falls in a 353 specific range. [RFC5476] 355 Flow Key 356 Each of the fields that: 358 * belong to the packet header (e.g., destination IP address), or 360 * are a property of the packet itself (e.g., packet length), or 362 * are derived from Packet Treatment (e.g., Autonomous System (AS) 363 number), 365 and that are used to define a Flow (i.e., are the properties 366 common to all packets in the Flow) are termed Flow Keys. As an 367 example, the traditional '5-tuple' Flow Key of source and 368 destination IP address, source and destination transport port, and 369 transport protocol, groups together all packets belonging to a 370 single direction of communication on a single socket. [RFC7011] 372 Flow Record 373 A Flow Record contains information about a specific Flow that was 374 observed at an Observation Point. A Flow Record contains measured 375 properties of the Flow (e.g., the total number of bytes for all 376 the Flow's packets) and usually contains characteristic properties 377 of the Flow (e.g., source IP address). [RFC7011] 379 Informational Element 380 An Information Element is a protocol and encoding independent 381 description of an attribute that may appear in an IPFIX record. 382 Information Elements are defined in the [IANA-IPFIX] Registry]. 383 The type associated with an Information Element indicates 384 constraints on what it may contain and also determines the valid 385 encoding mechanisms for use in IPFIX. [RFC7011] 387 IPFIX Device 388 An IPFIX Device hosts at least one Exporting Process. It may host 389 further Exporting Processes as well as arbitrary number of 390 Observation Points and Metering Processes. [RFC7011] 392 IPFIX File 393 An IPFIX File is a serialized stream of IPFIX Messages; this 394 stream may be stored in a filesystem or transported using some 395 technique customarily used for files. Any IPFIX Message stream 396 that would be considered valid when transported over one or more 397 of the specified IPFIX transports (Stream Control Transmission 398 Protocol (SCTP), TCP, or UDP) as defined in [RFC7011] is 399 considered an IPFIX File. [RFC5655] extends that definition with 400 recommendations on the construction of IPFIX Files. [RFC5655] 402 IPFIX File Writer 403 An IPFIX File Writer is a process that writes IPFIX Files to a 404 filesystem. An IPFIX File Writer operates as an IPFIX Exporting 405 Process as specified in [RFC7011] except as modified by [RFC5655]. 407 IPFIX Mediator 408 An IPFIX Mediator is an IPFIX Device that provides IPFIX Mediation 409 by receiving a record stream from some data sources, hosting one 410 or more Intermediate Processes to transform that stream, and 411 exporting the transformed record stream into IPFIX Messages via an 412 Exporting Process. In the common case, an IPFIX Mediator receives 413 a record stream from a Collecting Process, but it could also 414 receive a record stream from the data sources not encoded using 415 IPFIX, e.g., in the case of conversion from the Netflow V9 416 protocol [RFC3954] to IPFIX protocol. [RFC7119] 418 IPFIX Message 419 An IPFIX Message is a message that originates at the Exporting 420 Process and carries the IPFIX records of this Exporting Process 421 and whose destination is a Collecting Process. An IPFIX Message 422 is encapsulated at the transport layer. [RFC7011] 424 Metering Process 425 The Metering Process is split into two functional blocks: 427 * Selection Process: A Selection Process takes the Observed 428 Packet Stream as its input and selects a subset of that stream 429 as its output. 431 * Cache: The Cache is a functional block in a Metering Process 432 that generates IPFIX Flow Records or PSAMP Packet Reports from 433 a Selected Packet Stream, in accordance with its configuration. 435 The Metering Process generates IPFIX Flow Records or PSAMP Packet 436 Reports, depending on its deployment as part of an IPFIX Device or 437 PSAMP Device. If IPFIX Flow Records are generated, the Metering 438 Process MUST NOT aggregate packets observed at different 439 Observation Domains in the same Flow. [RFC6728] 441 Monitoring Device 442 A Monitoring Device implements at least one of the functional 443 blocks specified in the context of IPFIX or PSAMP. In particular, 444 the term Monitoring Device encompasses Exporters, Collectors, 445 IPFIX Devices, and PSAMP Devices. [RFC6728] 447 Observation Domain 448 An Observation Domain is the largest set of Observation Points for 449 which Flow Information can be aggregated by a Metering Process. 450 For example, a router line card may be an Observation Domain if it 451 is composed of several interfaces, each of which is an Observation 452 Point. If the IPFIX Message it generates, the Observation Domain 453 includes it Observation Domain ID, which is unique per Exporting 454 Process. That way, the Collecting Process can identify the 455 specific Observation Domain from the Exporter that sends the IPFIX 456 Messages. Every Observation Point is associated with an 457 Observation Domain. It is RECOMMENDED that Observation Domain IDs 458 also be unique per IPFIX Device. [RFC7011] 460 Observation Point 461 An Observation Point is a location in the network where packets 462 can be observed. Examples include a line to which a probe is 463 attached, a shared medium, such as an Ethernet based LAN, a single 464 port of a router, or a set of interfaces (physical or logical) of 465 a router. Note that every Observation Point is associated with an 466 Observation Domain and that one Observation Point may be a 467 superset of several other Observation Points. For example, on 468 Observation Point can be an entire line card. That would be a 469 subset of the individual Observation Points at the line card's 470 interfaces. [RFC7011] 472 Options Template Record 473 An Options Template Record is a Template Record that defines the 474 structure and interpretation of fields in a Data Record, including 475 defining how to scope the applicability of the Data Record. 476 [RFC7011] 478 Options Template/Options Template Set 479 An Options Template Set is a collection of one or more Options 480 Template Records that have been grouped together in an IPFIX 481 Message. [RFC7011] 483 Packet Report 484 Packet Reports comprise a configurable subset of a packet's input 485 to the Selection Process include the packet content, information 486 relating to its treatment (e.g., the output interface) and its 487 associated selection state (e.g., the hash of a packet content). 488 [RFC5476] 490 Primitive Selector 491 A Selector is primitive if it is not a Composite Selector. 492 [RFC5476] 494 PSAMP Device 495 A PSAMP device is a device hosting at least an Observation Point, 496 a Selection Process and an Exporting Process. Typically 497 corresponding Observation Point(s), Selection Process(es) and 498 Exporting Process(es) are co-located at this device, for example, 499 at a router. [RFC5476] 501 Reverse Information Element 502 An Information Element defined as corresponding to a normal (or 503 forward) Information Element, but associated with the reverse 504 direction of a Biflow. [RFC5103] 506 Sampling 507 A Selector that is not a filter is called a Sampling operation. 508 This reflects the intuitive notion that if the selection of a 509 packet cannot be determine from its content alone, there must be 510 some type of Sampling taking place. [RFC5476] 512 Selected Packet Stream 513 The Selected Packet Stream is the set of all packets selected by a 514 Selection Process. [RFC6728] 516 Selection Process 517 A Selection Process takes the Observed Packet Stream as its input 518 and selects a subset of that stream as its output. [RFC5476] 520 Selection Sequence 521 From all the packets observed at an Observation Point, only a few 522 packets are selected by one or more Selectors. The Selection 523 Sequence is a unique value per Observation Domain describing the 524 Observation Point and the Selector IDs through the packets are 525 selected. [RFC5476] 527 Selection Sequence Report Interpretation 528 Each Packet Report contains a selectionSequenceId Information 529 Element that identifies the particular combination of Observation 530 Point and Selector(s) used for its selection. For every 531 selectionSequenceId Information Element in use, the PSAMP Device 532 MUST export a Selection Sequence Report Interpretation using an 533 Options Template. [RFC5476] 535 Selection Sequence Statistics Report Interpretation 536 A Selector MAY be used in multiple Selection Sequences. However, 537 each use of a Selector must be independent, so each separate 538 logical instance of a Selector MUST maintain its own individual 539 Selection State and statistics. The Selection Sequence Statistics 540 Report Interpretation MUST include the number of observed packets 541 (Population Size) and the number of packets selected (Sample Size) 542 by each instance of its Primitive Selectors. [RFC5476] 544 Selection State 545 A Selection Process may maintain state information for use by the 546 Selection Process. At a given time, the Selection State may 547 depend on packets observed at and before that time, and other 548 variables. Examples include: 550 * sequence numbers of packets at the input of Selectors 552 * a timestamp of observation of the packet at the Observation 553 Point 555 * iterators for pseudorandom number generators 557 * hash values calculated during selection 559 * indicators of whether the packet was selected by a given 560 Selector 562 Selection Processes may change portions of the Selection State as 563 a result of processing a packet. Selection state for a packet is 564 to reflect the state after processing the packet. [RFC5476] 566 Selector 567 A Selector defines the action of a Selection Process on a single 568 packet of its input. If selected, the packet becomes an element 569 of the output Packet Stream. The Selector can make use of the 570 following information in determining whether a packet is selected: 572 * the packet content 573 * information derived from the packet's treatment at the 574 Observation Point 576 * any selection state that may be maintained by the Selection 577 Process [RFC5476] 579 Selector Report Interpretation 580 An IPFIX Data Record, defined by an Options Template Record, MUST 581 be used to send the configuration details of every Selector in 582 use. The Options Template Record MUST contain: 584 * selectorId Information Element as the Scope field 586 * SelectorAlgorithm Information Element [RFC5476] 588 Template Record 589 A Template Record defines the structure and interpretation of 590 fields in a Data Record. [RFC7011] 592 Template/Template Set 593 A Template Set is a collection of one or more Template Records 594 that have been grouped together in an IPFIX Message. [RFC7011] 596 Traffic Flow or Flow 597 A Flow is defined as a set of packets or frames passing an 598 Observation Point in the network during a certain time interval. 599 All packets belonging to a particular Flow have a set of common 600 properties. Each property is defined as the result of applying a 601 function to the values of: 603 * one or more packet header fields (e.g., destination IP 604 address), transport header fields (e.g., destination port 605 number), or application header fields (e.g., RTP header fields) 607 * one or more characteristics of the packet itself (e.g., number 608 of MPLS labels, etc.) 610 * one or more of the fields derived from Packet Treatment (e.g., 611 next-hop IP address, the output interface, etc.) 613 A packet is defined as belonging to a Flow if it completely 614 satisfies all the defined properties of the Flow. Note that the 615 set of packets represented by a Flow may be empty; that is, a Flow 616 may represent zero or more packets. As sampling is a Packet 617 Treatment, this definition includes packets selected by a sampling 618 mechanism. [RFC7011] 620 1.4. Tree Diagrams 622 Tree diagrams used in this document follow the notation defined in 623 [RFC8340]. 625 2. Objectives 627 This document defines a YANG data model for the configuration and 628 state retrieval of basic IPFIX functionality as well as PSAMP and 629 bulk data export applications over IPFIX. The YANG modules in this 630 document conform to the Network Management Datastore Architecture 631 (NMDA) [RFC8342] and [RFC8407] YANG guidelines. 633 3. Structure of the Configuration Data Model 635 The reference model described in this RFC describes the following 636 models: 638 o A PSAMP/IPFIX metered model based on [RFC6728] where a PSAMP/IPFIX 639 device configures a meter that samples packets passing through a 640 device, applies an IPFIX template to those packets, and exports 641 IPFIX templates/data records to an IPFIX collector. 643 o An IPFIX collector/exporter model based on [RFC6728] where an 644 IPFIX device can: 646 * terminate multiple IPFIX sessions to a collection process and 647 then export those IPFIX packets to an external IPFIX collector 648 or 650 * read an IPFIX formatted file into the collection process and 651 export that file to a destination location. 653 o A bulk data model where an IPFIX template is applied to configured 654 reference resource that can export bulk data (e.g., statistics, 655 [BBF.TR-352] ICTP IPFIX data). 657 Figure 1 illustrates the PSAMP metered UML model for a PSAMP/IPFIX 658 monitoring device. The metering process is contained in the ietf- 659 ipfix-packet-sampling module. The metering process is comprised of a 660 selection-process and cache that refers to an exporting-process. 661 Further explanations about the relationship between selection-process 662 and cache are given in Section 3.1.1. Section 4.4 describes the 663 exporting-process configuration. 665 +--------------------------------------------------------------+ 666 | +--------------------+ Metering Process | 667 | | Module: ietf-ipfix | | 668 | | -packet-sampling| | 669 | |--------------------|<------------------------+ | 670 | | |<--------+ 1 | | 671 | +--------------------+ | +-------------+-----------+ | 672 | ^ | | list: selection-process | | 673 | | | |-------------------------| | 674 | 1 | | | | | 675 | +--------+-------------+ | +-----------------+-------+ | 676 | | list: observation-pt | | ^ | | 677 | |----------------------| selection-process-ref | | | 678 | | +-------|---------------+ | | 679 | +----------------------+ | 0..* | | 680 | 1 | | | 681 | +-------+-------+ | | 682 | | list: cache | | | 683 | |---------------| 0..1 | | 684 | | |<----------+ | 685 | +---------------+ cache-ref | 686 +--------------------------------+-----------------------------+ 687 +--------------------+ | 688 | Module: ietf-ipfix | | 689 |--------------------| | 690 | | | 691 +--------------------+ | 692 ^ | exporting-process-ref 693 | | 694 1 | | 695 +---------+---------------+ | 696 | list: exporting-process | | 697 |-------------------------| | 698 | |<----+ 699 +-------------------------+ 0..* 701 Figure 1: PSAMP-IPFIX metered model 703 PSAMP/IPFIX monitoring device implementations usually maintain the 704 separation of various functional blocks, although they do not 705 necessarily implement all of them. The configuration data model 706 enables the setting of commonly available configuration parameters 707 for selection-processes, and caches and supports optional 708 configuration for features like the [RFC2863] IF-MIB and [RFC6933] 709 Entity MIB. 711 3.1. PSAMP-IPFIX Metered Decomposition 713 3.1.1. Metering Process Decomposition in Selection Process and Cache 715 In a monitoring device implementation, the functionality of the 716 metering process is split into the selection process and cache. 717 Figure 2 shows a metering process example. The selection-process 718 takes an observed packet stream as its input and selects a subset of 719 that stream as its output (selected packet stream). The action of 720 the selection-process on a single packet of its input is defined by 721 one selector (called a primitive selector) or an ordered composition 722 of multiple selectors (called a composite selector). The cache 723 generates flow records or packet reports from the selected packet 724 stream, depending on its configuration. 726 +------------------------------------+ 727 | Metering Process | 728 | +------------+ Selected | 729 Observed | | selection- | Packet +-------+ | Stream of 730 Packet -->| process |---------->| cache |--> Flow Records or 731 Stream | +------------+ Stream +-------+ | Packet Reports 732 +------------------------------------+ 734 Figure 2: Selection Process and Cache forming a Metering Process 736 A metering process must always have a selection-process. It is 737 possible to select all in the observed packet stream, and pass them 738 to the cache unfiltered by configuring the selector-method to 739 "select-all". 741 A metering process can be configured to support multiple selection 742 processes that receive packets from multiple observation points 743 within the same observation domain. In this case, the observed 744 packet streams of the observation points are processed in independent 745 selection sequences. As specified in [RFC5476], a distinct set of 746 selector instances needs to be maintained per selection sequence in 747 order to keep the selection states and statistics separate. 749 With the configuration data model, it is possible to configure a 750 metering process with more than one selection processes whose output 751 is processed by a single cache. This is illustrated in Figure 3. 753 +--------------------------------------+ 754 | Metering Process | 755 | +------------+ Selected | 756 Observed | | selection- | Packet | 757 Packet -->| process |----------+ +-------+ | 758 Stream | +------------+ Stream +->| | | Stream of 759 | ... | cache |--> Flow Records or 760 | +------------+ Selected +->| | | Packet Reports 761 Observed | | selection- | Packet | +-------+ | 762 Packet -->| process |----------+ | 763 Stream | +------------+ Stream | 764 +--------------------------------------+ 766 Figure 3: Metering Process with multiple Selection Processes 768 The observed packet streams at the input of a metering process may 769 originate from observation points belonging to different observation 770 domains. By definition of the observation domain (see [RFC7011]), a 771 cache must not aggregate packets observed at different observation 772 domains in the same flow. Hence, if the cache is configured to 773 generate flow records, it needs to distinguish packets according to 774 their observation domains. 776 3.1.2. Exporter Configuration 778 Figure 4 below shows the main classes of the configuration data model 779 that are involved in the configuration of an IPFIX or PSAMP Exporter. 780 The role of the classes can be briefly summarized as follows: 782 o The ObservationPoint class specifies an observation-point (e.g., 783 an interface or line card) of the Monitoring Device that captures 784 packets for traffic measurements. An observation-point may be 785 associated with one or more instances of the SelectionProcess 786 class when a device is capable of processing observed packets in 787 parallel. 789 * When an observation-point is configured without references to 790 the selection-process, the captured packets are not considered 791 part of the metering process. 793 o The SelectionProcess class contains the configuration and state 794 parameters of a selection-process. The selection-process may be 795 composed of a single selector or a sequence of selectors, defining 796 a primitive or composite Selector, respectively. The selection- 797 process selects packets from one or more observed packet streams, 798 each originating from a different observation-point. A selection- 799 process instance may be referred to from one or more observation- 800 point instances. 802 * A selection process may pass the selected packet stream to a 803 cache. Therefore, the selection-process class contains a 804 reference to an instance of the cache class. 806 * If a selection-process is configured without any reference to a 807 cache, the selected packets are not accounted in any packet 808 report or flow record. 810 o The Cache class contains configuration and state parameters of a 811 cache. A cache may receive the output of one or more selection 812 processes and maintains corresponding packet reports or flow 813 records. Therefore, an instance of the cache class may be 814 referred to from multiple selection process instances. 815 Configuration parameters of the cache class specify the size of 816 the cache, the cache layout, and expiration parameters if 817 applicable. The cache configuration also determines whether 818 packet reports or flow records are generated. 820 * A cache may pass its output to one or more exporting processes. 821 Therefore, the cache class enables references to one or more 822 instances of the exporting process class. 824 * If a cache instance does not specify any reference to an 825 exporting process instance, the cache output is dropped. 827 o The ExportingProcess class contains configuration and state 828 parameters of an exporting-process. It includes various 829 transport-protocol-specific parameters and the export 830 destinations. 832 * An instance of the exporting process class may be referred to 833 from multiple instances of the cache class. 835 +-------------------+ 836 | observation-point | 837 +---------+---------+ 838 0..* | 839 | 840 0..* v 841 +-------------------+ 842 | selection-process | 843 +---------+---------+ 844 0..* | 845 | 846 0..1 v 847 +-------------------+ 848 | cache | 849 +---------+---------+ 850 0..* | 851 | 852 0..* v 853 +-------------------+ 854 | exporting-process | 855 +-------------------+ 857 Figure 4: Class diagram of Exporter configuration 859 3.2. Collector/Exporter Model 861 +--------------------+ 862 | Module: ietf-ipfix | 863 |--------------------|<------------------+ 864 | | 1 | 865 +--------------------+ +-------------+------------+ 866 ^ | list: collecting-process | 867 | |--------------------------| 868 | +-------------+------------+ 869 | | 870 1 | | 871 +---------+---------------+ | 872 | list: exporting-process | | 873 |-------------------------| 0..* | 874 | |<-------------+ 875 +-------------------------+ exporting-process-ref 877 Figure 5: Collector/Exporter Model 879 3.2.1. Collector/Exporter Decomposition 881 Figure 5 shows the main classes of the configuration data model that 882 are involved in the configuration of a collector. An instance of the 883 CollectingProcess class specifies the local IP addresses, transport 884 protocols, and port numbers of a collecting-process. 886 A collecting-process MAY be configured as a File Reader according to 887 [RFC5655]. 889 A CollectingProcess class instance may refer to one or more 890 exporting-process instances configuring exporting processes that re- 891 export the received data. As an example, an exporting process can be 892 configured as a file-writer in order to save the received IPFIX 893 messages in a file. 895 3.3. Bulk Data Exporter Model 897 +------------------------------------+ 898 | module:ietf-ipfix-bulk-data-export | 899 |------------------------------------| 900 +------------------------------------+ 901 ^ 902 | 903 1 | 904 +------------+------------+ +---------------+ 905 | list:bulk-data-template | | list:resource | 906 |-------------------------|------------->+---------------| 907 +------------+------------+ 0..* +---------------+ 908 | 909 0..* | exporting-process-ref 910 v 911 +-------------------------+ 912 | list:exporting-process | 913 |-------------------------| 914 +-------------------------+ 916 Figure 6: Bulk Data Exporter Model 918 3.3.1. Bulk Data Exporter Decomposition 920 Figure 6 shows the main classes of the configuration model that are 921 involved in bulk data export. A device that has a resource instance 922 capable of reporting bulk data through IPFIX does not need an IPFIX 923 meter to be created. Instead a bulk-data template is created and 924 applied to that resource instance. 926 The ExportingProcess class contains configuration and state 927 parameters of an exporting-process. It includes various transport- 928 protocol-specific parameters and the export destinations. The bulk- 929 data-template may refer to multiple instances of the ExportingProcess 930 class. 932 4. Configuration and State Parameters 934 This section specifies the configuration and state parameters of the 935 configuration data model separately for each class. 937 4.1. Observation Point Class 939 Figure 7 shows the observation-point attributes of an IPFIX 940 monitoring device. As defined in [RFC7011], an observation point can 941 be any location where packets are observed. A IPFIX monitoring 942 device potentially has more than one such location. An instance of 943 observation-point defines which location is associated with a 944 specific observation point. For this purpose, interfaces (ietf- 945 interfaces module [RFC8343]) and hardware components (ietf-hardware 946 module [RFC8348]) are identified using their names. 948 o Alternatively, index values of the corresponding entries in the 949 IfTable (if-mib module [RFC2863]) or the EntPhysicalTable (entity- 950 mib module [RFC6933]) can be used as identifiers. However, 951 indices should only be used as identifiers if an SNMP agent on the 952 same monitoring device enables access to the corresponding mib 953 tables. 955 By its definition in [RFC7011], an observation point may be 956 associated with a set of interfaces. Therefore, the configuration 957 data model allows configuring multiple interfaces and physical 958 entities for a single observation point. The observation-point-id 959 (i.e., the value of the information element observationPointId 960 [IANA-IPFIX]) is assigned by the monitoring device. 962 +--rw observation-point* [name] 963 +--rw name ietf-ipfix:name-type 964 +--rw observation-domain-id uint32 965 +--rw interface-ref* if:interface-ref 966 +--rw if-name* if-name-type {if-mib}? 967 +--rw if-index* uint32 {if-mib}? 968 +--rw hardware-ref* hardware-ref 969 +--rw ent-physical-name* string {entity-mib}? 970 +--rw ent-physical-index* uint32 {entity-mib}? 971 +--rw direction? direction 972 +--ro observation-point-id? uint32 973 +--rw selection-process* 974 -> /ietf-ipfix:ipfix/psamp/selection-process/name 976 Figure 7: Observation Point Attributes 978 The configuration parameters of the observation point are: 980 observation-domain-id 981 This parameter defines the identifier of the observation domain 982 that the observation point belongs to. Observation points that 983 are configured with the same observation domain ID belong to the 984 same observation domain. Note that this parameter corresponds to 985 ipfixObservationPointObservationDomainId in the IPFIX MIB module 986 [RFC6615]. 988 if-name 989 This parameter identifies the interface (via the IfName in the IF- 990 MIB [RFC2863]) on the monitoring device that is associated with 991 the given observation point. if-name should only be used if an 992 SNMP agent enables access to the IfTable. 994 if-index 995 This parameter identifies the interface (via the IfIndex value in 996 the IF-MIB [RFC2863]) on the monitoring device that is associated 997 with the given observation point. if-index should only be used if 998 an SNMP agent enables access to the IfTable. 1000 interface-ref 1001 This parameter identifies the interface via the interface 1002 reference [RFC8343] on the monitoring device that is associated 1003 with the given observation point. 1005 hardware-ref 1006 This parameter identifies a hardware component via the hardware 1007 reference [RFC8348] on the monitoring device that is associated 1008 with the given observation point. 1010 ent-physical-name 1011 This parameter identifies a physical entity (via the 1012 EntPhysicalName in the ENTITY-MIB module [RFC6933]) on the 1013 monitoring device that is associated with the given observation 1014 point. ent-physical-name should only be used if an SNMP agent 1015 enables access to the EntPhysicalTable. 1017 ent-physical-index 1018 This parameter identifies a physical entity (via the 1019 EntPhysicalIndex in the ENTITY-MIB module [RFC6933]) on the 1020 monitoring device that is associated with the given observation 1021 point. ent-physical-name should only be used if an SNMP agent 1022 enables access to the EntPhysicalTable. 1024 direction 1025 This parameter specifies if ingress traffic, egress traffic, or 1026 both ingress and egress traffic is captured, using the values 1027 "ingress", "egress", and "both", respectively. if not configured, 1028 ingress and egress traffic is captured (i.e., the default value is 1029 "both"). If not applicable (e.g., in the case of a sniffing 1030 interface in promiscuous mode), the value of this parameter is 1031 ignored. 1033 selection-process-reference 1034 An observation-point instance may refer to one or more selection- 1035 process instances that process the observed packets in parallel. 1037 4.2. Selection Process Class 1039 Figure 8 shows the selection-process attributes. The selection- 1040 process class contains the configuration and state parameters of a 1041 selection process that selects packets from one or more observed 1042 packet streams and generates a selected packet stream as its output. 1043 A non-empty ordered list defines a sequence of selectors. The 1044 actions defined by the selectors are applied to the stream of 1045 incoming packets in the specified order. 1047 If the selection process receives packets from multiple observation 1048 points, the observed packet streams need to be processed 1049 independently in separate selection sequences. Each selection 1050 sequence is identified by a selection sequence id that is unique 1051 within the observation domain the observation point belongs to (see 1052 [RFC5477]). Selection sequence ids are assigned by the monitoring 1053 device. 1055 As state parameters, the selection-process class contains a list of 1056 (observation-domain-id, selection-sequence-id) tuples specifying the 1057 assigned selection sequence ids and corresponding observation domain 1058 ids. With this information, it is possible to associate selection 1059 sequence (statistics) report interpretations exported according to 1060 the PSAMP protocol specification [RFC5476] with the corresponding 1061 selection-process instance. 1063 A selection-process instance may include a reference to a cache class 1064 instance to generate packet reports or flow records from the selected 1065 packet stream. 1067 +--rw selection-process* [name] 1068 +--rw name ietf-ipfix:name-type 1069 +--rw selector* [name] 1070 | +--rw name 1071 | | ietf-ipfix:name-type 1072 | +--rw (method) 1073 | | +--:(select-all) 1074 | | | +--rw select-all? empty 1075 | | +--:(samp-count-based) 1076 | | | ... 1077 | | +--:(samp-time-based) 1078 | | | ... 1079 | | +--:(samp-rand-out-of-n) 1080 | | | ... 1081 | | +--:(samp-uni-prob) 1082 | | | ... 1083 | | +--:(filter-match) 1084 | | | ... 1085 | | +--:(filter-hash) 1086 | | | ... 1087 | +--ro packets-observed? yang:counter64 1088 | +--ro packets-dropped? yang:counter64 1089 | +--ro selector-discontinuity-time? yang:date-and-time 1090 +--rw cache? 1091 | -> /ietf-ipfix:ipfix/psamp/cache/name 1092 +--ro selection-sequence* [] 1093 +--ro observation-domain-id? uint32 1094 +--ro selection-sequence-id? uint64 1096 Figure 8: Selection Process Attributes 1098 4.2.1. Selection Process Class Method 1100 Standardized PSAMP sampling and filtering methods are described in 1101 [RFC5475]; their configuration parameters are specified in the 1102 classes samp-count-based, samp-time-based, samp-rand-out-of-n, samp- 1103 uni-prob, filter-match, and filter-hash. In addition, the select-all 1104 class, which has no parameters, is used for a selector that selects 1105 all packets. The selector class includes exactly one of these 1106 sampler and filter classes, depending on the applied method. 1108 +--rw selection-process* [name] 1109 +--rw name ietf-ipfix:name-type 1110 +--rw selector* [name] 1111 | +--rw name 1112 | | ietf-ipfix:name-type 1113 | | ... 1114 | +--ro packets-observed? yang:counter64 1115 | +--ro packets-dropped? yang:counter64 1116 | +--ro selector-discontinuity-time? yang:date-and-time 1118 Figure 9: Selector Class Attributes 1120 The selector class, shown in Figure 9 contains the selector 1121 statistics packets-observed and packets-dropped as well as selector- 1122 discontinuity-time, which correspond to the IPFIX MIB module objects 1123 ipfixSelectionProcessStatsPacketsObserved, 1124 ipfixSelectionProcessStatsPacketsDropped, and 1125 ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]: 1127 packets-observed 1128 The total number of packets observed at the input of the selector. 1129 If this is the first selector in the selection process, this 1130 counter corresponds to the total number of packets in all observed 1131 packet streams at the input of the selection process. Otherwise, 1132 the counter corresponds to the total number of packets at the 1133 output of the preceding selector. Discontinuities in the value of 1134 this counter can occur at re-initialization of the management 1135 system, and at other times as indicated by the value of selector- 1136 discontinuity-time. 1138 packets-dropped 1139 The total number of packets discarded by the selector. 1140 Discontinuities in the value of this counter can occur at re- 1141 initialization of the management system, and at other times as 1142 indicated by the value of selector-discontinuity-time. 1144 selector-discontinuity-time 1145 Timestamp of the most recent occasion at which one or more of the 1146 selector counters suffered a discontinuity. In contrast to 1147 ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute 1148 and not relative to sys-uptime. 1150 Note that packets-observed and packets-dropped are aggregate 1151 statistics calculated over all selection sequences of the selection 1152 process. This is in contrast to the counter values in the selection 1153 sequence statistics report interpretation [RFC5476], which are 1154 related to a single selection sequence only. 1156 4.2.1.1. Selection Process Class Method: Sampler Methods 1158 | | +--:(samp-count-based) 1159 | | | +--rw samp-count-based {psamp-samp-count-based}? 1160 | | | +--rw packet-interval uint32 1161 | | | +--rw packet-space uint32 1162 | | +--:(samp-time-based) 1163 | | | +--rw samp-time-based {psamp-samp-time-based}? 1164 | | | +--rw time-interval uint32 1165 | | | +--rw time-space uint32 1166 | | +--:(samp-rand-out-of-n) 1167 | | | +--rw samp-rand-out-of-n 1168 | | | {psamp-samp-rand-out-of-n}? 1169 | | | +--rw size uint32 1170 | | | +--rw population uint32 1171 | | +--:(samp-uni-prob) 1172 | | | +--rw samp-uni-prob {psamp-samp-uni-prob}? 1173 | | | +--rw probability decimal64 1175 Figure 10: Sampler Method Attributes 1177 Figure 10 shows the following sampler methods: 1179 samp-count-based (Systematic Count-based Sampling): The following 1180 attributes are configurable: 1182 packet-interval 1183 The number of packets that are consecutively sampled between gaps 1184 of length packet-space. This parameter corresponds with the 1185 Information Element samplingPacketInterval and 1186 psampSampCountBasedInterval attribute [RFC5477]. 1188 packet-space: 1189 The number of unsampled packets between two sampling intervals. 1190 This parameter corresponds to the Information Element 1191 samplingPacketSpace and psampSampCountBasedSpace attribute 1192 [RFC6727]. 1194 Samp-Time-Based (Systematic Time-based Sampling): The following 1195 attributes are configurable: 1197 time-interval 1198 The time interval during which all arriving packets are sampled. 1199 The unit is microseconds. This parameter corresponds to 1200 corresponds to the Information Element samplingTimeInterval and to 1201 psampSampTimeBasedInterval attribute [RFC6727]. 1203 time-space 1204 The gap between two Sampling intervals, in microseconds. This 1205 parameter corresponds to Information Element samplingTimeSpace and 1206 to psampSampTimeBasedSpace attribute [RFC6727]. 1208 Samp-Rand-Out-of-N: The following attributes are configurable: 1210 size 1211 The number of elements taken from the parent population. This 1212 parameter corresponds to Information Element samplingSize and 1213 psampSampRandOutOfNSize attribute [RFC6727]. 1215 population 1216 The number of elements in the parent population. These parameters 1217 correspond to Information Element samplingPopulation and 1218 psampSampRandOutOfNPopulation attribute [RFC6727]. 1220 samp-uni-prob: The following attributes are configurable: 1222 probability 1223 The probability for uniform probabilistic sampling. The 1224 probability is expressed as a value between 0 and 1. This 1225 parameter corresponds to Information Element samplingProbability 1226 and psampSampUniProbProbability attribute [RFC6727]. 1228 4.2.2. Selection Process Filter Classes 1229 | | +--:(filter-match) 1230 | | | +--rw filter-match {psamp-filter-match}? 1231 | | | +--rw (information-element) 1232 | | | | +--:(ie-name) 1233 | | | | | +--rw ie-name? 1234 | | | | | ietf-ipfix:ie-name-type 1235 | | | | +--:(ie-id) 1236 | | | | +--rw ie-id? 1237 | | | | ietf-ipfix:ie-id-type 1238 | | | +--rw ie-enterprise-number? uint32 1239 | | | +--rw value string 1240 | | +--:(filter-hash) 1241 | | +--rw filter-hash {psamp-filter-hash}? 1242 | | +--rw hash-function? identityref 1243 | | +--rw initializer-value? uint64 1244 | | +--rw ip-payload-offset? uint64 1245 | | +--rw ip-payload-size? uint64 1246 | | +--rw digest-output? boolean 1247 | | +--rw selected-range* [name] 1248 | | | +--rw name ietf-ipfix:name-type 1249 | | | +--rw min? uint64 1250 | | | +--rw max? uint64 1251 | | +--ro output-range-min? uint64 1252 | | +--ro output-range-max? uint64 1254 Figure 11: Filter Method Attributes 1256 Figure 11 shows the following filter methods: 1258 Property-Match Filtering: The following attributes are configurable: 1260 Filtering based on ie-id, ie-name, ie-enterprise-number 1261 The property to be matched is specified by either ie-id or ie- 1262 name, specifying the identifier or name of the Information 1263 Element, respectively. If ie-enterprise-number is zero (which is 1264 the default), this Information Element is registered in the IANA 1265 registry of IPFIX Information Elements [IANA-IPFIX]. A non-zero 1266 value of ie-enterprise-number specifies an enterprise specific 1267 Information Element [IANA-ENTERPRISE-NUMBERS]. 1269 value 1270 The matching value. 1272 For hash-based filtering, the configuration and state attributes are: 1274 hash-function 1275 The following values are defined: 1277 * BOB: BOB Hash Function as specified in [RFC5475], Appendix A.2 1279 * IPSX: IP Shift-XOR (IPSX) Hash Function as specified in 1280 [RFC5475], Appendix A.1 1282 * CRC: CRC-32 function as specified in [RFC1141] Default value is 1283 "BOB". This parameter corresponds to the PSAMP MIB object 1284 psampFiltHashFunction [RFC6727]. 1286 initializer-value 1287 This parameter corresponds to the Information Element 1288 hashInitialiserValue [RFC5477], as well as to the PSAMP MIB object 1289 psampFiltHashInitializerValue [RFC6727]. If not configured by the 1290 user, the Monitoring Device arbitrarily chooses an initializer 1291 value. 1293 ip-payload-offset 1294 Configures the offset of the payload section used as input to the 1295 hash function. Default value is 0 (minimum configurable values 1296 according to [RFC5476], Section 6.5.2.6.). This parameter 1297 corresponds to the Information Element hashIPPayloadOffset 1298 [RFC5477] as well as to the PSAMP MIB object 1299 psampFiltHashIpPayloadOffset [RFC6727]. 1301 ip-payload-size 1302 Configures the size of the payload section used as input to the 1303 hash function. Default value is 8 (minimum configurable values 1304 according to [RFC5476], Section 6.5.2.6.). This parameter 1305 corresponds to the Information Element hashIPPayloadSize 1306 [RFC5477], as well as to the PSAMP MIB object 1307 psampFiltHashIpPayloadSize [RFC6727]. 1309 digest-output 1310 Enables or disables the inclusion of the packet digest in the 1311 resulting PSAMP Packet Report. This requires that the Cache 1312 Layout of the Cache generating the Packet Reports includes a 1313 digest-hash-value field. This parameter corresponds to the 1314 Information Element hashDigestOutput [RFC5477]. 1316 output-range-min 1317 Defines the beginning of the hash's function potential output 1318 range. This parameter correspond to the Information Element 1319 hashOutputRangeMin [RFC5477], as well as to the PSAMP MIB object 1320 psampFiltHashOutputRangeMin [RFC6727]. 1322 output-range-max 1323 Defines the end of the hash function's potential output range. 1324 This parameter correspond to the Information Element 1325 hashOutputRangeMax [RFC5477], as well as to the PSAMP MIB object 1326 psampFiltHashOutputRangeMax [RFC6727]. 1328 One or more ranges of matching hash values are defined by the min and 1329 max parameters of the selected-range subclass. These parameters 1330 correspond to the Information Elements hashSelectedRangeMin and 1331 hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects 1332 psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax 1333 [RFC6727]. 1335 4.3. Cache Class 1337 Figure 12 shows the cache class that contains the configuration and 1338 state parameters of a cache. Most of these parameters are specific 1339 to the type of the cache and therefore contained in the subclasses 1340 immediate-cache, timeout-cache, natural-cache, and permanent-cache, 1341 which are presented below in Section 4.3.1 and Section 4.3.2. 1343 +--rw cache* [name] 1344 +--rw name ietf-ipfix:name-type 1345 +--rw enabled boolean 1346 +--ro metering-process-id? uint32 1347 +--ro data-records? yang:counter64 1348 +--ro cache-discontinuity-time? yang:date-and-time 1349 +--rw (cache-type) 1350 | +--:(immediate-cache) 1351 | | ... 1352 | +--:(timeout-cache) 1353 | | ... 1354 | +--:(natural-cache) 1355 | | ... 1356 | +--:(permanent-cache) 1357 | | ... 1358 +--rw exporting-process* 1359 -> /ietf-ipfix:ipfix/exporting-process/name 1360 {ietf-ipfix:exporter}? 1362 Figure 12: Cache Attributes 1364 The following configuration and state parameters are common to all 1365 caches and therefore included in the cache class itself: 1367 enabled 1368 Enables the cache so that specified data may be exported. The 1369 default is "enabled". 1371 metering-process-id 1372 The identifier of the metering process that cache belongs to. 1373 This parameter corresponds to the information element 1374 meteringProcessId [IANA-IPFIX]. Its occurrence helps to associate 1375 metering process (reliability) statistics exported according to 1376 the IPFIX protocol specification [RFC7011] with the corresponding 1377 MeteringProcess class identifier. 1379 data-records 1380 The number of data records generated by this cache. 1382 discontinuities 1383 The value of this counter can occur at re-initialization of the 1384 management system, and at other times as indicated by the value of 1385 cache-discontinuity-time. Note that this parameter corresponds to 1386 ipfixMeteringProcessDataRecords in the IPFIX MIB module [RFC6615]. 1388 cache-discontinuity-time 1389 The timestamp of the most recent occasion at which datarecords 1390 suffered a discontinuity. The time is absolute and not relative 1391 to sysUpTime. Note that this parameter functionally corresponds 1392 to ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module 1393 [RFC6615]. 1395 A cache object may refer to one or more exporting-process instances. 1397 4.3.1. Immediate Cache Type Class 1399 The immediate-cache type class depicted in Figure 13 is used to 1400 configure a cache that generates a PSAMP Packet Report for each 1401 packet at its input. The fields contained in the generated data 1402 records are defined in an object of the cache-layout, which is 1403 defined below in Section 4.3.3. 1405 +--rw (cache-type) 1406 | +--:(immediate-cache) 1407 | | +--rw immediate-cache {immediate-cache}? 1408 | | +--rw cache-layout 1409 | | +--rw cache-field* [name] 1410 | | +--rw name 1411 | | | ietf-ipfix:name-type 1412 | | +--rw (information-element) 1413 | | | +--:(ie-name) 1414 | | | | +--rw ie-name? 1415 | | | | ietf-ipfix:ie-name-type 1416 | | | +--:(ie-id) 1417 | | | +--rw ie-id? 1418 | | | ietf-ipfix:ie-id-type 1419 | | +--rw ie-length? uint16 1420 | | +--rw ie-enterprise-number? uint32 1421 | | +--rw is-flow-key? empty 1423 Figure 13: Immediate Cache Attributes 1425 4.3.2. Timeout Cache, Natural Cache, and Permanent Cache Type Class 1427 Figure 14 shows the timeout-cache, natural-cache, and permanent-cache 1428 type classes. These classes are used to configure a cache that 1429 aggregates the packets at its input and generates IPFIX flow records. 1431 +--rw (cache-type) 1432 | +--:(timeout-cache) 1433 | | +--rw timeout-cache {timeout-cache}? 1434 | | +--rw max-flows? uint32 1435 | | +--rw active-timeout? uint32 1436 | | +--rw idle-timeout? uint32 1437 | | +--rw export-interval? uint32 1438 | | +--rw cache-layout 1439 | | | ... 1440 | | +--ro active-flows? yang:gauge32 1441 | | +--ro unused-cache-entries? yang:gauge32 1442 | +--:(natural-cache) 1443 | | +--rw natural-cache {natural-cache}? 1444 | | { same as timeout-cache } 1445 | +--:(permanent-cache) 1446 | +--rw permanent-cache {permanent-cache}? 1447 | { same as timeout-cache } 1449 Figure 14: Timeout, Natural and Permanent Cache Attributes 1451 The three classes differ in when flows expire: 1453 timeout-cache 1454 Flows expire after active or idle timeout. 1456 natural-cache 1457 Flows expire after active or idle timeout, or on natural 1458 termination (e.g., TCP FIN or TCP RST) of the flow. 1460 permanent-cache 1461 Flows never expire, but are periodically exported with the 1462 interval set by export-interval. 1464 The following configuration and state parameters are common to the 1465 three classes: 1467 max-flows 1468 This parameter configures the maximum number of entries in the 1469 cache, which is the maximum number of flows that can be measured 1470 simultaneously. If this parameter is configured, the monitoring 1471 device must ensure that sufficient resources are available to 1472 store the configured maximum number of flows. If the maximum 1473 number of cache entries is in use, no additional flows can be 1474 measured. However, traffic that pertains to existing flows can 1475 continue to be measured. 1477 active-flows 1478 This state parameter indicates the number of flows currently 1479 active in this cache (i.e., the number of cache entries currently 1480 in use). Note that this parameter corresponds to 1481 ipfixmeteringprocesscacheactiveflows in the IPFIX MIB module 1482 [RFC6615]. 1484 unused-cache-entries 1485 The number of unused cache entries. Note that the sum of active- 1486 flows and unused-cache-entries equals max-flows if max-flows is 1487 configured. Note that this parameter corresponds to 1488 ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB 1489 module [RFC6615]. 1491 The following timeout parameters are only available in the timeout- 1492 cache and the natural-cache cache-types: 1494 active-timeout 1495 This parameter configures the time in seconds after which a flow 1496 is expired even though packets matching this flow are still 1497 received by the cache. The parameter value zero indicates 1498 infinity, meaning that there is no active timeout. If not 1499 configured by the user, the monitoring device sets this parameter. 1500 Note that this parameter corresponds to 1501 ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module 1502 [RFC6615]. 1504 idle-timeout 1505 This parameter configures the time in seconds after which a flow 1506 is expired if no more packets matching this flow are received by 1507 the cache. The parameter value zero indicates infinity, meaning 1508 that there is no idle timeout. If not configured by the user, the 1509 monitoring device sets this parameter. Note that this parameter 1510 corresponds to ipfixMeteringProcessCacheIdleTimeout in the IPFIX 1511 MIB module [RFC6615]. 1513 The following interval parameter is only available in the permanent- 1514 cache class: 1516 export-interval 1517 This parameter configures the interval (in seconds) for periodical 1518 export of flow records. If not configured by the user, the 1519 monitoring device sets this parameter. 1521 Every generated flow record must be associated with a single 1522 observation domain. Hence, although a cache may be configured to 1523 process packets observed at multiple observation domains, the cache 1524 must not aggregate packets observed at different observation domains 1525 in the same flow. 1527 An object of the cache class contains an object of the cache-layout 1528 class that defines which fields are included in the flow records. 1530 4.3.3. Cache Layout Class 1532 A cache generates and maintains packet reports or flow records 1533 containing information that has been extracted from the incoming 1534 stream of packets. Using the cache-field class, the cache-layout 1535 class specifies the superset of fields that are included in the 1536 packet reports or flow records (see Figure 15). 1538 If packet reports are generated (i.e., if immediate-cache class is 1539 used to configure the cache), every field specified by the cache- 1540 layout must be included in the resulting packet report unless the 1541 corresponding information element is not applicable or cannot be 1542 derived from the content or treatment of the incoming packet. Any 1543 other field specified by the cache layout may only be included in the 1544 packet report if it is obvious from the field value itself or from 1545 the values of other fields in same packet report that the field value 1546 was not determined from the packet. 1548 For example, if a field is configured to contain the TCP source port 1549 (information element tcpSourcePort [IANA-IPFIX]), the field must be 1550 included in all packet reports that are related to TCP packets. 1551 Although the field value cannot be determined for non-TCP packets, 1552 the field may be included in the packet reports if another field 1553 contains the transport protocol identifier (information element 1554 protocolIdentifier [IANA-IPFIX]). 1556 If flow records are generated (i.e., if timeout-cache, natural-cache, 1557 or permanent-cache class is used to configure the cache), the cache 1558 layout differentiates between flow key fields and non-key fields. 1559 Every flow key field specified by the cache layout must be included 1560 as flow key in the resulting flow record unless the corresponding 1561 information element is not applicable or cannot be derived from the 1562 content or treatment of the incoming packet. Any other flow key 1563 field specified by the cache layout may only be included in the flow 1564 record if it is obvious from the field value itself or from the 1565 values of other flow key fields in the same flow record that the 1566 field value was not determined from the packet. Two packets are 1567 accounted by the same flow record if none of their flow key fields 1568 differ. If a flow key field can be determined for one packet but not 1569 for the other, the two packets are accounted in different flow 1570 records. 1572 Every non-key field specified by the cache layout must be included in 1573 the resulting flow record unless the corresponding information 1574 element is not applicable or cannot be derived for the given flow. 1575 Any other non-key field specified by the cache layout may only be 1576 included in the flow record if it is obvious from the field value 1577 itself or from the values of other fields in same flow record that 1578 the field value was not determined from the packet. Packets which 1579 are accounted by the same flow record may differ in their non-key 1580 fields, or one or more of the non-key fields can be undetermined for 1581 all or some of the packets. 1583 For example, if a non-key field specifies an information element 1584 whose value is determined by the first packet observed within a flow 1585 (which is the default rule according to [RFC7012] unless specified 1586 differently in the description of the information element), this 1587 field must be included in the resulting flow record if it can be 1588 determined from the first packet of the flow. 1590 | | +--rw cache-layout 1591 | | | +--rw cache-field* [name] 1592 | | | +--rw name 1593 | | | | ietf-ipfix:name-type 1594 | | | +--rw (information-element) 1595 | | | | +--:(ie-name) 1596 | | | | | +--rw ie-name? 1597 | | | | | ietf-ipfix:ie-name-type 1598 | | | | +--:(ie-id) 1599 | | | | +--rw ie-id? 1600 | | | | ietf-ipfix:ie-id-type 1601 | | | +--rw ie-length? uint16 1602 | | | +--rw ie-enterprise-number? uint32 1603 | | | +--rw is-flow-key? empty 1605 Figure 15: Cache Field Attributes 1607 The cache-layout class does not have any parameters. The 1608 configuration parameters of the cache-field class (see Figure 15) are 1609 as follows: 1611 ie-name 1612 Specifies the information element name to be used. Either ie-id 1613 or ie-name must be specified. 1615 ie-id 1616 Specifies the information element identifier to be used. Either 1617 ie-id or ie-name must be specified. 1619 ie-length 1620 This parameter specifies the length of the field in octets. A 1621 value of 65535 means that the field is encoded as a variable- 1622 length information element. For information elements of integer 1623 and float type, the field length may be set to a smaller value 1624 than the standard length of the abstract data type if the rules of 1625 reduced size encoding are fulfilled (see [RFC7011], section 6.2). 1626 If not configured by the user, the field length is set by the 1627 monitoring device. 1629 ie-enterprise-number 1630 Specifies the enterprise ID of the ie-id or ie-name. If the ie- 1631 enterprise-number is zero (which is the default), this information 1632 element is registered in the IANA registry of IPFIX information 1633 elements [IANA-IPFIX]. A non-zero value of ie-enterprise-number 1634 specifies an enterprise-specific information element 1635 [IANA-ENTERPRISE-NUMBERS]. If the enterprise number is set to 1636 29305, this field contains a reverse information element. In this 1637 case, the cache must generate data records in accordance to 1638 [RFC5103]. 1640 is-flow-key 1641 If present, this field is a flow key. If the field contains a 1642 reverse information element, it must not be configured as flow 1643 key. This parameter is not available if the cache is configured 1644 using the immediate-cache class since there is no distinction 1645 between flow key fields and non-key fields in packet reports. 1647 Note that the use of information elements can be restricted to 1648 certain cache types as well as to flow key or non-key fields. Such 1649 restrictions may result from information element definitions or from 1650 device-specific constraints. According to Section 5, the monitoring 1651 device must notify the user if a cache field cannot be configured 1652 with the given information element. 1654 4.4. Exporting Process Class 1656 The ExportingProcess class in Figure 16) specifies destinations to 1657 which the incoming packet reports and flow records are exported using 1658 objects of the destination class. The destination class includes a 1659 choice of type of exporter (sctp-exporter, udp-exporter, tcp- 1660 exporter, or file-writer) which contains further configuration 1661 parameters. Those exporter type classes are described in 1662 Section 4.4.1, Section 4.4.2, Section 4.4.3, and Section 4.4.4. 1664 The ExportingProcess class contains the identifier of the exporting 1665 process (exporting-process-id). This parameter corresponds to the 1666 information element exportingProcessId [IANA-IPFIX]. Its occurrence 1667 helps to associate exporting process reliability statistics exported 1668 according to the IPFIX protocol specification [RFC7011] with the 1669 corresponding object of the ExportingProcess class. 1671 The order in which destination instances appear has a specific 1672 meaning only if the export-mode parameter is set to "fallback". 1674 +--rw exporting-process* [name] {exporter}? 1675 +--rw name name-type 1676 +--rw enabled? boolean 1677 +--rw export-mode? identityref 1678 +--rw destination* [name] 1679 | +--rw name name-type 1680 | +--rw (destination-parameters) 1681 | +--:(tcp-exporter) 1682 | ... 1683 | +--:(udp-exporter) 1684 | ... 1685 | +--:(sctp-exporter) 1686 | ... 1687 | +--:(file-writer) 1688 | ... 1689 +--rw options* [name] 1690 | +--rw name name-type 1691 | +--rw options-type identityref 1692 | +--rw options-timeout? uint32 1693 +--ro exporting-process-id? uint32 1695 Figure 16: Exporting Process Class 1697 The Exporting Process parameters are defined as follows: 1699 enabled 1700 Enables the exporting process to begin exporting data. The 1701 default is "enabled". 1703 export-mode 1704 Determines to which configured destination(s) the incoming data 1705 records are exported. The following parameter values are 1706 specified by the configuration data model: 1708 * parallel: every data record is exported to all configured 1709 destinations in parallel 1711 * load-balancing: every data record is exported to exactly one 1712 configured destination according to a device-specific load- 1713 balancing policy 1715 * fallback: every data record is exported to exactly one 1716 configured destination according to the fallback policy 1717 described below 1719 If export-mode is set to "fallback", the first destination instance 1720 defines the primary destination, the second destination instance 1721 defines the secondary destination, and so on. If the exporting 1722 process fails to export data records to the primary destination, it 1723 tries to export them to the secondary one. If the secondary 1724 destination fails as well, it continues with the tertiary, etc. 1725 "parallel" is the default value if exportmode is not configured. 1727 Note that the export-mode parameter is related to the 1728 ipfixExportMemberType object in [RFC6615]. If export-mode is 1729 "parallel", the ipfixExportMemberType values of the corresponding 1730 entries in IpfixExportTable are set to parallel(3). If export-mode 1731 is "load-balancing", the ipfixExportMemberType values of the 1732 corresponding entries in IpfixExportTable are set to 1733 loadBalancing(4). If exportmode is "fallback", the 1734 ipfixExportMemberType value that refers to the primary destination is 1735 set to primary(1); the ipfixExportMemberType values that refer to the 1736 remaining destinations need to be set to secondary(2). The IPFIX mib 1737 module does not define any value for tertiary destination, etc. 1739 The reporting of information with options templates is defined with 1740 objects of the Options class. 1742 The exporting process may modify the packet reports and flow records 1743 to enable a more efficient transmission or storage under the 1744 condition that no information is changed or suppressed. For example, 1745 the exporting process may shorten the length of a field according to 1746 the rules of reduced size encoding [RFC7011]. The exporting process 1747 may also export certain fields in a separate data record as described 1748 in [RFC5476]. 1750 4.4.1. SCTP Exporter Class 1752 The SctpExporter class shown in Figure 17 contains the configuration 1753 parameters of an SCTP export destination. 1755 +--:(sctp-exporter) 1756 +--rw sctp-exporter {sctp-transport}? 1757 +--rw ipfix-version? uint16 1758 +--rw destination-port? 1759 | inet:port-number 1760 +--rw send-buffer-size? uint32 1761 +--rw rate-limit? uint32 1762 +--rw transport-layer-security! 1763 | ... 1764 +--rw source 1765 | +--rw (source-method)? 1766 | +--:(source-address) 1767 | | +--rw source-address? inet:host 1768 | +--:(interface-ref) 1769 | | +--rw interface-ref? if:interface-ref 1770 | +--:(if-index) {if-mib}? 1771 | | +--rw if-index? uint32 1772 | +--:(if-name) {if-mib}? 1773 | +--rw if-name? string 1774 +--rw destination 1775 | +--rw (destination-method) 1776 | +--:(destination-address) 1777 | +--rw destination-address? inet:host 1778 +--rw timed-reliability? uint32 1779 +--ro transport-session 1780 ... 1782 Figure 17: SCTP Exporter Class 1784 The configuration parameters are: 1786 ipfix-version 1787 Version number of the IPFIX protocol used. If omitted, the 1788 default value is 10 (=0x000a) as specified in [RFC7011]. 1790 source-address 1791 List of source IP addresses used by the exporting process. If 1792 configured, the specified addresses are eligible local IP 1793 addresses of the multihomed SCTP endpoint. If not configured, all 1794 locally assigned IP addresses are eligible local IP addresses. 1796 destination-address 1797 One or more IP addresses of the collecting process to which IPFIX 1798 Messages are sent. The user must ensure that all configured IP 1799 addresses belong to the same collecting process. The exporting 1800 process tries to establish an SCTP association to any of the 1801 configured destination IP addresses. 1803 destination-port 1804 Destination port number to be used. If not configured, standard 1805 port 4739 (IPFIX without TLS and DTLS) or 4740 (IPFIX over TLS or 1806 DTLS) is used. 1808 if-index 1809 The index of the interface used by the exporting process to export 1810 IPFIX Messages to the given destination MAY be specified according 1811 to corresponding objects in the IF-MIB [RFC2863]. If omitted, the 1812 Exporting Process selects the outgoing interface based on local 1813 routing decision and accepts return traffic, such as transport- 1814 layer acknowledgments, on all available interfaces. 1816 if-name 1817 The name of the interface used by the exporting process to export 1818 IPFIX Messages to the given destination MAY be specified according 1819 to corresponding objects in the IF-MIB [RFC2863]. If omitted, the 1820 Exporting Process selects the outgoing interface based on local 1821 routing decision and accepts return traffic, such as transport- 1822 layer acknowledgments, on all available interfaces. 1824 send-buffersize 1825 Size of the socket send buffer in bytes. If not configured by the 1826 user, the buffer size is set by the monitoring device. 1828 rate-limit 1829 Maximum number of bytes per second the exporting process may 1830 export to the given destination as required by [RFC5476]. The 1831 number of bytes is calculated from the lengths of the IPFIX 1832 Messages exported. If this parameter is not configured, no rate 1833 limiting is performed for this destination. 1835 timed-reliability 1836 Lifetime in milliseconds until an IPFIX message containing data 1837 sets only is "abandoned" due to the timed reliability mechanism of 1838 the partial reliability extension of SCTP (pr-SCTP) [RFC3758]. if 1839 this parameter is set to zero, reliable SCTP transport must be 1840 used for all data records. Regardless of the value of this 1841 parameter, the exporting process may use reliable SCTP transport 1842 for data sets associated with certain options templates, such as 1843 the data record reliability options template specified in 1844 [RFC6526]. 1846 Using the TransportLayerSecurity class described in Section 4.6, 1847 Datagram Transport Layer Security (DTLS) is enabled and configured 1848 for this export destination. 1850 The TransportSession class is discussed in Section 4.7. 1852 4.4.2. UDP Exporter Class 1854 The UdpExporter class shown in Figure 18 contains the configuration 1855 parameters of a UDP export destination. The parameters ipfix- 1856 version, destination-port, if-name, if-index, send-buffer-size, and 1857 rate-limit have the same meaning as in the SctpExporter class (see 1858 Section 4.4.1). 1860 +--:(udp-exporter) 1861 +--rw udp-exporter {udp-transport}? 1862 +--rw ipfix-version? uint16 1863 +--rw destination-port? 1864 | inet:port-number 1865 +--rw send-buffer-size? uint32 1866 +--rw rate-limit? uint32 1867 +--rw transport-layer-security! 1868 | ... 1869 +--rw source 1870 | +--rw (source-method)? 1871 | +--:(source-address) 1872 | | +--rw source-address? inet:host 1873 | +--:(interface-ref) 1874 | | +--rw interface-ref? if:interface-ref 1875 | +--:(if-index) {if-mib}? 1876 | | +--rw if-index? uint32 1877 | +--:(if-name) {if-mib}? 1878 | +--rw if-name? string 1879 +--rw destination 1880 | +--rw (destination-method) 1881 | +--:(destination-address) 1882 | +--rw destination-address? inet:host 1883 +--rw maximum-packet-size? uint16 1884 +--rw template-refresh-timeout? uint32 1885 +--rw options-template-refresh-timeout? uint32 1886 +--rw template-refresh-packet? uint32 1887 +--rw options-template-refresh-packet? uint32 1888 +--ro transport-session 1889 .... 1891 Figure 18: UDP Exporter Class 1893 The remaining configuration parameters are: 1895 source-address 1896 This parameter specifies the source IP address used by the 1897 exporting process. If this parameter is omitted, the IP address 1898 assigned to the outgoing interface is used as the source IP 1899 address. 1901 destination-address 1902 Destination IP address to which IPFIX messages are sent (i.e., the 1903 IP address of the collecting process). 1905 max-packet-size 1906 This parameter specifies the maximum size of IP packets sent to 1907 the collector. If set to zero, the exporting device must derive 1908 the maximum packet size from path mtu discovery mechanisms. If 1909 not configured by the user, this parameter is set by the 1910 monitoring device. 1912 template-refresh-timeout 1913 This parameter specifies when templates are refreshed by the 1914 exporting process. This timeout is specified in seconds between 1915 re-sending of templates. If omitted, the default value of 600 1916 seconds (10 minutes) is used [RFC7011]. This parameter 1917 corresponds to ipfixTransportSessionTemplateRefreshTimeout in the 1918 IPFIX MIB module [RFC6615]. 1920 options-template-refresh-timeout 1921 This parameter specifies when options templates are refreshed by 1922 the exporting process. This timeout is specified in seconds 1923 between re-sending of options templates. If omitted, the default 1924 value of 600 seconds (10 minutes) is used [RFC7011]. This 1925 parameter corresponds to 1926 ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX 1927 MIB module [RFC6615]. 1929 template-refresh-packet 1930 This parameter specifies the number of IPFIX messages after which 1931 templates are re-sent. If omitted, the templates are only resent 1932 after timeout. This parameter corresponds to 1933 ipfixTransportSessionTemplateRefreshTimeout in the IPFIX MIB 1934 module [RFC6615]. 1936 options-template-refresh-packet 1937 This parameter specifies the number of IPFIX messages after which 1938 options templates are re-sent. If omitted, the options templates 1939 are only resent after timeout. This parameter corresponds to 1940 ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX 1941 MIB module [RFC6615]. 1943 Note that the values configured for template-refresh-timeout and 1944 options-template-refresh-timeout must be adapted to the template- 1945 lifetime and options-template-lifetime parameter settings at the 1946 receiving collecting process (see Section 4.5.2). 1948 Using the TransportLayerSecurity class described in Section 4.6, DTLS 1949 is enabled and configured for this export destination. The 1950 TransportSession class is specified in Section 4.7. 1952 4.4.3. TCP Exporter Class 1954 The TcpExporter class shown in Figure 19 contains the configuration 1955 parameters of a TCP export destination. The parameters have the same 1956 meaning as in the UdpExporter class (see Section 4.4.2). 1958 Using the TransportLayerSecurity class described in Section 4.6, 1959 Transport Layer Security (TLS) is enabled and configured for this 1960 export destination. 1962 The TransportSession class is specified in Section 4.7. 1964 +--:(tcp-exporter) 1965 +--rw tcp-exporter {tcp-transport}? 1966 +--rw ipfix-version? uint16 1967 +--rw destination-port? 1968 | inet:port-number 1969 +--rw send-buffer-size? uint32 1970 +--rw rate-limit? uint32 1971 +--rw transport-layer-security! 1972 | ... 1973 +--rw source 1974 | +--rw (source-method)? 1975 | +--:(source-address) 1976 | | +--rw source-address? inet:host 1977 | +--:(interface-ref) 1978 | | +--rw interface-ref? if:interface-ref 1979 | +--:(if-index) {if-mib}? 1980 | | +--rw if-index? uint32 1981 | +--:(if-name) {if-mib}? 1982 | +--rw if-name? string 1983 +--rw destination 1984 | +--rw (destination-method) 1985 | +--:(destination-address) 1986 | +--rw destination-address? inet:host 1987 +--ro transport-session 1989 Figure 19: TCP Exporter Class 1991 4.4.4. File Writer Class 1993 If file-writer instance is included in an object of the destination 1994 class, IPFIX messages are written into a file as specified in 1995 [RFC5655]. 1997 +--:(file-writer) 1998 +--rw file-writer {file-writer}? 1999 +--rw ipfix-version? uint16 2000 +--rw file inet:uri 2001 +--ro file-writer-state 2002 +--ro bytes? 2003 | yang:counter64 2004 +--ro messages? 2005 | yang:counter64 2006 +--ro discarded-messages? 2007 | yang:counter64 2008 +--ro records? 2009 | yang:counter64 2010 +--ro templates? 2011 | yang:counter32 2012 +--ro options-templates? 2013 | yang:counter32 2014 +--ro file-writer-discontinuity-time? 2015 | yang:date-and-time 2016 +--ro template* [] 2017 +--ro observation-domain-id? uint32 2018 +--ro template-id? uint16 2019 +--ro set-id? uint16 2020 +--ro access-time? 2021 | yang:date-and-time 2022 +--ro template-data-records? 2023 | yang:counter64 2024 +--ro template-discontinuity-time? 2025 | yang:date-and-time 2026 +--ro field* [] 2027 +--ro ie-id? ie-id-type 2028 +--ro ie-length? uint16 2029 +--ro ie-enterprise-number? uint32 2030 +--ro is-flow-key? empty 2031 +--ro is-scope? empty 2033 Figure 20: File Writer Class 2035 The FileWriter class contains the following configuration parameters: 2037 ipfix-version 2038 Version number of the IPFIX protocol used. If omitted, the 2039 default value is 10 (=0x000a) as specified in [RFC7011]. 2041 file 2042 File name and location specified as URI. 2044 The state parameters of the FileWriter class are: 2046 bytes, messages, records, templates, options-templates 2047 The number of bytes, IPFIX messages, data records, template 2048 records, and options template records written by the file writer. 2049 Discontinuities in the values of these counters can occur at re- 2050 initialization of the management system, and at other times as 2051 indicated by the value of file-writer-discontinuity-time. 2053 discarded-messages 2054 The number of IPFIX messages that could not be written by the file 2055 writer due to internal buffer overflows, limited storage capacity, 2056 etc. Discontinuities in the value of this counter can occur at 2057 re-initialization of the management system, and at other times as 2058 indicated by the value of file-writer-discontinuity-time. 2060 file-writer-discontinuity-time 2061 Timestamp of the most recent occasion at which one or more file 2062 writer counters suffered a discontinuity. The time is absolute 2063 and not relative to sysUpTime. 2065 Each FileWriter class instance includes statistics about the 2066 templates written to the file. The Template class is specified in 2067 Section 4.8. 2069 4.4.5. Options Class 2071 The Options class in Figure 21 defines the type of specific 2072 information to be reported, such as statistics, flow keys, sampling 2073 and filtering parameters, etc. [RFC7011] and [RFC5476] specify 2074 several types of reporting information that may be exported. 2076 +--rw options* [name] 2077 +--rw name name-type 2078 +--rw options-type identityref 2079 +--rw options-timeout? uint32 2081 Figure 21: Options Class 2083 The following parameter values are specified by the configuration 2084 data model: 2086 metering-statistics 2087 Export of metering process statistics using the metering process 2088 statistics options template [RFC7011]. 2090 metering-reliability 2091 Export of metering process reliability statistics using the 2092 metering process reliability statistics options template 2093 [RFC7011]. 2095 exporting-reliability 2096 Export of exporting process reliability statistics using the 2097 exporting process reliability statistics options template 2098 [RFC7011]. 2100 flow-keys 2101 Export of the flow key specification using the flow keys options 2102 template [RFC7011]. 2104 selection-sequence 2105 Export of selection sequence report interpretation and selector 2106 report interpretation [RFC5476]. 2108 selection-statistics 2109 Export of selection sequence statistics report interpretation 2110 [RFC5476]. 2112 accuracy 2113 Export of accuracy report interpretation [RFC5476]. 2115 reducing-redundancy 2116 Enables the utilization of options templates to reduce redundancy 2117 in the exported data records according to [RFC5473]. The 2118 exporting process decides when to apply these options templates. 2120 extended-type-information 2121 Export of extended type information for enterprise-specific 2122 information elements used in the exported templates [RFC5610]. 2124 The exporting process must choose a template definition according to 2125 the options type and available options data. The options-timeout 2126 parameter specifies the reporting interval (in milliseconds) for 2127 periodic export of the option data. A parameter value of zero means 2128 that the export of the option data is not triggered periodically, but 2129 whenever the available option data has changed. this is the typical 2130 setting for options types flow-keys, selection-sequence, accuracy, 2131 and reducing-redundancy. If options-timeout is not configured by the 2132 user, it is set by the monitoring device. 2134 4.5. Collecting Process Class 2136 Figure 22 shows the CollectingProcess class that contains the 2137 configuration and state parameters of a collecting process. The 2138 sctp-collector, udp-collector, and TcpCollector classes specify how 2139 IPFIX messages are received from remote exporters. The collecting 2140 process can also be configured as a file reader using the FileReader 2141 class. These classes are described in Section 4.5.1, Section 4.5.2, 2142 Section 4.5.3, and Section 4.5.4. 2144 A collecting-process instance may refer to one or more exporting- 2145 process instances configuring exporting processes that export the 2146 received data without modifications to a file or to another remote 2147 collector. 2149 +--rw collecting-process* [name] {collector}? 2150 +--rw name name-type 2151 +--rw tcp-collector* [name] {tcp-transport}? 2152 ... 2153 +--rw udp-collector* [name] {udp-transport}? 2154 ... 2155 +--rw sctp-collector* [name] {sctp-transport}? 2156 ... 2157 +--rw file-reader* [name] {file-reader}? 2158 ... 2159 +--rw exporting-process* -> /ipfix/exporting-process/name 2160 {exporter}? 2162 Figure 22: Collecting Process Class 2164 4.5.1. SCTP Collector Class 2166 The SctpCollector class contains the configuration parameters of a 2167 listening SCTP socket at a collecting process. 2169 +--rw sctp-collector* [name] {sctp-transport}? 2170 +--rw name name-type 2171 +--rw local-port? inet:port-number 2172 | +--rw transport-layer-security! 2173 | | ... 2174 +--rw (local-address-method)? 2175 | +--:(local-address) 2176 | +--rw local-address* inet:host 2177 +--ro transport-session* [name] 2178 ... 2180 Figure 23: SCTP Collector Class 2182 The parameters are: 2184 local-ip-address 2185 List of local IP addresses on which the collecting process listens 2186 for IPFIX messages. The IP addresses are used as eligible local 2187 IP addresses of the multihomed SCTP endpoint [RFC4960]. IF 2188 omitted, the collecting process listens on all local IP addresses. 2190 local-port 2191 Local port number on which the collecting process listens for 2192 IPFIX messages. If omitted, standard port 4739 (IPFIX without TLS 2193 and DTLS) or 4740 (IPFIX over TLS or DTLS) is used. 2195 Using the TransportLayerSecurity class described in Section 4.6, DTLS 2196 is enabled and configured for this receiving socket. 2198 The TransportSession class is specified in Section 4.7. 2200 4.5.2. UDP Collector Class 2202 The UdpCollector class shown in Figure 24 contains the configuration 2203 parameters of a listening UDP socket at a collecting process. The 2204 parameter local-port has the same meaning as in the SctpCollector 2205 class (see Section 4.5.1). 2207 +--rw udp-collector* [name] {udp-transport}? 2208 +--rw name name-type 2209 +--rw local-port? inet:port-number 2210 +--rw transport-layer-security! 2211 | ... 2212 +--rw (local-address-method)? 2213 | +--:(local-address) 2214 | +--rw local-address* inet:host 2215 +--rw template-life-time? uint32 2216 +--rw options-template-life-time? uint32 2217 +--rw template-life-packet? uint32 2218 +--rw options-template-life-packet? uint32 2219 +--ro transport-session* [name] 2220 ... 2222 Figure 24: UDP Collector Class 2224 The remaining parameters are: 2226 local-ip-address 2227 List of local IP addresses on which the collecting process listens 2228 for IPFIX messages. If omitted, the collecting process listens on 2229 all local IP addresses. 2231 template-life-time, options-template-life-time 2232 (options) template lifetime in seconds for all UDP transport 2233 sessions terminating at this UDP socket. (options) templates that 2234 are not received again within the configured lifetime become 2235 invalid at the collecting process. As specified in [RFC7011], 2236 section 10.3.7, the lifetime of templates and options templates 2237 must be at least three times higher than the template-refresh- 2238 timeout and option-templates-refresh-timeout parameter values 2239 configured on the corresponding exporting processes. If not 2240 configured, the default value 1800 is used, which is three times 2241 the default (options) template refresh timeout (see Section 4.4.2) 2242 as specified in [RFC7011]. Note that these parameters correspond 2243 to ipfixTransportSessionTemplateRefreshTimeout and 2244 ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX 2245 MIB module [RFC6615]. 2247 template-life-packet, options-template-life-packet 2248 If template-life-packet is configured, templates defined in a UDP 2249 transport session become invalid if they are neither included in a 2250 sequence of more than this number of IPFIX messages nor received 2251 again within the period of time specified by template-lifetime. 2252 Similarly, if options-template-life-packet is configured, options 2253 templates become invalid if they are neither included in a 2254 sequence of more than this number of IPFIX messages nor received 2255 again within the period of time specified by options-template- 2256 lifetime. If not configured, templates and options templates only 2257 become invalid according to the lifetimes specified by template- 2258 lifetime and options-template-lifetime, respectively. Note that 2259 these parameters correspond to 2260 ipfixTransportSessionTemplateRefreshPacket and 2261 ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB 2262 module [RFC6615]. 2264 Using the TransportLayerSecurity class described in Section 4.6, DTLS 2265 is enabled and configured for this receiving socket. 2267 The TransportSession class is specified in Section 4.7. 2269 4.5.3. TCP Collector Class 2271 The TcpCollector class contains the configuration parameters of a 2272 listening TCP socket at a collecting process. The parameters have 2273 the same meaning as in the UdpCollector class (Section 4.5.2). 2275 Using the TransportLayerSecurity class described in Section 4.6, TLS 2276 is enabled and configured for this receiving socket. 2278 The TransportSession class is specified in Section 4.7. 2280 +--rw tcp-collector* [name] {tcp-transport}? 2281 +--rw name name-type 2282 +--rw local-port? inet:port-number 2283 +--rw transport-layer-security! 2284 | ... 2285 +--rw (local-address-method)? 2286 | +--:(local-address) 2287 | +--rw local-address* inet:host 2288 +--ro transport-session* [name] 2289 ... 2291 Figure 25: TCP Collector Class 2293 4.5.4. File Reader Class 2295 Figure 26 shows the FileReader class via which the collecting process 2296 may import IPFIX messages from a file as specified in [RFC5655]. 2298 +--rw file-reader* [name] {file-reader}? 2299 +--rw name name-type 2300 +--rw file inet:uri 2301 +--ro file-reader-state 2302 +--ro bytes? yang:counter64 2303 +--ro messages? yang:counter64 2304 +--ro records? yang:counter64 2305 +--ro templates? yang:counter32 2306 +--ro options-templates? yang:counter32 2307 +--ro file-reader-discontinuity-time? 2308 | yang:date-and-time 2309 +--ro template* [] 2310 ... 2312 Figure 26: File Reader Class 2314 The FileReader class defines the following configuration parameter: 2316 file 2317 File name and location specified as URI. 2319 The state parameters of the FileReader class are: 2321 bytes, messages, records, templates, options-templates 2322 The number of bytes, IPFIX messages, data records, template 2323 records, and options template records read by the file reader. 2324 Discontinuities in the values of these counters can occur at re- 2325 initialization of the management system, and at other times as 2326 indicated by the value of file-reader-discontinuity-time. 2328 file-reader-discontinuity-time 2329 Timestamp of the most recent occasion at which one or more file 2330 reader counters suffered a discontinuity. The time is absolute 2331 and not relative to sysUpTime. 2333 The FileReader class includes information about the Template class 2334 and statistics. The Template class is specified in Section 4.8. 2336 4.6. Transport Layer Security Class 2338 Figure 27 shows the TransportLayerSecurity class which is used in the 2339 exporting process's sctp-exporter, udp-exporter, and TcpExporter 2340 classes, and the collecting process's SctpCollector, UdpCollector, 2341 and TcpCollector classes to enable and configure TLS/DTLS for IPFIX. 2342 If TLS/DTLS is enabled, the endpoint must use DTLS [RFC6347] if the 2343 transport protocol is SCTP or UDP and TLS [RFC8446] if the transport 2344 protocol is TCP. 2346 [RFC7011] mandates strong mutual authentication of exporting 2347 processes and collecting process as follows. IPFIX exporting 2348 processes and IPFIX collecting processes are identified by the fully 2349 qualified domain name (FQDN) of the interface on which IPFIX messages 2350 are sent or received, for purposes of X.509 client and server 2351 certificates as in [RFC5280]. To prevent man-in-the-middle attacks 2352 from impostor exporting or collecting processes, the acceptance of 2353 data from an unauthorized exporting process, or the export of data to 2354 an unauthorized collecting process, strong mutual authentication via 2355 asymmetric keys must be used for both TLS and DTLS. Each of the 2356 IPFIX exporting and collecting processes must verify the identity of 2357 its peer against its authorized certificates, and must verify that 2358 the peer's certificate matches its fully qualified domain name, or, 2359 in the case of SCTP, the fully qualified domain name of one of its 2360 endpoints. 2362 The fully qualified domain name used to identify an IPFIX collecting 2363 process or exporting process may be stored either in a subjectaltname 2364 extension of type dnsname, or in the most specific common name field 2365 of the subject field of the x.509 certificate. If both are present, 2366 the subjectaltname extension is given preference. 2368 In order to use TLS/DTLS, appropriate certificates and keys have to 2369 be previously installed on the monitoring devices. For security 2370 reasons, the configuration data model does not offer the possibility 2371 to upload any certificates or keys on a monitoring device. If TLS/ 2372 DTLS is enabled on a monitoring device that does not dispose of 2373 appropriate certificates and keys, the configuration must be rejected 2374 with an error. 2376 The configuration data model allows restricting the authorization of 2377 remote endpoints to certificates issued by specific certification 2378 authorities or identifying specific fqdns for authorization. 2379 Furthermore, the configuration data model allows restricting the 2380 utilization of certificates identifying the local endpoint. This is 2381 useful if the monitoring device disposes of more than one certificate 2382 for the given local endpoint. 2384 +--rw transport-layer-security! 2385 +--rw local-certification-authority-dn* string 2386 +--rw local-subject-dn* string 2387 +--rw local-subject-fqdn* inet:domain-name 2388 +--rw remote-certification-authority-dn* string 2389 +--rw remote-subject-dn* string 2390 +--rw remote-subject-fqdn* inet:domain-name 2392 Figure 27: Transport Layer Security Class 2394 The configuration parameters are defined as follows: 2396 local-certification-authority-dn 2397 This parameter may appear one or more times to restrict the 2398 identification of the local endpoint during the tls/dtls handshake 2399 to certificates issued by the configured certification 2400 authorities. each occurrence of this parameter contains the 2401 distinguished name of one certification authority. To identify 2402 the local endpoint, the exporting process or collecting process 2403 must use a certificate issued by one of the configured 2404 certification authorities. Certificates issued by any other 2405 certification authority must not be sent to the remote peer during 2406 TLS/DTLS handshake. If none of the certificates installed on the 2407 monitoring device fulfills the specified restrictions, the 2408 configuration must be rejected with an error. If local- 2409 certification-authority-dn is not configured, the choice of 2410 certificates identifying the local endpoint is not restricted with 2411 respect to the issuing certification authority. 2413 local-subject-dn, local-subject-fqdn 2414 Each of these parameters may appear one or more times to restrict 2415 the identification of the local endpoint during the TLS/DTLS 2416 handshake to certificates issued for specific subjects or for 2417 specific FQDNs. Each occurrence of local-subject-dn contains a 2418 distinguished name identifying the local endpoint. Each 2419 occurrence of local-subject-fqdn contains a FQDN which is assigned 2420 to the local endpoint. To identify the local endpoint, the 2421 exporting process or collecting process must use a certificate 2422 that contains either one of the configured distinguished names in 2423 the subject field or at least one of the configured FQDNs in a 2424 dnsname component of the subject alternative extension field or in 2425 the most specific commonname component of the subject field. If 2426 none of the certificates installed on the monitoring device 2427 fulfills the specified restrictions, the configuration must be 2428 rejected with an error. If any of the parameters local-subject-dn 2429 and local-subject-fqdn is configured at the same time as the 2430 local-certification-authority-dn parameter, certificates must also 2431 fulfill the specified restrictions regarding the certification 2432 authority. If local-subject-dn and local-subject-fqdn are not 2433 configured, the choice of certificates identifying the local 2434 endpoint is not restricted with respect to the subject's 2435 distinguished name or FQDN. 2437 remote-certification-authority-dn 2438 This parameter may appear one or more times to restrict the 2439 authentication of remote endpoints during the TLS/DTLS handshake 2440 to certificates issued by the configured certification 2441 authorities. Each occurrence of this parameter contains the 2442 distinguished name of one certification authority. To 2443 authenticate the remote endpoint, the remote exporting process or 2444 collecting process must provide a certificate issued by one of the 2445 configured certification authorities. Certificates issued by any 2446 other certification authority must be rejected during TLS/DTLS 2447 handshake. If the monitoring device is not able to validate 2448 certificates issued by the configured certification authorities 2449 (e.g., because of missing public keys), the configuration must be 2450 rejected with an error. If remote-certification-authority-dn is 2451 not configured, the authorization of remote endpoints is not 2452 restricted with respect to the issuing certification authority of 2453 the delivered certificate. 2455 remote-subject-dn, remote-subject-fqdn 2456 Each of these parameters may appear one or more times to restrict 2457 the authentication of remote endpoints during the TLS/DTLS 2458 handshake to certificates issued for specific subjects or for 2459 specific FQDNs. Each occurrence of remote-subject-dn contains a 2460 distinguished name identifying a remote endpoint. Each occurrence 2461 of remote-subject-fqdn contains a FQDN that is assigned to a 2462 remote endpoint. To authenticate a remote endpoint, the remote 2463 exporting process or collecting process must provide a certificate 2464 that contains either one of the configured distinguished names in 2465 the subject field or at least one of the configured FQDNs in a 2466 dnsname component of the subject alternative extension field or in 2467 the most specific common name component of the subject field. 2468 Certificates not fulfilling this condition must be rejected during 2469 TLS/DTLS handshake. If any of the parameters remote-subject-dn 2470 and remote-subject-fqdn is configured at the same time as the 2471 remote-certification-authority-dn parameter, certificates must 2472 also fulfill the specified restrictions regarding the 2473 certification authority in order to be accepted. If remote- 2474 subject-dn and remote-subject-FQDN are not configured, the 2475 authorization of remote endpoints is not restricted with respect 2476 to the subject's distinguished name or FQDN of the delivered 2477 certificate. 2479 4.7. Transport Session Class 2481 The TransportSession class contains state data about transport 2482 sessions originating from an exporting process or terminating at a 2483 collecting process. If SCTP is the transport protocol, the exporter 2484 or collector may be multihomed SCTP endpoints (see [RFC4960], 2485 Section 6.4), in which can more than one IP address will be used. 2487 The following attributes are supported: 2489 ipfix-version 2490 Used for exporting processes, this parameter contains the version 2491 number of the IPFIX protocol that the exporter uses to export its 2492 data in this transport session. Hence, it is identical to the 2493 value of the configuration parameter ipfix-version of the sctp- 2494 exporter, udp-exporter, or tcp-exporter object. When used for 2495 collecting processes, this parameter contains the version-number 2496 of the IPFIX protocol it receives for this transport session. If 2497 IPFIX messages of different IPFIX protocol versions are received, 2498 this parameter contains the maximum version number. This state 2499 parameter is identical to ipfixTransportSessionIpfixVersion in the 2500 IPFIX MIB module [RFC6615]. 2502 source-address, destination-address 2503 If TCP or UDP is the transport protocol, source-address contains 2504 the IP address of the exporter, and destination-address contains 2505 the IP addresses of the collector. Hence, the two parameters have 2506 identical values as ipfixTransportSessionSourceAddress and 2507 ipfixTransportSessionDestinationAddress in the IPFIX MIB module 2508 [RFC6615]. if SCTP is the transport protocol, source-address 2509 contains one of the IP addresses of the exporter and destination- 2510 address one of the IP addresses of the collector. Preferably, the 2511 IP addresses of the path that is usually selected by the exporter 2512 to send IPFIX messages to the collector should be contained. 2514 source-port, destination-port 2515 These state parameters contain the transport-protocol port numbers 2516 of the exporter and the collector of the transport session and 2517 thus are identical to ipfixTransportSessionSourcePort and 2518 ipfixTransportSessionDestinationPort in the IPFIX MIB module 2519 [RFC6615]. 2521 sctp-assoc-id 2522 The association id used for the SCTP session between the exporter 2523 and the collector of the transport session. It is equal to the 2524 sctpassocid entry in the SctpAssocTable defined in the SCTP-MIB 2525 [RFC3871]. This parameter is only available if the transport 2526 protocol is SCTP and if an SNMP agent on the same monitoring 2527 device enables access to the corresponding MIB objects in the 2528 SctpAssocTable. This state parameter is identical to 2529 ipfixTransportSessionSctpAssocId in the IPFIX MIB module 2530 [RFC6615]. 2532 status 2533 Status of the transport session, which can be one of the 2534 following: 2536 * inactive: transport session is established, but no IPFIX 2537 messages are currently transferred (e.g., because this is a 2538 backup (secondary) session) 2540 * active: transport session is established and transfers IPFIX 2541 messages 2543 * unknown: transport session status cannot be determined; this 2544 state parameter is identical to ipfixTransportSessionStatus in 2545 the IPFIX MIB module [RFC6615] 2547 rate 2548 The number of bytes per second transmitted by the exporting 2549 process or received by the collecting process. This parameter is 2550 updated every second. This state parameter is identical to 2551 ipfixtransportsessionrate in the IPFIX MIB module [RFC6615]. 2553 bytes, messages, records, templates, options-templates 2554 The number of bytes, IPFIX messages, data records, template 2555 records, and options template records transmitted by the exporting 2556 process or received by the collecting process. Discontinuities in 2557 the values of these counters can occur at re-initialization of the 2558 management system, and at other times as indicated by the value of 2559 transport-session-discontinuity-time. 2561 discarded-messages 2562 Used for exporting processes, this parameter indicates the number 2563 of messages that could not be sent due to internal buffer 2564 overflows, network congestion, routing issues, etc. Used for 2565 collecting process, this parameter indicates the number of 2566 received IPFIX messages that are malformed, cannot be decoded, are 2567 received in the wrong order or are missing according to the 2568 sequence number. Discontinuities in the value of this counter can 2569 occur at re-initialization of the management system, and at other 2570 times as indicated by the value of transport-session- 2571 discontinuity-time. 2573 transport-session-start-time 2574 Timestamp of the start of the given transport session. 2576 transport-session-discontinuity-time 2577 Timestamp of the most recent occasion at which one or more of the 2578 transport session counters suffered a discontinuity. The time is 2579 absolute and not relative to sysUpTime. Note that, if used for 2580 exporting processes, the values of the state parameters 2581 destination-address and destination-port match the values of the 2582 configuration parameters destination-ip-address and destination- 2583 port of the sctp-exporter, tcp-exporter, and udp-exporter (in the 2584 case of sctp-exporter, one of the configured destination-ip- 2585 address values); if the transport protocol is UDP or SCTP and if 2586 the parameter source-ip-address is configured in the udp-exporter 2587 or sctp-exporter object, the value of source-address equals the 2588 configured value or one of the configured values. Used for 2589 collecting processes, the value of destination-address equals the 2590 value (or one of the values) of the parameter local-ip-address if 2591 this parameter is configured in the udp-collector, tcp-collector, 2592 or sctp-collector; destination-port equals the value of the 2593 configuration parameter local-port. 2595 The TransportSession class includes Template class information and 2596 statistics about the templates transmitted or received on the given 2597 transport session. The Template class is specified in Section 4.8. 2599 +--ro transport-session* [name] 2600 +--ro name name-type 2601 +--ro ipfix-version? uint16 2602 +--ro source-address? inet:host 2603 +--ro destination-address? inet:host 2604 +--ro source-port? 2605 | inet:port-number 2606 +--ro destination-port? 2607 | inet:port-number 2608 +--ro status? 2609 | transport-session-status 2610 +--ro rate? 2611 | yang:gauge32 2612 +--ro bytes? 2613 | yang:counter64 2614 +--ro messages? 2615 | yang:counter64 2616 +--ro discarded-messages? 2617 | yang:counter64 2618 +--ro records? 2619 | yang:counter64 2620 +--ro templates? 2621 | yang:counter32 2622 +--ro options-templates? 2623 | yang:counter32 2624 +--ro transport-session-start-time? 2625 | yang:date-and-time 2626 +--ro transport-session-discontinuity-time? 2627 | yang:date-and-time 2628 +--ro template* [] 2629 ... 2631 Figure 28: Transport Session Class 2633 4.8. Template Class 2635 Figure 29 shows the Template class which contains state data about 2636 templates used by an exporting process or received by a collecting 2637 process in a specific transport session. The field class defines one 2638 field of the template. 2640 +--ro template* [] 2641 +--ro observation-domain-id? uint32 2642 +--ro template-id? uint16 2643 +--ro set-id? uint16 2644 +--ro access-time? yang:date-and-time 2645 +--ro template-data-records? yang:counter64 2646 +--ro template-discontinuity-time? yang:date-and-time 2647 +--ro field* [] 2648 +--ro ie-id? ie-id-type 2649 +--ro ie-length? uint16 2650 +--ro ie-enterprise-number? uint32 2651 +--ro is-flow-key? empty 2652 +--ro is-scope? empty 2654 Figure 29: Template Class 2656 The names and semantics of the state parameters correspond to the 2657 managed objects in the ipfixTemplateTable, 2658 ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the 2659 IPFIX MIB module [RFC6615]: 2661 observation-domain-id 2662 The identifier of the observation domain for which this template 2663 is defined. 2665 template-id 2666 This number indicates the template identifier in the IPFIX 2667 Message. 2669 set-id 2670 This number indicates the set identifier of this template. 2671 Currently, there are two values defined [RFC7011]. The value 2 is 2672 used for sets containing template definitions. The value 3 is 2673 used for sets containing options template definitions. 2675 access-time 2676 Used for exporting processes, this parameter contains the time 2677 when this (Options) Template was last sent to the Collector or 2678 written to the file. Used for Collecting Processes, this 2679 parameter contains the time when this (Options) Template was last 2680 received from the Exporter or read from the file. 2682 template-data-records 2683 The number of transmitted or received data records defined by this 2684 (options) template since the point in time indicated by template- 2685 definition-time. 2687 template-discontinuity-time 2688 Timestamp of the most recent occasion at which the counter 2689 template-data-records suffered a discontinuity. The time is 2690 absolute and not relative to sysUpTime. 2692 ie-id, ie-length, ie-enterprise-number 2693 Information Element identifier, length, and enterprise number of a 2694 field in the template. If this is not an enterprise-specific 2695 Information Element, ie-enterprise-number is zero. These state 2696 parameters are identical to ipfixTemplateDefinitionIeId, 2697 ipfixTemplateDefinitionIeLength, and 2698 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module 2699 [RFC6615]. 2701 is-flow-key 2702 If this state parameter is present, this is a flow key field. 2703 This parameter is only available for non-Options Templates (i.e., 2704 if setId is 2). 2706 is-scope 2707 If this state parameter is present, this is a scope field. This 2708 parameter is only available for options templates (i.e., if setId 2709 is 3). 2711 4.9. Bulk Data Class 2713 The BulkDataProcess class in Figure 30 specifies the bulk data 2714 template to be applied to resource or set of resources and provides 2715 state information about the template records. 2717 +--rw bulk-data-export 2718 +--rw template* [name] 2719 +--rw name ietf-ipfix:name-type 2720 +--rw enabled? boolean 2721 +--rw export-interval? uint32 2722 +--rw observation-domain-id? uint32 2723 +--rw field-layout 2724 | +--rw field* [name] 2725 | +--rw name ietf-ipfix:name-type 2726 | +--rw (identifier) 2727 | | +--:(ie-id) 2728 | | +--rw ie-id? ietf-ipfix:ie-id-type 2729 | +--rw ie-length? uint16 2730 | +--rw ie-enterprise-number? uint32 2731 +--rw exporting-process* 2732 | -> /ietf-ipfix:ipfix/exporting-process/name 2733 | {ietf-ipfix:exporter}? 2734 +--rw resource* resource 2735 +--ro data-records? yang:counter64 2736 +--ro discontinuity-time? yang:date-and-time 2738 Figure 30: Bulk Data Class 2740 The following attributes are supported: 2742 enabled 2743 Enables the template so that specified data may be exported. The 2744 default is "enabled". 2746 export-interval 2747 The interval (in seconds) for periodical export of data records. 2749 observation-domain-id 2750 The Observation Domain that is locally unique to an Exporting 2751 Process 2753 field-layout 2754 The IPFIX template to be applied to the resource. The following 2755 attributes are configurable: 2757 * ie-id: Identifies the Information Element identifier. 2759 * ie-enterprise-id: Identifies the enterprise identifier of the 2760 Information Element. If 0, the enterprise ID is an IANA based 2761 Information Element. 2763 * ie-length: Identifies the length of the Information Element. 2765 A bulk data instance may refer to: 2767 o one or more exporting-process instances 2769 o one or more resource instances (e.g., different interface 2770 instances on a line card) 2772 The following state information is available; 2774 data-records 2775 Reports the number of data records generated for this bulk data 2776 template. 2778 discontinuity-time 2779 Timestamp of the most recent occasion at which the counter data 2780 records suffered a discontinuity. 2782 5. Adaptation to Device Capabilities 2784 The configuration data model standardizes a superset of common IPFIX 2785 and PSAMP configuration parameters. A typical monitoring device 2786 implementation will not support the entire range of possible 2787 configurations. Certain functions may not be supported, such as the 2788 collecting process that does not exist on a monitoring device that is 2789 conceived as exporter only. The configuration of other functions may 2790 be subject to resource limitations or functional restrictions. For 2791 example, the cache size is typically limited according to the 2792 available memory on the device. It is also possible that a 2793 monitoring device implementation requires the configuration of 2794 additional parameters that are not part of the configuration data 2795 model in order to function properly. 2797 The configuration data model for IPFIX and PSAMP covers the 2798 configuration of Exporters, Collectors, and devices that may act as 2799 both. As Exporters and Collectors implement different functions, the 2800 corresponding proportions of the model are conditional on the 2801 following features: 2803 exporter 2804 If this feature is supported, Exporting Processes can be 2805 configured. 2807 collector 2808 If this feature is supported, Collecting Processes can be 2809 configured. 2811 Exporters do not necessarily implement any Selection Processes, 2812 Caches, or even Observation Points in particular cases. Therefore, 2813 the corresponding proportions of the model are conditional on the 2814 following feature: 2816 Additional features refer to different PSAMP Sampling and Filtering 2817 methods as well as to the supported types of Caches: 2819 psamp-samp-count-based 2820 If this feature is supported, Sampling method samp-count-based can 2821 be configured. 2823 psamp-samp-time-based 2824 If this feature is supported, Sampling method samp-time-based can 2825 be configured. 2827 psamp-samp-rand-out-of-n 2828 If this feature is supported, Sampling method samp-rand-out-of-n 2829 can be configured. 2831 psamp-samp-uni-prob 2832 If this feature is supported, Sampling method samp-uni-prob can be 2833 configured. 2835 psampfilter-match 2836 If this feature is supported, Filtering method filter-match can be 2837 configured. 2839 psamp-filter-hash 2840 If this feature is supported, Filtering method filter-hash can be 2841 configured. 2843 immediate-cache 2844 If this feature is supported, a Cache generating PSAMP Packet 2845 Reports can be configured using the Immediate Cache class. 2847 timeout-cache 2848 If this feature is supported, a Cache generating IPFIX Flow 2849 Records can be configured using the Timeout Cache class. 2851 natural-cache 2852 If this feature is supported, a Cache generating IPFIX Flow 2853 Records can be configured using the Natural Cache class. 2855 permanent-cache 2856 If this feature is supported, a Cache generating IPFIX Flow 2857 Records can be configured using the Permanent Cache class. 2859 The following features concern the support of UDP and TCP as 2860 transport protocols and the support of File Readers and File Writers: 2862 sctp-transport 2863 If this feature is supported, SCTP can be used as transport 2864 protocol by Exporting Processes and Collecting Processes. 2866 udp-transport 2867 If this feature is supported, UDP can be used as transport 2868 protocol by Exporting Processes and Collecting Processes. 2870 tcp-transport 2871 If this feature is supported, TCP can be used as transport 2872 protocol by Exporting Processes and Collecting Processes. 2874 file-reader 2875 If this feature is supported, File Readers can be configured as 2876 part of Collecting Processes. 2878 file-writer 2879 If this feature is supported, File Writers can be configured as 2880 part of Exporting Processes. 2882 6. YANG Modules 2884 This document defines three YANG modules: 2886 ietf-ipfix 2887 Defines the IPFIX collector and exporter functions. 2889 ietf-ipfix-packet-sampling 2890 Defines the PSAMP functions for configuring a device to sample/ 2891 meter a subset of packets from the network. 2893 ietf-ipfix-bulk-data-export 2894 Defines the bulk data IPFIX templates used to export bulk data. 2896 6.1. ietf-ipfix 2898 6.1.1. ietf-ipfix Module Structure 2900 This document defines the YANG module "ietf-ipfix", which has the 2901 following structure: 2903 module: ietf-ipfix 2904 +--rw ipfix 2905 +--rw collecting-process* [name] {collector}? 2906 | +--rw name name-type 2907 | +--rw tcp-collector* [name] {tcp-transport}? 2908 | | ... 2909 | +--rw udp-collector* [name] {udp-transport}? 2910 | | ... 2911 | +--rw sctp-collector* [name] {sctp-transport}? 2912 | | ... 2913 | +--rw file-reader* [name] {file-reader}? 2914 | | ... 2915 | +--rw exporting-process* -> /ipfix/exporting-process/name 2916 | {exporter}? 2917 +--rw exporting-process* [name] {exporter}? 2918 +--rw name name-type 2919 +--rw enabled? boolean 2920 +--rw export-mode? identityref 2921 +--rw destination* [name] 2922 | ... 2923 +--rw options* [name] 2924 | ... 2925 +--ro exporting-process-id? uint32 2927 6.1.2. ietf-ipfix YANG Module 2929 This YANG Module imports typedefs from [RFC6991]. 2931 file "ietf-ipfix@2018-10-22.yang" 2933 module ietf-ipfix { 2934 yang-version 1.1; 2936 namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix"; 2938 prefix ietf-ipfix; 2940 import ietf-inet-types { 2941 prefix inet; 2942 } 2944 import ietf-yang-types { 2945 prefix yang; 2946 } 2948 import ietf-interfaces { 2949 prefix if; 2950 } 2951 organization 2952 "IETF"; 2954 contact 2955 "Web: TBD 2956 List: TBD 2958 Editor: Joey Boyd 2959 2961 Editor: Marta Seda 2962 "; 2964 // RFC Ed.: replace XXXX with actual RFC numbers and 2965 // remove this note. 2967 description 2968 "This module contains a collection of YANG definitions for the 2969 management of IP Flow Information Export (IPFIX). 2971 This data model is designed for the Network Management Datastore 2972 Architecture defined in RFC 8342. 2974 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 2975 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 2976 'MAY', and 'OPTIONAL' in this document are to be interpreted as 2977 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 2978 they appear in all capitals, as shown here. 2980 Copyright (c) 2019 IETF Trust and the persons identified as 2981 authors of the code. All rights reserved. 2983 Redistribution and use in source and binary forms, with or 2984 without modification, is permitted pursuant to, and subject to 2985 the license terms contained in, the Simplified BSD License set 2986 forth in Section 4.c of the IETF Trust's Legal Provisions 2987 Relating to IETF Documents 2988 (https://trustee.ietf.org/license-info). 2990 This version of this YANG module is part of RFC XXXX 2991 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 2992 for full legal notices."; 2994 revision 2019-10-28 { 2995 description 2996 "Initial revision."; 2997 reference 2998 "RFC XXXX: YANG Data Models for the IP Flow Information Export 2999 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 3000 and Bulk Data Export"; 3001 } 3003 feature exporter { 3004 description 3005 "If supported, the Monitoring Device can be used as 3006 an Exporter. Exporting Processes can be configured."; 3007 } 3009 feature collector { 3010 description 3011 "If supported, the Monitoring Device can be used as 3012 a Collector. Collecting Processes can be configured."; 3013 } 3015 feature tcp-transport { 3016 description 3017 "If supported, the Monitoring Device supports TCP 3018 as the transport protocol."; 3019 } 3021 feature udp-transport { 3022 description 3023 "If supported, the Monitoring Device supports UDP 3024 as the transport protocol."; 3025 } 3027 feature sctp-transport { 3028 description 3029 "If supported, the Monitoring Device supports SCTP 3030 as the transport protocol."; 3031 } 3033 feature file-reader { 3034 description 3035 "If supported, the Monitoring Device supports the 3036 configuration of Collecting Processes as File Readers."; 3037 } 3039 feature file-writer { 3040 description 3041 "If supported, the Monitoring Device supports the 3042 configuration of Exporting Processes as File Writers."; 3043 } 3045 feature if-mib { 3046 description 3047 "This feature indicates that the device implements 3048 the IF-MIB."; 3049 reference 3050 "RFC 2863: The Interfaces Group MIB"; 3051 } 3053 identity export-mode { 3054 description 3055 "Base identity for different usages of export 3056 destinations configured for an Exporting Process."; 3057 } 3059 identity parallel { 3060 base export-mode; 3061 description 3062 "Parallel export of Data Records to all 3063 destinations configured for the Exporting Process."; 3064 } 3066 identity load-balancing { 3067 base export-mode; 3068 description 3069 "Load-balancing between the different destinations 3070 configured for the Exporting Process."; 3071 } 3073 identity fallback { 3074 base export-mode; 3075 description 3076 "Export to the primary destination (i.e., the first 3077 destination configured for the Exporting Process). If the 3078 export to the primary destination fails, the Exporting Process 3079 tries to export to the secondary destination. If the 3080 secondary destination fails as well, it continues with the 3081 tertiary, etc."; 3082 } 3084 identity options-type { 3085 description 3086 "Base identity for report types exported with 3087 options templates."; 3088 } 3090 identity metering-statistics { 3091 base options-type; 3092 description 3093 "Metering Process Statistics."; 3094 reference 3095 "RFC 7011, Section 4.1."; 3096 } 3098 identity metering-reliability { 3099 base options-type; 3100 description 3101 "Metering Process Reliability Statistics."; 3102 reference 3103 "RFC 7011, Section 4.2."; 3104 } 3106 identity exporting-reliability { 3107 base options-type; 3108 description 3109 "Exporting Process Reliability Statistics."; 3110 reference 3111 "RFC 7011, Section 4.3."; 3112 } 3114 identity flow-keys { 3115 base options-type; 3116 description 3117 "Flow Keys."; 3118 reference 3119 "RFC 7011, Section 4.4."; 3120 } 3122 identity selection-sequence { 3123 base options-type; 3124 description 3125 "Selection Sequence and Selector Reports."; 3126 reference 3127 "RFC 5476, Sections 6.5.1 and 6.5.2."; 3128 } 3130 identity selection-statistics { 3131 base options-type; 3132 description 3133 "Selection Sequence Statistics Report."; 3134 reference 3135 "RFC 5476, Sections 6.5.3."; 3136 } 3138 identity accuracy { 3139 base options-type; 3140 description 3141 "Accuracy Report."; 3142 reference 3143 "RFC 5476, Section 6.5.4."; 3144 } 3146 identity reducing-redundancy { 3147 base options-type; 3148 description 3149 "Enables the utilization of Options Templates to 3150 reduce redundancy in the exported Data Records."; 3151 reference 3152 "RFC 5473."; 3153 } 3155 identity extended-type-information { 3156 base options-type; 3157 description 3158 "Export of extended type information for 3159 enterprise-specific Information Elements used in the 3160 exported Templates."; 3161 reference 3162 "RFC 5610."; 3163 } 3165 typedef ie-name-type { 3166 type string { 3167 length "1..max"; 3168 pattern '\S+'; 3169 } 3170 description 3171 "Type for Information Element names. Whitespaces 3172 are not allowed."; 3173 } 3175 typedef name-type { 3176 type string { 3177 length "1..max"; 3178 pattern '\S(.*\S)?'; 3179 } 3180 description 3181 "Type for 'name' leafs, which are used to identify 3182 specific instances within lists, etc. 3183 Leading and trailing whitespaces are not allowed."; 3184 } 3186 typedef ie-id-type { 3187 type uint16 { 3188 range "1..32767"; 3189 } 3190 description 3191 "Type for Information Element identifiers."; 3192 } 3194 typedef transport-session-status { 3195 type enumeration { 3196 enum "inactive" { 3197 value 0; 3198 description 3199 "This value MUST be used for Transport Sessions 3200 that are specified in the system but currently not active. 3201 The value can be used for Transport Sessions that are 3202 backup (secondary) sessions."; 3203 } 3204 enum "active" { 3205 value 1; 3206 description 3207 "This value MUST be used for Transport Sessions 3208 that are currently active and transmitting or receiving 3209 data."; 3210 } 3211 enum "unknown" { 3212 value 2; 3213 description 3214 "This value MUST be used if the status of the 3215 Transport Sessions cannot be detected by the device. 3216 This value should be avoided as far as possible."; 3217 } 3218 } 3219 description 3220 "Status of a Transport Session."; 3221 reference 3222 "RFC 6615, Section 8 (ipfixTransportSessionStatus)."; 3223 } 3225 grouping transport-layer-security-parameters { 3226 description 3227 "TLS or DTLS parameters."; 3229 container transport-layer-security { 3230 presence 3231 "The presence of this container indicates TLS is enabled."; 3232 description 3233 "TLS or DTLS configuration."; 3235 leaf-list local-certification-authority-dn { 3236 type string; 3237 description 3238 "Distinguished names of certification authorities 3239 whose certificates may be used to identify the local 3240 endpoint."; 3241 reference 3242 "RFC 5280."; 3243 } 3245 leaf-list local-subject-dn { 3246 type string; 3247 description 3248 "Distinguished names that may be used in the 3249 certificates to identify the local endpoint."; 3250 reference 3251 "RFC 5280."; 3252 } 3254 leaf-list local-subject-fqdn { 3255 type inet:domain-name; 3256 description 3257 "Fully qualified domain names that may be used to 3258 in the certificates to identify the local endpoint."; 3259 reference 3260 "RFC 5280."; 3261 } 3263 leaf-list remote-certification-authority-dn { 3264 type string; 3265 description 3266 "Distinguished names of certification authorities 3267 whose certificates are accepted to authorize remote 3268 endpoints."; 3269 reference 3270 "RFC 5280."; 3271 } 3273 leaf-list remote-subject-dn { 3274 type string; 3275 description 3276 "Distinguished names which are accepted in 3277 certificates to authorize remote endpoints."; 3278 reference 3279 "RFC 5280."; 3280 } 3282 leaf-list remote-subject-fqdn { 3283 type inet:domain-name; 3284 description 3285 "Fully qualified domain names that are accepted in 3286 certificates to authorize remote endpoints."; 3287 reference 3288 "RFC 5280."; 3289 } 3290 } 3291 } 3293 grouping transport-session-state-parameters { 3294 description 3295 "State parameters of a Transport Session originating 3296 from an Exporting Process or terminating at a Collecting 3297 Process. Parameter names and semantics correspond to the 3298 managed objects in IPFIX-MIB."; 3299 reference 3300 "RFC 7011; RFC 6615, Section 8 3301 (ipfixTransportSessionEntry, 3302 ipfixTransportSessionStatsEntry)."; 3304 leaf ipfix-version { 3305 type uint16; 3306 description 3307 "Used for Exporting Processes, this parameter 3308 contains the version number of the IPFIX protocol that the 3309 Exporter uses to export its data in this Transport Session. 3311 Used for Collecting Processes, this parameter contains the 3312 version number of the IPFIX protocol it receives for 3313 this Transport Session. If IPFIX Messages of different 3314 IPFIX protocol versions are received, this parameter 3315 contains the maximum version number. 3317 Note that this parameter corresponds to 3318 ipfixTransportSessionIpfixVersion in the IPFIX MIB 3319 module."; 3320 reference 3321 "RFC 6615, Section 8 3322 (ipfixTransportSessionIpfixVersion)."; 3323 } 3325 leaf source-address { 3326 type inet:host; 3327 description 3328 "The source address of the Exporter of the 3329 IPFIX Transport Session. "; 3330 reference 3331 "RFC 6615, Section 8 3332 (ipfixTransportSessionSourceAddressType, 3333 ipfixTransportSessionSourceAddress); 3334 RFC 4960, Section 6.4."; 3335 } 3337 leaf destination-address { 3338 type inet:host; 3339 description 3340 "The destination address of the 3341 path that is selected by the Exporter to 3342 send IPFIX messages to the Collector. 3344 In the case of TCP, it is possible 3345 that if an FQDN address is configured it 3346 resolves into many addresses. 3348 Note that this parameter functionally corresponds to 3349 ipfixTransportSessionDestinationAddressType and 3350 ipfixTransportSessionDestinationAddress in the IPFIX MIB 3351 module."; 3352 reference 3353 "RFC 6615, Section 8 3354 (ipfixTransportSessionDestinationAddressType, 3355 ipfixTransportSessionDestinationAddress); 3356 RFC 4960, Section 6.4."; 3357 } 3359 leaf source-port { 3360 type inet:port-number; 3361 description 3362 "The transport-protocol port number of the 3363 Exporter of the IPFIX Transport Session. 3365 Note that this parameter corresponds to 3366 ipfixTransportSessionSourcePort in the IPFIX MIB module."; 3367 reference 3368 "RFC 6615, Section 8 3369 (ipfixTransportSessionSourcePort)."; 3370 } 3372 leaf destination-port { 3373 type inet:port-number; 3374 description 3375 "The transport-protocol port number of the 3376 Collector of the IPFIX Transport Session. 3378 Note that this parameter corresponds to 3379 ipfixTransportSessionDestinationPort in the IPFIX MIB 3380 module."; 3381 reference 3382 "RFC 6615, Section 8 3383 (ipfixTransportSessionDestinationPort)."; 3384 } 3386 leaf status { 3387 type transport-session-status; 3388 description 3389 "Status of the Transport Session. 3391 Note that this parameter corresponds to 3392 ipfixTransportSessionStatus in the IPFIX MIB module."; 3393 reference 3394 "RFC 6615, Section 8 (ipfixTransportSessionStatus)."; 3395 } 3397 leaf rate { 3398 type yang:gauge32; 3399 units "bytes per second"; 3400 description 3401 "The number of bytes per second transmitted by the 3402 Exporting Process or received by the Collecting Process. 3403 This parameter is updated every second. 3405 Note that this parameter corresponds to 3406 ipfixTransportSessionRate in the IPFIX MIB module."; 3407 reference 3408 "RFC 6615, Section 8 (ipfixTransportSessionRate)."; 3409 } 3411 leaf bytes { 3412 type yang:counter64; 3413 units "bytes"; 3414 description 3415 "The number of bytes transmitted by the 3416 Exporting Process or received by the Collecting Process. 3417 Discontinuities in the value of this counter can occur at 3418 re-initialization of the management system, and at other 3419 times as indicated by the value of 3420 transport-session-discontinuity-time. 3422 Note that this parameter corresponds to 3423 ipfixTransportSessionBytes in the IPFIX MIB module."; 3424 reference 3425 "RFC 6615, Section 8 (ipfixTransportSessionBytes)."; 3426 } 3428 leaf messages { 3429 type yang:counter64; 3430 units "IPFIX Messages"; 3431 description 3432 "The number of messages transmitted by the 3433 Exporting Process or received by the Collecting Process. 3434 Discontinuities in the value of this counter can occur at 3435 re-initialization of the management system, and at other 3436 times as indicated by the value of 3437 transport-session-discontinuity-time. 3439 Note that this parameter corresponds to 3440 ipfixTransportSessionMessages in the IPFIX MIB module."; 3441 reference 3442 "RFC 6615, Section 8 3443 (ipfixTransportSessionMessages)."; 3444 } 3446 leaf discarded-messages { 3447 type yang:counter64; 3448 units "IPFIX Messages"; 3449 description 3450 "Used for Exporting Processes, this parameter 3451 indicates the number of messages that could not be sent due 3452 to internal buffer overflows, network congestion, routing 3453 issues, etc. Used for Collecting Process, this parameter 3454 indicates the number of received IPFIX Message that are 3455 malformed, cannot be decoded, are received in the wrong 3456 order or are missing according to the sequence number. 3457 Discontinuities in the value of this counter can occur at 3458 re-initialization of the management system, and at other 3459 times as indicated by the value of 3460 transport-session-discontinuity-time. 3462 Note that this parameter corresponds to 3463 ipfixTransportSessionDiscardedMessages in the IPFIX MIB 3464 module."; 3465 reference 3466 "RFC 6615, Section 8 3467 (ipfixTransportSessionDiscardedMessages)."; 3468 } 3470 leaf records { 3471 type yang:counter64; 3472 units "Data Records"; 3473 description 3474 "The number of Data Records transmitted by the 3475 Exporting Process or received by the Collecting Process. 3476 Discontinuities in the value of this counter can occur at 3477 re-initialization of the management system, and at other 3478 times as indicated by the value of 3479 transport-session-discontinuity-time. 3481 Note that this parameter corresponds to 3482 ipfixTransportSessionRecords in the IPFIX MIB module."; 3483 reference 3484 "RFC 6615, Section 8 3485 (ipfixTransportSessionRecords)."; 3486 } 3488 leaf templates { 3489 type yang:counter32; 3490 units "Templates"; 3491 description 3492 "The number of Templates transmitted by the 3493 Exporting Process or received by the Collecting Process. 3494 Discontinuities in the value of this counter can occur at 3495 re-initialization of the management system, and at other 3496 times as indicated by the value of 3497 transport-session-discontinuity-time. 3499 Note that this parameter corresponds to 3500 ipfixTransportSessionTemplates in the IPFIX MIB module."; 3501 reference 3502 "RFC 6615, Section 8 3503 (ipfixTransportSessionTemplates)."; 3504 } 3506 leaf options-templates { 3507 type yang:counter32; 3508 units "Options Templates"; 3509 description 3510 "The number of Option Templates transmitted by the 3511 Exporting Process or received by the Collecting Process. 3512 Discontinuities in the value of this counter can occur at 3513 re-initialization of the management system, and at other 3514 times as indicated by the value of 3515 transport-session-discontinuity-time. 3517 Note that this parameter corresponds to 3518 ipfixTransportSessionOptionsTemplates in the IPFIX MIB 3519 module."; 3520 reference 3521 "RFC 6615, Section 8 3522 (ipfixTransportSessionOptionsTemplates)."; 3523 } 3525 leaf transport-session-start-time { 3526 type yang:date-and-time; 3527 description 3528 "Timestamp of the start of the given Transport 3529 Session. 3531 This state parameter does not correspond to any object in 3532 the IPFIX MIB module."; 3533 } 3535 leaf transport-session-discontinuity-time { 3536 type yang:date-and-time; 3537 description 3538 "Timestamp of the most recent occasion at which 3539 one or more of the Transport Session counters suffered a 3540 discontinuity. 3542 Note that this parameter functionally corresponds to 3543 ipfixTransportSessionDiscontinuityTime in the IPFIX MIB 3544 module. In contrast to 3545 ipfixTransportSessionDiscontinuityTime, the time is 3546 absolute and not relative to sysUpTime."; 3547 reference 3548 "RFC 6615, Section 8 3549 (ipfixTransportSessionDiscontinuityTime)."; 3550 } 3551 } 3553 grouping collection-template-state-parameters { 3554 description 3555 "State parameters of a (Options) Template 3556 received by a Collecting Process in a specific 3557 Transport Session or read by the File Reader. 3558 Parameter names and semantics correspond to the 3559 managed objects in IPFIX-MIB"; 3560 reference 3561 "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry, 3562 ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; 3564 list template { 3565 description 3566 "This list contains the Templates and Options 3567 Templates that are transmitted by the Exporting Process 3568 or received by the Collecting Process. 3570 Withdrawn or invalidated (Options) Templates MUST be removed 3571 from this list."; 3573 leaf observation-domain-id { 3574 type uint32; 3575 description 3576 "The ID of the Observation Domain for which this 3577 Template is defined. 3579 Note that this parameter corresponds to 3580 ipfixTemplateObservationDomainId in the IPFIX MIB 3581 module."; 3582 reference 3583 "RFC 6615, Section 8 3584 (ipfixTemplateObservationDomainId)."; 3585 } 3587 leaf template-id { 3588 type uint16 { 3589 range "256..65535"; 3590 } 3591 description 3592 "This number indicates the Template ID in the IPFIX 3593 message. 3594 Note that this parameter corresponds to ipfixTemplateId in 3595 the IPFIX MIB module."; 3596 reference 3597 "RFC 6615, Section 8 (ipfixTemplateId)."; 3598 } 3600 leaf set-id { 3601 type uint16; 3602 description 3603 "This number indicates the Set ID of the Template. 3604 Currently, there are two values defined. The value 2 3605 is used for Sets containing Template definitions. 3606 The value 3 is used for Sets containing Options 3607 Template definitions. Note that this parameter 3608 corresponds to ipfixTemplateSetId 3609 in the IPFIX MIB module."; 3610 reference 3611 "RFC 6615, Section 8 (ipfixTemplateSetId)."; 3612 } 3614 leaf access-time { 3615 type yang:date-and-time; 3616 description 3617 "This parameter contains the time when this 3618 (Options) Template was last received from the Exporter or 3619 read from the file. 3620 Note that this parameter corresponds to 3621 ipfixTemplateAccessTime in the IPFIX MIB module."; 3623 reference 3624 "RFC 6615, Section 8 ( 3625 ipfixTemplateAccessTime)."; 3626 } 3628 leaf template-data-records { 3629 type yang:counter64; 3630 description 3631 "The number of received Data Records defined by this 3632 (Options) Template. Discontinuities in the value of this 3633 counter can occur at re-initialization of the management 3634 system, and at other times as indicated by the value of 3635 template-discontinuity-time. 3636 Note that this parameter corresponds to 3637 ipfixTemplateDataRecords in the IPFIX MIB module."; 3638 reference 3639 "RFC 6615, Section 8 (ipfixTemplateDataRecords)."; 3640 } 3642 leaf template-discontinuity-time { 3643 type yang:date-and-time; 3644 description 3645 "Timestamp of the most recent occasion at which 3646 the counter template-data-records suffered a 3647 discontinuity. Note that this parameter functionally 3648 corresponds to ipfixTemplateDiscontinuityTime in the 3649 IPFIX MIB module. In contrast to 3650 ipfixTemplateDiscontinuityTime, the time is absolute 3651 and not relative to sysUpTime."; 3652 reference 3653 "RFC 6615, Section 8 3654 (ipfixTemplateDiscontinuityTime)."; 3655 } 3657 list field { 3658 description 3659 "This list contains the (Options) Template 3660 fields of which the (Options) Template is defined. 3661 The order of the list corresponds to the order 3662 of the fields in the (Option) Template Record."; 3664 leaf ie-id { 3665 type ie-id-type; 3666 description 3667 "This parameter indicates the Information 3668 Element identifier of the field. 3670 Note that this parameter corresponds to 3671 ipfixTemplateDefinitionIeId in the IPFIX MIB module."; 3672 reference 3673 "RFC 7011; RFC 6615, Section 8 3674 (ipfixTemplateDefinitionIeId)."; 3675 } 3677 leaf ie-length { 3678 type uint16; 3679 units "octets"; 3680 description 3681 "This parameter indicates the length of the 3682 Information Element of the field. 3684 Note that this parameter corresponds to 3685 ipfixTemplateDefinitionIeLength in the IPFIX MIB 3686 module."; 3687 reference 3688 "RFC 7011; RFC 6615, Section 8 3689 (ipfixTemplateDefinitionIeLength)."; 3690 } 3692 leaf ie-enterprise-number { 3693 type uint32; 3694 description 3695 "This parameter indicates the IANA enterprise 3696 number of the authority defining the Information Element 3697 identifier. 3698 If the Information Element is not enterprise-specific, 3699 this state parameter is zero. 3701 Note that this parameter corresponds to 3702 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX 3703 MIB module."; 3704 reference 3705 "RFC 6615, Section 8 3706 (ipfixTemplateDefinitionIeEnterpriseNumber); 3707 IANA registry for Private Enterprise Numbers, 3708 http://www.iana.org/assignments/enterprise-numbers."; 3709 } 3711 leaf is-flow-key { 3712 when "../../set-id = 2" { 3713 description 3714 "This parameter is available for non-Options 3715 Templates (Set ID is 2)."; 3716 } 3717 type empty; 3718 description 3719 "If present, this is a Flow Key field. 3721 Note that this corresponds to flowKey(1) being set in 3722 ipfixTemplateDefinitionFlags."; 3723 reference 3724 "RFC 6615, Section 8 3725 (ipfixTemplateDefinitionFlags)."; 3726 } 3728 leaf is-scope { 3729 when "../../set-id = 3" { 3730 description 3731 "This parameter is available for Options 3732 Templates (Set ID is 3)."; 3733 } 3734 type empty; 3735 description 3736 "If present, this is a scope field. 3738 Note that this corresponds to scope(0) being set in 3739 ipfixTemplateDefinitionFlags."; 3740 reference 3741 "RFC 6615, Section 8 3742 (ipfixTemplateDefinitionFlags)."; 3743 } 3744 } 3745 } 3746 } 3748 grouping common-collector-parameters { 3749 description 3750 "Parameters of a Collecting Process that are 3751 common to all transport protocols."; 3753 choice local-address-method { 3754 description 3755 "Method to configure the local address 3756 of the collecting process. Note that it is 3757 expected that other methods be available. Those 3758 method can augment this choice."; 3760 case local-address { 3761 leaf-list local-address { 3762 type inet:host; 3763 description 3764 "List of local addresses on which the Collecting 3765 Process listens for IPFIX Messages."; 3766 } 3768 } 3769 } 3771 leaf local-port { 3772 type inet:port-number; 3773 description 3774 "If not configured, the Monitoring Device uses the 3775 default port number for IPFIX, which is 4739 without 3776 TLS or DTLS and 4740 if TLS or DTLS is activated."; 3777 } 3778 } 3780 grouping tcp-collector-parameters { 3781 description 3782 "Parameters of a listening TCP socket at a 3783 Collecting Process."; 3785 uses common-collector-parameters; 3787 uses transport-layer-security-parameters; 3788 } 3790 grouping udp-collector-parameters { 3791 description 3792 "Parameters of a listening UDP socket at a 3793 Collecting Process."; 3795 uses common-collector-parameters; 3797 leaf template-life-time { 3798 type uint32; 3799 units seconds; 3800 default 1800; 3801 description 3802 "Sets the lifetime of Templates for all UDP 3803 Transport Sessions terminating at this UDP socket. 3804 Templates that are not received again within the configured 3805 lifetime become invalid at the Collecting Process. 3806 As specified in RFC 7011, the Template lifetime MUST be at 3807 least three times higher than the template-refresh-timeout 3808 parameter value configured on the corresponding Exporting 3809 Processes. 3810 Note that this parameter corresponds to 3811 ipfixTransportSessionTemplateRefreshTimeout in the IPFIX 3812 MIB module."; 3813 reference 3814 "RFC 7011, Section 10.3.7; RFC 6615, Section 8 3815 (ipfixTransportSessionTemplateRefreshTimeout)."; 3817 } 3819 leaf options-template-life-time { 3820 type uint32; 3821 units seconds; 3822 default 1800; 3823 description 3824 "Sets the lifetime of Options Templates for all 3825 UDP Transport Sessions terminating at this UDP socket. 3826 Options Templates that are not received again within the 3827 configured lifetime become invalid at the Collecting 3828 Process. 3829 As specified in RFC 7011, the Options Template lifetime MUST 3830 be at least three times higher than the 3831 options-template-refresh-timeout parameter value configured 3832 on the corresponding Exporting Processes. 3833 Note that this parameter corresponds to 3834 ipfixTransportSessionOptionsTemplateRefreshTimeout in the 3835 IPFIX MIB module."; 3836 reference 3837 "RFC 7011, Section 8.4; RFC 6615, Section 8 3838 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; 3839 } 3841 leaf template-life-packet { 3842 type uint32; 3843 units "IPFIX Messages"; 3844 description 3845 "If this parameter is configured, Templates 3846 defined in a UDP Transport Session become invalid if they 3847 are neither included in a sequence of more than this number 3848 of IPFIX Messages nor received again within the period of 3849 time specified by template-life-time. 3850 Note that this parameter corresponds to 3851 ipfixTransportSessionTemplateRefreshPacket in the IPFIX 3852 MIB module."; 3853 reference 3854 "RFC 7011, Section 8.4; RFC 6615, Section 8 3855 (ipfixTransportSessionTemplateRefreshPacket)."; 3856 } 3858 leaf options-template-life-packet { 3859 type uint32; 3860 units "IPFIX Messages"; 3861 description 3862 "If this parameter is configured, Options 3863 Templates defined in a UDP Transport Session become 3864 invalid if they are neither included in a sequence of more 3865 than this number of IPFIX Messages nor received again 3866 within the period of time specified by 3867 options-template-life-time. 3868 Note that this parameter corresponds to 3869 ipfixTransportSessionOptionsTemplateRefreshPacket in the 3870 IPFIX MIB module."; 3871 reference 3872 "RFC 7011, Section 8.4; RFC 6615, Section 8 3873 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; 3874 } 3876 leaf maximum-reordering-delay { 3877 type uint32; 3878 units seconds; 3879 description 3880 "The maximum delay for the template to be received at the 3881 collector after the data record(s) has(have) been received. 3882 The collector is expected to buffer the data records till 3883 such a time."; 3884 reference 3885 "RFC 7011, Section 8.2."; 3886 } 3888 uses transport-layer-security-parameters; 3889 } 3891 grouping sctp-collector-parameters { 3892 description 3893 "Parameters of a listening SCTP socket at a 3894 Collecting Process."; 3896 uses common-collector-parameters; 3898 leaf maximum-reordering-delay { 3899 type uint32; 3900 units seconds; 3901 description 3902 "The maximum delay for the template to be received at the 3903 collector after the data record(s) has(have) been received. 3904 The collector is expected to buffer the data records till 3905 such a time."; 3906 reference 3907 "RFC 7011, Section 8.2."; 3908 } 3910 uses transport-layer-security-parameters; 3911 } 3912 grouping file-reader-state-parameters { 3913 description 3914 "State Parameters for the File Reader."; 3916 container file-reader-state { 3917 config false; 3918 description 3919 "File Reader parameters."; 3921 leaf bytes { 3922 type yang:counter64; 3923 units octets; 3924 description 3925 "The number of bytes read by the File Reader. 3926 Discontinuities in the value of this counter can occur at 3927 re-initialization of the management system, and at other 3928 times as indicated by the value of 3929 file-reader-discontinuity-time."; 3930 } 3932 leaf messages { 3933 type yang:counter64; 3934 units "IPFIX Messages"; 3935 description 3936 "The number of IPFIX Messages read by the File Reader. 3937 Discontinuities in the value of this counter can occur at 3938 re-initialization of the management system, and at other 3939 times as indicated by the value of 3940 file-reader-discontinuity-time."; 3941 } 3943 leaf records { 3944 type yang:counter64; 3945 units "Data Records"; 3946 description 3947 "The number of Data Records read by the File Reader. 3948 Discontinuities in the value of this counter can occur at 3949 re-initialization of the management system, and at other 3950 times as indicated by the value of 3951 file-reader-discontinuity-time."; 3952 } 3954 leaf templates { 3955 type yang:counter32; 3956 units "Templates"; 3957 description 3958 "The number of Template Records (excluding 3959 Options Template Records) read by the File Reader. 3961 Discontinuities in the value of this counter can occur at 3962 re-initialization of the management system, and at other 3963 times as indicated by the value of 3964 file-reader-discontinuity-time."; 3965 } 3967 leaf options-templates { 3968 type yang:counter32; 3969 units "Options Templates"; 3970 description 3971 "The number of Options Template Records read by 3972 the File Reader. 3973 Discontinuities in the value of this counter can occur at 3974 re-initialization of the management system, and at other 3975 times as indicated by the value of 3976 file-reader-discontinuity-time."; 3977 } 3979 leaf file-reader-discontinuity-time { 3980 type yang:date-and-time; 3981 description 3982 "Timestamp of the most recent occasion at which 3983 one or more File Reader counters suffered a discontinuity. 3984 In contrast to discontinuity times in the IPFIX MIB 3985 module, the time is absolute and not relative to 3986 sysUpTime."; 3987 } 3989 uses collection-template-state-parameters; 3990 } 3991 } 3993 grouping collecting-process-parameters { 3994 description 3995 "Parameters of a Collecting Process."; 3997 list tcp-collector { 3998 if-feature tcp-transport; 3999 key "name"; 4000 description 4001 "List of TCP receivers (sockets) on which the 4002 Collecting Process receives IPFIX Messages."; 4004 leaf name { 4005 type name-type; 4006 description 4007 "Name of the TCP collector."; 4008 } 4009 uses tcp-collector-parameters; 4011 list transport-session { 4012 key name; 4013 config false; 4014 description 4015 "This list contains the currently established 4016 Transport Sessions terminating at the given socket."; 4018 leaf name { 4019 type name-type; 4020 description 4021 "The name of the transporter session."; 4022 } 4024 uses transport-session-state-parameters; 4025 uses collection-template-state-parameters; 4026 } 4027 } 4029 list udp-collector { 4030 if-feature udp-transport; 4031 key "name"; 4032 description 4033 "List of UDP receivers (sockets) on which the 4034 Collecting Process receives IPFIX Messages."; 4036 leaf name { 4037 type name-type; 4038 description 4039 "Name of the UDP collector."; 4040 } 4042 uses udp-collector-parameters; 4044 list transport-session { 4045 key name; 4046 config false; 4047 description 4048 "This list contains the currently established 4049 Transport Sessions terminating at the given socket."; 4051 leaf name { 4052 type name-type; 4053 description 4054 "The name of the transporter session."; 4055 } 4056 uses transport-session-state-parameters; 4057 uses collection-template-state-parameters; 4058 } 4059 } 4061 list sctp-collector { 4062 if-feature sctp-transport; 4063 key "name"; 4064 description 4065 "List of SCTP receivers on which the 4066 Collecting Process receives IPFIX Messages."; 4068 leaf name { 4069 type name-type; 4070 description 4071 "Name of the SCTP collector."; 4072 } 4074 uses sctp-collector-parameters; 4076 list transport-session { 4077 key name; 4078 config false; 4079 description 4080 "This list contains the currently established 4081 Transport Sessions terminating at the given socket."; 4083 leaf name { 4084 type name-type; 4085 description 4086 "The name of the transporter session."; 4087 } 4089 leaf sctp-association-id { 4090 type uint32; 4091 config false; 4092 description 4093 "The association ID used for the SCTP session 4094 between the Exporter and the Collector of the IPFIX 4095 Transport Session. It is equal to the sctpAssocId 4096 entry in the sctpAssocTable defined in the SCTP-MIB. 4097 This parameter is only available if the transport 4098 protocol is SCTP and if an SNMP agent on the same 4099 Monitoring Device enables access to the 4100 corresponding MIB objects in the sctpAssocTable. 4101 Note that this parameter corresponds to 4102 ipfixTransportSessionSctpAssocId in the IPFIX MIB 4103 module."; 4105 reference 4106 "RFC 6615, Section 8 4107 (ipfixTransportSessionSctpAssocId); 4108 RFC 3871"; 4109 } 4111 uses transport-session-state-parameters; 4112 uses collection-template-state-parameters; 4113 } 4114 } 4116 list file-reader { 4117 if-feature file-reader; 4118 key "name"; 4119 description 4120 "List of File Readers from which the 4121 Collecting Process reads the IPFIX Messages."; 4123 leaf name { 4124 type name-type; 4125 description 4126 "Name of the File Reader."; 4127 } 4129 leaf file { 4130 type inet:uri; 4131 mandatory true; 4132 description 4133 "URI specifying the location of the file."; 4134 } 4136 uses file-reader-state-parameters; 4137 } 4138 } 4140 grouping export-template-state-parameters { 4141 description 4142 "State parameters of a (Options) Template used by an 4143 Exporting Process in a specific Transport Session 4144 or by a File Writer. Parameter names and semantics correspond 4145 to the managed objects in IPFIX-MIB"; 4146 reference 4147 "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry, 4148 ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; 4150 list template { 4151 key "name"; 4152 description 4153 "This list contains the Templates and Options 4154 Templates that are transmitted by the Exporting Process or 4155 written by the file-writer. 4157 Withdrawn or invalidated (Options) Templates MUST be removed 4158 from this list."; 4160 leaf name { 4161 type name-type; 4162 description 4163 "Name of the template."; 4164 } 4166 leaf observation-domain-id { 4167 type uint32; 4168 description 4169 "The ID of the Observation Domain for which this 4170 Template is defined. 4172 Note that this parameter corresponds to 4173 ipfixTemplateObservationDomainId in the IPFIX MIB 4174 module."; 4175 reference 4176 "RFC 6615, Section 8 4177 (ipfixTemplateObservationDomainId)."; 4178 } 4180 leaf template-id { 4181 type uint16 { 4182 range "256..65535"; 4183 } 4184 description 4185 "This number indicates the Template ID in the IPFIX 4186 message. 4187 Note that this parameter corresponds to ipfixTemplateId in 4188 the IPFIX MIB module."; 4189 reference 4190 "RFC 6615, Section 8 (ipfixTemplateId)."; 4191 } 4193 leaf set-id { 4194 type uint16; 4195 description 4196 "This number indicates the Set ID of the Template. 4197 Currently, there are two values defined. The value 2 4198 is used for Sets containing Template definitions. 4199 The value 3 is used for Sets containing Options 4200 Template definitions. Note that this parameter 4201 corresponds to ipfixTemplateSetId 4202 in the IPFIX MIB module."; 4203 reference 4204 "RFC 6615, Section 8 (ipfixTemplateSetId)."; 4205 } 4207 leaf access-time { 4208 type yang:date-and-time; 4209 description 4210 "This parameter contains the time when this 4211 (Options) Template was last sent to the Collector(s) or 4212 written to the file. 4213 Note that this parameter corresponds to 4214 ipfixTemplateAccessTime in the IPFIX MIB module."; 4215 reference 4216 "RFC 6615, Section 8 ( 4217 ipfixTemplateAccessTime)."; 4218 } 4220 leaf template-data-records { 4221 type yang:counter64; 4222 description 4223 "The number of transmitted Data Records defined by this 4224 (Options) Template. Discontinuities in the value of this 4225 counter can occur at re-initialization of the management 4226 system, and at other times as indicated by the value of 4227 template-discontinuity-time. 4228 Note that this parameter corresponds to 4229 ipfixTemplateDataRecords in the IPFIX MIB module."; 4230 reference 4231 "RFC 6615, Section 8 (ipfixTemplateDataRecords)."; 4232 } 4234 leaf template-discontinuity-time { 4235 type yang:date-and-time; 4236 description 4237 "Timestamp of the most recent occasion at which 4238 the counter template-data-records suffered a 4239 discontinuity. Note that this parameter functionally 4240 corresponds to ipfixTemplateDiscontinuityTime in the 4241 IPFIX MIB module. In contrast to 4242 ipfixTemplateDiscontinuityTime, the time is absolute 4243 and not relative to sysUpTime."; 4244 reference 4245 "RFC 6615, Section 8 4246 (ipfixTemplateDiscontinuityTime)."; 4247 } 4248 list field { 4249 key "name"; 4250 description 4251 "This list contains the (Options) Template 4252 fields of which the (Options) Template is defined. 4253 The order of the list corresponds to the order 4254 of the fields in the (Option) Template Record."; 4256 leaf name { 4257 type name-type; 4258 description 4259 "Name of the template field."; 4260 } 4262 leaf ie-id { 4263 type ie-id-type; 4264 description 4265 "This parameter indicates the Information 4266 Element identifier of the field. 4268 Note that this parameter corresponds to 4269 ipfixTemplateDefinitionIeId in the IPFIX MIB module."; 4270 reference 4271 "RFC 7011; RFC 6615, Section 8 4272 (ipfixTemplateDefinitionIeId)."; 4273 } 4275 leaf ie-length { 4276 type uint16; 4277 units "octets"; 4278 description 4279 "This parameter indicates the length of the 4280 Information Element of the field. 4282 Note that this parameter corresponds to 4283 ipfixTemplateDefinitionIeLength in the IPFIX MIB 4284 module."; 4285 reference 4286 "RFC 7011; RFC 6615, Section 8 4287 (ipfixTemplateDefinitionIeLength)."; 4288 } 4290 leaf ie-enterprise-number { 4291 type uint32; 4292 description 4293 "This parameter indicates the IANA enterprise 4294 number of the authority defining the Information Element 4295 identifier. 4297 If the Information Element is not enterprise-specific, 4298 this state parameter is zero. 4300 Note that this parameter corresponds to 4301 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX 4302 MIB module."; 4303 reference 4304 "RFC 6615, Section 8 4305 (ipfixTemplateDefinitionIeEnterpriseNumber); 4306 IANA registry for Private Enterprise Numbers, 4307 http://www.iana.org/assignments/enterprise-numbers."; 4308 } 4310 leaf is-flow-key { 4311 when "../../set-id = 2" { 4312 description 4313 "This parameter is available for non-Options 4314 Templates (Set ID is 2)."; 4315 } 4316 type empty; 4317 description 4318 "If present, this is a Flow Key field. 4320 Note that this corresponds to flowKey(1) being set in 4321 ipfixTemplateDefinitionFlags."; 4322 reference 4323 "RFC 6615, Section 8 4324 (ipfixTemplateDefinitionFlags)."; 4325 } 4327 leaf is-scope { 4328 when "../../set-id = 3" { 4329 description 4330 "This parameter is available for Options 4331 Templates (Set ID is 3)."; 4332 } 4333 type empty; 4334 description 4335 "If present, this is a scope field. 4337 Note that this corresponds to scope(0) being set in 4338 ipfixTemplateDefinitionFlags."; 4339 reference 4340 "RFC 6615, Section 8 4341 (ipfixTemplateDefinitionFlags)."; 4342 } 4343 } 4344 } 4346 } 4348 grouping common-exporter-parameters { 4349 description 4350 "Parameters of en export destination that are 4351 common to all transport protocols."; 4353 leaf ipfix-version { 4354 type uint16; 4355 default '10'; 4356 description 4357 "IPFIX version number."; 4358 reference 4359 "RFC 7011."; 4360 } 4362 container source { 4363 description 4364 "Configuration corresponding to how exporter's source IP 4365 address is specified."; 4367 choice source-method { 4368 description 4369 "Method to configure the source address of the exporter 4370 or the interface to be used by the exporter. 4372 Note that it is expected that other methods be available. 4373 Those methods can augment this choice."; 4375 case source-address { 4376 leaf source-address { 4377 type inet:host; 4378 description 4379 "Select the source address used by the Exporting 4380 Process."; 4381 } 4382 } 4384 case interface-ref { 4385 leaf interface-ref { 4386 type if:interface-ref; 4387 description 4388 "The interface to be used by the Exporting Process."; 4389 } 4390 } 4392 case if-index { 4393 if-feature if-mib; 4394 leaf if-index { 4395 type uint32; 4396 description 4397 "Index of an interface as stored in the ifTable 4398 of IF-MIB."; 4399 reference 4400 "RFC 2863."; 4401 } 4402 } 4404 case if-name { 4405 if-feature if-mib; 4406 leaf if-name { 4407 type string; 4408 description 4409 "Name of an interface as stored in the ifTable 4410 of IF-MIB."; 4411 reference 4412 "RFC 2863."; 4413 } 4414 } 4415 } 4416 } 4418 container destination { 4419 description 4420 "Configuration corresponding to how exporter's destination IP 4421 address is specified."; 4423 choice destination-method { 4424 mandatory true; 4425 description 4426 "Method to configuring the destination address of the 4427 Collection Process to which IPFIX Messages are sent. 4429 Note it is expected that if other methods are available 4430 that they would augment from this statement."; 4432 case destination-address { 4433 leaf destination-address { 4434 type inet:host; 4435 description 4436 "Destination IP address or hostname. A hostname may 4437 resolve to one or more IP addresses."; 4438 } 4439 } 4440 } 4441 } 4442 leaf destination-port { 4443 type inet:port-number; 4444 description 4445 "If not configured by the user, the Monitoring 4446 Device uses the default port number for IPFIX, which is 4447 4739 without TLS or DTLS and 4740 if TLS or DTLS is 4448 activated."; 4449 } 4451 leaf send-buffer-size { 4452 type uint32; 4453 units "bytes"; 4454 description 4455 "Size of the socket send buffer. 4457 If not configured by the user, this parameter is set by 4458 the Monitoring Device."; 4459 } 4461 leaf rate-limit { 4462 type uint32; 4463 units "bytes per second"; 4464 description 4465 "Maximum number of bytes per second the Exporting 4466 Process may export to the given destination. The number of 4467 bytes is calculated from the lengths of the IPFIX Messages 4468 exported. If not configured, no rate limiting is 4469 performed."; 4470 reference 4471 "RFC 5476, Section 6.3."; 4472 } 4473 } 4475 grouping tcp-exporter-parameters { 4476 description 4477 "Parameters of a TCP export destination."; 4479 uses common-exporter-parameters; 4481 leaf connection-timeout { 4482 type uint32; 4483 units seconds; 4484 description 4485 "Time after which the exporting process deems the 4486 TCP connection to have failed."; 4487 reference 4488 "RFC 7011, Sections 10.4.4 and 10.4.5."; 4489 } 4490 leaf retry-schedule { 4491 type uint32 { 4492 range "60..max"; 4493 } 4494 units seconds; 4495 description 4496 "Time after which the exporting process retries the 4497 TCP connection to a collector."; 4498 reference 4499 "RFC 7011, Section 10.4.4."; 4500 } 4502 uses transport-layer-security-parameters; 4503 } 4505 grouping udp-exporter-parameters { 4506 description 4507 "Parameters of a UDP export destination."; 4509 uses common-exporter-parameters; 4511 leaf maximum-packet-size { 4512 type uint16; 4513 units octets; 4514 description 4515 "This parameter specifies the maximum size of 4516 IP packets sent to the Collector. If set to zero, the 4517 Exporting Device MUST derive the maximum packet size 4518 from path MTU discovery mechanisms. 4519 If not configured by the user, this parameter is set by 4520 the Monitoring Device."; 4521 } 4523 leaf template-refresh-timeout { 4524 type uint32; 4525 units seconds; 4526 default 600; 4527 description 4528 "Sets time after which Templates are resent in the 4529 UDP Transport Session. 4530 Note that the configured lifetime MUST be adapted to the 4531 template-life-time parameter value at the receiving 4532 Collecting Process. 4533 Note that this parameter corresponds to 4534 ipfixTransportSessionTemplateRefreshTimeout in the IPFIX 4535 MIB module."; 4536 reference 4537 "RFC 7011, Section 8.4; RFC 6615, Section 8 4538 (ipfixTransportSessionTemplateRefreshTimeout)."; 4539 } 4541 leaf options-template-refresh-timeout { 4542 type uint32; 4543 units seconds; 4544 default 600; 4545 description 4546 "Sets time after which Options Templates are 4547 resent in the UDP Transport Session. 4548 Note that the configured lifetime MUST be adapted to the 4549 options-template-life-time parameter value at the receiving 4550 Collecting Process. 4551 Note that this parameter corresponds to 4552 ipfixTransportSessionOptionsTemplateRefreshTimeout in the 4553 IPFIX MIB module."; 4554 reference 4555 "RFC 7011, Section 8.4; RFC 6615, Section 8 4556 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; 4557 } 4559 leaf template-refresh-packet { 4560 type uint32; 4561 units "IPFIX Messages"; 4562 description 4563 "Sets number of IPFIX Messages after which 4564 Templates are resent in the UDP Transport Session. 4565 Note that this parameter corresponds to 4566 ipfixTransportSessionTemplateRefreshPacket in the IPFIX 4567 MIB module. 4568 If omitted, Templates are only resent after timeout."; 4569 reference 4570 "RFC 7011, Section 8.4; RFC 6615, Section 8 4571 (ipfixTransportSessionTemplateRefreshPacket)."; 4572 } 4574 leaf options-template-refresh-packet { 4575 type uint32; 4576 units "IPFIX Messages"; 4577 description 4578 "Sets number of IPFIX Messages after which 4579 Options Templates are resent in the UDP Transport Session 4580 protocol. 4581 Note that this parameter corresponds to 4582 ipfixTransportSessionOptionsTemplateRefreshPacket in the 4583 IPFIX MIB module. 4584 If omitted, Templates are only resent after timeout."; 4585 reference 4586 "RFC 7011, Section 8.4; RFC 6615, Section 8 4587 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; 4588 } 4590 uses transport-layer-security-parameters; 4591 } 4593 grouping sctp-exporter-parameters { 4594 description 4595 "Parameters of a SCTP export destination."; 4597 uses common-exporter-parameters; 4599 leaf timed-reliability { 4600 type uint32; 4601 units milliseconds; 4602 default 0; 4603 description 4604 "Lifetime in milliseconds until an IPFIX 4605 Message containing Data Sets only is 'abandoned' due to 4606 the timed reliability mechanism of PR-SCTP. 4607 If this parameter is set to zero, reliable SCTP 4608 transport is used for all Data Records. 4609 Regardless of the value of this parameter, the Exporting 4610 Process MAY use reliable SCTP transport for Data Sets 4611 associated with Options Templates."; 4612 reference 4613 "RFC 3758; RFC 4960."; 4614 } 4616 leaf association-timeout { 4617 type uint32; 4618 units seconds; 4619 description 4620 "Time after which the exporting process deems the 4621 SCTP association to have failed."; 4622 reference 4623 "RFC 7011, Sections 10.2.4 and 10.2.5."; 4624 } 4626 uses transport-layer-security-parameters; 4627 } 4629 grouping file-writer-state-parameters { 4630 description 4631 "State Parameters for the File Writer."; 4633 container file-writer-state { 4634 config false; 4635 description 4636 "File Writer parameters."; 4638 leaf bytes { 4639 type yang:counter64; 4640 units octets; 4641 description 4642 "The number of bytes written by the File Writer. 4643 Discontinuities in the value of this counter can occur at 4644 re-initialization of the management system, and at other 4645 times as indicated by the value of 4646 file-writer-discontinuity-time."; 4647 } 4649 leaf messages { 4650 type yang:counter64; 4651 units "IPFIX Messages"; 4652 description 4653 "The number of IPFIX Messages written by the File 4654 Writer. 4655 Discontinuities in the value of this counter can occur at 4656 re-initialization of the management system, and at other 4657 times as indicated by the value of 4658 file-writer-discontinuity-time."; 4659 } 4661 leaf discarded-messages { 4662 type yang:counter64; 4663 units "IPFIX Messages"; 4664 description 4665 "The number of IPFIX Messages that could not be 4666 written by the File Writer due to internal buffer 4667 overflows, limited storage capacity, etc. 4668 Discontinuities in the value of this counter can occur at 4669 re-initialization of the management system, and at other 4670 times as indicated by the value of 4671 file-writer-discontinuity-time."; 4672 } 4674 leaf records { 4675 type yang:counter64; 4676 units "Data Records"; 4677 description 4678 "The number of Data Records written by the File Writer. 4679 Discontinuities in the value of this counter can occur at 4680 re-initialization of the management system, and at other 4681 times as indicated by the value of 4682 file-writer-discontinuity-time."; 4683 } 4685 leaf templates { 4686 type yang:counter32; 4687 units "Templates"; 4688 description 4689 "The number of Template Records (excluding 4690 Options Template Records) written by the File Writer. 4691 Discontinuities in the value of this counter can occur at 4692 re-initialization of the management system, and at other 4693 times as indicated by the value of 4694 file-writer-discontinuity-time."; 4695 } 4697 leaf options-templates { 4698 type yang:counter32; 4699 units "Options Templates"; 4700 description 4701 "The number of Options Template Records written 4702 by the File Writer. 4703 Discontinuities in the value of this counter can occur at 4704 re-initialization of the management system, and at other 4705 times as indicated by the value of 4706 file-writer-discontinuity-time."; 4707 } 4709 leaf file-writer-discontinuity-time { 4710 type yang:date-and-time; 4711 description 4712 "Timestamp of the most recent occasion at which 4713 one or more File Writer counters suffered a discontinuity. 4714 In contrast to discontinuity times in the IPFIX MIB 4715 module, the time is absolute and not relative to 4716 sysUpTime."; 4717 } 4719 uses export-template-state-parameters; 4720 } 4721 } 4723 grouping exporting-process-parameters { 4724 description 4725 "Parameters of an Exporting Process."; 4727 leaf export-mode { 4728 type identityref { 4729 base export-mode; 4731 } 4732 default 'parallel'; 4733 description 4734 "This parameter determines to which configured 4735 destination(s) the incoming Data Records are exported."; 4736 } 4738 list destination { 4739 key "name"; 4740 min-elements 1; 4741 description 4742 "List of export destinations."; 4744 leaf name { 4745 type name-type; 4746 description 4747 "Export destination name."; 4748 } 4750 choice destination-parameters { 4751 mandatory true; 4752 description 4753 "Destination configuration."; 4755 container tcp-exporter { 4756 if-feature tcp-transport; 4757 description 4758 "TCP parameters."; 4760 uses tcp-exporter-parameters; 4762 container transport-session { 4763 config false; 4764 description 4765 "Transport session state data."; 4767 uses transport-session-state-parameters; 4768 uses export-template-state-parameters; 4769 } 4770 } 4772 container udp-exporter { 4773 if-feature udp-transport; 4774 description 4775 "UDP parameters."; 4777 uses udp-exporter-parameters; 4778 container transport-session { 4779 config false; 4780 description 4781 "Transport session state data."; 4783 uses transport-session-state-parameters; 4784 uses export-template-state-parameters; 4785 } 4786 } 4788 container sctp-exporter { 4789 if-feature sctp-transport; 4790 description 4791 "SCTP parameters."; 4793 uses sctp-exporter-parameters; 4795 container transport-session { 4796 config false; 4797 description 4798 "Transport session state data."; 4800 leaf sctp-association-id { 4801 type uint32; 4802 description 4803 "The association ID used for the SCTP session 4804 between the Exporter and the Collector of the IPFIX 4805 Transport Session. It is equal to the sctpAssocId 4806 entry in the sctpAssocTable defined in the SCTP-MIB. 4807 This parameter is only available if the transport 4808 protocol is SCTP and if an SNMP agent on the same 4809 Monitoring Device enables access to the 4810 corresponding MIB objects in the sctpAssocTable. 4811 Note that this parameter corresponds to 4812 ipfixTransportSessionSctpAssocId in the IPFIX MIB 4813 module."; 4814 reference 4815 "RFC 6615, Section 8 4816 (ipfixTransportSessionSctpAssocId); 4817 RFC 3871"; 4818 } 4820 uses transport-session-state-parameters; 4821 uses export-template-state-parameters; 4822 } 4823 } 4825 container file-writer { 4826 if-feature file-writer; 4827 description 4828 "File Writer parameters."; 4830 leaf ipfix-version { 4831 type uint16; 4832 default 10; 4833 description 4834 "IPFIX version number."; 4835 reference 4836 "RFC 7011."; 4837 } 4839 leaf file { 4840 type inet:uri; 4841 mandatory true; 4842 description 4843 "URI specifying the location of the file."; 4844 } 4846 uses file-writer-state-parameters; 4847 } 4848 } 4849 } 4851 list options { 4852 key "name"; 4853 description 4854 "List of options reported by the Exporting Process."; 4856 leaf name { 4857 type name-type; 4858 description 4859 "Name of the option."; 4860 } 4861 uses options-parameters; 4862 } 4863 } 4865 grouping options-parameters { 4866 description 4867 "Parameters specifying the data export using an 4868 Options Template."; 4870 leaf options-type { 4871 type identityref { 4872 base options-type; 4873 } 4874 mandatory true; 4875 description 4876 "Type of the exported options data."; 4877 } 4879 leaf options-timeout { 4880 type uint32; 4881 units "milliseconds"; 4882 description 4883 "Time interval for periodic export of the options 4884 data. If set to zero, the export is triggered when the 4885 options data has changed. 4887 If not configured by the user, this parameter is set by the 4888 Monitoring Device."; 4889 } 4890 } 4892 container ipfix { 4893 description 4894 "IPFIX Exporter and/or Collector data nodes."; 4896 list collecting-process { 4897 if-feature collector; 4898 key "name"; 4899 description 4900 "Collecting Process of the Monitoring Device."; 4902 leaf name { 4903 type name-type; 4904 description 4905 "Name of the collecting process."; 4906 } 4908 uses collecting-process-parameters; 4910 leaf-list exporting-process { 4911 if-feature exporter; 4912 type leafref { 4913 path "/ietf-ipfix:ipfix" 4914 + "/ietf-ipfix:exporting-process" 4915 + "/ietf-ipfix:name"; 4916 } 4917 description 4918 "Export of received records without any 4919 modifications. Records are processed by all Exporting 4920 Processes in the list."; 4921 } 4923 } 4925 list exporting-process { 4926 if-feature exporter; 4927 key "name"; 4928 description 4929 "List of Exporting Processes of the IPFIX Monitoring Device 4930 for which configuration will be applied."; 4932 leaf name { 4933 type name-type; 4934 description 4935 "Name of the exporting process."; 4936 } 4938 leaf enabled { 4939 type boolean; 4940 default "true"; 4941 description 4942 "If true, this exporting process is enabled for 4943 exporting."; 4944 } 4946 uses exporting-process-parameters; 4948 leaf exporting-process-id { 4949 type uint32; 4950 config false; 4951 description 4952 "The identifier of the Exporting Process. 4953 This parameter corresponds to the Information Element 4954 exportingProcessId. Its occurrence helps to associate 4955 Exporting Process parameters with Exporing Process 4956 statistics exported by the Monitoring Device using the 4957 Exporting Process Reliability Statistics Template as 4958 defined by the IPFIX protocol specification."; 4959 reference 4960 "RFC 7011, Section 4.3; IANA registry for IPFIX 4961 Entities, http://www.iana.org/assignments/ipfix."; 4962 } 4963 } 4964 } 4965 } 4967 4969 6.2. ietf-ipfix-packet-sampling 4971 6.2.1. ietf-ipfix-packet-sampling Module Structure 4973 This document defines the YANG module "ietf-ipfix-packet-sampling", 4974 which has the following structure: 4976 module: ietf-ipfix-packet-sampling 4977 augment /ietf-ipfix:ipfix: 4978 +--rw psamp 4979 +--rw observation-point* [name] 4980 | +--rw name ietf-ipfix:name-type 4981 | +--rw observation-domain-id uint32 4982 | +--rw interface-ref* if:interface-ref 4983 | +--rw if-name* if-name-type {if-mib}? 4984 | +--rw if-index* uint32 {if-mib}? 4985 | +--rw hardware-ref* hardware-ref 4986 | +--rw ent-physical-name* string {entity-mib}? 4987 | +--rw ent-physical-index* uint32 {entity-mib}? 4988 | +--rw direction? direction 4989 | +--rw selection-process* 4990 | | -> /ietf-ipfix:ipfix/psamp/selection-process/name 4991 | +--ro observation-point-id? uint32 4992 +--rw selection-process* [name] 4993 | +--rw name ietf-ipfix:name-type 4994 | +--rw selector* [name] 4995 | | ... 4996 | +--rw cache? 4997 | | -> /ietf-ipfix:ipfix/psamp/cache/name 4998 | +--ro selection-sequence* [] 4999 | ... 5000 +--rw cache* [name] 5001 +--rw name ietf-ipfix:name-type 5002 +--rw enabled? boolean 5003 +--rw (cache-type) 5004 | ... 5005 +--rw exporting-process* 5006 | -> /ietf-ipfix:ipfix/exporting-process/name 5007 | {ietf-ipfix:exporter}? 5008 +--ro metering-process-id? uint32 5009 +--ro data-records? yang:counter64 5010 +--ro cache-discontinuity-time? yang:date-and-time 5012 6.2.2. ietf-ipfix-packet-sampling YANG module 5014 This YANG Module imports typedefs from [RFC6991]. 5016 file "ietf-ipfix-packet-sampling@2018-10-22.yang" 5017 module ietf-ipfix-packet-sampling { 5018 yang-version 1.1; 5020 namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling"; 5022 prefix ietf-ipsamp; 5024 import ietf-yang-types { 5025 prefix yang; 5026 } 5028 import ietf-ipfix { 5029 prefix ietf-ipfix; 5030 } 5032 import ietf-interfaces { 5033 prefix if; 5034 } 5036 import ietf-hardware { 5037 prefix hw; 5038 } 5040 organization 5041 "IETF"; 5043 contact 5044 "Web: TBD 5045 List: TBD 5047 Editor: Joey Boyd 5048 5050 Editor: Marta Seda 5051 "; 5053 // RFC Ed.: replace XXXX with actual RFC numbers and 5054 // remove this note. 5056 description 5057 "This module contains a collection of YANG definitions for the 5058 management Packet Sampling (PSAMP) over IPFIX. 5060 This data model is designed for the Network Management Datastore 5061 Architecture defined in RFC 8342. 5063 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 5064 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 5065 'MAY', and 'OPTIONAL' in this document are to be interpreted as 5066 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 5067 they appear in all capitals, as shown here. 5069 Copyright (c) 2019 IETF Trust and the persons identified as 5070 authors of the code. All rights reserved. 5072 Redistribution and use in source and binary forms, with or 5073 without modification, is permitted pursuant to, and subject to 5074 the license terms contained in, the Simplified BSD License set 5075 forth in Section 4.c of the IETF Trust's Legal Provisions 5076 Relating to IETF Documents 5077 (https://trustee.ietf.org/license-info). 5079 This version of this YANG module is part of RFC XXXX 5080 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 5081 for full legal notices."; 5083 revision 2019-10-28 { 5084 description 5085 "Initial revision."; 5086 reference 5087 "RFC XXXX: YANG Data Models for the IP Flow Information Export 5088 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 5089 and Bulk Data Export"; 5090 } 5092 feature if-mib { 5093 description 5094 "This feature indicates that the device implements 5095 the IF-MIB."; 5096 reference 5097 "RFC 2863: The Interfaces Group MIB"; 5098 } 5100 feature entity-mib { 5101 description 5102 "This feature indicates that the device implements 5103 the ENTITY-MIB."; 5104 reference 5105 "RFC 6933: Entity MIB (Version 4)"; 5106 } 5108 feature psamp-samp-count-based { 5109 description 5110 "If supported, the Monitoring Device supports 5111 count-based Sampling. The Selector method sampCountBased can 5112 be configured."; 5114 } 5116 feature psamp-samp-time-based { 5117 description 5118 "If supported, the Monitoring Device supports 5119 time-based Sampling. The Selector method sampTimeBased can 5120 be configured."; 5121 } 5123 feature psamp-samp-rand-out-of-n { 5124 description 5125 "If supported, the Monitoring Device supports 5126 random n-out-of-N Sampling. The Selector method 5127 sampRandOutOfN can be configured."; 5128 } 5130 feature psamp-samp-uni-prob { 5131 description 5132 "If supported, the Monitoring Device supports 5133 uniform probabilistic Sampling. The Selector method 5134 sampUniProb can be configured."; 5135 } 5137 feature psamp-filter-match { 5138 description 5139 "If supported, the Monitoring Device supports 5140 property match Filtering. The Selector method filterMatch 5141 can be configured."; 5142 } 5144 feature psamp-filter-hash { 5145 description 5146 "If supported, the Monitoring Device supports 5147 hash-based Filtering. The Selector method filterHash can be 5148 configured."; 5149 } 5151 feature immediate-cache { 5152 description 5153 "If supported, the Monitoring Device supports 5154 Caches generating PSAMP Packet Reports by configuration with 5155 immediateCache."; 5156 } 5158 feature timeout-cache { 5159 description 5160 "If supported, the Monitoring Device supports 5161 Caches generating IPFIX Flow Records by configuration with 5162 timeoutCache."; 5163 } 5165 feature natural-cache { 5166 description 5167 "If supported, the Monitoring Device supports 5168 Caches generating IPFIX Flow Records by configuration with 5169 naturalCache."; 5170 } 5172 feature permanent-cache { 5173 description 5174 "If supported, the Monitoring Device supports 5175 Caches generating IPFIX Flow Records by configuration with 5176 permanentCache."; 5177 } 5179 identity bob { 5180 base hash-function; 5181 description 5182 "BOB hash function."; 5183 reference 5184 "RFC 5475, Section 6.2.4.1."; 5185 } 5187 identity ipsx { 5188 base hash-function; 5189 description 5190 "IPSX hash function."; 5191 reference 5192 "RFC 5475, Section 6.2.4.1."; 5193 } 5195 identity crc { 5196 base hash-function; 5197 description 5198 "CRC hash function."; 5199 reference 5200 "RFC 5475, Section 6.2.4.1."; 5201 } 5203 identity hash-function { 5204 description 5205 "Base identity for all hash functions used for 5206 hash-based packet Filtering."; 5207 } 5209 typedef hardware-ref { 5210 type leafref { 5211 path "/hw:hardware/hw:component/hw:name"; 5212 } 5213 description 5214 "This type is used to reference hardware components."; 5215 reference 5216 "RFC 8348."; 5217 } 5219 typedef if-name-type { 5220 type string { 5221 length "1..255"; 5222 } 5223 description 5224 "This corresponds to the DisplayString textual 5225 convention of SNMPv2-TC, which is used for ifName in the IF 5226 MIB module."; 5227 reference 5228 "RFC 2863 (ifName)."; 5229 } 5231 typedef direction { 5232 type enumeration { 5233 enum "ingress" { 5234 value 0; 5235 description 5236 "This value is used for monitoring incoming packets."; 5237 } 5238 enum "egress" { 5239 value 1; 5240 description 5241 "This value is used for monitoring outgoing packets."; 5242 } 5243 enum "both" { 5244 value 2; 5245 description 5246 "This value is used for monitoring incoming and 5247 outgoing packets."; 5248 } 5249 } 5250 description 5251 "Direction of packets going through an interface."; 5252 } 5254 grouping observation-point-parameters { 5255 description 5256 "Interface as input to Observation Point."; 5258 leaf observation-domain-id { 5259 type uint32; 5260 mandatory true; 5261 description 5262 "The Observation Domain ID associates the 5263 Observation Point to an Observation Domain. Observation 5264 Points with identical Observation Domain IDs belong to the 5265 same Observation Domain. 5267 Note that this parameter corresponds to 5268 ipfixObservationPointObservationDomainId in the IPFIX MIB 5269 module."; 5270 reference 5271 "RFC 5101; RFC 6615, Section 8 5272 (ipfixObservationPointObservationDomainId)."; 5273 } 5275 leaf-list interface-ref { 5276 type if:interface-ref; 5277 description 5278 "List of interfaces of the Monitoring Device. The 5279 Observation Point observes packets at the specified 5280 interfaces."; 5281 } 5283 leaf-list if-name { 5284 if-feature if-mib; 5285 type if-name-type; 5286 description 5287 "List of names identifying interfaces of the 5288 Monitoring Device. The Observation Point observes packets 5289 at the specified interfaces."; 5290 } 5292 leaf-list if-index { 5293 if-feature if-mib; 5294 type uint32; 5295 description 5296 "List of if-index values pointing to entries in the 5297 ifTable of the IF-MIB module maintained by the Monitoring 5298 Device. The Observation Point observes packets at the 5299 specified interfaces. 5300 This parameter SHOULD only be used if an SNMP agent enables 5301 access to the ifTable. 5302 Note that this parameter corresponds to 5303 ipfixObservationPointPhysicalInterface in the IPFIX MIB 5304 module."; 5305 reference 5306 "RFC 2863; RFC 6615, Section 8 5307 (ipfixObservationPointPhysicalInterface)."; 5308 } 5310 leaf-list hardware-ref { 5311 type hardware-ref; 5312 description 5313 "List of hardware components of the Monitoring Device. 5314 The Observation Points observes packets at the specified 5315 hardware components."; 5316 reference 5317 "RFC 8348."; 5318 } 5320 leaf-list ent-physical-name { 5321 if-feature entity-mib; 5322 type string; 5323 description 5324 "List of names identifying physical entities of the 5325 Monitoring Device. The Observation Point observes packets 5326 at the specified entities."; 5327 } 5329 leaf-list ent-physical-index { 5330 if-feature entity-mib; 5331 type uint32; 5332 description 5333 "List of ent-physical-index values pointing to 5334 entries in the entPhysicalTable of the ENTITY-MIB module 5335 maintained by the Monitoring Device. The Observation Point 5336 observes packets at the specified entities. 5337 This parameter SHOULD only be used if an SNMP agent enables 5338 access to the entPhysicalTable. 5339 Note that this parameter corresponds to 5340 ipfixObservationPointPhysicalEntity in the IPFIX MIB 5341 module."; 5342 reference 5343 "RFC 4133; RFC 6615, Section 8 5344 (ipfixObservationPointPhysicalInterface)."; 5345 } 5347 leaf direction { 5348 type direction; 5349 default "both"; 5350 description 5351 "Direction of packets. If not applicable (e.g., in 5352 the case of a sniffing interface in promiscuous mode), this 5353 parameter is ignored."; 5355 } 5356 } 5358 grouping samp-count-based-parameters { 5359 description 5360 "Configuration parameters of a Selector applying 5361 systematic count-based packet Sampling to the packet 5362 stream."; 5363 reference 5364 "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1."; 5366 leaf packet-interval { 5367 type uint32; 5368 units "packets"; 5369 mandatory true; 5370 description 5371 "The number of packets that are consecutively 5372 sampled between gaps of length packetSpace. 5374 This parameter corresponds to the Information Element 5375 samplingPacketInterval and to psampSampCountBasedInterval 5376 in the PSAMP MIB module."; 5377 reference 5378 "RFC 5477, Section 8.2.2; RFC 6727, Section 6 5379 (psampSampCountBasedInterval)."; 5380 } 5382 leaf packet-space { 5383 type uint32; 5384 units "packets"; 5385 mandatory true; 5386 description 5387 "The number of unsampled packets between two 5388 Sampling intervals. 5390 This parameter corresponds to the Information Element 5391 samplingPacketSpace and to psampSampCountBasedSpace 5392 in the PSAMP MIB module."; 5393 reference 5394 "RFC 5477, Section 8.2.3; RFC 6727, Section 6 5395 (psampSampCountBasedSpace)."; 5396 } 5397 } 5399 grouping samp-time-based-parameters { 5400 description 5401 "Configuration parameters of a Selector applying 5402 systematic time-based packet Sampling to the packet 5403 stream."; 5404 reference 5405 "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2."; 5407 leaf time-interval { 5408 type uint32; 5409 units "microseconds"; 5410 mandatory true; 5411 description 5412 "The time interval in microseconds during 5413 which all arriving packets are sampled between gaps 5414 of length timeSpace. 5416 This parameter corresponds to the Information Element 5417 samplingTimeInterval and to psampSampTimeBasedInterval 5418 in the PSAMP MIB module."; 5419 reference 5420 "RFC 5477, Section 8.2.4; RFC 6727, Section 6 5421 (psampSampTimeBasedInterval)."; 5422 } 5424 leaf time-space { 5425 type uint32; 5426 units "microseconds"; 5427 mandatory true; 5428 description 5429 "The time interval in microseconds during 5430 which no packets are sampled between two Sampling 5431 intervals specified by timeInterval. 5433 This parameter corresponds to the Information Element 5434 samplingTimeInterval and to psampSampTimeBasedSpace 5435 in the PSAMP MIB module."; 5436 reference 5437 "RFC 5477, Section 8.2.5; RFC 6727, Section 6 5438 (psampSampTimeBasedSpace)."; 5439 } 5440 } 5442 grouping samp-rand-out-of-n-parameters { 5443 description 5444 "Configuration parameters of a Selector applying 5445 n-out-of-N packet Sampling to the packet stream."; 5446 reference 5447 "RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3."; 5449 leaf size { 5450 type uint32; 5451 units "packets"; 5452 mandatory true; 5453 description 5454 "The number of elements taken from the parent 5455 population. 5457 This parameter corresponds to the Information Element 5458 samplingSize and to psampSampRandOutOfNSize in the PSAMP 5459 MIB module."; 5460 reference 5461 "RFC 5477, Section 8.2.6; RFC 6727, Section 6 5462 (psampSampRandOutOfNSize)."; 5463 } 5465 leaf population { 5466 type uint32; 5467 units "packets"; 5468 mandatory true; 5469 description 5470 "The number of elements in the parent 5471 population. 5473 This parameter corresponds to the Information Element 5474 samplingPopulation and to psampSampRandOutOfNPopulation 5475 in the PSAMP MIB module."; 5476 reference 5477 "RFC 5477, Section 8.2.7; RFC 6727, Section 6 5478 (psampSampRandOutOfNPopulation)."; 5479 } 5480 } 5482 grouping samp-uni-prob-parameters { 5483 description 5484 "Configuration parameters of a Selector applying 5485 uniform probabilistic packet Sampling (with equal 5486 probability per packet) to the packet stream."; 5487 reference 5488 "RFC 5475, Section 5.2.2.1; 5489 RFC 5476, Section 6.5.2.4."; 5491 leaf probability { 5492 type decimal64 { 5493 fraction-digits 18; 5494 range "0..1"; 5495 } 5496 mandatory true; 5497 description 5498 "Probability that a packet is sampled, 5499 expressed as a value between 0 and 1. The probability 5500 is equal for every packet. 5502 This parameter corresponds to the Information Element 5503 samplingProbability and to psampSampUniProbProbability 5504 in the PSAMP MIB module."; 5505 reference 5506 "RFC 5477, Section 8.2.8; RFC 6727, Section 6 5507 (psampSampUniProbProbability)."; 5508 } 5509 } 5511 grouping filter-match-parameters { 5512 description 5513 "Configuration parameters of a Selector applying 5514 property match Filtering to the packet stream. 5516 The field to be matched is specified as an Information 5517 Element."; 5518 reference 5519 "RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5."; 5521 choice information-element { 5522 mandatory true; 5523 description 5524 "The Information Element field to be matched."; 5526 leaf ie-name { 5527 type ietf-ipfix:ie-name-type; 5528 description 5529 "Name of the Information Element."; 5530 } 5532 leaf ie-id { 5533 type ietf-ipfix:ie-id-type; 5534 description 5535 "Identifier of the Information Element."; 5536 } 5537 } 5539 leaf ie-enterprise-number { 5540 type uint32; 5541 default '0'; 5542 description 5543 "If this parameter is zero, the Information 5544 Element is registered in the IANA registry of IPFIX 5545 Information Elements. 5547 If this parameter is configured with a non-zero private 5548 enterprise number, the Information Element is 5549 enterprise-specific."; 5550 reference 5551 "IANA registry for Private Enterprise Numbers, 5552 http://www.iana.org/assignments/enterprise-numbers; 5553 IANA registry for IPFIX Entities, 5554 http://www.iana.org/assignments/ipfix."; 5555 } 5557 leaf value { 5558 type string; 5559 mandatory true; 5560 description 5561 "Matching value of the Information Element."; 5562 } 5563 } 5565 grouping filter-hash-parameters { 5566 description 5567 "Configuration parameters of a Selector applying 5568 hash-based Filtering to the packet stream."; 5569 reference 5570 "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6."; 5572 leaf hash-function { 5573 type identityref { 5574 base hash-function; 5575 } 5576 default 'bob'; 5577 description 5578 "Hash function to be applied. According to 5579 RFC 5475, Section 6.2.4.1, 'BOB' must be used in order to 5580 be compliant with PSAMP. 5582 This parameter functionally corresponds to 5583 psampFiltHashFunction in the PSAMP MIB module."; 5584 reference 5585 "RFC 6727, Section 6 (psampFiltHashFunction)"; 5586 } 5588 leaf initializer-value { 5589 type uint64; 5590 description 5591 "Initializer value to the hash function. 5592 If not configured by the user, the Monitoring Device 5593 arbitrarily chooses an initializer value. 5595 This parameter corresponds to the Information Element 5596 hashInitialiserValue and to psampFiltHashInitializerValue 5597 in the PSAMP MIB module."; 5598 reference 5599 "RFC 5477, Section 8.3.9; RFC 6727, Section 6 5600 (psampFiltHashInitializerValue)."; 5601 } 5603 leaf ip-payload-offset { 5604 type uint64; 5605 units "octets"; 5606 default '0'; 5607 description 5608 "IP payload offset indicating the position of 5609 the first payload byte considered as input to the hash 5610 function. 5611 Default value 0 corresponds to the minimum offset that 5612 must be configurable according to RFC 5476, Section 5613 6.5.2.6. 5615 This parameter corresponds to the Information Element 5616 hashIPPayloadOffset and to psampFiltHashIpPayloadOffset 5617 in the PSAMP MIB module."; 5618 reference 5619 "RFC 5477, Section 8.3.2; RFC 6727, Section 6 5620 (psampFiltHashIpPayloadOffset)."; 5621 } 5623 leaf ip-payload-size { 5624 type uint64; 5625 units "octets"; 5626 default '8'; 5627 description 5628 "Number of IP payload bytes used as input to 5629 the hash function, counted from the payload offset. 5630 If the IP payload is shorter than the payload range, 5631 all available payload octets are used as input. 5632 Default value 8 corresponds to the minimum IP payload 5633 size that must be configurable according to RFC 5476, 5634 Section 6.5.2.6. 5636 This parameter corresponds to the Information Element 5637 hashIPPayloadSize and to psampFiltHashIpPayloadSize 5638 in the PSAMP MIB module."; 5639 reference 5640 "RFC 5477, Section 8.3.3; RFC 6727, Section 6 5641 (psampFiltHashIpPayloadSize)."; 5642 } 5643 leaf digest-output { 5644 type boolean; 5645 default 'false'; 5646 description 5647 "If true, the output from this Selector is 5648 included in the Packet Report as a packet digest. 5649 Therefore, the configured Cache Layout needs to contain 5650 a digestHashValue field. 5652 This parameter corresponds to the Information Element 5653 hashDigestOutput."; 5654 reference 5655 "RFC 5477, Section 8.3.8."; 5656 } 5658 list selected-range { 5659 key "name"; 5660 min-elements 1; 5661 description 5662 "List of hash function return ranges for 5663 which packets are selected."; 5665 leaf name { 5666 type ietf-ipfix:name-type; 5667 description 5668 "Name of the selected range."; 5669 } 5671 leaf min { 5672 type uint64; 5673 description 5674 "Beginning of the hash function's selected 5675 range. 5677 This parameter corresponds to the Information Element 5678 hashSelectedRangeMin and to psampFiltHashSelectedRangeMin 5679 in the PSAMP MIB module."; 5680 reference 5681 "RFC 5477, Section 8.3.6; RFC 6727, Section 6 5682 (psampFiltHashSelectedRangeMin)."; 5683 } 5685 leaf max { 5686 type uint64; 5687 description 5688 "End of the hash function's selected range. 5690 This parameter corresponds to the Information Element 5691 hashSelectedRangeMax and to psampFiltHashSelectedRangeMax 5692 in the PSAMP MIB module."; 5693 reference 5694 "RFC 5477, Section 8.3.7; RFC 6727, Section 6 5695 (psampFiltHashSelectedRangeMax)."; 5696 } 5697 } 5698 } 5700 grouping filter-hash-parameters-state { 5701 description 5702 "Configuration parameters of a Selector applying 5703 hash-based Filtering to the packet stream."; 5704 reference 5705 "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6."; 5707 leaf output-range-min { 5708 type uint64; 5709 config false; 5710 description 5711 "Beginning of the hash function's potential 5712 range. 5714 This parameter corresponds to the Information Element 5715 hashOutputRangeMin and to psampFiltHashOutputRangeMin 5716 in the PSAMP MIB module."; 5717 reference 5718 "RFC 5477, Section 8.3.4; RFC 6727, Section 6 5719 (psampFiltHashOutputRangeMin)."; 5720 } 5722 leaf output-range-max { 5723 type uint64; 5724 config false; 5725 description 5726 "End of the hash function's potential range. 5728 This parameter corresponds to the Information Element 5729 hashOutputRangeMax and to psampFiltHashOutputRangeMax 5730 in the PSAMP MIB module."; 5731 reference 5732 "RFC 5477, Section 8.3.5; RFC 6727, Section 6 5733 (psampFiltHashOutputRangeMax)."; 5734 } 5735 } 5737 grouping selector-parameters { 5738 description 5739 "Configuration and state parameters of a Selector."; 5741 choice method { 5742 mandatory true; 5743 description 5744 "Packet selection method applied by the Selector."; 5746 leaf select-all { 5747 type empty; 5748 description 5749 "Method that selects all packets."; 5750 } 5752 container samp-count-based { 5753 if-feature psamp-samp-count-based; 5754 description 5755 "Systematic count-based packet Sampling."; 5757 uses samp-count-based-parameters; 5758 } 5760 container samp-time-based { 5761 if-feature psamp-samp-time-based; 5762 description 5763 "Systematic time-based packet Sampling."; 5765 uses samp-time-based-parameters; 5766 } 5768 container samp-rand-out-of-n { 5769 if-feature psamp-samp-rand-out-of-n; 5770 description 5771 "n-out-of-N packet Sampling."; 5773 uses samp-rand-out-of-n-parameters; 5774 } 5776 container samp-uni-prob { 5777 if-feature psamp-samp-uni-prob; 5778 description 5779 "Uniform probabilistic packet Sampling."; 5781 uses samp-uni-prob-parameters; 5782 } 5784 container filter-match { 5785 if-feature psamp-filter-match; 5786 description 5787 "Property match Filtering."; 5789 uses filter-match-parameters; 5790 } 5792 container filter-hash { 5793 if-feature psamp-filter-hash; 5794 description 5795 "Hash-based Filtering."; 5797 uses filter-hash-parameters; 5798 uses filter-hash-parameters-state; 5799 } 5800 } 5801 } 5803 grouping selector-parameters-state { 5804 description 5805 "Configuration and state parameters of a Selector."; 5807 leaf packets-observed { 5808 type yang:counter64; 5809 config false; 5810 description 5811 "The number of packets observed at the input of 5812 the Selector. 5814 If this is the first Selector in the Selection Process, 5815 this counter corresponds to the total number of packets in 5816 all Observed Packet Streams at the input of the Selection 5817 Process. Otherwise, the counter corresponds to the total 5818 number of packets at the output of the preceding Selector. 5819 Discontinuities in the value of this counter can occur at 5820 re-initialization of the management system, and at other 5821 times as indicated by the value of 5822 selectorDiscontinuityTime. 5824 Note that this parameter corresponds to 5825 ipfixSelectorStatsPacketsObserved in the IPFIX MIB 5826 module."; 5827 reference 5828 "RFC 6615, Section 8 5829 (ipfixSelectorStatsPacketsObserved)."; 5830 } 5832 leaf packets-dropped { 5833 type yang:counter64; 5834 config false; 5835 description 5836 "The total number of packets discarded by the 5837 Selector. 5839 Discontinuities in the value of this counter can occur at 5840 re-initialization of the management system, and at other 5841 times as indicated by the value of 5842 selectorDiscontinuityTime. 5844 Note that this parameter corresponds to 5845 ipfixSelectorStatsPacketsDropped in the IPFIX MIB 5846 module."; 5847 reference 5848 "RFC 6615, Section 8 5849 (ipfixSelectorStatsPacketsDropped)."; 5850 } 5852 leaf selector-discontinuity-time { 5853 type yang:date-and-time; 5854 config false; 5855 description 5856 "Timestamp of the most recent occasion at which 5857 one or more of the Selector counters suffered a 5858 discontinuity. 5860 Note that this parameter functionally corresponds to 5861 ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX 5862 MIB module. In contrast to 5863 ipfixSelectionProcessStatsDiscontinuityTime, the time is 5864 absolute and not relative to sysUpTime."; 5865 reference 5866 "RFC 6615, Section 8 5867 (ipfixSelectionProcessStatsDiscontinuityTime)."; 5868 } 5869 } 5871 grouping cache-layout-parameters { 5872 description 5873 "Cache Layout parameters used by immediateCache, 5874 timeoutCache, naturalCache, and permanentCache."; 5876 container cache-layout { 5877 description 5878 "Cache Layout parameters."; 5880 list cache-field { 5881 key "name"; 5882 min-elements 1; 5883 description 5884 "Superset of fields that are included in the 5885 Packet Reports or Flow Records generated by the Cache."; 5887 leaf name { 5888 type ietf-ipfix:name-type; 5889 description 5890 "Name of the cache field."; 5891 } 5893 choice information-element { 5894 mandatory true; 5895 description 5896 "The Information Element to be added to the template."; 5897 reference 5898 "RFC 5102, Section 2; IANA registry for IPFIX 5899 Entities, http://www.iana.org/assignments/ipfix."; 5901 leaf ie-name { 5902 type ietf-ipfix:ie-name-type; 5903 description 5904 "Name of the Information Element."; 5905 } 5907 leaf ie-id { 5908 type ietf-ipfix:ie-id-type; 5909 description 5910 "Identifier of the Information Element."; 5911 } 5912 } 5914 leaf ie-length { 5915 type uint16; 5916 units "octets"; 5917 description 5918 "Length of the field in which the Information 5919 Element is encoded. A value of 65535 specifies a 5920 variable-length Information Element. For Information 5921 Elements of integer and float type, the field length 5922 MAY be set to a smaller value than the standard length 5923 of the abstract data type if the rules of reduced size 5924 encoding are fulfilled. 5926 If not configured by the user, this parameter is set by 5927 the Monitoring Device."; 5928 reference 5929 "RFC 5101, Section 6.2."; 5930 } 5931 leaf ie-enterprise-number { 5932 type uint32; 5933 default '0'; 5934 description 5935 "If this parameter is zero, the Information 5936 Element is registered in the IANA registry of IPFIX 5937 Information Elements. 5939 If this parameter is configured with a non-zero private 5940 enterprise number, the Information Element is 5941 enterprise-specific. 5943 If the enterprise number is set to 29305, this field 5944 contains a Reverse Information Element. In this case, 5945 the Cache MUST generate Data Records in accordance to 5946 RFC 5103."; 5947 reference 5948 "RFC 5101; RFC 5103; 5949 IANA registry for Private Enterprise Numbers, 5950 http://www.iana.org/assignments/enterprise-numbers; 5951 IANA registry for IPFIX Entities, 5952 http://www.iana.org/assignments/ipfix."; 5953 } 5955 leaf is-flow-key { 5956 when 5957 "(name(../../..) != 'immediate-cache') 5958 and 5959 ((count(../ie-enterprise-number) = 0) 5960 or 5961 (../ie-enterprise-number != 29305))" { 5962 description 5963 "This parameter is not available for 5964 Reverse Information Elements (which have enterprise 5965 number 29305). It is also not available for 5966 immediateCache."; 5967 } 5968 type empty; 5969 description 5970 "If present, this is a flow key."; 5971 } 5972 } 5973 } 5974 } 5976 grouping flow-cache-parameters { 5977 description 5978 "Configuration parameters of a Cache generating Flow 5979 Records."; 5981 leaf max-flows { 5982 type uint32; 5983 units "flows"; 5984 description 5985 "This parameter configures the maximum number of 5986 Flows in the Cache, which is the maximum number of Flows 5987 that can be measured simultaneously. 5989 The Monitoring Device MUST ensure that sufficient resources 5990 are available to store the configured maximum number of 5991 Flows. 5993 If the maximum number of Flows is measured, an additional 5994 Flow can be measured only if an existing entry is removed. 5995 However, traffic that pertains to existing Flows can 5996 continue to be measured."; 5997 } 5999 leaf active-timeout { 6000 when "(name(..) = 'timeout-cache') or 6001 (name(..) = 'natural-cache')" { 6002 description 6003 "This parameter is only available for 6004 timeoutCache and naturalCache."; 6005 } 6006 type uint32; 6007 units "seconds"; 6008 description 6009 "This parameter configures the time in 6010 seconds after which a Flow is expired even though packets 6011 matching this Flow are still received by the Cache. 6012 The parameter value zero indicates infinity, meaning that 6013 there is no active timeout. 6015 If not configured by the user, the Monitoring Device sets 6016 this parameter. 6018 Note that this parameter corresponds to 6019 ipfixMeteringProcessCacheActiveTimeout in the IPFIX 6020 MIB module."; 6021 reference 6022 "RFC 6615, Section 8 6023 (ipfixMeteringProcessCacheActiveTimeout)."; 6024 } 6026 leaf idle-timeout { 6027 when 6028 "(name(..) = 'timeout-cache') or 6029 (name(..) = 'natural-cache')" { 6030 description 6031 "This parameter is only available for 6032 timeoutCache and naturalCache."; 6033 } 6034 type uint32; 6035 units "seconds"; 6036 description 6037 "This parameter configures the time in 6038 seconds after which a Flow is expired if no more packets 6039 matching this Flow are received by the Cache. 6041 The parameter value zero indicates infinity, meaning that 6042 there is no idle timeout. 6044 If not configured by the user, the Monitoring Device sets 6045 this parameter. 6047 Note that this parameter corresponds to 6048 ipfixMeteringProcessCacheIdleTimeout in the IPFIX 6049 MIB module."; 6050 reference 6051 "RFC 6615, Section 8 6052 (ipfixMeteringProcessCacheIdleTimeout)."; 6053 } 6055 leaf export-interval { 6056 when "name(..) = 'permanent-cache'" { 6057 description 6058 "This parameter is only available for permanentCache."; 6059 } 6060 type uint32; 6061 units "seconds"; 6062 description 6063 "This parameter configures the interval (in 6064 seconds) for periodical export of Flow Records. 6065 If not configured by the user, the Monitoring Device sets 6066 this parameter."; 6067 } 6068 } 6070 grouping flow-cache-parameters-state { 6071 description 6072 "State parameters of a Cache generating Flow Records."; 6074 leaf active-flows { 6075 type yang:gauge32; 6076 units "flows"; 6077 config false; 6078 description 6079 "The number of Flows currently active in this Cache. 6081 Note that this parameter corresponds to 6082 ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB 6083 module."; 6084 reference 6085 "RFC 6615, Section 8 6086 (ipfixMeteringProcessCacheActiveFlows)."; 6087 } 6089 leaf unused-cache-entries { 6090 type yang:gauge32; 6091 units "flows"; 6092 config false; 6093 description 6094 "The number of unused Cache entries in this 6095 Cache. 6097 Note that this parameter corresponds to 6098 ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX 6099 MIB module."; 6100 reference 6101 "RFC 6615, Section 8 6102 (ipfixMeteringProcessCacheUnusedCacheEntries)."; 6103 } 6104 } 6106 augment '/ietf-ipfix:ipfix' { 6107 description 6108 "Augment IPFIX to add PSAMP."; 6110 container psamp { 6111 description 6112 "Container for PSAMP nodes."; 6114 list observation-point { 6115 key "name"; 6116 description 6117 "Observation Point of the Monitoring Device."; 6119 leaf name { 6120 type ietf-ipfix:name-type; 6121 description "Name of the observation point."; 6122 } 6123 uses observation-point-parameters; 6125 leaf-list selection-process { 6126 type leafref { 6127 path "/ietf-ipfix:ipfix/psamp/selection-process/name"; 6128 } 6129 description 6130 "Selection Processes in this list process 6131 packets in parallel."; 6132 } 6134 leaf observation-point-id { 6135 type uint32; 6136 config false; 6137 description 6138 "Observation Point ID (i.e., the value of the 6139 Information Element observationPointId) assigned by the 6140 Monitoring Device."; 6141 reference 6142 "IANA registry for IPFIX Entities, 6143 http://www.iana.org/assignments/ipfix."; 6144 } 6145 } 6147 list selection-process { 6148 key "name"; 6149 description 6150 "Selection Process of the Monitoring Device."; 6152 leaf name { 6153 type ietf-ipfix:name-type; 6154 description 6155 "Name of the selection process."; 6156 } 6158 list selector { 6159 key "name"; 6160 min-elements 1; 6161 ordered-by user; 6162 description 6163 "List of Selectors that define the action of the 6164 Selection Process on a single packet. The Selectors 6165 are serially invoked in the same order as they appear 6166 in this list."; 6168 leaf name { 6169 type ietf-ipfix:name-type; 6170 description 6171 "Name of the selector."; 6172 } 6174 uses selector-parameters; 6176 uses selector-parameters-state; 6177 } 6179 leaf cache { 6180 type leafref { 6181 path "/ietf-ipfix:ipfix/psamp/cache/name"; 6182 } 6183 description 6184 "Cache that receives the output of the 6185 Selection Process."; 6186 } 6188 list selection-sequence { 6189 config false; 6190 description 6191 "This list contains the Selection Sequence IDs 6192 that are assigned by the Monitoring Device to 6193 distinguish different Selection Sequences passing 6194 through the Selection Process. 6196 As Selection Sequence IDs are unique per Observation 6197 Domain, the corresponding Observation Domain IDs are 6198 included as well. 6200 With this information, it is possible to associate 6201 Selection Sequence (Statistics) Report Interpretations 6202 exported according to the PSAMP protocol with a 6203 Selection Process in the configuration data."; 6204 reference 6205 "RFC 5476."; 6207 leaf observation-domain-id { 6208 type uint32; 6209 description 6210 "Observation Domain ID for which the 6211 Selection Sequence ID is assigned."; 6212 } 6214 leaf selection-sequence-id { 6215 type uint64; 6216 description 6217 "Selection Sequence ID used in the Selection 6218 Sequence (Statistics) Report Interpretation."; 6220 } 6221 } 6222 } 6224 list cache { 6225 key "name"; 6226 description 6227 "Cache of the Monitoring Device."; 6229 leaf name { 6230 type ietf-ipfix:name-type; 6231 description 6232 "Name of the cache."; 6233 } 6235 leaf enabled { 6236 type boolean; 6237 default "true"; 6238 description 6239 "If true, this cache is enabled and the specified 6240 data is able to be exported."; 6241 } 6243 choice cache-type { 6244 mandatory true; 6245 description 6246 "Type of Cache and specific parameters."; 6248 container immediate-cache { 6249 if-feature immediate-cache; 6250 description 6251 "Flow expiration after the first packet; 6252 generation of Packet Records."; 6254 uses cache-layout-parameters; 6255 } 6257 container timeout-cache { 6258 if-feature timeout-cache; 6259 description 6260 "Flow expiration after active and idle 6261 timeout; generation of Flow Records."; 6263 uses flow-cache-parameters; 6264 uses cache-layout-parameters; 6265 uses flow-cache-parameters-state; 6267 } 6268 container natural-cache { 6269 if-feature natural-cache; 6270 description 6271 "Flow expiration after active and idle 6272 timeout, or on natural termination (e.g., TCP FIN or 6273 TCP RST) of the Flow; generation of Flow Records."; 6274 uses flow-cache-parameters; 6275 uses cache-layout-parameters; 6276 uses flow-cache-parameters-state; 6277 } 6279 container permanent-cache { 6280 if-feature permanent-cache; 6281 description 6282 "No flow expiration, periodical export with 6283 time interval exportInterval; generation of Flow 6284 Records."; 6285 uses flow-cache-parameters; 6286 uses cache-layout-parameters; 6287 uses flow-cache-parameters-state; 6288 } 6289 } 6291 leaf-list exporting-process { 6292 if-feature ietf-ipfix:exporter; 6293 type leafref { 6294 path "/ietf-ipfix:ipfix" 6295 + "/ietf-ipfix:exporting-process" 6296 + "/ietf-ipfix:name"; 6297 } 6298 description 6299 "Records are exported by all Exporting Processes 6300 in the list."; 6301 } 6303 leaf metering-process-id { 6304 type uint32; 6305 config false; 6306 description 6307 "The identifier of the Metering Process this 6308 Cache belongs to. 6310 This parameter corresponds to the Information Element 6311 meteringProcessId. Its occurrence helps to associate 6312 Cache parameters with Metering Process statistics 6313 exported by the Monitoring Device using the Metering 6314 Process (Reliability) Statistics Template as 6315 defined by the IPFIX protocol specification."; 6317 reference 6318 "RFC 5101, Sections 4.1 and 4.2; 6319 IANA registry for IPFIX Entities, 6320 http://www.iana.org/assignments/ipfix."; 6321 } 6323 leaf data-records { 6324 type yang:counter64; 6325 units "Data Records"; 6326 config false; 6327 description 6328 "The number of Data Records generated by this 6329 Cache. 6331 Discontinuities in the value of this counter can occur 6332 at re-initialization of the management system, and at 6333 other times as indicated by the value of 6334 cacheDiscontinuityTime. 6336 Note that this parameter corresponds to 6337 ipfixMeteringProcessDataRecords in the IPFIX MIB 6338 module."; 6339 reference 6340 "RFC 6615, Section 8 6341 (ipfixMeteringProcessDataRecords)."; 6342 } 6344 leaf cache-discontinuity-time { 6345 type yang:date-and-time; 6346 config false; 6347 description 6348 "Timestamp of the most recent occasion at which 6349 the counter dataRecords suffered a discontinuity. 6351 Note that this parameter functionally corresponds to 6352 ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB 6353 module. In contrast to 6354 ipfixMeteringProcessDiscontinuityTime, the time is 6355 absolute and not relative to sysUpTime."; 6356 reference 6357 "RFC 6615, Section 8 6358 (ipfixMeteringProcessDiscontinuityTime)."; 6359 } 6360 } 6361 } 6362 } 6363 } 6364 6366 6.3. ietf-ipfix-bulk-data-export 6368 6.3.1. ietf-ipfix-bulk-data-export Module Structure 6370 This document defines the YANG module "ietf-ipfix-bulk-data-export", 6371 which has the following tentative structure: 6373 module: ietf-ipfix-bulk-data-export 6374 augment /ietf-ipfix:ipfix: 6375 +--rw bulk-data-export 6376 +--rw template* [name] 6377 +--rw name ietf-ipfix:name-type 6378 +--rw enabled? boolean 6379 +--rw export-interval? uint32 6380 +--rw observation-domain-id? uint32 6381 +--rw field-layout 6382 | ... 6383 +--rw exporting-process* 6384 | -> /ietf-ipfix:ipfix/exporting-process/name 6385 | {ietf-ipfix:exporter}? 6386 +--rw (resource-identifier)? 6387 | ... 6388 +--ro data-records? yang:counter64 6389 +--ro discontinuity-time? yang:date-and-time 6391 6.3.2. ietf-ipfix-bulk-data-export YANG module 6393 This YANG Module imports typedefs from [RFC6991]. 6395 file "ietf-ipfix-bulk-data-export@2018-11-15.yang" 6397 module ietf-ipfix-bulk-data-export { 6398 yang-version 1.1; 6400 namespace 6401 "urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export"; 6403 prefix ietf-ibde; 6405 import ietf-ipfix { 6406 prefix ietf-ipfix; 6407 } 6409 import ietf-yang-types { 6410 prefix yang; 6411 } 6412 organization 6413 "IETF"; 6415 contact 6416 "Web: TBD 6417 List: TBD 6419 Editor: Joey Boyd 6420 6422 Editor: Marta Seda 6423 "; 6425 // RFC Ed.: replace XXXX with actual RFC numbers and 6426 // remove this note. 6428 description 6429 "This module contains a collection of YANG definitions for the 6430 management exporting bulk data over IPFIX. 6432 This data model is designed for the Network Management Datastore 6433 Architecture defined in RFC 8342. 6435 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 6436 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 6437 'MAY', and 'OPTIONAL' in this document are to be interpreted as 6438 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 6439 they appear in all capitals, as shown here. 6441 Copyright (c) 2019 IETF Trust and the persons identified as 6442 authors of the code. All rights reserved. 6444 Redistribution and use in source and binary forms, with or 6445 without modification, is permitted pursuant to, and subject to 6446 the license terms contained in, the Simplified BSD License set 6447 forth in Section 4.c of the IETF Trust's Legal Provisions 6448 Relating to IETF Documents 6449 (https://trustee.ietf.org/license-info). 6451 This version of this YANG module is part of RFC XXXX 6452 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 6453 for full legal notices."; 6455 revision 2019-10-28 { 6456 description 6457 "Initial revision."; 6458 reference 6459 "RFC XXXX: YANG Data Models for the IP Flow Information Export 6460 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 6461 and Bulk Data Export"; 6462 } 6464 feature bulk-data { 6465 description 6466 "If supported, bulk data templates can be configured."; 6467 } 6469 typedef resource { 6470 type instance-identifier { 6471 require-instance false; 6472 } 6473 description 6474 "A resource from which bulk data will be exported."; 6475 } 6477 grouping bulk-data-template-parameters { 6478 description 6479 "Field Layout parameters."; 6481 leaf observation-domain-id { 6482 type uint32; 6483 default 0; 6484 description 6485 "An identifier of an Observation Domain that is locally 6486 unique to an Exporting Process (see RFC 7011 Section 3.1). 6488 Typically, this Information Element is for limiting the 6489 scope of other Information Elements. 6491 A value of 0 indicates that no specific Observation Domain 6492 is identified by this Information Element."; 6493 } 6495 container field-layout { 6496 description 6497 "Field Layout parameters."; 6499 list field { 6500 key name; 6501 min-elements 1; 6502 description 6503 "Superset of statistics field names or special 6504 field-names (e.g., timestamps, etc) for interpreting 6505 statistics that are included in the 6506 Packet Reports or Flow Records generated by the device."; 6508 leaf name { 6509 type ietf-ipfix:name-type; 6510 description 6511 "Name of the field."; 6512 } 6514 choice identifier { 6515 mandatory true; 6516 description 6517 "The Information Element to be added to the template."; 6519 leaf ie-name { 6520 type ietf-ipfix:ie-name-type; 6521 description 6522 "Name of the Information Element."; 6523 } 6525 leaf ie-id { 6526 type ietf-ipfix:ie-id-type; 6527 description 6528 "ID of the Information Element."; 6529 } 6530 } 6532 leaf ie-length { 6533 type uint16; 6534 units octets; 6535 description 6536 "Length of the field in which the Information 6537 Element is encoded. A value of 65535 specifies a 6538 variable-length Information Element. For Information 6539 Elements of integer and float type, the field length MAY 6540 be set to a smaller value than the standard length of 6541 the abstract data type if the rules of reduced size 6542 encoding are fulfilled. 6544 If not configured by the user, this parameter is set by 6545 the Monitoring Device."; 6546 reference 6547 "RFC 5101, Section 6.2."; 6548 } 6550 leaf ie-enterprise-number { 6551 type uint32; 6552 default 0; 6553 description 6554 "If this parameter is zero, the Information 6555 Element is registered in the IANA registry of IPFIX 6556 Information Elements or unspecified (if the 6557 Informational Element is not IANA registered). 6559 If this parameter is configured with a non-zero private 6560 enterprise number, the Information Element is 6561 enterprise-specific."; 6562 reference 6563 "RFC 5101; RFC 5103; 6564 IANA registry for Private Enterprise Numbers, 6565 http://www.iana.org/assignments/enterprise-numbers; 6566 IANA registry for IPFIX Entities, 6567 http://www.iana.org/assignments/ipfix."; 6568 } 6569 } 6570 } 6571 } 6573 augment "/ietf-ipfix:ipfix" { 6574 description 6575 "Augment IPFIX to add bulk data."; 6577 container bulk-data-export { 6578 description 6579 "Container for bulk data export nodes."; 6581 list template { 6582 key name; 6583 description 6584 "List of bulk data templates of the Monitoring Device."; 6586 leaf name { 6587 type ietf-ipfix:name-type; 6588 description 6589 "Name of the bulk data template."; 6590 } 6592 leaf enabled { 6593 type boolean; 6594 default "true"; 6595 description 6596 "If true, this template is enabled and the specified 6597 data is able to be exported."; 6598 } 6600 leaf export-interval { 6601 type uint32; 6602 units "seconds"; 6603 description 6604 "This parameter configures the interval (in 6605 seconds) for periodical export of Flow Records. 6607 If not configured by the user, the Monitoring Device 6608 sets this parameter."; 6609 } 6611 uses bulk-data-template-parameters; 6613 leaf-list exporting-process { 6614 if-feature ietf-ipfix:exporter; 6615 type leafref { 6616 path "/ietf-ipfix:ipfix" 6617 + "/ietf-ipfix:exporting-process" 6618 + "/ietf-ipfix:name"; 6619 } 6620 description 6621 "Records are exported by all Exporting Processes in the 6622 list."; 6623 } 6625 choice resource-identifier { 6626 description 6627 "Method to select the resources from which the records 6628 are to be exported."; 6630 case resource-instance { 6631 leaf-list resource-instance { 6632 type resource; 6633 description 6634 "Records are sourced from all the resources in 6635 this list."; 6636 } 6637 } 6638 } 6640 leaf data-records { 6641 type yang:counter64; 6642 units "Data Records"; 6643 config false; 6644 description 6645 "The number of Data Records generated for this 6646 sampling template. Discontinuities in the value of 6647 this counter can occur at re-initialization of the 6648 management system, and at other times as indicated by 6649 the value of Discontinuity Time."; 6650 } 6651 leaf discontinuity-time { 6652 type yang:date-and-time; 6653 config false; 6654 description 6655 "Timestamp of the most recent occasion at which 6656 the counter data records suffered a discontinuity."; 6657 } 6658 } 6659 } 6660 } 6661 } 6663 6665 7. IANA Considerations 6667 This document registers 3 URIs in the "IETF XML Registry". 6668 [RFC3688]. Following the format in RFC 3688, the following 6669 registrations have been made. 6671 URI: urn:ietf:params:xml:ns:yang:ietf-ipfix 6672 Registrant Contact: The IESG. 6673 XML: N/A, the requested URI is an XML namespace. 6675 URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling 6676 Registrant Contact: The IESG. 6677 XML: N/A, the requested URI is an XML namespace. 6679 URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export 6680 Registrant Contact: The IESG. 6681 XML: N/A, the requested URI is an XML namespace. 6683 This document registers 3 YANG modules in the "YANG Module Names" 6684 registry. Following the format in [RFC7950], the following have been 6685 registered. 6687 Name: ietf-ipfix 6688 Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix 6689 Prefix: ietf-ipfix 6690 Reference: TBD 6692 Name: ietf-ipfix-packet-sampling 6693 Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling 6694 Prefix: ietf-ipfix-packet-sampling 6695 Reference: TBD 6696 Name: ietf-ipfix-bulk-data-export 6697 Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export 6698 Prefix: ietf-bde 6699 Reference: TBD 6701 8. Security Considerations 6703 The YANG module specified in this document defines a schema for data 6704 that is designed to be accessed via network management protocols such 6705 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 6706 is the secure transport layer, and the mandatory-to-implement secure 6707 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 6708 is HTTPS, and the mandatory-to-implement secure transport is TLS 6709 [RFC8446]. 6711 The NETCONF access control model [RFC8341] provides the means to 6712 restrict access for particular NETCONF or RESTCONF users to a 6713 preconfigured subset of all available NETCONF or RESTCONF protocol 6714 operations and content. 6716 There are a number of data nodes defined in this YANG module that are 6717 writable/creatable/deletable (i.e., config true, which is the 6718 default). These data nodes may be considered sensitive or vulnerable 6719 in some network environments. Write operations (e.g., edit-config) 6720 to these data nodes without proper protection can have a negative 6721 effect on network operations. These are the subtrees and data nodes 6722 and their sensitivity/vulnerability: 6724 o /ipfix/psamp/observation-point: The configuration parameters in 6725 this subtree specify where packets are observed and by which 6726 Selection Processes they will be processed. Write access to this 6727 subtree allows observing packets at arbitrary interfaces or 6728 linecards of the Monitoring Device and may thus lead to the export 6729 of sensitive traffic information. 6731 o /ipfix/psamp/selection-process: The configuration parameters in 6732 this subtree specify for which packets information will be 6733 reported in Packet Reports or Flow Records. Write access to this 6734 subtree allows changing the subset of packets for which 6735 information will be reported and may thus lead to the export of 6736 sensitive traffic information. 6738 o /ipfix/psamp/cache: The configuration parameters in this subtree 6739 specify the fields included in Packet Reports or Flow Records. 6740 Write access to this subtree allows adding fields which may 6741 contain sensitive traffic information, such as IP addresses or 6742 parts of the packet payload. 6744 o /ipfix/exporting-process: The configuration parameters in this 6745 subtree specify to which Collectors Packet Reports or Flow Records 6746 are exported. Write access to this subtree allows exporting 6747 potentially sensitive traffic information to illegitimate 6748 Collectors. Furthermore, TLS/DTLS parameters can be changed, 6749 which may affect the mutual authentication between Exporters and 6750 Collectors as well as the encrypted transport of the data. 6752 o /ipfix/collecting-process: The configuration parameters in this 6753 subtree may specify that collected Packet Reports and Flow Records 6754 are reexported to another Collector or written to a file. Write 6755 access to this subtree potentially allows reexporting or storing 6756 the sensitive traffic information. 6758 o /ipfix/bulk-data-export/template: The configuration parameters in 6759 this subtree specify the fields included in the bulk data export. 6760 Write access to this subtree allows adding fields which may cause 6761 export of sensitive configuration and/or statistics. 6763 Some of the readable data nodes in this YANG module may be considered 6764 sensitive or vulnerable in some network environments. It is thus 6765 important to control read access (e.g., via get, get-config, or 6766 notification) to these data nodes. These are the subtrees and data 6767 nodes and their sensitivity/vulnerability: 6769 o /ipfix/psamp/observation-point: Parameters in this subtree may be 6770 sensitive because they reveal information about the Monitoring 6771 Device itself and the network infrastructure. 6773 o /ipfix/psamp/selection-process: Parameters in this subtree may be 6774 sensitive because they reveal information about the Monitoring 6775 Device itself and the observed traffic. For example, the counters 6776 packetsObserved and packetsDropped inferring the number of 6777 observed packets. 6779 o /ipfix/psamp/cache: Parameters in this subtree may be sensitive 6780 because they reveal information about the Monitoring Device itself 6781 and the observed traffic. For example, the counters activeFlows 6782 and dataRecords allow inferring the number of measured Flows or 6783 packets. 6785 o /ipfix/exporting-process: Parameters in this subtree may be 6786 sensitive because they reveal information about the network 6787 infrastructure and the outgoing IPFIX Transport Sessions. For 6788 example, it discloses the IP addresses of Collectors as well as 6789 the deployed TLS/DTLS configuration, which may facilitate the 6790 interception of outgoing IPFIX Messages. 6792 o /ipfix/collecting-process: Parameters in this subtree may be 6793 sensitive because they reveal information about the network 6794 infrastructure and the incoming IPFIX Transport Sessions. For 6795 example, it discloses the IP addresses of Exporters as well as the 6796 deployed TLS/DTLS configuration, which may facilitate the 6797 interception of incoming IPFIX Messages. 6799 9. Acknowledgments 6801 The authors would like to thank Anand Arokiaraj and William Lupton 6802 for their contributions towards creation of this document and 6803 associated YANG data models. 6805 10. References 6807 10.1. Normative References 6809 [IANA-IPFIX] 6810 IANA, "IP Flow Information Export (IPFIX) Entities", 6811 . 6813 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 6814 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 6815 . 6817 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 6818 DOI 10.17487/RFC3688, January 2004, 6819 . 6821 [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. 6822 Conrad, "Stream Control Transmission Protocol (SCTP) 6823 Partial Reliability Extension", RFC 3758, 6824 DOI 10.17487/RFC3758, May 2004, 6825 . 6827 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 6828 RFC 4960, DOI 10.17487/RFC4960, September 2007, 6829 . 6831 [RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export 6832 Using IP Flow Information Export (IPFIX)", RFC 5103, 6833 DOI 10.17487/RFC5103, January 2008, 6834 . 6836 [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. 6837 Raspall, "Sampling and Filtering Techniques for IP Packet 6838 Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009, 6839 . 6841 [RFC5476] Claise, B., Ed., Johnson, A., and J. Quittek, "Packet 6842 Sampling (PSAMP) Protocol Specifications", RFC 5476, 6843 DOI 10.17487/RFC5476, March 2009, 6844 . 6846 [RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. 6847 Carle, "Information Model for Packet Sampling Exports", 6848 RFC 5477, DOI 10.17487/RFC5477, March 2009, 6849 . 6851 [RFC5610] Boschi, E., Trammell, B., Mark, L., and T. Zseby, 6852 "Exporting Type Information for IP Flow Information Export 6853 (IPFIX) Information Elements", RFC 5610, 6854 DOI 10.17487/RFC5610, July 2009, 6855 . 6857 [RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T., and A. 6858 Wagner, "Specification of the IP Flow Information Export 6859 (IPFIX) File Format", RFC 5655, DOI 10.17487/RFC5655, 6860 October 2009, . 6862 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 6863 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 6864 January 2012, . 6866 [RFC6526] Claise, B., Aitken, P., Johnson, A., and G. Muenz, "IP 6867 Flow Information Export (IPFIX) Per Stream Control 6868 Transmission Protocol (SCTP) Stream", RFC 6526, 6869 DOI 10.17487/RFC6526, March 2012, 6870 . 6872 [RFC6615] Dietz, T., Ed., Kobayashi, A., Claise, B., and G. Muenz, 6873 "Definitions of Managed Objects for IP Flow Information 6874 Export", RFC 6615, DOI 10.17487/RFC6615, June 2012, 6875 . 6877 [RFC6727] Dietz, T., Ed., Claise, B., and J. Quittek, "Definitions 6878 of Managed Objects for Packet Sampling", RFC 6727, 6879 DOI 10.17487/RFC6727, October 2012, 6880 . 6882 [RFC6933] Bierman, A., Romascanu, D., Quittek, J., and M. 6883 Chandramouli, "Entity MIB (Version 4)", RFC 6933, 6884 DOI 10.17487/RFC6933, May 2013, 6885 . 6887 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 6888 RFC 6991, DOI 10.17487/RFC6991, July 2013, 6889 . 6891 [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, 6892 "Specification of the IP Flow Information Export (IPFIX) 6893 Protocol for the Exchange of Flow Information", STD 77, 6894 RFC 7011, DOI 10.17487/RFC7011, September 2013, 6895 . 6897 [RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model 6898 for IP Flow Information Export (IPFIX)", RFC 7012, 6899 DOI 10.17487/RFC7012, September 2013, 6900 . 6902 [RFC7119] Claise, B., Kobayashi, A., and B. Trammell, "Operation of 6903 the IP Flow Information Export (IPFIX) Protocol on IPFIX 6904 Mediators", RFC 7119, DOI 10.17487/RFC7119, February 2014, 6905 . 6907 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 6908 RFC 7950, DOI 10.17487/RFC7950, August 2016, 6909 . 6911 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 6912 and R. Wilton, "Network Management Datastore Architecture 6913 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 6914 . 6916 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 6917 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 6918 . 6920 [RFC8348] Bierman, A., Bjorklund, M., Dong, J., and D. Romascanu, "A 6921 YANG Data Model for Hardware Management", RFC 8348, 6922 DOI 10.17487/RFC8348, March 2018, 6923 . 6925 10.2. Informative References 6927 [BBF.TR-352] 6928 Broadband Forum, "Multi-wavelength PON Inter-Channel- 6929 Termination Protocol (ICTP) Specification", May 2017, 6930 . 6933 [IANA-ENTERPRISE-NUMBERS] 6934 IANA, "Private Enterprise Numbers", 6935 . 6937 [RFC1141] Mallory, T. and A. Kullberg, "Incremental updating of the 6938 Internet checksum", RFC 1141, DOI 10.17487/RFC1141, 6939 January 1990, . 6941 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 6942 Requirement Levels", BCP 14, RFC 2119, 6943 DOI 10.17487/RFC2119, March 1997, 6944 . 6946 [RFC3871] Jones, G., Ed., "Operational Security Requirements for 6947 Large Internet Service Provider (ISP) IP Network 6948 Infrastructure", RFC 3871, DOI 10.17487/RFC3871, September 6949 2004, . 6951 [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export 6952 Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004, 6953 . 6955 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 6956 Housley, R., and W. Polk, "Internet X.509 Public Key 6957 Infrastructure Certificate and Certificate Revocation List 6958 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 6959 . 6961 [RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy 6962 in IP Flow Information Export (IPFIX) and Packet Sampling 6963 (PSAMP) Reports", RFC 5473, DOI 10.17487/RFC5473, March 6964 2009, . 6966 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 6967 and A. Bierman, Ed., "Network Configuration Protocol 6968 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 6969 . 6971 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 6972 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 6973 . 6975 [RFC6728] Muenz, G., Claise, B., and P. Aitken, "Configuration Data 6976 Model for the IP Flow Information Export (IPFIX) and 6977 Packet Sampling (PSAMP) Protocols", RFC 6728, 6978 DOI 10.17487/RFC6728, October 2012, 6979 . 6981 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 6982 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 6983 . 6985 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 6986 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 6987 May 2017, . 6989 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 6990 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 6991 . 6993 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 6994 Access Control Model", STD 91, RFC 8341, 6995 DOI 10.17487/RFC8341, March 2018, 6996 . 6998 [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of 6999 Documents Containing YANG Data Models", BCP 216, RFC 8407, 7000 DOI 10.17487/RFC8407, October 2018, 7001 . 7003 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 7004 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 7005 . 7007 Appendix A. Example: ietf-ipfix Usage 7009 This configuration example configures an IPFIX exporter for a 7010 [BBF.TR-352] ICTP Proxy. 7012 7013 7014 TR352-exporter 7015 true 7016 7017 ICTP-Proxy1-collector 7018 7019 7020 192.100.2.1 7021 7022 7023 proxy1.sys.com 7024 7025 7026 7027 7028 Options 1 7029 extended-type-information 7030 0 7031 7032 7033 7035 This configuration example configures an IPFIX mediator. 7037 7038 7039 OLT-collector 7040 7041 myolt-tcp-collector 7042 192.100.2.1 7043 7044 OLT-exporter 7045 7046 7047 OLT-exporter 7048 true 7049 7050 big-collector 7051 7052 7053 192.100.2.1 7054 7055 7056 collect1.sys.com 7057 7058 7059 7060 7061 Options 1 7062 extended-type-information 7063 0 7064 7065 7066 7068 Appendix B. Example: ietf-ipfix-packet-sampling Usage 7070 This configuration example configures two Observation Points 7071 capturing ingress traffic at eth0 and all traffic at eth1. Both 7072 Observed Packet Streams enter two different Selection Processes. The 7073 first Selection Process implements a Composite Selector of a filter 7074 for UDP packets and a random sampler. The second Selection Process 7075 implements a Primitive Selector of an ICMP filter. The Selected 7076 Packet Streams of both Selection Processes enter the same Cache. The 7077 Cache generates a PSAMP Packet Report for every selected packet. 7079 The associated Exporting Process exports to a Collector using PR-SCTP 7080 and DTLS. The TLS/DTLS parameters specify that the collector must 7081 supply a certificate for the FQDN collector.example.net. Valid 7082 certificates from any certification authority will be accepted. As 7083 the destination transport port is omitted, the standard IPFIX-over- 7084 DTLS port 4740 is used. 7086 The parameters of the Selection Processes are reported as Selection 7087 Sequence Report Interpretations and Selector Report Interpretations 7088 [RFC5476]. There will be two Selection Sequence Report 7089 Interpretations per Selection Process, one for each Observation 7090 Point. Selection Sequence Statistics Report Interpretations are 7091 exported every 30 seconds (30000 milliseconds). 7093 7094 7096 7097 OP at eth0 (ingress) 7098 123 7099 eth0 7100 ingress 7101 Sampled UDP packets 7102 ICMP packets 7103 7105 7106 OP at eth1 7107 123 7108 eth1 7109 Sampled UDP packets 7110 ICMP packets 7111 7113 7114 Sampled UDP packets 7115 7116 UDP filter 7117 7118 4 7119 17 7120 7121 7122 7123 10-out-of-100 sampler 7124 7125 10 7126 100 7127 7128 7129 PSAMP cache 7130 7132 7133 ICMP packets 7134 7135 ICMP filter 7136 7137 4 7138 1 7139 7140 7141 PSAMP cache 7142 7144 7145 PSAMP cache 7146 7147 7148 7149 Field 1: ipHeaderPacketSection 7150 313 7151 64 7152 7153 7154 Field 2: observationTimeMilliseconds 7155 322 7156 7157 7158 7159 The only exporter 7160 7161 7163 7164 The only exporter 7165 true 7166 7167 PR-SCTP collector 7168 7169 7170 192.0.2.1 7171 7172 1000000 7173 500 7174 7175 coll-1.ex.net 7176 7177 7178 7179 7180 Options 1 7181 selection-sequence 7182 0 7183 7184 7185 Options 2 7186 selection-statistics 7187 30000 7188 7189 7191 7193 Appendix C. Example: ietf-ipfix-bulk-data-export Usage 7195 The configuration example configures a field-layout template to 7196 export Ethernet statistics from eth0 and eth1. 7198 7200 7203 7228 7229 7230 The only one 7231 true 7232 7233 Bulk data collector 7234 7235 7236 192.0.2.2 7237 7238 1000000 7239 7240 coll-2.ex.net 7241 7242 7243 7244 7245 7247 Appendix D. Tree diagrams 7249 D.1. ietf-ipfix 7251 The complete tree diagram for ietf-ipfix: 7253 module: ietf-ipfix 7254 +--rw ipfix 7255 +--rw collecting-process* [name] {collector}? 7256 | +--rw name name-type 7257 | +--rw tcp-collector* [name] {tcp-transport}? 7258 | | +--rw name name-type 7259 | | +--rw (local-address-method)? 7260 | | | +--:(local-address) 7261 | | | +--rw local-address* inet:host 7262 | | +--rw local-port? inet:port-number 7263 | | +--rw transport-layer-security! 7264 | | | +--rw local-certification-authority-dn* string 7265 | | | +--rw local-subject-dn* string 7266 | | | +--rw local-subject-fqdn* 7267 | | | | inet:domain-name 7268 | | | +--rw remote-certification-authority-dn* string 7269 | | | +--rw remote-subject-dn* string 7270 | | | +--rw remote-subject-fqdn* 7271 | | | inet:domain-name 7272 | | +--ro transport-session* [name] 7273 | | +--ro name name-type 7274 | | +--ro ipfix-version? uint16 7275 | | +--ro source-address? inet:host 7276 | | +--ro destination-address? inet:host 7277 | | +--ro source-port? 7278 | | | inet:port-number 7279 | | +--ro destination-port? 7280 | | | inet:port-number 7281 | | +--ro status? 7282 | | | transport-session-status 7283 | | +--ro rate? 7284 | | | yang:gauge32 7285 | | +--ro bytes? 7286 | | | yang:counter64 7287 | | +--ro messages? 7288 | | | yang:counter64 7289 | | +--ro discarded-messages? 7290 | | | yang:counter64 7291 | | +--ro records? 7292 | | | yang:counter64 7293 | | +--ro templates? 7294 | | | yang:counter32 7295 | | +--ro options-templates? 7296 | | | yang:counter32 7297 | | +--ro transport-session-start-time? 7298 | | | yang:date-and-time 7299 | | +--ro transport-session-discontinuity-time? 7300 | | | yang:date-and-time 7301 | | +--ro template* [] 7302 | | +--ro observation-domain-id? uint32 7303 | | +--ro template-id? uint16 7304 | | +--ro set-id? uint16 7305 | | +--ro access-time? 7306 | | | yang:date-and-time 7307 | | +--ro template-data-records? yang:counter64 7308 | | +--ro template-discontinuity-time? 7309 | | | yang:date-and-time 7310 | | +--ro field* [] 7311 | | +--ro ie-id? ie-id-type 7312 | | +--ro ie-length? uint16 7313 | | +--ro ie-enterprise-number? uint32 7314 | | +--ro is-flow-key? empty 7315 | | +--ro is-scope? empty 7316 | +--rw udp-collector* [name] {udp-transport}? 7317 | | +--rw name name-type 7318 | | +--rw (local-address-method)? 7319 | | | +--:(local-address) 7320 | | | +--rw local-address* inet:host 7321 | | +--rw local-port? inet:port-number 7322 | | +--rw template-life-time? uint32 7323 | | +--rw options-template-life-time? uint32 7324 | | +--rw template-life-packet? uint32 7325 | | +--rw options-template-life-packet? uint32 7326 | | +--rw maximum-reordering-delay? uint32 7327 | | +--rw transport-layer-security! 7328 | | | +--rw local-certification-authority-dn* string 7329 | | | +--rw local-subject-dn* string 7330 | | | +--rw local-subject-fqdn* 7331 | | | | inet:domain-name 7332 | | | +--rw remote-certification-authority-dn* string 7333 | | | +--rw remote-subject-dn* string 7334 | | | +--rw remote-subject-fqdn* 7335 | | | inet:domain-name 7336 | | +--ro transport-session* [name] 7337 | | +--ro name name-type 7338 | | +--ro ipfix-version? uint16 7339 | | +--ro source-address? inet:host 7340 | | +--ro destination-address? inet:host 7341 | | +--ro source-port? 7342 | | | inet:port-number 7343 | | +--ro destination-port? 7344 | | | inet:port-number 7345 | | +--ro status? 7346 | | | transport-session-status 7347 | | +--ro rate? 7348 | | | yang:gauge32 7349 | | +--ro bytes? 7350 | | | yang:counter64 7351 | | +--ro messages? 7352 | | | yang:counter64 7353 | | +--ro discarded-messages? 7354 | | | yang:counter64 7355 | | +--ro records? 7356 | | | yang:counter64 7357 | | +--ro templates? 7358 | | | yang:counter32 7359 | | +--ro options-templates? 7360 | | | yang:counter32 7361 | | +--ro transport-session-start-time? 7362 | | | yang:date-and-time 7363 | | +--ro transport-session-discontinuity-time? 7364 | | | yang:date-and-time 7365 | | +--ro template* [] 7366 | | +--ro observation-domain-id? uint32 7367 | | +--ro template-id? uint16 7368 | | +--ro set-id? uint16 7369 | | +--ro access-time? 7370 | | | yang:date-and-time 7371 | | +--ro template-data-records? yang:counter64 7372 | | +--ro template-discontinuity-time? 7373 | | | yang:date-and-time 7374 | | +--ro field* [] 7375 | | +--ro ie-id? ie-id-type 7376 | | +--ro ie-length? uint16 7377 | | +--ro ie-enterprise-number? uint32 7378 | | +--ro is-flow-key? empty 7379 | | +--ro is-scope? empty 7380 | +--rw sctp-collector* [name] {sctp-transport}? 7381 | | +--rw name name-type 7382 | | +--rw (local-address-method)? 7383 | | | +--:(local-address) 7384 | | | +--rw local-address* inet:host 7385 | | +--rw local-port? inet:port-number 7386 | | +--rw maximum-reordering-delay? uint32 7387 | | +--rw transport-layer-security! 7388 | | | +--rw local-certification-authority-dn* string 7389 | | | +--rw local-subject-dn* string 7390 | | | +--rw local-subject-fqdn* 7391 | | | | inet:domain-name 7392 | | | +--rw remote-certification-authority-dn* string 7393 | | | +--rw remote-subject-dn* string 7394 | | | +--rw remote-subject-fqdn* 7395 | | | inet:domain-name 7396 | | +--ro transport-session* [name] 7397 | | +--ro name name-type 7398 | | +--ro sctp-association-id? uint32 7399 | | +--ro ipfix-version? uint16 7400 | | +--ro source-address? inet:host 7401 | | +--ro destination-address? inet:host 7402 | | +--ro source-port? 7403 | | | inet:port-number 7404 | | +--ro destination-port? 7405 | | | inet:port-number 7406 | | +--ro status? 7407 | | | transport-session-status 7408 | | +--ro rate? 7409 | | | yang:gauge32 7410 | | +--ro bytes? 7411 | | | yang:counter64 7412 | | +--ro messages? 7413 | | | yang:counter64 7414 | | +--ro discarded-messages? 7415 | | | yang:counter64 7416 | | +--ro records? 7417 | | | yang:counter64 7418 | | +--ro templates? 7419 | | | yang:counter32 7420 | | +--ro options-templates? 7421 | | | yang:counter32 7422 | | +--ro transport-session-start-time? 7423 | | | yang:date-and-time 7424 | | +--ro transport-session-discontinuity-time? 7425 | | | yang:date-and-time 7426 | | +--ro template* [] 7427 | | +--ro observation-domain-id? uint32 7428 | | +--ro template-id? uint16 7429 | | +--ro set-id? uint16 7430 | | +--ro access-time? 7431 | | | yang:date-and-time 7432 | | +--ro template-data-records? yang:counter64 7433 | | +--ro template-discontinuity-time? 7434 | | | yang:date-and-time 7435 | | +--ro field* [] 7436 | | +--ro ie-id? ie-id-type 7437 | | +--ro ie-length? uint16 7438 | | +--ro ie-enterprise-number? uint32 7439 | | +--ro is-flow-key? empty 7440 | | +--ro is-scope? empty 7441 | +--rw file-reader* [name] {file-reader}? 7442 | | +--rw name name-type 7443 | | +--rw file inet:uri 7444 | | +--ro file-reader-state 7445 | | +--ro bytes? yang:counter64 7446 | | +--ro messages? yang:counter64 7447 | | +--ro records? yang:counter64 7448 | | +--ro templates? yang:counter32 7449 | | +--ro options-templates? yang:counter32 7450 | | +--ro file-reader-discontinuity-time? 7451 | | | yang:date-and-time 7452 | | +--ro template* [] 7453 | | +--ro observation-domain-id? uint32 7454 | | +--ro template-id? uint16 7455 | | +--ro set-id? uint16 7456 | | +--ro access-time? 7457 | | | yang:date-and-time 7458 | | +--ro template-data-records? yang:counter64 7459 | | +--ro template-discontinuity-time? 7460 | | | yang:date-and-time 7461 | | +--ro field* [] 7462 | | +--ro ie-id? ie-id-type 7463 | | +--ro ie-length? uint16 7464 | | +--ro ie-enterprise-number? uint32 7465 | | +--ro is-flow-key? empty 7466 | | +--ro is-scope? empty 7467 | +--rw exporting-process* -> /ipfix/exporting-process/name 7468 | {exporter}? 7469 +--rw exporting-process* [name] {exporter}? 7470 +--rw name name-type 7471 +--rw enabled? boolean 7472 +--rw export-mode? identityref 7473 +--rw destination* [name] 7474 | +--rw name name-type 7475 | +--rw (destination-parameters) 7476 | +--:(tcp-exporter) 7477 | | +--rw tcp-exporter {tcp-transport}? 7478 | | +--rw ipfix-version? uint16 7479 | | +--rw source 7480 | | | +--rw (source-method)? 7481 | | | +--:(source-address) 7482 | | | | +--rw source-address? inet:host 7483 | | | +--:(interface-ref) 7484 | | | | +--rw interface-ref? if:interface-ref 7485 | | | +--:(if-index) {if-mib}? 7486 | | | | +--rw if-index? uint32 7487 | | | +--:(if-name) {if-mib}? 7488 | | | +--rw if-name? string 7489 | | +--rw destination 7490 | | | +--rw (destination-method) 7491 | | | +--:(destination-address) 7492 | | | +--rw destination-address? inet:host 7493 | | +--rw destination-port? 7494 | | | inet:port-number 7495 | | +--rw send-buffer-size? uint32 7496 | | +--rw rate-limit? uint32 7497 | | +--rw connection-timeout? uint32 7498 | | +--rw retry-schedule? uint32 7499 | | +--rw transport-layer-security! 7500 | | | +--rw local-certification-authority-dn* 7501 | | | | string 7502 | | | +--rw local-subject-dn* 7503 | | | | string 7504 | | | +--rw local-subject-fqdn* 7505 | | | | inet:domain-name 7506 | | | +--rw remote-certification-authority-dn* 7507 | | | | string 7508 | | | +--rw remote-subject-dn* 7509 | | | | string 7510 | | | +--rw remote-subject-fqdn* 7511 | | | inet:domain-name 7512 | | +--ro transport-session 7513 | | +--ro ipfix-version? 7514 | | | uint16 7515 | | +--ro source-address? 7516 | | | inet:host 7517 | | +--ro destination-address? 7518 | | | inet:host 7519 | | +--ro source-port? 7520 | | | inet:port-number 7521 | | +--ro destination-port? 7522 | | | inet:port-number 7523 | | +--ro status? 7524 | | | transport-session-status 7525 | | +--ro rate? 7526 | | | yang:gauge32 7527 | | +--ro bytes? 7528 | | | yang:counter64 7529 | | +--ro messages? 7530 | | | yang:counter64 7531 | | +--ro discarded-messages? 7532 | | | yang:counter64 7533 | | +--ro records? 7534 | | | yang:counter64 7535 | | +--ro templates? 7536 | | | yang:counter32 7537 | | +--ro options-templates? 7538 | | | yang:counter32 7539 | | +--ro transport-session-start-time? 7540 | | | yang:date-and-time 7541 | | +--ro transport-session-discontinuity-time? 7542 | | | yang:date-and-time 7543 | | +--ro template* [name] 7544 | | +--ro name 7545 | | | name-type 7546 | | +--ro observation-domain-id? uint32 7547 | | +--ro template-id? uint16 7548 | | +--ro set-id? uint16 7549 | | +--ro access-time? 7550 | | | yang:date-and-time 7551 | | +--ro template-data-records? 7552 | | | yang:counter64 7553 | | +--ro template-discontinuity-time? 7554 | | | yang:date-and-time 7555 | | +--ro field* [name] 7556 | | +--ro name name-type 7557 | | +--ro ie-id? ie-id-type 7558 | | +--ro ie-length? uint16 7559 | | +--ro ie-enterprise-number? uint32 7560 | | +--ro is-flow-key? empty 7561 | | +--ro is-scope? empty 7562 | +--:(udp-exporter) 7563 | | +--rw udp-exporter {udp-transport}? 7564 | | +--rw ipfix-version? uint16 7565 | | +--rw source 7566 | | | +--rw (source-method)? 7567 | | | +--:(source-address) 7568 | | | | +--rw source-address? inet:host 7569 | | | +--:(interface-ref) 7570 | | | | +--rw interface-ref? if:interface-ref 7571 | | | +--:(if-index) {if-mib}? 7572 | | | | +--rw if-index? uint32 7573 | | | +--:(if-name) {if-mib}? 7574 | | | +--rw if-name? string 7575 | | +--rw destination 7576 | | | +--rw (destination-method) 7577 | | | +--:(destination-address) 7578 | | | +--rw destination-address? inet:host 7579 | | +--rw destination-port? 7580 | | | inet:port-number 7581 | | +--rw send-buffer-size? uint32 7582 | | +--rw rate-limit? uint32 7583 | | +--rw maximum-packet-size? uint16 7584 | | +--rw template-refresh-timeout? uint32 7585 | | +--rw options-template-refresh-timeout? uint32 7586 | | +--rw template-refresh-packet? uint32 7587 | | +--rw options-template-refresh-packet? uint32 7588 | | +--rw transport-layer-security! 7589 | | | +--rw local-certification-authority-dn* 7590 | | | | string 7591 | | | +--rw local-subject-dn* 7592 | | | | string 7593 | | | +--rw local-subject-fqdn* 7594 | | | | inet:domain-name 7595 | | | +--rw remote-certification-authority-dn* 7596 | | | | string 7597 | | | +--rw remote-subject-dn* 7598 | | | | string 7599 | | | +--rw remote-subject-fqdn* 7600 | | | inet:domain-name 7601 | | +--ro transport-session 7602 | | +--ro ipfix-version? 7603 | | | uint16 7604 | | +--ro source-address? 7605 | | | inet:host 7606 | | +--ro destination-address? 7607 | | | inet:host 7608 | | +--ro source-port? 7609 | | | inet:port-number 7610 | | +--ro destination-port? 7611 | | | inet:port-number 7612 | | +--ro status? 7613 | | | transport-session-status 7614 | | +--ro rate? 7615 | | | yang:gauge32 7616 | | +--ro bytes? 7617 | | | yang:counter64 7618 | | +--ro messages? 7619 | | | yang:counter64 7620 | | +--ro discarded-messages? 7621 | | | yang:counter64 7622 | | +--ro records? 7623 | | | yang:counter64 7624 | | +--ro templates? 7625 | | | yang:counter32 7626 | | +--ro options-templates? 7627 | | | yang:counter32 7628 | | +--ro transport-session-start-time? 7629 | | | yang:date-and-time 7630 | | +--ro transport-session-discontinuity-time? 7631 | | | yang:date-and-time 7632 | | +--ro template* [name] 7633 | | +--ro name 7634 | | | name-type 7635 | | +--ro observation-domain-id? uint32 7636 | | +--ro template-id? uint16 7637 | | +--ro set-id? uint16 7638 | | +--ro access-time? 7639 | | | yang:date-and-time 7640 | | +--ro template-data-records? 7641 | | | yang:counter64 7642 | | +--ro template-discontinuity-time? 7643 | | | yang:date-and-time 7644 | | +--ro field* [name] 7645 | | +--ro name name-type 7646 | | +--ro ie-id? ie-id-type 7647 | | +--ro ie-length? uint16 7648 | | +--ro ie-enterprise-number? uint32 7649 | | +--ro is-flow-key? empty 7650 | | +--ro is-scope? empty 7651 | +--:(sctp-exporter) 7652 | | +--rw sctp-exporter {sctp-transport}? 7653 | | +--rw ipfix-version? uint16 7654 | | +--rw source 7655 | | | +--rw (source-method)? 7656 | | | +--:(source-address) 7657 | | | | +--rw source-address? inet:host 7658 | | | +--:(interface-ref) 7659 | | | | +--rw interface-ref? if:interface-ref 7660 | | | +--:(if-index) {if-mib}? 7661 | | | | +--rw if-index? uint32 7662 | | | +--:(if-name) {if-mib}? 7663 | | | +--rw if-name? string 7664 | | +--rw destination 7665 | | | +--rw (destination-method) 7666 | | | +--:(destination-address) 7667 | | | +--rw destination-address? inet:host 7668 | | +--rw destination-port? 7669 | | | inet:port-number 7670 | | +--rw send-buffer-size? uint32 7671 | | +--rw rate-limit? uint32 7672 | | +--rw timed-reliability? uint32 7673 | | +--rw association-timeout? uint32 7674 | | +--rw transport-layer-security! 7675 | | | +--rw local-certification-authority-dn* 7676 | | | | string 7677 | | | +--rw local-subject-dn* 7678 | | | | string 7679 | | | +--rw local-subject-fqdn* 7680 | | | | inet:domain-name 7681 | | | +--rw remote-certification-authority-dn* 7682 | | | | string 7683 | | | +--rw remote-subject-dn* 7684 | | | | string 7685 | | | +--rw remote-subject-fqdn* 7686 | | | inet:domain-name 7687 | | +--ro transport-session 7688 | | +--ro sctp-association-id? 7689 | | | uint32 7690 | | +--ro ipfix-version? 7691 | | | uint16 7692 | | +--ro source-address? 7693 | | | inet:host 7694 | | +--ro destination-address? 7695 | | | inet:host 7696 | | +--ro source-port? 7697 | | | inet:port-number 7698 | | +--ro destination-port? 7699 | | | inet:port-number 7700 | | +--ro status? 7701 | | | transport-session-status 7702 | | +--ro rate? 7703 | | | yang:gauge32 7704 | | +--ro bytes? 7705 | | | yang:counter64 7706 | | +--ro messages? 7707 | | | yang:counter64 7708 | | +--ro discarded-messages? 7709 | | | yang:counter64 7710 | | +--ro records? 7711 | | | yang:counter64 7712 | | +--ro templates? 7713 | | | yang:counter32 7714 | | +--ro options-templates? 7715 | | | yang:counter32 7716 | | +--ro transport-session-start-time? 7717 | | | yang:date-and-time 7718 | | +--ro transport-session-discontinuity-time? 7719 | | | yang:date-and-time 7720 | | +--ro template* [name] 7721 | | +--ro name 7722 | | | name-type 7723 | | +--ro observation-domain-id? uint32 7724 | | +--ro template-id? uint16 7725 | | +--ro set-id? uint16 7726 | | +--ro access-time? 7727 | | | yang:date-and-time 7728 | | +--ro template-data-records? 7729 | | | yang:counter64 7730 | | +--ro template-discontinuity-time? 7731 | | | yang:date-and-time 7732 | | +--ro field* [name] 7733 | | +--ro name name-type 7734 | | +--ro ie-id? ie-id-type 7735 | | +--ro ie-length? uint16 7736 | | +--ro ie-enterprise-number? uint32 7737 | | +--ro is-flow-key? empty 7738 | | +--ro is-scope? empty 7739 | +--:(file-writer) 7740 | +--rw file-writer {file-writer}? 7741 | +--rw ipfix-version? uint16 7742 | +--rw file inet:uri 7743 | +--ro file-writer-state 7744 | +--ro bytes? 7745 | | yang:counter64 7746 | +--ro messages? 7747 | | yang:counter64 7748 | +--ro discarded-messages? 7749 | | yang:counter64 7750 | +--ro records? 7751 | | yang:counter64 7752 | +--ro templates? 7753 | | yang:counter32 7754 | +--ro options-templates? 7755 | | yang:counter32 7756 | +--ro file-writer-discontinuity-time? 7757 | | yang:date-and-time 7758 | +--ro template* [name] 7759 | +--ro name 7760 | | name-type 7761 | +--ro observation-domain-id? uint32 7762 | +--ro template-id? uint16 7763 | +--ro set-id? uint16 7764 | +--ro access-time? 7765 | | yang:date-and-time 7766 | +--ro template-data-records? 7767 | | yang:counter64 7768 | +--ro template-discontinuity-time? 7769 | | yang:date-and-time 7770 | +--ro field* [name] 7771 | +--ro name name-type 7772 | +--ro ie-id? ie-id-type 7773 | +--ro ie-length? uint16 7774 | +--ro ie-enterprise-number? uint32 7775 | +--ro is-flow-key? empty 7776 | +--ro is-scope? empty 7777 +--rw options* [name] 7778 | +--rw name name-type 7779 | +--rw options-type identityref 7780 | +--rw options-timeout? uint32 7781 +--ro exporting-process-id? uint32 7783 D.2. ietf-ipfix-packet-sampling 7785 The complete tree diagram for ietf-ipfix-packet-sampling: 7787 module: ietf-ipfix-packet-sampling 7788 augment /ietf-ipfix:ipfix: 7789 +--rw psamp 7790 +--rw observation-point* [name] 7791 | +--rw name ietf-ipfix:name-type 7792 | +--rw observation-domain-id uint32 7793 | +--rw interface-ref* if:interface-ref 7794 | +--rw if-name* if-name-type {if-mib}? 7795 | +--rw if-index* uint32 {if-mib}? 7796 | +--rw hardware-ref* hardware-ref 7797 | +--rw ent-physical-name* string {entity-mib}? 7798 | +--rw ent-physical-index* uint32 {entity-mib}? 7799 | +--rw direction? direction 7800 | +--rw selection-process* 7801 | | -> /ietf-ipfix:ipfix/psamp/selection-process/name 7802 | +--ro observation-point-id? uint32 7803 +--rw selection-process* [name] 7804 | +--rw name ietf-ipfix:name-type 7805 | +--rw selector* [name] 7806 | | +--rw name 7807 | | | ietf-ipfix:name-type 7808 | | +--rw (method) 7809 | | | +--:(select-all) 7810 | | | | +--rw select-all? empty 7811 | | | +--:(samp-count-based) 7812 | | | | +--rw samp-count-based {psamp-samp-count-based}? 7813 | | | | +--rw packet-interval uint32 7814 | | | | +--rw packet-space uint32 7815 | | | +--:(samp-time-based) 7816 | | | | +--rw samp-time-based {psamp-samp-time-based}? 7817 | | | | +--rw time-interval uint32 7818 | | | | +--rw time-space uint32 7819 | | | +--:(samp-rand-out-of-n) 7820 | | | | +--rw samp-rand-out-of-n 7821 | | | | {psamp-samp-rand-out-of-n}? 7822 | | | | +--rw size uint32 7823 | | | | +--rw population uint32 7824 | | | +--:(samp-uni-prob) 7825 | | | | +--rw samp-uni-prob {psamp-samp-uni-prob}? 7826 | | | | +--rw probability decimal64 7827 | | | +--:(filter-match) 7828 | | | | +--rw filter-match {psamp-filter-match}? 7829 | | | | +--rw (information-element) 7830 | | | | | +--:(ie-name) 7831 | | | | | | +--rw ie-name? 7832 | | | | | | ietf-ipfix:ie-name-type 7833 | | | | | +--:(ie-id) 7834 | | | | | +--rw ie-id? 7835 | | | | | ietf-ipfix:ie-id-type 7836 | | | | +--rw ie-enterprise-number? uint32 7837 | | | | +--rw value string 7838 | | | +--:(filter-hash) 7839 | | | +--rw filter-hash {psamp-filter-hash}? 7840 | | | +--rw hash-function? identityref 7841 | | | +--rw initializer-value? uint64 7842 | | | +--rw ip-payload-offset? uint64 7843 | | | +--rw ip-payload-size? uint64 7844 | | | +--rw digest-output? boolean 7845 | | | +--rw selected-range* [name] 7846 | | | | +--rw name ietf-ipfix:name-type 7847 | | | | +--rw min? uint64 7848 | | | | +--rw max? uint64 7849 | | | +--ro output-range-min? uint64 7850 | | | +--ro output-range-max? uint64 7851 | | +--ro packets-observed? yang:counter64 7852 | | +--ro packets-dropped? yang:counter64 7853 | | +--ro selector-discontinuity-time? yang:date-and-time 7854 | +--rw cache? 7855 | | -> /ietf-ipfix:ipfix/psamp/cache/name 7856 | +--ro selection-sequence* [] 7857 | +--ro observation-domain-id? uint32 7858 | +--ro selection-sequence-id? uint64 7859 +--rw cache* [name] 7860 +--rw name ietf-ipfix:name-type 7861 +--rw enabled? boolean 7862 +--rw (cache-type) 7863 | +--:(immediate-cache) 7864 | | +--rw immediate-cache {immediate-cache}? 7865 | | +--rw cache-layout 7866 | | +--rw cache-field* [name] 7867 | | +--rw name 7868 | | | ietf-ipfix:name-type 7869 | | +--rw (information-element) 7870 | | | +--:(ie-name) 7871 | | | | +--rw ie-name? 7872 | | | | ietf-ipfix:ie-name-type 7873 | | | +--:(ie-id) 7874 | | | +--rw ie-id? 7875 | | | ietf-ipfix:ie-id-type 7876 | | +--rw ie-length? uint16 7877 | | +--rw ie-enterprise-number? uint32 7878 | | +--rw is-flow-key? empty 7879 | +--:(timeout-cache) 7880 | | +--rw timeout-cache {timeout-cache}? 7881 | | +--rw max-flows? uint32 7882 | | +--rw active-timeout? uint32 7883 | | +--rw idle-timeout? uint32 7884 | | +--rw export-interval? uint32 7885 | | +--rw cache-layout 7886 | | | +--rw cache-field* [name] 7887 | | | +--rw name 7888 | | | | ietf-ipfix:name-type 7889 | | | +--rw (information-element) 7890 | | | | +--:(ie-name) 7891 | | | | | +--rw ie-name? 7892 | | | | | ietf-ipfix:ie-name-type 7893 | | | | +--:(ie-id) 7894 | | | | +--rw ie-id? 7895 | | | | ietf-ipfix:ie-id-type 7896 | | | +--rw ie-length? uint16 7897 | | | +--rw ie-enterprise-number? uint32 7898 | | | +--rw is-flow-key? empty 7899 | | +--ro active-flows? yang:gauge32 7900 | | +--ro unused-cache-entries? yang:gauge32 7901 | +--:(natural-cache) 7902 | | +--rw natural-cache {natural-cache}? 7903 | | +--rw max-flows? uint32 7904 | | +--rw active-timeout? uint32 7905 | | +--rw idle-timeout? uint32 7906 | | +--rw export-interval? uint32 7907 | | +--rw cache-layout 7908 | | | +--rw cache-field* [name] 7909 | | | +--rw name 7910 | | | | ietf-ipfix:name-type 7911 | | | +--rw (information-element) 7912 | | | | +--:(ie-name) 7913 | | | | | +--rw ie-name? 7914 | | | | | ietf-ipfix:ie-name-type 7915 | | | | +--:(ie-id) 7916 | | | | +--rw ie-id? 7917 | | | | ietf-ipfix:ie-id-type 7918 | | | +--rw ie-length? uint16 7919 | | | +--rw ie-enterprise-number? uint32 7920 | | | +--rw is-flow-key? empty 7921 | | +--ro active-flows? yang:gauge32 7922 | | +--ro unused-cache-entries? yang:gauge32 7923 | +--:(permanent-cache) 7924 | +--rw permanent-cache {permanent-cache}? 7925 | +--rw max-flows? uint32 7926 | +--rw active-timeout? uint32 7927 | +--rw idle-timeout? uint32 7928 | +--rw export-interval? uint32 7929 | +--rw cache-layout 7930 | | +--rw cache-field* [name] 7931 | | +--rw name 7932 | | | ietf-ipfix:name-type 7933 | | +--rw (information-element) 7934 | | | +--:(ie-name) 7935 | | | | +--rw ie-name? 7936 | | | | ietf-ipfix:ie-name-type 7937 | | | +--:(ie-id) 7938 | | | +--rw ie-id? 7939 | | | ietf-ipfix:ie-id-type 7940 | | +--rw ie-length? uint16 7941 | | +--rw ie-enterprise-number? uint32 7942 | | +--rw is-flow-key? empty 7943 | +--ro active-flows? yang:gauge32 7944 | +--ro unused-cache-entries? yang:gauge32 7945 +--rw exporting-process* 7946 | -> /ietf-ipfix:ipfix/exporting-process/name 7947 | {ietf-ipfix:exporter}? 7948 +--ro metering-process-id? uint32 7949 +--ro data-records? yang:counter64 7950 +--ro cache-discontinuity-time? yang:date-and-time 7952 D.3. ietf-ipfix-bulk-data-export 7954 The complete tree diagram for ietf-ipfix-bulk-data-export: 7956 module: ietf-ipfix-bulk-data-export 7957 augment /ietf-ipfix:ipfix: 7958 +--rw bulk-data-export 7959 +--rw template* [name] 7960 +--rw name ietf-ipfix:name-type 7961 +--rw enabled? boolean 7962 +--rw export-interval? uint32 7963 +--rw observation-domain-id? uint32 7964 +--rw field-layout 7965 | +--rw field* [name] 7966 | +--rw name ietf-ipfix:name-type 7967 | +--rw (identifier) 7968 | | +--:(ie-name) 7969 | | | +--rw ie-name? ietf-ipfix:ie-name-type 7970 | | +--:(ie-id) 7971 | | +--rw ie-id? ietf-ipfix:ie-id-type 7972 | +--rw ie-length? uint16 7973 | +--rw ie-enterprise-number? uint32 7974 +--rw exporting-process* 7975 | -> /ietf-ipfix:ipfix/exporting-process/name 7976 | {ietf-ipfix:exporter}? 7977 +--rw (resource-identifier)? 7978 | +--:(resource-instance) 7979 | +--rw resource-instance* resource 7980 +--ro data-records? yang:counter64 7981 +--ro discontinuity-time? yang:date-and-time 7983 Authors' Addresses 7985 Joey Boyd 7986 ADTRAN 7988 Email: joey.boyd@adtran.com 7990 Marta Seda 7991 Calix 7993 Email: marta.seda@calix.com