Network Working Group J. Boyd
Internet-Draft ADTRAN
Obsoletes: 6728 (if approved) M. Seda
Intended status: Standards Track Calix
Expires: September 10, 2020 March 9, 2020

YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
draft-boydseda-ipfix-psamp-bulk-data-yang-model-03

Abstract

This document defines a flexible, modular YANG model for packet sampling (PSAMP) and bulk data collection and export via the IPFIX protocol. This new model replaces the model defined in RFC 6728, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols". All functionality modeled in RFC 6728 has been carried over to this new model.

The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.

This document obsoletes RFC 6728 (if approved).

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on September 10, 2020.

Copyright Notice

Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Bulk data collection is an automated collection of device data that is packaged together and delivered to an IPFIX collector. The IPFIX protocol may be used to transport bulk data such as:

IPFIX can also be used to meet the bulk transport requirements of other protocols. For example:

The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in [RFC8342].

1.1. Historical Perspective

Below is a historical timeline of IETF IPFIX and YANG RFCs:

[RFC6728] defines a single YANG module for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) protocols. The PSAMP collecting process and the IPFIX exporting process are tightly coupled in this module. Moreover, the exporting process requires a device to support SCTP. This coupling and transport requirement makes it difficult for a device, which does not support SCTP, to use the model for collecting and exporting non-PSAMP bulk data.

Rather than this approach, a new YANG model has been developed where functionality is separated into different modules such that the functions can be independently leveraged.

These are some of the other issues with the current model:

1.2. Relationship to RFC 6728

This RFC adheres to all principles defined in [RFC6728], however, in order to address the issues identified in the previous section, the YANG model has changed as follows:

Applications that use this RFC are expected to only need to import the applicable YANG modules. For example:

1.3. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The following terms are used in this RFC:

Bulk Data

Bulk data is the collection of configuration and/or state data from a device.
Cache

The Cache is a functional block in a Metering Process that generates IPFIX Flow Records or PSAMP Packet Reports from a Selected Packet Stream, in accordance with its configuration. If Flow Records are generated, the Cache performs tasks like creating new records, updating existing ones, computing Flow statistics, deriving further Flow properties, detecting Flow expiration, passing Flow Records to the Exporting Process, and deleting Flow Records. If Packet Reports are generated, the Cache performs tasks like extracting packet contents and derived packet properties from the Selected Packet Stream, creating new records, and passing them as Packet Reports to the Exporting Process.
Cache Layout

The Cache Layout defines the superset of fields that are included in the Packet Reports or Flow Records maintained by the Cache. The fields are specified by the corresponding Information Elements. In general, the largest possible subset of the specified fields is derived for every Packet Report or Flow Record. More specific rules about which fields must be included are given in Section 4.3.3.
Collector

A device that hosts one or more Collecting Processes is termed a Collector. [RFC7011]
Collecting Process

A Collecting Process received IPFIX messages from one or more Exporting Processes. The Collecting Process might process or store received Flow Records received within these Messages, but such actions are out of scope for this document. [RFC7011]
Composite Selector

A Composite Selector is an ordered composition of Selectors, in which the output Packet Stream issuing from one Selector forms the input Packet Stream to the succeeding Selector. [RFC5476]
Data Record

A Data Record is a record that contains values of the parameters corresponding to a Template Record. [RFC7011]
Exporter

A device that hosts one or more Exporting Process is termed an Exporter. [RFC7011]
Exporting Process

Depending on its deployment as part of an IPFIX Device or PSAMP Device, the Exporting Process sends IPFIX Flow Records or PSAMP Packet Reports to one or more Collecting Processes. The IPFIX Flow Records or PSAMP Packet Reports are generated by one or more Metering Processes.
Filtering

A filter is a Selector that selects a packet deterministically based on the Packet Content, or its treatment, or functions of these occurring in the Selection State. Two examples are:
Flow Key

Each of the fields that:

Flow Record

A Flow Record contains information about a specific Flow that was observed at an Observation Point. A Flow Record contains measured properties of the Flow (e.g., the total number of bytes for all the Flow's packets) and usually contains characteristic properties of the Flow (e.g., source IP address). [RFC7011]
Information Element

An Information Element is a protocol and encoding independent description of an attribute that may appear in an IPFIX record. Information Elements are defined in the [IANA-IPFIX] Registry]. The type associated with an Information Element indicates constraints on what it may contain and also determines the valid encoding mechanisms for use in IPFIX. [RFC7011]
IPFIX Device

An IPFIX Device hosts at least one Exporting Process. It may host further Exporting Processes as well as arbitrary number of Observation Points and Metering Processes. [RFC7011]
IPFIX File

An IPFIX File is a serialized stream of IPFIX Messages; this stream may be stored in a filesystem or transported using some technique customarily used for files. Any IPFIX Message stream that would be considered valid when transported over one or more of the specified IPFIX transports (Stream Control Transmission Protocol (SCTP), TCP, or UDP) as defined in [RFC7011] is considered an IPFIX File. [RFC5655] extends that definition with recommendations on the construction of IPFIX Files. [RFC5655]
IPFIX File Writer

An IPFIX File Writer is a process that writes IPFIX Files to a filesystem. An IPFIX File Writer operates as an IPFIX Exporting Process as specified in [RFC7011] except as modified by [RFC5655].
IPFIX Mediator

An IPFIX Mediator is an IPFIX Device that provides IPFIX Mediation by receiving a record stream from some data sources, hosting one or more Intermediate Processes to transform that stream, and exporting the transformed record stream into IPFIX Messages via an Exporting Process. In the common case, an IPFIX Mediator receives a record stream from a Collecting Process, but it could also receive a record stream from the data sources not encoded using IPFIX, e.g., in the case of conversion from the Netflow V9 protocol [RFC3954] to IPFIX protocol. [RFC7119]
IPFIX Message

An IPFIX Message is a message that originates at the Exporting Process and carries the IPFIX records of this Exporting Process and whose destination is a Collecting Process. An IPFIX Message is encapsulated at the transport layer. [RFC7011]
Metering Process

The Metering Process is split into two functional blocks:

Monitoring Device

A Monitoring Device implements at least one of the functional blocks specified in the context of IPFIX or PSAMP. In particular, the term Monitoring Device encompasses Exporters, Collectors, IPFIX Devices, and PSAMP Devices.
Observation Domain

An Observation Domain is the largest set of Observation Points for which Flow Information can be aggregated by a Metering Process. For example, a router line card may be an Observation Domain if it is composed of several interfaces, each of which is an Observation Point. If the IPFIX Message it generates, the Observation Domain includes it Observation Domain ID, which is unique per Exporting Process. That way, the Collecting Process can identify the specific Observation Domain from the Exporter that sends the IPFIX Messages. Every Observation Point is associated with an Observation Domain. It is RECOMMENDED that Observation Domain IDs also be unique per IPFIX Device. [RFC7011]
Observation Point

An Observation Point is a location in the network where packets can be observed. Examples include a line to which a probe is attached, a shared medium, such as an Ethernet based LAN, a single port of a router, or a set of interfaces (physical or logical) of a router. Note that every Observation Point is associated with an Observation Domain and that one Observation Point may be a superset of several other Observation Points. For example, on Observation Point can be an entire line card. That would be a subset of the individual Observation Points at the line card’s interfaces. [RFC7011]
Options Template Record

An Options Template Record is a Template Record that defines the structure and interpretation of fields in a Data Record, including defining how to scope the applicability of the Data Record. [RFC7011]
Options Template/Options Template Set

An Options Template Set is a collection of one or more Options Template Records that have been grouped together in an IPFIX Message. [RFC7011]
Packet Report

Packet Reports comprise a configurable subset of a packet’s input to the Selection Process include the packet content, information relating to its treatment (e.g., the output interface) and its associated selection state (e.g., the hash of a packet content). [RFC5476]
Primitive Selector

A Selector is primitive if it is not a Composite Selector. [RFC5476]
PSAMP Device

A PSAMP device is a device hosting at least an Observation Point, a Selection Process and an Exporting Process. Typically corresponding Observation Point(s), Selection Process(es) and Exporting Process(es) are co-located at this device, for example, at a router. [RFC5476]
Reverse Information Element

An Information Element defined as corresponding to a normal (or forward) Information Element, but associated with the reverse direction of a Biflow. [RFC5103]
Sampling

A Selector that is not a filter is called a Sampling operation. This reflects the intuitive notion that if the selection of a packet cannot be determine from its content alone, there must be some type of Sampling taking place. [RFC5476]
Selected Packet Stream

The Selected Packet Stream is the set of all packets selected by a Selection Process.
Selection Process

A Selection Process takes the Observed Packet Stream as its input and selects a subset of that stream as its output. [RFC5476]
Selection Sequence

From all the packets observed at an Observation Point, only a few packets are selected by one or more Selectors. The Selection Sequence is a unique value per Observation Domain describing the Observation Point and the Selector IDs through the packets are selected. [RFC5476]
Selection Sequence Report Interpretation

Each Packet Report contains a selectionSequenceId Information Element that identifies the particular combination of Observation Point and Selector(s) used for its selection. For every selectionSequenceId Information Element in use, the PSAMP Device MUST export a Selection Sequence Report Interpretation using an Options Template. [RFC5476]
Selection Sequence Statistics Report Interpretation

A Selector MAY be used in multiple Selection Sequences. However, each use of a Selector must be independent, so each separate logical instance of a Selector MUST maintain its own individual Selection State and statistics. The Selection Sequence Statistics Report Interpretation MUST include the number of observed packets (Population Size) and the number of packets selected (Sample Size) by each instance of its Primitive Selectors. [RFC5476]
Selection State

A Selection Process may maintain state information for use by the Selection Process. At a given time, the Selection State may depend on packets observed at and before that time, and other variables. Examples include:

Selector

A Selector defines the action of a Selection Process on a single packet of its input. If selected, the packet becomes an element of the output Packet Stream. The Selector can make use of the following information in determining whether a packet is selected:
Selector Report Interpretation

An IPFIX Data Record, defined by an Options Template Record, MUST be used to send the configuration details of every Selector in use. The Options Template Record MUST contain:
Template Record

A Template Record defines the structure and interpretation of fields in a Data Record. [RFC7011]
Template/Template Set

A Template Set is a collection of one or more Template Records that have been grouped together in an IPFIX Message. [RFC7011]
Traffic Flow or Flow

A Flow is defined as a set of packets or frames passing an Observation Point in the network during a certain time interval. All packets belonging to a particular Flow have a set of common properties. Each property is defined as the result of applying a function to the values of:

1.4. Tree Diagrams

Tree diagrams used in this document follow the notation defined in [RFC8340].

2. Objectives

This document defines a YANG data model for the configuration and state retrieval of basic IPFIX functionality as well as PSAMP and bulk data export applications over IPFIX. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA) [RFC8342] and [RFC8407] YANG guidelines.

3. Structure of the Configuration Data Model

The reference model described in this RFC describes the following models:

Figure 1 illustrates the PSAMP metered UML model for a PSAMP/IPFIX monitoring device. The metering process is contained in the ietf-ipfix-packet-sampling module. The metering process comprises a selection-process and cache that refers to an exporting-process. Further explanations about the relationship between selection-process and cache are given in Section 3.1.1. Section 4.4 describes the exporting-process configuration.

+--------------------------------------------------------------+
| +--------------------+                    Metering Process   |
| | Module: ietf-ipfix |                                       |
| |    -packet-sampling|                                       |
| |--------------------|<------------------------+             |
| |                    |<--------+             1 |             |
| +--------------------+         | +-------------+-----------+ |
|          ^                     | | list: selection-process | |
|          |                     | |-------------------------| |
|        1 |                     | |                         | |
| +--------+-------------+       | +-----------------+-------+ |
| | list: observation-pt |       |               ^   |         |
| |----------------------| selection-process-ref |   |         |
| |                      +-------|---------------+   |         |
| +----------------------+       |           0..*    |         |
|                              1 |                   |         |
|                        +-------+-------+           |         |
|                        |  list: cache  |           |         |
|                        |---------------| 0..1      |         |
|                        |               |<----------+         |
|                        +---------------+   cache-ref         |
+--------------------------------+-----------------------------+
 +--------------------+          |
 | Module: ietf-ipfix |          |
 |--------------------|          |
 |                    |          |
 +--------------------+          |
           ^                     | exporting-process-ref
           |                     |
         1 |                     |
 +---------+---------------+     |
 | list: exporting-process |     |
 |-------------------------|     |
 |                         |<----+
 +-------------------------+ 0..*
                     

Figure 1: PSAMP-IPFIX metered model

PSAMP/IPFIX monitoring device implementations usually maintain the separation of various functional blocks, although they do not necessarily implement all of them. The configuration data model enables the setting of commonly available configuration parameters for selection-processes and caches, and supports optional configuration for features like the [RFC2863] IF-MIB and [RFC6933] ENTITY-MIB.

3.1. PSAMP-IPFIX Metered Model

3.1.1. Metering Process Decomposition in Selection Process and Cache

In a monitoring device implementation, the functionality of the metering process is split into the selection process and cache. Figure 2 shows a metering process example. The selection-process takes an observed packet stream as its input and selects a subset of that stream as its output (selected packet stream). The action of the selection-process on a single packet of its input is defined by one selector (called a primitive selector) or an ordered composition of multiple selectors (called a composite selector). The cache generates flow records or packet reports from the selected packet stream, depending on its configuration.

           +------------------------------------+
           | Metering Process                   |
           | +------------+ Selected            |
  Observed | | selection- | Packet    +-------+ |  Stream of
  Packet  -->| process    |---------->| cache |--> Flow Records or
  Stream   | +------------+ Stream    +-------+ |  Packet Reports
           +------------------------------------+

Figure 2: Selection Process and Cache forming a Metering Process

A metering process must always have a selection-process. It is possible to select all packets in the observed packet stream, and pass them to the cache unfiltered by configuring the selector-method to "select-all".

A metering process can be configured to support multiple selection processes that receive packets from multiple observation points within the same observation domain. In this case, the observed packet streams of the observation points are processed in independent selection sequences. As specified in [RFC5476], a distinct set of selector instances needs to be maintained per selection sequence in order to keep the selection states and statistics separate.

With the configuration data model, it is possible to configure a metering process with multiple selection processes whose output is processed by a single cache. This is illustrated in Figure 3.

          +--------------------------------------+
          | Metering Process                     |
          | +------------+ Selected              |
 Observed | | selection- | Packet                |
 Packet  -->| process    |----------+  +-------+ |
 Stream   | +------------+ Stream   +->|       | |  Stream of
          |      ...                   | cache |--> Flow Records or
          | +------------+ Selected +->|       | |  Packet Reports
 Observed | | selection- | Packet   |  +-------+ |
 Packet  -->| process    |----------+            |
 Stream   | +------------+ Stream                |
          +--------------------------------------+

Figure 3: Metering Process with multiple Selection Processes

The observed packet streams at the input of a metering process may originate from observation points belonging to different observation domains. By definition of the observation domain (see [RFC7011]), a cache must not aggregate packets observed at different observation domains in the same flow. Hence, if the cache is configured to generate flow records, it needs to distinguish packets according to their observation domains.

3.1.2. Exporter Configuration

Figure 4 below shows the main classes of the configuration data model that are involved in the configuration of an IPFIX or PSAMP Exporter. The role of the classes can be briefly summarized as follows:

                     +-------------------+
                     | observation-point |
                     +---------+---------+
                          0..* |
                               |
                          0..* v
                     +-------------------+
                     | selection-process |
                     +---------+---------+
                          0..* |
                               |
                          0..1 v
                     +-------------------+
                     | cache             |
                     +---------+---------+
                          0..* |
                               |
                          0..* v
                     +-------------------+
                     | exporting-process |
                     +-------------------+

Figure 4: Class diagram of Exporter configuration

3.2. Collector/Exporter Model

  +--------------------+
  | Module: ietf-ipfix |
  |--------------------|<------------------+
  |                    |                 1 |
  +--------------------+     +-------------+------------+
            ^                | list: collecting-process |
            |                |--------------------------|
            |                +-------------+------------+
            |                              |
          1 |                              |
  +---------+---------------+              |
  | list: exporting-process |              |
  |-------------------------| 0..*         |
  |                         |<-------------+
  +-------------------------+  exporting-process-ref

Figure 5: Collector/Exporter Model

3.2.1. Collector/Exporter Decomposition

Figure 5 shows the main classes of the configuration data model that are involved in the configuration of a collector. An instance of the CollectingProcess class specifies the local IP addresses, transport protocols, and port numbers of a collecting-process.

A collecting-process MAY be configured as a File Reader according to [RFC5655].

A CollectingProcess class instance may refer to one or more exporting-process instances configuring exporting processes that re-export the received data. As an example, an exporting process can be configured as a file-writer in order to save the received IPFIX messages in a file.

3.3. Bulk Data Exporter Model

 +------------------------------------+
 | module:ietf-ipfix-bulk-data-export |
 |------------------------------------|
 +------------------------------------+
              ^
              |
            1 |
 +------------+------------+              +---------------+
 | list:bulk-data-template |              | list:resource |
 |-------------------------|------------->+---------------|
 +------------+------------+         0..* +---------------+
              | 
         0..* | exporting-process-ref
              v
 +-------------------------+
 | list:exporting-process  |
 |-------------------------|
 +-------------------------+

Figure 6: Bulk Data Exporter Model

3.3.1. Bulk Data Exporter Decomposition

Figure 6 shows the main classes of the configuration model that are involved in bulk data export. A device that has a resource instance capable of reporting bulk data through IPFIX does not need an IPFIX meter to be created. Instead a bulk-data template is created and applied to that resource instance.

The ExportingProcess class contains configuration and state parameters of an exporting-process. It includes various transport-protocol-specific parameters and the export destinations. The bulk-data-template may refer to multiple instances of the ExportingProcess class.

4. Configuration and State Parameters

This section specifies the configuration and state parameters of the configuration data model separately for each class.

4.1. Observation Point Class

Figure 7 shows the observation-point attributes of an IPFIX monitoring device. As defined in [RFC7011], an observation point can be any location where packets are observed. A IPFIX monitoring device potentially has more than one such location. An instance of observation-point defines which location is associated with a specific observation point. For this purpose, interfaces (ietf-interfaces module [RFC8343]) and hardware components (ietf-hardware module [RFC8348]) are identified using their names.

By its definition in [RFC7011], an observation point may be associated with a set of interfaces. Therefore, the configuration data model allows configuring multiple interfaces and hardware components for a single observation point. The observation-point-id (i.e., the value of the information element observationPointId [IANA-IPFIX]) is assigned by the monitoring device.

     +--rw observation-point* [name] 
        +--rw name                     ietf-ipfix:name-type
        +--rw observation-domain-id    uint32
        +--rw interface-ref*           if:interface-ref
        +--rw if-name*                 if-name-type {if-mib}?
        +--rw if-index*                uint32 {if-mib}?
        +--rw hardware-ref*            hardware-ref
        +--rw ent-physical-name*       string {entity-mib}?
        +--rw ent-physical-index*      uint32 {entity-mib}?
        +--rw direction?               direction
        +--ro observation-point-id?    uint32
        +--rw selection-process*
                -> /ietf-ipfix:ipfix/psamp/selection-process/name

Figure 7: Observation Point Attributes

The configuration parameters of the observation point are:

observation-domain-id

This parameter defines the identifier of the observation domain that the observation point belongs to. Observation points that are configured with the same observation domain ID belong to the same observation domain. Note that this parameter corresponds to ipfixObservationPointObservationDomainId in the IPFIX MIB module [RFC6615].
interface-ref

This parameter identifies the interface (via the interface reference [RFC8343]) on the monitoring device that is associated with the given observation point.
if-name

This parameter identifies the interface (via the ifName in the IF-MIB [RFC2863]) on the monitoring device that is associated with the given observation point. if-name should only be used if an SNMP agent enables access to the ifTable.
if-index

This parameter identifies the interface (via the ifIndex value in the IF-MIB [RFC2863]) on the monitoring device that is associated with the given observation point. if-index should only be used if an SNMP agent enables access to the ifTable.
hardware-ref

This parameter identifies a hardware component (via the hardware reference [RFC8348]) on the monitoring device that is associated with the given observation point.
ent-physical-name

This parameter identifies a physical entity (via the entPhysicalName in the ENTITY-MIB module [RFC6933]) on the monitoring device that is associated with the given observation point. ent-physical-name should only be used if an SNMP agent enables access to the entPhysicalTable.
ent-physical-index

This parameter identifies a physical entity (via the entPhysicalIndex in the ENTITY-MIB module [RFC6933]) on the monitoring device that is associated with the given observation point. ent-physical-name should only be used if an SNMP agent enables access to the entPhysicalTable.
direction

This parameter specifies if ingress traffic, egress traffic, or both ingress and egress traffic is captured, using the values "ingress", "egress", and "both", respectively. if not configured, ingress and egress traffic is captured (i.e., the default value is "both"). If not applicable (e.g., in the case of a sniffing interface in promiscuous mode), the value of this parameter is ignored.
selection-process-reference

An observation-point instance may refer to one or more selection-process instances that process the observed packets in parallel.

4.2. Selection Process Class

Figure 8 shows the selection-process attributes. The selection-process class contains the configuration and state parameters of a selection process that selects packets from one or more observed packet streams and generates a selected packet stream as its output. A non-empty ordered list defines a sequence of selectors. The actions defined by the selectors are applied to the stream of incoming packets in the specified order.

If the selection process receives packets from multiple observation points, the observed packet streams need to be processed independently in separate selection sequences. Each selection sequence is identified by a selection sequence id that is unique within the observation domain the observation point belongs to (see [RFC5477]). Selection sequence ids are assigned by the monitoring device.

As state parameters, the selection-process class contains a list of (observation-domain-id, selection-sequence-id) tuples specifying the assigned selection sequence ids and corresponding observation domain ids. With this information, it is possible to associate selection sequence (statistics) report interpretations exported according to the PSAMP protocol specification [RFC5476] with the corresponding selection-process instance.

A selection-process instance may include a reference to a cache class instance to generate packet reports or flow records from the selected packet stream.

     +--rw selection-process* [name]
        +--rw name                  ietf-ipfix:name-type
        +--rw selector* [name]
        |  +--rw name
        |  |       ietf-ipfix:name-type
        |  +--rw (method)
        |  |  +--:(select-all)
        |  |  |  +--rw select-all?              empty
        |  |  +--:(samp-count-based)
        |  |  |  ...
        |  |  +--:(samp-time-based)
        |  |  |  ...
        |  |  +--:(samp-rand-out-of-n)
        |  |  |  ...
        |  |  +--:(samp-uni-prob)
        |  |  |  ...
        |  |  +--:(filter-match)
        |  |  |  ...
        |  |  +--:(filter-hash)
        |  |  |  ...
        |  +--ro packets-observed?              yang:counter64
        |  +--ro packets-dropped?               yang:counter64
        |  +--ro selector-discontinuity-time?   yang:date-and-time
        +--rw cache?
        |       -> /ietf-ipfix:ipfix/psamp/cache/name
        +--ro selection-sequence* []
           +--ro observation-domain-id?   uint32
           +--ro selection-sequence-id?   uint64

Figure 8: Selection Process Attributes

4.2.1. Selection Process Class Method

Standardized PSAMP sampling and filtering methods are described in [RFC5475]; their configuration parameters are specified in the classes samp-count-based, samp-time-based, samp-rand-out-of-n, samp-uni-prob, filter-match, and filter-hash. In addition, the select-all class, which has no parameters, is used for a selector that selects all packets. The selector class includes exactly one of these sampler and filter classes, depending on the applied method.

     +--rw selection-process* [name]
        +--rw name                  ietf-ipfix:name-type
        +--rw selector* [name]
        |  +--rw name
        |  |       ietf-ipfix:name-type
        |  |  ...
        |  +--ro packets-observed?              yang:counter64
        |  +--ro packets-dropped?               yang:counter64
        |  +--ro selector-discontinuity-time?   yang:date-and-time

Figure 9: Selector Class Attributes

The selector class, shown in Figure 9 contains the selector statistics packets-observed and packets-dropped as well as selector-discontinuity-time, which correspond to the IPFIX MIB module objects ipfixSelectionProcessStatsPacketsObserved, ipfixSelectionProcessStatsPacketsDropped, and ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]:

packets-observed

The total number of packets observed at the input of the selector. If this is the first selector in the selection process, this counter corresponds to the total number of packets in all observed packet streams at the input of the selection process. Otherwise, the counter corresponds to the total number of packets at the output of the preceding selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selector-discontinuity-time.
packets-dropped

The total number of packets discarded by the selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selector-discontinuity-time.
selector-discontinuity-time

Timestamp of the most recent occasion at which one or more of the selector counters suffered a discontinuity. In contrast to ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute and not relative to sys-uptime.

Note that packets-observed and packets-dropped are aggregate statistics calculated over all selection sequences of the selection process. This is in contrast to the counter values in the selection sequence statistics report interpretation [RFC5476], which are related to a single selection sequence only.

4.2.1.1. Selection Process Class Method: Sampler Methods

        |  |  +--:(samp-count-based)
        |  |  |  +--rw samp-count-based {psamp-samp-count-based}?
        |  |  |     +--rw packet-interval    uint32
        |  |  |     +--rw packet-space       uint32
        |  |  +--:(samp-time-based)
        |  |  |  +--rw samp-time-based {psamp-samp-time-based}?
        |  |  |     +--rw time-interval    uint32
        |  |  |     +--rw time-space       uint32
        |  |  +--:(samp-rand-out-of-n)
        |  |  |  +--rw samp-rand-out-of-n
        |  |  |          {psamp-samp-rand-out-of-n}?
        |  |  |     +--rw size          uint32
        |  |  |     +--rw population    uint32
        |  |  +--:(samp-uni-prob)
        |  |  |  +--rw samp-uni-prob {psamp-samp-uni-prob}?
        |  |  |     +--rw probability    decimal64

Figure 10: Sampler Method Attributes

Figure 10 shows the following sampler methods:

samp-count-based (Systematic Count-based Sampling): The following attributes are configurable:

packet-interval

The number of packets that are consecutively sampled between gaps of length packet-space. This parameter corresponds with the Information Element samplingPacketInterval and psampSampCountBasedInterval attribute [RFC5477].
packet-space:

The number of unsampled packets between two sampling intervals. This parameter corresponds to the Information Element samplingPacketSpace and psampSampCountBasedSpace attribute [RFC6727].

Samp-Time-Based (Systematic Time-based Sampling): The following attributes are configurable:

time-interval

The time interval during which all arriving packets are sampled. The unit is microseconds. This parameter corresponds to corresponds to the Information Element samplingTimeInterval and to psampSampTimeBasedInterval attribute [RFC6727].
time-space

The gap between two Sampling intervals, in microseconds. This parameter corresponds to Information Element samplingTimeSpace and to psampSampTimeBasedSpace attribute [RFC6727].

Samp-Rand-Out-of-N: The following attributes are configurable:

size

The number of elements taken from the parent population. This parameter corresponds to Information Element samplingSize and psampSampRandOutOfNSize attribute [RFC6727].
population

The number of elements in the parent population. These parameters correspond to Information Element samplingPopulation and psampSampRandOutOfNPopulation attribute [RFC6727].

samp-uni-prob: The following attributes are configurable:

probability

The probability for uniform probabilistic sampling. The probability is expressed as a value between 0 and 1. This parameter corresponds to Information Element samplingProbability and psampSampUniProbProbability attribute [RFC6727].

4.2.2. Selection Process Filter Classes

        |  |  +--:(filter-match)
        |  |  |  +--rw filter-match {psamp-filter-match}?
        |  |  |     +--rw (information-element)
        |  |  |     |  +--:(ie-name)
        |  |  |     |  |  +--rw ie-name?
        |  |  |     |  |          ietf-ipfix:ie-name-type
        |  |  |     |  +--:(ie-id)
        |  |  |     |     +--rw ie-id?
        |  |  |     |             ietf-ipfix:ie-id-type
        |  |  |     +--rw ie-enterprise-number?   uint32
        |  |  |     +--rw value                   string
        |  |  +--:(filter-hash)
        |  |     +--rw filter-hash {psamp-filter-hash}?
        |  |        +--rw hash-function?       identityref
        |  |        +--rw initializer-value?   uint64
        |  |        +--rw ip-payload-offset?   uint64
        |  |        +--rw ip-payload-size?     uint64
        |  |        +--rw digest-output?       boolean
        |  |        +--rw selected-range* [name]
        |  |        |  +--rw name    ietf-ipfix:name-type
        |  |        |  +--rw min?    uint64
        |  |        |  +--rw max?    uint64
        |  |        +--ro output-range-min?    uint64
        |  |        +--ro output-range-max?    uint64

Figure 11: Filter Method Attributes

Figure 11 shows the following filter methods:

Property-Match Filtering: The following attributes are configurable:

Filtering based on ie-id, ie-name, ie-enterprise-number

The property to be matched is specified by either ie-id or ie-name, specifying the identifier or name of the Information Element, respectively. If ie-enterprise-number is zero (which is the default), this Information Element is registered in the IANA registry of IPFIX Information Elements [IANA-IPFIX]. A non-zero value of ie-enterprise-number specifies an enterprise specific Information Element [IANA-ENTERPRISE-NUMBERS].
value

The matching value.

For hash-based filtering, the configuration and state attributes are:

hash-function

The following values are defined:
initializer-value

This parameter corresponds to the Information Element hashInitialiserValue [RFC5477], as well as to the PSAMP MIB object psampFiltHashInitializerValue [RFC6727]. If not configured by the user, the Monitoring Device arbitrarily chooses an initializer value.
ip-payload-offset

Configures the offset of the payload section used as input to the hash function. Default value is 0 (minimum configurable values according to [RFC5476], Section 6.5.2.6.). This parameter corresponds to the Information Element hashIPPayloadOffset [RFC5477] as well as to the PSAMP MIB object psampFiltHashIpPayloadOffset [RFC6727].
ip-payload-size

Configures the size of the payload section used as input to the hash function. Default value is 8 (minimum configurable values according to [RFC5476], Section 6.5.2.6.). This parameter corresponds to the Information Element hashIPPayloadSize [RFC5477], as well as to the PSAMP MIB object psampFiltHashIpPayloadSize [RFC6727].
digest-output

Enables or disables the inclusion of the packet digest in the resulting PSAMP Packet Report. This requires that the Cache Layout of the Cache generating the Packet Reports includes a digest-hash-value field. This parameter corresponds to the Information Element hashDigestOutput [RFC5477].
output-range-min

Defines the beginning of the hash's function potential output range. This parameter correspond to the Information Element hashOutputRangeMin [RFC5477], as well as to the PSAMP MIB object psampFiltHashOutputRangeMin [RFC6727].
output-range-max

Defines the end of the hash function's potential output range. This parameter correspond to the Information Element hashOutputRangeMax [RFC5477], as well as to the PSAMP MIB object psampFiltHashOutputRangeMax [RFC6727].

One or more ranges of matching hash values are defined by the min and max parameters of the selected-range subclass. These parameters correspond to the Information Elements hashSelectedRangeMin and hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax [RFC6727].

4.3. Cache Class

Figure 12 shows the cache class that contains the configuration and state parameters of a cache. Most of these parameters are specific to the type of the cache and therefore contained in the subclasses immediate-cache, timeout-cache, natural-cache, and permanent-cache, which are presented below in Section 4.3.1 and Section 4.3.2.

     +--rw cache* [name]
        +--rw name                        ietf-ipfix:name-type
        +--rw enabled                     boolean
        +--ro metering-process-id?        uint32
        +--ro data-records?               yang:counter64
        +--ro cache-discontinuity-time?   yang:date-and-time
        +--rw (cache-type)
        |  +--:(immediate-cache)
        |  |   ...
        |  +--:(timeout-cache)
        |  |   ...
        |  +--:(natural-cache)
        |  |   ...
        |  +--:(permanent-cache)
        |  |   ...
        +--rw exporting-process*
                -> /ietf-ipfix:ipfix/exporting-process/name
                {ietf-ipfix:exporter}?

Figure 12: Cache Attributes

The following configuration and state parameters are common to all caches and therefore included in the cache class itself:

enabled

Enables the cache so that specified data may be exported. The default is "enabled".
metering-process-id

The identifier of the metering process that cache belongs to. This parameter corresponds to the information element meteringProcessId [IANA-IPFIX]. Its occurrence helps to associate metering process (reliability) statistics exported according to the IPFIX protocol specification [RFC7011] with the corresponding MeteringProcess class identifier.
data-records

The number of data records generated by this cache.
discontinuities

The value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of cache-discontinuity-time. Note that this parameter corresponds to ipfixMeteringProcessDataRecords in the IPFIX MIB module [RFC6615].
cache-discontinuity-time

The timestamp of the most recent occasion at which datarecords suffered a discontinuity. The time is absolute and not relative to sysUpTime. Note that this parameter functionally corresponds to ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module [RFC6615].

A cache object may refer to one or more exporting-process instances.

4.3.1. Immediate Cache Type Class

The immediate-cache type class depicted in Figure 13 is used to configure a cache that generates a PSAMP Packet Report for each packet at its input. The fields contained in the generated data records are defined in an object of the cache-layout, which is defined below in Section 4.3.3.

        +--rw (cache-type)
        |  +--:(immediate-cache)
        |  |  +--rw immediate-cache {immediate-cache}?
        |  |     +--rw cache-layout
        |  |        +--rw cache-field* [name]
        |  |           +--rw name
        |  |           |       ietf-ipfix:name-type
        |  |           +--rw (information-element)
        |  |           |  +--:(ie-name)
        |  |           |  |  +--rw ie-name?
        |  |           |  |          ietf-ipfix:ie-name-type
        |  |           |  +--:(ie-id)
        |  |           |     +--rw ie-id?
        |  |           |             ietf-ipfix:ie-id-type
        |  |           +--rw ie-length?              uint16
        |  |           +--rw ie-enterprise-number?   uint32
        |  |           +--rw is-flow-key?            empty

Figure 13: Immediate Cache Attributes

4.3.2. Timeout Cache, Natural Cache, and Permanent Cache Type Class

Figure 14 shows the timeout-cache, natural-cache, and permanent-cache type classes. These classes are used to configure a cache that aggregates the packets at its input and generates IPFIX flow records.

        +--rw (cache-type)
        |  +--:(timeout-cache)
        |  |  +--rw timeout-cache {timeout-cache}?
        |  |     +--rw max-flows?              uint32
        |  |     +--rw active-timeout?         uint32
        |  |     +--rw idle-timeout?           uint32
        |  |     +--rw export-interval?        uint32
        |  |     +--rw cache-layout
        |  |     |  ...
        |  |     +--ro active-flows?           yang:gauge32
        |  |     +--ro unused-cache-entries?   yang:gauge32
        |  +--:(natural-cache)
        |  |  +--rw natural-cache {natural-cache}?
        |  |     { same as timeout-cache }
        |  +--:(permanent-cache)
        |     +--rw permanent-cache {permanent-cache}?
        |        { same as timeout-cache }

Figure 14: Timeout, Natural and Permanent Cache Attributes

The three classes differ in when flows expire:

timeout-cache

Flows expire after active or idle timeout.
natural-cache

Flows expire after active or idle timeout, or on natural termination (e.g., TCP FIN or TCP RST) of the flow.
permanent-cache

Flows never expire, but are periodically exported with the interval set by export-interval.

The following configuration and state parameters are common to the three classes:

max-flows

This parameter configures the maximum number of entries in the cache, which is the maximum number of flows that can be measured simultaneously. If this parameter is configured, the monitoring device must ensure that sufficient resources are available to store the configured maximum number of flows. If the maximum number of cache entries is in use, no additional flows can be measured. However, traffic that pertains to existing flows can continue to be measured.
active-flows

This state parameter indicates the number of flows currently active in this cache (i.e., the number of cache entries currently in use). Note that this parameter corresponds to ipfixmeteringprocesscacheactiveflows in the IPFIX MIB module [RFC6615].
unused-cache-entries

The number of unused cache entries. Note that the sum of active-flows and unused-cache-entries equals max-flows if max-flows is configured. Note that this parameter corresponds to ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB module [RFC6615].

The following timeout parameters are only available in the timeout-cache and the natural-cache cache-types:

active-timeout

This parameter configures the time in seconds after which a flow is expired even though packets matching this flow are still received by the cache. The parameter value zero indicates infinity, meaning that there is no active timeout. If not configured by the user, the monitoring device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module [RFC6615].
idle-timeout

This parameter configures the time in seconds after which a flow is expired if no more packets matching this flow are received by the cache. The parameter value zero indicates infinity, meaning that there is no idle timeout. If not configured by the user, the monitoring device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheIdleTimeout in the IPFIX MIB module [RFC6615].

The following interval parameter is only available in the permanent-cache class:

export-interval

This parameter configures the interval (in seconds) for periodical export of flow records. If not configured by the user, the monitoring device sets this parameter.

Every generated flow record must be associated with a single observation domain. Hence, although a cache may be configured to process packets observed at multiple observation domains, the cache must not aggregate packets observed at different observation domains in the same flow.

An object of the cache class contains an object of the cache-layout class that defines which fields are included in the flow records.

4.3.3. Cache Layout Class

A cache generates and maintains packet reports or flow records containing information that has been extracted from the incoming stream of packets. Using the cache-field class, the cache-layout class specifies the superset of fields that are included in the packet reports or flow records (see Figure 15).

If packet reports are generated (i.e., if immediate-cache class is used to configure the cache), every field specified by the cache-layout must be included in the resulting packet report unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other field specified by the cache layout may only be included in the packet report if it is obvious from the field value itself or from the values of other fields in same packet report that the field value was not determined from the packet.

For example, if a field is configured to contain the TCP source port (information element tcpSourcePort [IANA-IPFIX]), the field must be included in all packet reports that are related to TCP packets. Although the field value cannot be determined for non-TCP packets, the field may be included in the packet reports if another field contains the transport protocol identifier (information element protocolIdentifier [IANA-IPFIX]).

If flow records are generated (i.e., if timeout-cache, natural-cache, or permanent-cache class is used to configure the cache), the cache layout differentiates between flow key fields and non-key fields. Every flow key field specified by the cache layout must be included as flow key in the resulting flow record unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other flow key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other flow key fields in the same flow record that the field value was not determined from the packet. Two packets are accounted by the same flow record if none of their flow key fields differ. If a flow key field can be determined for one packet but not for the other, the two packets are accounted in different flow records.

Every non-key field specified by the cache layout must be included in the resulting flow record unless the corresponding information element is not applicable or cannot be derived for the given flow. Any other non-key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other fields in same flow record that the field value was not determined from the packet. Packets which are accounted by the same flow record may differ in their non-key fields, or one or more of the non-key fields can be undetermined for all or some of the packets.

For example, if a non-key field specifies an information element whose value is determined by the first packet observed within a flow (which is the default rule according to [RFC7012] unless specified differently in the description of the information element), this field must be included in the resulting flow record if it can be determined from the first packet of the flow.

        |  |     +--rw cache-layout
        |  |     |  +--rw cache-field* [name]
        |  |     |     +--rw name
        |  |     |     |       ietf-ipfix:name-type
        |  |     |     +--rw (information-element)
        |  |     |     |  +--:(ie-name)
        |  |     |     |  |  +--rw ie-name?
        |  |     |     |  |          ietf-ipfix:ie-name-type
        |  |     |     |  +--:(ie-id)
        |  |     |     |     +--rw ie-id?
        |  |     |     |             ietf-ipfix:ie-id-type
        |  |     |     +--rw ie-length?              uint16
        |  |     |     +--rw ie-enterprise-number?   uint32
        |  |     |     +--rw is-flow-key?            empty

Figure 15: Cache Field Attributes

The cache-layout class does not have any parameters. The configuration parameters of the cache-field class (see Figure 15) are as follows:

ie-name

Specifies the information element name to be used. Either ie-id or ie-name must be specified.
ie-id

Specifies the information element identifier to be used. Either ie-id or ie-name must be specified.
ie-length

This parameter specifies the length of the field in octets. A value of 65535 means that the field is encoded as a variable-length information element. For information elements of integer and float type, the field length may be set to a smaller value than the standard length of the abstract data type if the rules of reduced size encoding are fulfilled (see [RFC7011], section 6.2). If not configured by the user, the field length is set by the monitoring device.
ie-enterprise-number

Specifies the enterprise ID of the ie-id or ie-name. If the ie-enterprise-number is zero (which is the default), this information element is registered in the IANA registry of IPFIX information elements [IANA-IPFIX]. A non-zero value of ie-enterprise-number specifies an enterprise-specific information element [IANA-ENTERPRISE-NUMBERS]. If the enterprise number is set to 29305, this field contains a reverse information element. In this case, the cache must generate data records in accordance to [RFC5103].
is-flow-key

If present, this field is a flow key. If the field contains a reverse information element, it must not be configured as flow key. This parameter is not available if the cache is configured using the immediate-cache class since there is no distinction between flow key fields and non-key fields in packet reports.

Note that the use of information elements can be restricted to certain cache types as well as to flow key or non-key fields. Such restrictions may result from information element definitions or from device-specific constraints. According to Section 5, the monitoring device must notify the user if a cache field cannot be configured with the given information element.

4.4. Exporting Process Class

The ExportingProcess class in Figure 16) specifies destinations to which the incoming packet reports and flow records are exported using objects of the destination class. The destination class includes a choice of type of exporter (sctp-exporter, udp-exporter, tcp-exporter, or file-writer) which contains further configuration parameters. Those exporter type classes are described in Section 4.4.1, Section 4.4.2, Section 4.4.3, and Section 4.4.4.

The ExportingProcess class contains the identifier of the exporting process (exporting-process-id). This parameter corresponds to the information element exportingProcessId [IANA-IPFIX]. Its occurrence helps to associate exporting process reliability statistics exported according to the IPFIX protocol specification [RFC7011] with the corresponding object of the ExportingProcess class.

The order in which destination instances appear has a specific meaning only if the export-mode parameter is set to "fallback".

     +--rw exporting-process* [name] {exporter}?
        +--rw name                    name-type
        +--rw enabled?                boolean
        +--rw export-mode?            identityref
        +--rw destination* [name]
        |  +--rw name                   name-type
        |  +--rw (destination-parameters)
        |     +--:(tcp-exporter)
        |         ...
        |     +--:(udp-exporter)
        |         ...
        |     +--:(sctp-exporter)
        |         ...
        |     +--:(file-writer)
        |         ...
        +--rw options* [name]
        |  +--rw name               name-type
        |  +--rw options-type       identityref
        |  +--rw options-timeout?   uint32
        +--ro exporting-process-id?   uint32

Figure 16: Exporting Process Class

The Exporting Process parameters are defined as follows:

enabled

Enables the exporting process to begin exporting data. The default is "enabled".
export-mode

Determines to which configured destination(s) the incoming data records are exported. The following parameter values are specified by the configuration data model:

If export-mode is set to "fallback", the first destination instance defines the primary destination, the second destination instance defines the secondary destination, and so on. If the exporting process fails to export data records to the primary destination, it tries to export them to the secondary one. If the secondary destination fails as well, it continues with the tertiary, etc. "parallel" is the default value if exportmode is not configured.

Note that the export-mode parameter is related to the ipfixExportMemberType object in [RFC6615]. If export-mode is "parallel", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to parallel(3). If export-mode is "load-balancing", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to loadBalancing(4). If exportmode is "fallback", the ipfixExportMemberType value that refers to the primary destination is set to primary(1); the ipfixExportMemberType values that refer to the remaining destinations need to be set to secondary(2). The IPFIX mib module does not define any value for tertiary destination, etc.

The reporting of information with options templates is defined with objects of the Options class.

The exporting process may modify the packet reports and flow records to enable a more efficient transmission or storage under the condition that no information is changed or suppressed. For example, the exporting process may shorten the length of a field according to the rules of reduced size encoding [RFC7011]. The exporting process may also export certain fields in a separate data record as described in [RFC5476].

4.4.1. SCTP Exporter Class

The SctpExporter class shown in Figure 17 contains the configuration parameters of an SCTP export destination.

     +--:(sctp-exporter)
        +--rw sctp-exporter {sctp-transport}?
           +--rw ipfix-version?               uint16
           +--rw destination-port?
           |       inet:port-number
           +--rw send-buffer-size?            uint32
           +--rw rate-limit?                  uint32
           +--rw transport-layer-security!
           |     ...
           +--rw source
           |  +--rw (source-method)?
           |     +--:(source-address)
           |     |  +--rw source-address?   inet:host
           |     +--:(interface-ref)
           |     |  +--rw interface-ref?    if:interface-ref
           |     +--:(if-index) {if-mib}?
           |     |  +--rw if-index?         uint32
           |     +--:(if-name) {if-mib}?
           |        +--rw if-name?          string
           +--rw destination
           |  +--rw (destination-method)
           |     +--:(destination-address)
           |        +--rw destination-address?   inet:host
           +--rw timed-reliability?           uint32
           +--ro transport-session
                 ...
      

Figure 17: SCTP Exporter Class

The configuration parameters are:

ipfix-version

Version number of the IPFIX protocol used. If omitted, the default value is 10 (=0x000a) as specified in [RFC7011].
source-address

List of source IP addresses used by the exporting process. If configured, the specified addresses are eligible local IP addresses of the multihomed SCTP endpoint. If not configured, all locally assigned IP addresses are eligible local IP addresses.
destination-address

One or more IP addresses of the collecting process to which IPFIX Messages are sent. The user must ensure that all configured IP addresses belong to the same collecting process. The exporting process tries to establish an SCTP association to any of the configured destination IP addresses.
destination-port

Destination port number to be used. If not configured, standard port 4739 (IPFIX without TLS and DTLS) or 4740 (IPFIX over TLS or DTLS) is used.
if-index

The index of the interface used by the exporting process to export IPFIX Messages to the given destination MAY be specified according to corresponding objects in the IF-MIB [RFC2863]. If omitted, the Exporting Process selects the outgoing interface based on local routing decision and accepts return traffic, such as transport-layer acknowledgments, on all available interfaces.
if-name

The name of the interface used by the exporting process to export IPFIX Messages to the given destination MAY be specified according to corresponding objects in the IF-MIB [RFC2863]. If omitted, the Exporting Process selects the outgoing interface based on local routing decision and accepts return traffic, such as transport-layer acknowledgments, on all available interfaces.
send-buffersize

Size of the socket send buffer in bytes. If not configured by the user, the buffer size is set by the monitoring device.
rate-limit

Maximum number of bytes per second the exporting process may export to the given destination as required by [RFC5476]. The number of bytes is calculated from the lengths of the IPFIX Messages exported. If this parameter is not configured, no rate limiting is performed for this destination.
timed-reliability

Lifetime in milliseconds until an IPFIX message containing data sets only is "abandoned" due to the timed reliability mechanism of the partial reliability extension of SCTP (pr-SCTP) [RFC3758]. if this parameter is set to zero, reliable SCTP transport must be used for all data records. Regardless of the value of this parameter, the exporting process may use reliable SCTP transport for data sets associated with certain options templates, such as the data record reliability options template specified in [RFC6526].

Using the TransportLayerSecurity class described in Section 4.6, Datagram Transport Layer Security (DTLS) is enabled and configured for this export destination.

The TransportSession class is discussed in Section 4.7.

4.4.2. UDP Exporter Class

The UdpExporter class shown in Figure 18 contains the configuration parameters of a UDP export destination. The parameters ipfix-version, destination-port, if-name, if-index, send-buffer-size, and rate-limit have the same meaning as in the SctpExporter class (see Section 4.4.1).

     +--:(udp-exporter)
        +--rw udp-exporter {udp-transport}?
           +--rw ipfix-version?                      uint16
           +--rw destination-port?
           |       inet:port-number
           +--rw send-buffer-size?                   uint32
           +--rw rate-limit?                         uint32
           +--rw transport-layer-security!
           |     ...
           +--rw source
           |  +--rw (source-method)?
           |     +--:(source-address)
           |     |  +--rw source-address?   inet:host
           |     +--:(interface-ref)
           |     |  +--rw interface-ref?    if:interface-ref
           |     +--:(if-index) {if-mib}?
           |     |  +--rw if-index?         uint32
           |     +--:(if-name) {if-mib}?
           |        +--rw if-name?          string
           +--rw destination
           |  +--rw (destination-method)
           |     +--:(destination-address)
           |        +--rw destination-address?   inet:host
           +--rw maximum-packet-size?                uint16
           +--rw template-refresh-timeout?           uint32
           +--rw options-template-refresh-timeout?   uint32
           +--rw template-refresh-packet?            uint32
           +--rw options-template-refresh-packet?    uint32
           +--ro transport-session
              ....

Figure 18: UDP Exporter Class

The remaining configuration parameters are:

source-address

This parameter specifies the source IP address used by the exporting process. If this parameter is omitted, the IP address assigned to the outgoing interface is used as the source IP address.
destination-address

Destination IP address to which IPFIX messages are sent (i.e., the IP address of the collecting process).
max-packet-size

This parameter specifies the maximum size of IP packets sent to the collector. If set to zero, the exporting device must derive the maximum packet size from path mtu discovery mechanisms. If not configured by the user, this parameter is set by the monitoring device.
template-refresh-timeout

This parameter specifies when templates are refreshed by the exporting process. This timeout is specified in seconds between re-sending of templates. If omitted, the default value of 600 seconds (10 minutes) is used [RFC7011]. This parameter corresponds to ipfixTransportSessionTemplateRefreshTimeout in the IPFIX MIB module [RFC6615].
options-template-refresh-timeout

This parameter specifies when options templates are refreshed by the exporting process. This timeout is specified in seconds between re-sending of options templates. If omitted, the default value of 600 seconds (10 minutes) is used [RFC7011]. This parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX MIB module [RFC6615].
template-refresh-packet

This parameter specifies the number of IPFIX messages after which templates are re-sent. If omitted, the templates are only resent after timeout. This parameter corresponds to ipfixTransportSessionTemplateRefreshTimeout in the IPFIX MIB module [RFC6615].
options-template-refresh-packet

This parameter specifies the number of IPFIX messages after which options templates are re-sent. If omitted, the options templates are only resent after timeout. This parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX MIB module [RFC6615].

Note that the values configured for template-refresh-timeout and options-template-refresh-timeout must be adapted to the template-lifetime and options-template-lifetime parameter settings at the receiving collecting process (see Section 4.5.2).

Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this export destination. The TransportSession class is specified in Section 4.7.

4.4.3. TCP Exporter Class

The TcpExporter class shown in Figure 19 contains the configuration parameters of a TCP export destination. The parameters have the same meaning as in the UdpExporter class (see Section 4.4.2).

Using the TransportLayerSecurity class described in Section 4.6, Transport Layer Security (TLS) is enabled and configured for this export destination.

The TransportSession class is specified in Section 4.7.

     +--:(tcp-exporter)
        +--rw tcp-exporter {tcp-transport}?
           +--rw ipfix-version?               uint16
           +--rw destination-port?
           |       inet:port-number
           +--rw send-buffer-size?            uint32
           +--rw rate-limit?                  uint32
           +--rw transport-layer-security!
           |     ...
           +--rw source
           |  +--rw (source-method)?
           |     +--:(source-address)
           |     |  +--rw source-address?   inet:host
           |     +--:(interface-ref)
           |     |  +--rw interface-ref?    if:interface-ref
           |     +--:(if-index) {if-mib}?
           |     |  +--rw if-index?         uint32
           |     +--:(if-name) {if-mib}?
           |        +--rw if-name?          string
           +--rw destination
           |  +--rw (destination-method)
           |     +--:(destination-address)
           |        +--rw destination-address?   inet:host
           +--ro transport-session

Figure 19: TCP Exporter Class

4.4.4. File Writer Class

If file-writer instance is included in an object of the destination class, IPFIX messages are written into a file as specified in [RFC5655].

     +--:(file-writer)
        +--rw file-writer {file-writer}?
           +--rw ipfix-version?       uint16
           +--rw file                 inet:uri
           +--ro file-writer-state
              +--ro bytes?
              |       yang:counter64
              +--ro messages?
              |       yang:counter64
              +--ro discarded-messages?
              |       yang:counter64
              +--ro records?
              |       yang:counter64
              +--ro templates?
              |       yang:counter32
              +--ro options-templates?
              |       yang:counter32
              +--ro file-writer-discontinuity-time?
              |       yang:date-and-time
              +--ro template* []
                 +--ro observation-domain-id?         uint32
                 +--ro template-id?                   uint16
                 +--ro set-id?                        uint16
                 +--ro access-time?
                 |       yang:date-and-time
                 +--ro template-data-records?
                 |       yang:counter64
                 +--ro template-discontinuity-time?
                 |       yang:date-and-time
                 +--ro field* []
                    +--ro ie-id?                  ie-id-type
                    +--ro ie-length?              uint16
                    +--ro ie-enterprise-number?   uint32
                    +--ro is-flow-key?            empty
                    +--ro is-scope?               empty

Figure 20: File Writer Class

The FileWriter class contains the following configuration parameters:

ipfix-version

Version number of the IPFIX protocol used. If omitted, the default value is 10 (=0x000a) as specified in [RFC7011].
file

File name and location specified as URI.

The state parameters of the FileWriter class are:

bytes, messages, records, templates, options-templates

The number of bytes, IPFIX messages, data records, template records, and options template records written by the file writer. Discontinuities in the values of these counters can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time.
discarded-messages

The number of IPFIX messages that could not be written by the file writer due to internal buffer overflows, limited storage capacity, etc. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time.
file-writer-discontinuity-time

Timestamp of the most recent occasion at which one or more file writer counters suffered a discontinuity. The time is absolute and not relative to sysUpTime.

Each FileWriter class instance includes statistics about the templates written to the file. The Template class is specified in Section 4.8.

4.4.5. Options Class

The Options class in Figure 21 defines the type of specific information to be reported, such as statistics, flow keys, sampling and filtering parameters, etc. [RFC7011] and [RFC5476] specify several types of reporting information that may be exported.

     +--rw options* [name]
        +--rw name               name-type
        +--rw options-type       identityref
        +--rw options-timeout?   uint32

Figure 21: Options Class

The following parameter values are specified by the configuration data model:

metering-statistics

Export of metering process statistics using the metering process statistics options template [RFC7011].
metering-reliability

Export of metering process reliability statistics using the metering process reliability statistics options template [RFC7011].
exporting-reliability

Export of exporting process reliability statistics using the exporting process reliability statistics options template [RFC7011].
flow-keys

Export of the flow key specification using the flow keys options template [RFC7011].
selection-sequence

Export of selection sequence report interpretation and selector report interpretation [RFC5476].
selection-statistics

Export of selection sequence statistics report interpretation [RFC5476].
accuracy

Export of accuracy report interpretation [RFC5476].
reducing-redundancy

Enables the utilization of options templates to reduce redundancy in the exported data records according to [RFC5473]. The exporting process decides when to apply these options templates.
extended-type-information

Export of extended type information for enterprise-specific information elements used in the exported templates [RFC5610].

The exporting process must choose a template definition according to the options type and available options data. The options-timeout parameter specifies the reporting interval (in milliseconds) for periodic export of the option data. A parameter value of zero means that the export of the option data is not triggered periodically, but whenever the available option data has changed. this is the typical setting for options types flow-keys, selection-sequence, accuracy, and reducing-redundancy. If options-timeout is not configured by the user, it is set by the monitoring device.

4.5. Collecting Process Class

Figure 22 shows the CollectingProcess class that contains the configuration and state parameters of a collecting process. The sctp-collector, udp-collector, and TcpCollector classes specify how IPFIX messages are received from remote exporters. The collecting process can also be configured as a file reader using the FileReader class. These classes are described in Section 4.5.1, Section 4.5.2, Section 4.5.3, and Section 4.5.4.

A collecting-process instance may refer to one or more exporting-process instances configuring exporting processes that export the received data without modifications to a file or to another remote collector.

     +--rw collecting-process* [name] {collector}?
        +--rw name                 name-type
        +--rw tcp-collector* [name] {tcp-transport}?
           ...
        +--rw udp-collector* [name] {udp-transport}?
           ...
        +--rw sctp-collector* [name] {sctp-transport}?
           ...
        +--rw file-reader* [name] {file-reader}?
           ...
        +--rw exporting-process*   -> /ipfix/exporting-process/name
                {exporter}?

Figure 22: Collecting Process Class

4.5.1. SCTP Collector Class

The SctpCollector class contains the configuration parameters of a listening SCTP socket at a collecting process.

     +--rw sctp-collector* [name] {sctp-transport}?
        +--rw name                        name-type
        +--rw local-port?                 inet:port-number
        |     +--rw transport-layer-security!
        |     |     ...
        +--rw (local-address-method)?
        |  +--:(local-address)
        |     +--rw local-address*        inet:host
        +--ro transport-session* [name]
            ...

Figure 23: SCTP Collector Class

The parameters are:

local-ip-address

List of local IP addresses on which the collecting process listens for IPFIX messages. The IP addresses are used as eligible local IP addresses of the multihomed SCTP endpoint [RFC4960]. IF omitted, the collecting process listens on all local IP addresses.
local-port

Local port number on which the collecting process listens for IPFIX messages. If omitted, standard port 4739 (IPFIX without TLS and DTLS) or 4740 (IPFIX over TLS or DTLS) is used.

Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.

The TransportSession class is specified in Section 4.7.

4.5.2. UDP Collector Class

The UdpCollector class shown in Figure 24 contains the configuration parameters of a listening UDP socket at a collecting process. The parameter local-port has the same meaning as in the SctpCollector class (see Section 4.5.1).

     +--rw udp-collector* [name] {udp-transport}?
        +--rw name                            name-type
        +--rw local-port?                     inet:port-number
        +--rw transport-layer-security!
        |     ...
        +--rw (local-address-method)?
        |  +--:(local-address)
        |     +--rw local-address*            inet:host
        +--rw template-life-time?             uint32
        +--rw options-template-life-time?     uint32
        +--rw template-life-packet?           uint32
        +--rw options-template-life-packet?   uint32
        +--ro transport-session* [name]
           ...

Figure 24: UDP Collector Class

The remaining parameters are:

local-ip-address

List of local IP addresses on which the collecting process listens for IPFIX messages. If omitted, the collecting process listens on all local IP addresses.
template-life-time, options-template-life-time

(options) template lifetime in seconds for all UDP transport sessions terminating at this UDP socket. (options) templates that are not received again within the configured lifetime become invalid at the collecting process. As specified in [RFC7011], section 10.3.7, the lifetime of templates and options templates must be at least three times higher than the template-refresh-timeout and option-templates-refresh-timeout parameter values configured on the corresponding exporting processes. If not configured, the default value 1800 is used, which is three times the default (options) template refresh timeout (see Section 4.4.2) as specified in [RFC7011]. Note that these parameters correspond to ipfixTransportSessionTemplateRefreshTimeout and ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX MIB module [RFC6615].
template-life-packet, options-template-life-packet

If template-life-packet is configured, templates defined in a UDP transport session become invalid if they are neither included in a sequence of more than this number of IPFIX messages nor received again within the period of time specified by template-lifetime. Similarly, if options-template-life-packet is configured, options templates become invalid if they are neither included in a sequence of more than this number of IPFIX messages nor received again within the period of time specified by options-template-lifetime. If not configured, templates and options templates only become invalid according to the lifetimes specified by template-lifetime and options-template-lifetime, respectively. Note that these parameters correspond to ipfixTransportSessionTemplateRefreshPacket and ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB module [RFC6615].

Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.

The TransportSession class is specified in Section 4.7.

4.5.3. TCP Collector Class

The TcpCollector class contains the configuration parameters of a listening TCP socket at a collecting process. The parameters have the same meaning as in the UdpCollector class (Section 4.5.2).

Using the TransportLayerSecurity class described in Section 4.6, TLS is enabled and configured for this receiving socket.

The TransportSession class is specified in Section 4.7.

     +--rw tcp-collector* [name] {tcp-transport}?
        +--rw name                        name-type
        +--rw local-port?                 inet:port-number
        +--rw transport-layer-security!
        |     ...
        +--rw (local-address-method)?
        |  +--:(local-address)
        |     +--rw local-address*        inet:host
        +--ro transport-session* [name]
          ...

Figure 25: TCP Collector Class

4.5.4. File Reader Class

Figure 26 shows the FileReader class via which the collecting process may import IPFIX messages from a file as specified in [RFC5655].

     +--rw file-reader* [name] {file-reader}?
        +--rw name                 name-type
        +--rw file                 inet:uri
        +--ro file-reader-state
           +--ro bytes?                            yang:counter64
           +--ro messages?                         yang:counter64
           +--ro records?                          yang:counter64
           +--ro templates?                        yang:counter32
           +--ro options-templates?                yang:counter32
           +--ro file-reader-discontinuity-time?
           |       yang:date-and-time
           +--ro template* []
              ...

Figure 26: File Reader Class

The FileReader class defines the following configuration parameter:

file

File name and location specified as URI.

The state parameters of the FileReader class are:

bytes, messages, records, templates, options-templates

The number of bytes, IPFIX messages, data records, template records, and options template records read by the file reader. Discontinuities in the values of these counters can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time.
file-reader-discontinuity-time

Timestamp of the most recent occasion at which one or more file reader counters suffered a discontinuity. The time is absolute and not relative to sysUpTime.

The FileReader class includes information about the Template class and statistics. The Template class is specified in Section 4.8.

4.6. Transport Layer Security Class

Figure 27 shows the TransportLayerSecurity class which is used in the exporting process's sctp-exporter, udp-exporter, and TcpExporter classes, and the collecting process's SctpCollector, UdpCollector, and TcpCollector classes to enable and configure TLS/DTLS for IPFIX. If TLS/DTLS is enabled, the endpoint must use DTLS [RFC6347] if the transport protocol is SCTP or UDP and TLS [RFC8446] if the transport protocol is TCP.

[RFC7011] mandates strong mutual authentication of exporting processes and collecting process as follows. IPFIX exporting processes and IPFIX collecting processes are identified by the fully qualified domain name (FQDN) of the interface on which IPFIX messages are sent or received, for purposes of X.509 client and server certificates as in [RFC5280]. To prevent man-in-the-middle attacks from impostor exporting or collecting processes, the acceptance of data from an unauthorized exporting process, or the export of data to an unauthorized collecting process, strong mutual authentication via asymmetric keys must be used for both TLS and DTLS. Each of the IPFIX exporting and collecting processes must verify the identity of its peer against its authorized certificates, and must verify that the peer's certificate matches its fully qualified domain name, or, in the case of SCTP, the fully qualified domain name of one of its endpoints.

The fully qualified domain name used to identify an IPFIX collecting process or exporting process may be stored either in a subjectaltname extension of type dnsname, or in the most specific common name field of the subject field of the x.509 certificate. If both are present, the subjectaltname extension is given preference.

In order to use TLS/DTLS, appropriate certificates and keys have to be previously installed on the monitoring devices. For security reasons, the configuration data model does not offer the possibility to upload any certificates or keys on a monitoring device. If TLS/DTLS is enabled on a monitoring device that does not dispose of appropriate certificates and keys, the configuration must be rejected with an error.

The configuration data model allows restricting the authorization of remote endpoints to certificates issued by specific certification authorities or identifying specific fqdns for authorization. Furthermore, the configuration data model allows restricting the utilization of certificates identifying the local endpoint. This is useful if the monitoring device disposes of more than one certificate for the given local endpoint.

     +--rw transport-layer-security!
        +--rw local-certification-authority-dn*    string
        +--rw local-subject-dn*                    string
        +--rw local-subject-fqdn*                  inet:domain-name
        +--rw remote-certification-authority-dn*   string
        +--rw remote-subject-dn*                   string
        +--rw remote-subject-fqdn*                 inet:domain-name

Figure 27: Transport Layer Security Class

The configuration parameters are defined as follows:

local-certification-authority-dn

This parameter may appear one or more times to restrict the identification of the local endpoint during the tls/dtls handshake to certificates issued by the configured certification authorities. each occurrence of this parameter contains the distinguished name of one certification authority. To identify the local endpoint, the exporting process or collecting process must use a certificate issued by one of the configured certification authorities. Certificates issued by any other certification authority must not be sent to the remote peer during TLS/DTLS handshake. If none of the certificates installed on the monitoring device fulfills the specified restrictions, the configuration must be rejected with an error. If local-certification-authority-dn is not configured, the choice of certificates identifying the local endpoint is not restricted with respect to the issuing certification authority.
local-subject-dn, local-subject-fqdn

Each of these parameters may appear one or more times to restrict the identification of the local endpoint during the TLS/DTLS handshake to certificates issued for specific subjects or for specific FQDNs. Each occurrence of local-subject-dn contains a distinguished name identifying the local endpoint. Each occurrence of local-subject-fqdn contains a FQDN which is assigned to the local endpoint. To identify the local endpoint, the exporting process or collecting process must use a certificate that contains either one of the configured distinguished names in the subject field or at least one of the configured FQDNs in a dnsname component of the subject alternative extension field or in the most specific commonname component of the subject field. If none of the certificates installed on the monitoring device fulfills the specified restrictions, the configuration must be rejected with an error. If any of the parameters local-subject-dn and local-subject-fqdn is configured at the same time as the local-certification-authority-dn parameter, certificates must also fulfill the specified restrictions regarding the certification authority. If local-subject-dn and local-subject-fqdn are not configured, the choice of certificates identifying the local endpoint is not restricted with respect to the subject's distinguished name or FQDN.
remote-certification-authority-dn

This parameter may appear one or more times to restrict the authentication of remote endpoints during the TLS/DTLS handshake to certificates issued by the configured certification authorities. Each occurrence of this parameter contains the distinguished name of one certification authority. To authenticate the remote endpoint, the remote exporting process or collecting process must provide a certificate issued by one of the configured certification authorities. Certificates issued by any other certification authority must be rejected during TLS/DTLS handshake. If the monitoring device is not able to validate certificates issued by the configured certification authorities (e.g., because of missing public keys), the configuration must be rejected with an error. If remote-certification-authority-dn is not configured, the authorization of remote endpoints is not restricted with respect to the issuing certification authority of the delivered certificate.
remote-subject-dn, remote-subject-fqdn

Each of these parameters may appear one or more times to restrict the authentication of remote endpoints during the TLS/DTLS handshake to certificates issued for specific subjects or for specific FQDNs. Each occurrence of remote-subject-dn contains a distinguished name identifying a remote endpoint. Each occurrence of remote-subject-fqdn contains a FQDN that is assigned to a remote endpoint. To authenticate a remote endpoint, the remote exporting process or collecting process must provide a certificate that contains either one of the configured distinguished names in the subject field or at least one of the configured FQDNs in a dnsname component of the subject alternative extension field or in the most specific common name component of the subject field. Certificates not fulfilling this condition must be rejected during TLS/DTLS handshake. If any of the parameters remote-subject-dn and remote-subject-fqdn is configured at the same time as the remote-certification-authority-dn parameter, certificates must also fulfill the specified restrictions regarding the certification authority in order to be accepted. If remote-subject-dn and remote-subject-FQDN are not configured, the authorization of remote endpoints is not restricted with respect to the subject's distinguished name or FQDN of the delivered certificate.

4.7. Transport Session Class

The TransportSession class contains state data about transport sessions originating from an exporting process or terminating at a collecting process. If SCTP is the transport protocol, the exporter or collector may be multihomed SCTP endpoints (see [RFC4960], Section 6.4), in which case more than one IP address will be used.

The following attributes are supported:

ipfix-version

Used for exporting processes, this parameter contains the version number of the IPFIX protocol that the exporter uses to export its data in this transport session. Hence, it is identical to the value of the configuration parameter ipfix-version of the sctp-exporter, udp-exporter, or tcp-exporter object. When used for collecting processes, this parameter contains the version-number of the IPFIX protocol it receives for this transport session. If IPFIX messages of different IPFIX protocol versions are received, this parameter contains the maximum version number. This state parameter is identical to ipfixTransportSessionIpfixVersion in the IPFIX MIB module [RFC6615].
source-address, destination-address

If TCP or UDP is the transport protocol, source-address contains the IP address of the exporter, and destination-address contains the IP addresses of the collector. Hence, the two parameters have identical values as ipfixTransportSessionSourceAddress and ipfixTransportSessionDestinationAddress in the IPFIX MIB module [RFC6615]. if SCTP is the transport protocol, source-address contains one of the IP addresses of the exporter and destination-address one of the IP addresses of the collector. Preferably, the IP addresses of the path that is usually selected by the exporter to send IPFIX messages to the collector should be contained.
source-port, destination-port

These state parameters contain the transport-protocol port numbers of the exporter and the collector of the transport session and thus are identical to ipfixTransportSessionSourcePort and ipfixTransportSessionDestinationPort in the IPFIX MIB module [RFC6615].
sctp-assoc-id

The association id used for the SCTP session between the exporter and the collector of the transport session. It is equal to the sctpassocid entry in the SctpAssocTable defined in the SCTP-MIB [RFC3871]. This parameter is only available if the transport protocol is SCTP and if an SNMP agent on the same monitoring device enables access to the corresponding MIB objects in the SctpAssocTable. This state parameter is identical to ipfixTransportSessionSctpAssocId in the IPFIX MIB module [RFC6615].
status

Status of the transport session, which can be one of the following:
rate

The number of bytes per second transmitted by the exporting process or received by the collecting process. This parameter is updated every second. This state parameter is identical to ipfixtransportsessionrate in the IPFIX MIB module [RFC6615].
bytes, messages, records, templates, options-templates

The number of bytes, IPFIX messages, data records, template records, and options template records transmitted by the exporting process or received by the collecting process. Discontinuities in the values of these counters can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time.
discarded-messages

Used for exporting processes, this parameter indicates the number of messages that could not be sent due to internal buffer overflows, network congestion, routing issues, etc. Used for collecting process, this parameter indicates the number of received IPFIX messages that are malformed, cannot be decoded, are received in the wrong order or are missing according to the sequence number. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time.
transport-session-start-time

Timestamp of the start of the given transport session.
transport-session-discontinuity-time

Timestamp of the most recent occasion at which one or more of the transport session counters suffered a discontinuity. The time is absolute and not relative to sysUpTime. Note that, if used for exporting processes, the values of the state parameters destination-address and destination-port match the values of the configuration parameters destination-ip-address and destination-port of the sctp-exporter, tcp-exporter, and udp-exporter (in the case of sctp-exporter, one of the configured destination-ip-address values); if the transport protocol is UDP or SCTP and if the parameter source-ip-address is configured in the udp-exporter or sctp-exporter object, the value of source-address equals the configured value or one of the configured values. Used for collecting processes, the value of destination-address equals the value (or one of the values) of the parameter local-ip-address if this parameter is configured in the udp-collector, tcp-collector, or sctp-collector; destination-port equals the value of the configuration parameter local-port.

The TransportSession class includes Template class information and statistics about the templates transmitted or received on the given transport session. The Template class is specified in Section 4.8.

     +--ro transport-session* [name]
        +--ro name                                    name-type
        +--ro ipfix-version?                          uint16
        +--ro source-address?                         inet:host
        +--ro destination-address?                    inet:host
        +--ro source-port?
        |       inet:port-number
        +--ro destination-port?
        |       inet:port-number
        +--ro status?
        |       transport-session-status
        +--ro rate?
        |       yang:gauge32
        +--ro bytes?
        |       yang:counter64
        +--ro messages?
        |       yang:counter64
        +--ro discarded-messages?
        |       yang:counter64
        +--ro records?
        |       yang:counter64
        +--ro templates?
        |       yang:counter32
        +--ro options-templates?
        |       yang:counter32
        +--ro transport-session-start-time?
        |       yang:date-and-time
        +--ro transport-session-discontinuity-time?
        |       yang:date-and-time
        +--ro template* []
          ...

Figure 28: Transport Session Class

4.8. Template Class

Figure 29 shows the Template class which contains state data about templates used by an exporting process or received by a collecting process in a specific transport session. The field class defines one field of the template.

     +--ro template* []
        +--ro observation-domain-id?         uint32
        +--ro template-id?                   uint16
        +--ro set-id?                        uint16
        +--ro access-time?                   yang:date-and-time
        +--ro template-data-records?         yang:counter64
        +--ro template-discontinuity-time?   yang:date-and-time
        +--ro field* []
           +--ro ie-id?                  ie-id-type
           +--ro ie-length?              uint16
           +--ro ie-enterprise-number?   uint32
           +--ro is-flow-key?            empty
           +--ro is-scope?               empty

Figure 29: Template Class

The names and semantics of the state parameters correspond to the managed objects in the ipfixTemplateTable, ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the IPFIX MIB module [RFC6615]:

observation-domain-id

The identifier of the observation domain for which this template is defined.
template-id

This number indicates the template identifier in the IPFIX Message.
set-id

This number indicates the set identifier of this template. Currently, there are two values defined [RFC7011]. The value 2 is used for sets containing template definitions. The value 3 is used for sets containing options template definitions.
access-time

Used for exporting processes, this parameter contains the time when this (Options) Template was last sent to the Collector or written to the file. Used for Collecting Processes, this parameter contains the time when this (Options) Template was last received from the Exporter or read from the file.
template-data-records

The number of transmitted or received data records defined by this (options) template since the point in time indicated by template-definition-time.
template-discontinuity-time

Timestamp of the most recent occasion at which the counter template-data-records suffered a discontinuity. The time is absolute and not relative to sysUpTime.
ie-id, ie-length, ie-enterprise-number

Information Element identifier, length, and enterprise number of a field in the template. If this is not an enterprise-specific Information Element, ie-enterprise-number is zero. These state parameters are identical to ipfixTemplateDefinitionIeId, ipfixTemplateDefinitionIeLength, and ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module [RFC6615].
is-flow-key

If this state parameter is present, this is a flow key field. This parameter is only available for non-Options Templates (i.e., if setId is 2).
is-scope

If this state parameter is present, this is a scope field. This parameter is only available for options templates (i.e., if setId is 3).

4.9. Bulk Data Class

The BulkDataProcess class in Figure 30 specifies the bulk data template to be applied to resource or set of resources and provides state information about the template records.

     +--rw bulk-data-export
        +--rw template* [name]
           +--rw name                     ietf-ipfix:name-type
           +--rw enabled?                 boolean
           +--rw export-interval?         uint32
           +--rw observation-domain-id?   uint32
           +--rw field-layout
           |  +--rw field* [name]
           |     +--rw name                    ietf-ipfix:name-type
           |     +--rw (identifier)
           |     |  +--:(ie-id)
           |     |     +--rw ie-id?            ietf-ipfix:ie-id-type
           |     +--rw ie-length?              uint16
           |     +--rw ie-enterprise-number?   uint32
           +--rw exporting-process*
           |       -> /ietf-ipfix:ipfix/exporting-process/name
           |       {ietf-ipfix:exporter}?
           +--rw resource*                resource
           +--ro data-records?            yang:counter64
           +--ro discontinuity-time?      yang:date-and-time

Figure 30: Bulk Data Class

The following attributes are supported:

enabled

Enables the template so that specified data may be exported. The default is "enabled".
export-interval

The interval (in seconds) for periodical export of data records.
observation-domain-id

The Observation Domain that is locally unique to an Exporting Process
field-layout

The IPFIX template to be applied to the resource. The following attributes are configurable:

A bulk data instance may refer to:

The following state information is available;

data-records

Reports the number of data records generated for this bulk data template.
discontinuity-time

Timestamp of the most recent occasion at which the counter data records suffered a discontinuity.

5. Adaptation to Device Capabilities

The configuration data model standardizes a superset of common IPFIX and PSAMP configuration parameters. A typical monitoring device implementation will not support the entire range of possible configurations. Certain functions may not be supported, such as the collecting process that does not exist on a monitoring device that is conceived as exporter only. The configuration of other functions may be subject to resource limitations or functional restrictions. For example, the cache size is typically limited according to the available memory on the device. It is also possible that a monitoring device implementation requires the configuration of additional parameters that are not part of the configuration data model in order to function properly.

The configuration data model for IPFIX and PSAMP covers the configuration of Exporters, Collectors, and devices that may act as both. As Exporters and Collectors implement different functions, the corresponding portions of the model are conditional on the following features:

exporter

If this feature is supported, Exporting Processes can be configured.
collector

If this feature is supported, Collecting Processes can be configured.

Exporters do not necessarily implement any Selection Processes, Caches, or even Observation Points in particular cases. Therefore, the corresponding portions of the model are conditional on the following feature:

Additional features refer to different PSAMP Sampling and Filtering methods as well as to the supported types of Caches:

psamp-samp-count-based

If this feature is supported, Sampling method samp-count-based can be configured.
psamp-samp-time-based

If this feature is supported, Sampling method samp-time-based can be configured.
psamp-samp-rand-out-of-n

If this feature is supported, Sampling method samp-rand-out-of-n can be configured.
psamp-samp-uni-prob

If this feature is supported, Sampling method samp-uni-prob can be configured.
psampfilter-match

If this feature is supported, Filtering method filter-match can be configured.
psamp-filter-hash

If this feature is supported, Filtering method filter-hash can be configured.
immediate-cache

If this feature is supported, a Cache generating PSAMP Packet Reports can be configured using the Immediate Cache class.
timeout-cache

If this feature is supported, a Cache generating IPFIX Flow Records can be configured using the Timeout Cache class.
natural-cache

If this feature is supported, a Cache generating IPFIX Flow Records can be configured using the Natural Cache class.
permanent-cache

If this feature is supported, a Cache generating IPFIX Flow Records can be configured using the Permanent Cache class.

The following features concern the support of UDP and TCP as transport protocols and the support of File Readers and File Writers:

sctp-transport

If this feature is supported, SCTP can be used as transport protocol by Exporting Processes and Collecting Processes.
udp-transport

If this feature is supported, UDP can be used as transport protocol by Exporting Processes and Collecting Processes.
tcp-transport

If this feature is supported, TCP can be used as transport protocol by Exporting Processes and Collecting Processes.
file-reader

If this feature is supported, File Readers can be configured as part of Collecting Processes.
file-writer

If this feature is supported, File Writers can be configured as part of Exporting Processes.

6. YANG Modules

This document defines three YANG modules:

ietf-ipfix

Defines the IPFIX collector and exporter functions.
ietf-ipfix-packet-sampling

Defines the PSAMP functions for configuring a device to sample/meter a subset of packets from the network.
ietf-ipfix-bulk-data-export

Defines the bulk data IPFIX templates used to export bulk data.

6.1. ietf-ipfix

6.1.1. ietf-ipfix Module Structure

This document defines the YANG module "ietf-ipfix", which has the following structure:

module: ietf-ipfix
  +--rw ipfix
     +--rw collecting-process* [name] {collector}?
     |  +--rw name                 name-type
     |  +--rw tcp-collector* [name] {tcp-transport}?
     |  |     ...
     |  +--rw udp-collector* [name] {udp-transport}?
     |  |     ...
     |  +--rw sctp-collector* [name] {sctp-transport}?
     |  |     ...
     |  +--rw file-reader* [name] {file-reader}?
     |  |     ...
     |  +--rw exporting-process*   -> /ipfix/exporting-process/name
     |          {exporter}?
     +--rw exporting-process* [name] {exporter}?
        +--rw name                    name-type
        +--rw enabled?                boolean
        +--rw export-mode?            identityref
        +--rw destination* [name]
        |     ...
        +--rw options* [name]
        |     ...
        +--ro exporting-process-id?   uint32

6.1.2. ietf-ipfix YANG Module

This YANG Module imports typedefs from [RFC6991].

<CODE BEGINS> file "ietf-ipfix@2018-10-22.yang"
module ietf-ipfix {
  yang-version 1.1;

  namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix";

  prefix ietf-ipfix;

  import ietf-inet-types {
    prefix inet;
    reference
      "RFC 6991: Common YANG Data Types";
  }

  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991: Common YANG Data Types";
  }

  import ietf-interfaces {
    prefix if;
    reference
      "RFC 8343: A YANG Model for Interface Management";
  }

  organization
    "IETF";

  contact
    "Web:      TBD
     List:     TBD
    
     Editor:   Joey Boyd
               <mailto:joey.boyd@adtran.com>
               
     Editor:   Marta Seda
               <mailto:marta.seda@calix.com>";
               
  // RFC Ed.: replace XXXX with actual RFC numbers and 
  // remove this note.               

  description
    "This module contains a collection of YANG definitions for the
     management of IP Flow Information Export (IPFIX).

     This data model is designed for the Network Management Datastore
     Architecture defined in RFC 8342.
     
     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2019 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
     for full legal notices.";

  revision 2020-03-05 {
    description
      "Initial revision.";
    reference
      "RFC XXXX: YANG Data Models for the IP Flow Information Export 
                 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 
                 and Bulk Data Export";
  }

  feature exporter {
    description
      "If supported, the Monitoring Device can be used as
       an Exporter. Exporting Processes can be configured.";
  }

  feature collector {
    description
      "If supported, the Monitoring Device can be used as
       a Collector.  Collecting Processes can be configured.";
  }

  feature tcp-transport {
    description
      "If supported, the Monitoring Device supports TCP
       as the transport protocol.";
  }

  feature udp-transport {
    description
      "If supported, the Monitoring Device supports UDP
       as the transport protocol.";
  }

  feature sctp-transport {
    description
      "If supported, the Monitoring Device supports SCTP
       as the transport protocol.";
  }

  feature file-reader {
    description
      "If supported, the Monitoring Device supports the
       configuration of Collecting Processes as File Readers.";
  }

  feature file-writer {
    description 
      "If supported, the Monitoring Device supports the
       configuration of Exporting Processes as File Writers.";
  }

  feature if-mib {
    description
      "This feature indicates that the device implements 
       the IF-MIB.";
    reference
      "RFC 2863: The Interfaces Group MIB";
  }

  identity export-mode {
    description
      "Base identity for different usages of export
       destinations configured for an Exporting Process.";
    reference
      "RFC 6615, Section 8 (ipfixExportMemberType)";
  }

  identity parallel {
    base export-mode;
    description
      "Parallel export of Data Records to all destinations configured
       for the Exporting Process.";
    reference
      "RFC 6615, Section 8 (ipfixExportMemberType)";
  }

  identity load-balancing {
    base export-mode;
    description
      "Load-balancing between the different destinations
       configured for the Exporting Process.";
    reference
      "RFC 6615, Section 8 (ipfixExportMemberType)";
  }

  identity fallback {
    base export-mode;
    description
      "Export to the primary destination (i.e., the first
       destination configured for the Exporting Process). If the
       export to the primary destination fails, the Exporting Process
       tries to export to the secondary destination.  If the
       secondary destination fails as well, it continues with the
       tertiary, etc.";
    reference
      "RFC 6615, Section 8 (ipfixExportMemberType)";
  }

  identity options-type {
    description
      "Base identity for report types exported with
       options templates.";
  }

  identity metering-statistics {
    base options-type;
    description
      "Metering Process Statistics.";
    reference
      "RFC 7011, Section 4.1";
  }

  identity metering-reliability {
    base options-type;
    description
      "Metering Process Reliability Statistics.";
    reference
      "RFC 7011, Section 4.2";
  }

  identity exporting-reliability {
    base options-type;
    description
      "Exporting Process Reliability Statistics.";
    reference
      "RFC 7011, Section 4.3";
  }

  identity flow-keys {
    base options-type;
    description
      "Flow Keys.";
    reference
      "RFC 7011, Section 4.4";
  }

  identity selection-sequence {
    base options-type;
    description
      "Selection Sequence and Selector Reports.";
    reference
      "RFC 5476, Sections 6.5.1 and 6.5.2";
  }

  identity selection-statistics {
    base options-type;
    description
      "Selection Sequence Statistics Report.";
    reference
      "RFC 5476, Sections 6.5.3";
  }

  identity accuracy {
    base options-type;
    description
      "Accuracy Report.";
    reference
      "RFC 5476, Section 6.5.4";
  }

  identity reducing-redundancy {
    base options-type;
    description
      "Enables the utilization of Options Templates to reduce 
       redundancy in the exported Data Records.";
    reference
      "RFC 5473";
  }

  identity extended-type-information {
    base options-type;
    description
      "Export of extended type information for enterprise-specific 
       Information Elements used in the exported Templates.";
    reference
      "RFC 5610";
  }

  typedef ie-name-type {
    type string {
      length "1..max";
      pattern '\S+';
    }
    description
      "Type for Information Element names. Whitespaces are not 
       allowed.";
  }

  typedef name-type {
    type string {
      length "1..max";
      pattern '\S(.*\S)?';
    }
    description
      "Type for 'name' leafs, which are used to identify specific 
       instances within lists, etc.
       
       Leading and trailing whitespaces are not allowed.";
  }

  typedef ie-id-type {
    type uint16 {
      range "1..32767";
    }
    description
      "Type for Information Element identifiers.";
  }

  typedef transport-session-status {
    type enumeration {
      enum "inactive" {
        value 0;
        description
          "This value MUST be used for Transport Sessions that are 
           specified in the system but currently not active.
           
           The value can be used for Transport Sessions that are
           backup (secondary) sessions.";
      }
      enum "active" {
        value 1;
        description
          "This value MUST be used for Transport Sessions that are 
           currently active and transmitting or receiving data.";
      }
      enum "unknown" {
        value 2;
        description
          "This value MUST be used if the status of the Transport 
           Sessions cannot be detected by the device.
           
           This value should be avoided as far as possible.";
      }
    }
    description
      "Status of a Transport Session.";
    reference
      "RFC 6615, Section 8 (ipfixTransportSessionStatus)";
  }


  grouping transport-layer-security-parameters {
    description
      "TLS or DTLS parameters.";

    container transport-layer-security {
      presence
        "The presence of this container indicates TLS is enabled.";
      description
        "TLS or DTLS configuration.";

      leaf-list local-certification-authority-dn {
        type string;
        description
          "Distinguished names of certification authorities whose 
           certificates may be used to identify the local endpoint.";
        reference
          "RFC 5280";
      }
  
      leaf-list local-subject-dn {
        type string;
        description
          "Distinguished names that may be used in the certificates 
           to identify the local endpoint.";
        reference
          "RFC 5280.";
      }
  
      leaf-list local-subject-fqdn {
        type inet:domain-name;
        description
          "Fully qualified domain names that may be used in the 
           certificates to identify the local endpoint.";
        reference
          "RFC 5280";
      }
  
      leaf-list remote-certification-authority-dn {
        type string;
        description
          "Distinguished names of certification authorities whose 
           certificates are accepted to authorize remote endpoints.";
        reference
          "RFC 5280";
      }
  
      leaf-list remote-subject-dn {
        type string;
        description
          "Distinguished names which are accepted in certificates to 
           authorize remote endpoints.";
        reference
          "RFC 5280";
      }
  
      leaf-list remote-subject-fqdn {
        type inet:domain-name;
        description
          "Fully qualified domain names that are accepted in
           certificates to authorize remote endpoints.";
        reference
          "RFC 5280";
      }
    }
  }

  grouping transport-session-state-parameters {
    description
      "State parameters of a Transport Session originating from an 
       Exporting Process or terminating at a Collecting Process. 
       Parameter names and semantics correspond to the managed 
       objects in IPFIX-MIB.";
    reference
      "RFC 7011; RFC 6615, Section 8 (ipfixTransportSessionEntry,
       ipfixTransportSessionStatsEntry)";

    leaf ipfix-version {
      type uint16;
      description
        "Used for Exporting Processes, this parameter contains the 
         version number of the IPFIX protocol that the Exporter uses 
         to export its data in this Transport Session.

         Used for Collecting Processes, this parameter contains the
         version number of the IPFIX protocol it receives for this 
         Transport Session. If IPFIX Messages of different IPFIX 
         protocol versions are received, this parameter contains the 
         maximum version number.

         Note that this parameter corresponds to
         ipfixTransportSessionIpfixVersion in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionIpfixVersion)";
    }

    leaf source-address {
      type inet:host;
      description
        "The source address of the Exporter of the IPFIX Transport 
         Session.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionSourceAddressType,
         ipfixTransportSessionSourceAddress);
         RFC 4960, Section 6.4";
    }

    leaf destination-address {
      type inet:host;
      description
        "The destination address of the path that is selected by the 
         Exporter to send IPFIX messages to the Collector.

         In the case of TCP, it is possible that if an FQDN address 
         is configured it resolves into many addresses.

         Note that this parameter functionally corresponds to
         ipfixTransportSessionDestinationAddressType and
         ipfixTransportSessionDestinationAddress in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionDestinationAddressType,
         ipfixTransportSessionDestinationAddress);
         RFC 4960, Section 6.4";
    }

    leaf source-port {
      type inet:port-number;
      description
        "The transport-protocol port number of the Exporter of the 
         IPFIX Transport Session.

         Note that this parameter corresponds to
         ipfixTransportSessionSourcePort in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionSourcePort).";
    }

    leaf destination-port {
      type inet:port-number;
      description
        "The transport-protocol port number of the Collector of the 
         IPFIX Transport Session.

         Note that this parameter corresponds to
         ipfixTransportSessionDestinationPort in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionDestinationPort)";
    }

    leaf status {
      type transport-session-status;
      description
        "Status of the Transport Session.

         Note that this parameter corresponds to
         ipfixTransportSessionStatus in the IPFIX MIB module.";
        reference
         "RFC 6615, Section 8 (ipfixTransportSessionStatus)";
    }

    leaf rate {
      type yang:gauge32;
      units "bytes per second";
      description
        "The number of bytes per second transmitted by the
         Exporting Process or received by the Collecting Process.
         This parameter is updated every second.

         Note that this parameter corresponds to
         ipfixTransportSessionRate in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8 (ipfixTransportSessionRate)";
    }

    leaf bytes {
      type yang:counter64;
      units "bytes";
      description
        "The number of bytes transmitted by the Exporting Process or 
         received by the Collecting Process.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         transport-session-discontinuity-time.

         Note that this parameter corresponds to
         ipfixTransportSessionBytes in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8 (ipfixTransportSessionBytes)";
    }

    leaf messages {
       type yang:counter64;
       units "IPFIX Messages";
       description
         "The number of messages transmitted by the Exporting Process 
          or received by the Collecting Process.
          
          Discontinuities in the value of this counter can occur at
          re-initialization of the management system, and at other
          times as indicated by the value of
          transport-session-discontinuity-time.

          Note that this parameter corresponds to
          ipfixTransportSessionMessages in the IPFIX MIB module.";
       reference
         "RFC 6615, Section 8
          (ipfixTransportSessionMessages)";
    }

    leaf discarded-messages {
      type yang:counter64;
      units "IPFIX Messages";
      description
        "Used for Exporting Processes, this parameter indicates the 
         number of messages that could not be sent due to internal 
         buffer overflows, network congestion, routing issues, etc.  
         Used for Collecting Process, this parameter indicates the 
         number of received IPFIX Message that are malformed, cannot 
         be decoded, are received in the wrong order or are missing 
         according to the sequence number.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         transport-session-discontinuity-time.

         Note that this parameter corresponds to
         ipfixTransportSessionDiscardedMessages in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionDiscardedMessages)";
    }

    leaf records {
      type yang:counter64;
      units "Data Records";
      description
        "The number of Data Records transmitted by the Exporting 
         Process or received by the Collecting Process.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         transport-session-discontinuity-time.

         Note that this parameter corresponds to
         ipfixTransportSessionRecords in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionRecords)";
    }

    leaf templates {
      type yang:counter32;
      units "Templates";
      description
        "The number of Templates transmitted by the Exporting Process 
         or received by the Collecting Process.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         transport-session-discontinuity-time.

         Note that this parameter corresponds to
         ipfixTransportSessionTemplates in the IPFIX MIB module.";
      reference
        "RFC 6615, Section 8
        (ipfixTransportSessionTemplates)";
    }

    leaf options-templates {
      type yang:counter32;
      units "Options Templates";
      description
        "The number of Option Templates transmitted by the Exporting 
         Process or received by the Collecting Process.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         transport-session-discontinuity-time.

         Note that this parameter corresponds to
         ipfixTransportSessionOptionsTemplates in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionOptionsTemplates)";
    }

    leaf transport-session-start-time {
      type yang:date-and-time;
      description
        "Timestamp of the start of the given Transport Session.

         This state parameter does not correspond to any object in
         the IPFIX MIB module.";
    }

    leaf transport-session-discontinuity-time {
      type yang:date-and-time;
      description
        "Timestamp of the most recent occasion at which one or more 
         of the Transport Session counters suffered a discontinuity.

         Note that this parameter functionally corresponds to
         ipfixTransportSessionDiscontinuityTime in the IPFIX MIB
         module. In contrast to 
         ipfixTransportSessionDiscontinuityTime, the time is
         absolute and not relative to sysUpTime.";
      reference
        "RFC 6615, Section 8
         (ipfixTransportSessionDiscontinuityTime)";
    }
  }

  grouping collection-template-state-parameters {
    description
      "State parameters of a (Options) Template received by a 
       Collecting Process in a specific Transport Session or read by 
       the File Reader. 
       
       Parameter names and semantics correspond to the 
       managed objects in IPFIX-MIB";
    reference
      "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry,
       ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";

    list template {
      key "name";
      description
        "This list contains the Templates and Options Templates that 
         are transmitted by the Exporting Process or received by the 
         Collecting Process.

         Withdrawn or invalidated (Options) Templates MUST be removed
         from this list.";
         
      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the 
           template.";
      }
           
      leaf observation-domain-id {
        type uint32;
        description
          "The ID of the Observation Domain for which this Template 
           is defined.
  
           Note that this parameter corresponds to
           ipfixTemplateObservationDomainId in the IPFIX MIB 
           module.";
        reference
          "RFC 6615, Section 8
           (ipfixTemplateObservationDomainId)";
      }
  
      leaf template-id {
        type uint16 {
          range "256..65535";
        }
        description
          "This number indicates the Template ID in the IPFIX
           message.

           Note that this parameter corresponds to ipfixTemplateId in
           the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (ipfixTemplateId)";
      }
  
      leaf set-id {
        type uint16 {
          range "2..3 | 256..65535";
        }
        description
          "This number indicates the Set ID of the Template.
           A value of 2 is reserved for Template Sets.  A value of 3
           is reserved for Options Template Sets.  Values from 4 to 
           255 are reserved for future use.  Values 256 and above
           are used for Data Sets.  The Set ID values of 0 and 1 are 
           not used for historical reasons.
           
           Note that this parameter corresponds to ipfixTemplateSetId 
           in the IPFIX MIB module.";
        reference
          "RFC 7011, Section 3.3.2;
           RFC 6615, Section 8 (ipfixTemplateSetId)";
      }
  
      leaf access-time {
        type yang:date-and-time;
        description
          "This parameter contains the time when this (Options) 
           Template was last received from the Exporter or read from 
           the file.
           
           Note that this parameter corresponds to
           ipfixTemplateAccessTime in the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (
           ipfixTemplateAccessTime)";
      }
  
      leaf template-data-records {
        type yang:counter64;
        description
          "The number of received Data Records defined by this 
           (Options) Template. 
           
           Discontinuities in the value of this counter can occur at 
           re-initialization of the management system, and at other 
           times as indicated by the value of 
           template-discontinuity-time.
           
           Note that this parameter corresponds to
           ipfixTemplateDataRecords in the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (ipfixTemplateDataRecords)";
      }
  
      leaf template-discontinuity-time {
        type yang:date-and-time;
        description
          "Timestamp of the most recent occasion at which the counter
           template-data-records suffered a discontinuity. 
           
           Note that this parameter functionally corresponds to 
           ipfixTemplateDiscontinuityTime in the IPFIX MIB module. In
           contrast to  ipfixTemplateDiscontinuityTime, the time is 
           absolute and not relative to sysUpTime.";
        reference
          "RFC 6615, Section 8
           (ipfixTemplateDiscontinuityTime)";
      }
  
      list field {
        key "name";
        description
          "This list contains the (Options) Template fields of which 
           the (Options) Template is defined.
           
           The order of the list corresponds to the order of the 
           fields in the (Option) Template Record.";
  
        leaf name {
          type name-type;
          description
            "An arbitrary string which uniquely identifies the 
             template field.";
        }

        leaf ie-id {
          type ie-id-type;
          description
            "This parameter indicates the Information Element 
             identifier of the field.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeId in the IPFIX MIB module.";
          reference
            "RFC 7011; RFC 6615, Section 8
             (ipfixTemplateDefinitionIeId).";
        }
  
        leaf ie-length {
          type uint16;
          units "octets";
          description
            "This parameter indicates the length of the Information 
             Element of the field.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeLength in the IPFIX MIB
             module.";
          reference
            "RFC 7011; RFC 6615, Section 8
             (ipfixTemplateDefinitionIeLength)";
        }
  
        leaf ie-enterprise-number {
          type uint32;
          description
            "This parameter indicates the IANA enterprise number of 
             the authority defining the Information Element
             identifier.
             
             If the Information Element is not enterprise-specific,
             this state parameter is zero.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
             MIB module.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionIeEnterpriseNumber);
             IANA registry for Private Enterprise Numbers,
             http://www.iana.org/assignments/enterprise-numbers";
        }
  
        leaf is-flow-key {
          when "../../set-id = 2" {
            description
              "This parameter is available for non-Options Templates 
               (Set ID is 2).";
          }
          type empty;
          description
            "If present, this is a Flow Key field.
  
             Note that this corresponds to flowKey(1) being set in
             ipfixTemplateDefinitionFlags.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionFlags)";
        }
  
        leaf is-scope {
          when "../../set-id = 3" {
            description
              "This parameter is available for Options
               Templates (Set ID is 3).";
          }
          type empty;
          description
            "If present, this is a scope field.
  
             Note that this corresponds to scope(0) being set in
             ipfixTemplateDefinitionFlags.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionFlags)";
        }
      }
    }
  }

  grouping common-collector-parameters {
    description
      "Parameters of a Collecting Process that are common to all 
       transport protocols.";

    choice local-address-method {
      description
        "Method to configure the local address of the collecting 
         process.  Note that it is expected that other methods be 
         available.  Those method can augment this choice.";

      case local-address {
        leaf-list local-address {
          type inet:host;
          description
            "List of local addresses on which the Collecting
             Process listens for IPFIX Messages.";
        }
      }
    }

    leaf local-port {
      type inet:port-number;
      description
        "If not configured, the Monitoring Device uses the default 
         port number for IPFIX, which is 4739 without TLS or DTLS and 
         4740 if TLS or DTLS is activated.";
    }
  }

  grouping tcp-collector-parameters {
    description
      "Parameters of a listening TCP socket at a Collecting 
       Process.";

    uses common-collector-parameters;
    
    uses transport-layer-security-parameters;
  }

  grouping udp-collector-parameters {
    description
      "Parameters of a listening UDP socket at a Collecting 
       Process.";

    uses common-collector-parameters;

    leaf template-life-time {
      type uint32;
      units seconds;
      default 1800;
      description 
        "Sets the lifetime of Templates for all UDP Transport 
         Sessions terminating at this UDP socket. Templates that are 
         not received again within the configured lifetime become 
         invalid at the Collecting Process.
         
         As specified in RFC 7011, the Template lifetime MUST be at
         least three times higher than the template-refresh-timeout
         parameter value configured on the corresponding Exporting
         Processes.
         
         Note that this parameter corresponds to
         ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
         MIB module.";
      reference 
        "RFC 7011, Section 10.3.7; RFC 6615, Section 8
         (ipfixTransportSessionTemplateRefreshTimeout).";
    }
  
    leaf options-template-life-time {
      type uint32;
      units seconds;
      default 1800;
      description 
        "Sets the lifetime of Options Templates for all UDP Transport 
         Sessions terminating at this UDP socket. Options Templates 
         that are not received again within the configured lifetime 
         become invalid at the Collecting Process.
         
         As specified in RFC 7011, the Options Template lifetime MUST
         be at least three times higher than the
         options-template-refresh-timeout parameter value configured 
         on the corresponding Exporting Processes.
         
         Note that this parameter corresponds to
         ipfixTransportSessionOptionsTemplateRefreshTimeout in the
         IPFIX MIB module.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionOptionsTemplateRefreshTimeout).";
    }
  
    leaf template-life-packet {
      type uint32;
      units "IPFIX Messages";
      description 
        "If this parameter is configured, Templates defined in a UDP 
         Transport Session become invalid if they are neither 
         included in a sequence of more than this number of IPFIX 
         Messages nor received again within the period of time 
         specified by template-life-time.
         
         Note that this parameter corresponds to
         ipfixTransportSessionTemplateRefreshPacket in the IPFIX
         MIB module.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionTemplateRefreshPacket).";
    }
  
    leaf options-template-life-packet {
      type uint32;
      units "IPFIX Messages";
      description 
        "If this parameter is configured, Options Templates defined 
         in a UDP Transport Session become invalid if they are 
         neither included in a sequence of more than this number of 
         IPFIX Messages nor received again within the period of time 
         specified by options-template-life-time.

         Note that this parameter corresponds to
         ipfixTransportSessionOptionsTemplateRefreshPacket in the
         IPFIX MIB module.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionOptionsTemplateRefreshPacket).";
    }
    
    leaf maximum-reordering-delay {
      type uint32;
      units seconds;
      description
        "The maximum delay for the template to be received at the
         collector after the data record(s) has(have) been received.
         The collector is expected to buffer the data records till 
         such a time.";
      reference
        "RFC 7011, Section 8.2";
    }
    
    uses transport-layer-security-parameters;
  }

  grouping sctp-collector-parameters {
    description
      "Parameters of a listening SCTP socket at a Collecting 
       Process.";

    uses common-collector-parameters;

    leaf maximum-reordering-delay {
      type uint32;
      units seconds;
      description
        "The maximum delay for the template to be received at the
         collector after the data record(s) has(have) been received.
         The collector is expected to buffer the data records till 
         such a time.";
      reference
        "RFC 7011, Section 8.2";
    }
    
    uses transport-layer-security-parameters;
  }

  grouping file-reader-state-parameters {
    description
      "State Parameters for the File Reader.";

    container file-reader-state {
      config false;
      description
        "File Reader parameters.";

      leaf bytes {
        type yang:counter64;
        units octets;
        description 
          "The number of bytes read by the File Reader.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-reader-discontinuity-time.";
      }
    
      leaf messages {
        type yang:counter64;
        units "IPFIX Messages";
        description 
          "The number of IPFIX Messages read by the File Reader.   

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-reader-discontinuity-time.";
      }
      
      leaf records {
        type yang:counter64;
        units "Data Records";
        description 
          "The number of Data Records read by the File Reader.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-reader-discontinuity-time.";
      }
    
      leaf templates {
        type yang:counter32;
        units "Templates";
        description 
          "The number of Template Records (excluding Options Template 
           Records) read by the File Reader.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-reader-discontinuity-time.";
      }
    
      leaf options-templates {
        type yang:counter32;
        units "Options Templates";
        description 
          "The number of Options Template Records read by the File 
           Reader.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-reader-discontinuity-time.";
      }
    
      leaf file-reader-discontinuity-time {
        type yang:date-and-time;
        description 
          "Timestamp of the most recent occasion at which one or more 
           File Reader counters suffered a discontinuity.

           In contrast to discontinuity times in the IPFIX MIB 
           module, the time is absolute and not relative to 
           sysUpTime.";
      }
    
      uses collection-template-state-parameters;
    }
  }

  grouping collecting-process-parameters {
    description
      "Parameters of a Collecting Process.";

    list tcp-collector {
      if-feature tcp-transport;
      key "name";
      description
        "List of TCP receivers (sockets) on which the Collecting 
         Process receives IPFIX Messages.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the TCP 
           collector.";
      }

      uses tcp-collector-parameters;

      list transport-session {
        key name;
        config false;
        description
          "This list contains the currently established Transport 
           Sessions terminating at the given socket.";
  
        leaf name {
          type name-type;
          description
            "An arbitrary string which uniquely identifies the 
             transport session.";
        }
  
        uses transport-session-state-parameters;
        uses collection-template-state-parameters;
      }
    }
  
    list udp-collector {
      if-feature udp-transport;
      key "name";
      description
        "List of UDP receivers (sockets) on which the Collecting 
         Process receives IPFIX Messages.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the UDP 
           Collector.";
      }

      uses udp-collector-parameters;

      list transport-session {
        key name;
        config false;
        description
          "This list contains the currently established Transport 
           Sessions terminating at the given socket.";
  
        leaf name {
          type name-type;
          description
            "An arbitrary string which uniquely identifies the 
             transport session.";
        }
  
        uses transport-session-state-parameters;
        uses collection-template-state-parameters;
      }
    }

    list sctp-collector {
      if-feature sctp-transport;
      key "name";
      description
        "List of SCTP receivers on which the Collecting Process 
         receives IPFIX Messages.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the SCTP 
           Collector.";
      }

      uses sctp-collector-parameters;

      list transport-session {
        key name;
        config false;
        description
          "This list contains the currently established Transport 
           Sessions terminating at the given socket.";
  
        leaf name {
          type name-type;
          description
            "An arbitrary string which uniquely identifies the 
             transport session.";
        }
  
        leaf sctp-association-id {
          type uint32;
          config false;
          description 
            "The association ID used for the SCTP session between the 
             Exporter and the Collector of the IPFIX Transport 
             Session.  It is equal to the sctpAssocId entry in the 
             sctpAssocTable defined in the SCTP-MIB.
             
             This parameter is only available if the transport 
             protocol is SCTP and if an SNMP agent on the same
             Monitoring Device enables access to the corresponding 
             MIB objects in the sctpAssocTable.
             
             Note that this parameter corresponds to
             ipfixTransportSessionSctpAssocId in the IPFIX MIB
             module.";
          reference 
            "RFC 6615, Section 8
             (ipfixTransportSessionSctpAssocId);
             RFC 3871";
        }

        uses transport-session-state-parameters;
        uses collection-template-state-parameters;
      }  
    }

    list file-reader {
      if-feature file-reader;
      key "name";
      description
        "List of File Readers from which the Collecting Process reads 
         the IPFIX Messages.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the File 
           Reader.";
      }

      leaf file {
        type inet:uri;
        mandatory true;
        description 
          "URI specifying the location of the file.";
      }

      uses file-reader-state-parameters;
    }
  }

  grouping export-template-state-parameters {
    description
      "State parameters of a (Options) Template used by an Exporting 
       Process in a specific Transport Session or by a File Writer. 
       Parameter names and semantics correspond to the managed 
       objects in IPFIX-MIB.";
    reference
      "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry,
       ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";

    list template {
      key "name";
      description
        "This list contains the Templates and Options Templates that 
         are transmitted by the Exporting Process or written by the 
         File Writer.

         Withdrawn or invalidated (Options) Templates MUST be removed
         from this list.";
         
      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the 
           template.";
      }
           
      leaf observation-domain-id {
        type uint32;
        description
          "The ID of the Observation Domain for which this Template 
           is defined.
  
           Note that this parameter corresponds to
           ipfixTemplateObservationDomainId in the IPFIX MIB 
           module.";
        reference
          "RFC 6615, Section 8
           (ipfixTemplateObservationDomainId).";
      }
  
      leaf template-id {
        type uint16 {
          range "256..65535";
        }
        description
          "This number indicates the Template ID in the IPFIX
           message.
           
           Note that this parameter corresponds to ipfixTemplateId in
           the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (ipfixTemplateId).";
      }
  
      leaf set-id {
        type uint16 {
          range "2..3 | 256..65535";
        }
        description
          "This number indicates the Set ID of the Template.
           A value of 2 is reserved for Template Sets.  A value of 3
           is reserved for Options Template Sets.  Values from 4 to 
           255 are reserved for future use.  Values 256 and above
           are used for Data Sets.  The Set ID values of 0 and 1 are 
           not used for historical reasons.
           
           Note that this parameter corresponds to ipfixTemplateSetId 
           in the IPFIX MIB module.";
        reference
          "RFC 7011, Section 3.3.2;
           RFC 6615, Section 8 (ipfixTemplateSetId)";
      }
  
      leaf access-time {
        type yang:date-and-time;
        description
          "This parameter contains the time when this (Options) 
           Template was last sent to the Collector(s) or written to 
           the file.
           
           Note that this parameter corresponds to
           ipfixTemplateAccessTime in the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (
           ipfixTemplateAccessTime).";
      }
  
      leaf template-data-records {
        type yang:counter64;
        description
          "The number of transmitted Data Records defined by this 
           (Options) Template. 
           
           Discontinuities in the value of this counter can occur at 
           re-initialization of the management system, and at other 
           times as indicated by the value of
           template-discontinuity-time.
           
           Note that this parameter corresponds to
           ipfixTemplateDataRecords in the IPFIX MIB module.";
        reference
          "RFC 6615, Section 8 (ipfixTemplateDataRecords).";
      }
  
      leaf template-discontinuity-time {
        type yang:date-and-time;
        description
          "Timestamp of the most recent occasion at which the counter 
           template-data-records suffered a discontinuity. 
           
           Note that this parameter functionally 
           corresponds to ipfixTemplateDiscontinuityTime in the IPFIX 
           MIB module. In contrast to 
           ipfixTemplateDiscontinuityTime, the time is absolute and 
           not relative to sysUpTime.";
        reference
          "RFC 6615, Section 8
           (ipfixTemplateDiscontinuityTime).";
      }
  
      list field {
        key "name";
        description
          "This list contains the (Options) Template fields of which 
           the (Options) Template is defined.
           
           The order of the list corresponds to the order 
           of the fields in the (Option) Template Record.";
  
        leaf name {
          type name-type;
          description
            "An arbitrary string which uniquely identifies the 
             template field.";
        }

        leaf ie-id {
          type ie-id-type;
          description
            "This parameter indicates the Information Element 
             identifier of the field.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeId in the IPFIX MIB module.";
          reference
            "RFC 7011; RFC 6615, Section 8
             (ipfixTemplateDefinitionIeId).";
        }
  
        leaf ie-length {
          type uint16;
          units "octets";
          description
            "This parameter indicates the length of the Information 
             Element of the field.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeLength in the IPFIX MIB
             module.";
          reference
            "RFC 7011; RFC 6615, Section 8
             (ipfixTemplateDefinitionIeLength).";
        }
  
        leaf ie-enterprise-number {
          type uint32;
          description
            "This parameter indicates the IANA enterprise number of 
             the authority defining the Information Element
             identifier.
             
             If the Information Element is not enterprise-specific,
             this state parameter is zero.
  
             Note that this parameter corresponds to
             ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
             MIB module.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionIeEnterpriseNumber);
             IANA registry for Private Enterprise Numbers,
             http://www.iana.org/assignments/enterprise-numbers.";
        }
  
        leaf is-flow-key {
          when "../../set-id = 2" {
          description
            "This parameter is available for non-Options Templates 
             (Set ID is 2).";
          }
          type empty;
          description
            "If present, this is a Flow Key field.
  
             Note that this corresponds to flowKey(1) being set in
             ipfixTemplateDefinitionFlags.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionFlags).";
        }
  
        leaf is-scope {
          when "../../set-id = 3" {
          description
            "This parameter is available for Options Templates 
             (Set ID is 3).";
          }
          type empty;
          description
            "If present, this is a scope field.
  
             Note that this corresponds to scope(0) being set in
             ipfixTemplateDefinitionFlags.";
          reference
            "RFC 6615, Section 8
             (ipfixTemplateDefinitionFlags).";
        }
      }
    }
  }

  grouping common-exporter-parameters {
    description
      "Parameters of an export destination that are common to all 
       transport protocols.";

    leaf ipfix-version {
      type uint16;
      default '10';
      description
        "IPFIX version number.";
      reference
        "RFC 7011.";
    }

    container source {
      description
        "Configuration corresponding to how exporter's source IP 
         address is specified.";

      choice source-method {
        description
          "Method to configure the source address of the exporter
           or the interface to be used by the exporter.

           Note that it is expected that other methods be available.
           Those methods can augment this choice.";

        case interface-ref {
          leaf interface-ref {
            type if:interface-ref;
            description
              "The interface to be used by the Exporting Process.";
          }
        }

        case if-index {
          if-feature if-mib;
          leaf if-index {
            type uint32;
            description 
              "Index of an interface as stored in the ifTable
               of IF-MIB.";
            reference 
              "RFC 2863.";
          }
        }
      
        case if-name {
          if-feature if-mib;
          leaf if-name {
            type string;
            description 
              "Name of an interface as stored in the ifTable
               of IF-MIB.";
            reference 
              "RFC 2863.";
          }
        }    
      }
    }

    container destination {
      description
        "Configuration corresponding to how exporter's destination IP 
         address is specified.";
    }  

    leaf destination-port {
      type inet:port-number;
      description
        "If not configured by the user, the Monitoring Device uses 
         the default port number for IPFIX, which is 4739 without TLS 
         or DTLS and 4740 if TLS or DTLS is activated.";
    }

    leaf send-buffer-size {
      type uint32;
      units "bytes";
      description
        "Size of the socket send buffer.

         If not configured by the user, this parameter is set by
         the Monitoring Device.";
    }

    leaf rate-limit {
      type uint32;
      units "bytes per second";
      description
        "Maximum number of bytes per second the Exporting Process may 
         export to the given destination.  The number of bytes is 
         calculated from the lengths of the IPFIX Messages exported. 
         If not configured, no rate limiting is performed.";
      reference
        "RFC 5476, Section 6.3.";
    }
  }

  grouping tcp-exporter-parameters {
    description
      "Parameters of a TCP export destination.";

    uses common-exporter-parameters {
      augment "source/source-method" {
        description
          "Augment the source method to add the source IP address or
           hostname.";

        case source-address {
          leaf source-address {
            type inet:host;
            description
              "The source IP address or hostname used by the 
               Exporting Process.";
          }
        }
      }
    
      augment "destination" {
        description
          "Augment the destination method to add the destination
           IP address or hostname.";

        choice destination-method {
          mandatory true;
          description
            "Method to configuring the destination address of the 
             Collection Process to which IPFIX Messages are sent.

             Note it is expected that if other methods are available
             that they would augment from this statement.";
             
          case destination-address {
            leaf destination-address {
              type inet:host;
              description
                "The destination IP address or hostname of the 
                 Collecting Process to which IPFIX Messages are sent. 
                 A hostname may resolve to one or more IP 
                 addresses.";
            }
          }
        }
      }
    }
    
    leaf connection-timeout {
      type uint32;
      units seconds;
      description
        "Time after which the exporting process deems the TCP 
         connection to have failed.";
      reference
        "RFC 7011, Sections 10.4.4 and 10.4.5.";
    }
    
    leaf retry-schedule {
      type uint32 {
      range "60..max";
      }
      units seconds;
      description
        "Time after which the exporting process retries the TCP 
         connection to a collector.";
      reference
        "RFC 7011, Section 10.4.4.";
    }
    
    uses transport-layer-security-parameters;
  }

  grouping udp-exporter-parameters {
    description
      "Parameters of a UDP export destination.";

    uses common-exporter-parameters {
      augment "source/source-method" {
        description
          "Augment the source method to add the source IP address or
           hostname.";

        case source-address {
          leaf source-address {
            type inet:host;
            description
              "The source IP address or hostname used by the 
               Exporting Process.";
          }
        }
      }
    
      augment "destination" {
        description
          "Augment the destination method to add the destination
           IP address or hostname.";
        
        choice destination-method {
          mandatory true;
          description
            "Method to configuring the destination address of the 
             Collection Process to which IPFIX Messages are sent.

             Note it is expected that if other methods are available
             that they would augment from this statement.";
             
          case destination-address {
            leaf destination-address {
              type inet:host;
              description
                "The destination IP address or hostname of the 
                 Collecting Process to which IPFIX Messages are sent. 
                 A hostname may resolve to one or more IP 
                 addresses.";
            }
          }
        }
      }
    }

    leaf maximum-packet-size {
      type uint16;
      units octets;
      description 
        "This parameter specifies the maximum size of IP packets sent 
         to the Collector.  If set to zero, the Exporting Device MUST 
         derive the maximum packet size from path MTU discovery 
         mechanisms.
         
         If not configured by the user, this parameter is set by
         the Monitoring Device.";
    }

    leaf template-refresh-timeout {
      type uint32;
      units seconds;
      default 600;
      description 
        "Sets time after which Templates are resent in the UDP 
         Transport Session.
         
         Note that the configured lifetime MUST be adapted to the
         template-life-time parameter value at the receiving 
         Collecting Process.
         
         Note that this parameter corresponds to
         ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
         MIB module.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionTemplateRefreshTimeout).";
    }

    leaf options-template-refresh-timeout {
      type uint32;
      units seconds;
      default 600;
      description 
        "Sets time after which Options Templates are resent in the 
         UDP Transport Session.
         
         Note that the configured lifetime MUST be adapted to the
         options-template-life-time parameter value at the receiving
         Collecting Process.
         
         Note that this parameter corresponds to
         ipfixTransportSessionOptionsTemplateRefreshTimeout in the
         IPFIX MIB module.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionOptionsTemplateRefreshTimeout).";
    }

    leaf template-refresh-packet {
      type uint32;
      units "IPFIX Messages";
      description 
        "Sets number of IPFIX Messages after which Templates are 
         resent in the UDP Transport Session.
         
         Note that this parameter corresponds to
         ipfixTransportSessionTemplateRefreshPacket in the IPFIX
         MIB module.
         
         If omitted, Templates are only resent after timeout.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionTemplateRefreshPacket).";
    }

    leaf options-template-refresh-packet {
      type uint32;
      units "IPFIX Messages";
      description 
        "Sets number of IPFIX Messages after which Options Templates 
         are resent in the UDP Transport Session protocol.

         Note that this parameter corresponds to
         ipfixTransportSessionOptionsTemplateRefreshPacket in the
         IPFIX MIB module.

         If omitted, Templates are only resent after timeout.";
      reference 
        "RFC 7011, Section 8.4; RFC 6615, Section 8
         (ipfixTransportSessionOptionsTemplateRefreshPacket).";
    }
    
    uses transport-layer-security-parameters;
  }

  grouping sctp-exporter-parameters {
    description
      "Parameters of a SCTP export destination.";

    uses common-exporter-parameters {
      augment "source/source-method" {
        description
          "Augment the source method to add the source IP address or
           hostname.";

        case source-address {
          leaf-list source-address {
            type inet:host;
            description
              "The source IP address(es) or hostname(s) used by the 
               Exporting Process.";
          }
        }
      }
    
      augment "destination" {
        description
          "Augment the destination method to add the destination
           IP address or hostname.";
        
        choice destination-method {
          mandatory true;
          description
            "Method to configuring the destination address of the 
             Collection Process to which IPFIX Messages are sent.

             Note it is expected that if other methods are available
             that they would augment from this statement.";
             
          case destination-address {
            leaf-list destination-address {
              type inet:host;
              description
                "List of destination IP addresses or hostnames. 
                 A hostname may resolve to one or more IP addresses.
                 
                 The user must ensure that all configured IP 
                 addresses belong to the same Collecting Process.
                 
                 The SCTP Exporting Processs tries to establish an 
                 SCTP association to any of the configured
                 destination IP addresses.";
            }
          }
        }
      }
    }

    leaf timed-reliability {
      type uint32;
      units milliseconds;
      default 0;
      description 
        "Lifetime in milliseconds until an IPFIX Message containing 
         Data Sets only is 'abandoned' due to the timed reliability 
         mechanism of PR-SCTP.
         
         If this parameter is set to zero, reliable SCTP transport is 
         used for all Data Records.
         
         Regardless of the value of this parameter, the Exporting
         Process MAY use reliable SCTP transport for Data Sets
         associated with Options Templates.";
      reference 
        "RFC 3758; RFC 4960.";
    }
    
    leaf association-timeout {
      type uint32;
      units seconds;
      description
        "Time after which the exporting process deems the SCTP 
         association to have failed.";
      reference
        "RFC 7011, Sections 10.2.4 and 10.2.5.";
    }
    
    uses transport-layer-security-parameters;
  }

  grouping file-writer-state-parameters {
    description
      "State Parameters for the File Writer.";

    container file-writer-state {
      config false;
      description
        "File Writer parameters.";

      leaf bytes {
        type yang:counter64;
        units octets;
        description 
          "The number of bytes written by the File Writer.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf messages {
        type yang:counter64;
        units "IPFIX Messages";
        description 
          "The number of IPFIX Messages written by the File Writer.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf discarded-messages {
        type yang:counter64;
        units "IPFIX Messages";
        description 
          "The number of IPFIX Messages that could not be written by 
           the File Writer due to internal buffer overflows, limited 
           storage capacity, etc.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf records {
        type yang:counter64;
        units "Data Records";
        description 
          "The number of Data Records written by the File Writer.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf templates {
        type yang:counter32;
        units "Templates";
        description 
          "The number of Template Records (excluding Options Template 
           Records) written by the File Writer.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf options-templates {
        type yang:counter32;
        units "Options Templates";
        description 
          "The number of Options Template Records written by the File 
           Writer.

           Discontinuities in the value of this counter can occur at
           re-initialization of the management system, and at other
           times as indicated by the value of
           file-writer-discontinuity-time.";
      }
    
      leaf file-writer-discontinuity-time {
        type yang:date-and-time;
        description 
          "Timestamp of the most recent occasion at which one or more 
           File Writer counters suffered a discontinuity.

           In contrast to discontinuity times in the IPFIX MIB 
           module, the time is absolute and not relative to 
           sysUpTime.";
      }
    
      uses export-template-state-parameters;
    }
  }

  grouping exporting-process-parameters {
    description
      "Parameters of an Exporting Process.";

    leaf export-mode {
      type identityref {
        base export-mode;
      }
      default 'parallel';
      description
        "This parameter determines to which configured destination(s) 
         the incoming Data Records are exported.";
    }

    list destination {
      key "name";
      min-elements 1;
      description
        "List of export destinations.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the export 
           destination.";
      }

      choice destination-parameters {
        mandatory true;
        description
          "Destination configuration.";

        case tcp-exporter {
          container tcp-exporter {
            if-feature tcp-transport;
            description
              "TCP parameters.";

            uses tcp-exporter-parameters;

            container transport-session {
              config false;
              description
                "Transport session state data.";

              uses transport-session-state-parameters;
              uses export-template-state-parameters;
            }
          }
        }
    
        case udp-exporter {
          container udp-exporter {
            if-feature udp-transport;
            description
              "UDP parameters.";

            uses udp-exporter-parameters;

            container transport-session {
              config false;
              description
                "Transport session state data.";

              uses transport-session-state-parameters;
              uses export-template-state-parameters;
            }
          }
        }

        case sctp-exporter {
          container sctp-exporter {
            if-feature sctp-transport;
            description
              "SCTP parameters.";

            uses sctp-exporter-parameters;

            container transport-session {
              config false;
              description
                "Transport session state data.";

              leaf sctp-association-id {
                type uint32;
                description 
                  "The association ID used for the SCTP session
                   between the Exporter and the Collector of the 
                   IPFIX Transport Session.  It is equal to the 
                   sctpAssocId entry in the sctpAssocTable defined in 
                   the SCTP-MIB.

                   This parameter is only available if the transport
                   protocol is SCTP and if an SNMP agent on the same
                   Monitoring Device enables access to the 
                   corresponding MIB objects in the sctpAssocTable.

                   Note that this parameter corresponds to
                   ipfixTransportSessionSctpAssocId in the IPFIX MIB
                   module.";
                reference 
                  "RFC 6615, Section 8
                   (ipfixTransportSessionSctpAssocId);
                   RFC 3871";
              }
          
              uses transport-session-state-parameters;
              uses export-template-state-parameters;
            }
          }
        }

        case file-writer {
          container file-writer {
            if-feature file-writer;
            description
              "File Writer parameters.";

            leaf ipfix-version {
              type uint16;
              default 10;
              description 
                "IPFIX version number.";
              reference 
                "RFC 7011.";
            }
        
            leaf file {
              type inet:uri;
              mandatory true;
              description 
                "URI specifying the location of the file.";
            }

            uses file-writer-state-parameters;
          }
        }
      }
    }

    list options {
      key "name";
      description
        "List of options reported by the Exporting Process.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the 
           option.";
      }
      uses options-parameters;
    }
  }

  grouping options-parameters {
    description
      "Parameters specifying the data export using an Options 
       Template.";

    leaf options-type {
      type identityref {
        base options-type;
      }
      mandatory true;
      description
        "Type of the exported options data.";
    }

    leaf options-timeout {
      type uint32;
      units "milliseconds";
      description
        "Time interval for periodic export of the options data. If 
         set to zero, the export is triggered when the options data 
         has changed.

         If not configured by the user, this parameter is set by the
         Monitoring Device.";
    }
  }

  container ipfix {
    description
      "IPFIX Exporter and/or Collector data nodes.";

    list collecting-process {
      if-feature collector;
      key "name";
      description
        "Collecting Process of the Monitoring Device.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the 
           Collecting Process.";
      }

      uses collecting-process-parameters;

      leaf-list exporting-process {
        if-feature exporter;
        type leafref {
          path "/ietf-ipfix:ipfix"
             + "/ietf-ipfix:exporting-process"
             + "/ietf-ipfix:name";
        }
        description
          "Export of received records without any modifications.  
           Records are processed by all Exporting Processes in the 
           list.";
      }
    }

    list exporting-process {
      if-feature exporter;
      key "name";
      description
        "List of Exporting Processes of the IPFIX Monitoring Device
         for which configuration will be applied.";

      leaf name {
        type name-type;
        description
          "An arbitrary string which uniquely identifies the 
           Exporting Process.";
      }
      
      leaf enabled {
        type boolean;
        default "true";
        description
          "If true, this Exporting Process is enabled for 
           exporting.";
      }

      uses exporting-process-parameters;

      leaf exporting-process-id {
        type uint32;
        config false;
        description
          "The identifier of the Exporting Process.  This parameter 
           corresponds to the Information Element exportingProcessId. 
           Its occurrence helps to associate Exporting Process 
           parameters with Exporing Process statistics exported by 
           the Monitoring Device using the Exporting Process 
           Reliability Statistics Template as defined by the IPFIX 
           protocol specification.";
        reference
          "RFC 7011, Section 4.3; IANA registry for IPFIX
           Entities, http://www.iana.org/assignments/ipfix.";
      }
    }
  }
}
<CODE ENDS>

6.2. ietf-ipfix-packet-sampling

6.2.1. ietf-ipfix-packet-sampling Module Structure

This document defines the YANG module "ietf-ipfix-packet-sampling", which has the following structure:

module: ietf-ipfix-packet-sampling
  augment /ipfix:ipfix:
    +--rw psamp
       +--rw observation-point* [name]
       |  +--rw name                     ipfix:name-type
       |  +--rw observation-domain-id    uint32
       |  +--rw interface-ref*           if:interface-ref
       |  +--rw if-name*                 if-name-type {if-mib}?
       |  +--rw if-index*                uint32 {if-mib}?
       |  +--rw hardware-ref*            hardware-ref
       |  +--rw ent-physical-name*       string {entity-mib}?
       |  +--rw ent-physical-index*      uint32 {entity-mib}?
       |  +--rw direction?               direction
       |  +--rw selection-process*
       |  |       -> /ipfix:ipfix/psamp/selection-process/name
       |  +--ro observation-point-id?    uint32
       +--rw selection-process* [name]
       |  +--rw name                  ipfix:name-type
       |  +--rw selector* [name]
       |  |     ...
       |  +--rw cache?
       |  |       -> /ipfix:ipfix/psamp/cache/name
       |  +--ro selection-sequence* []
       |        ...
       +--rw cache* [name]
          +--rw name                        ipfix:name-type
          +--rw enabled?                    boolean
          +--rw (cache-type)
          |     ...
          +--rw exporting-process*
          |       -> /ipfix:ipfix/exporting-process/name
          |       {ipfix:exporter}?
          +--ro metering-process-id?        uint32
          +--ro data-records?               yang:counter64
          +--ro cache-discontinuity-time?   yang:date-and-time

6.2.2. ietf-ipfix-packet-sampling YANG module

This YANG Module imports typedefs from [RFC6991].

<CODE BEGINS> file "ietf-ipfix-packet-sampling@2018-10-22.yang"
module ietf-ipfix-packet-sampling {
  yang-version 1.1;

  namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling";

  prefix ips;

  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991: Common YANG Data Types";
  }

  import ietf-interfaces {
    prefix if;
    reference
      "RFC 8343: A YANG Model for Interface Management";
  }

  import ietf-hardware {
    prefix hw;
    reference
      "RFC 8348: A YANG Data Model for Hardware Management";
  }

  import ietf-ipfix {
    prefix ipfix;
    reference
      "RFC XXXX: YANG Data Models for the IP Flow Information Export 
       (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk 
       Data Export";
  }

  organization
    "IETF";

  contact
    "Web:      TBD
     List:     TBD

     Editor:   Joey Boyd
               <mailto:joey.boyd@adtran.com>

     Editor:   Marta Seda
               <mailto:marta.seda@calix.com>";

  // RFC Ed.: replace XXXX with actual RFC numbers and
  // remove this note.

  description
    "This module contains a collection of YANG definitions for the
     management Packet Sampling (PSAMP) over IPFIX.

     This data model is designed for the Network Management Datastore
     Architecture defined in RFC 8342.
     
     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2019 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
     for full legal notices.";

  revision 2020-03-05 {
    description
      "Initial revision.";
    reference
      "RFC XXXX: YANG Data Models for the IP Flow Information Export
                 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
                 and Bulk Data Export";
  }

  feature if-mib {
    description
      "This feature indicates that the device implements the 
       IF-MIB.";
    reference
      "RFC 2863: The Interfaces Group MIB";
  }

  feature entity-mib {
    description
      "This feature indicates that the device implements the 
       ENTITY-MIB.";
    reference
      "RFC 6933: Entity MIB (Version 4)";
  }

  feature psamp-samp-count-based {
    description
      "If supported, the Monitoring Device supports count-based 
       sampling. The Selector method sampCountBased can be 
       configured.";
    reference 
      "RFC 5475, Section 5.1";
  }

  feature psamp-samp-time-based {
    description
      "If supported, the Monitoring Device supports time-based 
       sampling. The Selector method sampTimeBased can be 
       configured.";
    reference 
      "RFC 5475, Section 5.1";
  }

  feature psamp-samp-rand-out-of-n {
    description
      "If supported, the Monitoring Device supports random n-out-of-N 
       sampling. The Selector method sampRandOutOfN can be 
       configured.";
    reference 
      "RFC 5475, Section 5.2.1";
  }

  feature psamp-samp-uni-prob {
    description
      "If supported, the Monitoring Device supports uniform 
       probabilistic sampling. The Selector method sampUniProb can be 
       configured.";
    reference 
      "RFC 5475, Section 5.2.2";
  }

  feature psamp-filter-match {
    description
      "If supported, the Monitoring Device supports property match 
       filtering. The Selector method filterMatch can be 
       configured.";
    reference 
      "RFC 5475, Section 6.1";
  }

  feature psamp-filter-hash {
    description
      "If supported, the Monitoring Device supports hash-based 
       filtering. The Selector method filterHash can be configured.";
    reference 
      "RFC 5475, Section 6.2";
  }

  feature immediate-cache {
    description
      "If supported, the Monitoring Device supports
       Caches generating PSAMP Packet Reports by configuration with
       immediateCache.";
  }

  feature timeout-cache {
    description
      "If supported, the Monitoring Device supports
       Caches generating IPFIX Flow Records by configuration with
       timeoutCache.";
  }

  feature natural-cache {
    description
      "If supported, the Monitoring Device supports
       Caches generating IPFIX Flow Records by configuration with
       naturalCache.";
  }

  feature permanent-cache {
    description
      "If supported, the Monitoring Device supports
       Caches generating IPFIX Flow Records by configuration with
       permanentCache.";
  }

  identity hash-function {
    description
      "Base identity for all hash functions used for
       hash-based packet Filtering.";
  }

  identity bob {
    base hash-function;
    description
      "BOB hash function.";
    reference
      "RFC 5475, Section 6.2.4.1";
  }

  identity ipsx {
    base hash-function;
    description
      "IPSX hash function.";
    reference
      "RFC 5475, Section 6.2.4.1";
  }

  identity crc {
    base hash-function;
    description
      "CRC hash function.";
    reference
      "RFC 5475, Section 6.2.4.1";
  }

  typedef hardware-ref {
    type leafref {
      path "/hw:hardware/hw:component/hw:name";
    }
    description
      "This type is used to reference hardware components.";
    reference
      "RFC 8348";
  }

  typedef if-name-type {
    type string {
      length "1..255";
    }
    description
      "This corresponds to the DisplayString textual
       convention of SNMPv2-TC, which is used for ifName in the IF
       MIB module.";
    reference
      "RFC 2863 (ifName)";
  }

  typedef direction {
    type enumeration {
      enum "ingress" {
        value 0;
        description
          "This value is used for monitoring incoming packets.";
      }
      enum "egress" {
        value 1;
        description
          "This value is used for monitoring outgoing packets.";
      }
      enum "both" {
        value 2;
        description
          "This value is used for monitoring incoming and outgoing 
           packets.";
      }
    }
    description
      "Direction of packets going through an interface.";
  }

  grouping observation-point-parameters {
    description
      "Interface as input to Observation Point.";

    leaf observation-domain-id {
      type uint32;
      mandatory true;
      description
        "The Observation Domain ID associates the Observation Point 
         to an Observation Domain. Observation Points with identical 
         Observation Domain IDs belong to the same Observation 
         Domain.

         Note that this parameter corresponds to
         ipfixObservationPointObservationDomainId in the IPFIX MIB
         module.";
      reference
        "RFC 7011; RFC 6615, Section 8
         (ipfixObservationPointObservationDomainId)";
    }

    leaf-list interface-ref {
      type if:interface-ref;
      description
        "List of interfaces of the Monitoring Device. The
         Observation Point observes packets at the specified
         interfaces.";
    }

    leaf-list if-name {
      if-feature if-mib;
      type if-name-type;
      description
        "List of names identifying interfaces of the Monitoring 
         Device.  The Observation Point observes packets at the 
         specified interfaces.";
    }

    leaf-list if-index {
      if-feature if-mib;
      type uint32;
      description
        "List of if-index values pointing to entries in the ifTable 
         of the IF-MIB module maintained by the Monitoring
         Device.  The Observation Point observes packets at the
         specified interfaces.
         
         This parameter SHOULD only be used if an SNMP agent enables
         access to the ifTable.
         
         Note that this parameter corresponds to
         ipfixObservationPointPhysicalInterface in the IPFIX MIB
         module.";
      reference
        "RFC 2863; RFC 6615, Section 8
         (ipfixObservationPointPhysicalInterface)";
    }

    leaf-list hardware-ref {
      type hardware-ref;
      description
        "List of hardware components of the Monitoring Device.
         The Observation Points observes packets at the specified
         hardware components.";
      reference
        "RFC 8348";
  }

    leaf-list ent-physical-name {
      if-feature entity-mib;
      type string;
      description
        "List of names identifying physical entities of the
         Monitoring Device. The Observation Point observes packets
         at the specified entities.";
    }

    leaf-list ent-physical-index {
      if-feature entity-mib;
      type uint32;
      description
        "List of ent-physical-index values pointing to entries in the 
         entPhysicalTable of the ENTITY-MIB module maintained by the 
         Monitoring Device.  The Observation Point observes packets 
         at the specified entities.
         
         This parameter SHOULD only be used if an SNMP agent enables
         access to the entPhysicalTable.

         Note that this parameter corresponds to
         ipfixObservationPointPhysicalEntity in the IPFIX MIB
         module.";
      reference
        "RFC 33; RFC 6615, Section 8
         (ipfixObservationPointPhysicalInterface)";
    }

    leaf direction {
      type direction;
      default "both";
      description
        "Direction of packets. If not applicable (e.g., in the case 
         of a sniffing interface in promiscuous mode), this
         parameter is ignored.";
    }
  }

  grouping samp-count-based-parameters {
    description
      "Configuration parameters of a Selector applying systematic 
       count-based packet Sampling to the packet stream.";
    reference
      "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1.";

    leaf packet-interval {
      type uint32;
      units "packets";
      mandatory true;
      description
        "The number of packets that are consecutively sampled between 
         gaps of length packetSpace.

         This parameter corresponds to the Information Element
         samplingPacketInterval and to psampSampCountBasedInterval
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.2; RFC 6727, Section 6
         (psampSampCountBasedInterval)";
    }

    leaf packet-space {
      type uint32;
      units "packets";
      mandatory true;
      description
        "The number of unsampled packets between two Sampling 
         intervals.

         This parameter corresponds to the Information Element
         samplingPacketSpace and to psampSampCountBasedSpace
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.3; RFC 6727, Section 6
         (psampSampCountBasedSpace)";
    }
  }

  grouping samp-time-based-parameters {
    description
      "Configuration parameters of a Selector applying systematic 
       time-based packet Sampling to the packet stream.";
    reference
      "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2";

    leaf time-interval {
      type uint32;
      units "microseconds";
      mandatory true;
      description
        "The time interval in microseconds during which all arriving 
         packets are sampled between gaps of length timeSpace.

         This parameter corresponds to the Information Element
         samplingTimeInterval and to psampSampTimeBasedInterval
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.4; RFC 6727, Section 6
         (psampSampTimeBasedInterval)";
    }

    leaf time-space {
      type uint32;
      units "microseconds";
      mandatory true;
      description
        "The time interval in microseconds during which no packets 
         are sampled between two Sampling intervals specified by 
         timeInterval.

         This parameter corresponds to the Information Element
         samplingTimeInterval and to psampSampTimeBasedSpace
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.5; RFC 6727, Section 6
         (psampSampTimeBasedSpace)";
    }
  }

  grouping samp-rand-out-of-n-parameters {
    description
      "Configuration parameters of a Selector applying n-out-of-N 
       packet Sampling to the packet stream.";
    reference
      "RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3.";

    leaf size {
      type uint32;
      units "packets";
      mandatory true;
      description
        "The number of elements taken from the parent population.

         This parameter corresponds to the Information Element
         samplingSize and to psampSampRandOutOfNSize in the PSAMP
         MIB module.";
      reference
        "RFC 5477, Section 8.2.6; RFC 6727, Section 6
         (psampSampRandOutOfNSize)";
    }

    leaf population {
      type uint32;
      units "packets";
      mandatory true;
      description
        "The number of elements in the parent population.

         This parameter corresponds to the Information Element
         samplingPopulation and to psampSampRandOutOfNPopulation
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.7; RFC 6727, Section 6
         (psampSampRandOutOfNPopulation)";
    }
  }

  grouping samp-uni-prob-parameters {
    description
      "Configuration parameters of a Selector applying uniform 
       probabilistic packet Sampling (with equal probability per 
       packet) to the packet stream.";
    reference
      "RFC 5475, Section 5.2.2.1;
       RFC 5476, Section 6.5.2.4";

    leaf probability {
      type decimal64 {
        fraction-digits 18;
        range "0..1";
      }
      mandatory true;
      description
        "Probability that a packet is sampled, expressed as a value 
         between 0 and 1.  The probability is equal for every 
         packet.

         This parameter corresponds to the Information Element
         samplingProbability and to psampSampUniProbProbability
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.2.8; RFC 6727, Section 6
         (psampSampUniProbProbability)";
    }
  }

  grouping filter-match-parameters {
    description
      "Configuration parameters of a Selector applying property match 
       Filtering to the packet stream.

       The field to be matched is specified as an Information
       Element.";
    reference
      "RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5";

    choice information-element {
      mandatory true;
      description
        "The Information Element field to be matched.";

      case ie-name {
        leaf ie-name {
          type ipfix:ie-name-type;
          description
            "Name of the Information Element.";
        }
      }

      case ie-id {
        leaf ie-id {
          type ipfix:ie-id-type;
          description
            "ID of the Information Element.";
        }
      }
    }

    leaf ie-enterprise-number {
      type uint32;
      default '0';
      description
        "If this parameter is zero, the Information Element is 
         registered in the IANA registry of IPFIX Information 
         Elements.

         If this parameter is configured with a non-zero private
         enterprise number, the Information Element is
         enterprise-specific.";
      reference
        "IANA registry for Private Enterprise Numbers,
         http://www.iana.org/assignments/enterprise-numbers;
         IANA registry for IPFIX Entities,
         http://www.iana.org/assignments/ipfix.";
    }

    leaf value {
      type string;
      mandatory true;
      description
        "Matching value of the Information Element";
    }
  }

  grouping filter-hash-parameters {
    description
      "Configuration parameters of a Selector applying hash-based 
       Filtering to the packet stream.";
    reference
      "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6";

    leaf hash-function {
      type identityref {
        base hash-function;
      }
      default 'bob';
      description
        "Hash function to be applied.  According to RFC 5475, 
         Section 6.2.4.1, 'BOB' must be used in order to be compliant 
         with PSAMP.

         This parameter functionally corresponds to
         psampFiltHashFunction in the PSAMP MIB module.";
      reference
        "RFC 6727, Section 6 (psampFiltHashFunction)";
    }

    leaf initializer-value {
      type uint64;
      description
        "Initializer value to the hash function.
         If not configured by the user, the Monitoring Device
         arbitrarily chooses an initializer value.

         This parameter corresponds to the Information Element
         hashInitialiserValue and to psampFiltHashInitializerValue
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.3.9; RFC 6727, Section 6
         (psampFiltHashInitializerValue)";
    }

    leaf ip-payload-offset {
      type uint64;
      units "octets";
      default '0';
      description
        "IP payload offset indicating the position of the first 
         payload byte considered as input to the hash function.
         
         Default value 0 corresponds to the minimum offset that
         must be configurable according to RFC 5476, Section
         6.5.2.6.

         This parameter corresponds to the Information Element
         hashIPPayloadOffset and to psampFiltHashIpPayloadOffset
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.3.2; RFC 6727, Section 6
         (psampFiltHashIpPayloadOffset)";
    }

    leaf ip-payload-size {
      type uint64;
      units "octets";
      default '8';
      description
        "Number of IP payload bytes used as input to the hash 
         function, counted from the payload offset.  If the IP 
         payload is shorter than the payload range, all available 
         payload octets are used as input. 
         
         Default value 8 corresponds to the minimum IP payload
         size that must be configurable according to RFC 5476,
         Section 6.5.2.6.

         This parameter corresponds to the Information Element
         hashIPPayloadSize and to psampFiltHashIpPayloadSize
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.3.3; RFC 6727, Section 6
         (psampFiltHashIpPayloadSize)";
    }

    leaf digest-output {
      type boolean;
      default 'false';
      description
        "If true, the output from this Selector is included in the 
         Packet Report as a packet digest.  Therefore, the configured 
         Cache Layout needs to contain a digestHashValue field.

         This parameter corresponds to the Information Element
         hashDigestOutput.";
      reference
        "RFC 5477, Section 8.3.8";
    }

    list selected-range {
      key "name";
      min-elements 1;
      description
        "List of hash function return ranges for which packets are 
         selected.";

      leaf name {
        type ipfix:name-type;
        description
          "An arbitrary string which uniquely identifies the 
           hash function's selected range.";
      }

      leaf min {
        type uint64;
        description
          "Beginning of the hash function's selected range.

           This parameter corresponds to the Information Element
           hashSelectedRangeMin and to psampFiltHashSelectedRangeMin
           in the PSAMP MIB module.";
        reference
          "RFC 5477, Section 8.3.6; RFC 6727, Section 6
           (psampFiltHashSelectedRangeMin)";
      }

      leaf max {
        type uint64;
        description
          "End of the hash function's selected range.

           This parameter corresponds to the Information Element
           hashSelectedRangeMax and to psampFiltHashSelectedRangeMax
           in the PSAMP MIB module.";
        reference
          "RFC 5477, Section 8.3.7; RFC 6727, Section 6
           (psampFiltHashSelectedRangeMax)";
      }
    }
  }

  grouping filter-hash-parameters-state {
    description
      "Configuration parameters of a Selector applying hash-based 
       Filtering to the packet stream.";
    reference
      "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6";

    leaf output-range-min {
      type uint64;
      config false;
      description
        "Beginning of the hash function's potential range.

         This parameter corresponds to the Information Element
         hashOutputRangeMin and to psampFiltHashOutputRangeMin
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.3.4; RFC 6727, Section 6
         (psampFiltHashOutputRangeMin)";
    }

    leaf output-range-max {
      type uint64;
      config false;
      description
        "End of the hash function's potential range.

         This parameter corresponds to the Information Element
         hashOutputRangeMax and to psampFiltHashOutputRangeMax
         in the PSAMP MIB module.";
      reference
        "RFC 5477, Section 8.3.5; RFC 6727, Section 6
         (psampFiltHashOutputRangeMax)";
    }
  }

  grouping selector-parameters {
    description
      "Configuration and state parameters of a Selector.";

    choice method {
      mandatory true;
      description
        "Packet selection method applied by the Selector.";

      case select-all {
        leaf select-all {
          type empty;
          description
            "Method that selects all packets.";
        }
      }

      case samp-count-based {
        container samp-count-based {
          if-feature psamp-samp-count-based;
          description
            "Systematic count-based packet Sampling.";

          uses samp-count-based-parameters;
        }
      }

      case samp-time-based {
        container samp-time-based {
          if-feature psamp-samp-time-based;
          description
            "Systematic time-based packet Sampling.";

          uses samp-time-based-parameters;
        }
      }

      case samp-rand-out-of-n {
        container samp-rand-out-of-n {
           if-feature psamp-samp-rand-out-of-n;
           description
             "n-out-of-N packet Sampling.";

           uses samp-rand-out-of-n-parameters;
        }
      }

      case samp-uni-prob {
        container samp-uni-prob {
          if-feature psamp-samp-uni-prob;
          description
            "Uniform probabilistic packet Sampling.";

          uses samp-uni-prob-parameters;
        }
      }

      case filter-match {
        container filter-match {
          if-feature psamp-filter-match;
          description
            "Property match Filtering.";

          uses filter-match-parameters;
        }
      }

      case filter-hash {
        container filter-hash {
          if-feature psamp-filter-hash;
          description
            "Hash-based Filtering.";

          uses filter-hash-parameters;
          uses filter-hash-parameters-state;
        }
      }
    }
  }

  grouping selector-parameters-state {
    description
      "Configuration and state parameters of a Selector.";

    leaf packets-observed {
      type yang:counter64;
      config false;
      description
        "The number of packets observed at the input of the 
         Selector.

         If this is the first Selector in the Selection Process,
         this counter corresponds to the total number of packets in
         all Observed Packet Streams at the input of the Selection
         Process.  Otherwise, the counter corresponds to the total
         number of packets at the output of the preceding Selector.
         
         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         selectorDiscontinuityTime.

         Note that this parameter corresponds to
         ipfixSelectorStatsPacketsObserved in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixSelectorStatsPacketsObserved)";
    }

    leaf packets-dropped {
      type yang:counter64;
      config false;
      description
        "The total number of packets discarded by the Selector.

         Discontinuities in the value of this counter can occur at
         re-initialization of the management system, and at other
         times as indicated by the value of
         selectorDiscontinuityTime.

         Note that this parameter corresponds to
         ipfixSelectorStatsPacketsDropped in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixSelectorStatsPacketsDropped)";
    }

    leaf selector-discontinuity-time {
      type yang:date-and-time;
      config false;
      description
        "Timestamp of the most recent occasion at which one or more 
         of the Selector counters suffered a discontinuity.

         Note that this parameter functionally corresponds to
         ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX
         MIB module. In contrast to
         ipfixSelectionProcessStatsDiscontinuityTime, the time is
         absolute and not relative to sysUpTime.";
      reference
        "RFC 6615, Section 8
         (ipfixSelectionProcessStatsDiscontinuityTime)";
    }
  }

  grouping cache-layout-parameters {
    description
      "Cache Layout parameters used by immediate cache, timeout 
       cache, natural cache, and permanent cache.";

    container cache-layout {
      description
        "Cache Layout parameters.";

      list cache-field {
        key "name";
        min-elements 1;
        description
          "Superset of fields that are included in the Packet Reports 
           or Flow Records generated by the Cache.";

        leaf name {
          type ipfix:name-type;
          description
            "An arbitrary string which uniquely identifies the 
             cache field.";
        }

        choice information-element {
          mandatory true;
          description
            "The Information Element to be added to the template.";
          reference
            "RFC 7012, Section 2; IANA registry for IPFIX
             Entities, http://www.iana.org/assignments/ipfix";

          case ie-name {
            leaf ie-name {
              type ipfix:ie-name-type;
              description
                "Name of the Information Element.";
            }
          }
    
          case ie-id {
            leaf ie-id {
              type ipfix:ie-id-type;
              description
                "ID of the Information Element.";
            }
          }
        }

        leaf ie-length {
          type uint16;
          units "octets";
          description
            "Length of the field in which the Information Element is 
             encoded.  A value of 65535 specifies a variable-length 
             Information Element. For Information Elements of integer 
             and float type, the field length MAY be set to a smaller 
             value than the standard length of the abstract data type 
             if the rules of reduced size encoding are fulfilled.

             If not configured by the user, this parameter is set by
             the Monitoring Device.";
          reference
            "RFC 7011, Section 6.2";
        }

        leaf ie-enterprise-number {
          type uint32;
          default '0';
          description
            "If this parameter is zero, the Information Element is 
             registered in the IANA registry of IPFIX Information 
             Elements.

             If this parameter is configured with a non-zero private
             enterprise number, the Information Element is
             enterprise-specific.

             If the enterprise number is set to 29305, this field
             contains a Reverse Information Element.  In this case,
             the Cache MUST generate Data Records in accordance to
             RFC 5103.";
          reference
            "RFC 7011; RFC 5103;
             IANA registry for Private Enterprise Numbers,
             http://www.iana.org/assignments/enterprise-numbers;
             IANA registry for IPFIX Entities,
             http://www.iana.org/assignments/ipfix";
        }
      }
    }
  }
  
  grouping flow-cache-base-parameters {
    description
      "Configuration parameters of a Cache generating Flow Records 
       which are common to all Cache types.";

    leaf max-flows {
      type uint32;
      units "flows";
      description
        "This parameter configures the maximum number of Flows in the 
         Cache, which is the maximum number of Flows that can be 
         measured simultaneously.

         The Monitoring Device MUST ensure that sufficient resources
         are available to store the configured maximum number of
         Flows.

         If the maximum number of Flows is measured, an additional
         Flow can be measured only if an existing entry is removed.
         However, traffic that pertains to existing Flows can
         continue to be measured.";
    }
  }

  grouping flow-permanent-cache-parameters {
    description
      "Configuration parameters of a Permanent Cache generating Flow
       Records.";
       
    uses flow-cache-base-parameters;

    leaf export-interval {
      type uint32;
      units "seconds";
      description
        "This parameter configures the interval (in seconds) for 
         periodical export of Flow Records.
         
         If not configured by the user, the Monitoring Device sets
         this parameter.";
    }
  }

  grouping flow-timeout-natural-cache-parameters {
    description
      "Configuration parameters of a Timeout or Natural Cache 
       generating Flow Records.";
       
    uses flow-cache-base-parameters;

    leaf active-timeout {
      type uint32;
      units "seconds";
      description
        "This parameter configures the time in seconds after which a 
         Flow is expired even though packets matching this Flow are 
         still received by the Cache.
         
         The parameter value zero indicates infinity, meaning that
         there is no active timeout.

         If not configured by the user, the Monitoring Device sets
         this parameter.

         Note that this parameter corresponds to
         ipfixMeteringProcessCacheActiveTimeout in the IPFIX
         MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixMeteringProcessCacheActiveTimeout)";
    }

    leaf idle-timeout {
      type uint32;
      units "seconds";
      description
        "This parameter configures the time in seconds after which a 
         Flow is expired if no more packets matching this Flow are 
         received by the Cache.

         The parameter value zero indicates infinity, meaning that
         there is no idle timeout.

         If not configured by the user, the Monitoring Device sets
         this parameter.

         Note that this parameter corresponds to
         ipfixMeteringProcessCacheIdleTimeout in the IPFIX
         MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixMeteringProcessCacheIdleTimeout)";
    }
  }

  grouping flow-cache-parameters-state {
    description
      "State parameters of a Cache generating Flow Records.";

    leaf active-flows {
      type yang:gauge32;
      units "flows";
      config false;
      description
        "The number of Flows currently active in this Cache.

         Note that this parameter corresponds to
         ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB
         module.";
      reference
        "RFC 6615, Section 8
         (ipfixMeteringProcessCacheActiveFlows)";
    }

    leaf unused-cache-entries {
      type yang:gauge32;
      units "flows";
      config false;
      description
        "The number of unused Cache entries in this Cache.

         Note that this parameter corresponds to
         ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX
         MIB module.";
      reference
        "RFC 6615, Section 8
         (ipfixMeteringProcessCacheUnusedCacheEntries)";
    }
  }

  augment '/ipfix:ipfix' {
    description
      "Augment IPFIX to add PSAMP.";

    container psamp {
      description
        "Container for PSAMP nodes.";

      list observation-point {
        key "name";
        description
          "Observation Point of the Monitoring Device.";

        leaf name {
          type ipfix:name-type;
          description 
            "An arbitrary string which uniquely identifies the 
             Observation Point.";
        }

        uses observation-point-parameters;

        leaf-list selection-process {
          type leafref {
            path "/ipfix:ipfix/psamp/selection-process/name";
          }
          description
            "Selection Processes in this list process packets in 
             parallel.";
        }

        leaf observation-point-id {
          type uint32;
          config false;
          description
            "Observation Point ID (i.e., the value of the Information 
             Element observationPointId) assigned by the Monitoring 
             Device.";
          reference
            "IANA registry for IPFIX Entities,
             http://www.iana.org/assignments/ipfix";
        }
      }

      list selection-process {
        key "name";
        description
          "Selection Process of the Monitoring Device.";

        leaf name {
          type ipfix:name-type;
          description
            "An arbitrary string which uniquely identifies the 
             Selectiong Process.";
        }

        list selector {
          key "name";
          min-elements 1;
          ordered-by user;
          description
            "List of Selectors that define the action of the
             Selection Process on a single packet.  The Selectors
             are serially invoked in the same order as they appear
             in this list.";

          leaf name {
            type ipfix:name-type;
            description
              "Name of the selector.";
          }

          uses selector-parameters;

          uses selector-parameters-state;
        }

        leaf cache {
          type leafref {
            path "/ipfix:ipfix/psamp/cache/name";
          }
          description
            "Cache that receives the output of the Selection 
             Process.";
        }

        list selection-sequence {
          config false;
          description
            "This list contains the Selection Sequence IDs that are 
             assigned by the Monitoring Device to distinguish 
             different Selection Sequences passing through the 
             Selection Process.

             As Selection Sequence IDs are unique per Observation
             Domain, the corresponding Observation Domain IDs are
             included as well.

             With this information, it is possible to associate
             Selection Sequence (Statistics) Report Interpretations
             exported according to the PSAMP protocol with a
             Selection Process in the configuration data.";
          reference
            "RFC 5476";

          leaf observation-domain-id {
            type uint32;
            description
              "Observation Domain ID for which the
               Selection Sequence ID is assigned.";
          }

          leaf selection-sequence-id {
            type uint64;
            description
              "Selection Sequence ID used in the Selection
               Sequence (Statistics) Report Interpretation.";
          }
        }
      }

      list cache {
        key "name";
        description
          "Cache of the Monitoring Device.";

        leaf name {
          type ipfix:name-type;
          description
            "An arbitrary string which uniquely identifies the 
             cache.";
        }

        leaf enabled {
          type boolean;
          default "true";
          description
            "If true, this cache is enabled and the specified data is 
             able to be exported.";
        }

        choice cache-type {
          mandatory true;
          description
            "Type of Cache and specific parameters.";

          case immediate-cache {
            container immediate-cache {
              if-feature immediate-cache;
              description
                "Flow expiration after the first packet; generation 
                 of Packet Records.";

              uses cache-layout-parameters;
            }
          }

          case timeout-cache {
            container timeout-cache {
              if-feature timeout-cache;
              description
                "Flow expiration after active and idle timeout; 
                 generation of Flow Records.";

              uses flow-timeout-natural-cache-parameters;
              uses cache-layout-parameters {
                augment "cache-layout/cache-field" {
                  description 
                    "Augment the Cache layout with timeout cache 
                     specific configuration.";
                     
                  leaf is-flow-key {
                    when
                      "../ie-enterprise-number != 29305" {
                      description
                        "This parameter is not available for Reverse 
                         Information Elements (which have enterprise
                         number 29305).";
                    }
                    type empty;
                    description
                      "If present, this is a flow key.";
                  }
                }
              }
              uses flow-cache-parameters-state;

            }
          }

          case natural-cache {
            container natural-cache {
              if-feature natural-cache;
              description
                "Flow expiration after active and idle timeout, or on 
                 natural termination (e.g., TCP FIN or TCP RST) of 
                 the Flow; generation of Flow Records.";

              uses flow-timeout-natural-cache-parameters;
              uses cache-layout-parameters {
                augment "cache-layout/cache-field" {
                  description 
                    "Augment the Cache layout with timeout cache 
                     specific configuration.";
                     
                  leaf is-flow-key {
                    when
                      "../ie-enterprise-number != 29305" {
                      description
                        "This parameter is not available for Reverse 
                         Information Elements (which have enterprise
                         number 29305).";
                    }
                    type empty;
                    description
                      "If present, this is a flow key.";
                  }
                }
              }
              uses flow-cache-parameters-state;
            }
          }

          case permanent-cache {
            container permanent-cache {
              if-feature permanent-cache;
              description
                "No flow expiration, periodical export with time 
                 interval exportInterval; generation of Flow 
                 Records.";
              uses flow-permanent-cache-parameters;
              uses cache-layout-parameters {
                augment "cache-layout/cache-field" {
                  description 
                    "Augment the Cache layout with timeout cache 
                     specific configuration.";
                     
                  leaf is-flow-key {
                    when
                      "../ie-enterprise-number != 29305" {
                      description
                        "This parameter is not available for Reverse 
                         Information Elements (which have enterprise
                         number 29305).";
                    }
                    type empty;
                    description
                      "If present, this is a flow key.";
                  }
                }
              }
              uses flow-cache-parameters-state;
            }
          }
        }

        leaf-list exporting-process {
          if-feature ipfix:exporter;
          type leafref {
            path "/ipfix:ipfix"
               + "/ipfix:exporting-process"
               + "/ipfix:name";
          }
          description
            "Records are exported by all Exporting Processes in the 
             list.";
        }

        leaf metering-process-id {
          type uint32;
          config false;
          description
            "The identifier of the Metering Process this Cache 
             belongs to.

             This parameter corresponds to the Information Element
             meteringProcessId.  Its occurrence helps to associate
             Cache parameters with Metering Process statistics
             exported by the Monitoring Device using the Metering
             Process (Reliability) Statistics Template as
             defined by the IPFIX protocol specification.";
          reference
            "RFC 7011, Sections 4.1 and 4.2;
             IANA registry for IPFIX Entities,
             http://www.iana.org/assignments/ipfix";
        }

        leaf data-records {
          type yang:counter64;
          units "Data Records";
          config false;
          description
            "The number of Data Records generated by this Cache.

             Discontinuities in the value of this counter can occur
             at re-initialization of the management system, and at
             other times as indicated by the value of
             cacheDiscontinuityTime.

             Note that this parameter corresponds to
             ipfixMeteringProcessDataRecords in the IPFIX MIB
             module.";
          reference
            "RFC 6615, Section 8
             (ipfixMeteringProcessDataRecords)";
        }

        leaf cache-discontinuity-time {
          type yang:date-and-time;
          config false;
          description
            "Timestamp of the most recent occasion at which the 
             counter dataRecords suffered a discontinuity.

             Note that this parameter functionally corresponds to
             ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB
             module. In contrast to
             ipfixMeteringProcessDiscontinuityTime, the time is
             absolute and not relative to sysUpTime.";
          reference
            "RFC 6615, Section 8
             (ipfixMeteringProcessDiscontinuityTime)";
        }
      }
    }
  }
}
<CODE ENDS>

6.3. ietf-ipfix-bulk-data-export

6.3.1. ietf-ipfix-bulk-data-export Module Structure

This document defines the YANG module "ietf-ipfix-bulk-data-export", which has the following tentative structure:

module: ietf-ipfix-bulk-data-export
  augment /ipfix:ipfix:
    +--rw bulk-data-export
       +--rw template* [name]
          +--rw name                       ipfix:name-type
          +--rw enabled?                   boolean
          +--rw export-interval?           uint32
          +--rw observation-domain-id?     uint32
          +--rw field-layout
          |     ...
          +--rw exporting-process*
          |       -> /ipfix:ipfix/exporting-process/name
          |       {ipfix:exporter}?
          +--rw (resource-identifier)?
          |     ...
          +--ro data-records?              yang:counter64
          +--ro discontinuity-time?        yang:date-and-time

6.3.2. ietf-ipfix-bulk-data-export YANG module

This YANG Module imports typedefs from [RFC6991].

<CODE BEGINS> file "ietf-ipfix-bulk-data-export@2018-11-15.yang"
module ietf-ipfix-bulk-data-export {
  yang-version 1.1;

  namespace 
    "urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export";

  prefix ibde;

  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991: Common YANG Data Types";
  }

  import ietf-ipfix {
    prefix ipfix;
    reference
      "RFC XXXX: YANG Data Models for the IP Flow Information Export 
       (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk 
       Data Export";
  }

  organization
    "IETF";

  contact
    "Web:      TBD
     List:     TBD
    
     Editor:   Joey Boyd
               <mailto:joey.boyd@adtran.com>
               
     Editor:   Marta Seda
               <mailto:marta.seda@calix.com>";
               
  // RFC Ed.: replace XXXX with actual RFC numbers and 
  // remove this note.               

  description
    "This module contains a collection of YANG definitions for the
     management exporting bulk data over IPFIX.

     This data model is designed for the Network Management Datastore
     Architecture defined in RFC 8342.
     
     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2019 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
     for full legal notices.";

  revision 2020-03-05 {
    description
      "Initial revision.";
    reference
      "RFC XXXX: YANG Data Models for the IP Flow Information Export 
                 (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 
                 and Bulk Data Export";
  }

  feature bulk-data {
    description
      "If supported, bulk data templates can be configured.";
  }

  typedef resource {
    type instance-identifier {
      require-instance false;
    }
    description
      "A resource from which bulk data will be exported.";
  }

  grouping bulk-data-template-parameters {
    description
      "Field Layout parameters.";

    leaf observation-domain-id {
      type uint32;
      default 0;
      description
        "An identifier of an Observation Domain that is locally 
         unique to an Exporting Process (see RFC 7011 Section 3.1).

         Typically, this Information Element is for limiting the 
         scope of other Information Elements.

         A value of 0 indicates that no specific Observation Domain 
         is identified by this Information Element.";
    }
    
    container field-layout {
      description
        "Field Layout parameters.";

      list field {
        key name;
        min-elements 1;
        description
          "Superset of statistics field names or special field-names 
           (e.g., timestamps, etc) for interpreting statistics that 
           are included in the Packet Reports or Flow Records 
           generated by the device.";

        leaf name {
          type ipfix:name-type;
          description
            "An arbitrary string which uniquely identifies the 
             field.";
        }

        choice identifier {
          mandatory true;
          description
            "The Information Element to be added to the template.";

          case ie-name {
            leaf ie-name {
              type ipfix:ie-name-type;
              description
                "Name of the Information Element.";
            }
          }
    
          case ie-id {
            leaf ie-id {
              type ipfix:ie-id-type;
              description
                "ID of the Information Element.";
            }
          }
        }

        leaf ie-length {
          type uint16;
          units octets;
          description
            "Length of the field in which the Information Element is 
             encoded.  A value of 65535 specifies a variable-length 
             Information Element.  For Information Elements of 
             integer and float type, the field length MAY be set to a 
             smaller value than the standard length of the abstract 
             data type if the rules of reduced size encoding are 
             fulfilled.

             If not configured by the user, this parameter is set by
             the Monitoring Device.";
          reference
            "RFC 7011, Section 6.2";
        }

        leaf ie-enterprise-number {
          type uint32;
          default 0;
          description
            "If this parameter is zero, the Information Element is 
             registered in the IANA registry of IPFIX Information 
             Elements or unspecified (if the Informational Element is 
             not IANA registered).

             If this parameter is configured with a non-zero private
             enterprise number, the Information Element is
             enterprise-specific.";
          reference
            "RFC 7011; RFC 5103;
             IANA registry for Private Enterprise Numbers,
             http://www.iana.org/assignments/enterprise-numbers;
             IANA registry for IPFIX Entities,
             http://www.iana.org/assignments/ipfix";
        }
      }
    }
  }

  augment "/ipfix:ipfix" {
    description
      "Augment IPFIX to add bulk data.";
    
    container bulk-data-export {
      description
        "Container for bulk data export nodes.";
      
      list template {
        key name;
        description
          "List of bulk data templates of the Monitoring Device.";
  
        leaf name {
          type ipfix:name-type;
          description
            "An arbitrary string which uniquely identifies the 
             bulk data template.";
        }
  
        leaf enabled {
          type boolean;
          default "true";
          description
            "If true, this template is enabled and the specified
             data is able to be exported.";
        }

        leaf export-interval {
          type uint32;
          units "seconds";
          description
            "This parameter configures the interval (in seconds) for 
             periodical export of Flow Records.
  
             If not configured by the user, the Monitoring Device 
             sets this parameter.";
        }
  
        uses bulk-data-template-parameters;
  
        leaf-list exporting-process {
          if-feature ipfix:exporter;
          type leafref {
            path "/ipfix:ipfix"
               + "/ipfix:exporting-process"
               + "/ipfix:name";
          }
          description
            "Records are exported by all Exporting Processes in the
             list.";
        }
        
        choice resource-identifier {
          description
            "Method to select the resources from which the records
             are to be exported.";
             
          case resource-instance {
            leaf-list resource-instance {
              type resource;
              description
                "Records are sourced from all the resources in 
                 this list.";
            }
          }
        }
  
        leaf data-records {
          type yang:counter64;
          units "Data Records";
          config false;
          description
            "The number of Data Records generated for this sampling 
             template.  
             
             Discontinuities in the value of this counter can occur 
             at re-initialization of the management system, and at 
             other times as indicated by the value of Discontinuity 
             Time.";
        }
  
        leaf discontinuity-time {
          type yang:date-and-time;
          config false;
          description
            "Timestamp of the most recent occasion at which the 
             counter data records suffered a discontinuity.";
        }
      }
    }
  }
}
<CODE ENDS>

7. IANA Considerations

This document registers 3 URIs in the "IETF XML Registry". [RFC3688]. Following the format in RFC 3688, the following registrations have been made.

URI: urn:ietf:params:xml:ns:yang:ietf-ipfix
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export
Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace.

This document registers 3 YANG modules in the "YANG Module Names" registry. Following the format in [RFC7950], the following have been registered.

Name: ietf-ipfix
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix
Prefix: ietf-ipfix
Reference: RFC XXXX: YANG Data Models for the IP Flow Information 
           Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 
           and Bulk Data Export
Name: ietf-ipfix-packet-sampling
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling
Prefix: ietf-ipfix-packet-sampling
Reference: RFC XXXX: YANG Data Models for the IP Flow Information 
           Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 
           and Bulk Data Export
Name: ietf-ipfix-bulk-data-export
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export
Prefix: ietf-bde
Reference: RFC XXXX: YANG Data Models for the IP Flow Information 
           Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, 
           and Bulk Data Export

8. Security Considerations

The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].

The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.

There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., NETCONF edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:

Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:

9. Acknowledgments

The authors would like to thank Anand Arokiaraj and William Lupton for their contributions towards creation of this document and associated YANG data models.

10. References

10.1. Normative References

[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004.
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M. and P. Conrad, "Stream Control Transmission Protocol (SCTP) Partial Reliability Extension", RFC 3758, DOI 10.17487/RFC3758, May 2004.
[RFC3871] Jones, G., "Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure", RFC 3871, DOI 10.17487/RFC3871, September 2004.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007.
[RFC5103] Trammell, B. and E. Boschi, "Bidirectional Flow Export Using IP Flow Information Export (IPFIX)", RFC 5103, DOI 10.17487/RFC5103, January 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R. and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008.
[RFC5475] Zseby, T., Molina, M., Duffield, N., Niccolini, S. and F. Raspall, "Sampling and Filtering Techniques for IP Packet Selection", RFC 5475, DOI 10.17487/RFC5475, March 2009.
[RFC5476] Claise, B., Johnson, A. and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, DOI 10.17487/RFC5476, March 2009.
[RFC5477] Dietz, T., Claise, B., Aitken, P., Dressler, F. and G. Carle, "Information Model for Packet Sampling Exports", RFC 5477, DOI 10.17487/RFC5477, March 2009.
[RFC5610] Boschi, E., Trammell, B., Mark, L. and T. Zseby, "Exporting Type Information for IP Flow Information Export (IPFIX) Information Elements", RFC 5610, DOI 10.17487/RFC5610, July 2009.
[RFC5655] Trammell, B., Boschi, E., Mark, L., Zseby, T. and A. Wagner, "Specification of the IP Flow Information Export (IPFIX) File Format", RFC 5655, DOI 10.17487/RFC5655, October 2009.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, January 2012.
[RFC6526] Claise, B., Aitken, P., Johnson, A. and G. Muenz, "IP Flow Information Export (IPFIX) Per Stream Control Transmission Protocol (SCTP) Stream", RFC 6526, DOI 10.17487/RFC6526, March 2012.
[RFC6615] Dietz, T., Kobayashi, A., Claise, B. and G. Muenz, "Definitions of Managed Objects for IP Flow Information Export", RFC 6615, DOI 10.17487/RFC6615, June 2012.
[RFC6727] Dietz, T., Claise, B. and J. Quittek, "Definitions of Managed Objects for Packet Sampling", RFC 6727, DOI 10.17487/RFC6727, October 2012.
[RFC6933] Bierman, A., Romascanu, D., Quittek, J. and M. Chandramouli, "Entity MIB (Version 4)", RFC 6933, DOI 10.17487/RFC6933, May 2013.
[RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013.
[RFC7011] Claise, B., Trammell, B. and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013.
[RFC7012] Claise, B. and B. Trammell, "Information Model for IP Flow Information Export (IPFIX)", RFC 7012, DOI 10.17487/RFC7012, September 2013.
[RFC7119] Claise, B., Kobayashi, A. and B. Trammell, "Operation of the IP Flow Information Export (IPFIX) Protocol on IPFIX Mediators", RFC 7119, DOI 10.17487/RFC7119, February 2014.
[RFC7950] Bjorklund, M., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K. and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 8343, DOI 10.17487/RFC8343, March 2018.
[RFC8348] Bierman, A., Bjorklund, M., Dong, J. and D. Romascanu, "A YANG Data Model for Hardware Management", RFC 8348, DOI 10.17487/RFC8348, March 2018.

10.2. Informative References

[BBF.TR-352] Broadband Forum, "Multi-wavelength PON Inter-Channel-Termination Protocol (ICTP) Specification", May 2017.
[IANA-ENTERPRISE-NUMBERS] IANA, "Private Enterprise Numbers"
[IANA-IPFIX] IANA, "IP Flow Information Export (IPFIX) Entities"
[RFC1141] Mallory, T. and A. Kullberg, "Incremental updating of the Internet checksum", RFC 1141, DOI 10.17487/RFC1141, January 1990.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004.
[RFC5473] Boschi, E., Mark, L. and B. Claise, "Reducing Redundancy in IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Reports", RFC 5473, DOI 10.17487/RFC5473, March 2009.
[RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J. and A. Bierman, "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011.
[RFC6728] Muenz, G., Claise, B. and P. Aitken, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols", RFC 6728, DOI 10.17487/RFC6728, October 2012.
[RFC8040] Bierman, A., Bjorklund, M. and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017.
[RFC8340] Bjorklund, M. and L. Berger, "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, October 2018.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018.

Appendix A. Example: ietf-ipfix Usage

This configuration example configures an IPFIX exporter for a [BBF.TR-352] ICTP Proxy.

<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
  <exporting-process>
    <name>TR352-exporter</name>
    <enabled>true</enabled>
    <destination>
      <name>ICTP-Proxy1-collector</name>
      <tcp-exporter>
        <source>
          <source-address>192.100.2.1</source-address>
        </source>
        <destination>
          <destination-address>proxy1.sys.com</destination-address>
        </destination>
      </tcp-exporter>
    </destination>
    <options>
      <name>Options 1</name>
      <options-type>extended-type-information</options-type>
      <options-timeout>0</options-timeout>
    </options>
  </exporting-process>
</ipfix>

This configuration example configures an IPFIX mediator.

<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
  <collecting-process>
    <name>OLT-collector</name>
    <tcp-collector>
      <name>myolt-tcp-collector</name>
      <local-address>192.100.2.1</local-address>
    </tcp-collector>
    <exporting-process>OLT-exporter</exporting-process>
  </collecting-process>
  <exporting-process>
    <name>OLT-exporter</name>
    <enabled>true</enabled>
    <destination>
      <name>big-collector</name>
      <tcp-exporter>
        <source>
          <source-address>192.100.2.1</source-address>
        </source>
        <destination>
          <destination-address>collect1.sys.com</destination-address>
        </destination>
      </tcp-exporter>
    </destination>
    <options>
      <name>Options 1</name>
      <options-type>extended-type-information</options-type>
      <options-timeout>0</options-timeout>
    </options>
  </exporting-process>
</ipfix>

Appendix B. Example: ietf-ipfix-packet-sampling Usage

This configuration example configures two Observation Points capturing ingress traffic at eth0 and all traffic at eth1. Both Observed Packet Streams enter two different Selection Processes. The first Selection Process implements a Composite Selector of a filter for UDP packets and a random sampler. The second Selection Process implements a Primitive Selector of an ICMP filter. The Selected Packet Streams of both Selection Processes enter the same Cache. The Cache generates a PSAMP Packet Report for every selected packet.

The associated Exporting Process exports to a Collector using PR-SCTP and DTLS. The TLS/DTLS parameters specify that the collector must supply a certificate for the FQDN collector.example.net. Valid certificates from any certification authority will be accepted. As the destination transport port is omitted, the standard IPFIX-over-DTLS port 4740 is used.

The parameters of the Selection Processes are reported as Selection Sequence Report Interpretations and Selector Report Interpretations [RFC5476]. There will be two Selection Sequence Report Interpretations per Selection Process, one for each Observation Point. Selection Sequence Statistics Report Interpretations are exported every 30 seconds (30000 milliseconds).

<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
  <psamp xmlns=
   "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling">
    <observation-point>
      <name>OP at eth0 (ingress)</name>
      <observation-domain-id>123</observation-domain-id>
      <interface-ref>eth0</interface-ref>
      <direction>ingress</direction>
      <selection-process>Sampled UDP packets</selection-process>
      <selection-process>ICMP packets</selection-process>
    </observation-point>

    <observation-point>
      <name>OP at eth1</name>
      <observation-domain-id>123</observation-domain-id>
      <interface-ref>eth1</interface-ref>
      <selection-process>Sampled UDP packets</selection-process>
      <selection-process>ICMP packets</selection-process>
    </observation-point>

    <selection-process>
      <name>Sampled UDP packets</name>
      <selector>
        <name>UDP filter</name>
        <filter-match>
          <ie-id>4</ie-id>
          <value>17</value>
        </filter-match>
      </selector>
      <selector>
        <name>10-out-of-100 sampler</name>
        <samp-rand-out-of-n>
          <size>10</size>
          <population>100</population>
        </samp-rand-out-of-n>
      </selector>
      <cache>PSAMP cache</cache>
    </selection-process>

    <selection-process>
      <name>ICMP packets</name>
      <selector>
        <name>ICMP filter</name>
        <filter-match>
          <ie-id>4</ie-id>
          <value>1</value>
        </filter-match>
      </selector>
      <cache>PSAMP cache</cache>
    </selection-process>

    <cache>
      <name>PSAMP cache</name>
      <immediate-cache>
        <cache-layout>
          <cache-field>
            <name>Field 1: ipHeaderPacketSection</name>
            <ie-id>313</ie-id>
            <ie-length>64</ie-length>
          </cache-field>
          <cache-field>
            <name>Field 2: observationTimeMilliseconds</name>
            <ie-id>322</ie-id>
          </cache-field>
        </cache-layout>
      </immediate-cache>
      <exporting-process>The only exporter</exporting-process>
    </cache>
  </psamp>

  <exporting-process>
    <name>The only exporter</name>
    <enabled>true</enabled>
    <destination>
      <name>PR-SCTP collector</name>
      <sctp-exporter>
        <destination>
          <destination-address>192.0.2.1</destination-address>
        </destination>
        <rate-limit>1000000</rate-limit>
        <timed-reliability>500</timed-reliability>
        <transport-layer-security>
          <remote-subject-fqdn>coll-1.ex.net</remote-subject-fqdn>
        </transport-layer-security>
      </sctp-exporter>
    </destination>
    <options>
      <name>Options 1</name>
      <options-type>selection-sequence</options-type>
      <options-timeout>0</options-timeout>
    </options>
    <options>
      <name>Options 2</name>
      <options-type>selection-statistics</options-type>
      <options-timeout>30000</options-timeout>
    </options>
  </exporting-process>

</ipfix>

Appendix C. Example: ietf-ipfix-bulk-data-export Usage

The configuration example configures a field-layout template to export Ethernet statistics from eth0 and eth1.

<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix"
       xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
  <bulk-data-export xmlns=
   "urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export">

    <template>
      <name>Ethernet Statistics</name>
      <enabled>true</enabled>
      <export-interval>300</export-interval>
      <observation-domain-id>123</observation-domain-id>
      <field-layout>
        <field>
          <name>in-octets</name>
          <ie-id>1001</ie-id>
          <ie-length>4</ie-length>
          <ie-enterprise-number>664</ie-enterprise-number>
        </field>
        <field>
          <name>out-octets</name>
          <ie-id>1002</ie-id>
          <ie-length>4</ie-length>
          <ie-enterprise-number>664</ie-enterprise-number>
        </field>
      </field-layout>
      <exporting-process>The only one</exporting-process>
      <resource-instance>/if:interfaces/if:interface[if:name='eth0']
        </resource-instance>
      <resource-instance>/if:interfaces/if:interface[if:name='eth1']
        </resource-instance>
    </template>
  </bulk-data-export>
  <exporting-process>
    <name>The only one</name>
    <enabled>true</enabled>
    <destination>
      <name>Bulk data collector</name>
      <tcp-exporter>
        <destination>
          <destination-address>192.0.2.2</destination-address>
        </destination>
        <rate-limit>1000000</rate-limit>
        <transport-layer-security>
          <remote-subject-fqdn>coll-2.ex.net</remote-subject-fqdn>
        </transport-layer-security>
      </tcp-exporter>
    </destination>
  </exporting-process>
</ipfix>

Appendix D. Tree diagrams

D.1. ietf-ipfix

The complete tree diagram for ietf-ipfix:

module: ietf-ipfix
  +--rw ipfix
     +--rw collecting-process* [name] {collector}?
     |  +--rw name                 name-type
     |  +--rw tcp-collector* [name] {tcp-transport}?
     |  |  +--rw name                        name-type
     |  |  +--rw (local-address-method)?
     |  |  |  +--:(local-address)
     |  |  |     +--rw local-address*        inet:host
     |  |  +--rw local-port?                 inet:port-number
     |  |  +--rw transport-layer-security!
     |  |  |  +--rw local-certification-authority-dn*    string
     |  |  |  +--rw local-subject-dn*                    string
     |  |  |  +--rw local-subject-fqdn*
     |  |  |  |       inet:domain-name
     |  |  |  +--rw remote-certification-authority-dn*   string
     |  |  |  +--rw remote-subject-dn*                   string
     |  |  |  +--rw remote-subject-fqdn*
     |  |  |          inet:domain-name
     |  |  +--ro transport-session* [name]
     |  |     +--ro name                                    name-type
     |  |     +--ro ipfix-version?                          uint16
     |  |     +--ro source-address?                         inet:host
     |  |     +--ro destination-address?                    inet:host
     |  |     +--ro source-port?
     |  |     |       inet:port-number
     |  |     +--ro destination-port?
     |  |     |       inet:port-number
     |  |     +--ro status?
     |  |     |       transport-session-status
     |  |     +--ro rate?
     |  |     |       yang:gauge32
     |  |     +--ro bytes?
     |  |     |       yang:counter64
     |  |     +--ro messages?
     |  |     |       yang:counter64
     |  |     +--ro discarded-messages?
     |  |     |       yang:counter64
     |  |     +--ro records?
     |  |     |       yang:counter64
     |  |     +--ro templates?
     |  |     |       yang:counter32
     |  |     +--ro options-templates?
     |  |     |       yang:counter32
     |  |     +--ro transport-session-start-time?
     |  |     |       yang:date-and-time
     |  |     +--ro transport-session-discontinuity-time?
     |  |     |       yang:date-and-time
     |  |     +--ro template* [name]
     |  |        +--ro name                           name-type
     |  |        +--ro observation-domain-id?         uint32
     |  |        +--ro template-id?                   uint16
     |  |        +--ro set-id?                        uint16
     |  |        +--ro access-time?
     |  |        |       yang:date-and-time
     |  |        +--ro template-data-records?         yang:counter64
     |  |        +--ro template-discontinuity-time?
     |  |        |       yang:date-and-time
     |  |        +--ro field* [name]
     |  |           +--ro name                    name-type
     |  |           +--ro ie-id?                  ie-id-type
     |  |           +--ro ie-length?              uint16
     |  |           +--ro ie-enterprise-number?   uint32
     |  |           +--ro is-flow-key?            empty
     |  |           +--ro is-scope?               empty
     |  +--rw udp-collector* [name] {udp-transport}?
     |  |  +--rw name                            name-type
     |  |  +--rw (local-address-method)?
     |  |  |  +--:(local-address)
     |  |  |     +--rw local-address*            inet:host
     |  |  +--rw local-port?                     inet:port-number
     |  |  +--rw template-life-time?             uint32
     |  |  +--rw options-template-life-time?     uint32
     |  |  +--rw template-life-packet?           uint32
     |  |  +--rw options-template-life-packet?   uint32
     |  |  +--rw maximum-reordering-delay?       uint32
     |  |  +--rw transport-layer-security!
     |  |  |  +--rw local-certification-authority-dn*    string
     |  |  |  +--rw local-subject-dn*                    string
     |  |  |  +--rw local-subject-fqdn*
     |  |  |  |       inet:domain-name
     |  |  |  +--rw remote-certification-authority-dn*   string
     |  |  |  +--rw remote-subject-dn*                   string
     |  |  |  +--rw remote-subject-fqdn*
     |  |  |          inet:domain-name
     |  |  +--ro transport-session* [name]
     |  |     +--ro name                                    name-type
     |  |     +--ro ipfix-version?                          uint16
     |  |     +--ro source-address?                         inet:host
     |  |     +--ro destination-address?                    inet:host
     |  |     +--ro source-port?
     |  |     |       inet:port-number
     |  |     +--ro destination-port?
     |  |     |       inet:port-number
     |  |     +--ro status?
     |  |     |       transport-session-status
     |  |     +--ro rate?
     |  |     |       yang:gauge32
     |  |     +--ro bytes?
     |  |     |       yang:counter64
     |  |     +--ro messages?
     |  |     |       yang:counter64
     |  |     +--ro discarded-messages?
     |  |     |       yang:counter64
     |  |     +--ro records?
     |  |     |       yang:counter64
     |  |     +--ro templates?
     |  |     |       yang:counter32
     |  |     +--ro options-templates?
     |  |     |       yang:counter32
     |  |     +--ro transport-session-start-time?
     |  |     |       yang:date-and-time
     |  |     +--ro transport-session-discontinuity-time?
     |  |     |       yang:date-and-time
     |  |     +--ro template* [name]
     |  |        +--ro name                           name-type
     |  |        +--ro observation-domain-id?         uint32
     |  |        +--ro template-id?                   uint16
     |  |        +--ro set-id?                        uint16
     |  |        +--ro access-time?
     |  |        |       yang:date-and-time
     |  |        +--ro template-data-records?         yang:counter64
     |  |        +--ro template-discontinuity-time?
     |  |        |       yang:date-and-time
     |  |        +--ro field* [name]
     |  |           +--ro name                    name-type
     |  |           +--ro ie-id?                  ie-id-type
     |  |           +--ro ie-length?              uint16
     |  |           +--ro ie-enterprise-number?   uint32
     |  |           +--ro is-flow-key?            empty
     |  |           +--ro is-scope?               empty
     |  +--rw sctp-collector* [name] {sctp-transport}?
     |  |  +--rw name                        name-type
     |  |  +--rw (local-address-method)?
     |  |  |  +--:(local-address)
     |  |  |     +--rw local-address*        inet:host
     |  |  +--rw local-port?                 inet:port-number
     |  |  +--rw maximum-reordering-delay?   uint32
     |  |  +--rw transport-layer-security!
     |  |  |  +--rw local-certification-authority-dn*    string
     |  |  |  +--rw local-subject-dn*                    string
     |  |  |  +--rw local-subject-fqdn*
     |  |  |  |       inet:domain-name
     |  |  |  +--rw remote-certification-authority-dn*   string
     |  |  |  +--rw remote-subject-dn*                   string
     |  |  |  +--rw remote-subject-fqdn*
     |  |  |          inet:domain-name
     |  |  +--ro transport-session* [name]
     |  |     +--ro name                                    name-type
     |  |     +--ro sctp-association-id?                    uint32
     |  |     +--ro ipfix-version?                          uint16
     |  |     +--ro source-address?                         inet:host
     |  |     +--ro destination-address?                    inet:host
     |  |     +--ro source-port?
     |  |     |       inet:port-number
     |  |     +--ro destination-port?
     |  |     |       inet:port-number
     |  |     +--ro status?
     |  |     |       transport-session-status
     |  |     +--ro rate?
     |  |     |       yang:gauge32
     |  |     +--ro bytes?
     |  |     |       yang:counter64
     |  |     +--ro messages?
     |  |     |       yang:counter64
     |  |     +--ro discarded-messages?
     |  |     |       yang:counter64
     |  |     +--ro records?
     |  |     |       yang:counter64
     |  |     +--ro templates?
     |  |     |       yang:counter32
     |  |     +--ro options-templates?
     |  |     |       yang:counter32
     |  |     +--ro transport-session-start-time?
     |  |     |       yang:date-and-time
     |  |     +--ro transport-session-discontinuity-time?
     |  |     |       yang:date-and-time
     |  |     +--ro template* [name]
     |  |        +--ro name                           name-type
     |  |        +--ro observation-domain-id?         uint32
     |  |        +--ro template-id?                   uint16
     |  |        +--ro set-id?                        uint16
     |  |        +--ro access-time?
     |  |        |       yang:date-and-time
     |  |        +--ro template-data-records?         yang:counter64
     |  |        +--ro template-discontinuity-time?
     |  |        |       yang:date-and-time
     |  |        +--ro field* [name]
     |  |           +--ro name                    name-type
     |  |           +--ro ie-id?                  ie-id-type
     |  |           +--ro ie-length?              uint16
     |  |           +--ro ie-enterprise-number?   uint32
     |  |           +--ro is-flow-key?            empty
     |  |           +--ro is-scope?               empty
     |  +--rw file-reader* [name] {file-reader}?
     |  |  +--rw name                 name-type
     |  |  +--rw file                 inet:uri
     |  |  +--ro file-reader-state
     |  |     +--ro bytes?                            yang:counter64
     |  |     +--ro messages?                         yang:counter64
     |  |     +--ro records?                          yang:counter64
     |  |     +--ro templates?                        yang:counter32
     |  |     +--ro options-templates?                yang:counter32
     |  |     +--ro file-reader-discontinuity-time?
     |  |     |       yang:date-and-time
     |  |     +--ro template* [name]
     |  |        +--ro name                           name-type
     |  |        +--ro observation-domain-id?         uint32
     |  |        +--ro template-id?                   uint16
     |  |        +--ro set-id?                        uint16
     |  |        +--ro access-time?
     |  |        |       yang:date-and-time
     |  |        +--ro template-data-records?         yang:counter64
     |  |        +--ro template-discontinuity-time?
     |  |        |       yang:date-and-time
     |  |        +--ro field* [name]
     |  |           +--ro name                    name-type
     |  |           +--ro ie-id?                  ie-id-type
     |  |           +--ro ie-length?              uint16
     |  |           +--ro ie-enterprise-number?   uint32
     |  |           +--ro is-flow-key?            empty
     |  |           +--ro is-scope?               empty
     |  +--rw exporting-process*   -> /ipfix/exporting-process/name
     |          {exporter}?
     +--rw exporting-process* [name] {exporter}?
        +--rw name                    name-type
        +--rw enabled?                boolean
        +--rw export-mode?            identityref
        +--rw destination* [name]
        |  +--rw name                   name-type
        |  +--rw (destination-parameters)
        |     +--:(tcp-exporter)
        |     |  +--rw tcp-exporter {tcp-transport}?
        |     |     +--rw ipfix-version?              uint16
        |     |     +--rw source
        |     |     |  +--rw (source-method)?
        |     |     |     +--:(interface-ref)
        |     |     |     |  +--rw interface-ref?    if:interface-ref
        |     |     |     +--:(if-index) {if-mib}?
        |     |     |     |  +--rw if-index?         uint32
        |     |     |     +--:(if-name) {if-mib}?
        |     |     |     |  +--rw if-name?          string
        |     |     |     +--:(source-address)
        |     |     |        +--rw source-address?   inet:host
        |     |     +--rw destination
        |     |     |  +--rw (destination-method)
        |     |     |     +--:(destination-address)
        |     |     |        +--rw destination-address?   inet:host
        |     |     +--rw destination-port?
        |     |     |       inet:port-number
        |     |     +--rw send-buffer-size?           uint32
        |     |     +--rw rate-limit?                 uint32
        |     |     +--rw connection-timeout?         uint32
        |     |     +--rw retry-schedule?             uint32
        |     |     +--rw transport-layer-security!
        |     |     |  +--rw local-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-fqdn*
        |     |     |  |       inet:domain-name
        |     |     |  +--rw remote-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-fqdn*
        |     |     |          inet:domain-name
        |     |     +--ro transport-session
        |     |        +--ro ipfix-version?
        |     |        |       uint16
        |     |        +--ro source-address?
        |     |        |       inet:host
        |     |        +--ro destination-address?
        |     |        |       inet:host
        |     |        +--ro source-port?
        |     |        |       inet:port-number
        |     |        +--ro destination-port?
        |     |        |       inet:port-number
        |     |        +--ro status?
        |     |        |       transport-session-status
        |     |        +--ro rate?
        |     |        |       yang:gauge32
        |     |        +--ro bytes?
        |     |        |       yang:counter64
        |     |        +--ro messages?
        |     |        |       yang:counter64
        |     |        +--ro discarded-messages?
        |     |        |       yang:counter64
        |     |        +--ro records?
        |     |        |       yang:counter64
        |     |        +--ro templates?
        |     |        |       yang:counter32
        |     |        +--ro options-templates?
        |     |        |       yang:counter32
        |     |        +--ro transport-session-start-time?
        |     |        |       yang:date-and-time
        |     |        +--ro transport-session-discontinuity-time?
        |     |        |       yang:date-and-time
        |     |        +--ro template* [name]
        |     |           +--ro name
        |     |           |       name-type
        |     |           +--ro observation-domain-id?         uint32
        |     |           +--ro template-id?                   uint16
        |     |           +--ro set-id?                        uint16
        |     |           +--ro access-time?
        |     |           |       yang:date-and-time
        |     |           +--ro template-data-records?
        |     |           |       yang:counter64
        |     |           +--ro template-discontinuity-time?
        |     |           |       yang:date-and-time
        |     |           +--ro field* [name]
        |     |              +--ro name                    name-type
        |     |              +--ro ie-id?                  ie-id-type
        |     |              +--ro ie-length?              uint16
        |     |              +--ro ie-enterprise-number?   uint32
        |     |              +--ro is-flow-key?            empty
        |     |              +--ro is-scope?               empty
        |     +--:(udp-exporter)
        |     |  +--rw udp-exporter {udp-transport}?
        |     |     +--rw ipfix-version?                      uint16
        |     |     +--rw source
        |     |     |  +--rw (source-method)?
        |     |     |     +--:(interface-ref)
        |     |     |     |  +--rw interface-ref?    if:interface-ref
        |     |     |     +--:(if-index) {if-mib}?
        |     |     |     |  +--rw if-index?         uint32
        |     |     |     +--:(if-name) {if-mib}?
        |     |     |     |  +--rw if-name?          string
        |     |     |     +--:(source-address)
        |     |     |        +--rw source-address?   inet:host
        |     |     +--rw destination
        |     |     |  +--rw (destination-method)
        |     |     |     +--:(destination-address)
        |     |     |        +--rw destination-address?   inet:host
        |     |     +--rw destination-port?
        |     |     |       inet:port-number
        |     |     +--rw send-buffer-size?                   uint32
        |     |     +--rw rate-limit?                         uint32
        |     |     +--rw maximum-packet-size?                uint16
        |     |     +--rw template-refresh-timeout?           uint32
        |     |     +--rw options-template-refresh-timeout?   uint32
        |     |     +--rw template-refresh-packet?            uint32
        |     |     +--rw options-template-refresh-packet?    uint32
        |     |     +--rw transport-layer-security!
        |     |     |  +--rw local-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-fqdn*
        |     |     |  |       inet:domain-name
        |     |     |  +--rw remote-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-fqdn*
        |     |     |          inet:domain-name
        |     |     +--ro transport-session
        |     |        +--ro ipfix-version?
        |     |        |       uint16
        |     |        +--ro source-address?
        |     |        |       inet:host
        |     |        +--ro destination-address?
        |     |        |       inet:host
        |     |        +--ro source-port?
        |     |        |       inet:port-number
        |     |        +--ro destination-port?
        |     |        |       inet:port-number
        |     |        +--ro status?
        |     |        |       transport-session-status
        |     |        +--ro rate?
        |     |        |       yang:gauge32
        |     |        +--ro bytes?
        |     |        |       yang:counter64
        |     |        +--ro messages?
        |     |        |       yang:counter64
        |     |        +--ro discarded-messages?
        |     |        |       yang:counter64
        |     |        +--ro records?
        |     |        |       yang:counter64
        |     |        +--ro templates?
        |     |        |       yang:counter32
        |     |        +--ro options-templates?
        |     |        |       yang:counter32
        |     |        +--ro transport-session-start-time?
        |     |        |       yang:date-and-time
        |     |        +--ro transport-session-discontinuity-time?
        |     |        |       yang:date-and-time
        |     |        +--ro template* [name]
        |     |           +--ro name
        |     |           |       name-type
        |     |           +--ro observation-domain-id?         uint32
        |     |           +--ro template-id?                   uint16
        |     |           +--ro set-id?                        uint16
        |     |           +--ro access-time?
        |     |           |       yang:date-and-time
        |     |           +--ro template-data-records?
        |     |           |       yang:counter64
        |     |           +--ro template-discontinuity-time?
        |     |           |       yang:date-and-time
        |     |           +--ro field* [name]
        |     |              +--ro name                    name-type
        |     |              +--ro ie-id?                  ie-id-type
        |     |              +--ro ie-length?              uint16
        |     |              +--ro ie-enterprise-number?   uint32
        |     |              +--ro is-flow-key?            empty
        |     |              +--ro is-scope?               empty
        |     +--:(sctp-exporter)
        |     |  +--rw sctp-exporter {sctp-transport}?
        |     |     +--rw ipfix-version?              uint16
        |     |     +--rw source
        |     |     |  +--rw (source-method)?
        |     |     |     +--:(interface-ref)
        |     |     |     |  +--rw interface-ref?    if:interface-ref
        |     |     |     +--:(if-index) {if-mib}?
        |     |     |     |  +--rw if-index?         uint32
        |     |     |     +--:(if-name) {if-mib}?
        |     |     |     |  +--rw if-name?          string
        |     |     |     +--:(source-address)
        |     |     |        +--rw source-address*   inet:host
        |     |     +--rw destination
        |     |     |  +--rw (destination-method)
        |     |     |     +--:(destination-address)
        |     |     |        +--rw destination-address*   inet:host
        |     |     +--rw destination-port?
        |     |     |       inet:port-number
        |     |     +--rw send-buffer-size?           uint32
        |     |     +--rw rate-limit?                 uint32
        |     |     +--rw timed-reliability?          uint32
        |     |     +--rw association-timeout?        uint32
        |     |     +--rw transport-layer-security!
        |     |     |  +--rw local-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw local-subject-fqdn*
        |     |     |  |       inet:domain-name
        |     |     |  +--rw remote-certification-authority-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-dn*
        |     |     |  |       string
        |     |     |  +--rw remote-subject-fqdn*
        |     |     |          inet:domain-name
        |     |     +--ro transport-session
        |     |        +--ro sctp-association-id?
        |     |        |       uint32
        |     |        +--ro ipfix-version?
        |     |        |       uint16
        |     |        +--ro source-address?
        |     |        |       inet:host
        |     |        +--ro destination-address?
        |     |        |       inet:host
        |     |        +--ro source-port?
        |     |        |       inet:port-number
        |     |        +--ro destination-port?
        |     |        |       inet:port-number
        |     |        +--ro status?
        |     |        |       transport-session-status
        |     |        +--ro rate?
        |     |        |       yang:gauge32
        |     |        +--ro bytes?
        |     |        |       yang:counter64
        |     |        +--ro messages?
        |     |        |       yang:counter64
        |     |        +--ro discarded-messages?
        |     |        |       yang:counter64
        |     |        +--ro records?
        |     |        |       yang:counter64
        |     |        +--ro templates?
        |     |        |       yang:counter32
        |     |        +--ro options-templates?
        |     |        |       yang:counter32
        |     |        +--ro transport-session-start-time?
        |     |        |       yang:date-and-time
        |     |        +--ro transport-session-discontinuity-time?
        |     |        |       yang:date-and-time
        |     |        +--ro template* [name]
        |     |           +--ro name
        |     |           |       name-type
        |     |           +--ro observation-domain-id?         uint32
        |     |           +--ro template-id?                   uint16
        |     |           +--ro set-id?                        uint16
        |     |           +--ro access-time?
        |     |           |       yang:date-and-time
        |     |           +--ro template-data-records?
        |     |           |       yang:counter64
        |     |           +--ro template-discontinuity-time?
        |     |           |       yang:date-and-time
        |     |           +--ro field* [name]
        |     |              +--ro name                    name-type
        |     |              +--ro ie-id?                  ie-id-type
        |     |              +--ro ie-length?              uint16
        |     |              +--ro ie-enterprise-number?   uint32
        |     |              +--ro is-flow-key?            empty
        |     |              +--ro is-scope?               empty
        |     +--:(file-writer)
        |        +--rw file-writer {file-writer}?
        |           +--rw ipfix-version?       uint16
        |           +--rw file                 inet:uri
        |           +--ro file-writer-state
        |              +--ro bytes?
        |              |       yang:counter64
        |              +--ro messages?
        |              |       yang:counter64
        |              +--ro discarded-messages?
        |              |       yang:counter64
        |              +--ro records?
        |              |       yang:counter64
        |              +--ro templates?
        |              |       yang:counter32
        |              +--ro options-templates?
        |              |       yang:counter32
        |              +--ro file-writer-discontinuity-time?
        |              |       yang:date-and-time
        |              +--ro template* [name]
        |                 +--ro name
        |                 |       name-type
        |                 +--ro observation-domain-id?         uint32
        |                 +--ro template-id?                   uint16
        |                 +--ro set-id?                        uint16
        |                 +--ro access-time?
        |                 |       yang:date-and-time
        |                 +--ro template-data-records?
        |                 |       yang:counter64
        |                 +--ro template-discontinuity-time?
        |                 |       yang:date-and-time
        |                 +--ro field* [name]
        |                    +--ro name                    name-type
        |                    +--ro ie-id?                  ie-id-type
        |                    +--ro ie-length?              uint16
        |                    +--ro ie-enterprise-number?   uint32
        |                    +--ro is-flow-key?            empty
        |                    +--ro is-scope?               empty
        +--rw options* [name]
        |  +--rw name               name-type
        |  +--rw options-type       identityref
        |  +--rw options-timeout?   uint32
        +--ro exporting-process-id?   uint32

D.2. ietf-ipfix-packet-sampling

The complete tree diagram for ietf-ipfix-packet-sampling:

module: ietf-ipfix-packet-sampling
  augment /ipfix:ipfix:
    +--rw psamp
       +--rw observation-point* [name]
       |  +--rw name                     ipfix:name-type
       |  +--rw observation-domain-id    uint32
       |  +--rw interface-ref*           if:interface-ref
       |  +--rw if-name*                 if-name-type {if-mib}?
       |  +--rw if-index*                uint32 {if-mib}?
       |  +--rw hardware-ref*            hardware-ref
       |  +--rw ent-physical-name*       string {entity-mib}?
       |  +--rw ent-physical-index*      uint32 {entity-mib}?
       |  +--rw direction?               direction
       |  +--rw selection-process*
       |  |       -> /ipfix:ipfix/psamp/selection-process/name
       |  +--ro observation-point-id?    uint32
       +--rw selection-process* [name]
       |  +--rw name                  ipfix:name-type
       |  +--rw selector* [name]
       |  |  +--rw name                           ipfix:name-type
       |  |  +--rw (method)
       |  |  |  +--:(select-all)
       |  |  |  |  +--rw select-all?              empty
       |  |  |  +--:(samp-count-based)
       |  |  |  |  +--rw samp-count-based {psamp-samp-count-based}?
       |  |  |  |     +--rw packet-interval    uint32
       |  |  |  |     +--rw packet-space       uint32
       |  |  |  +--:(samp-time-based)
       |  |  |  |  +--rw samp-time-based {psamp-samp-time-based}?
       |  |  |  |     +--rw time-interval    uint32
       |  |  |  |     +--rw time-space       uint32
       |  |  |  +--:(samp-rand-out-of-n)
       |  |  |  |  +--rw samp-rand-out-of-n
       |  |  |  |          {psamp-samp-rand-out-of-n}?
       |  |  |  |     +--rw size          uint32
       |  |  |  |     +--rw population    uint32
       |  |  |  +--:(samp-uni-prob)
       |  |  |  |  +--rw samp-uni-prob {psamp-samp-uni-prob}?
       |  |  |  |     +--rw probability    decimal64
       |  |  |  +--:(filter-match)
       |  |  |  |  +--rw filter-match {psamp-filter-match}?
       |  |  |  |     +--rw (information-element)
       |  |  |  |     |  +--:(ie-name)
       |  |  |  |     |  |  +--rw ie-name?
       |  |  |  |     |  |          ipfix:ie-name-type
       |  |  |  |     |  +--:(ie-id)
       |  |  |  |     |     +--rw ie-id?            ipfix:ie-id-type
       |  |  |  |     +--rw ie-enterprise-number?   uint32
       |  |  |  |     +--rw value                   string
       |  |  |  +--:(filter-hash)
       |  |  |     +--rw filter-hash {psamp-filter-hash}?
       |  |  |        +--rw hash-function?       identityref
       |  |  |        +--rw initializer-value?   uint64
       |  |  |        +--rw ip-payload-offset?   uint64
       |  |  |        +--rw ip-payload-size?     uint64
       |  |  |        +--rw digest-output?       boolean
       |  |  |        +--rw selected-range* [name]
       |  |  |        |  +--rw name    ipfix:name-type
       |  |  |        |  +--rw min?    uint64
       |  |  |        |  +--rw max?    uint64
       |  |  |        +--ro output-range-min?    uint64
       |  |  |        +--ro output-range-max?    uint64
       |  |  +--ro packets-observed?              yang:counter64
       |  |  +--ro packets-dropped?               yang:counter64
       |  |  +--ro selector-discontinuity-time?   yang:date-and-time
       |  +--rw cache?
       |  |       -> /ipfix:ipfix/psamp/cache/name
       |  +--ro selection-sequence* []
       |     +--ro observation-domain-id?   uint32
       |     +--ro selection-sequence-id?   uint64
       +--rw cache* [name]
          +--rw name                        ipfix:name-type
          +--rw enabled?                    boolean
          +--rw (cache-type)
          |  +--:(immediate-cache)
          |  |  +--rw immediate-cache {immediate-cache}?
          |  |     +--rw cache-layout
          |  |        +--rw cache-field* [name]
          |  |           +--rw name
          |  |           |       ipfix:name-type
          |  |           +--rw (information-element)
          |  |           |  +--:(ie-name)
          |  |           |  |  +--rw ie-name?
          |  |           |  |          ipfix:ie-name-type
          |  |           |  +--:(ie-id)
          |  |           |     +--rw ie-id?
          |  |           |             ipfix:ie-id-type
          |  |           +--rw ie-length?              uint16
          |  |           +--rw ie-enterprise-number?   uint32
          |  +--:(timeout-cache)
          |  |  +--rw timeout-cache {timeout-cache}?
          |  |     +--rw max-flows?              uint32
          |  |     +--rw active-timeout?         uint32
          |  |     +--rw idle-timeout?           uint32
          |  |     +--rw cache-layout
          |  |     |  +--rw cache-field* [name]
          |  |     |     +--rw name
          |  |     |     |       ipfix:name-type
          |  |     |     +--rw (information-element)
          |  |     |     |  +--:(ie-name)
          |  |     |     |  |  +--rw ie-name?
          |  |     |     |  |          ipfix:ie-name-type
          |  |     |     |  +--:(ie-id)
          |  |     |     |     +--rw ie-id?
          |  |     |     |             ipfix:ie-id-type
          |  |     |     +--rw ie-length?              uint16
          |  |     |     +--rw ie-enterprise-number?   uint32
          |  |     |     +--rw is-flow-key?            empty
          |  |     +--ro active-flows?           yang:gauge32
          |  |     +--ro unused-cache-entries?   yang:gauge32
          |  +--:(natural-cache)
          |  |  +--rw natural-cache {natural-cache}?
          |  |     +--rw max-flows?              uint32
          |  |     +--rw active-timeout?         uint32
          |  |     +--rw idle-timeout?           uint32
          |  |     +--rw cache-layout
          |  |     |  +--rw cache-field* [name]
          |  |     |     +--rw name
          |  |     |     |       ipfix:name-type
          |  |     |     +--rw (information-element)
          |  |     |     |  +--:(ie-name)
          |  |     |     |  |  +--rw ie-name?
          |  |     |     |  |          ipfix:ie-name-type
          |  |     |     |  +--:(ie-id)
          |  |     |     |     +--rw ie-id?
          |  |     |     |             ipfix:ie-id-type
          |  |     |     +--rw ie-length?              uint16
          |  |     |     +--rw ie-enterprise-number?   uint32
          |  |     |     +--rw is-flow-key?            empty
          |  |     +--ro active-flows?           yang:gauge32
          |  |     +--ro unused-cache-entries?   yang:gauge32
          |  +--:(permanent-cache)
          |     +--rw permanent-cache {permanent-cache}?
          |        +--rw max-flows?              uint32
          |        +--rw export-interval?        uint32
          |        +--rw cache-layout
          |        |  +--rw cache-field* [name]
          |        |     +--rw name
          |        |     |       ipfix:name-type
          |        |     +--rw (information-element)
          |        |     |  +--:(ie-name)
          |        |     |  |  +--rw ie-name?
          |        |     |  |          ipfix:ie-name-type
          |        |     |  +--:(ie-id)
          |        |     |     +--rw ie-id?
          |        |     |             ipfix:ie-id-type
          |        |     +--rw ie-length?              uint16
          |        |     +--rw ie-enterprise-number?   uint32
          |        |     +--rw is-flow-key?            empty
          |        +--ro active-flows?           yang:gauge32
          |        +--ro unused-cache-entries?   yang:gauge32
          +--rw exporting-process*
          |       -> /ipfix:ipfix/exporting-process/name
          |       {ipfix:exporter}?
          +--ro metering-process-id?        uint32
          +--ro data-records?               yang:counter64
          +--ro cache-discontinuity-time?   yang:date-and-time

D.3. ietf-ipfix-bulk-data-export

The complete tree diagram for ietf-ipfix-bulk-data-export:

module: ietf-ipfix-bulk-data-export
  augment /ipfix:ipfix:
    +--rw bulk-data-export
       +--rw template* [name]
          +--rw name                       ipfix:name-type
          +--rw enabled?                   boolean
          +--rw export-interval?           uint32
          +--rw observation-domain-id?     uint32
          +--rw field-layout
          |  +--rw field* [name]
          |     +--rw name                    ipfix:name-type
          |     +--rw (identifier)
          |     |  +--:(ie-name)
          |     |  |  +--rw ie-name?          ipfix:ie-name-type
          |     |  +--:(ie-id)
          |     |     +--rw ie-id?            ipfix:ie-id-type
          |     +--rw ie-length?              uint16
          |     +--rw ie-enterprise-number?   uint32
          +--rw exporting-process*
          |       -> /ipfix:ipfix/exporting-process/name
          |       {ipfix:exporter}?
          +--rw (resource-identifier)?
          |  +--:(resource-instance)
          |     +--rw resource-instance*   resource
          +--ro data-records?              yang:counter64
          +--ro discontinuity-time?        yang:date-and-time

Authors' Addresses

Joey Boyd ADTRAN EMail: joey.boyd@adtran.com
Marta Seda Calix EMail: marta.seda@calix.com