idnits 2.17.1 draft-ietf-ipfix-configuration-model-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 12, 2012) is 4329 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5101 (Obsoleted by RFC 7011) ** Obsolete normative reference: RFC 5102 (Obsoleted by RFC 7012) ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) -- Possible downref: Non-RFC (?) normative reference: ref. 'UML' -- Obsolete informational reference (is this intentional?): RFC 4133 (Obsoleted by RFC 6933) -- Obsolete informational reference (is this intentional?): RFC 6347 (Obsoleted by RFC 9147) -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) == Outdated reference: A later version (-06) exists of draft-ietf-ipfix-psamp-mib-04 Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IP Flow Information Export WG G. Muenz 3 Internet-Draft TU Muenchen 4 Intended status: Standards Track B. Claise 5 Expires: December 14, 2012 P. Aitken 6 Cisco Systems, Inc. 7 June 12, 2012 9 Configuration Data Model for IPFIX and PSAMP 10 12 Abstract 14 This document specifies a data model for configuring and monitoring 15 Selection Processes, Caches, Exporting Processes, and Collecting 16 Processes of IPFIX and PSAMP compliant Monitoring Devices using the 17 NETCONF protocol. The data model is defined using UML (Unified 18 Modeling Language) class diagrams and formally specified using YANG. 19 The configuration data is encoded in Extensible Markup Language 20 (XML). 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on December 14, 2012. 39 Copyright Notice 41 Copyright (c) 2012 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 This document may contain material from IETF Documents or IETF 55 Contributions published or made publicly available before November 56 10, 2008. The person(s) controlling the copyright in some of this 57 material may not have granted the IETF Trust the right to allow 58 modifications of such material outside the IETF Standards Process. 59 Without obtaining an adequate license from the person(s) controlling 60 the copyright in such materials, this document may not be modified 61 outside the IETF Standards Process, and derivative works of it may 62 not be created outside the IETF Standards Process, except to format 63 it for publication as an RFC or to translate it into languages other 64 than English. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 69 1.1. IPFIX Documents Overview . . . . . . . . . . . . . . . . 6 70 1.2. PSAMP Documents Overview . . . . . . . . . . . . . . . . 6 72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 74 3. Structure of the Configuration Data Model . . . . . . . . . . 9 75 3.1. Metering Process Decomposition in Selection Process 76 and Cache . . . . . . . . . . . . . . . . . . . . . . . . 10 77 3.2. UML Representation . . . . . . . . . . . . . . . . . . . 12 78 3.3. Exporter Configuration . . . . . . . . . . . . . . . . . 16 79 3.4. Collector Configuration . . . . . . . . . . . . . . . . . 18 81 4. Configuration Parameters . . . . . . . . . . . . . . . . . . 19 82 4.1. ObservationPoint Class . . . . . . . . . . . . . . . . . 19 83 4.2. SelectionProcess Class . . . . . . . . . . . . . . . . . 21 84 4.2.1. Selector Class . . . . . . . . . . . . . . . . . . . 22 85 4.2.2. Sampler Classes . . . . . . . . . . . . . . . . . . . 23 86 4.2.3. Filter Classes . . . . . . . . . . . . . . . . . . . 24 87 4.3. Cache Class . . . . . . . . . . . . . . . . . . . . . . . 26 88 4.3.1. ImmediateCache Class . . . . . . . . . . . . . . . . 27 89 4.3.2. TimeoutCache, NaturalCache, and PermanentCache 90 Class . . . . . . . . . . . . . . . . . . . . . . . . 28 91 4.3.3. CacheLayout Class . . . . . . . . . . . . . . . . . . 30 92 4.4. ExportingProcess Class . . . . . . . . . . . . . . . . . 33 93 4.4.1. SctpExporter Class . . . . . . . . . . . . . . . . . 35 94 4.4.2. UdpExporter Class . . . . . . . . . . . . . . . . . . 36 95 4.4.3. TcpExporter Class . . . . . . . . . . . . . . . . . . 38 96 4.4.4. FileWriter Class . . . . . . . . . . . . . . . . . . 39 97 4.4.5. Options Class . . . . . . . . . . . . . . . . . . . . 40 98 4.5. CollectingProcess Class . . . . . . . . . . . . . . . . . 42 99 4.5.1. SctpCollector Class . . . . . . . . . . . . . . . . . 43 100 4.5.2. UdpCollector Class . . . . . . . . . . . . . . . . . 44 101 4.5.3. TcpCollector Class . . . . . . . . . . . . . . . . . 45 102 4.5.4. FileReader Class . . . . . . . . . . . . . . . . . . 46 103 4.6. Transport Layer Security Class . . . . . . . . . . . . . 47 104 4.7. Transport Session Class . . . . . . . . . . . . . . . . . 50 105 4.8. Template Class . . . . . . . . . . . . . . . . . . . . . 54 107 5. Adaptation to Device Capabilities . . . . . . . . . . . . . . 55 109 6. YANG Module of the IPFIX/PSAMP Configuration Data Model . . . 58 111 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 105 112 7.1. PSAMP Device . . . . . . . . . . . . . . . . . . . . . . 105 113 7.2. IPFIX Device . . . . . . . . . . . . . . . . . . . . . . 116 114 7.3. Export of Flow Records and Packet Reports . . . . . . . . 119 115 7.4. Collector and File Writer . . . . . . . . . . . . . . . . 121 116 7.5. Deviations . . . . . . . . . . . . . . . . . . . . . . . 122 118 8. Security Considerations . . . . . . . . . . . . . . . . . . . 123 120 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 125 122 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 125 124 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 126 125 10.1. Normative References . . . . . . . . . . . . . . . . . . 126 126 10.2. Informative References . . . . . . . . . . . . . . . . . 126 128 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 129 130 1. Introduction 132 Editor's note (to be removed prior to publication): This draft is to 133 be published as RFC after ietf-ipfix-psamp-mib has become RFC. The 134 RFC Editor is asked to replace references to ietf-ipfix-psamp-mib by 135 references to the corresponding RFC. In the YANG module (Section 6), 136 occurrences of "yyyy" shall be replaced by the RFC number of 137 draft-ietf-ipfix-psamp-mib. In the YANG module (Section 6) and in 138 Section 9, occurrences of "xxxx" shall be replaced by the RFC number 139 of this document. 141 IPFIX and PSAMP compliant Monitoring Devices (routers, switches, 142 monitoring probes, Collectors etc.) offer various configuration 143 possibilities that allow adapting network monitoring to the goals and 144 purposes of the application, such as accounting and charging, traffic 145 analysis, performance monitoring, security monitoring. The use of a 146 common vendor-independent configuration data model for IPFIX and 147 PSAMP compliant Monitoring Devices facilitates network management and 148 configuration, especially if Monitoring Devices of different 149 implementers or manufacturers are deployed simultaneously. On the 150 one hand, a vendor-independent configuration data model helps storing 151 and managing the configuration data of Monitoring Devices in a 152 consistent format. On the other hand, it can be used for local and 153 remote configuration of Monitoring Devices. 155 The purpose of this document is the specification of a vendor- 156 independent configuration data model that covers the commonly 157 available configuration parameters of Selection Processes, Caches, 158 Exporting Processes, and Collecting Processes. In addition, it 159 includes common states parameters of a Monitoring Device. The 160 configuration data model is defined using UML (Unified Modeling 161 Language) class diagrams [UML] while the actual configuration data is 162 encoded in Extensible Markup Language (XML) [W3C.REC-xml-20081126]. 163 An XML document conforming to the configuration data model contains 164 the configuration data of one Monitoring Device. 166 The configuration data model is designed for being used with the 167 NETCONF protocol [RFC6241] in order to configure remote Monitoring 168 Devices. With the NETCONF protocol, it is possible to transfer a 169 complete set of configuration data to a Monitoring Device, to query 170 the current configuration and state parameters of a Monitoring 171 Device, and to change specific parameter values of an existing 172 Monitoring Device configuration. 174 In order to ensure compatibility with the NETCONF protocol [RFC6241], 175 YANG [RFC6020] is used to formally specify the configuration data 176 model. If required, the YANG specification of the configuration data 177 model can be converted into XML Schema language 179 [W3C.REC-xmlschema-0-20041028] or DSDL (Document Schema Definition 180 Languages) [RFC6110], for example by using the pyang tool [YANG-WEB]. 181 YANG provides mechanisms to adapt the configuration data model to 182 device-specific constraints and to augment the model with additional 183 device-specific or vendor-specific parameters. 185 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 186 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 187 document are to be interpreted as described in [RFC2119]. 189 1.1. IPFIX Documents Overview 191 The IPFIX protocol [RFC5101] provides network administrators with 192 access to IP Flow information. The architecture for the export of 193 measured IP Flow information out of an IPFIX Exporting Process to a 194 Collecting Process is defined in [RFC5470], per the requirements 195 defined in [RFC3917]. The IPFIX protocol [RFC5101] specifies how 196 IPFIX Data Records and Templates are carried via a number of 197 transport protocols from IPFIX Exporting Processes to IPFIX 198 Collecting Process. IPFIX has a formal description of IPFIX 199 Information Elements, their name, type and additional semantic 200 information, as specified in [RFC5102]. [RFC6615] specifies the 201 IPFIX Management Information Base, consisting of the IPFIX MIB module 202 and the IPFIX SELECTOR MIB module. Finally, [RFC5472] describes what 203 type of applications can use the IPFIX protocol and how they can use 204 the information provided. It furthermore shows how the IPFIX 205 framework relates to other architectures and frameworks. Methods for 206 efficient export of bidirectional Flow information and common 207 properties in Data Records are specified in [RFC5103] and [RFC5473], 208 respectively. [RFC5610] addresses the export of extended type 209 information for enterprise-specific Information Elements. The 210 storage of IPFIX Messages in a file is specified in [RFC5655]. 212 1.2. PSAMP Documents Overview 214 The framework for packet selection and reporting [RFC5474] enables 215 network elements to select subsets of packets by statistical and 216 other methods, and to export a stream of reports on the selected 217 packets to a Collector. The set of packet selection techniques 218 (Sampling, Filtering, and hashing) standardized by PSAMP are 219 described in [RFC5475]. The PSAMP protocol [RFC5476] specifies the 220 export of packet information from a PSAMP Exporting Process to a 221 PSAMP Collector. Instead of exporting PSAMP Packet Reports, the 222 stream of selected packets may also serve as input to the generation 223 of IPFIX Flow Records. Like IPFIX, PSAMP has a formal description of 224 its Information Elements, their name, type and additional semantic 225 information. The PSAMP information model is defined in [RFC5477]. 226 [I-D.ietf-ipfix-psamp-mib] specifies the PSAMP MIB module as an 227 extension of the IPFIX SELECTOR MIB module defined in [RFC6615]. 229 2. Terminology 231 This document adopts the terminologies used in [RFC5101], [RFC5103], 232 [RFC5655], and [RFC5476]. As in these documents, all specific terms 233 have the first letter of a word capitalized when used in this 234 document. The following listing indicates in which references the 235 definitions of those terms that are commonly used throughout this 236 document can be found: 238 o Definitions adopted from [RFC5101]: 239 * Collection Process 240 * Collector 241 * Data Record 242 * Exporter 243 * Flow 244 * Flow Key 245 * Flow Record 246 * Information Element 247 * IPFIX Device 248 * IPFIX Message 249 * Observation Domain 250 * Observation Point 251 * (Options) Template 253 o Definitions adopted from [RFC5103]: 254 * Reverse Information Element 256 o Definitions adopted from [RFC5655]: 257 * File Reader 258 * File Writer 260 o Definitions adopted from [RFC5476]: 261 * Filtering 262 * Observed Packet Stream 263 * Packet Report 264 * PSAMP Device 265 * Sampling 266 * Selection Process 267 * Selection Sequence 268 * Selection Sequence Report Interpretation 269 * Selection Sequence Statistics Report Interpretation 270 * Selection State 271 * Selector, Primitive Selector, Composite Selector 272 * Selector Report Interpretation 274 The terms Metering Process and Exporting Process have different 275 definitions in [RFC5101] and [RFC5476]. In the scope of this 276 document, these terms are used according to the following definitions 277 which cover the deployment in both PSAMP Devices and IPFIX Devices: 279 Metering Process 281 The Metering Process generates IPFIX Flow Records or PSAMP Packet 282 Reports, depending on its deployment as part of an IPFIX Device or 283 PSAMP Device. Inputs to the process are packets observed at one 284 or multiple Observation Points, as well as characteristics 285 describing the packet treatment at these Observation Points. If 286 IPFIX Flow Records are generated, the Metering Process MUST NOT 287 aggregate packets observed at different Observation Domains in the 288 same Flow. The function of the Metering Process is split into two 289 functional blocks: Selection Process and Cache. 291 Exporting Process 293 Depending on its deployment as part of an IPFIX Device or PSAMP 294 Device, the Exporting Process sends IPFIX Flow Records or PSAMP 295 Packet Reports to one or more Collecting Processes. The IPFIX 296 Flow Records or PSAMP Packet Reports are generated by one or more 297 Metering Processes. 299 In addition to the existing IPFIX and PSAMP terminology, the 300 following terms are defined: 302 Cache 304 The Cache is a functional block in a Metering Process which 305 generates IPFIX Flow Records or PSAMP Packet Reports from a 306 Selected Packet Stream, in accordance with its configuration. If 307 Flow Records are generated, the Cache performs tasks like creating 308 new records, updating existing ones, computing Flow statistics, 309 deriving further Flow properties, detecting Flow expiration, 310 passing Flow Records to the Exporting Process, and deleting Flow 311 Records. If Packet Reports are generated, the Cache performs 312 tasks like extracting packet contents and derived packet 313 properties from the Selected Packet Stream, creating new records, 314 and passing them as Packet Reports to the Exporting Process. 316 Cache Layout 318 The Cache Layout defines the superset of fields that are included 319 in the Packet Reports or Flow Records maintained by the Cache. 320 The fields are specified by the corresponding Information 321 Elements. In general, the largest possible subset of the 322 specified fields is derived for every Packet Report or Flow 323 Record. More specific rules about which fields must be included 324 are given in Section 4.3.3. 326 Monitoring Device 328 A Monitoring Device implements at least one of the functional 329 blocks specified in the context of IPFIX or PSAMP. In particular, 330 the term Monitoring Device encompasses Exporters, Collectors, 331 IPFIX Devices, and PSAMP Devices. 333 Selected Packet Stream 335 The Selected Packet Stream is the set of all packets selected by a 336 Selection Process. 338 3. Structure of the Configuration Data Model 340 The IPFIX reference model in [RFC5470] describes Metering Processes, 341 Exporting Processes, and Collecting Processes as functional blocks of 342 IPFIX Devices. The PSAMP framework [RFC5474] provides the 343 corresponding information for PSAMP Devices and introduces the 344 Selection Process as a functional block within Metering Processes. 345 In Section 2 of the document, the Cache is defined as another 346 functional block within Metering Processes. Further explanations 347 about the relationship between Selection Process and Cache are given 348 in Section 3.1. IPFIX File Reader and File Writer are defined as 349 specific kinds of Exporting and Collecting Processes in [RFC5655]. 351 Monitoring Device implementations usually maintain the separation of 352 various functional blocks although they do not necessarily implement 353 all of them. Furthermore, they provide various configuration 354 possibilities; some of them are specified as mandatory by the IPFIX 355 protocol [RFC5101] or PSAMP protocol [RFC5476]. The configuration 356 data model enables the setting of commonly available configuration 357 parameters for Selection Processes, Caches, Exporting Processes, and 358 Collecting Processes. In addition, it allows specifying the 359 composition of functional blocks within a Monitoring Device 360 configuration and their linkage with Observation Points. 362 The selection of parameters in the configuration data model is based 363 on configuration issues discussed in the IPFIX and PSAMP documents 364 [RFC3917], [RFC5101], [RFC5470], [RFC5476], [RFC5474], and [RFC5475]. 365 Furthermore, the structure and content of the IPFIX MIB module 366 [RFC6615] and the PSAMP MIB module [I-D.ietf-ipfix-psamp-mib] have 367 been taken into consideration. Consistency between the configuration 368 data model and the IPFIX and PSAMP MIB modules is an intended goal. 369 Therefore, parameters in the configuration data model are named 370 according to corresponding managed objects. Certain IPFIX MIB 371 objects containing state data have been adopted as state parameters 372 in the configuration data model. State parameters cannot be 373 configured, yet their values can be queried from the Monitoring 374 Device by a network manager. 376 Section 3.2 explains how UML class diagrams are deployed to 377 illustrate the structure of the configuration data model. 378 Thereafter, Section 3.3 and Section 3.4 explain the class diagrams 379 for the configuration of Exporters and Collectors, respectively. 380 Each of the presented classes contains specific configuration 381 parameters which are specified in Section 4. Section 5 gives a short 382 introduction to YANG concepts that allow adapting the configuration 383 data model to the capabilities of a device. The formal definition of 384 the configuration data model in YANG is given in Section 6. 385 Section 7 illustrates the usage of the model with example 386 configurations in XML. 388 3.1. Metering Process Decomposition in Selection Process and Cache 390 In a Monitoring Device implementation, the functionality of the 391 Metering Process is commonly split into packet Sampling and Filtering 392 functions performed by Selection Processes, and the maintenance of 393 Flow Records and Packet Reports performed by a Cache. Figure 1 394 illustrates this separation with the example of a basic Metering 395 Process. 397 +-----------------------------------+ 398 | Metering Process | 399 | +-----------+ Selected | 400 Observed | | Selection | Packet +-------+ | Stream of 401 Packet -->| Process |---------->| Cache |--> Flow Records or 402 Stream | +-----------+ Stream +-------+ | Packet Reports 403 +-----------------------------------+ 405 Figure 1: Selection Process and Cache forming a Metering Process 407 The configuration data model adopts the separation of Selection 408 Processes and Caches in order to support the flexible configuration 409 and combination of these functional blocks. As defined in [RFC5476], 410 the Selection Process takes an Observed Packet Stream as its input 411 and selects a subset of that stream as its output (Selected Packet 412 Stream). The action of the Selection Process on a single packet of 413 its input is defined by one Selector (called Primitive Selector) or 414 an ordered composition of multiple Selectors (called Composite 415 Selector). The Cache generates Flow Records or Packet Reports from 416 the Selected Packet Stream, depending on its configuration. 418 The configuration data model does not allow configuring a Metering 419 Process without any Selection Process in front of the Cache. If all 420 packets in the Observed Packet Stream shall be selected and passed to 421 the Cache without any Filtering or Sampling, a Selection Process 422 needs to be configured with a Selector which selects all packets 423 ("SelectAll" class in Section 4.2.1). 425 The configuration data model enables the configuration of a Selection 426 Process which receives packets from multiple Observation Points as 427 its input. In this case, the Observed Packet Streams of the 428 Observation Points are processed in independent Selection Sequences. 429 As specified in [RFC5476], a distinct set of Selector instances needs 430 to be maintained per Selection Sequence in order to keep the 431 Selection States and statistics separate. 433 With the configuration data model, it is possible to configure a 434 Metering Process with more than one Selection Processes whose output 435 is processed by a single Cache. This is illustrated in Figure 2. 437 +-------------------------------------+ 438 | Metering Process | 439 | +-----------+ Selected | 440 Observed | | Selection | Packet | 441 Packet -->| Process |----------+ +-------+ | 442 Stream | +-----------+ Stream +->| | | Stream of 443 | ... | Cache |--> Flow Records or 444 | +-----------+ Selected +->| | | Packet Reports 445 Observed | | Selection | Packet | +-------+ | 446 Packet -->| Process |----------+ | 447 Stream | +-----------+ Stream | 448 +-------------------------------------+ 450 Figure 2: Metering Process with multiple Selection Processes 452 The Observed Packet Streams at the input of a Metering Process may 453 originate from Observation Points belonging to different Observation 454 Domains. By definition of the Observation Domain (see [RFC5101]), 455 however, a Cache MUST NOT aggregate packets observed at different 456 Observation Domains in the same Flow. Hence, if the Cache is 457 configured to generate Flow Records, it needs to distinguish packets 458 according to their Observation Domains. 460 3.2. UML Representation 462 We use UML class diagrams [UML] to explain the structure of the 463 configuration data model. The attributes of the classes are the 464 configuration or state parameters. The configuration and state 465 parameters of a given Monitoring Device are represented as objects of 466 these classes encoded in XML. 468 +------------------------------+ 469 | SctpExporter | 470 +------------------------------+ 0..1 +------------------------+ 471 | name |<>-------| TransportLayerSecurity | 472 | ipfixVersion = 10 | +------------------------+ 473 | sourceIPAddress[0..*] | 474 | destinationIPAddress[1..*] | 0..1 +------------------------+ 475 | destinationPort = 4739|4740 |<>-------| TransportSession | 476 | ifName/ifIndex[0..1] | +------------------------+ 477 | sendBufferSize {opt.} | 478 | rateLimit[0..1] | 479 | timedReliability = 0 | 480 +------------------------------+ 482 Figure 3: UML example: SctpExporter class 484 As an example, Figure 3 shows the UML diagram of the SctpExporter 485 class, which is specified in more detail in Section 4.4.1. The upper 486 box contains the name of the class. The lower box lists the 487 attributes of the class. Each attribute corresponds to a parameter 488 of the configuration data model. 490 Behind an attribute's name, there may appear a multiplicity indicator 491 in brackets (i.e., between "[" and "]"). An attribute with 492 multiplicity indicator "[0..1]" represents an OPTIONAL configuration 493 parameter which is only included in the configuration data if the 494 user configures it. Typically, the absence of an OPTIONAL parameter 495 has a specific meaning. For example, not configuring rateLimit in an 496 object of the SctpExporter class means that no rate limiting will be 497 applied to the exported data. In YANG, an OPTIONAL parameter is 498 specified as a "leaf" without "mandatory true" substatement. The 499 "description" substatement specifies the behavior for the case that 500 the parameter is not configured. 502 The multiplicity indicator "[0..*]" means that this parameter is 503 OPTIONAL and MAY be configured multiple times with different values. 504 In the example, multiple source IP addresses (sourceIPAddress) may be 505 configured for a multi-homed Exporting Process. In YANG, an 506 attribute with multiplicity indicator "[0..*]" corresponds to a 507 "leaf-list". 509 The multiplicity indicator "[1..*]" means that this parameter MUST be 510 configured at least once and MAY be configured multiple times with 511 different values. In the example, one or more destination IP 512 addresses (destinationIPAddress) must be configured to specify the 513 export destination. In YANG, an attribute with multiplicity 514 indicator "[1..*]" corresponds to a "leaf-list" with "min-elements 1" 515 substatement. Note that attributes without this multiplicity 516 indicator MUST NOT appear more than once in each object of the class. 518 Attributes without multiplicity indicator may be endued with a 519 default value which is indicated behind the equality symbol ("="). 520 If a default value exists, the parameter does not have to be 521 explicitly configured by the user. If the parameter is not 522 configured by the user, the Monitoring Device MUST use the specified 523 default value for the given parameter. In the example, IPFIX version 524 10 must be used unless a different value is configured for 525 ipfixVersion. In YANG, an attribute with default value corresponds 526 to a "leaf" with "default" substatement. 528 In the example, there exist two default values for the destination 529 port (destinationPort), namely the registered ports for IPFIX with 530 and without transport layer security (i.e., DTLS or TLS), which are 531 4740 and 4739, respectively. In the UML diagram, the two default 532 values are separated by a vertical bar ("|"). In YANG, such 533 conditional default value alternatives cannot be specified formally. 534 Instead, they are defined in the "description" substatement of the 535 "leaf". 537 Further attribute properties are denoted in braces (i.e., between "{" 538 and "}"). An attribute with property "{opt.}", such as 539 sendBufferSize in the SctpExporter class, represents a parameter that 540 MAY be configured by the user. If not configured by the user, the 541 Monitoring Device MUST set an appropriate value for this parameter at 542 configuration time. As a result, the parameter will always exist in 543 the configuration data, yet it is not mandatory for the user to 544 configure it. This behavior can be implemented as a static device- 545 specific default value, but does not have to. Therefore, the user 546 MUST NOT expect that the device always sets the same values for the 547 same parameter. Regardless of whether the parameter value has been 548 configured by the user or set by the device, the parameter value MUST 549 NOT be changed by the device after configuration. Since this 550 behavior cannot be specified formally in YANG, it is specified in the 551 "description" substatement of the "leaf". 553 The availability of a parameter may depend on another parameter 554 value. In the UML diagram, such restrictions are indicated as 555 attribute properties (e.g., "{SCTP only}"). The given example does 556 not show such restrictions. In YANG, the availability of a parameter 557 is formally restricted with the "when" substatement of the "leaf". 559 Another attribute property not shown in the example is "{readOnly}" 560 specifying state parameters which cannot be configured. In YANG, 561 this corresponds to the "config false" substatement. 563 Attributes without multiplicity indicator, without default value, and 564 without "{readOnly}" property are mandatory configuration parameters. 565 These parameters MUST be configured by the user unless an attribute 566 property determines that the parameter is not available. In YANG, a 567 mandatory parameter corresponds to a "leaf" with "mandatory true" 568 substatement. In the example, the user MUST configure the name 569 parameter. 571 If some parameters are related to each other, it makes sense to group 572 these parameters in a subclass. This is especially useful if 573 different subclasses represent choices of different parameter sets, 574 or if the parameters of a subclass may appear multiple times. For 575 example, the SctpExporter class MAY contain the parameters of the 576 TransportLayerSecurity subclass. 578 An object of a class is encoded as an XML element. In order to 579 distinguish between classes and objects, class names start with an 580 upper case character while the associated XML elements start with 581 lower case characters. Parameters appear as XML elements which are 582 nested in the XML element of the object. In XML, the parameters of 583 an object can appear in any order and do not have to follow the order 584 in the UML class diagram. Unless specified differently, the order in 585 which parameters appear does not have a meaning. As an example, an 586 object of the SctpExporter class corresponds to one occurrence of 588 589 my-sctp-export 590 ... 591 593 There are various possibilities how objects of classes can be related 594 to each other. In the scope of this document, we use two different 595 types of relationship between objects: aggregation and unidirectional 596 association. In UML class diagrams, two different arrow types are 597 used as shown in Figure 4. 599 +---+ 0..* +---+ +---+ 0..* 1 +---+ 600 | A |<>------| B | | A |-------->| B | 601 +---+ +---+ +---+ +---+ 602 (a) Aggregation (b) Unidirectional association 604 Figure 4: Class relationships in UML class diagrams 606 Aggregation means that one object is part of the other object. In 607 Figure 4 (a), an object of class B is part of an object of class A. 608 This corresponds to nested XML elements: 610 611 612 ... 613 614 ... 615 617 In the example, objects of the TransportLayerSecurity class and the 618 TransportSession class appear as nested XML elements 619 and within an object of 620 the SctpExporter class . 622 A unidirectional association is a reference to an object. In 623 Figure 4 (b), an object of class A contains a reference to an object 624 of class B. This corresponds to separate XML elements that are not 625 nested. To distinguish different objects of class B, class B must 626 have a key. In the configuration data model, keys are string 627 parameters called "name", corresponding to XML elements . The 628 names MUST be unique within the given XML subtree. The reference to 629 a specific object of class B is encoded with an XML element which 630 contains the name of an object. If an object of class A refers to 631 the object of class B with name "foo", this looks as follows: 633 634 ... 635 foo 636 ... 637 639 640 foo 641 ... 642 644 In Figure 4, the indicated numbers define the multiplicity: 646 "1": one only 647 "0..*": zero or more 648 "1..*": one or more 650 In the case of aggregation, the multiplicity indicates how many 651 objects of one class may be included in one object of the other 652 class. In Figure 4 (a), an object of class A may contain an 653 arbitrary number of objects of class B. In the case of unidirectional 654 association, the multiplicity at the arrowhead specifies the number 655 of objects of a given class that may be referred to. The 656 multiplicity at the arrow tail specifies how many different objects 657 of one class may refer to a single object of the other class. In 658 Figure 4 (b), an object of class A refers to single object of class 659 B. One object of class B can be referred to from an arbitrary number 660 of objects of class A. 662 Similar to classes that are referenced in UML associations, classes 663 which contain configuration parameters and which occur in an 664 aggregation relationship with multiplicity greater than one must have 665 a key. This key is necessary because every configuration parameter 666 must be addressable in order to manipulate or delete it. The key 667 values MUST be unique in the given XML subtree (i.e., unique within 668 the aggregating object). Hence, if class B in Figure 4 (a) contains 669 a configuration parameter, all objects of class B belonging to the 670 same object of class A must have different key values. Again, the 671 key appears as an attribute called "name" in the concerned classes. 673 A class which contains state parameters but no configuration 674 parameters, such as the Template class (see Section 4.8), does not 675 have a key. This is because state parameters cannot be manipulated 676 or deleted, and therefore do not need to be addressable. 678 Note that the usage of keys as described above is required by YANG 679 [RFC6020] which mandates the existence of a key for elements which 680 appear in a list of configuration data. 682 The configuration data model for IPFIX and PSAMP makes use of 683 unidirectional associations to specify the data flow between 684 different functional blocks. For example, if the output of a 685 Selection Process is processed by a Cache, this corresponds to an 686 object of the SelectionProcess class that contains a reference to an 687 object of the Cache class. The configuration data model does not 688 mandate that such a reference exists for every functional block that 689 has an output. If such a reference is absent, the output is dropped 690 without any further processing. Although such configurations are 691 incomplete, we do not consider them as invalid as they may 692 temporarily occur if a Monitoring Device is configured in multiple 693 steps. Also, it might be useful to pre-configure certain functions 694 of a Monitoring Device in order to be able to switch to a new 695 configuration more quickly. 697 3.3. Exporter Configuration 699 Figure 5 below shows the main classes of the configuration data model 700 which are involved in the configuration of an IPFIX or PSAMP 701 Exporter. The role of the classes can be briefly summarized as 702 follows: 704 o The ObservationPoint class specifies an Observation Point (i.e., 705 an interface or linecard) of the Monitoring Device at which 706 packets are captured for traffic measurements. An object of the 707 ObservationPoint class may be associated with one or more objects 708 of the SelectionProcess class configuring Selection Processes that 709 process the observed packets in parallel. As long as an 710 ObservationPoint object is specified without any references to 711 SelectionProcess objects, the captured packets are not considered 712 by any Metering Process. 714 o The SelectionProcess class contains the configuration and state 715 parameters of a Selection Process. The Selection Process may be 716 composed of a single Selector or a sequence of Selectors, defining 717 a Primitive or Composite Selector, respectively. 719 The Selection Process selects packets from one or more Observed 720 Packet Streams, each originating from a different Observation 721 Point. Therefore, a SelectionProcess object MAY be referred to 722 from one or more ObservationPoint objects. 724 A Selection Process MAY pass the Selected Packet Stream to a 725 Cache. Therefore, the SelectionProcess class contains a reference 726 to an object of the Cache class. If a Selection Process is 727 configured without any reference to a Cache, the selected packets 728 are not accounted in any Packet Report or Flow Record. 730 o The Cache class contains configuration and state parameters of a 731 Cache. A Cache may receive the output of one or more Selection 732 Processes and maintains corresponding Packet Reports or Flow 733 Records. Therefore, an object of the Cache class MAY be referred 734 to from multiple SelectionProcess objects. 736 Configuration parameters of the Cache class specify the size of 737 the Cache, the Cache Layout, and expiration parameters if 738 applicable. The Cache configuration also determines whether 739 Packet Reports or Flow Records are generated. 741 A Cache MAY pass its output to one or multiple Exporting Process. 742 Therefore, the Cache class enables references to one or multiple 743 objects of the ExportingProcess class. If a Cache object does not 744 specify any reference to an ExportingProcess object, the Cache 745 output is dropped. 747 o The ExportingProcess class contains configuration and state 748 parameters of an Exporting Process. It includes various transport 749 protocol specific parameters and the export destinations. An 750 object of the ExportingProcess class MAY be referred to from 751 multiple objects of the Cache class. 753 An Exporting Process MAY be configured as a File Writer according 754 to [RFC5655]. 756 +------------------+ 757 | ObservationPoint | 758 +------------------+ 759 0..* | 760 | 761 0..* V 762 +------------------+ 763 | SelectionProcess | 764 +------------------+ 765 0..* | 766 | 767 0..1 V 768 +------------------+ 769 | Cache | 770 +------------------+ 771 0..* | 772 | 773 0..* V 774 +------------------+ 775 | ExportingProcess | 776 +------------------+ 778 Figure 5: Class diagram of Exporter configuration 780 3.4. Collector Configuration 782 Figure 6 below shows the main classes of the configuration data model 783 which are involved in the configuration of a Collector. An object of 784 the CollectingProcess class specifies the local IP addresses, 785 transport protocols and port numbers of a Collecting Process. 786 Alternatively, the Collecting Process MAY be configured as a File 787 Reader according to [RFC5655]. 789 An object of the CollectingProcess class may refer to one or multiple 790 ExportingProcess objects configuring Exporting Processes that 791 reexport the received data. As an example, an Exporting Process can 792 be configured as a File Writer in order to save the received IPFIX 793 Messages in a file. 795 +-------------------+ 796 | CollectingProcess | 797 +-------------------+ 798 0..* | 799 | 800 0..* V 801 +-------------------+ 802 | ExportingProcess | 803 +-------------------+ 805 Figure 6: Class diagram of Collector configuration 807 4. Configuration Parameters 809 This section specifies the configuration and state parameters of the 810 configuration data model separately for each class. 812 4.1. ObservationPoint Class 814 +-------------------------------+ 815 | ObservationPoint | 816 +-------------------------------+ 817 | name | 818 | observationPointId {readOnly} | 819 | observationDomainId | 0..* 820 | ifName[0..*] |-------------+ 821 | ifIndex[0..*] | | 0..* 822 | entPhysicalName[0..*] | V 823 | entPhysicalIndex[0..*] | +------------------+ 824 | direction = "both" | | SelectionProcess | 825 +-------------------------------+ +------------------+ 827 Figure 7: ObservationPoint class 829 Figure 7 shows the ObservationPoint class that specifies an 830 Observation Point of the Monitoring Device. 832 As defined in [RFC5101], an Observation Point can be any location 833 where packets are observed. A Monitoring Device potentially has more 834 than one such location. An instance of ObservationPoint class 835 defines which location is associated with a specific Observation 836 Point. For this purpose, interfaces and physical entities are 837 identified using their names. Alternatively, index values of the 838 corresponding entries in the ifTable (IF-MIB module [RFC2863]) or the 839 entPhysicalTable (ENTITY-MIB modules [RFC4133]) can be used as 840 identifiers. However, indices SHOULD only be used as identifiers if 841 an SNMP agent on the same Monitoring Device enables access to the 842 corresponding MIB tables. 844 By its definition in [RFC5101], an Observation Point may be 845 associated with a set of interfaces. Therefore, the configuration 846 data model allows configuring multiple interfaces and physical 847 entities for a single Observation Point. 849 The Observation Point ID (i.e., the value of the Information Element 850 observationPointId [RFC5102]) is assigned by the Monitoring Device. 851 It appears as a state parameter in the ObservationPoint class. 853 The configuration parameters of the Observation Point are: 855 observationDomainId: This parameter defines the identifier of the 856 Observation Domain the Observation Point belongs to. Observation 857 Points that are configured with the same Observation Domain ID 858 belong to the same Observation Domain. 859 Note that this parameter corresponds to 860 ipfixObservationPointObservationDomainId in the IPFIX MIB module 861 [RFC6615]. 863 ifName/ifIndex/entPhysicalName/entPhysicalIndex: These parameters 864 identify interfaces and physical entities (e.g., linecards) on the 865 Monitoring Device which are associated with the given Observation 866 Point. 867 An interface is either identified by its name (ifName) or the 868 ifIndex value of the corresponding object in the IF-MIB module 869 [RFC2863]. ifIndex SHOULD only be used if an SNMP agent enables 870 access to the ifTable. 871 Similarly, a physical entity is either identified by its name 872 (entPhysicalName) or the entPhysicalIndex value of the 873 corresponding object in the ENTITY-MIB module [RFC4133]. 874 entPhysicalIndex SHOULD only be used if an SNMP agent enables 875 access to the entPhysicalTable. 876 Note that the parameters ifIndex and entPhysicalIndex correspond 877 to ipfixObservationPointPhysicalInterface and 878 ipfixObservationPointPhysicalEntity in the IPFIX MIB module 879 [RFC6615]. 881 direction: This parameter specifies if ingress traffic, egress 882 traffic, or both ingress and egress traffic is captured, using the 883 values "ingress", "egress", and "both", respectively. If not 884 configured, ingress and egress traffic is captured (i.e., the 885 default value is "both"). If not applicable (e.g., in the case of 886 a sniffing interface in promiscuous mode), the value of this 887 parameter is ignored. 889 An ObservationPoint object MAY refer to one or multiple 890 SelectionProcess objects configuring Selection Processes that process 891 the observed packets in parallel. 893 4.2. SelectionProcess Class 895 +------------------+ 896 | SelectionProcess | 897 +------------------+ 1..* +----------+ 898 | name |<>------| Selector | 899 | | +----------+ 900 | | 901 | | 0..* +--------------------------------+ 902 | |<>------| SelectionSequence | 903 | | +--------------------------------+ 904 | | | observationDomainId {readOnly} | 905 | | | selectionSequenceId {readOnly} | 906 | | +--------------------------------+ 907 | | 908 | | 0..* 0..1 +-------+ 909 | |----------->| Cache | 910 +------------------+ +-------+ 912 Figure 8: SelectionProcess class 914 Figure 8 shows the SelectionProcess class. The SelectionProcess 915 class contains the configuration and state parameters of a Selection 916 Process which selects packets from one or more Observed Packet 917 Streams and generates a Selected Packet Stream as its output. A non- 918 empty ordered list defines a sequence of Selectors. The actions 919 defined by the Selectors are applied to the stream of incoming packet 920 in the specified order. 922 If the Selection Process receives packets from multiple Observation 923 Points, the Observed Packet Streams need to be processed 924 independently in separate Selection Sequences. Each Selection 925 Sequence is identified by a Selection Sequence ID which is unique 926 within the Observation Domain the Observation Point belongs to (see 927 [RFC5477]). Selection Sequence IDs are assigned by the Monitoring 928 Device. As state parameters, the SelectionProcess class contains a 929 list of (observationDomainId, selectionSequenceId) tuples specifying 930 the assigned Selection Sequence IDs and corresponding Observation 931 Domain IDs. With this information, it is possible to associate 932 Selection Sequence (Statistics) Report Interpretations exported 933 according to the PSAMP protocol specification [RFC5476] with the 934 corresponding object of the SelectionProcess class. 936 A SelectionProcess object MAY include a reference to an object of the 937 Cache class to generate Packet Reports or Flow Records from the 938 Selected Packet Stream. 940 4.2.1. Selector Class 942 +--------------------------------------+ 943 | Selector | 944 +--------------------------------------+ 1 +-----------------+ 945 | name |<>------+ SelectAll/ | 946 | packetsObserved {readOnly} | | SampCountBased/ | 947 | packetsDropped {readOnly} | | SampTimeBased/ | 948 | selectorDiscontinuityTime {readOnly} | | SampRandOutOfN/ | 949 | | | SampUniProb/ | 950 | | | FilterMatch/ | 951 | | | FilterHash/ | 952 +--------------------------------------+ +-----------------+ 954 Figure 9: Selector class 956 The Selector class in Figure 9 contains the configuration and state 957 parameters of a Selector. Standardized PSAMP Sampling and Filtering 958 methods are described in [RFC5475]; their configuration parameters 959 are specified in the classes SampCountBased, SampTimeBased, 960 SampRandOutOfN, SampUniProb, FilterMatch, and FilterHash. In 961 addition, the SelectAll class, which has no parameters, is used for a 962 Selector that selects all packets. The Selector class includes 963 exactly one of these sampler and filter classes, depending on the 964 applied method. 966 As state parameters, the Selector class contains the Selector 967 statistics packetsObserved and packetsDropped as well as 968 selectorDiscontinuityTime, which correspond to the IPFIX MIB module 969 objects ipfixSelectionProcessStatsPacketsObserved, 970 ipfixSelectionProcessStatsPacketsDropped, and 971 ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]: 973 packetsObserved: The total number of packets observed at the input 974 of the Selector. If this is the first Selector in the Selection 975 Process, this counter corresponds to the total number of packets 976 in all Observed Packet Streams at the input of the Selection 977 Process. Otherwise, the counter corresponds to the total number 978 of packets at the output of the preceding Selector. 979 Discontinuities in the value of this counter can occur at re- 980 initialization of the management system, and at other times as 981 indicated by the value of selectorDiscontinuityTime. 983 packetsDropped: The total number of packets discarded by the 984 Selector. Discontinuities in the value of this counter can occur 985 at re-initialization of the management system, and at other times 986 as indicated by the value of selectorDiscontinuityTime. 988 selectorDiscontinuityTime: Timestamp of the most recent occasion at 989 which one or more of the Selector counters suffered a 990 discontinuity. In contrast to 991 ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute 992 and not relative to sysUpTime. 994 Note that packetsObserved and packetsDropped are aggregate statistics 995 calculated over all Selection Sequences of the Selection Process. 996 This is in contrast to the counter values in the Selection Sequence 997 Statistics Report Interpretation [RFC5476] which are related to a 998 single Selection Sequence only. 1000 4.2.2. Sampler Classes 1002 +----------------+ +----------------+ +----------------+ 1003 | SampCountBased | | SampTimeBased | | SampRandOutOfN | 1004 +----------------+ +----------------+ +----------------+ 1005 | packetInterval | | timeInterval | | population | 1006 | packetSpace | | timeSpace | | size | 1007 +----------------+ +----------------+ +----------------+ 1009 +----------------+ 1010 | SampUniProb | 1011 +----------------+ 1012 | probability | 1013 +----------------+ 1015 Figure 10: Sampler classes 1017 The Sampler classes in Figure 10 contain the configuration parameters 1018 of specific Sampling algorithms: 1020 packetInterval, packetSpace: For systematic count-based sampling, 1021 packetInterval defines the number of packets that are 1022 consecutively sampled between gaps of length packetSpace. These 1023 parameters correspond to the Information Elements 1024 samplingPacketInterval and samplingPacketSpace [RFC5477], as well 1025 as to the PSAMP MIB objects psampSampCountBasedInterval and 1026 psampSampCountBasedSpace [I-D.ietf-ipfix-psamp-mib]. 1028 timeInterval, timeSpace: For systematic time-based sampling, 1029 timeInterval defines the time interval during which all arriving 1030 packets are sampled. timeSpace is the gap between two sampling 1031 intervals. These parameters correspond to the Information 1032 Elements samplingTimeInterval and samplingTimeSpace [RFC5477], as 1033 well as to the PSAMP MIB objects psampSampTimeBasedInterval and 1034 psampSampTimeBasedSpace [I-D.ietf-ipfix-psamp-mib]. The unit is 1035 microseconds. 1037 size, population: For n-out-of-N random sampling, size defines the 1038 number of elements taken from the parent population. population 1039 defines the number of elements in the parent population. These 1040 parameters correspond to the Information Elements samplingSize and 1041 samplingPopulation [RFC5477], as well as to the PSAMP MIB objects 1042 psampSampRandOutOfNSize and psampSampRandOutOfNPopulation 1043 [I-D.ietf-ipfix-psamp-mib]. 1045 probability: For uniform probabilistic sampling, probability defines 1046 the sampling probability. The probability is expressed as a value 1047 between 0 and 1. This parameter corresponds to the Information 1048 Element samplingProbability [RFC5477], as well as to the PSAMP MIB 1049 object psampSampUniProbProbability [I-D.ietf-ipfix-psamp-mib]. 1051 4.2.3. Filter Classes 1053 +---------------------------+ 1054 | FilterMatch | 1055 +---------------------------+ 1056 | ieId/ieName | 1057 | ieEnterpriseNumber = 0 | 1058 | value | 1059 +---------------------------+ 1061 +---------------------------+ 1062 | FilterHash | 1063 +---------------------------+ 1..* +---------------+ 1064 | hashFunction = "BOB" |<>-------| SelectedRange | 1065 | initializerValue[0..1] | +---------------+ 1066 | ipPayloadOffset = 0 | | name | 1067 | ipPayloadSize = 8 | | min | 1068 | digestOutput = "false" | | max | 1069 | outputRangeMin {readOnly} | +---------------+ 1070 | outputRangeMax {readOnly} | 1071 +---------------------------+ 1073 Figure 11: Filter classes 1075 The Filter classes in Figure 11 contain the configuration parameters 1076 of specific Filtering methods. For property match filtering, the 1077 configuration parameters are: 1079 ieId, ieName, ieEnterpriseNumber: The property to be matched is 1080 specified by either ieId or ieName, specifying the ID or name of 1081 the Information Element, respectively. If ieEnterpriseNumber is 1082 zero (which is the default), this Information Element is 1083 registered in the IANA registry of IPFIX Information Elements 1084 [IANA-IPFIX]. A non-zero value of ieEnterpriseNumber specifies an 1085 enterprise-specific Information Element. 1087 value: Matching value. 1089 For hash-based filtering, the configuration and state parameters are: 1091 hashFunction: Hash function to be used. The following parameter 1092 values are defined by the configuration data model: 1093 * BOB: BOB Hash Function as specified in [RFC5475], Appendix A.2 1094 * IPSX: IP Shift-XOR (IPSX) Hash Function as specified in 1095 [RFC5475], Appendix A.1 1096 * CRC: CRC-32 function as specified in [RFC1141] 1097 Default value is "BOB". This parameter corresponds to the PSAMP 1098 MIB object psampFiltHashFunction [I-D.ietf-ipfix-psamp-mib]. 1100 initializerValue: Initializer value to the hash function. This 1101 parameter corresponds to the Information Element 1102 hashInitialiserValue [RFC5477], as well as to the PSAMP MIB object 1103 psampFiltHashInitializerValue [I-D.ietf-ipfix-psamp-mib]. If not 1104 configured by the user, the Monitoring Device arbitrarily chooses 1105 an initializer value. 1107 ipPayloadOffset, ipPayloadSize: ipPayloadOffset and ipPayloadSize 1108 configure the offset and the size of the payload section used as 1109 input to the hash function. Default values are 0 and 8, 1110 respectively, corresponding to the minimum configurable values 1111 according to [RFC5476], Section 6.2.5.6. These parameters 1112 correspond to the Information Elements hashIPPayloadOffset and 1113 hashIPPayloadSize [RFC5477], as well as to the PSAMP MIB objects 1114 psampFiltHashIpPayloadOffset and psampFiltHashIpPayloadSize 1115 [I-D.ietf-ipfix-psamp-mib]. 1117 digestOutput: digestOutput enables or disables the inclusion of the 1118 packet digest in the resulting PSAMP Packet Report. This requires 1119 that the Cache Layout of the Cache generating the Packet Reports 1120 includes a digestHashValue field. This parameter corresponds to 1121 the Information Element hashDigestOutput [RFC5477]. 1123 outputRangeMin, outputRangeMax: The values of these two state 1124 parameters are the beginning and end of the hash function's 1125 potential output range. These parameters correspond to the 1126 Information Elements hashOutputRangeMin and hashOutputRangeMax 1127 [RFC5477], as well as to the PSAMP MIB objects 1128 psampFiltHashOutputRangeMin and psampFiltHashOutputRangeMax 1129 [I-D.ietf-ipfix-psamp-mib]. 1131 One or more ranges of matching hash values are defined by the min and 1132 max parameters of the SelectedRange subclass. These parameters 1133 correspond to the Information Elements hashSelectedRangeMin and 1134 hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects 1135 psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax 1136 [I-D.ietf-ipfix-psamp-mib]. 1138 4.3. Cache Class 1140 +-----------------------------------+ 1141 | Cache | 1142 +-----------------------------------+ 1 +------------------+ 1143 | name |<>--------| immediateCache/ | 1144 | meteringProcessId {readOnly} | | timeoutCache/ | 1145 | dataRecords {readOnly} | | naturalCache/ | 1146 | cacheDiscontinuityTime {readOnly} | | permanentCache | 1147 | | +------------------+ 1148 | | 1149 | | 0..* +------------------+ 1150 | |--------->| ExportingProcess | 1151 +-----------------------------------+ +------------------+ 1153 Figure 12: Cache class 1155 Figure 12 shows the Cache class that contains the configuration and 1156 state parameters of a Cache. Most of these parameters are specific 1157 to the type of the Cache and therefore contained in the subclasses 1158 immediateCache, timeoutCache, naturalCache, and permanentCache, which 1159 are presented below in Section 4.3.1 and Section 4.3.2. The 1160 following three state parameters are common to all Caches and 1161 therefore included in the Cache class itself: 1163 meteringProcessId: The identifier of the Metering Process the Cache 1164 belongs to. 1165 This parameter corresponds to the Information Element 1166 meteringProcessId [RFC5102]. Its occurrence helps to associate 1167 Metering Process (Reliability) Statistics exported according to 1168 the IPFIX protocol specification [RFC5101] with the corresponding 1169 object of the MeteringProcess class. 1171 dataRecords: The number of Data Records generated by this Cache. 1172 Discontinuities in the value of this counter can occur at re- 1173 initialization of the management system, and at other times as 1174 indicated by the value of cacheDiscontinuityTime. 1175 Note that this parameter corresponds to 1176 ipfixMeteringProcessDataRecords in the IPFIX MIB module [RFC6615]. 1178 cacheDiscontinuityTime: Timestamp of the most recent occasion at 1179 which dataRecords suffered a discontinuity. In contrast to 1180 ipfixMeteringProcessDiscontinuityTime, the time is absolute and 1181 not relative to sysUpTime. 1182 Note that this parameter functionally corresponds to 1183 ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module 1184 [RFC6615]. 1186 A Cache object MAY refer to one or multiple ExportingProcess objects 1187 configuring different Exporting Processes. 1189 4.3.1. ImmediateCache Class 1191 +-------------------------------+ 1192 | ImmediateCache | 1193 +-------------------------------+ 1 +-------------+ 1194 | |<>-------| CacheLayout | 1195 +-------------------------------+ +-------------+ 1197 Figure 13: ImmediateCache class 1199 The ImmediateCache class depicted in Figure 13 is used to configure a 1200 Cache which generates a PSAMP Packet Report for each packet at its 1201 input. The fields contained in the generated Data Records are 1202 defined in an object of the CacheLayout class which is defined below 1203 in Section 4.3.3. 1205 4.3.2. TimeoutCache, NaturalCache, and PermanentCache Class 1207 +-------------------------------+ 1208 | TimeoutCache | 1209 +-------------------------------+ 1 +-------------+ 1210 | maxFlows {opt.} |<>-------| CacheLayout | 1211 | activeTimeout {opt.} | +-------------+ 1212 | idleTimeout {opt.} | 1213 | activeFlows {readOnly} | 1214 | unusedCacheEntries {readOnly} | 1215 +-------------------------------+ 1217 +-------------------------------+ 1218 | NaturalCache | 1219 +-------------------------------+ 1 +-------------+ 1220 | maxFlows {opt.} |<>-------| CacheLayout | 1221 | activeTimeout {opt.} | +-------------+ 1222 | idleTimeout {opt.} | 1223 | activeFlows {readOnly} | 1224 | unusedCacheEntries {readOnly} | 1225 +-------------------------------+ 1227 +-------------------------------+ 1228 | PermanentCache | 1229 +-------------------------------+ 1 +-------------+ 1230 | maxFlows {opt.} |<>-------| CacheLayout | 1231 | exportInterval {opt.} | +-------------+ 1232 | activeFlows {readOnly} | 1233 | unusedCacheEntries {readOnly} | 1234 +-------------------------------+ 1236 Figure 14: TimeoutCache, NaturalCache, and PermanentCache class 1238 Figure 14 shows the TimeoutCache class, the NaturalCache class, and 1239 the PermanentCache class. These classes are used to configure a 1240 Cache which aggregates the packets at its input and generates IPFIX 1241 Flow Records. The three classes differ in when Flows expire: 1243 o TimeoutCache: Flows expire after active or idle timeout. 1244 o NaturalCache: Flows expire after active or idle timeout, or on 1245 natural termination (e.g., TCP FIN, or TCP RST) of the Flow. 1246 o PermanentCache: Flows never expire, but are periodically exported 1247 with the interval set by exportInterval. 1249 The following configuration and state parameters are common to the 1250 three classes: 1252 maxFlows: This parameter configures the maximum number of entries in 1253 the Cache, which is the maximum number of Flows that can be 1254 measured simultaneously. 1255 If this parameter is configured, the Monitoring Device MUST ensure 1256 that sufficient resources are available to store the configured 1257 maximum number of Flows. If the maximum number of Cache entries 1258 is in use, no additional Flows can be measured. However, traffic 1259 which pertains to existing Flows can continue to be measured. 1261 activeFlows: This state parameter indicates the number of Flows 1262 currently active in this Cache (i.e., the number of Cache entries 1263 currently in use). 1264 Note that this parameter corresponds to 1265 ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB module 1266 [RFC6615]. 1268 unusedCacheEntries: The number of unused cache entries. Note that 1269 the sum of activeFlows and unusedCacheEntries equals maxFlows if 1270 maxFlows is configured. 1271 Note that this parameter corresponds to 1272 ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB 1273 module [RFC6615]. 1275 The following timeout parameters are only available in the 1276 TimeoutCache class and the NaturalCache class: 1278 activeTimeout: This parameter configures the time in seconds after 1279 which a Flow is expired even though packets matching this Flow are 1280 still received by the Cache. The parameter value zero indicates 1281 infinity, meaning that there is no active timeout. 1282 If not configured by the user, the Monitoring Device sets this 1283 parameter. 1284 Note that this parameter corresponds to 1285 ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module 1286 [RFC6615]. 1288 idleTimeout: This parameter configures the time in seconds after 1289 which a Flow is expired if no more packets matching this Flow are 1290 received by the Cache. The parameter value zero indicates 1291 infinity, meaning that there is no idle timeout. 1292 If not configured by the user, the Monitoring Device sets this 1293 parameter. 1294 Note that this parameter corresponds to 1295 ipfixMeteringProcessCacheIdleTimeout in the IPFIX MIB module 1296 [RFC6615]. 1298 The following interval parameter is only available in the 1299 PermanentCache class: 1301 exportInterval: This parameter configures the interval (in seconds) 1302 for periodical export of Flow Records. 1303 If not configured by the user, the Monitoring Device sets this 1304 parameter. 1306 Every generated Flow Record MUST be associated with a single 1307 Observation Domain. Hence, although a Cache MAY be configured to 1308 process packets observed at multiple Observation Domains, the Cache 1309 MUST NOT aggregate packets observed at different Observation Domains 1310 in the same Flow. 1312 An object of the Cache class contains an object of the CacheLayout 1313 class that defines which fields are included in the Flow Records. 1315 4.3.3. CacheLayout Class 1317 +--------------+ 1318 | CacheLayout | 1319 +--------------+ 1..* +--------------------------------+ 1320 | |<>------| CacheField | 1321 | | +--------------------------------+ 1322 | | | name | 1323 | | | ieId/ieName | 1324 | | | ieLength {opt.} | 1325 | | | ieEnterpriseNumber = 0 | 1326 | | | isFlowKey[0..1] {not used with | 1327 | | | ImmediateCache class} | 1328 +--------------+ +--------------------------------+ 1330 Figure 15: CacheLayout class 1332 A Cache generates and maintains Packet Reports or Flow Records 1333 containing information that has been extracted from the incoming 1334 stream of packets. Using the CacheField class, the CacheLayout class 1335 specifies the superset of fields that are included in the Packet 1336 Reports or Flow Records (see Figure 15). 1338 If Packet Reports are generated (i.e., if ImmediateCache class is 1339 used to configure the Cache), every field specified by the Cache 1340 Layout MUST be included in the resulting Packet Report unless the 1341 corresponding Information Element is not applicable or cannot be 1342 derived from the content or treatment of the incoming packet. Any 1343 other field specified by the Cache Layout MAY only be included in the 1344 Packet Report if it is obvious from the field value itself or from 1345 the values of other fields in same Packet Report that the field value 1346 was not determined from the packet. 1348 For example, if a field is configured to contain the TCP source port 1349 (Information Element tcpSourcePort [RFC5102]), the field MUST be 1350 included in all Packet Reports which are related to TCP packets. 1351 Although the field value cannot be determined for non-TCP packets, 1352 the field MAY be included in the Packet Reports if another field 1353 contains the transport protocol identifier (Information Element 1354 protocolIdentifier [RFC5102]). 1356 If Flow Records are generated (i.e., if TimeoutCache, NaturalCache, 1357 or PermanentCache class is used to configure the Cache), the Cache 1358 Layout differentiates between Flow Key fields and non-key fields. 1359 Every Flow Key field specified by the Cache Layout MUST be included 1360 as Flow Key in the resulting Flow Record unless the corresponding 1361 Information Element is not applicable or cannot be derived from the 1362 content or treatment of the incoming packet. Any other Flow Key 1363 field specified by the Cache Layout MAY only be included in the Flow 1364 Record if it is obvious from the field value itself or from the 1365 values of other Flow Key fields in same Flow Record that the field 1366 value was not determined from the packet. Two packets are accounted 1367 by the same Flow Record if none of their Flow Key fields differ. If 1368 a Flow Key field can be determined for one packet but not for the 1369 other, the two packets are accounted in different Flow Records. 1371 Every non-key field specified by the Cache Layout MUST be included in 1372 the resulting Flow Record unless the corresponding Information 1373 Element is not applicable or cannot be derived for the given Flow. 1374 Any other non-key field specified by the Cache Layout MAY only be 1375 included in the Flow Record if it is obvious from the field value 1376 itself or from the values of other fields in same Flow Record that 1377 the field value was not determined from the packet. Packets which 1378 are accounted by the same Flow Record may differ in their non-key 1379 fields, or one or more of the non-key fields can be undetermined for 1380 all or some of the packets. 1382 For example, if a non-key field specifies an Information Element 1383 whose value is determined by the first packet observed within a Flow 1384 (which is the default rule according to [RFC5102] unless specified 1385 differently in the description of the Information Element), this 1386 field MUST be included in the resulting Flow Record if it can be 1387 determined from the first packet of the Flow. 1389 The CacheLayout class does not have any parameters. The 1390 configuration parameters of the CacheField class are as follows: 1392 ieId, ieName, ieEnterpriseNumber: These parameters specify a field 1393 by the combination of the Information Element identifier or name, 1394 and the Information Element enterprise number. Either ieId or 1395 ieName MUST be specified. If ieEnterpriseNumber is zero (which is 1396 the default), this Information Element is registered in the IANA 1397 registry of IPFIX Information Elements [IANA-IPFIX]. A non-zero 1398 value of ieEnterpriseNumber specifies an enterprise-specific 1399 Information Element. 1400 If the enterprise number is set to 29305, this field contains a 1401 Reverse Information Element. In this case, the Cache MUST 1402 generate Data Records in accordance to [RFC5103]. 1404 ieLength: This parameter specifies the length of the field in 1405 octets. A value of 65535 means that the field is encoded as 1406 variable-length Information Element. For Information Elements of 1407 integer and float type, the field length MAY be set to a smaller 1408 value than the standard length of the abstract data type if the 1409 rules of reduced size encoding are fulfilled (see [RFC5101], 1410 Section 6.2). If not configured by the user, the field length is 1411 set by the Monitoring Device. 1413 isFlowKey: If present, this field is a Flow Key. If the field 1414 contains a Reverse Information Element, it MUST NOT be configured 1415 as Flow Key. 1416 This parameter is not available if the Cache is configured using 1417 the ImmediateCache class since there is no distinction between 1418 Flow Key fields and non-key fields in Packet Reports. 1420 Note that the use of Information Elements can be restricted to 1421 certain Cache types as well as to Flow Key or non-key fields. Such 1422 restrictions may result from Information Element definitions or from 1423 device-specific constraints. According to Section 5, the Monitoring 1424 Device MUST notify the user if a Cache field cannot be configured 1425 with the given Information Element. 1427 4.4. ExportingProcess Class 1429 +-------------------------------+ 1430 | ExportingProcess | 1431 +-------------------------------+ 1..* +-------------+ 1432 | name |<>------| Destination | 1433 | exportingProcessId {readOnly} | +-------------+ 1434 | exportMode = "parallel" | | name |<>-+ 1435 | | +-------------+ | 1 1436 | | | 1437 | | +---------------+ 1438 | | | SctpExporter/ | 1439 | | | UdpExporter/ | 1440 | | | TcpExporter/ | 1441 | | | FileWriter | 1442 | | +---------------+ 1443 | | 1444 | | 0..* +------------------+ 1445 | |<>------| Options | 1446 +-------------------------------+ +------------------+ 1448 Figure 16: ExportingProcess class 1450 The ExportingProcess class in Figure 16 specifies destinations to 1451 which the incoming Packet Reports and Flow Records are exported using 1452 objects of the Destination class. The Destination class includes one 1453 object of the SctpExporter, UdpExporter, TcpExporter, or FileWriter 1454 class which contains further configuration parameters. These classes 1455 are described in Section 4.4.1, Section 4.4.2, Section 4.4.3, and 1456 Section 4.4.4. 1458 As state parameter, the ExporingProcess class contains the identifier 1459 of the Exporing Process (exportingProcessId). This parameter 1460 corresponds to the Information Element exportingProcessId [RFC5102]. 1461 Its occurrence helps to associate Exporting Process Reliability 1462 Statistics exported according to the IPFIX protocol specification 1463 [RFC5101] with the corresponding object of the ExportingProcess 1464 class. 1466 The order in which objects of the Destination class appear is defined 1467 by the user. However, the order has a specific meaning only if the 1468 exportMode parameter is set to "fallback". The exportMode parameter 1469 is defined as follows: 1471 exportMode: This parameter determines to which configured 1472 destination(s) the incoming Data Records are exported. The 1473 following parameter values are specified by the configuration data 1474 model: 1475 * parallel: every Data Record is exported to all configured 1476 destinations in parallel 1477 * loadBalancing: every Data Record is exported to exactly one 1478 configured destination according to a device-specific load- 1479 balancing policy 1480 * fallback: every Data Record is exported to exactly one 1481 configured destination according to the fallback policy 1482 described below 1483 If exportMode is set to "fallback", the first object of the 1484 Destination class defines the primary destination; the second 1485 object of the Destination class defines the secondary destination, 1486 and so on. If the Exporting Process fails to export Data Records 1487 to the primary destination, it tries to export them to the 1488 secondary one. If the secondary destination fails as well, it 1489 continues with the tertiary, etc. 1490 "parallel" is the default value if exportMode is not configured. 1492 Note that the exportMode parameter is related to the 1493 ipfixExportMemberType object in [RFC6615]. If exportMode is 1494 "parallel", the ipfixExportMemberType values of the corresponding 1495 entries in ipfixExportTable are set to parallel(3). If exportMode is 1496 "loadBalancing", the ipfixExportMemberType values of the 1497 corresponding entries in ipfixExportTable are set to 1498 loadBalancing(4). If exportMode is "fallback", the 1499 ipfixExportMemberType value which refers to the primary destination 1500 is set to primary(1); the ipfixExportMemberType values which refer to 1501 the remaining destinations need to be set to secondary(2). The IPFIX 1502 MIB module does not define any value for tertiary destination, etc. 1504 The reporting of information with Options Templates is defined with 1505 objects of the Options class. 1507 The Exporting Process may modify the Packet Reports and Flow Records 1508 to enable a more efficient transmission or storage under the 1509 condition that no information is changed or suppressed. For example, 1510 the Exporting Process may shorten the length of a field according to 1511 the rules of reduced size encoding [RFC5101]. The Exporting Process 1512 may also export certain fields in a separate Data Record as described 1513 in [RFC5476]. 1515 4.4.1. SctpExporter Class 1517 +------------------------------+ 1518 | SctpExporter | 1519 +------------------------------+ 0..1 +------------------------+ 1520 | ipfixVersion = 10 |<>-------| TransportLayerSecurity | 1521 | sourceIPAddress[0..*] | +------------------------+ 1522 | destinationIPAddress[1..*] | 1523 | destinationPort = 4739|4740 | 0..1 +------------------------+ 1524 | ifName/ifIndex[0..1] |<>-------| TransportSession | 1525 | sendBufferSize {opt.} | +------------------------+ 1526 | rateLimit[0..1] | 1527 | timedReliability = 0 | 1528 +------------------------------+ 1530 Figure 17: SctpExporter class 1532 The SctpExporter class shown in Figure 17 contains the configuration 1533 parameters of an SCTP export destination. The configuration 1534 parameters are: 1536 ipfixVersion: Version number of the IPFIX protocol used. If 1537 omitted, the default value is 10 (=0x000a) as specified in 1538 [RFC5101]. 1540 sourceIPAddress: List of source IP addresses used by the Exporting 1541 Process. If configured, the specified addresses are eligible 1542 local IP addresses of the multi-homed SCTP endpoint. If not 1543 configured, all locally assigned IP addresses are eligible local 1544 IP addresses. 1546 destinationIPAddress: One or multiple IP addresses of the Collecting 1547 Process to which IPFIX Messages are sent. The user must ensure 1548 that all configured IP addresses belong to the same Collecting 1549 Process. The Exporting Process tries to establish an SCTP 1550 association to any of the configured destination IP addresses. 1552 destinationPort: Destination port number to be used. If not 1553 configured, standard port 4739 (IPFIX without TLS and DTLS) or 1554 4740 (IPFIX over TLS or DTLS) is used. 1556 ifIndex/ifName: Either the index or the name of the interface used 1557 by the Exporting Process to export IPFIX Messages to the given 1558 destination MAY be specified according to corresponding objects in 1559 the IF-MIB [RFC2863]. If omitted, the Exporting Process selects 1560 the outgoing interface based on local routing decision and accepts 1561 return traffic, such as transport layer acknowledgments, on all 1562 available interfaces. 1564 sendBufferSize: Size of the socket send buffer in bytes. If not 1565 configured by the user, the buffer size is set by the Monitoring 1566 Device. 1568 rateLimit: Maximum number of bytes per second the Exporting Process 1569 may export to the given destination as required by [RFC5476]. The 1570 number of bytes is calculated from the lengths of the IPFIX 1571 Messages exported. If this parameter is not configured, no rate 1572 limiting is performed for this destination. 1574 timedReliability: Lifetime in milliseconds until an IPFIX Message 1575 containing Data Sets only is "abandoned" due to the timed 1576 reliability mechanism of PR-SCTP [RFC3758]. If this parameter is 1577 set to zero, reliable SCTP transport MUST be used for all Data 1578 Records. Regardless of the value of this parameter, the Exporting 1579 Process MAY use reliable SCTP transport for Data Sets associated 1580 with certain Options Templates, such as the Data Record 1581 Reliability Options Template specified in [RFC6526]. 1583 Using the TransportLayerSecurity class described in Section 4.6, 1584 datagram transport layer security (DTLS) is enabled and configured 1585 for this export destination. 1587 If a Transport Session is established to the configured destination, 1588 the SctpExporter class includes an object of the TransportSession 1589 class containing state parameters of the Transport Session. The 1590 TransportSession class is specified in Section 4.7. 1592 4.4.2. UdpExporter Class 1594 +-------------------------------------+ 1595 | UdpExporter | 1596 +-------------------------------------+ 0..1 +------------------+ 1597 | ipfixVersion = 10 |<>------| TransportLayer- | 1598 | sourceIPAddress[0..1] | | Security | 1599 | destinationIPAddress | +------------------+ 1600 | destinationPort = 4739|4740 | 1601 | ifName/ifIndex[0..1] | 0..1 +------------------+ 1602 | sendBufferSize {opt.} |<>------| TransportSession | 1603 | rateLimit[0..1] | +------------------+ 1604 | maxPacketSize {opt.} | 1605 | templateRefreshTimeout = 600 | 1606 | optionsTemplateRefreshTimeout = 600 | 1607 | templateRefreshPacket[0..1] | 1608 | optionsTemplateRefreshPacket[0..1] | 1609 +-------------------------------------+ 1611 Figure 18: UdpExporter class 1613 The UdpExporter class shown in Figure 18 contains the configuration 1614 parameters of a UDP export destination. The parameters ipfixVersion, 1615 destinationPort, ifName, ifIndex, sendBufferSize, and rateLimit have 1616 the same meaning as in the SctpExporter class (see Section 4.4.1). 1617 The remaining configuration parameters are: 1619 sourceIPAddress: This parameter specifies the source IP address used 1620 by the Exporting Process. If this parameter is omitted, the IP 1621 address assigned to the outgoing interface is used as source IP 1622 address. 1624 destinationIPAddress: Destination IP address to which IPFIX Messages 1625 are sent (i.e., the IP address of the Collecting Process). 1627 maxPacketSize: This parameter specifies the maximum size of IP 1628 packets sent to the Collector. If set to zero, the Exporting 1629 Device MUST derive the maximum packet size from path MTU discovery 1630 mechanisms. If not configured by the user, this parameter is set 1631 by the Monitoring Device. 1633 templateRefreshTimeout, optionsTemplateRefreshTimeout, 1634 templateRefreshPacket, optionsTemplateRefreshPacket: These 1635 parameters specify when (Options) Templates are refreshed by the 1636 Exporting Process. 1637 templateRefreshTimeout and optionsTemplateRefreshTimeout are 1638 specified in seconds between resendings of (Options) Templates. 1639 If omitted, the default value of 600 seconds (10 minutes) is used 1640 [RFC5101]. 1641 templateRefreshPacket and optionsTemplateRefreshPacket specify the 1642 number of IPFIX Messages after which (Options) Templates are 1643 resent. If omitted, the (Options) Templates are only resent after 1644 timeout. 1645 Note that the values configured for templateRefreshTimeout and 1646 optionsTemplateRefreshTimeout MUST be adapted to the 1647 templateLifeTime and optionsTemplateLifeTime parameter settings at 1648 the receiving Collecting Process (see Section 4.5.2). 1649 Note that these parameters correspond to 1650 ipfixTransportSessionTemplateRefreshTimeout, 1651 ipfixTransportSessionOptionsTemplateRefreshTimeout, 1652 ipfixTransportSessionTemplateRefreshPacket, and 1653 ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB 1654 module [RFC6615]. 1656 Using the TransportLayerSecurity class described in Section 4.6, 1657 datagram transport layer security (DTLS) is enabled and configured 1658 for this export destination. 1660 If a Transport Session is established to the configured destination, 1661 the UdpExporter class includes an object of the TransportSession 1662 class containing state parameters of the Transport Session. The 1663 TransportSession class is specified in Section 4.7. 1665 4.4.3. TcpExporter Class 1667 +------------------------------+ 1668 | TcpExporter | 1669 +------------------------------+ 0..1 +------------------------+ 1670 | ipfixVersion = 10 |<>-------| TransportLayerSecurity | 1671 | sourceIPAddress[0..1] | +------------------------+ 1672 | destinationIPAddress | 1673 | destinationPort = 4739|4740 | 0..1 +------------------------+ 1674 | ifName/ifIndex[0..1] |<>-------| TransportSession | 1675 | sendBufferSize {opt.} | +------------------------+ 1676 | rateLimit[0..1] | 1677 +------------------------------+ 1679 Figure 19: TcpExporter class 1681 The TcpExporter class shown in Figure 19 contains the configuration 1682 parameters of a TCP export destination. The parameters have the same 1683 meaning as in the UdpExporter class (see Section 4.4.2). 1685 Using the TransportLayerSecurity class described in Section 4.6, 1686 transport layer security (TLS) is enabled and configured for this 1687 export destination. 1689 If a Transport Session is established to the configured destination, 1690 the TcpExporter class includes an object of the TransportSession 1691 class containing state parameters of the Transport Session. The 1692 TransportSession class is specified in Section 4.7. 1694 4.4.4. FileWriter Class 1696 +-----------------------------------------+ 1697 | FileWriter | 1698 +-----------------------------------------+ 0..* +----------+ 1699 | ipfixVersion = 10 |<>-------| Template | 1700 | file | +----------+ 1701 | status {readOnly} | 1702 | bytes {readOnly} | 1703 | messages {readOnly} | 1704 | discardedMessages {readOnly} | 1705 | records {readOnly} | 1706 | templates {readOnly} | 1707 | optionsTemplates {readOnly} | 1708 | fileWriterDiscontinuityTime {readOnly} | 1709 +-----------------------------------------+ 1711 Figure 20: FileWriter classes 1713 If an object of the FileWriter class is included in an object of the 1714 Destination class, IPFIX Messages are written into a file as 1715 specified in [RFC5655]. The FileWriter class contains the following 1716 configuration parameters: 1718 ipfixVersion: Version number of the IPFIX protocol used. If 1719 omitted, the default value is 10 (=0x000a) as specified in 1720 [RFC5101]. 1722 file: File name and location specified as URI. 1724 The state parameters of the FileWriter class are: 1726 bytes, messages, records, templates, optionsTemplates: The number of 1727 bytes, IPFIX Messages, Data Records, Template Records, and Options 1728 Template Records written by the File Writer. Discontinuities in 1729 the values of these counters can occur at re-initialization of the 1730 management system, and at other times as indicated by the value of 1731 fileWriterDiscontinuityTime. 1733 discardedMessages: The number of IPFIX Messages that could not be 1734 written by the File Writer due to internal buffer overflows, 1735 limited storage capacity etc. Discontinuities in the value of 1736 this counter can occur at re-initialization of the management 1737 system, and at other times as indicated by the value of 1738 fileWriterDiscontinuityTime. 1740 fileWriterDiscontinuityTime: Timestamp of the most recent occasion 1741 at which one or more File Writer counters suffered a 1742 discontinuity. In contrast to discontinuity times in the IPFIX 1743 MIB module, the time is absolute and not relative to sysUpTime. 1745 Each object of the FileWriter class includes a list of objects of the 1746 Template class with information and statistics about the Templates 1747 written to the file. The Template class is specified in Section 4.8. 1749 4.4.5. Options Class 1751 +-----------------------+ 1752 | Options | 1753 +-----------------------+ 1754 | name | 1755 | optionsType | 1756 | optionsTimeout {opt.} | 1757 +-----------------------+ 1759 Figure 21: Options class 1761 The Options class in Figure 21 defines the type of specific 1762 information to be reported, such as statistics, flow keys, Sampling 1763 and Filtering parameters etc. [RFC5101] and [RFC5476] specify 1764 several types of reporting information which may be exported. The 1765 following parameter values are specified by the configuration data 1766 model: 1768 meteringStatistics: Export of Metering Process statistics using the 1769 Metering Process Statistics Options Template [RFC5101]. 1771 meteringReliability: Export of Metering Process reliability 1772 statistics using the Metering Process Reliability Statistics 1773 Options Template [RFC5101]. 1775 exportingReliability: Export of Exporting Process reliability 1776 statistics using the Exporting Process Reliability Statistics 1777 Options Template [RFC5101]. 1779 flowKeys: Export of the Flow Key specification using the Flow Keys 1780 Options Template [RFC5101]. 1782 selectionSequence: Export of Selection Sequence Report 1783 Interpretation and Selector Report Interpretation [RFC5476]. 1785 selectionStatistics: Export of Selection Sequence Statistics Report 1786 Interpretation [RFC5476]. 1788 accuracy: Export of Accuracy Report Interpretation [RFC5476]. 1790 reducingRedundancy: Enables the utilization of Options Templates to 1791 reduce redundancy in the exported Data Records according to 1792 [RFC5473]. The Exporting Process decides when to apply these 1793 Options Templates. 1795 extendedTypeInformation: Export of extended type information for 1796 enterprise-specific Information Elements used in the exported 1797 Templates [RFC5610]. 1799 The Exporting Process MUST choose a Template definition according to 1800 the options type and available options data. 1802 The optionsTimeout parameter specifies the reporting interval (in 1803 milliseconds) for periodic export of the option data. A parameter 1804 value of zero means that the export of the option data is not 1805 triggered periodically, but whenever the available option data has 1806 changed. This is the typical setting for options types flowKeys, 1807 selectionSequence, accuracy, and reducingRedundancy. If 1808 optionsTimeout is not configured by the user, it is set by the 1809 Monitoring Device. 1811 4.5. CollectingProcess Class 1813 +-------------------+ 1814 | CollectingProcess | 1815 +-------------------+ 1816 | name | 0..* +------------------+ 1817 | |<>----------| SctpCollector | 1818 | | +------------------+ 1819 | | 1820 | | 0..* +------------------+ 1821 | |<>----------| UdpCollector | 1822 | | +------------------+ 1823 | | 1824 | | 0..* +------------------+ 1825 | |<>----------| TcpCollector | 1826 | | +------------------+ 1827 | | 1828 | | 0..* +------------------+ 1829 | |<>----------| FileReader | 1830 | | +------------------+ 1831 | | 1832 | | 0..* 0..* +------------------+ 1833 | |----------->| ExportingProcess | 1834 +-------------------+ +------------------+ 1836 Figure 22: CollectingProcess class 1838 Figure 22 shows the CollectingProcess class that contains the 1839 configuration and state parameters of a Collecting Process. Objects 1840 of the SctpCollector, UdpCollector, and TcpCollector classes specify 1841 how IPFIX Messages are received from remote Exporters. The 1842 Collecting Process can also be configured as a File Reader using 1843 objects of the FileReader class. These classes are described in 1844 Section 4.5.1, Section 4.5.2, Section 4.5.3, and Section 4.5.4. 1846 An CollectingProcess object MAY refer to one or multiple 1847 ExportingProcess objects configuring Exporting Processes that export 1848 the received data without modifications to a file or to another 1849 Collector. 1851 4.5.1. SctpCollector Class 1853 +--------------------------+ 1854 | SctpCollector | 1855 +--------------------------+ 0..1 +------------------------+ 1856 | name |<>-------| TransportLayerSecurity | 1857 | localIPAddress[0..*] | +------------------------+ 1858 | localPort = 4739|4740 | 1859 | | 0..* +------------------------+ 1860 | |<>-------| TransportSession | 1861 +--------------------------+ +------------------------+ 1863 Figure 23: SctpCollector class 1865 The SctpCollector class contains the configuration parameters of a 1866 listening SCTP socket at a Collecting Process. The parameters are: 1868 localIPAddress: List of local IP addresses on which the Collecting 1869 Process listens for IPFIX Messages. The IP addresses are used as 1870 eligible local IP addresses of the multi-homed SCTP endpoint 1871 [RFC4960]. If omitted, the Collecting Process listens on all 1872 local IP addresses. 1874 localPort: Local port number on which the Collecting Process listens 1875 for IPFIX Messages. If omitted, standard port 4739 (IPFIX without 1876 TLS and DTLS) or 4740 (IPFIX over TLS or DTLS) is used. 1878 Using the TransportLayerSecurity class described in Section 4.6, 1879 datagram transport layer security (DTLS) is enabled and configured 1880 for this receiving socket. 1882 As state data, the SctpCollector class contains the list of currently 1883 established Transport Sessions that terminate at the given SCTP 1884 socket of the Collecting Process. The TransportSession class is 1885 specified in Section 4.7. 1887 4.5.2. UdpCollector Class 1889 +---------------------------------+ 1890 | UdpCollector | 1891 +---------------------------------+ 0..1 +------------------------+ 1892 | name |<>------| TransportLayerSecurity | 1893 | localIPAddress[0..*] | +------------------------+ 1894 | localPort = 4739|4740 | 1895 | templateLifeTime = 1800 | 0..* +------------------------+ 1896 | optionsTemplateLifeTime = 1800 |<>------| TransportSession | 1897 | templateLifePacket[0..*] | +------------------------+ 1898 | optionsTemplateLifePacket[0..*] | 1899 +---------------------------------+ 1901 Figure 24: UdpCollector class 1903 The UdpCollector class contains the configuration parameters of a 1904 listening UDP socket at a Collecting Process. The parameter 1905 localPort has the same meaning as in the SctpCollector class (see 1906 Section 4.5.1). The remaining parameters are: 1908 localIPAddress: List of local IP addresses on which the Collecting 1909 Process listens for IPFIX Messages. If omitted, the Collecting 1910 Process listens on all local IP addresses. 1912 templateLifeTime, optionsTemplateLifeTime: (Options) Template 1913 lifetime in seconds for all UDP Transport Sessions terminating at 1914 this UDP socket. (Options) Templates which are not received again 1915 within the configured lifetime become invalid at the Collecting 1916 Process. 1917 As specified in [RFC5101], Section 10.3.7, the lifetime of 1918 Templates and Options Templates MUST be at least three times 1919 higher than the templateRefreshTimeout and 1920 optionTemplatesRefreshTimeout parameter values configured on the 1921 corresponding Exporting Processes. 1922 If not configured, the default value 1800 is used, which is three 1923 times the default (Options) Template refresh timeout (see 1924 Section 4.4.2) as specified in [RFC5101]. 1925 Note that these parameters correspond to 1926 ipfixTransportSessionTemplateRefreshTimeout and 1927 ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX 1928 MIB module [RFC6615]. 1930 templateLifePacket, optionsTemplateLifePacket: If templateLifePacket 1931 is configured, Templates defined in a UDP Transport Session become 1932 invalid if they are neither included in a sequence of more than 1933 this number of IPFIX Messages nor received again within the period 1934 of time specified by templateLifeTime. Similarly, if 1935 optionsTemplateLifePacket is configured, Options Templates become 1936 invalid if they are neither included in a sequence of more than 1937 this number of IPFIX Messages nor received again within the period 1938 of time specified by optionsTemplateLifeTime. 1939 If not configured, Templates and Options Templates only become 1940 invalid according to the lifetimes specified by templateLifeTime 1941 and optionsTemplateLifeTime, respectively. 1942 Note that these parameters correspond to 1943 ipfixTransportSessionTemplateRefreshPacket and 1944 ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB 1945 module [RFC6615]. 1947 Using the TransportLayerSecurity class described in Section 4.6, 1948 datagram transport layer security (DTLS) is enabled and configured 1949 for this receiving socket. 1951 As state data, the UdpCollector class contains the list of currently 1952 established Transport Sessions that terminate at the given UDP socket 1953 of the Collecting Process. The TransportSession class is specified 1954 in Section 4.7. 1956 4.5.3. TcpCollector Class 1958 +--------------------------+ 1959 | TcpCollector | 1960 +--------------------------+ 0..1 +------------------------+ 1961 | name |<>-------| TransportLayerSecurity | 1962 | localIPAddress[0..*] | +------------------------+ 1963 | localPort = 4739|4740 | 1964 | | 0..* +------------------------+ 1965 | |<>-------| TransportSession | 1966 +--------------------------+ +------------------------+ 1968 Figure 25: TcpCollector class 1970 The TcpCollector class contains the configuration parameters of a 1971 listening TCP socket at a Collecting Process. The parameters have 1972 the same meaning as in the UdpCollector class (see Section 4.5.2). 1974 Using the TransportLayerSecurity class described in Section 4.6, 1975 transport layer security (TLS) is enabled and configured for this 1976 receiving socket. 1978 As state data, the TcpCollector class contains the list of currently 1979 established Transport Sessions that terminate at the given TCP socket 1980 of the Collecting Process. The TransportSession class is specified 1981 in Section 4.7. 1983 4.5.4. FileReader Class 1985 +-----------------------------------------+ 1986 | FileReader | 1987 +-----------------------------------------+ 0..* +----------+ 1988 | name |<>-------| Template | 1989 | file | +----------+ 1990 | bytes {readOnly} | 1991 | messages {readOnly} | 1992 | records {readOnly} | 1993 | templates {readOnly} | 1994 | optionsTemplates {readOnly} | 1995 | fileReaderDiscontinuityTime {readOnly} | 1996 +-----------------------------------------+ 1998 Figure 26: FileReader classes 2000 The Collecting Process may import IPFIX Messages from a file as 2001 specified in [RFC5655]. The FileReader class defines the following 2002 configuration parameter: 2004 file: File name and location specified as URI. 2006 The state parameters of the FileReader class are: 2008 bytes, messages, records, templates, optionsTemplates: The number of 2009 bytes, IPFIX Messages, Data Records, Template Records, and Options 2010 Template Records read by the File Reader. Discontinuities in the 2011 values of these counters can occur at re-initialization of the 2012 management system, and at other times as indicated by the value of 2013 fileReaderDiscontinuityTime. 2015 fileReaderDiscontinuityTime: Timestamp of the most recent occasion 2016 at which one or more File Reader counters suffered a 2017 discontinuity. In contrast to discontinuity times in the IPFIX 2018 MIB module, the time is absolute and not relative to sysUpTime. 2020 Each object of the FileReader class includes a list of objects of the 2021 Template class with information and statistics about the Templates 2022 read from the file. The Template class is specified in Section 4.8. 2024 4.6. Transport Layer Security Class 2026 +--------------------------------------+ 2027 | TransportLayerSecurity | 2028 +--------------------------------------+ 2029 | localCertificationAuthorityDN[0..*] | 2030 | localSubjectDN[0..*] | 2031 | localSubjectFQDN[0..*] | 2032 | remoteCertificationAuthorityDN[0..*] | 2033 | remoteSubjectDN[0..*] | 2034 | remoteSubjectFQDN[0..*] | 2035 +--------------------------------------+ 2037 Figure 27: TransportLayerSecurity class 2039 The TransportLayerSecurity class is used in the Exporting Process's 2040 SctpExporter, UdpExporter, and TcpExporter classes and the Collecting 2041 Process's SctpCollector, UdpCollector, and TcpCollector classes to 2042 enable and configure transport layer security for IPFIX. Transport 2043 layer security can be enabled without configuring any additional 2044 parameters. In this case, an empty XML element 2045 appears in the configuration. If 2046 transport layer security is enabled, the endpoint must use DTLS 2047 [RFC6347] if the transport protocol is SCTP or UDP, and TLS [RFC5246] 2048 if the transport protocol is TCP. 2050 [RFC5101] mandates strong mutual authentication of Exporting 2051 Processes and Collecting Process: 2053 "IPFIX Exporting Processes and IPFIX Collecting Processes are 2054 identified by the fully qualified domain name of the interface on 2055 which IPFIX Messages are sent or received, for purposes of X.509 2056 client and server certificates as in [RFC5280]. 2058 To prevent man-in-the-middle attacks from impostor Exporting or 2059 Collecting Processes, the acceptance of data from an unauthorized 2060 Exporting Process, or the export of data to an unauthorized 2061 Collecting Process, strong mutual authentication via asymmetric 2062 keys MUST be used for both TLS and DTLS. Each of the IPFIX 2063 Exporting and Collecting Processes MUST verify the identity of its 2064 peer against its authorized certificates, and MUST verify that the 2065 peer's certificate matches its fully qualified domain name, or, in 2066 the case of SCTP, the fully qualified domain name of one of its 2067 endpoints. 2069 The fully qualified domain name used to identify an IPFIX 2070 Collecting Process or Exporting Process may be stored either in a 2071 subjectAltName extension of type dNSName, or in the most specific 2072 Common Name field of the Subject field of the X.509 certificate. 2073 If both are present, the subjectAltName extension is given 2074 preference." 2076 In order to use transport layer security, appropriate certificates 2077 and keys have to be previously installed on the Monitoring Devices. 2078 For security reasons, the configuration data model does not offer the 2079 possibility to upload any certificates or keys on a Monitoring 2080 Device. If transport layer security is enabled on a Monitoring 2081 Device which does not dispose of appropriate certificates and keys, 2082 the configuration MUST be rejected with an error. 2084 The configuration data model allows restricting the authorization of 2085 remote endpoints to certificates issued by specific certification 2086 authorities or identifying specific fully qualified domain names for 2087 authorization. Furthermore, the configuration data model allows 2088 restricting the utilization of certificates identifying the local 2089 endpoint. This is useful if the Monitoring Device disposes of more 2090 than one certificate for the given local endpoint. 2092 The configuration parameters are defined as follows: 2094 localCertificationAuthorityDN: This parameter MAY appear one or 2095 multiple times to restrict the identification of the local 2096 endpoint during the TLS/DTLS handshake to certificates issued by 2097 the configured certification authorities. Each occurrence of this 2098 parameter contains the distinguished name of one certification 2099 authority. 2100 To identify the local endpoint, the Exporting Process or 2101 Collecting Process MUST use a certificate issued by one of the 2102 configured certification authority. Certificates issued by any 2103 other certification authority MUST NOT be sent to the remote peer 2104 during TLS/DTLS handshake. If none of the certificates installed 2105 on the Monitoring Device fulfills the specified restrictions, the 2106 configuration MUST be rejected with an error. 2107 If localCertificationAuthorityDN is not configured, the choice of 2108 certificates identifying the local endpoint is not restricted with 2109 respect to the issuing certification authority. 2111 localSubjectDN, localSubjectFQDN: Each of these parameters MAY 2112 appear one or multiple times to restrict the identification of the 2113 local endpoint during the TLS/DTLS handshake to certificates 2114 issued for specific subjects or for specific fully qualified 2115 domain names. Each occurrence of localSubjectDN contains a 2116 distinguished name identifying the local endpoint. Each 2117 occurrence of localSubjectFQDN contains a fully qualified domain 2118 name which is assigned to the local endpoint. 2119 To identify the local endpoint, the Exporting Process or 2120 Collecting Process MUST use a certificate that contains either one 2121 of the configured distinguished names in the subject field or at 2122 least one of the configured fully qualified domain names in a 2123 dNSName component of the subject alternative extension field or in 2124 the most specific commonName component of the subject field. If 2125 none of the certificates installed on the Monitoring Device 2126 fulfills the specified restrictions, the configuration MUST be 2127 rejected with an error. 2128 If any of the parameters localSubjectDN and localSubjectFQDN is 2129 configured at the same time as the localCertificationAuthorityDN 2130 parameter, certificates MUST also fulfill the specified 2131 restrictions regarding the certification authority. 2132 If localSubjectDN and localSubjectFQDN are not configured, the 2133 choice of certificates identifying the local endpoint is not 2134 restricted with respect to the subject's distinguished name or 2135 fully qualified domain name. 2137 remoteCertificationAuthorityDN: This parameter MAY appear one or 2138 multiple times to restrict the authentication of remote endpoints 2139 during the TLS/DTLS handshake to certificates issued by the 2140 configured certification authorities. Each occurrence of this 2141 parameter contains the distinguished name of one certification 2142 authority. 2143 To authenticate the remote endpoint, the remote Exporting Process 2144 or Collecting Process MUST provide a certificate issued by one of 2145 the configured certification authority. Certificates issued by 2146 any other certification authority MUST be rejected during TLS/DTLS 2147 handshake. 2148 If the Monitoring Device is not able to validate certificates 2149 issued by the configured certification authorities (e.g., because 2150 of missing public keys), the configuration must be rejected with 2151 an error. 2152 If remoteCertificationAuthorityDN is not configured, the 2153 authorization of remote endpoints is not restricted with respect 2154 to the issuing certification authority of the delivered 2155 certificate. 2157 remoteSubjectDN, remoteSubjectFQDN: Each of these parameters MAY 2158 appear one or multiple times to restrict the authentication of 2159 remote endpoints during the TLS/DTLS handshake to certificates 2160 issued for specific subjects or for specific fully qualified 2161 domain names. Each occurrence of remoteSubjectDN contains a 2162 distinguished name identifying a remote endpoint. Each occurrence 2163 of remoteSubjectFQDN contains a fully qualified domain name which 2164 is assigned to a remote endpoint. 2165 To authenticate a remote endpoint, the remote Exporting Process or 2166 Collecting Process MUST provide a certificate that contains either 2167 one of the configured distinguished names in the subject field or 2168 at least one of the configured fully qualified domain names in a 2169 dNSName component of the subject alternative extension field or in 2170 the most specific commonName component of the subject field. 2171 Certificates not fulfilling this condition MUST be rejected during 2172 TLS/DTLS handshake. 2173 If any of the parameters remoteSubjectDN and remoteSubjectFQDN is 2174 configured at the same time as the remoteCertificationAuthorityDN 2175 parameter, certificates MUST also fulfill the specified 2176 restrictions regarding the certification authority in order to be 2177 accepted. 2178 If remoteSubjectDN and remoteSubjectFQDN are not configured, the 2179 authorization of remote endpoints is not restricted with respect 2180 to the subject's distinguished name or fully qualified domain name 2181 of the delivered certificate. 2183 4.7. Transport Session Class 2185 +----------------------------------------------+ 2186 | TransportSession | 2187 +----------------------------------------------+ 0..* +----------+ 2188 | ipfixVersion {readOnly} |<>-------| Template | 2189 | sourceAddress {readOnly} | +----------+ 2190 | destinationAddress {readOnly} | 2191 | sourcePort {readOnly} | 2192 | destinationPort {readOnly} | 2193 | sctpAssocId {readOnly} {SCTP only} | 2194 | status {readOnly} | 2195 | rate {readOnly} | 2196 | bytes {readOnly} | 2197 | messages {readOnly} | 2198 | discardedMessages {readOnly} | 2199 | records {readOnly} | 2200 | templates {readOnly} | 2201 | optionsTemplates {readOnly} | 2202 | transportSessionStartTime {readOnly} | 2203 | transportSessionDiscontinuityTime {readOnly} | 2204 +----------------------------------------------+ 2206 Figure 28: TransportSession class 2208 The TransportSession class contains state data about Transport 2209 Sessions originating from an Exporting Process or terminating at a 2210 Collecting Process. In general, the state parameters correspond to 2211 the managed objects in the ipfixTransportSessionTable and 2212 ipfixTransportSessionStatsTable of the IPFIX MIB module [RFC6615]. 2213 An exception is the usage of the parameters sourceAddress and 2214 destinationAddress. If SCTP is transport protocol, Exporter or 2215 Collector MAY be multi-homed SCTP endpoints (see [RFC4960], Section 2216 6.4) and use more than one IP address. In the IPFIX MIB module, 2217 ipfixTransportSessionSctpAssocId is used instead of 2218 ipfixTransportSessionSourceAddress and 2219 ipfixTransportSessionDestinationAddress to point to an entry in the 2220 sctpAssocTable defined in the SCTP MIB module [RFC3871]. Since we 2221 cannot assume that an SNMP agent offering access to the SCTP MIB 2222 module exists on the Monitoring Device, the configuration data model 2223 cannot rely on this parameter. Therefore, the state parameters 2224 sourceAddress and destinationAddress are used for SCTP as well, 2225 containing one of the potentially many Exporter and Collector IP 2226 addresses in the SCTP association. Preferably, the IP addresses of 2227 the path which is usually selected by the Exporter to send IPFIX 2228 Messages to the Collector SHOULD be contained. 2230 Several MIB objects of the ipfixTransportSessionTable are omitted in 2231 the TransportSession class. The MIB object 2232 ipfixTransportSessionDeviceMode is not included because its value can 2233 be derived from the context in which a TransportSession object 2234 appears: exporting(1) if it belongs to an Exporting Process, 2235 collecting(2) if it belongs to a Collecting Process. Similarly, the 2236 MIB object ipfixTransportSessionProtocol is not included as the 2237 transport protocol is known from the context as well. The MIB 2238 objects ipfixTransportSessionTemplateRefreshTimeout, 2239 ipfixTransportSessionOptionsTemplateRefreshTimeout, 2240 ipfixTransportSessionTemplateRefreshPacket, and 2241 ipfixTransportSessionOptionsTemplateRefreshPacket are not included 2242 since they correspond to configuration parameters of the UdpExporter 2243 class (templateRefreshTimeout, optionsTemplateRefreshTimeout, 2244 templateRefreshPacket, optionsTemplateRefreshPacket) and the 2245 UdpCollector class (templateLifeTime, optionsTemplateLifeTime, 2246 templateLifePacket, optionsTemplateLifePacket). 2248 ipfixVersion: Used for Exporting Processes, this parameter contains 2249 the version number of the IPFIX protocol that the Exporter uses to 2250 export its data in this Transport Session. Hence, it is identical 2251 to the value of the configuration parameter ipfixVersion of the 2252 outer SctpExporter, UdpExporter, or TcpExporter object. 2253 Used for Collecting Processes, this parameter contains the version 2254 number of the IPFIX protocol it receives for this Transport 2255 Session. If IPFIX Messages of different IPFIX protocol versions 2256 are received, this parameter contains the maximum version number. 2257 This state parameter is identical to 2258 ipfixTransportSessionIpfixVersion in the IPFIX MIB module 2259 [RFC6615]. 2261 sourceAddress, destinationAddress: If TCP or UDP is transport 2262 protocol, sourceAddress contains the IP address of the Exporter; 2263 destinationAddress contains the IP addresses of the Collector. 2264 Hence, the two parameters have identical values as 2265 ipfixTransportSessionSourceAddress and 2266 ipfixTransportSessionDestinationAddress in the IPFIX MIB module 2267 [RFC6615]. 2268 If SCTP is transport protocol, sourceAddress contains one of the 2269 IP addresses of the Exporter and destinationAddress one of the IP 2270 addresses of the Collector. Preferably, the IP addresses of the 2271 path which is usually selected by the Exporter to send IPFIX 2272 Messages to the Collector SHOULD be contained. 2274 sourcePort, destinationPort: These state parameters contain the 2275 transport protocol port numbers of the Exporter and the Collector 2276 of the Transport Session and thus are identical to 2277 ipfixTransportSessionSourcePort and 2278 ipfixTransportSessionDestinationPort in the IPFIX MIB module 2279 [RFC6615]. 2281 sctpAssocId: The association id used for the SCTP session between 2282 the Exporter and the Collector of the Transport Session. It is 2283 equal to the sctpAssocId entry in the sctpAssocTable defined in 2284 the SCTP-MIB [RFC3871]. 2285 This parameter is only available if the transport protocol is SCTP 2286 and if an SNMP agent on the same Monitoring Device enables access 2287 to the corresponding MIB objects in the sctpAssocTable. 2288 This state parameter is identical to 2289 ipfixTransportSessionSctpAssocId in the IPFIX MIB module 2290 [RFC6615]. 2292 status: Status of the Transport Session, which can be one of the 2293 following: 2294 * inactive: Transport Session is established, but no IPFIX 2295 Messages are currently transferred (e.g., because this is a 2296 backup (secondary) session) 2297 * active: Transport Session is established and transfers IPFIX 2298 Messages 2299 * unknown: Transport Session status cannot be determined 2300 This state parameter is identical to ipfixTransportSessionStatus 2301 in the IPFIX MIB module [RFC6615]. 2303 rate: The number of bytes per second transmitted by the Exporting 2304 Process or received by the Collecting Process. This parameter is 2305 updated every second. 2306 This state parameter is identical to ipfixTransportSessionRate in 2307 the IPFIX MIB module [RFC6615]. 2309 bytes, messages, records, templates, optionsTemplates: The number of 2310 bytes, IPFIX Messages, Data Records, Template Records, and Options 2311 Template Records transmitted by the Exporting Process or received 2312 by the Collecting Process. Discontinuities in the values of these 2313 counters can occur at re-initialization of the management system, 2314 and at other times as indicated by the value of 2315 transportSessionDiscontinuityTime. 2317 discardedMessages: Used for Exporting Processes, this parameter 2318 indicates the number of messages that could not be sent due to 2319 internal buffer overflows, network congestion, routing issues, 2320 etc. 2321 Used for Collecting Process, this parameter indicates the number 2322 of received IPFIX Message that are malformed, cannot be decoded, 2323 are received in the wrong order or are missing according to the 2324 sequence number. 2325 Discontinuities in the value of this counter can occur at re- 2326 initialization of the management system, and at other times as 2327 indicated by the value of transportSessionDiscontinuityTime. 2329 transportSessionStartTime: Timestamp of the start of the given 2330 Transport Session. 2331 This state parameter does not correspond to any object in the 2332 IPFIX MIB module. 2334 transportSessionDiscontinuityTime: Timestamp of the most recent 2335 occasion at which one or more of the Transport Session counters 2336 suffered a discontinuity. In contrast to 2337 ipfixTransportSessionDiscontinuityTime, the time is absolute and 2338 not relative to sysUpTime. 2340 Note that, if used for Exporting Processes, the values of the state 2341 parameters destinationAddress and destinationPort match the values of 2342 the configuration parameters destinationIPAddress and destinationPort 2343 of the outer SctpExporter, TcpExporter, and UdpExporter objects (in 2344 the case of SctpExporter, one of the configured destinationIPAddress 2345 values); if the transport protocol is UDP or SCTP and if the 2346 parameter sourceIPAddress is configured in the outer UdpExporter or 2347 SctpExporter object, the value of sourceAddress equals the configured 2348 value or one of the configured values. Used for Collecting 2349 Processes, the value of destinationAddress equals the value (or one 2350 of the values) of the parameter localIPAddress if this parameter is 2351 configured in the outer UdpCollector, TcpCollector, or SctpCollector 2352 object; destinationPort equals the value of the configuration 2353 parameter localPort. 2355 Each object of the TransportSession class includes a list of objects 2356 of the Template class with information and statistics about the 2357 Templates transmitted or received on the given Transport Session. 2358 The Template class is specified in Section 4.8. 2360 4.8. Template Class 2362 +--------------------------------------+ 2363 | Template | 2364 +--------------------------------------+ 2365 | observationDomainId {readOnly} |<>---+ 0..* 2366 | templateId {readOnly} | | 2367 | setId {readOnly} | | 2368 | accessTime {readOnly} | | 2369 | templateDataRecords {readOnly} | | 2370 | templateDiscontinuityTime {readOnly} | | 2371 +--------------------------------------+ | 2372 | 2373 +--------------------------------------+ 2374 | Field | 2375 +--------------------------------------+ 2376 | ieId {readOnly} | 2377 | ieLength {readOnly} | 2378 | ieEnterpriseNumber {readOnly} | 2379 | isFlowKey {readOnly} {non-Options | 2380 | Template only} | 2381 | isScope {readOnly} {Options Template | 2382 | only} | 2383 +--------------------------------------+ 2385 Figure 29: Template class 2387 The Template class contains state data about Templates used by an 2388 Exporting Process or received by a Collecting Process in a specific 2389 Transport Session. The Field class defines one field of the 2390 Template. The names and semantics of the state parameters correspond 2391 to the managed objects in the ipfixTemplateTable, 2392 ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the 2393 IPFIX MIB module [RFC6615]: 2395 observationDomainId: The ID of the Observation Domain for which this 2396 Template is defined. 2398 templateId: This number indicates the Template Id in the IPFIX 2399 message. 2401 setId: This number indicates the Set ID of the Template. 2402 Currently, there are two values defined [RFC5101]. The value 2 is 2403 used for Sets containing Template definitions. The value 3 is 2404 used for Sets containing Options Template definitions. 2406 accessTime: Used for Exporting Processes, this parameter contains 2407 the time when this (Options) Template was last sent to the 2408 Collector or written to the file. 2409 Used for Collecting Processes, this parameter contains the time 2410 when this (Options) Template was last received from the Exporter 2411 or read from the file. 2413 templateDataRecords: The number of transmitted or received Data 2414 Records defined by this (Options) Template since the point in time 2415 indicated by templateDefinitionTime. 2417 templateDiscontinuityTime: Timestamp of the most recent occasion at 2418 which the counter templateDataRecords suffered a discontinuity. 2419 In contrast to ipfixTemplateDiscontinuityTime, the time is 2420 absolute and not relative to sysUpTime. 2422 ieId, ieLength, ieEnterpriseNumber: Information Element ID, length, 2423 and enterprise number of a field in the Template. If this is not 2424 an enterprise-specific Information Element, ieEnterpriseNumber is 2425 zero. 2426 These state parameters are identical to 2427 ipfixTemplateDefinitionIeId, ipfixTemplateDefinitionIeLength, and 2428 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module 2429 [RFC6615]. 2431 isFlowKey: If this state parameter is present, this is a Flow Key 2432 field. 2433 This parameter is only available for non-Options Templates (i.e., 2434 if setId is 2). 2436 isFlowKey: If this state parameter is present, this is a scope 2437 field. 2438 This parameter is only available for Options Templates (i.e., if 2439 setId is 3). 2441 5. Adaptation to Device Capabilities 2443 The configuration data model standardizes a superset of common IPFIX 2444 and PSAMP configuration parameters. A typical Monitoring Device 2445 implementation will not support the entire range of possible 2446 configurations. Certain functions may not be supported, such as the 2447 Collecting Process that does not exist on a Monitoring Device which 2448 is conceived as Exporter only. The configuration of other functions 2449 may be subject to resource limitations or functional restrictions. 2450 For example, the Cache size is typically limited according to the 2451 available memory on the device. It is also possible that a 2452 Monitoring Device implementation requires the configuration of 2453 additional parameters which are not part of the configuration data 2454 model in order to function properly. 2456 YANG [RFC6020] offers several possibilities to restrict and adapt a 2457 configuration data model. The current version of YANG defines the 2458 concepts of features, deviations, and extensions. 2460 The feature concept allows the author of a configuration data model 2461 to make proportions of the model conditional in a manner that is 2462 controlled by the device. Devices do not have to support these 2463 conditional parts to conform to the model. If the NETCONF protocol 2464 is used, features which are supported by the device are announced in 2465 the message [RFC6241]. 2467 The configuration data model for IPFIX and PSAMP covers the 2468 configuration of Exporters, Collectors, and devices that may act as 2469 both. As Exporters and Collectors implement different functions, the 2470 corresponding proportions of the model are conditional on the 2471 following features: 2473 exporter: If this feature is supported, Exporting Processes can be 2474 configured. 2476 collector: If this feature is supported, Collecting Processes can be 2477 configured. 2479 Exporters do not necessarily implement any Selection Processes, 2480 Caches, or even Observation Points in particular cases. Therefore, 2481 the corresponding proportions of the model are conditional on the 2482 following feature: 2484 meter: If this feature is supported, Observation Points, Selection 2485 Processes, and Caches can be configured. 2487 Additional features refer to different PSAMP Sampling and Filtering 2488 methods as well as to the supported types of Caches: 2490 psampSampCountBased: If this feature is supported, Sampling method 2491 sampCountBased can be configured. 2493 psampSampTimeBased: If this feature is supported, Sampling method 2494 sampTimeBased can be configured. 2496 psampSampRandOutOfN: If this feature is supported, Sampling method 2497 sampRandOutOfN can be configured. 2499 psampSampUniProb: If this feature is supported, Sampling method 2500 sampUniProb can be configured. 2502 psampFilterMatch: If this feature is supported, Filtering method 2503 filterMatch can be configured. 2505 psampFilterHash: If this feature is supported, Filtering method 2506 filterHash can be configured. 2508 immediateCache: If this feature is supported, a Cache generating 2509 PSAMP Packet Reports can be configured using the ImmediateCache 2510 class. 2512 timeoutCache: If this feature is supported, a Cache generating IPFIX 2513 Flow Records can be configured using the TimeoutCache class. 2515 naturalCache: If this feature is supported, a Cache generating IPFIX 2516 Flow Records can be configured using the NaturalCache class. 2518 permanentCache: If this feature is supported, a Cache generating 2519 IPFIX Flow Records can be configured using the PermanentCache 2520 class. 2522 The following features concern the support of UDP and TCP as 2523 transport protocols and the support of File Readers and File Writers: 2525 udpTransport: If this feature is supported, UDP can be used as 2526 transport protocol by Exporting Processes and Collecting 2527 Processes. 2529 tcpTransport: If this feature is supported, TCP can be used as 2530 transport protocol by Exporting Processes and Collecting 2531 Processes. 2533 fileReader: If this feature is supported, File Readers can be 2534 configured as part of Collecting Processes. 2536 fileWriter: If this feature is supported, File Writers can be 2537 configured as part of Exporting Processes. 2539 The deviation concept enables a device to announce deviations from 2540 the standard model using the "deviation" statement. For example, it 2541 is possible to restrict the value range of a specific parameter or to 2542 define that the configuration of a certain parameter is not supported 2543 at all. Hence, deviations are typically used to specify limitations 2544 due to resource constraints or functional restrictions. Deviations 2545 concern existing parameters of the original configuration data model 2546 and must not be confused with model extensions. Model extensions are 2547 specified with the "augment" statement and allow adding new 2548 parameters to the original configuration data model. 2550 If certain device-specific constraints cannot be formally specified 2551 with YANG, they MUST be expressed with human-readable text using the 2552 "description" statement. The provided information MUST enable the 2553 user to define a configuration which is entirely supported by the 2554 Monitoring Device. On the other hand, if a Monitoring Device is 2555 configured, it MUST notify the user about any part of the 2556 configuration which is not supported. The Monitoring Device MUST NOT 2557 silently accept configuration data which cannot be completely 2558 enforced. If the NETCONF protocol is used to send configuration data 2559 to the Monitoring Device, the error handling is specified in the 2560 NETCONF protocol specification [RFC6241]. 2562 Just like features, deviations and model extensions are announced in 2563 NETCONF's message. A usage example of deviations is given in 2564 Section 7.5. 2566 6. YANG Module of the IPFIX/PSAMP Configuration Data Model 2568 The YANG module specification of the configuration data model is 2569 listed below. It makes use of the common YANG types defined in the 2570 modules urn:ietf:params:xml:ns:yang:ietf-yang-types and 2571 urn:ietf:params:xml:ns:yang:ietf-inet-types [RFC6021]. 2573 file "ietf-ipfix-psamp@2012-06-12.yang" 2574 module ietf-ipfix-psamp { 2575 namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp"; 2576 prefix ipfix; 2578 import ietf-yang-types { prefix yang; } 2579 import ietf-inet-types { prefix inet; } 2581 organization 2582 "IETF IPFIX Working Group"; 2584 contact 2585 "WG Web: 2586 WG List: 2587 WG Chair: Nevil Brownlee 2588 2590 WG Chair: Juergen Quittek 2591 2593 Editor: Gerhard Muenz 2594 "; 2596 description 2597 "IPFIX/PSAMP Configuration Data Model 2599 Copyright (c) 2010 IETF Trust and the persons identified as 2600 the document authors. All rights reserved. 2601 Redistribution and use in source and binary forms, with or 2602 without modification, is permitted pursuant to, and subject 2603 to the license terms contained in, the Simplified BSD License 2604 set forth in Section 4.c of the IETF Trust's Legal Provisions 2605 Relating to IETF Documents 2606 (http://trustee.ietf.org/license-info)."; 2608 revision 2012-06-12 { 2609 description "Version of 2610 draft-ietf-ipfix-configuration-model-11"; 2611 reference "RFCxxxx: IPFIX/PSAMP Configuration Data Model"; 2612 } 2614 /***************************************************************** 2615 * Features 2616 *****************************************************************/ 2618 feature exporter { 2619 description "If supported, the Monitoring Device can be used as 2620 an Exporter. Exporting Processes can be configured."; 2621 } 2623 feature collector { 2624 description "If supported, the Monitoring Device can be used as 2625 a Collector. Collecting Processes can be configured."; 2626 } 2628 feature meter { 2629 description "If supported, Observation Points, Selection 2630 Processes, and Caches can be configured."; 2631 } 2633 feature psampSampCountBased { 2634 description "If supported, the Monitoring Device supports 2635 count-based Sampling. The Selector method sampCountBased can 2636 be configured."; 2637 } 2639 feature psampSampTimeBased { 2640 description "If supported, the Monitoring Device supports 2641 time-based Sampling. The Selector method sampTimeBased can 2642 be configured."; 2643 } 2645 feature psampSampRandOutOfN { 2646 description "If supported, the Monitoring Device supports 2647 random n-out-of-N Sampling. The Selector method 2648 sampRandOutOfN can be configured."; 2649 } 2651 feature psampSampUniProb { 2652 description "If supported, the Monitoring Device supports 2653 uniform probabilistic Sampling. The Selector method 2654 sampUniProb can be configured."; 2655 } 2657 feature psampFilterMatch { 2658 description "If supported, the Monitoring Device supports 2659 property match Filtering. The Selector method filterMatch 2660 can be configured."; 2661 } 2663 feature psampFilterHash { 2664 description "If supported, the Monitoring Device supports 2665 hash-based Filtering. The Selector method filterHash can be 2666 configured."; 2667 } 2669 feature immediateCache { 2670 description "If supported, the Monitoring Device supports 2671 Caches generating PSAMP Packet Reports by configuration with 2672 immediateCache."; 2673 } 2675 feature timeoutCache { 2676 description "If supported, the Monitoring Device supports 2677 Caches generating IPFIX Flow Records by configuration with 2678 timeoutCache."; 2679 } 2681 feature naturalCache { 2682 description "If supported, the Monitoring Device supports 2683 Caches generating IPFIX Flow Records by configuration with 2684 naturalCache."; 2685 } 2687 feature permanentCache { 2688 description "If supported, the Monitoring Device supports 2689 Caches generating IPFIX Flow Records by configuration with 2690 permanentCache."; 2691 } 2693 feature udpTransport { 2694 description "If supported, the Monitoring Device supports UDP 2695 as transport protocol."; 2696 } 2698 feature tcpTransport { 2699 description "If supported, the Monitoring Device supports TCP 2700 as transport protocol."; 2701 } 2703 feature fileReader { 2704 description "If supported, the Monitoring Device supports the 2705 configuration of Collecting Processes as File Readers."; 2706 } 2708 feature fileWriter { 2709 description "If supported, the Monitoring Device supports the 2710 configuration of Exporting Processes as File Writers."; 2711 } 2713 /***************************************************************** 2714 * Identities 2715 *****************************************************************/ 2717 /*** Hash function identities ***/ 2718 identity hashFunction { 2719 description "Base identity for all hash functions used for 2720 hash-based packet filtering. Identities derived from 2721 this base are used by the leaf 2722 /ipfix/selectionProcess/selector/filterHash/hashFunction."; 2723 } 2724 identity BOB { 2725 base "hashFunction"; 2726 description "BOB hash function"; 2727 reference "RFC5475, Section 6.2.4.1."; 2728 } 2729 identity IPSX { 2730 base "hashFunction"; 2731 description "IPSX hash function"; 2732 reference "RFC5475, Section 6.2.4.1."; 2733 } 2734 identity CRC { 2735 base "hashFunction"; 2736 description "CRC hash function"; 2737 reference "RFC5475, Section 6.2.4.1."; 2738 } 2740 /*** Export mode identities ***/ 2741 identity exportMode { 2742 description "Base identity for different usages of export 2743 destinations configured for an Exporting Process. 2744 Identities derived from this base are used by the leaf 2745 /ipfix/exportingProcess/exportMode."; 2746 } 2747 identity parallel { 2748 base "exportMode"; 2749 description "Parallel export of Data Records to all 2750 destinations configured for the Exporting Process."; 2751 } 2752 identity loadBalancing { 2753 base "exportMode"; 2754 description "Load-balancing between the different destinations 2755 configured for the Exporting Process."; 2756 } 2757 identity fallback { 2758 base "exportMode"; 2759 description "Export to the primary destination (i.e., the first 2760 SCTP, UDP, TCP, or file destination configured for the 2761 Exporting Process). If the export to the primary destination 2762 fails, the Exporting Process tries to export to the secondary 2763 destination. If the secondary destination fails as well, it 2764 continues with the tertiary, etc."; 2765 } 2767 /*** Options type identities ***/ 2768 identity optionsType { 2769 description "Base identity for report types exported with 2770 options. Identities derived from this base are used by the leaf 2771 /ipfix/exportingProcess/options/optionsType."; 2772 } 2773 identity meteringStatistics { 2774 base "optionsType"; 2775 description "Metering Process Statistics."; 2776 reference "RFC 5101, Section 4.1."; 2777 } 2778 identity meteringReliability { 2779 base "optionsType"; 2780 description "Metering Process Reliability Statistics."; 2781 reference "RFC 5101, Section 4.2."; 2782 } 2783 identity exportingReliability { 2784 base "optionsType"; 2785 description "Exporting Process Reliability 2786 Statistics."; 2787 reference "RFC 5101, Section 4.3."; 2788 } 2789 identity flowKeys { 2790 base "optionsType"; 2791 description "Flow Keys."; 2792 reference "RFC 5101, Section 4.4."; 2793 } 2794 identity selectionSequence { 2795 base "optionsType"; 2796 description "Selection Sequence and Selector Reports."; 2797 reference "RFC5476, Sections 6.5.1 and 6.5.2."; 2798 } 2799 identity selectionStatistics { 2800 base "optionsType"; 2801 description "Selection Sequence Statistics Report."; 2802 reference "RFC5476, Sections 6.5.3."; 2803 } 2804 identity accuracy { 2805 base "optionsType"; 2806 description "Accuracy Report."; 2807 reference "RFC5476, Section 6.5.4."; 2808 } 2809 identity reducingRedundancy { 2810 base "optionsType"; 2811 description "Enables the utilization of Options Templates to 2812 reduce redundancy in the exported Data Records."; 2813 reference "RFC5473."; 2814 } 2815 identity extendedTypeInformation { 2816 base "optionsType"; 2817 description "Export of extended type information for 2818 enterprise-specific Information Elements used in the 2819 exported Templates."; 2820 reference "RFC5610."; 2821 } 2823 /***************************************************************** 2824 * Type definitions 2825 *****************************************************************/ 2826 typedef ieNameType { 2827 type string { 2828 length "1..max"; 2829 pattern "\S+"; 2830 } 2831 description "Type for Information Element names. Whitespaces 2832 are not allowed."; 2833 } 2835 typedef ieIdType { 2836 type uint16 { 2837 range "1..32767" { 2838 description "Valid range of Information Element 2839 identifiers."; 2840 reference "RFC5102, Section 4."; 2841 } 2842 } 2843 description "Type for Information Element identifiers."; 2844 } 2846 typedef nameType { 2847 type string { 2848 length "1..max"; 2849 pattern "\S(.*\S)?"; 2850 } 2851 description "Type for 'name' leafs which are used to identify 2852 specific instances within lists etc. 2853 Leading and trailing whitespaces are not allowed."; 2854 } 2856 typedef ifNameType { 2857 type string { 2858 length "1..255"; 2859 } 2860 description "This corresponds to the DisplayString textual 2861 convention of SNMPv2-TC, which is used for ifName in the IF 2862 MIB module."; 2863 reference "RFC2863 (ifName)."; 2864 } 2866 typedef direction { 2867 type enumeration { 2868 enum ingress { 2869 description "This value is used for monitoring incoming 2870 packets."; 2871 } 2872 enum egress { 2873 description "This value is used for monitoring outgoing 2874 packets."; 2875 } 2876 enum both { 2877 description "This value is used for monitoring incoming and 2878 outgoing packets."; 2879 } 2880 } 2881 description "Direction of packets going through an interface or 2882 linecard."; 2883 } 2885 typedef transportSessionStatus { 2886 type enumeration { 2887 enum inactive { 2888 description "This value MUST be used for Transport Sessions 2889 that are specified in the system but currently not active. 2890 The value can be used for Transport Sessions that are 2891 backup (secondary) sessions."; 2892 } 2893 enum active { 2894 description "This value MUST be used for Transport Sessions 2895 that are currently active and transmitting or receiving 2896 data."; 2897 } 2898 enum unknown { 2899 description "This value MUST be used if the status of the 2900 Transport Sessions cannot be detected by the device. This 2901 value should be avoided as far as possible."; 2902 } 2903 } 2904 description "Status of a Transport Session."; 2905 reference "RFC6615, Section 8 (ipfixTransportSessionStatus)."; 2906 } 2908 /***************************************************************** 2909 * Groupings 2910 *****************************************************************/ 2912 grouping observationPointParameters { 2913 description "Interface as input to Observation Point."; 2914 leaf observationPointId { 2915 type uint32; 2916 config false; 2917 description "Observation Point ID (i.e., the value of the 2918 Information Element observationPointId) assigned by the 2919 Monitoring Device."; 2920 reference "RFC5102, Section 5.1.10."; 2921 } 2922 leaf observationDomainId { 2923 type uint32; 2924 mandatory true; 2925 description "The Observation Domain ID associates the 2926 Observation Point to an Observation Domain. Observation 2927 Points with identical Observation Domain ID belong to the 2928 same Observation Domain. 2929 Note that this parameter corresponds to 2930 ipfixObservationPointObservationDomainId in the IPFIX MIB 2931 module."; 2932 reference "RFC5101; RFC6615, Section 8 2933 (ipfixObservationPointObservationDomainId)."; 2934 } 2935 leaf-list ifName { 2936 type ifNameType; 2937 description "List of names identifying interfaces of the 2938 Monitoring Device. The Observation Point observes packets at 2939 the specified interfaces."; 2940 } 2941 leaf-list ifIndex { 2942 type uint32; 2943 description "List of ifIndex values pointing to entries in the 2944 ifTable of the IF-MIB module maintained by the Monitoring 2945 Device. The Observation Point observes packets at the 2946 specified interfaces. 2947 This parameter SHOULD only be used if an SNMP agent enables 2948 access to the ifTable. 2949 Note that this parameter corresponds to 2950 ipfixObservationPointPhysicalInterface in the IPFIX MIB 2951 module."; 2952 reference "RFC 1229; RFC6615, Section 8 2953 (ipfixObservationPointPhysicalInterface)."; 2954 } 2955 leaf-list entPhysicalName { 2956 type string; 2957 description "List of names identifying physical entities of the 2958 Monitoring Device. The Observation Point observes packets at 2959 the specified entities."; 2960 } 2961 leaf-list entPhysicalIndex { 2962 type uint32; 2963 description "List of entPhysicalIndex values pointing to 2964 entries in the entPhysicalTable of the ENTITY-MIB module 2965 maintained by the Monitoring Device. The Observation Point 2966 observes packets at the specified entities. 2967 This parameter SHOULD only be used if an SNMP agent enables 2968 access to the entPhysicalTable. 2969 Note that this parameter corresponds to 2970 ipfixObservationPointPhysicalEntity in the IPFIX MIB 2971 module."; 2972 reference "RFC 4133; RFC6615, Section 8 2973 (ipfixObservationPointPhysicalInterface)."; 2974 } 2975 leaf direction { 2976 type direction; 2977 default both; 2978 description "Direction of packets. If not applicable (e.g., in 2979 the case of a sniffing interface in promiscuous mode), this 2980 parameter is ignored."; 2981 } 2982 } 2984 grouping sampCountBasedParameters { 2985 description "Configuration parameters of a Selector applying 2986 systematic count-based packet sampling to the packet 2987 stream."; 2988 reference "RFC5475, Section 5.1; RFC5476, Section 6.5.2.1."; 2989 leaf packetInterval { 2990 type uint32; 2991 units packets; 2992 mandatory true; 2993 description "The number of packets that are consecutively 2994 sampled between gaps of length packetSpace. 2995 This parameter corresponds to the Information Element 2996 samplingPacketInterval and to psampSampCountBasedInterval 2997 in the PSAMP MIB module."; 2998 reference "RFC5477, Section 8.2.2; RFCyyyy, Section 6 2999 (psampSampCountBasedInterval)."; 3000 } 3001 leaf packetSpace { 3002 type uint32; 3003 units packets; 3004 mandatory true; 3005 description "The number of unsampled packets between two 3006 sampling intervals. 3007 This parameter corresponds to the Information Element 3008 samplingPacketSpace and to psampSampCountBasedSpace 3009 in the PSAMP MIB module."; 3010 reference "RFC5477, Section 8.2.3; RFCyyyy, Section 6 3011 (psampSampCountBasedSpace)."; 3012 } 3013 } 3015 grouping sampTimeBasedParameters { 3016 description "Configuration parameters of a Selector applying 3017 systematic time-based packet sampling to the packet 3018 stream."; 3019 reference "RFC5475, Section 5.1; RFC5476, Section 6.5.2.2."; 3020 leaf timeInterval { 3021 type uint32; 3022 units microseconds; 3023 mandatory true; 3024 description "The time interval in microseconds during 3025 which all arriving packets are sampled between gaps 3026 of length timeSpace. 3027 This parameter corresponds to the Information Element 3028 samplingTimeInterval and to psampSampTimeBasedInterval 3029 in the PSAMP MIB module."; 3030 reference "RFC5477, Section 8.2.4; RFCyyyy, Section 6 3031 (psampSampTimeBasedInterval)."; 3032 } 3033 leaf timeSpace { 3034 type uint32; 3035 units microseconds; 3036 mandatory true; 3037 description "The time interval in microseconds during 3038 which no packets are sampled between two sampling 3039 intervals specified by timeInterval. 3040 This parameter corresponds to the Information Element 3041 samplingTimeInterval and to psampSampTimeBasedSpace 3042 in the PSAMP MIB module."; 3043 reference "RFC5477, Section 8.2.5; RFCyyyy, Section 6 3044 (psampSampTimeBasedSpace)."; 3045 } 3046 } 3048 grouping sampRandOutOfNParameters { 3049 description "Configuration parameters of a Selector applying 3050 n-out-of-N packet sampling to the packet stream."; 3051 reference "RFC5475, Section 5.2.1; RFC5476, Section 6.5.2.3."; 3052 leaf size { 3053 type uint32; 3054 units packets; 3055 mandatory true; 3056 description "The number of elements taken from the parent 3057 population. 3058 This parameter corresponds to the Information Element 3059 samplingSize and to psampSampRandOutOfNSize in the PSAMP 3060 MIB module."; 3061 reference "RFC5477, Section 8.2.6; RFCyyyy, Section 6 3062 (psampSampRandOutOfNSize)."; 3063 } 3064 leaf population { 3065 type uint32; 3066 units packets; 3067 mandatory true; 3068 description "The number of elements in the parent 3069 population. 3070 This parameter corresponds to the Information Element 3071 samplingPopulation and to psampSampRandOutOfNPopulation 3072 in the PSAMP MIB module."; 3073 reference "RFC5477, Section 8.2.7; RFCyyyy, Section 6 3074 (psampSampRandOutOfNPopulation)."; 3075 } 3076 } 3078 grouping sampUniProbParameters { 3079 description "Configuration parameters of a Selector applying 3080 uniform probabilistic packet sampling (with equal 3081 probability per packet) to the packet stream."; 3082 reference "RFC5475, Section 5.2.2.1; 3083 RFC5476, Section 6.5.2.4."; 3084 leaf probability { 3085 type decimal64 { 3086 fraction-digits 18; 3087 range "0..1"; 3088 } 3089 mandatory true; 3090 description "Probability that a packet is sampled, 3091 expressed as a value between 0 and 1. The probability 3092 is equal for every packet. 3093 This parameter corresponds to the Information Element 3094 samplingProbability and to psampSampUniProbProbability 3095 in the PSAMP MIB module."; 3096 reference "RFC5477, Section 8.2.8; RFCyyyy, Section 6 3097 (psampSampUniProbProbability)."; 3098 } 3099 } 3101 grouping filterMatchParameters { 3102 description "Configuration parameters of a Selector applying 3103 property match filtering to the packet stream. 3104 The field to be matched is specified as Information 3105 Element."; 3106 reference "RFC5475, Section 6.1; RFC5476, Section 6.5.2.5."; 3107 choice nameOrId { 3108 mandatory true; 3109 description "The field to be matched is specified by 3110 either the name or the ID of the Information 3111 Element."; 3112 leaf ieName { 3113 type ieNameType; 3114 description "Name of the Information Element."; 3115 } 3116 leaf ieId { 3117 type ieIdType; 3118 description "ID of the Information Element."; 3119 } 3120 } 3121 leaf ieEnterpriseNumber { 3122 type uint32; 3123 default 0; 3124 description "If this parameter is zero, the Information 3125 Element is registered in the IANA registry of IPFIX 3126 Information Elements. 3127 If this parameter is configured with a non-zero private 3128 enterprise number, the Information Element is 3129 enterprise-specific."; 3130 reference "RFC5102."; 3131 } 3132 leaf value { 3133 type string; 3134 mandatory true; 3135 description "Matching value of the Information Element."; 3136 } 3137 } 3139 grouping filterHashParameters { 3140 description "Configuration parameters of a Selector applying 3141 hash-based filtering to the packet stream."; 3142 reference "RFC5475, Section 6.2; RFC5476, Section 6.5.2.6."; 3143 leaf hashFunction { 3144 type identityref { 3145 base "hashFunction"; 3146 } 3147 default BOB; 3148 description "Hash function to be applied. According to 3149 RFC5475, Section 6.2.4.1, 'BOB' must be used in order to 3150 be compliant with PSAMP. 3151 This parameter functionally corresponds to 3152 psampFiltHashFunction in the PSAMP MIB module."; 3153 reference "RFCyyyy, Section 6 (psampFiltHashFunction)"; 3154 } 3155 leaf initializerValue { 3156 type uint64; 3157 description "Initializer value to the hash function. 3158 If not configured by the user, the Monitoring Device 3159 arbitrarily chooses an initializer value. 3160 This parameter corresponds to the Information Element 3161 hashInitialiserValue and to psampFiltHashInitializerValue 3162 in the PSAMP MIB module."; 3163 reference "RFC5477, Section 8.3.9; RFCyyyy, Section 6 3164 (psampFiltHashInitializerValue)."; 3165 } 3166 leaf ipPayloadOffset { 3167 type uint64; 3168 units octets; 3169 default 0; 3170 description "IP payload offset indicating the position of 3171 the first payload byte considered as input to the hash 3172 function. 3173 Default value 0 corresponds to the minimum offset that 3174 must be configurable according to RFC5476, Section 3175 6.2.5.6. 3176 This parameter corresponds to the Information Element 3177 hashIPPayloadOffset and to psampFiltHashIpPayloadOffset 3178 in the PSAMP MIB module."; 3179 reference "RFC5477, Section 8.3.2; RFCyyyy, Section 6 3180 (psampFiltHashIpPayloadOffset)."; 3181 } 3182 leaf ipPayloadSize { 3183 type uint64; 3184 units octets; 3185 default 8; 3186 description "Number of IP payload bytes used as input to 3187 the hash function, counted from the payload offset. 3188 If the IP payload is shorter than the payload range, 3189 all available payload octets are used as input. 3190 Default value 8 corresponds to the minimum IP payload 3191 size that must be configurable according to RFC5476, 3192 Section 6.2.5.6. 3193 This parameter corresponds to the Information Element 3194 hashIPPayloadSize and to psampFiltHashIpPayloadSize 3195 in the PSAMP MIB module."; 3196 reference "RFC5477, Section 8.3.3; RFCyyyy, Section 6 3197 (psampFiltHashIpPayloadSize)."; 3198 } 3199 leaf digestOutput { 3200 type boolean; 3201 default false; 3202 description "If true, the output from this Selector is 3203 included in the Packet Report as a packet digest. 3204 Therefore, the configured Cache Layout needs to contain 3205 a digestHashValue field. 3206 This parameter corresponds to the Information Element 3207 hashDigestOutput."; 3208 reference "RFC5477, Section 8.3.8."; 3209 } 3210 leaf outputRangeMin { 3211 type uint64; 3212 config false; 3213 description "Beginning of the hash function's potential 3214 range. 3215 This parameter corresponds to the Information Element 3216 hashOutputRangeMin and to psampFiltHashOutputRangeMin 3217 in the PSAMP MIB module."; 3218 reference "RFC5477, Section 8.3.4; RFCyyyy, Section 6 3219 (psampFiltHashOutputRangeMin)."; 3220 } 3221 leaf outputRangeMax { 3222 type uint64; 3223 config false; 3224 description "End of the hash function's potential range. 3225 This parameter corresponds to the Information Element 3226 hashOutputRangeMax and to psampFiltHashOutputRangeMax 3227 in the PSAMP MIB module."; 3228 reference "RFC5477, Section 8.3.5; RFCyyyy, Section 6 3229 (psampFiltHashOutputRangeMax)."; 3230 } 3231 list selectedRange { 3232 key name; 3233 min-elements 1; 3234 description "List of hash function return ranges for 3235 which packets are selected."; 3236 leaf name { 3237 type nameType; 3238 description "Key of this list."; 3239 } 3240 leaf min { 3241 type uint64; 3242 description "Beginning of the hash function's selected 3243 range. 3244 This parameter corresponds to the Information Element 3245 hashSelectedRangeMin and to psampFiltHashSelectedRangeMin 3246 in the PSAMP MIB module."; 3247 reference "RFC5477, Section 8.3.6; RFCyyyy, Section 6 3248 (psampFiltHashSelectedRangeMin)."; 3249 } 3250 leaf max { 3251 type uint64; 3252 description "End of the hash function's selected range. 3253 This parameter corresponds to the Information Element 3254 hashSelectedRangeMax and to psampFiltHashSelectedRangeMax 3255 in the PSAMP MIB module."; 3256 reference "RFC5477, Section 8.3.7; RFCyyyy, Section 6 3257 (psampFiltHashSelectedRangeMax)."; 3259 } 3260 } 3261 } 3263 grouping selectorParameters { 3264 description "Configuration and state parameters of a Selector."; 3265 choice Method { 3266 mandatory true; 3267 description "Packet selection method applied by the Selector."; 3268 leaf selectAll { 3269 type empty; 3270 description "Method which selects all packets."; 3271 } 3272 container sampCountBased { 3273 if-feature psampSampCountBased; 3274 description "Systematic count-based packet sampling."; 3275 uses sampCountBasedParameters; 3276 } 3277 container sampTimeBased { 3278 if-feature psampSampTimeBased; 3279 description "Systematic time-based packet sampling."; 3280 uses sampTimeBasedParameters; 3281 } 3282 container sampRandOutOfN { 3283 if-feature psampSampRandOutOfN; 3284 description "n-out-of-N packet sampling."; 3285 uses sampRandOutOfNParameters; 3286 } 3287 container sampUniProb { 3288 if-feature psampSampUniProb; 3289 description "Uniform probabilistic packet sampling."; 3290 uses sampUniProbParameters; 3291 } 3292 container filterMatch { 3293 if-feature psampFilterMatch; 3294 description "Property match filtering."; 3295 uses filterMatchParameters; 3296 } 3297 container filterHash { 3298 if-feature psampFilterHash; 3299 description "Hash-based filtering."; 3300 uses filterHashParameters; 3301 } 3302 } 3303 leaf packetsObserved { 3304 type yang:counter64; 3305 config false; 3306 description "The number of packets observed at the input of 3307 the Selector. 3308 If this is the first Selector in the Selection Process, 3309 this counter corresponds to the total number of packets in 3310 all Observed Packet Streams at the input of the Selection 3311 Process. Otherwise, the counter corresponds to the total 3312 number of packets at the output of the preceding Selector. 3313 Discontinuities in the value of this counter can occur at 3314 re-initialization of the management system, and at other 3315 times as indicated by the value of 3316 selectorDiscontinuityTime. 3317 Note that this parameter corresponds to 3318 ipfixSelectorStatsPacketsObserved in the IPFIX MIB 3319 module."; 3320 reference "RFC6615, Section 8 3321 (ipfixSelectorStatsPacketsObserved)."; 3322 } 3323 leaf packetsDropped { 3324 type yang:counter64; 3325 config false; 3326 description "The total number of packets discarded by the 3327 Selector. 3328 Discontinuities in the value of this counter can occur at 3329 re-initialization of the management system, and at other 3330 times as indicated by the value of 3331 selectorDiscontinuityTime. 3332 Note that this parameter corresponds to 3333 ipfixSelectorStatsPacketsDropped in the IPFIX MIB 3334 module."; 3335 reference "RFC6615, Section 8 3336 (ipfixSelectorStatsPacketsDropped)."; 3337 } 3338 leaf selectorDiscontinuityTime { 3339 type yang:date-and-time; 3340 config false; 3341 description "Timestamp of the most recent occasion at which 3342 one or more of the Selector counters suffered a 3343 discontinuity. 3344 Note that this parameter functionally corresponds to 3345 ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX 3346 MIB module. In contrast to 3347 ipfixSelectionProcessStatsDiscontinuityTime, the time is 3348 absolute and not relative to sysUpTime."; 3349 reference "RFC6615, Section 8 3350 (ipfixSelectionProcessStatsDiscontinuityTime)."; 3351 } 3352 } 3354 grouping cacheLayoutParameters { 3355 description "Cache Layout parameters used by immediateCache, 3356 timeoutCache, naturalCache, and permanentCache."; 3357 container cacheLayout { 3358 description "Cache Layout parameters."; 3359 list cacheField { 3360 key name; 3361 min-elements 1; 3362 description "Superset of fields that are included in the 3363 Packet Reports or Flow Records generated by the Cache."; 3364 leaf name { 3365 type nameType; 3366 description "Key of this list."; 3367 } 3368 choice nameOrId { 3369 mandatory true; 3370 description "Name or ID of the Information Element."; 3371 reference "RFC5102."; 3372 leaf ieName { 3373 type ieNameType; 3374 description "Name of the Information Element."; 3375 } 3376 leaf ieId { 3377 type ieIdType; 3378 description "ID of the Information Element."; 3379 } 3380 } 3381 leaf ieLength { 3382 type uint16; 3383 units octets; 3384 description "Length of the field in which the Information 3385 Element is encoded. A value of 65535 specifies a 3386 variable-length Information Element. For Information 3387 Elements of integer and float type, the field length MAY 3388 be set to a smaller value than the standard length of 3389 the abstract data type if the rules of reduced size 3390 encoding are fulfilled. 3391 If not configured by the user, this parameter is set by 3392 the Monitoring Device."; 3393 reference "RFC5101, Section 6.2; RFC5102."; 3394 } 3395 leaf ieEnterpriseNumber { 3396 type uint32; 3397 default 0; 3398 description "If this parameter is zero, the Information 3399 Element is registered in the IANA registry of IPFIX 3400 Information Elements. 3401 If this parameter is configured with a non-zero private 3402 enterprise number, the Information Element is 3403 enterprise-specific. 3404 If the enterprise number is set to 29305, this field 3405 contains a Reverse Information Element. In this case, 3406 the Cache MUST generate Data Records in accordance to 3407 RFC5103."; 3408 reference "RFC5101; RFC5102; RFC5103."; 3409 } 3410 leaf isFlowKey { 3411 when "(name(../../..) != 'immediateCache') 3412 and 3413 ((count(../ieEnterpriseNumber) = 0) 3414 or 3415 (../ieEnterpriseNumber != 29305))" { 3416 description "This parameter is not available for 3417 Reverse Information Elements (which have enterprise 3418 number 29305). It is also not available for 3419 immediateCache."; 3420 } 3421 type empty; 3422 description "If present, this is a flow key."; 3423 } 3424 } 3425 } 3426 } 3428 grouping flowCacheParameters { 3429 description "Configuration and state parameters of a Cache 3430 generating Flow Records."; 3431 leaf maxFlows { 3432 type uint32; 3433 units flows; 3434 description "This parameter configures the maximum number of 3435 Flows in the Cache, which is the maximum number of Flows 3436 that can be measured simultaneously. 3437 The Monitoring Device MUST ensure that sufficient resources 3438 are available to store the configured maximum number of 3439 Flows. 3440 If the maximum number of Flows is measured, no additional 3441 Flows can be measured before any of the existing entries is 3442 removed. However, traffic which pertains to existing Flows 3443 can continue to be measured."; 3444 } 3445 leaf activeTimeout { 3446 when "(name(..) = 'timeoutCache') or 3447 (name(..) = 'naturalCache')" { 3448 description "This parameter is only available for 3449 timeoutCache and naturalCache."; 3450 } 3451 type uint32; 3452 units seconds; 3453 description "This parameter configures the time in 3454 seconds after which a Flow is expired even though packets 3455 matching this Flow are still received by the Cache. 3456 The parameter value zero indicates infinity, meaning that 3457 there is no active timeout. 3458 If not configured by the user, the Monitoring Device sets 3459 this parameter. 3460 Note that this parameter corresponds to 3461 ipfixMeteringProcessCacheActiveTimeout in the IPFIX 3462 MIB module."; 3463 reference "RFC6615, Section 8 3464 (ipfixMeteringProcessCacheActiveTimeout)."; 3465 } 3466 leaf idleTimeout { 3467 when "(name(..) = 'timeoutCache') or 3468 (name(..) = 'naturalCache')" { 3469 description "This parameter is only available for 3470 timeoutCache and naturalCache."; 3471 } 3472 type uint32; 3473 units seconds; 3474 description "This parameter configures the time in 3475 seconds after which a Flow is expired if no more packets 3476 matching this Flow are received by the Cache. 3477 The parameter value zero indicates infinity, meaning that 3478 there is no idle timeout. 3479 If not configured by the user, the Monitoring Device sets 3480 this parameter. 3481 Note that this parameter corresponds to 3482 ipfixMeteringProcessCacheIdleTimeout in the IPFIX 3483 MIB module."; 3484 reference "RFC6615, Section 8 3485 (ipfixMeteringProcessCacheIdleTimeout)."; 3486 } 3487 leaf exportInterval { 3488 when "name(..) = 'permanentCache'" { 3489 description "This parameter is only available for 3490 permanentCache."; 3491 } 3492 type uint32; 3493 units seconds; 3494 description "This parameter configures the interval (in 3495 seconds) for periodical export of Flow Records. 3496 If not configured by the user, the Monitoring Device sets 3497 this parameter."; 3498 } 3499 leaf activeFlows { 3500 type yang:gauge32; 3501 units flows; 3502 config false; 3503 description "The number of Flows currently active in this 3504 Cache. 3505 Note that this parameter corresponds to 3506 ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB 3507 module."; 3508 reference "RFC6615, Section 8 3509 (ipfixMeteringProcessCacheActiveFlows)."; 3510 } 3511 leaf unusedCacheEntries { 3512 type yang:gauge32; 3513 units flows; 3514 config false; 3515 description "The number of unused Cache entries in this 3516 Cache. 3517 Note that this parameter corresponds to 3518 ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX 3519 MIB module."; 3520 reference "RFC6615, Section 8 3521 (ipfixMeteringProcessCacheUnusedCacheEntries)."; 3522 } 3523 } 3525 grouping exportingProcessParameters { 3526 description "Parameters of an Exporting Process."; 3527 leaf exportingProcessId { 3528 type uint32; 3529 config false; 3530 description "The identifier of the Exporting Process. 3531 This parameter corresponds to the Information Element 3532 exporintProcessId. Its occurrence helps to associate 3533 Exporting Process parameters with Exporing Process 3534 statistics exported by the Monitoring Device using the 3535 Exporting Process Reliability Statistics Template as 3536 defined by the IPFIX Protocol Specification."; 3537 reference "RFC5101, Section 4.3; RFC5102, Section 5.1.6."; 3538 } 3539 leaf exportMode { 3540 type identityref { 3541 base "exportMode"; 3542 } 3543 default parallel; 3544 description "This parameter determines to which configured 3545 destination(s) the incoming Data Records are exported."; 3546 } 3547 list destination { 3548 key name; 3549 min-elements 1; 3550 description "List of export destinations."; 3551 leaf name { 3552 type nameType; 3553 description "Key of this list."; 3554 } 3555 choice DestinationParameters { 3556 mandatory true; 3557 description "Configuration parameters depend on whether 3558 SCTP, UDP, or TCP are used as transport protocol, and 3559 whether the destination is a file."; 3560 container sctpExporter { 3561 description "SCTP parameters."; 3562 uses sctpExporterParameters; 3563 } 3564 container udpExporter { 3565 if-feature udpTransport; 3566 description "UDP parameters."; 3567 uses udpExporterParameters; 3568 } 3569 container tcpExporter { 3570 if-feature tcpTransport; 3571 description "TCP parameters."; 3572 uses tcpExporterParameters; 3573 } 3574 container fileWriter { 3575 if-feature fileWriter; 3576 description "File Writer parameters."; 3577 uses fileWriterParameters; 3578 } 3579 } 3580 } 3581 list options { 3582 key name; 3583 description "List of options reported by the Exporting 3584 Process."; 3585 leaf name { 3586 type nameType; 3587 description "Key of this list."; 3588 } 3589 uses optionsParameters; 3590 } 3591 } 3593 grouping commonExporterParameters { 3594 description "Parameters of en export destination which are 3595 common to all transport protocols."; 3596 leaf ipfixVersion { 3597 type uint16; 3598 default 10; 3599 description "IPFIX version number."; 3600 reference "RFC 5101."; 3601 } 3602 leaf destinationPort { 3603 type inet:port-number; 3604 description "If not configured by the user, the Monitoring 3605 Device uses the default port number for IPFIX, which is 3606 4739 without transport layer security and 4740 if transport 3607 layer security is activated."; 3608 } 3609 choice indexOrName { 3610 description "Index or name of the interface as stored in the 3611 ifTable of IF-MIB. 3612 If configured, the Exporting Process MUST use the given 3613 interface to export IPFIX Messages to the export 3614 destination. 3615 If omitted, the Exporting Process selects the outgoing 3616 interface based on local routing decision and accepts 3617 return traffic, such as transport layer acknowledgments, 3618 on all available interfaces."; 3619 reference "RFC 1229."; 3620 leaf ifIndex { 3621 type uint32; 3622 description "Index of an interface as stored in the ifTable 3623 of IF-MIB."; 3624 reference "RFC 1229."; 3625 } 3626 leaf ifName { 3627 type string; 3628 description "Name of an interface as stored in the ifTable 3629 of IF-MIB."; 3630 reference "RFC 1229."; 3631 } 3632 } 3633 leaf sendBufferSize { 3634 type uint32; 3635 units bytes; 3636 description "Size of the socket send buffer. 3637 If not configured by the user, this parameter is set by 3638 the Monitoring Device."; 3639 } 3640 leaf rateLimit { 3641 type uint32; 3642 units "bytes per second"; 3643 description "Maximum number of bytes per second the Exporting 3644 Process may export to the given destination. The number of 3645 bytes is calculated from the lengths of the IPFIX Messages 3646 exported. If not configured, no rate limiting is performed."; 3647 reference "RFC5476, Section 6.3."; 3648 } 3649 container transportLayerSecurity { 3650 presence "If transportLayerSecurity is present, DTLS is 3651 enabled if the transport protocol is SCTP or UDP, and TLS 3652 is enabled if the transport protocol is TCP."; 3653 description "Transport layer security configuration."; 3654 uses transportLayerSecurityParameters; 3655 } 3656 container transportSession { 3657 config false; 3658 description "State parameters of the Transport Session 3659 directed to the given destination."; 3660 uses transportSessionParameters; 3661 } 3662 } 3664 grouping sctpExporterParameters { 3665 description "SCTP specific export destination parameters."; 3666 uses commonExporterParameters; 3667 leaf-list sourceIPAddress { 3668 type inet:ip-address; 3669 description "List of source IP addresses used by the 3670 Exporting Process. 3671 If configured, the specified addresses are eligible local 3672 IP addresses of the multi-homed SCTP endpoint. 3673 If not configured, all locally assigned IP addresses are 3674 eligible local IP addresses."; 3675 reference "RFC 4960, Section 6.4."; 3676 } 3677 leaf-list destinationIPAddress { 3678 type inet:ip-address; 3679 min-elements 1; 3680 description "One or multiple IP addresses of the Collecting 3681 Process to which IPFIX Messages are sent. 3682 The user MUST ensure that all configured IP addresses 3683 belong to the same Collecting Process. 3684 The Exporting Process tries to establish an SCTP 3685 association to any of the configured destination IP 3686 addresses."; 3687 reference "RFC 4960, Section 6.4."; 3688 } 3689 leaf timedReliability { 3690 type uint32; 3691 units milliseconds; 3692 default 0; 3693 description "Lifetime in milliseconds until an IPFIX 3694 Message containing Data Sets only is 'abandoned' due to 3695 the timed reliability mechanism of PR-SCTP. 3696 If this parameter is set to zero, reliable SCTP 3697 transport is used for all Data Records. 3698 Regardless of the value of this parameter, the Exporting 3699 Process MAY use reliable SCTP transport for Data Sets 3700 associated with Options Templates."; 3701 reference "RFC 3758; RFC 4960."; 3702 } 3703 } 3705 grouping udpExporterParameters { 3706 description "Parameters of a UDP export destination."; 3707 uses commonExporterParameters; 3708 leaf sourceIPAddress { 3709 type inet:ip-address; 3710 description "Source IP address used by the Exporting Process. 3711 If not configured, the IP address assigned to the outgoing 3712 interface is used as source IP address."; 3713 } 3714 leaf destinationIPAddress { 3715 type inet:ip-address; 3716 mandatory true; 3717 description "IP address of the Collection Process to which 3718 IPFIX Messages are sent."; 3719 } 3720 leaf maxPacketSize { 3721 type uint16; 3722 units octets; 3723 description "This parameter specifies the maximum size of 3724 IP packets sent to the Collector. If set to zero, the 3725 Exporting Device MUST derive the maximum packet size 3726 from path MTU discovery mechanisms. 3727 If not configured by the user, this parameter is set by 3728 the Monitoring Device."; 3729 } 3730 leaf templateRefreshTimeout { 3731 type uint32; 3732 units seconds; 3733 default 600; 3734 description "Sets time after which Templates are resent in the 3735 UDP Transport Session. 3736 Note that the configured lifetime MUST be adapted to the 3737 templateLifeTime parameter value at the receiving Collecting 3738 Process. 3740 Note that this parameter corresponds to 3741 ipfixTransportSessionTemplateRefreshTimeout in the IPFIX 3742 MIB module."; 3743 reference "RFC5101, Section 10.3.6; RFC6615, Section 8 3744 (ipfixTransportSessionTemplateRefreshTimeout)."; 3745 } 3746 leaf optionsTemplateRefreshTimeout { 3747 type uint32; 3748 units seconds; 3749 default 600; 3750 description "Sets time after which Options Templates are 3751 resent in the UDP Transport Session. 3752 Note that the configured lifetime MUST be adapted to the 3753 optionsTemplateLifeTime parameter value at the receiving 3754 Collecting Process. 3755 Note that this parameter corresponds to 3756 ipfixTransportSessionOptionsTemplateRefreshTimeout in the 3757 IPFIX MIB module."; 3758 reference "RFC5101, Section 10.3.6; RFC6615, Section 8 3759 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; 3760 } 3761 leaf templateRefreshPacket { 3762 type uint32; 3763 units "IPFIX Messages"; 3764 description "Sets number of IPFIX Messages after which 3765 Templates are resent in the UDP Transport Session. 3766 Note that this parameter corresponds to 3767 ipfixTransportSessionTemplateRefreshPacket in the IPFIX 3768 MIB module. 3769 If omitted, Templates are only resent after timeout."; 3770 reference "RFC5101, Section 10.3.6; RFC6615, Section 8 3771 (ipfixTransportSessionTemplateRefreshPacket)."; 3772 } 3773 leaf optionsTemplateRefreshPacket { 3774 type uint32; 3775 units "IPFIX Messages"; 3776 description "Sets number of IPFIX Messages after which 3777 Options Templates are resent in the UDP Transport Session 3778 protocol. 3779 Note that this parameter corresponds to 3780 ipfixTransportSessionOptionsTemplateRefreshPacket in the 3781 IPFIX MIB module. 3782 If omitted, Templates are only resent after timeout."; 3783 reference "RFC5101, Section 10.3.6; RFC6615, Section 8 3784 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; 3785 } 3786 } 3787 grouping tcpExporterParameters { 3788 description "Parameters of a TCP export destination."; 3789 uses commonExporterParameters; 3790 leaf sourceIPAddress { 3791 type inet:ip-address; 3792 description "Source IP address used by the Exporting Process. 3793 If not configured by the user, this parameter is set by 3794 the Monitoring Device to an IP address assigned to the 3795 outgoing interface."; 3796 } 3797 leaf destinationIPAddress { 3798 type inet:ip-address; 3799 mandatory true; 3800 description "IP address of the Collection Process to which 3801 IPFIX Messages are sent."; 3802 } 3803 } 3805 grouping fileWriterParameters { 3806 description "File Writer parameters."; 3807 leaf ipfixVersion { 3808 type uint16; 3809 default 10; 3810 description "IPFIX version number."; 3811 reference "RFC 5101."; 3812 } 3813 leaf file { 3814 type inet:uri; 3815 mandatory true; 3816 description "URI specifying the location of the file."; 3817 } 3818 leaf bytes { 3819 type yang:counter64; 3820 units octets; 3821 config false; 3822 description "The number of bytes written by the File Writer. 3823 Discontinuities in the value of this counter can occur at 3824 re-initialization of the management system, and at other 3825 times as indicated by the value of 3826 fileWriterDiscontinuityTime."; 3827 } 3828 leaf messages { 3829 type yang:counter64; 3830 units "IPFIX Messages"; 3831 config false; 3832 description "The number of IPFIX Messages written by the File 3833 Writer. 3834 Discontinuities in the value of this counter can occur at 3835 re-initialization of the management system, and at other 3836 times as indicated by the value of 3837 fileWriterDiscontinuityTime."; 3838 } 3839 leaf discardedMessages { 3840 type yang:counter64; 3841 units "IPFIX Messages"; 3842 config false; 3843 description "The number of IPFIX Messages that could not be 3844 written by the File Writer due to internal buffer 3845 overflows, limited storage capacity etc. 3846 Discontinuities in the value of this counter can occur at 3847 re-initialization of the management system, and at other 3848 times as indicated by the value of 3849 fileWriterDiscontinuityTime."; 3850 } 3851 leaf records { 3852 type yang:counter64; 3853 units "Data Records"; 3854 config false; 3855 description "The number of Data Records written by the File 3856 Writer. 3857 Discontinuities in the value of this counter can occur at 3858 re-initialization of the management system, and at other 3859 times as indicated by the value of 3860 fileWriterDiscontinuityTime."; 3861 } 3862 leaf templates { 3863 type yang:counter32; 3864 units "Templates"; 3865 config false; 3866 description "The number of Template Records (excluding 3867 Options Template Records) written by the File Writer. 3868 Discontinuities in the value of this counter can occur at 3869 re-initialization of the management system, and at other 3870 times as indicated by the value of 3871 fileWriterDiscontinuityTime."; 3872 } 3873 leaf optionsTemplates { 3874 type yang:counter32; 3875 units "Options Templates"; 3876 config false; 3877 description "The number of Options Template Records written 3878 by the File Writer. 3879 Discontinuities in the value of this counter can occur at 3880 re-initialization of the management system, and at other 3881 times as indicated by the value of 3882 fileWriterDiscontinuityTime."; 3884 } 3885 leaf fileWriterDiscontinuityTime { 3886 type yang:date-and-time; 3887 config false; 3888 description "Timestamp of the most recent occasion at which 3889 one or more File Writer counters suffered a discontinuity. 3890 In contrast to discontinuity times in the IPFIX MIB module, 3891 the time is absolute and not relative to sysUpTime."; 3892 } 3893 list template { 3894 config false; 3895 description "This list contains the Templates and Options 3896 Templates that have been written by the File Reader. 3897 Withdrawn or invalidated (Options) Template MUST be removed 3898 from this list."; 3899 uses templateParameters; 3900 } 3901 } 3903 grouping optionsParameters { 3904 description "Parameters specifying the data export using an 3905 Options Template."; 3906 leaf optionsType { 3907 type identityref { 3908 base "optionsType"; 3909 } 3910 mandatory true; 3911 description "Type of the exported options data."; 3912 } 3913 leaf optionsTimeout { 3914 type uint32; 3915 units milliseconds; 3916 description "Time interval for periodic export of the options 3917 data. If set to zero, the export is triggered when the 3918 options data has changed. 3919 If not configured by the user, this parameter is set by the 3920 Monitoring Device."; 3921 } 3922 } 3924 grouping collectingProcessParameters { 3925 description "Parameters of a Collecting Process."; 3926 list sctpCollector { 3927 key name; 3928 description "List of SCTP receivers (sockets) on which the 3929 Collecting Process receives IPFIX Messages."; 3930 leaf name { 3931 type nameType; 3932 description "Key of this list."; 3933 } 3934 uses sctpCollectorParameters; 3935 } 3936 list udpCollector { 3937 if-feature udpTransport; 3938 key name; 3939 description "List of UDP receivers (sockets) on which the 3940 Collecting Process receives IPFIX Messages."; 3941 leaf name { 3942 type nameType; 3943 description "Key of this list."; 3944 } 3945 uses udpCollectorParameters; 3946 } 3947 list tcpCollector { 3948 if-feature tcpTransport; 3949 key name; 3950 description "List of TCP receivers (sockets) on which the 3951 Collecting Process receives IPFIX Messages."; 3952 leaf name { 3953 type nameType; 3954 description "Key of this list."; 3955 } 3956 uses tcpCollectorParameters; 3957 } 3958 list fileReader { 3959 if-feature fileReader; 3960 key name; 3961 description "List of File Readers from which the Collecting 3962 Process reads IPFIX Messages."; 3963 leaf name { 3964 type nameType; 3965 description "Key of this list."; 3966 } 3967 uses fileReaderParameters; 3968 } 3969 } 3971 grouping commonCollectorParameters { 3972 description "Parameters of a Collecting Process which are 3973 common to all transport protocols."; 3974 leaf localPort { 3975 type inet:port-number; 3976 description "If not configured, the Monitoring Device uses the 3977 default port number for IPFIX, which is 4739 without 3978 transport layer security and 4740 if transport layer 3979 security is activated."; 3981 } 3982 container transportLayerSecurity { 3983 presence "If transportLayerSecurity is present, DTLS is enabled 3984 if the transport protocol is SCTP or UDP, and TLS is enabled 3985 if the transport protocol is TCP."; 3986 description "Transport layer security configuration."; 3987 uses transportLayerSecurityParameters; 3988 } 3989 list transportSession { 3990 config false; 3991 description "This list contains the currently established 3992 Transport Sessions terminating at the given socket."; 3993 uses transportSessionParameters; 3994 } 3995 } 3997 grouping sctpCollectorParameters { 3998 description "Parameters of a listening SCTP socket at a 3999 Collecting Process."; 4000 uses commonCollectorParameters; 4001 leaf-list localIPAddress { 4002 type inet:ip-address; 4003 description "List of local IP addresses on which the 4004 Collecting Process listens for IPFIX Messages. The IP 4005 addresses are used as eligible local IP addresses of the 4006 multi-homed SCTP endpoint."; 4007 reference "RFC 4960, Section 6.4."; 4008 } 4009 } 4011 grouping udpCollectorParameters { 4012 description "Parameters of a listening UDP socket at a 4013 Collecting Process."; 4014 uses commonCollectorParameters; 4015 leaf-list localIPAddress { 4016 type inet:ip-address; 4017 description "List of local IP addresses on which the Collecting 4018 Process listens for IPFIX Messages."; 4019 } 4020 leaf templateLifeTime { 4021 type uint32; 4022 units seconds; 4023 default 1800; 4024 description "Sets the lifetime of Templates for all UDP 4025 Transport Sessions terminating at this UDP socket. 4026 Templates which are not received again within the configured 4027 lifetime become invalid at the Collecting Process. 4028 As specified in RFC5101, the Template lifetime MUST be at 4029 least three times higher than the templateRefreshTimeout 4030 parameter value configured on the corresponding Exporting 4031 Processes. 4032 Note that this parameter corresponds to 4033 ipfixTransportSessionTemplateRefreshTimeout in the IPFIX 4034 MIB module."; 4035 reference "RFC5101, Section 10.3.7; RFC6615, Section 8 4036 (ipfixTransportSessionTemplateRefreshTimeout)."; 4037 } 4038 leaf optionsTemplateLifeTime { 4039 type uint32; 4040 units seconds; 4041 default 1800; 4042 description "Sets the lifetime of Options Templates for all 4043 UDP Transport Sessions terminating at this UDP socket. 4044 Options Templates which are not received again within the 4045 configured lifetime become invalid at the Collecting 4046 Process. 4047 As specified in RFC5101, the Options Template lifetime MUST 4048 be at least three times higher than the 4049 optionsTemplateRefreshTimeout parameter value configured on 4050 the corresponding Exporting Processes. 4051 Note that this parameter corresponds to 4052 ipfixTransportSessionOptionsTemplateRefreshTimeout in the 4053 IPFIX MIB module."; 4054 reference "RFC5101, Section 10.3.7; RFC6615, Section 8 4055 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; 4056 } 4057 leaf templateLifePacket { 4058 type uint32; 4059 units "IPFIX Messages"; 4060 description "If this parameter is configured, Templates 4061 defined in a UDP Transport Session become invalid if they 4062 are neither included in a sequence of more than this number 4063 of IPFIX Messages nor received again within the period of 4064 time specified by templateLifeTime. 4065 Note that this parameter corresponds to 4066 ipfixTransportSessionTemplateRefreshPacket in the IPFIX 4067 MIB module."; 4068 reference "RFC5101, Section 10.3.7; RFC6615, Section 8 4069 (ipfixTransportSessionTemplateRefreshPacket)."; 4070 } 4071 leaf optionsTemplateLifePacket { 4072 type uint32; 4073 units "IPFIX Messages"; 4074 description "If this parameter is configured, Options 4075 Templates defined in a UDP Transport Session become 4076 invalid if they are neither included in a sequence of more 4077 than this number of IPFIX Messages nor received again 4078 within the period of time specified by 4079 optionsTemplateLifeTime. 4080 Note that this parameter corresponds to 4081 ipfixTransportSessionOptionsTemplateRefreshPacket in the 4082 IPFIX MIB module."; 4083 reference "RFC5101, Section 10.3.7; RFC6615, Section 8 4084 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; 4085 } 4086 } 4088 grouping tcpCollectorParameters { 4089 description "Parameters of a listening TCP socket at a 4090 Collecting Process."; 4091 uses commonCollectorParameters; 4092 leaf-list localIPAddress { 4093 type inet:ip-address; 4094 description "List of local IP addresses on which the Collecting 4095 Process listens for IPFIX Messages."; 4096 } 4097 } 4099 grouping fileReaderParameters { 4100 description "File Reader parameters."; 4101 leaf file { 4102 type inet:uri; 4103 mandatory true; 4104 description "URI specifying the location of the file."; 4105 } 4106 leaf bytes { 4107 type yang:counter64; 4108 units octets; 4109 config false; 4110 description "The number of bytes read by the File Reader. 4111 Discontinuities in the value of this counter can occur at 4112 re-initialization of the management system, and at other 4113 times as indicated by the value of 4114 fileReaderDiscontinuityTime."; 4115 } 4116 leaf messages { 4117 type yang:counter64; 4118 units "IPFIX Messages"; 4119 config false; 4120 description "The number of IPFIX Messages read by the File 4121 Reader. 4122 Discontinuities in the value of this counter can occur at 4123 re-initialization of the management system, and at other 4124 times as indicated by the value of 4125 fileReaderDiscontinuityTime."; 4126 } 4127 leaf records { 4128 type yang:counter64; 4129 units "Data Records"; 4130 config false; 4131 description "The number of Data Records read by the File 4132 Reader. 4133 Discontinuities in the value of this counter can occur at 4134 re-initialization of the management system, and at other 4135 times as indicated by the value of 4136 fileReaderDiscontinuityTime."; 4137 } 4138 leaf templates { 4139 type yang:counter32; 4140 units "Templates"; 4141 config false; 4142 description "The number of Template Records (excluding 4143 Options Template Records) read by the File Reader. 4144 Discontinuities in the value of this counter can occur at 4145 re-initialization of the management system, and at other 4146 times as indicated by the value of 4147 fileReaderDiscontinuityTime."; 4148 } 4149 leaf optionsTemplates { 4150 type yang:counter32; 4151 units "Options Templates"; 4152 config false; 4153 description "The number of Options Template Records read by 4154 the File Reader. 4155 Discontinuities in the value of this counter can occur at 4156 re-initialization of the management system, and at other 4157 times as indicated by the value of 4158 fileReaderDiscontinuityTime."; 4159 } 4160 leaf fileReaderDiscontinuityTime { 4161 type yang:date-and-time; 4162 config false; 4163 description "Timestamp of the most recent occasion at which 4164 one or more File Reader counters suffered a discontinuity. 4165 In contrast to discontinuity times in the IPFIX MIB module, 4166 the time is absolute and not relative to sysUpTime."; 4167 } 4168 list template { 4169 config false; 4170 description "This list contains the Templates and Options 4171 Templates that have been read by the File Reader. 4172 Withdrawn or invalidated (Options) Template MUST be removed 4173 from this list."; 4174 uses templateParameters; 4175 } 4176 } 4178 grouping transportLayerSecurityParameters { 4179 description "Transport layer security parameters."; 4180 leaf-list localCertificationAuthorityDN { 4181 type string; 4182 description "Distinguished names of certification authorities 4183 whose certificates may be used to identify the local 4184 endpoint."; 4185 reference "RFC5280."; 4186 } 4187 leaf-list localSubjectDN { 4188 type string; 4189 description "Distinguished names which may be used in the 4190 certificates to identify the local endpoint."; 4191 reference "RFC5280."; 4192 } 4193 leaf-list localSubjectFQDN { 4194 type inet:domain-name; 4195 description "Fully qualified domain names which may be used to 4196 in the certificates to identify the local endpoint."; 4197 reference "RFC5280."; 4198 } 4199 leaf-list remoteCertificationAuthorityDN { 4200 type string; 4201 description "Distinguished names of certification authorities 4202 whose certificates are accepted to authorize remote 4203 endpoints."; 4204 reference "RFC5280."; 4205 } 4206 leaf-list remoteSubjectDN { 4207 type string; 4208 description "Distinguished names which are accepted in 4209 certificates to authorize remote endpoints."; 4210 reference "RFC5280."; 4211 } 4212 leaf-list remoteSubjectFQDN { 4213 type inet:domain-name; 4214 description "Fully qualified domain name which are accepted in 4215 certificates to authorize remote endpoints."; 4216 reference "RFC5280."; 4217 } 4218 } 4220 grouping templateParameters { 4221 description "State parameters of a Template used by an Exporting 4222 Process or received by a Collecting Process in a specific 4223 Transport Session. Parameter names and semantics correspond to 4224 the managed objects in IPFIX-MIB"; 4225 reference "RFC5101; RFC6615, Section 8 (ipfixTemplateEntry, 4226 ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; 4227 leaf observationDomainId { 4228 type uint32; 4229 description "The ID of the Observation Domain for which this 4230 Template is defined. 4231 Note that this parameter corresponds to 4232 ipfixTemplateObservationDomainId in the IPFIX MIB module."; 4233 reference "RFC6615, Section 8 4234 (ipfixTemplateObservationDomainId)."; 4235 } 4236 leaf templateId { 4237 type uint16 { 4238 range "256..65535" { 4239 description "Valid range of Template IDs."; 4240 reference "RFC5101"; 4241 } 4242 } 4243 description "This number indicates the Template Id in the IPFIX 4244 message. 4245 Note that this parameter corresponds to ipfixTemplateId in 4246 the IPFIX MIB module."; 4247 reference "RFC6615, Section 8 (ipfixTemplateId)."; 4248 } 4249 leaf setId { 4250 type uint16; 4251 description "This number indicates the Set ID of the Template. 4252 Currently, there are two values defined. The value 2 is used 4253 for Sets containing Template definitions. The value 3 is 4254 used for Sets containing Options Template definitions. 4255 Note that this parameter corresponds to ipfixTemplateSetId 4256 in the IPFIX MIB module."; 4257 reference "RFC6615, Section 8 (ipfixTemplateSetId)."; 4258 } 4259 leaf accessTime { 4260 type yang:date-and-time; 4261 description "Used for Exporting Processes, this parameter 4262 contains the time when this (Options) Template was last 4263 sent to the Collector(s) or written to the file. 4264 Used for Collecting Processes, this parameter contains the 4265 time when this (Options) Template was last received from the 4266 Exporter or read from the file. 4267 Note that this parameter corresponds to 4268 ipfixTemplateAccessTime in the IPFIX MIB module."; 4270 reference "RFC6615, Section 8 (ipfixTemplateAccessTime)."; 4271 } 4272 leaf templateDataRecords { 4273 type yang:counter64; 4274 description "The number of transmitted or received Data 4275 Records defined by this (Options) Template. 4276 Discontinuities in the value of this counter can occur at 4277 re-initialization of the management system, and at other 4278 times as indicated by the value of 4279 templateDiscontinuityTime. 4280 Note that this parameter corresponds to 4281 ipfixTemplateDataRecords in the IPFIX MIB module."; 4282 reference "RFC6615, Section 8 (ipfixTemplateDataRecords)."; 4283 } 4284 leaf templateDiscontinuityTime { 4285 type yang:date-and-time; 4286 description "Timestamp of the most recent occasion at which 4287 the counter templateDataRecords suffered a discontinuity. 4288 Note that this parameter functionally corresponds to 4289 ipfixTemplateDiscontinuityTime in the IPFIX MIB module. 4290 In contrast to ipfixTemplateDiscontinuityTime, the time 4291 is absolute and not relative to sysUpTime."; 4292 reference "RFC6615, Section 8 4293 (ipfixTemplateDiscontinuityTime)."; 4294 } 4295 list field { 4296 description "This list contains the (Options) Template 4297 fields of which the (Options) Template is defined. 4298 The order of the list corresponds to the order of the fields 4299 in the (Option) Template Record."; 4300 leaf ieId { 4301 type ieIdType; 4302 description "This parameter indicates the Information 4303 Element Id of the field. 4304 Note that this parameter corresponds to 4305 ipfixTemplateDefinitionIeId in the IPFIX MIB module."; 4306 reference "RFC6615, Section 8 (ipfixTemplateDefinitionIeId); 4307 RFC5102."; 4308 } 4309 leaf ieLength { 4310 type uint16; 4311 units octets; 4312 description "This parameter indicates the length of the 4313 Information Element of the field. 4314 Note that this parameter corresponds to 4315 ipfixTemplateDefinitionIeLength in the IPFIX MIB 4316 module."; 4317 reference "RFC6615, Section 8 4318 (ipfixTemplateDefinitionIeLength); RFC5102."; 4319 } 4320 leaf ieEnterpriseNumber { 4321 type uint32; 4322 description "This parameter indicates the IANA enterprise 4323 number of the authority defining the Information Element 4324 Id. 4325 If the Information Element is not enterprise-specific, 4326 this state parameter is zero. 4327 Note that this parameter corresponds to 4328 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX 4329 MIB module."; 4330 reference "RFC6615, Section 8 4331 (ipfixTemplateDefinitionIeEnterpriseNumber)."; 4332 } 4333 leaf isFlowKey { 4334 when "../../setId = 2" { 4335 description "This parameter is available for non-Options 4336 Templates (Set ID is 2)."; 4337 } 4338 type empty; 4339 description "If present, this is a Flow Key field. 4340 Note that this corresponds to flowKey(1) being set in 4341 ipfixTemplateDefinitionFlags."; 4342 reference "RFC6615, Section 8 4343 (ipfixTemplateDefinitionFlags)."; 4344 } 4345 leaf isScope { 4346 when "../../setId = 3" { 4347 description "This parameter is available for Options 4348 Templates (Set ID is 3)."; 4349 } 4350 type empty; 4351 description "If present, this is a scope field. 4352 Note that this corresponds to scope(0) being set in 4353 ipfixTemplateDefinitionFlags."; 4354 reference "RFC6615, Section 8 4355 (ipfixTemplateDefinitionFlags)."; 4356 } 4357 } 4358 } 4360 grouping transportSessionParameters { 4361 description "State parameters of a Transport Session originating 4362 from an Exporting or terminating at a Collecting Process. 4363 Parameter names and semantics correspond to the managed 4364 objects in IPFIX-MIB."; 4365 reference "RFC5101; RFC6615, Section 8 4366 (ipfixTransportSessionEntry, 4367 ipfixTransportSessionStatsEntry)."; 4368 leaf ipfixVersion { 4369 type uint16; 4370 description "Used for Exporting Processes, this parameter 4371 contains the version number of the IPFIX protocol that the 4372 Exporter uses to export its data in this Transport Session. 4373 Hence, it is identical to the value of the configuration 4374 parameter ipfixVersion of the outer SctpExporter, 4375 UdpExporter, or TcpExporter node. 4376 Used for Collecting Processes, this parameter contains the 4377 version number of the IPFIX protocol it receives for 4378 this Transport Session. If IPFIX Messages of different 4379 IPFIX protocol versions are received, this parameter 4380 contains the maximum version number. 4381 Note that this parameter corresponds to 4382 ipfixTransportSessionIpfixVersion in the IPFIX MIB 4383 module."; 4384 reference "RFC6615, Section 8 4385 (ipfixTransportSessionIpfixVersion)."; 4386 } 4387 leaf sourceAddress { 4388 type inet:ip-address; 4389 description "The source address of the Exporter of the 4390 IPFIX Transport Session. 4391 If the transport protocol is SCTP, this is one of the 4392 potentially many IP addresses of the Exporter. 4393 Preferably, the source IP address of the path which is 4394 usually selected by the Exporter to send IPFIX Messages to 4395 the Collector SHOULD be used. 4396 Note that this parameter functionally corresponds to 4397 ipfixTransportSessionSourceAddressType and 4398 ipfixTransportSessionSourceAddress in the IPFIX MIB 4399 module."; 4400 reference "RFC6615, Section 8 4401 (ipfixTransportSessionSourceAddressType, 4402 ipfixTransportSessionSourceAddress); 4403 RFC4960, Section 6.4."; 4404 } 4405 leaf destinationAddress { 4406 type inet:ip-address; 4407 description "The destination address of the Collector of 4408 the IPFIX Transport Session. 4409 If the transport protocol is SCTP, this is one of the 4410 potentially many IP addresses of the Collector. 4411 Preferably, the destination IP address of the path which is 4412 usually selected by the Exporter to send IPFIX Messages to 4413 the Collector SHOULD be used. 4415 Note that this parameter functionally corresponds to 4416 ipfixTransportSessionDestinationAddressType and 4417 ipfixTransportSessionDestinationAddress in the IPFIX MIB 4418 module."; 4419 reference "RFC6615, Section 8 4420 (ipfixTransportSessionDestinationAddressType, 4421 ipfixTransportSessionDestinationAddress); 4422 RFC4960, Section 6.4."; 4423 } 4424 leaf sourcePort { 4425 type inet:port-number; 4426 description "The transport protocol port number of the 4427 Exporter of the IPFIX Transport Session. 4428 Note that this parameter corresponds to 4429 ipfixTransportSessionSourcePort in the IPFIX MIB module."; 4430 reference "RFC6615, Section 8 4431 (ipfixTransportSessionSourcePort)."; 4432 } 4433 leaf destinationPort { 4434 type inet:port-number; 4435 description "The transport protocol port number of the 4436 Collector of the IPFIX Transport Session. 4437 Note that this parameter corresponds to 4438 ipfixTransportSessionDestinationPort in the IPFIX MIB 4439 module."; 4440 reference "RFC6615, Section 8 4441 (ipfixTransportSessionDestinationPort)."; 4442 } 4443 leaf sctpAssocId { 4444 type uint32; 4445 description "The association id used for the SCTP session 4446 between the Exporter and the Collector of the IPFIX 4447 Transport Session. It is equal to the sctpAssocId entry 4448 in the sctpAssocTable defined in the SCTP-MIB. 4449 This parameter is only available if the transport protocol 4450 is SCTP and if an SNMP agent on the same Monitoring Device 4451 enables access to the corresponding MIB objects in the 4452 sctpAssocTable. 4453 Note that this parameter corresponds to 4454 ipfixTransportSessionSctpAssocId in the IPFIX MIB 4455 module."; 4456 reference "RFC6615, Section 8 4457 (ipfixTransportSessionSctpAssocId); 4458 RFC3871"; 4459 } 4460 leaf status { 4461 type transportSessionStatus; 4462 description "Status of the Transport Session. 4464 Note that this parameter corresponds to 4465 ipfixTransportSessionStatus in the IPFIX MIB module."; 4466 reference "RFC6615, Section 8 (ipfixTransportSessionStatus)."; 4467 } 4468 leaf rate { 4469 type yang:gauge32; 4470 units "bytes per second"; 4471 description "The number of bytes per second transmitted by the 4472 Exporting Process or received by the Collecting Process. 4473 This parameter is updated every second. 4474 Note that this parameter corresponds to 4475 ipfixTransportSessionRate in the IPFIX MIB module."; 4476 reference "RFC6615, Section 8 (ipfixTransportSessionRate)."; 4477 } 4478 leaf bytes { 4479 type yang:counter64; 4480 units bytes; 4481 description "The number of bytes transmitted by the 4482 Exporting Process or received by the Collecting Process. 4483 Discontinuities in the value of this counter can occur at 4484 re-initialization of the management system, and at other 4485 times as indicated by the value of 4486 transportSessionDiscontinuityTime. 4487 Note that this parameter corresponds to 4488 ipfixTransportSessionBytes in the IPFIX MIB module."; 4489 reference "RFC6615, Section 8 (ipfixTransportSessionBytes)."; 4490 } 4491 leaf messages { 4492 type yang:counter64; 4493 units "IPFIX Messages"; 4494 description "The number of messages transmitted by the 4495 Exporting Process or received by the Collecting Process. 4496 Discontinuities in the value of this counter can occur at 4497 re-initialization of the management system, and at other 4498 times as indicated by the value of 4499 transportSessionDiscontinuityTime. 4500 Note that this parameter corresponds to 4501 ipfixTransportSessionMessages in the IPFIX MIB module."; 4502 reference "RFC6615, Section 8 4503 (ipfixTransportSessionMessages)."; 4504 } 4505 leaf discardedMessages { 4506 type yang:counter64; 4507 units "IPFIX Messages"; 4508 description "Used for Exporting Processes, this parameter 4509 indicates the number of messages that could not be sent due 4510 to internal buffer overflows, network congestion, routing 4511 issues, etc. Used for Collecting Process, this parameter 4512 indicates the number of received IPFIX Message that are 4513 malformed, cannot be decoded, are received in the wrong 4514 order or are missing according to the sequence number. 4515 Discontinuities in the value of this counter can occur at 4516 re-initialization of the management system, and at other 4517 times as indicated by the value of 4518 transportSessionDiscontinuityTime. 4519 Note that this parameter corresponds to 4520 ipfixTransportSessionDiscardedMessages in the IPFIX MIB 4521 module."; 4522 reference "RFC6615, Section 8 4523 (ipfixTransportSessionDiscardedMessages)."; 4524 } 4525 leaf records { 4526 type yang:counter64; 4527 units "Data Records"; 4528 description "The number of Data Records transmitted by the 4529 Exporting Process or received by the Collecting Process. 4530 Discontinuities in the value of this counter can occur at 4531 re-initialization of the management system, and at other 4532 times as indicated by the value of 4533 transportSessionDiscontinuityTime. 4534 Note that this parameter corresponds to 4535 ipfixTransportSessionRecords in the IPFIX MIB module."; 4536 reference "RFC6615, Section 8 4537 (ipfixTransportSessionRecords)."; 4538 } 4539 leaf templates { 4540 type yang:counter32; 4541 units "Templates"; 4542 description "The number of Templates transmitted by the 4543 Exporting Process or received by the Collecting Process. 4544 Discontinuities in the value of this counter can occur at 4545 re-initialization of the management system, and at other 4546 times as indicated by the value of 4547 transportSessionDiscontinuityTime. 4548 Note that this parameter corresponds to 4549 ipfixTransportSessionTemplates in the IPFIX MIB module."; 4550 reference "RFC6615, Section 8 4551 (ipfixTransportSessionTemplates)."; 4552 } 4553 leaf optionsTemplates { 4554 type yang:counter32; 4555 units "Options Templates"; 4556 description "The number of Option Templates transmitted by the 4557 Exporting Process or received by the Collecting Process. 4558 Discontinuities in the value of this counter can occur at 4559 re-initialization of the management system, and at other 4560 times as indicated by the value of 4561 transportSessionDiscontinuityTime. 4562 Note that this parameter corresponds to 4563 ipfixTransportSessionOptionsTemplates in the IPFIX MIB 4564 module."; 4565 reference "RFC6615, Section 8 4566 (ipfixTransportSessionOptionsTemplates)."; 4567 } 4568 leaf transportSessionStartTime { 4569 type yang:date-and-time; 4570 description "Timestamp of the start of the given Transport 4571 Session. 4572 This state parameter does not correspond to any object in 4573 the IPFIX MIB module."; 4574 } 4575 leaf transportSessionDiscontinuityTime { 4576 type yang:date-and-time; 4577 description "Timestamp of the most recent occasion at which 4578 one or more of the Transport Session counters suffered a 4579 discontinuity. 4580 Note that this parameter functionally corresponds to 4581 ipfixTransportSessionDiscontinuityTime in the IPFIX MIB 4582 module. In contrast to 4583 ipfixTransportSessionDiscontinuityTime, the time is 4584 absolute and not relative to sysUpTime."; 4585 reference "RFC6615, Section 8 4586 (ipfixTransportSessionDiscontinuityTime)."; 4587 } 4588 list template { 4589 description "This list contains the Templates and Options 4590 Templates that are transmitted by the Exporting Process 4591 or received by the Collecting Process. 4592 Withdrawn or invalidated (Options) Template MUST be removed 4593 from this list."; 4594 uses templateParameters; 4595 } 4596 } 4598 /***************************************************************** 4599 * Main container 4600 *****************************************************************/ 4602 container ipfix { 4603 description "Top-level node of the IPFIX/PSAMP configuration 4604 data model."; 4605 list collectingProcess { 4606 if-feature collector; 4607 key name; 4608 description "Collecting Process of the Monitoring Device."; 4609 leaf name { 4610 type nameType; 4611 description "Key of this list."; 4612 } 4613 uses collectingProcessParameters; 4614 leaf-list exportingProcess { 4615 if-feature exporter; 4616 type leafref { path "/ipfix/exportingProcess/name"; } 4617 description "Export of received records without any 4618 modifications. Records are processed by all Exporting 4619 Processes in the list."; 4620 } 4621 } 4623 list observationPoint { 4624 if-feature meter; 4625 key name; 4626 description "Observation Point of the Monitoring Device."; 4627 leaf name { 4628 type nameType; 4629 description "Key of this list."; 4630 } 4631 uses observationPointParameters; 4632 leaf-list selectionProcess { 4633 type leafref { path "/ipfix/selectionProcess/name"; } 4634 description "Selection Processes in this list process 4635 packets in parallel."; 4636 } 4637 } 4639 list selectionProcess { 4640 if-feature meter; 4641 key name; 4642 description "Selection Process of the Monitoring Device."; 4643 leaf name { 4644 type nameType; 4645 description "Key of this list."; 4646 } 4647 list selector { 4648 key name; 4649 min-elements 1; 4650 ordered-by user; 4651 description "List of Selectors that define the action of the 4652 Selection Process on a single packet. The Selectors are 4653 serially invoked in the same order as they appear in this 4654 list."; 4655 leaf name { 4656 type nameType; 4657 description "Key of this list."; 4658 } 4659 uses selectorParameters; 4660 } 4661 list selectionSequence { 4662 config false; 4663 description "This list contains the Selection Sequence IDs 4664 which are assigned by the Monitoring Device to distinguish 4665 different Selection Sequences passing through the 4666 Selection Process. 4667 As Selection Sequence IDs are unique per Observation 4668 Domain, the corresponding Observation Domain IDs are 4669 included as well. 4670 With this information, it is possible to associate 4671 Selection Sequence (Statistics) Report Interpretations 4672 exported according to the PSAMP protocol with a Selection 4673 Process in the configuration data."; 4674 reference "RFC5476."; 4675 leaf observationDomainId { 4676 type uint32; 4677 description "Observation Domain ID for which the 4678 Selection Sequence ID is assigned."; 4679 } 4680 leaf selectionSequenceId { 4681 type uint64; 4682 description "Selection Sequence ID used in the Selection 4683 Sequence (Statistics) Report Interpretation."; 4684 } 4685 } 4686 leaf cache { 4687 type leafref { path "/ipfix/cache/name"; } 4688 description "Cache which receives the output of the 4689 Selection Process."; 4690 } 4691 } 4693 list cache { 4694 if-feature meter; 4695 key name; 4696 description "Cache of the Monitoring Device."; 4697 leaf name { 4698 type nameType; 4699 description "Key of this list."; 4700 } 4701 leaf meteringProcessId { 4702 type uint32; 4703 config false; 4704 description "The identifier of the Metering Process this 4705 Cache belongs to. 4706 This parameter corresponds to the Information Element 4707 meteringProcessId. Its occurrence helps to associate 4708 Cache parameters with Metering Process statistics 4709 exported by the Monitoring Device using the Metering 4710 Process (Reliability) Statistics Template as 4711 defined by the IPFIX Protocol specification."; 4712 reference "RFC5101, Sections 4.1 and 4.2; 4713 RFC5102, Section 5.1.5."; 4714 } 4715 leaf dataRecords { 4716 type yang:counter64; 4717 units "Data Records"; 4718 config false; 4719 description "The number of Data Records generated by this 4720 Cache. 4721 Discontinuities in the value of this counter can occur at 4722 re-initialization of the management system, and at other 4723 times as indicated by the value of 4724 cacheDiscontinuityTime. 4725 Note that this parameter corresponds to 4726 ipfixMeteringProcessDataRecords in the IPFIX MIB 4727 module."; 4728 reference "RFC6615, Section 8 4729 (ipfixMeteringProcessDataRecords)."; 4730 } 4731 leaf cacheDiscontinuityTime { 4732 type yang:date-and-time; 4733 config false; 4734 description "Timestamp of the most recent occasion at which 4735 the counter dataRecords suffered a discontinuity. 4736 Note that this parameter functionally corresponds to 4737 ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB 4738 module. In contrast to 4739 ipfixMeteringProcessDiscontinuityTime, the time is 4740 absolute and not relative to sysUpTime."; 4741 reference "RFC6615, Section 8 4742 (ipfixMeteringProcessDiscontinuityTime)."; 4743 } 4744 choice CacheType { 4745 mandatory true; 4746 description "Type of Cache and specific parameters."; 4747 container immediateCache { 4748 if-feature immediateCache; 4749 description "Flow expiration after the first packet; 4750 generation of Packet Records."; 4751 uses cacheLayoutParameters; 4753 } 4754 container timeoutCache { 4755 if-feature timeoutCache; 4756 description "Flow expiration after active and idle 4757 timeout; generation of Flow Records."; 4758 uses flowCacheParameters; 4759 uses cacheLayoutParameters; 4760 } 4761 container naturalCache { 4762 if-feature naturalCache; 4763 description "Flow expiration after active and idle 4764 timeout, or on natural termination (e.g. TCP FIN, or 4765 TCP RST) of the Flow; generation of Flow Records."; 4766 uses flowCacheParameters; 4767 uses cacheLayoutParameters; 4768 } 4769 container permanentCache { 4770 if-feature permanentCache; 4771 description "No flow expiration, periodical export with 4772 time interval exportInterval; generation of Flow 4773 Records."; 4774 uses flowCacheParameters; 4775 uses cacheLayoutParameters; 4776 } 4777 } 4778 leaf-list exportingProcess { 4779 if-feature exporter; 4780 type leafref { path "/ipfix/exportingProcess/name"; } 4781 description "Records are exported by all Exporting Processes 4782 in the list."; 4783 } 4784 } 4786 list exportingProcess { 4787 if-feature exporter; 4788 key name; 4789 description "Exporting Process of the Monitoring Device."; 4790 leaf name { 4791 type nameType; 4792 description "Key of this list."; 4793 } 4794 uses exportingProcessParameters; 4795 } 4796 } 4797 } 4798 4800 7. Examples 4802 This section shows example configurations conforming to the YANG 4803 module specified in Section 6. 4805 7.1. PSAMP Device 4807 This configuration example configures two Observation Points 4808 capturing ingress traffic at eth0 and all traffic at eth1. Both 4809 Observed Packet Streams enter two different Selection Processes. The 4810 first Selection Process implements a Composite Selectors of a filter 4811 for UDP packets and a random sampler. The second Selection Process 4812 implements a Primitive Selector of an ICMP filter. The Selected 4813 Packet Streams of both Selection Processes enter the same Cache. The 4814 Cache generates a PSAMP Packet Report for every selected packet. 4816 The associated Exporting Process exports to a Collector using PR-SCTP 4817 and DTLS. The transport layer security parameters specify that the 4818 collector must supply a certificate for the fully qualified domain 4819 name collector.example.net. Valid certificates from any 4820 certification authority will be accepted. As the destination 4821 transport port is omitted, the standard IPFIX-over-DTLS port 4740 is 4822 used. 4824 The parameters of the Selection Processes are reported as Selection 4825 Sequence Report Interpretations and Selector Report Interpretations 4826 [RFC5476]. There will be two Selection Sequence Report 4827 Interpretations per Selection Process, one for each Observation 4828 Point. Selection Sequence Statistics Report Interpretations are 4829 exported every 30 seconds (30000 milliseconds). 4831 4833 4834 OP at eth0 (ingress) 4835 123 4836 eth0 4837 ingress 4838 Sampled UDP packets 4839 ICMP packets 4840 4842 4843 OP at eth1 4844 123 4845 eth1 4846 Sampled UDP packets 4847 ICMP packets 4849 4851 4852 Sampled UDP packets 4853 4854 UDP filter 4855 4856 4 4857 17 4858 4859 4860 4861 10-out-of-100 sampler 4862 4863 10 4864 100 4865 4866 4867 PSAMP cache 4868 4870 4871 ICMP packets 4872 4873 ICMP filter 4874 4875 4 4876 1 4877 4878 4879 PSAMP cache 4880 4882 4883 PSAMP cache 4884 4885 4886 4887 Field 1: ipHeaderPacketSection 4888 313 4889 64 4890 4891 4892 Field 2: observationTimeMilliseconds 4893 322 4894 4895 4896 4897 The only exporter 4898 4900 4901 The only exporter 4902 4903 PR-SCTP collector 4904 4905 192.0.2.1 4906 1000000 4907 500 4908 4909 coll-1.example.net 4910 4911 4912 4913 4914 Options 1 4915 selectionSequence 4916 0 4917 4918 4919 Options 2 4920 selectionStatistics 4921 30000 4922 4923 4925 4927 The above configuration results in one Template and six Options 4928 Templates. For the remainder of the example, we assume Template ID 4929 256 for the Template and Template IDs 257 to 262 for the Options 4930 Templates. The Template is used to export the Packet Reports and has 4931 the following fields: 4933 Template ID: 256 4934 ipHeaderPacketSection (ID = 313, length = 64) 4935 observationTimeMilliseconds (ID = 322, length = 8) 4937 Two Options Template are used for the Selection Sequence Report 4938 Interpretations. The first one has one selectorId field and is used 4939 for the Selection Process "ICMP packets". The second one has two 4940 selectorId fields to describe the two selectors of the Selection 4941 Process "Sampled UDP packets". 4943 Template ID: 257 4944 Scope: selectionSequenceId (ID = 301, length = 8) 4945 observationPointId (ID = 138, length = 4) 4946 selectorId (ID = 302, length = 4) 4948 Template ID: 258 4949 Scope: selectionSequenceId (ID = 301, length = 8) 4950 observationPointId (ID = 138, length = 4) 4951 selectorId (ID = 302, length = 4) 4952 selectorId (ID = 302, length = 4) 4954 Another Options Template is used to carry the Property Match 4955 Filtering Selector Report Interpretation for the Selectors "UDP 4956 filter" and "ICMP filter": 4958 Template ID: 259 4959 Scope: selectorId (ID = 302, length = 4) 4960 selectorAlgorithm (ID = 304, length = 2) 4961 protocolIdentifier (ID = 4, length = 1) 4963 Yet another Options Template is used to carry the Random n-out-of-N 4964 Sampling Selector Report Interpretation for the Selector "10-out-of- 4965 100 sampler": 4967 Template ID: 260 4968 Scope: selectorId (ID = 302, length = 4) 4969 selectorAlgorithm (ID = 304, length = 2) 4970 samplingSize (ID = 319, length = 4) 4971 samplingPopulation (ID = 310, length = 4) 4973 The last two Options Template are used to carry the Selection 4974 Sequence Statistics Report Interpretation for the Selection 4975 Processes, containing the statistics for one and two Selectors, 4976 respectively: 4978 Template ID: 261 4979 Scope: selectionSequenceId (ID = 301, length = 8) 4980 selectorIdTotalPktsObserved (ID = 318, length = 8) 4981 selectorIdTotalPktsSelected (ID = 319, length = 8) 4983 Template ID: 262 4984 Scope: selectionSequenceId (ID = 301, length = 8) 4985 selectorIdTotalPktsObserved (ID = 318, length = 8) 4986 selectorIdTotalPktsSelected (ID = 319, length = 8) 4987 selectorIdTotalPktsObserved (ID = 318, length = 8) 4988 selectorIdTotalPktsSelected (ID = 319, length = 8) 4990 After a short runtime, 100 packets have been observed at the two 4991 Observation Points, including 20 UDP and 5 ICMP packets. 3 of the UDP 4992 packets are selected by the random sampler, which results in a total 4993 of 8 Packet Reports generated by the Cache. Under these 4994 circumstances, the complete configuration and state data of the PSAMP 4995 Device may look as follows: 4997 4999 5000 OP at eth0 (ingress) 5001 1 5002 123 5003 eth0 5004 ingress 5005 Sampled UDP packets 5006 ICMP packets 5007 5009 5010 OP at eth1 5011 2 5012 123 5013 eth1 5014 both 5015 Sampled UDP packets 5016 ICMP packets 5017 5019 5020 Sampled UDP packets 5021 5022 UDP filter 5023 5024 4 5025 17 5026 5027 100 5028 80 5029 2010-03-15T00:00:00.00Z 5030 5031 5032 5033 10-out-of-100 sampler 5034 5035 10 5036 100 5037 5038 20 5039 17 5040 2010-03-15T00:00:00.00Z 5041 5042 5043 5044 123 5045 1 5046 5047 5048 123 5049 2 5050 5051 PSAMP cache 5052 5054 5055 ICMP packets 5056 5057 ICMP filter 5058 5059 4 5060 1 5061 5062 100 5063 95 5064 2010-03-15T00:00:00.00Z 5065 5066 5067 5068 123 5069 3 5070 5071 5072 123 5073 4 5074 5075 PSAMP cache 5076 5078 5079 PSAMP cache 5080 5081 5082 5083 Field 1: ipHeaderPacketSection 5084 313 5085 64 5086 5087 5088 Field 2: observationTimeMilliseconds 5089 322 5090 5091 5092 5093 8 5094 2010-03-15T00:00:00.00Z 5095 5096 The only exporter 5097 5099 5100 The only exporter 5101 parallel 5102 5103 PR-SCTP collector 5104 5105 10 5106 192.0.2.1 5107 4740 5108 32768 5109 1000000 5110 500 5111 5112 coll-1.example.net 5113 5114 5115 10 5116 192.0.2.100 5117 192.0.2.1 5118 45687 5119 4740 5120 1 5121 active 5122 230 5123 978 5124 3 5125 19 5126 1 5127 6 5128 2010-03-15T00:00:00.50Z 5129 5130 5149 5174 5204 5229 5259 5284 5319 5320 5321 5322 5323 Options 1 5324 selectionSequence 5325 0 5326 5327 5328 Options 2 5329 selectionStatistics 5330 30000 5331 5332 5334 5336 7.2. IPFIX Device 5338 This configuration example demonstrates the shared usage of a Cache 5339 for maintaining Flow Records from two Observation Points belonging to 5340 different Observation Domains. Packets are selected using different 5341 Sampling techniques: count-based Sampling for the first Observation 5342 Point (eth0) and selection of all packets for the second Observation 5343 Point (eth1). The Exporting Process sends the Flow Records to a 5344 primary destination using SCTP. A UDP Collector is specified as 5345 secondary destination. 5347 Exporting Process reliability statistics [RFC5101] are exported 5348 periodically every minute (60000 milliseconds). Selection Sequence 5349 Report Interpretations and Selector Report Interpretations [RFC5476] 5350 are exported once after configuring the Selection Processes. In 5351 total, two Selection Sequence Report Interpretations will be 5352 exported, one for each Selection Process. 5354 5356 5357 OP at eth0 (ingress) 5358 123 5359 eth0 5360 ingress 5361 Count-based packet selection 5362 5364 5365 OP at eth1 5366 456 5367 eth1 5368 All packet selection 5369 5371 5372 Count-based packet selection 5373 5374 Count-based sampler 5375 5376 1 5377 99 5378 5379 5380 Flow cache 5381 5383 5384 All packet selection 5385 5386 Select all 5387 5388 5389 Flow cache 5390 5392 5393 Flow cache 5394 5395 4096 5396 5000 5397 10000 5398 5399 5400 Field 1 5401 sourceIPv4Address 5402 5403 5404 5405 Field 2 5406 destinationIPv4Address 5407 5408 5409 5410 Field 3 5411 transportProtocol 5412 5413 5414 5415 Field 4 5416 sourceTransportPort 5417 5418 5419 5420 Field 5 5421 destinationTransportPort 5422 5424 5425 5426 Field 6 5427 flowStartMilliSeconds 5428 5429 5430 Field 7 5431 flowEndSeconds 5432 5433 5434 Field 8 5435 octetDeltaCount 5436 5437 5438 Field 9 5439 packetDeltaCount 5440 5441 5442 5443 SCTP export with UDP backup 5444 5446 5447 SCTP export with UDP backup 5448 fallback 5449 5450 SCTP destination (primary) 5451 5452 4739 5453 192.0.2.1 5454 5455 5456 5457 UDP destination (secondary) 5458 5459 4739 5460 192.0.2.2 5461 300 5462 300 5463 5464 5465 5466 5467 Options 1 5468 selectionSequence 5469 0 5470 5471 5472 Options 2 5473 exportingReliability 5474 60000 5475 5476 5478 5480 7.3. Export of Flow Records and Packet Reports 5482 This configuration example demonstrates the combined export of Flow 5483 Records and Packet Reports for a single Observation Point. One 5484 Selection Process applies random Sampling to the Observed Packet 5485 Stream. Its output is passed to a Cache generating Flow Records. In 5486 parallel, the Observed Packet Stream enters a second Selection 5487 Process which discards all non-ICMP packets and passes the selected 5488 packets to a second Cache for generating Packet Reports. The output 5489 of both Caches is exported to a single Collector using SCTP. 5491 5493 5494 OP at linecard 3 5495 9876 5496 4 5497 ingress 5498 Sampling 5499 ICMP 5500 5502 5503 Sampling 5504 5505 Random sampler 5506 5507 0.01 5508 5509 5510 Flow cache 5511 5513 5514 ICMP 5515 5516 ICMP filter 5517 5518 4 5519 1 5521 5522 5523 Packet reporting 5524 5526 5527 Flow cache 5528 5529 4096 5530 5 5531 10 5532 5533 5534 Field 1 5535 sourceIPv4Address 5536 5537 5538 5539 Field 2 5540 destinationIPv4Address 5541 5542 5543 5544 Field 6 5545 flowStartMilliSeconds 5546 5547 5548 Field 7 5549 flowEndSeconds 5550 5551 5552 Field 8 5553 octetDeltaCount 5554 5555 5556 Field 9 5557 packetDeltaCount 5558 5559 5560 5561 Export 5562 5564 5565 Packet reporting 5566 5567 5568 5569 Field 1 5570 313 5571 64 5572 5573 5574 Field 2 5575 154 5576 5577 5578 5579 Export 5580 5582 5583 Export 5584 5585 SCTP collector 5586 5587 192.0.2.1 5588 0 5589 5590 5591 5592 Options 1 5593 selectionSequence 5594 0 5595 5596 5598 5600 7.4. Collector and File Writer 5602 This configuration example configures a Collector which writes the 5603 received data to a file. 5605 5607 5608 SCTP collector 5609 5610 Listening port 4739 5611 4739 5612 192.0.2.1 5613 5614 File writer 5615 5617 5618 File writer 5619 5620 Write to /tmp folder 5621 5622 file://tmp/collected-records.ipfix 5623 5624 5625 5627 5629 7.5. Deviations 5631 Assume that a Monitoring Device has only two interfaces ifIndex=1 and 5632 ifIndex=2 which can be configured as Observation Points. The 5633 Observation Point ID is always identical to the ifIndex. 5635 The following YANG module specifies these deviations. 5637 module my-ipfix-psamp-deviation { 5638 namespace "urn:my-company:xml:ns:ietf-ipfix-psamp"; 5639 prefix my; 5641 import ietf-ipfix-psamp { prefix ipfix; } 5643 deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:entPhysicalIndex { 5644 deviate not-supported; 5645 } 5646 deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:entPhysicalName { 5647 deviate not-supported; 5648 } 5649 deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:ifName { 5650 deviate not-supported; 5651 } 5652 deviation /ipfix:ipfix/ipfix:observationPoint { 5653 deviate add { 5654 must "ipfix:ifIndex=1 or ipfix:ifIndex=2"; 5655 } 5656 } 5657 deviation 5658 /ipfix:ipfix/ipfix:observationPoint/ipfix:observationPointId { 5659 deviate add { 5660 must "current()=../ipfix:ifIndex"; 5661 } 5662 } 5663 } 5665 8. Security Considerations 5667 The YANG module defined in this memo is designed to be accessed via 5668 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 5669 secure transport layer and the mandatory to implement secure 5670 transport is SSH [RFC6242]. 5672 There are a number of data nodes defined in this YANG module which 5673 are writable/creatable/deletable (i.e. config true, which is the 5674 default). These data nodes may be considered sensitive or vulnerable 5675 in some network environments. Write operations (e.g. edit-config) to 5676 these data nodes without proper protection can have a negative effect 5677 on network operations. These are the subtrees and data nodes and 5678 their sensitivity/vulnerability: 5680 /ipfix/observationPoint 5681 The configuration parameters in this subtree specify where packets 5682 are observed and by which Selection Processes they will be 5683 processed. Write access to this subtree allows observing packets 5684 at arbitrary interfaces or linecards of the Monitoring Device and 5685 may thus lead to the export of sensitive traffic information. 5686 /ipfix/selectionProcess 5687 The configuration parameters in this subtree specify for which 5688 packets information will be reported in Packet Reports or Flow 5689 Records. Write access to this subtree allows changing the subset 5690 of packets for which information will be reported and may thus 5691 lead to the export of sensitive traffic information. 5692 /ipfix/cache 5693 The configuration parameters in this subtree specify the fields 5694 included in Packet Reports or Flow Records. Write access to this 5695 subtree allows adding fields which may contain sensitive traffic 5696 information, such as IP addresses or parts of the packet payload. 5697 /ipfix/exportingProcess 5698 The configuration parameters in this subtree specify to which 5699 Collectors Packet Reports or Flow Records are exported. Write 5700 access to this subtree allows exporting potentially sensitive 5701 traffic information to illegitimate Collectors. Furthermore, 5702 transport layer security parameters can be changed, which may 5703 affect the mutual authentication between Exporters and Collectors 5704 as well as the encrypted transport of the data. 5705 /ipfix/collectingProcess 5706 The configuration parameters in this subtree may specify that 5707 collected Packet Reports and Flow Records are reexported to 5708 another Collector or written to a file. Write access to this 5709 subtree potentially allows reexporting or storing the sensitive 5710 traffic information. 5712 Some of the readable data nodes in this YANG module may be considered 5713 sensitive or vulnerable in some network environments. It is thus 5714 important to control read access (e.g. via get, get-config or 5715 notification) to these data nodes. These are the subtrees and data 5716 nodes and their sensitivity/vulnerability: 5718 /ipfix/observationPoint 5719 Parameters in this subtree may be sensitive because they reveal 5720 information about the Monitoring Device itself and the network 5721 infrastructure. 5722 /ipfix/selectionProcess 5723 Parameters in this subtree may be sensitive because they reveal 5724 information about the Monitoring Device itself and the observed 5725 traffic. For example, the counters packetsObserved and 5726 packetsDropped inferring the number of observed packets. 5728 /ipfix/cache 5729 Parameters in this subtree may be sensitive because they reveal 5730 information about the Monitoring Device itself and the observed 5731 traffic. For example, the counters activeFlows and dataRecords 5732 allow inferring the number of measured Flows or packets. 5733 /ipfix/exportingProcess 5734 Parameters in this subtree may be sensitive because they reveal 5735 information about the network infrastructure and the outgoing 5736 IPFIX Transport Sessions. For example, it discloses the IP 5737 addresses of Collectors as well as the deployed transport layer 5738 security configuration, which may facilitate the interception of 5739 outgoing IPFIX Messages. 5740 /ipfix/collectingProcess 5741 Parameters in this subtree may be sensitive because they reveal 5742 information about the network infrastructure and the incoming 5743 IPFIX Transport Sessions. For example, it discloses the IP 5744 addresses of Exporters as well as the deployed transport layer 5745 security configuration, which may facilitate the interception of 5746 incoming IPFIX Messages. 5748 9. IANA Considerations 5750 This document registers a URI in the IETF XML registry [RFC3688]. 5751 Following the format in RFC 3688, the following registration is 5752 requested. 5754 URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp 5755 Registrant Contact: The IPFIX WG of the IETF. 5756 XML: N/A, the requested URI is an XML namespace. 5758 This document registers a YANG module in the YANG Module Names 5759 registry [RFC6020]. 5761 name: ietf-ipfix-psamp 5762 namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp 5763 prefix: ipfix 5764 reference: RFCxxxx 5766 Appendix A. Acknowledgements 5768 The authors thank Martin Bjorklund, Andy Bierman, and Ladislav Lhotka 5769 for helping specifying the configuration data model in YANG, as well 5770 as Atsushi Kobayashi, Andrew Johnson, Lothar Braun, and Brian 5771 Trammell for their valuable reviews of this document. 5773 10. References 5775 10.1. Normative References 5777 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 5778 Requirement Levels", BCP 14, RFC 2119, March 1997. 5780 [RFC5101] Claise, B., "Specification of the IP Flow Information 5781 Export (IPFIX) Protocol for the Exchange of IP Traffic 5782 Flow Information", RFC 5101, January 2008. 5784 [RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J. 5785 Meyer, "Information Model for IP Flow Information Export", 5786 RFC 5102, January 2008. 5788 [RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export 5789 Using IP Flow Information Export (IPFIX)", RFC 5103, 5790 January 2008. 5792 [RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F. 5793 Raspall, "Sampling and Filtering Techniques for IP Packet 5794 Selection", RFC 5475, March 2009. 5796 [RFC5476] Claise, B., Johnson, A., and J. Quittek, "Packet Sampling 5797 (PSAMP) Protocol Specifications", RFC 5476, March 2009. 5799 [RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F., and G. 5800 Carle, "Information Model for Packet Sampling Exports", 5801 RFC 5477, March 2009. 5803 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 5804 Network Configuration Protocol (NETCONF)", RFC 6020, 5805 October 2010. 5807 [RFC6021] Schoenwaelder, J., "Common YANG Data Types", RFC 6021, 5808 October 2010. 5810 [UML] "OMG Unified Modeling Language (OMG UML), Superstructure, 5811 V2.2", OMG formal/2009-02-02, February 2009. 5813 10.2. Informative References 5815 [RFC1141] Mallory, T. and A. Kullberg, "Incremental updating of the 5816 Internet checksum", RFC 1141, January 1990. 5818 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 5819 MIB", RFC 2863, June 2000. 5821 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 5822 Housley, R., and W. Polk, "Internet X.509 Public Key 5823 Infrastructure Certificate and Certificate Revocation List 5824 (CRL) Profile", RFC 5280, May 2008. 5826 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 5827 January 2004. 5829 [RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P. 5830 Conrad, "Stream Control Transmission Protocol (SCTP) 5831 Partial Reliability Extension", RFC 3758, May 2004. 5833 [RFC3871] Jones, G., "Operational Security Requirements for Large 5834 Internet Service Provider (ISP) IP Network 5835 Infrastructure", RFC 3871, September 2004. 5837 [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, 5838 "Requirements for IP Flow Information Export (IPFIX)", 5839 RFC 3917, October 2004. 5841 [RFC4133] Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)", 5842 RFC 4133, August 2005. 5844 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 5845 Security Version 1.2", RFC 6347, January 2012. 5847 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 5848 Bierman, "Network Configuration Protocol (NETCONF)", 5849 RFC 6241, June 2011. 5851 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 5852 Shell (SSH)", RFC 6242, June 2011. 5854 [RFC4960] Stewart, R., "Stream Control Transmission Protocol", 5855 RFC 4960, September 2007. 5857 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 5858 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 5860 [RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek, 5861 "Architecture for IP Flow Information Export", RFC 5470, 5862 March 2009. 5864 [RFC5472] Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IP 5865 Flow Information Export (IPFIX) Applicability", RFC 5472, 5866 March 2009. 5868 [RFC5473] Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy 5869 in IP Flow Information Export (IPFIX) and Packet Sampling 5870 (PSAMP) Reports", RFC 5473, March 2009. 5872 [RFC5474] Duffield, N., Chiou, D., Claise, B., Greenberg, A., 5873 Grossglauser, M., and J. Rexford, "A Framework for Packet 5874 Selection and Reporting", RFC 5474, March 2009. 5876 [RFC5610] Boschi, E., Trammell, B., Mark, L., and T. Zseby, 5877 "Exporting Type Information for IP Flow Information Export 5878 (IPFIX) Information Elements", RFC 5610, July 2009. 5880 [RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T., and A. 5881 Wagner, "Specification of the IP Flow Information Export 5882 (IPFIX) File Format", RFC 5655, October 2009. 5884 [RFC6110] Lhotka, L., "Mapping YANG to Document Schema Definition 5885 Languages and Validating NETCONF Content", RFC 6110, 5886 February 2011. 5888 [RFC6526] Claise, B., Aitken, P., Johnson, A., and G. Muenz, "IP 5889 Flow Information Export (IPFIX) Per Stream Control 5890 Transmission Protocol (SCTP) Stream", RFC 6526, 5891 March 2012. 5893 [RFC6615] Dietz, T., Kobayashi, A., Claise, B., and G. Muenz, 5894 "Definitions of Managed Objects for IP Flow Information 5895 Export", RFC 6615, June 2012. 5897 [I-D.ietf-ipfix-psamp-mib] 5898 Dietz, T., Claise, B., and J. Quittek, "Definitions of 5899 Managed Objects for Packet Sampling", 5900 draft-ietf-ipfix-psamp-mib-04 (work in progress), 5901 October 2011. 5903 [W3C.REC-xml-20081126] 5904 Sperberg-McQueen, C., Yergeau, F., Maler, E., Paoli, J., 5905 and T. Bray, "Extensible Markup Language (XML) 1.0 (Fifth 5906 Edition)", World Wide Web Consortium Recommendation REC- 5907 xml-20081126, November 2008, 5908 . 5910 [W3C.REC-xmlschema-0-20041028] 5911 Walmsley, P. and D. Fallside, "XML Schema Part 0: Primer 5912 Second Edition", World Wide Web Consortium 5913 Recommendation REC-xmlschema-0-20041028, October 2004, 5914 . 5916 [YANG-WEB] 5917 Bjoerklund, M., "YANG WebHome", 5918 Homepage http://www.yang-central.org, March 2011. 5920 [IANA-IPFIX] 5921 "IANA Registry of IPFIX Information Elements", 5922 Homepage http://www.iana.org/assignments/ipfix/ 5923 ipfix.xhtml. 5925 Authors' Addresses 5927 Gerhard Muenz 5928 Technische Universitaet Muenchen 5929 Department of Informatics 5930 Chair for Network Architectures and Services (I8) 5931 Boltzmannstr. 3 5932 Garching 85748 5933 Germany 5935 Email: muenz@net.in.tum.de 5936 URI: http://www.net.in.tum.de/~muenz 5938 Benoit Claise 5939 Cisco Systems, Inc. 5940 De Kleetlaan 6a b1 5941 Diegem 1831 5942 Belgium 5944 Phone: +32 2 704 5622 5945 Email: bclaise@cisco.com 5947 Paul Aitken 5948 Cisco Systems, Inc. 5949 96 Commercial Quay 5950 Commercial Street 5951 Edinburgh EH6 6LX 5952 United Kingdom 5954 Phone: +44 131 561 3616 5955 Email: paitken@cisco.com