Network Working Group | J. Boyd |
Internet-Draft | ADTRAN |
Obsoletes: 6728 (if approved) | M. Seda |
Intended status: Standards Track | Calix |
Expires: September 10, 2020 | March 9, 2020 |
YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
draft-boydseda-ipfix-psamp-bulk-data-yang-model-03
This document defines a flexible, modular YANG model for packet sampling (PSAMP) and bulk data collection and export via the IPFIX protocol. This new model replaces the model defined in RFC 6728, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols". All functionality modeled in RFC 6728 has been carried over to this new model.
The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.
This document obsoletes RFC 6728 (if approved).
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2020.
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Bulk data collection is an automated collection of device data that is packaged together and delivered to an IPFIX collector. The IPFIX protocol may be used to transport bulk data such as:
IPFIX can also be used to meet the bulk transport requirements of other protocols. For example:
The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in [RFC8342].
Below is a historical timeline of IETF IPFIX and YANG RFCs:
[RFC6728] defines a single YANG module for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) protocols. The PSAMP collecting process and the IPFIX exporting process are tightly coupled in this module. Moreover, the exporting process requires a device to support SCTP. This coupling and transport requirement makes it difficult for a device, which does not support SCTP, to use the model for collecting and exporting non-PSAMP bulk data.
Rather than this approach, a new YANG model has been developed where functionality is separated into different modules such that the functions can be independently leveraged.
These are some of the other issues with the current model:
This RFC adheres to all principles defined in [RFC6728], however, in order to address the issues identified in the previous section, the YANG model has changed as follows:
Applications that use this RFC are expected to only need to import the applicable YANG modules. For example:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The following terms are used in this RFC:
Tree diagrams used in this document follow the notation defined in [RFC8340].
This document defines a YANG data model for the configuration and state retrieval of basic IPFIX functionality as well as PSAMP and bulk data export applications over IPFIX. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA) [RFC8342] and [RFC8407] YANG guidelines.
The reference model described in this RFC describes the following models:
Figure 1 illustrates the PSAMP metered UML model for a PSAMP/IPFIX monitoring device. The metering process is contained in the ietf-ipfix-packet-sampling module. The metering process comprises a selection-process and cache that refers to an exporting-process. Further explanations about the relationship between selection-process and cache are given in Section 3.1.1. Section 4.4 describes the exporting-process configuration.
+--------------------------------------------------------------+ | +--------------------+ Metering Process | | | Module: ietf-ipfix | | | | -packet-sampling| | | |--------------------|<------------------------+ | | | |<--------+ 1 | | | +--------------------+ | +-------------+-----------+ | | ^ | | list: selection-process | | | | | |-------------------------| | | 1 | | | | | | +--------+-------------+ | +-----------------+-------+ | | | list: observation-pt | | ^ | | | |----------------------| selection-process-ref | | | | | +-------|---------------+ | | | +----------------------+ | 0..* | | | 1 | | | | +-------+-------+ | | | | list: cache | | | | |---------------| 0..1 | | | | |<----------+ | | +---------------+ cache-ref | +--------------------------------+-----------------------------+ +--------------------+ | | Module: ietf-ipfix | | |--------------------| | | | | +--------------------+ | ^ | exporting-process-ref | | 1 | | +---------+---------------+ | | list: exporting-process | | |-------------------------| | | |<----+ +-------------------------+ 0..*
Figure 1: PSAMP-IPFIX metered model
PSAMP/IPFIX monitoring device implementations usually maintain the separation of various functional blocks, although they do not necessarily implement all of them. The configuration data model enables the setting of commonly available configuration parameters for selection-processes and caches, and supports optional configuration for features like the [RFC2863] IF-MIB and [RFC6933] ENTITY-MIB.
In a monitoring device implementation, the functionality of the metering process is split into the selection process and cache. Figure 2 shows a metering process example. The selection-process takes an observed packet stream as its input and selects a subset of that stream as its output (selected packet stream). The action of the selection-process on a single packet of its input is defined by one selector (called a primitive selector) or an ordered composition of multiple selectors (called a composite selector). The cache generates flow records or packet reports from the selected packet stream, depending on its configuration.
+------------------------------------+ | Metering Process | | +------------+ Selected | Observed | | selection- | Packet +-------+ | Stream of Packet -->| process |---------->| cache |--> Flow Records or Stream | +------------+ Stream +-------+ | Packet Reports +------------------------------------+
Figure 2: Selection Process and Cache forming a Metering Process
A metering process must always have a selection-process. It is possible to select all packets in the observed packet stream, and pass them to the cache unfiltered by configuring the selector-method to "select-all".
A metering process can be configured to support multiple selection processes that receive packets from multiple observation points within the same observation domain. In this case, the observed packet streams of the observation points are processed in independent selection sequences. As specified in [RFC5476], a distinct set of selector instances needs to be maintained per selection sequence in order to keep the selection states and statistics separate.
With the configuration data model, it is possible to configure a metering process with multiple selection processes whose output is processed by a single cache. This is illustrated in Figure 3.
+--------------------------------------+ | Metering Process | | +------------+ Selected | Observed | | selection- | Packet | Packet -->| process |----------+ +-------+ | Stream | +------------+ Stream +->| | | Stream of | ... | cache |--> Flow Records or | +------------+ Selected +->| | | Packet Reports Observed | | selection- | Packet | +-------+ | Packet -->| process |----------+ | Stream | +------------+ Stream | +--------------------------------------+
Figure 3: Metering Process with multiple Selection Processes
The observed packet streams at the input of a metering process may originate from observation points belonging to different observation domains. By definition of the observation domain (see [RFC7011]), a cache must not aggregate packets observed at different observation domains in the same flow. Hence, if the cache is configured to generate flow records, it needs to distinguish packets according to their observation domains.
Figure 4 below shows the main classes of the configuration data model that are involved in the configuration of an IPFIX or PSAMP Exporter. The role of the classes can be briefly summarized as follows:
+-------------------+ | observation-point | +---------+---------+ 0..* | | 0..* v +-------------------+ | selection-process | +---------+---------+ 0..* | | 0..1 v +-------------------+ | cache | +---------+---------+ 0..* | | 0..* v +-------------------+ | exporting-process | +-------------------+
Figure 4: Class diagram of Exporter configuration
+--------------------+ | Module: ietf-ipfix | |--------------------|<------------------+ | | 1 | +--------------------+ +-------------+------------+ ^ | list: collecting-process | | |--------------------------| | +-------------+------------+ | | 1 | | +---------+---------------+ | | list: exporting-process | | |-------------------------| 0..* | | |<-------------+ +-------------------------+ exporting-process-ref
Figure 5: Collector/Exporter Model
Figure 5 shows the main classes of the configuration data model that are involved in the configuration of a collector. An instance of the CollectingProcess class specifies the local IP addresses, transport protocols, and port numbers of a collecting-process.
A collecting-process MAY be configured as a File Reader according to [RFC5655].
A CollectingProcess class instance may refer to one or more exporting-process instances configuring exporting processes that re-export the received data. As an example, an exporting process can be configured as a file-writer in order to save the received IPFIX messages in a file.
+------------------------------------+ | module:ietf-ipfix-bulk-data-export | |------------------------------------| +------------------------------------+ ^ | 1 | +------------+------------+ +---------------+ | list:bulk-data-template | | list:resource | |-------------------------|------------->+---------------| +------------+------------+ 0..* +---------------+ | 0..* | exporting-process-ref v +-------------------------+ | list:exporting-process | |-------------------------| +-------------------------+
Figure 6: Bulk Data Exporter Model
Figure 6 shows the main classes of the configuration model that are involved in bulk data export. A device that has a resource instance capable of reporting bulk data through IPFIX does not need an IPFIX meter to be created. Instead a bulk-data template is created and applied to that resource instance.
The ExportingProcess class contains configuration and state parameters of an exporting-process. It includes various transport-protocol-specific parameters and the export destinations. The bulk-data-template may refer to multiple instances of the ExportingProcess class.
This section specifies the configuration and state parameters of the configuration data model separately for each class.
Figure 7 shows the observation-point attributes of an IPFIX monitoring device. As defined in [RFC7011], an observation point can be any location where packets are observed. A IPFIX monitoring device potentially has more than one such location. An instance of observation-point defines which location is associated with a specific observation point. For this purpose, interfaces (ietf-interfaces module [RFC8343]) and hardware components (ietf-hardware module [RFC8348]) are identified using their names.
By its definition in [RFC7011], an observation point may be associated with a set of interfaces. Therefore, the configuration data model allows configuring multiple interfaces and hardware components for a single observation point. The observation-point-id (i.e., the value of the information element observationPointId [IANA-IPFIX]) is assigned by the monitoring device.
+--rw observation-point* [name] +--rw name ietf-ipfix:name-type +--rw observation-domain-id uint32 +--rw interface-ref* if:interface-ref +--rw if-name* if-name-type {if-mib}? +--rw if-index* uint32 {if-mib}? +--rw hardware-ref* hardware-ref +--rw ent-physical-name* string {entity-mib}? +--rw ent-physical-index* uint32 {entity-mib}? +--rw direction? direction +--ro observation-point-id? uint32 +--rw selection-process* -> /ietf-ipfix:ipfix/psamp/selection-process/name
Figure 7: Observation Point Attributes
The configuration parameters of the observation point are:
Figure 8 shows the selection-process attributes. The selection-process class contains the configuration and state parameters of a selection process that selects packets from one or more observed packet streams and generates a selected packet stream as its output. A non-empty ordered list defines a sequence of selectors. The actions defined by the selectors are applied to the stream of incoming packets in the specified order.
If the selection process receives packets from multiple observation points, the observed packet streams need to be processed independently in separate selection sequences. Each selection sequence is identified by a selection sequence id that is unique within the observation domain the observation point belongs to (see [RFC5477]). Selection sequence ids are assigned by the monitoring device.
As state parameters, the selection-process class contains a list of (observation-domain-id, selection-sequence-id) tuples specifying the assigned selection sequence ids and corresponding observation domain ids. With this information, it is possible to associate selection sequence (statistics) report interpretations exported according to the PSAMP protocol specification [RFC5476] with the corresponding selection-process instance.
A selection-process instance may include a reference to a cache class instance to generate packet reports or flow records from the selected packet stream.
+--rw selection-process* [name] +--rw name ietf-ipfix:name-type +--rw selector* [name] | +--rw name | | ietf-ipfix:name-type | +--rw (method) | | +--:(select-all) | | | +--rw select-all? empty | | +--:(samp-count-based) | | | ... | | +--:(samp-time-based) | | | ... | | +--:(samp-rand-out-of-n) | | | ... | | +--:(samp-uni-prob) | | | ... | | +--:(filter-match) | | | ... | | +--:(filter-hash) | | | ... | +--ro packets-observed? yang:counter64 | +--ro packets-dropped? yang:counter64 | +--ro selector-discontinuity-time? yang:date-and-time +--rw cache? | -> /ietf-ipfix:ipfix/psamp/cache/name +--ro selection-sequence* [] +--ro observation-domain-id? uint32 +--ro selection-sequence-id? uint64
Figure 8: Selection Process Attributes
Standardized PSAMP sampling and filtering methods are described in [RFC5475]; their configuration parameters are specified in the classes samp-count-based, samp-time-based, samp-rand-out-of-n, samp-uni-prob, filter-match, and filter-hash. In addition, the select-all class, which has no parameters, is used for a selector that selects all packets. The selector class includes exactly one of these sampler and filter classes, depending on the applied method.
+--rw selection-process* [name] +--rw name ietf-ipfix:name-type +--rw selector* [name] | +--rw name | | ietf-ipfix:name-type | | ... | +--ro packets-observed? yang:counter64 | +--ro packets-dropped? yang:counter64 | +--ro selector-discontinuity-time? yang:date-and-time
Figure 9: Selector Class Attributes
The selector class, shown in Figure 9 contains the selector statistics packets-observed and packets-dropped as well as selector-discontinuity-time, which correspond to the IPFIX MIB module objects ipfixSelectionProcessStatsPacketsObserved, ipfixSelectionProcessStatsPacketsDropped, and ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]:
Note that packets-observed and packets-dropped are aggregate statistics calculated over all selection sequences of the selection process. This is in contrast to the counter values in the selection sequence statistics report interpretation [RFC5476], which are related to a single selection sequence only.
| | +--:(samp-count-based) | | | +--rw samp-count-based {psamp-samp-count-based}? | | | +--rw packet-interval uint32 | | | +--rw packet-space uint32 | | +--:(samp-time-based) | | | +--rw samp-time-based {psamp-samp-time-based}? | | | +--rw time-interval uint32 | | | +--rw time-space uint32 | | +--:(samp-rand-out-of-n) | | | +--rw samp-rand-out-of-n | | | {psamp-samp-rand-out-of-n}? | | | +--rw size uint32 | | | +--rw population uint32 | | +--:(samp-uni-prob) | | | +--rw samp-uni-prob {psamp-samp-uni-prob}? | | | +--rw probability decimal64
Figure 10: Sampler Method Attributes
Figure 10 shows the following sampler methods:
samp-count-based (Systematic Count-based Sampling): The following attributes are configurable:
Samp-Time-Based (Systematic Time-based Sampling): The following attributes are configurable:
Samp-Rand-Out-of-N: The following attributes are configurable:
samp-uni-prob: The following attributes are configurable:
| | +--:(filter-match) | | | +--rw filter-match {psamp-filter-match}? | | | +--rw (information-element) | | | | +--:(ie-name) | | | | | +--rw ie-name? | | | | | ietf-ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? | | | | ietf-ipfix:ie-id-type | | | +--rw ie-enterprise-number? uint32 | | | +--rw value string | | +--:(filter-hash) | | +--rw filter-hash {psamp-filter-hash}? | | +--rw hash-function? identityref | | +--rw initializer-value? uint64 | | +--rw ip-payload-offset? uint64 | | +--rw ip-payload-size? uint64 | | +--rw digest-output? boolean | | +--rw selected-range* [name] | | | +--rw name ietf-ipfix:name-type | | | +--rw min? uint64 | | | +--rw max? uint64 | | +--ro output-range-min? uint64 | | +--ro output-range-max? uint64
Figure 11: Filter Method Attributes
Figure 11 shows the following filter methods:
Property-Match Filtering: The following attributes are configurable:
For hash-based filtering, the configuration and state attributes are:
One or more ranges of matching hash values are defined by the min and max parameters of the selected-range subclass. These parameters correspond to the Information Elements hashSelectedRangeMin and hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax [RFC6727].
Figure 12 shows the cache class that contains the configuration and state parameters of a cache. Most of these parameters are specific to the type of the cache and therefore contained in the subclasses immediate-cache, timeout-cache, natural-cache, and permanent-cache, which are presented below in Section 4.3.1 and Section 4.3.2.
+--rw cache* [name] +--rw name ietf-ipfix:name-type +--rw enabled boolean +--ro metering-process-id? uint32 +--ro data-records? yang:counter64 +--ro cache-discontinuity-time? yang:date-and-time +--rw (cache-type) | +--:(immediate-cache) | | ... | +--:(timeout-cache) | | ... | +--:(natural-cache) | | ... | +--:(permanent-cache) | | ... +--rw exporting-process* -> /ietf-ipfix:ipfix/exporting-process/name {ietf-ipfix:exporter}?
Figure 12: Cache Attributes
The following configuration and state parameters are common to all caches and therefore included in the cache class itself:
A cache object may refer to one or more exporting-process instances.
The immediate-cache type class depicted in Figure 13 is used to configure a cache that generates a PSAMP Packet Report for each packet at its input. The fields contained in the generated data records are defined in an object of the cache-layout, which is defined below in Section 4.3.3.
+--rw (cache-type) | +--:(immediate-cache) | | +--rw immediate-cache {immediate-cache}? | | +--rw cache-layout | | +--rw cache-field* [name] | | +--rw name | | | ietf-ipfix:name-type | | +--rw (information-element) | | | +--:(ie-name) | | | | +--rw ie-name? | | | | ietf-ipfix:ie-name-type | | | +--:(ie-id) | | | +--rw ie-id? | | | ietf-ipfix:ie-id-type | | +--rw ie-length? uint16 | | +--rw ie-enterprise-number? uint32 | | +--rw is-flow-key? empty
Figure 13: Immediate Cache Attributes
Figure 14 shows the timeout-cache, natural-cache, and permanent-cache type classes. These classes are used to configure a cache that aggregates the packets at its input and generates IPFIX flow records.
+--rw (cache-type) | +--:(timeout-cache) | | +--rw timeout-cache {timeout-cache}? | | +--rw max-flows? uint32 | | +--rw active-timeout? uint32 | | +--rw idle-timeout? uint32 | | +--rw export-interval? uint32 | | +--rw cache-layout | | | ... | | +--ro active-flows? yang:gauge32 | | +--ro unused-cache-entries? yang:gauge32 | +--:(natural-cache) | | +--rw natural-cache {natural-cache}? | | { same as timeout-cache } | +--:(permanent-cache) | +--rw permanent-cache {permanent-cache}? | { same as timeout-cache }
Figure 14: Timeout, Natural and Permanent Cache Attributes
The three classes differ in when flows expire:
The following configuration and state parameters are common to the three classes:
The following timeout parameters are only available in the timeout-cache and the natural-cache cache-types:
The following interval parameter is only available in the permanent-cache class:
Every generated flow record must be associated with a single observation domain. Hence, although a cache may be configured to process packets observed at multiple observation domains, the cache must not aggregate packets observed at different observation domains in the same flow.
An object of the cache class contains an object of the cache-layout class that defines which fields are included in the flow records.
A cache generates and maintains packet reports or flow records containing information that has been extracted from the incoming stream of packets. Using the cache-field class, the cache-layout class specifies the superset of fields that are included in the packet reports or flow records (see Figure 15).
If packet reports are generated (i.e., if immediate-cache class is used to configure the cache), every field specified by the cache-layout must be included in the resulting packet report unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other field specified by the cache layout may only be included in the packet report if it is obvious from the field value itself or from the values of other fields in same packet report that the field value was not determined from the packet.
For example, if a field is configured to contain the TCP source port (information element tcpSourcePort [IANA-IPFIX]), the field must be included in all packet reports that are related to TCP packets. Although the field value cannot be determined for non-TCP packets, the field may be included in the packet reports if another field contains the transport protocol identifier (information element protocolIdentifier [IANA-IPFIX]).
If flow records are generated (i.e., if timeout-cache, natural-cache, or permanent-cache class is used to configure the cache), the cache layout differentiates between flow key fields and non-key fields. Every flow key field specified by the cache layout must be included as flow key in the resulting flow record unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other flow key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other flow key fields in the same flow record that the field value was not determined from the packet. Two packets are accounted by the same flow record if none of their flow key fields differ. If a flow key field can be determined for one packet but not for the other, the two packets are accounted in different flow records.
Every non-key field specified by the cache layout must be included in the resulting flow record unless the corresponding information element is not applicable or cannot be derived for the given flow. Any other non-key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other fields in same flow record that the field value was not determined from the packet. Packets which are accounted by the same flow record may differ in their non-key fields, or one or more of the non-key fields can be undetermined for all or some of the packets.
For example, if a non-key field specifies an information element whose value is determined by the first packet observed within a flow (which is the default rule according to [RFC7012] unless specified differently in the description of the information element), this field must be included in the resulting flow record if it can be determined from the first packet of the flow.
| | +--rw cache-layout | | | +--rw cache-field* [name] | | | +--rw name | | | | ietf-ipfix:name-type | | | +--rw (information-element) | | | | +--:(ie-name) | | | | | +--rw ie-name? | | | | | ietf-ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? | | | | ietf-ipfix:ie-id-type | | | +--rw ie-length? uint16 | | | +--rw ie-enterprise-number? uint32 | | | +--rw is-flow-key? empty
Figure 15: Cache Field Attributes
The cache-layout class does not have any parameters. The configuration parameters of the cache-field class (see Figure 15) are as follows:
Note that the use of information elements can be restricted to certain cache types as well as to flow key or non-key fields. Such restrictions may result from information element definitions or from device-specific constraints. According to Section 5, the monitoring device must notify the user if a cache field cannot be configured with the given information element.
The ExportingProcess class in Figure 16) specifies destinations to which the incoming packet reports and flow records are exported using objects of the destination class. The destination class includes a choice of type of exporter (sctp-exporter, udp-exporter, tcp-exporter, or file-writer) which contains further configuration parameters. Those exporter type classes are described in Section 4.4.1, Section 4.4.2, Section 4.4.3, and Section 4.4.4.
The ExportingProcess class contains the identifier of the exporting process (exporting-process-id). This parameter corresponds to the information element exportingProcessId [IANA-IPFIX]. Its occurrence helps to associate exporting process reliability statistics exported according to the IPFIX protocol specification [RFC7011] with the corresponding object of the ExportingProcess class.
The order in which destination instances appear has a specific meaning only if the export-mode parameter is set to "fallback".
+--rw exporting-process* [name] {exporter}? +--rw name name-type +--rw enabled? boolean +--rw export-mode? identityref +--rw destination* [name] | +--rw name name-type | +--rw (destination-parameters) | +--:(tcp-exporter) | ... | +--:(udp-exporter) | ... | +--:(sctp-exporter) | ... | +--:(file-writer) | ... +--rw options* [name] | +--rw name name-type | +--rw options-type identityref | +--rw options-timeout? uint32 +--ro exporting-process-id? uint32
Figure 16: Exporting Process Class
The Exporting Process parameters are defined as follows:
If export-mode is set to "fallback", the first destination instance defines the primary destination, the second destination instance defines the secondary destination, and so on. If the exporting process fails to export data records to the primary destination, it tries to export them to the secondary one. If the secondary destination fails as well, it continues with the tertiary, etc. "parallel" is the default value if exportmode is not configured.
Note that the export-mode parameter is related to the ipfixExportMemberType object in [RFC6615]. If export-mode is "parallel", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to parallel(3). If export-mode is "load-balancing", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to loadBalancing(4). If exportmode is "fallback", the ipfixExportMemberType value that refers to the primary destination is set to primary(1); the ipfixExportMemberType values that refer to the remaining destinations need to be set to secondary(2). The IPFIX mib module does not define any value for tertiary destination, etc.
The reporting of information with options templates is defined with objects of the Options class.
The exporting process may modify the packet reports and flow records to enable a more efficient transmission or storage under the condition that no information is changed or suppressed. For example, the exporting process may shorten the length of a field according to the rules of reduced size encoding [RFC7011]. The exporting process may also export certain fields in a separate data record as described in [RFC5476].
The SctpExporter class shown in Figure 17 contains the configuration parameters of an SCTP export destination.
+--:(sctp-exporter) +--rw sctp-exporter {sctp-transport}? +--rw ipfix-version? uint16 +--rw destination-port? | inet:port-number +--rw send-buffer-size? uint32 +--rw rate-limit? uint32 +--rw transport-layer-security! | ... +--rw source | +--rw (source-method)? | +--:(source-address) | | +--rw source-address? inet:host | +--:(interface-ref) | | +--rw interface-ref? if:interface-ref | +--:(if-index) {if-mib}? | | +--rw if-index? uint32 | +--:(if-name) {if-mib}? | +--rw if-name? string +--rw destination | +--rw (destination-method) | +--:(destination-address) | +--rw destination-address? inet:host +--rw timed-reliability? uint32 +--ro transport-session ...
Figure 17: SCTP Exporter Class
The configuration parameters are:
Using the TransportLayerSecurity class described in Section 4.6, Datagram Transport Layer Security (DTLS) is enabled and configured for this export destination.
The TransportSession class is discussed in Section 4.7.
The UdpExporter class shown in Figure 18 contains the configuration parameters of a UDP export destination. The parameters ipfix-version, destination-port, if-name, if-index, send-buffer-size, and rate-limit have the same meaning as in the SctpExporter class (see Section 4.4.1).
+--:(udp-exporter) +--rw udp-exporter {udp-transport}? +--rw ipfix-version? uint16 +--rw destination-port? | inet:port-number +--rw send-buffer-size? uint32 +--rw rate-limit? uint32 +--rw transport-layer-security! | ... +--rw source | +--rw (source-method)? | +--:(source-address) | | +--rw source-address? inet:host | +--:(interface-ref) | | +--rw interface-ref? if:interface-ref | +--:(if-index) {if-mib}? | | +--rw if-index? uint32 | +--:(if-name) {if-mib}? | +--rw if-name? string +--rw destination | +--rw (destination-method) | +--:(destination-address) | +--rw destination-address? inet:host +--rw maximum-packet-size? uint16 +--rw template-refresh-timeout? uint32 +--rw options-template-refresh-timeout? uint32 +--rw template-refresh-packet? uint32 +--rw options-template-refresh-packet? uint32 +--ro transport-session ....
Figure 18: UDP Exporter Class
The remaining configuration parameters are:
Note that the values configured for template-refresh-timeout and options-template-refresh-timeout must be adapted to the template-lifetime and options-template-lifetime parameter settings at the receiving collecting process (see Section 4.5.2).
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this export destination. The TransportSession class is specified in Section 4.7.
The TcpExporter class shown in Figure 19 contains the configuration parameters of a TCP export destination. The parameters have the same meaning as in the UdpExporter class (see Section 4.4.2).
Using the TransportLayerSecurity class described in Section 4.6, Transport Layer Security (TLS) is enabled and configured for this export destination.
The TransportSession class is specified in Section 4.7.
+--:(tcp-exporter) +--rw tcp-exporter {tcp-transport}? +--rw ipfix-version? uint16 +--rw destination-port? | inet:port-number +--rw send-buffer-size? uint32 +--rw rate-limit? uint32 +--rw transport-layer-security! | ... +--rw source | +--rw (source-method)? | +--:(source-address) | | +--rw source-address? inet:host | +--:(interface-ref) | | +--rw interface-ref? if:interface-ref | +--:(if-index) {if-mib}? | | +--rw if-index? uint32 | +--:(if-name) {if-mib}? | +--rw if-name? string +--rw destination | +--rw (destination-method) | +--:(destination-address) | +--rw destination-address? inet:host +--ro transport-session
Figure 19: TCP Exporter Class
If file-writer instance is included in an object of the destination class, IPFIX messages are written into a file as specified in [RFC5655].
+--:(file-writer) +--rw file-writer {file-writer}? +--rw ipfix-version? uint16 +--rw file inet:uri +--ro file-writer-state +--ro bytes? | yang:counter64 +--ro messages? | yang:counter64 +--ro discarded-messages? | yang:counter64 +--ro records? | yang:counter64 +--ro templates? | yang:counter32 +--ro options-templates? | yang:counter32 +--ro file-writer-discontinuity-time? | yang:date-and-time +--ro template* [] +--ro observation-domain-id? uint32 +--ro template-id? uint16 +--ro set-id? uint16 +--ro access-time? | yang:date-and-time +--ro template-data-records? | yang:counter64 +--ro template-discontinuity-time? | yang:date-and-time +--ro field* [] +--ro ie-id? ie-id-type +--ro ie-length? uint16 +--ro ie-enterprise-number? uint32 +--ro is-flow-key? empty +--ro is-scope? empty
Figure 20: File Writer Class
The FileWriter class contains the following configuration parameters:
The state parameters of the FileWriter class are:
Each FileWriter class instance includes statistics about the templates written to the file. The Template class is specified in Section 4.8.
The Options class in Figure 21 defines the type of specific information to be reported, such as statistics, flow keys, sampling and filtering parameters, etc. [RFC7011] and [RFC5476] specify several types of reporting information that may be exported.
+--rw options* [name] +--rw name name-type +--rw options-type identityref +--rw options-timeout? uint32
Figure 21: Options Class
The following parameter values are specified by the configuration data model:
The exporting process must choose a template definition according to the options type and available options data. The options-timeout parameter specifies the reporting interval (in milliseconds) for periodic export of the option data. A parameter value of zero means that the export of the option data is not triggered periodically, but whenever the available option data has changed. this is the typical setting for options types flow-keys, selection-sequence, accuracy, and reducing-redundancy. If options-timeout is not configured by the user, it is set by the monitoring device.
Figure 22 shows the CollectingProcess class that contains the configuration and state parameters of a collecting process. The sctp-collector, udp-collector, and TcpCollector classes specify how IPFIX messages are received from remote exporters. The collecting process can also be configured as a file reader using the FileReader class. These classes are described in Section 4.5.1, Section 4.5.2, Section 4.5.3, and Section 4.5.4.
A collecting-process instance may refer to one or more exporting-process instances configuring exporting processes that export the received data without modifications to a file or to another remote collector.
+--rw collecting-process* [name] {collector}? +--rw name name-type +--rw tcp-collector* [name] {tcp-transport}? ... +--rw udp-collector* [name] {udp-transport}? ... +--rw sctp-collector* [name] {sctp-transport}? ... +--rw file-reader* [name] {file-reader}? ... +--rw exporting-process* -> /ipfix/exporting-process/name {exporter}?
Figure 22: Collecting Process Class
The SctpCollector class contains the configuration parameters of a listening SCTP socket at a collecting process.
+--rw sctp-collector* [name] {sctp-transport}? +--rw name name-type +--rw local-port? inet:port-number | +--rw transport-layer-security! | | ... +--rw (local-address-method)? | +--:(local-address) | +--rw local-address* inet:host +--ro transport-session* [name] ...
Figure 23: SCTP Collector Class
The parameters are:
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
The UdpCollector class shown in Figure 24 contains the configuration parameters of a listening UDP socket at a collecting process. The parameter local-port has the same meaning as in the SctpCollector class (see Section 4.5.1).
+--rw udp-collector* [name] {udp-transport}? +--rw name name-type +--rw local-port? inet:port-number +--rw transport-layer-security! | ... +--rw (local-address-method)? | +--:(local-address) | +--rw local-address* inet:host +--rw template-life-time? uint32 +--rw options-template-life-time? uint32 +--rw template-life-packet? uint32 +--rw options-template-life-packet? uint32 +--ro transport-session* [name] ...
Figure 24: UDP Collector Class
The remaining parameters are:
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
The TcpCollector class contains the configuration parameters of a listening TCP socket at a collecting process. The parameters have the same meaning as in the UdpCollector class (Section 4.5.2).
Using the TransportLayerSecurity class described in Section 4.6, TLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
+--rw tcp-collector* [name] {tcp-transport}? +--rw name name-type +--rw local-port? inet:port-number +--rw transport-layer-security! | ... +--rw (local-address-method)? | +--:(local-address) | +--rw local-address* inet:host +--ro transport-session* [name] ...
Figure 25: TCP Collector Class
Figure 26 shows the FileReader class via which the collecting process may import IPFIX messages from a file as specified in [RFC5655].
+--rw file-reader* [name] {file-reader}? +--rw name name-type +--rw file inet:uri +--ro file-reader-state +--ro bytes? yang:counter64 +--ro messages? yang:counter64 +--ro records? yang:counter64 +--ro templates? yang:counter32 +--ro options-templates? yang:counter32 +--ro file-reader-discontinuity-time? | yang:date-and-time +--ro template* [] ...
Figure 26: File Reader Class
The FileReader class defines the following configuration parameter:
The state parameters of the FileReader class are:
The FileReader class includes information about the Template class and statistics. The Template class is specified in Section 4.8.
Figure 27 shows the TransportLayerSecurity class which is used in the exporting process's sctp-exporter, udp-exporter, and TcpExporter classes, and the collecting process's SctpCollector, UdpCollector, and TcpCollector classes to enable and configure TLS/DTLS for IPFIX. If TLS/DTLS is enabled, the endpoint must use DTLS [RFC6347] if the transport protocol is SCTP or UDP and TLS [RFC8446] if the transport protocol is TCP.
[RFC7011] mandates strong mutual authentication of exporting processes and collecting process as follows. IPFIX exporting processes and IPFIX collecting processes are identified by the fully qualified domain name (FQDN) of the interface on which IPFIX messages are sent or received, for purposes of X.509 client and server certificates as in [RFC5280]. To prevent man-in-the-middle attacks from impostor exporting or collecting processes, the acceptance of data from an unauthorized exporting process, or the export of data to an unauthorized collecting process, strong mutual authentication via asymmetric keys must be used for both TLS and DTLS. Each of the IPFIX exporting and collecting processes must verify the identity of its peer against its authorized certificates, and must verify that the peer's certificate matches its fully qualified domain name, or, in the case of SCTP, the fully qualified domain name of one of its endpoints.
The fully qualified domain name used to identify an IPFIX collecting process or exporting process may be stored either in a subjectaltname extension of type dnsname, or in the most specific common name field of the subject field of the x.509 certificate. If both are present, the subjectaltname extension is given preference.
In order to use TLS/DTLS, appropriate certificates and keys have to be previously installed on the monitoring devices. For security reasons, the configuration data model does not offer the possibility to upload any certificates or keys on a monitoring device. If TLS/DTLS is enabled on a monitoring device that does not dispose of appropriate certificates and keys, the configuration must be rejected with an error.
The configuration data model allows restricting the authorization of remote endpoints to certificates issued by specific certification authorities or identifying specific fqdns for authorization. Furthermore, the configuration data model allows restricting the utilization of certificates identifying the local endpoint. This is useful if the monitoring device disposes of more than one certificate for the given local endpoint.
+--rw transport-layer-security! +--rw local-certification-authority-dn* string +--rw local-subject-dn* string +--rw local-subject-fqdn* inet:domain-name +--rw remote-certification-authority-dn* string +--rw remote-subject-dn* string +--rw remote-subject-fqdn* inet:domain-name
Figure 27: Transport Layer Security Class
The configuration parameters are defined as follows:
The TransportSession class contains state data about transport sessions originating from an exporting process or terminating at a collecting process. If SCTP is the transport protocol, the exporter or collector may be multihomed SCTP endpoints (see [RFC4960], Section 6.4), in which case more than one IP address will be used.
The following attributes are supported:
The TransportSession class includes Template class information and statistics about the templates transmitted or received on the given transport session. The Template class is specified in Section 4.8.
+--ro transport-session* [name] +--ro name name-type +--ro ipfix-version? uint16 +--ro source-address? inet:host +--ro destination-address? inet:host +--ro source-port? | inet:port-number +--ro destination-port? | inet:port-number +--ro status? | transport-session-status +--ro rate? | yang:gauge32 +--ro bytes? | yang:counter64 +--ro messages? | yang:counter64 +--ro discarded-messages? | yang:counter64 +--ro records? | yang:counter64 +--ro templates? | yang:counter32 +--ro options-templates? | yang:counter32 +--ro transport-session-start-time? | yang:date-and-time +--ro transport-session-discontinuity-time? | yang:date-and-time +--ro template* [] ...
Figure 28: Transport Session Class
Figure 29 shows the Template class which contains state data about templates used by an exporting process or received by a collecting process in a specific transport session. The field class defines one field of the template.
+--ro template* [] +--ro observation-domain-id? uint32 +--ro template-id? uint16 +--ro set-id? uint16 +--ro access-time? yang:date-and-time +--ro template-data-records? yang:counter64 +--ro template-discontinuity-time? yang:date-and-time +--ro field* [] +--ro ie-id? ie-id-type +--ro ie-length? uint16 +--ro ie-enterprise-number? uint32 +--ro is-flow-key? empty +--ro is-scope? empty
Figure 29: Template Class
The names and semantics of the state parameters correspond to the managed objects in the ipfixTemplateTable, ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the IPFIX MIB module [RFC6615]:
The BulkDataProcess class in Figure 30 specifies the bulk data template to be applied to resource or set of resources and provides state information about the template records.
+--rw bulk-data-export +--rw template* [name] +--rw name ietf-ipfix:name-type +--rw enabled? boolean +--rw export-interval? uint32 +--rw observation-domain-id? uint32 +--rw field-layout | +--rw field* [name] | +--rw name ietf-ipfix:name-type | +--rw (identifier) | | +--:(ie-id) | | +--rw ie-id? ietf-ipfix:ie-id-type | +--rw ie-length? uint16 | +--rw ie-enterprise-number? uint32 +--rw exporting-process* | -> /ietf-ipfix:ipfix/exporting-process/name | {ietf-ipfix:exporter}? +--rw resource* resource +--ro data-records? yang:counter64 +--ro discontinuity-time? yang:date-and-time
Figure 30: Bulk Data Class
The following attributes are supported:
A bulk data instance may refer to:
The following state information is available;
The configuration data model standardizes a superset of common IPFIX and PSAMP configuration parameters. A typical monitoring device implementation will not support the entire range of possible configurations. Certain functions may not be supported, such as the collecting process that does not exist on a monitoring device that is conceived as exporter only. The configuration of other functions may be subject to resource limitations or functional restrictions. For example, the cache size is typically limited according to the available memory on the device. It is also possible that a monitoring device implementation requires the configuration of additional parameters that are not part of the configuration data model in order to function properly.
The configuration data model for IPFIX and PSAMP covers the configuration of Exporters, Collectors, and devices that may act as both. As Exporters and Collectors implement different functions, the corresponding portions of the model are conditional on the following features:
Exporters do not necessarily implement any Selection Processes, Caches, or even Observation Points in particular cases. Therefore, the corresponding portions of the model are conditional on the following feature:
Additional features refer to different PSAMP Sampling and Filtering methods as well as to the supported types of Caches:
The following features concern the support of UDP and TCP as transport protocols and the support of File Readers and File Writers:
This document defines three YANG modules:
This document defines the YANG module "ietf-ipfix", which has the following structure:
module: ietf-ipfix +--rw ipfix +--rw collecting-process* [name] {collector}? | +--rw name name-type | +--rw tcp-collector* [name] {tcp-transport}? | | ... | +--rw udp-collector* [name] {udp-transport}? | | ... | +--rw sctp-collector* [name] {sctp-transport}? | | ... | +--rw file-reader* [name] {file-reader}? | | ... | +--rw exporting-process* -> /ipfix/exporting-process/name | {exporter}? +--rw exporting-process* [name] {exporter}? +--rw name name-type +--rw enabled? boolean +--rw export-mode? identityref +--rw destination* [name] | ... +--rw options* [name] | ... +--ro exporting-process-id? uint32
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix@2018-10-22.yang"
module ietf-ipfix { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix"; prefix ietf-ipfix; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A YANG Model for Interface Management"; } organization "IETF"; contact "Web: TBD List: TBD Editor: Joey Boyd <mailto:joey.boyd@adtran.com> Editor: Marta Seda <mailto:marta.seda@calix.com>"; // RFC Ed.: replace XXXX with actual RFC numbers and // remove this note. description "This module contains a collection of YANG definitions for the management of IP Flow Information Export (IPFIX). This data model is designed for the Network Management Datastore Architecture defined in RFC 8342. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2019 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices."; revision 2020-03-05 { description "Initial revision."; reference "RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export"; } feature exporter { description "If supported, the Monitoring Device can be used as an Exporter. Exporting Processes can be configured."; } feature collector { description "If supported, the Monitoring Device can be used as a Collector. Collecting Processes can be configured."; } feature tcp-transport { description "If supported, the Monitoring Device supports TCP as the transport protocol."; } feature udp-transport { description "If supported, the Monitoring Device supports UDP as the transport protocol."; } feature sctp-transport { description "If supported, the Monitoring Device supports SCTP as the transport protocol."; } feature file-reader { description "If supported, the Monitoring Device supports the configuration of Collecting Processes as File Readers."; } feature file-writer { description "If supported, the Monitoring Device supports the configuration of Exporting Processes as File Writers."; } feature if-mib { description "This feature indicates that the device implements the IF-MIB."; reference "RFC 2863: The Interfaces Group MIB"; } identity export-mode { description "Base identity for different usages of export destinations configured for an Exporting Process."; reference "RFC 6615, Section 8 (ipfixExportMemberType)"; } identity parallel { base export-mode; description "Parallel export of Data Records to all destinations configured for the Exporting Process."; reference "RFC 6615, Section 8 (ipfixExportMemberType)"; } identity load-balancing { base export-mode; description "Load-balancing between the different destinations configured for the Exporting Process."; reference "RFC 6615, Section 8 (ipfixExportMemberType)"; } identity fallback { base export-mode; description "Export to the primary destination (i.e., the first destination configured for the Exporting Process). If the export to the primary destination fails, the Exporting Process tries to export to the secondary destination. If the secondary destination fails as well, it continues with the tertiary, etc."; reference "RFC 6615, Section 8 (ipfixExportMemberType)"; } identity options-type { description "Base identity for report types exported with options templates."; } identity metering-statistics { base options-type; description "Metering Process Statistics."; reference "RFC 7011, Section 4.1"; } identity metering-reliability { base options-type; description "Metering Process Reliability Statistics."; reference "RFC 7011, Section 4.2"; } identity exporting-reliability { base options-type; description "Exporting Process Reliability Statistics."; reference "RFC 7011, Section 4.3"; } identity flow-keys { base options-type; description "Flow Keys."; reference "RFC 7011, Section 4.4"; } identity selection-sequence { base options-type; description "Selection Sequence and Selector Reports."; reference "RFC 5476, Sections 6.5.1 and 6.5.2"; } identity selection-statistics { base options-type; description "Selection Sequence Statistics Report."; reference "RFC 5476, Sections 6.5.3"; } identity accuracy { base options-type; description "Accuracy Report."; reference "RFC 5476, Section 6.5.4"; } identity reducing-redundancy { base options-type; description "Enables the utilization of Options Templates to reduce redundancy in the exported Data Records."; reference "RFC 5473"; } identity extended-type-information { base options-type; description "Export of extended type information for enterprise-specific Information Elements used in the exported Templates."; reference "RFC 5610"; } typedef ie-name-type { type string { length "1..max"; pattern '\S+'; } description "Type for Information Element names. Whitespaces are not allowed."; } typedef name-type { type string { length "1..max"; pattern '\S(.*\S)?'; } description "Type for 'name' leafs, which are used to identify specific instances within lists, etc. Leading and trailing whitespaces are not allowed."; } typedef ie-id-type { type uint16 { range "1..32767"; } description "Type for Information Element identifiers."; } typedef transport-session-status { type enumeration { enum "inactive" { value 0; description "This value MUST be used for Transport Sessions that are specified in the system but currently not active. The value can be used for Transport Sessions that are backup (secondary) sessions."; } enum "active" { value 1; description "This value MUST be used for Transport Sessions that are currently active and transmitting or receiving data."; } enum "unknown" { value 2; description "This value MUST be used if the status of the Transport Sessions cannot be detected by the device. This value should be avoided as far as possible."; } } description "Status of a Transport Session."; reference "RFC 6615, Section 8 (ipfixTransportSessionStatus)"; } grouping transport-layer-security-parameters { description "TLS or DTLS parameters."; container transport-layer-security { presence "The presence of this container indicates TLS is enabled."; description "TLS or DTLS configuration."; leaf-list local-certification-authority-dn { type string; description "Distinguished names of certification authorities whose certificates may be used to identify the local endpoint."; reference "RFC 5280"; } leaf-list local-subject-dn { type string; description "Distinguished names that may be used in the certificates to identify the local endpoint."; reference "RFC 5280."; } leaf-list local-subject-fqdn { type inet:domain-name; description "Fully qualified domain names that may be used in the certificates to identify the local endpoint."; reference "RFC 5280"; } leaf-list remote-certification-authority-dn { type string; description "Distinguished names of certification authorities whose certificates are accepted to authorize remote endpoints."; reference "RFC 5280"; } leaf-list remote-subject-dn { type string; description "Distinguished names which are accepted in certificates to authorize remote endpoints."; reference "RFC 5280"; } leaf-list remote-subject-fqdn { type inet:domain-name; description "Fully qualified domain names that are accepted in certificates to authorize remote endpoints."; reference "RFC 5280"; } } } grouping transport-session-state-parameters { description "State parameters of a Transport Session originating from an Exporting Process or terminating at a Collecting Process. Parameter names and semantics correspond to the managed objects in IPFIX-MIB."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTransportSessionEntry, ipfixTransportSessionStatsEntry)"; leaf ipfix-version { type uint16; description "Used for Exporting Processes, this parameter contains the version number of the IPFIX protocol that the Exporter uses to export its data in this Transport Session. Used for Collecting Processes, this parameter contains the version number of the IPFIX protocol it receives for this Transport Session. If IPFIX Messages of different IPFIX protocol versions are received, this parameter contains the maximum version number. Note that this parameter corresponds to ipfixTransportSessionIpfixVersion in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionIpfixVersion)"; } leaf source-address { type inet:host; description "The source address of the Exporter of the IPFIX Transport Session."; reference "RFC 6615, Section 8 (ipfixTransportSessionSourceAddressType, ipfixTransportSessionSourceAddress); RFC 4960, Section 6.4"; } leaf destination-address { type inet:host; description "The destination address of the path that is selected by the Exporter to send IPFIX messages to the Collector. In the case of TCP, it is possible that if an FQDN address is configured it resolves into many addresses. Note that this parameter functionally corresponds to ipfixTransportSessionDestinationAddressType and ipfixTransportSessionDestinationAddress in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDestinationAddressType, ipfixTransportSessionDestinationAddress); RFC 4960, Section 6.4"; } leaf source-port { type inet:port-number; description "The transport-protocol port number of the Exporter of the IPFIX Transport Session. Note that this parameter corresponds to ipfixTransportSessionSourcePort in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionSourcePort)."; } leaf destination-port { type inet:port-number; description "The transport-protocol port number of the Collector of the IPFIX Transport Session. Note that this parameter corresponds to ipfixTransportSessionDestinationPort in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDestinationPort)"; } leaf status { type transport-session-status; description "Status of the Transport Session. Note that this parameter corresponds to ipfixTransportSessionStatus in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionStatus)"; } leaf rate { type yang:gauge32; units "bytes per second"; description "The number of bytes per second transmitted by the Exporting Process or received by the Collecting Process. This parameter is updated every second. Note that this parameter corresponds to ipfixTransportSessionRate in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionRate)"; } leaf bytes { type yang:counter64; units "bytes"; description "The number of bytes transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionBytes in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionBytes)"; } leaf messages { type yang:counter64; units "IPFIX Messages"; description "The number of messages transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionMessages in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionMessages)"; } leaf discarded-messages { type yang:counter64; units "IPFIX Messages"; description "Used for Exporting Processes, this parameter indicates the number of messages that could not be sent due to internal buffer overflows, network congestion, routing issues, etc. Used for Collecting Process, this parameter indicates the number of received IPFIX Message that are malformed, cannot be decoded, are received in the wrong order or are missing according to the sequence number. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionDiscardedMessages in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDiscardedMessages)"; } leaf records { type yang:counter64; units "Data Records"; description "The number of Data Records transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionRecords)"; } leaf templates { type yang:counter32; units "Templates"; description "The number of Templates transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionTemplates in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionTemplates)"; } leaf options-templates { type yang:counter32; units "Options Templates"; description "The number of Option Templates transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplates in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplates)"; } leaf transport-session-start-time { type yang:date-and-time; description "Timestamp of the start of the given Transport Session. This state parameter does not correspond to any object in the IPFIX MIB module."; } leaf transport-session-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which one or more of the Transport Session counters suffered a discontinuity. Note that this parameter functionally corresponds to ipfixTransportSessionDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixTransportSessionDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixTransportSessionDiscontinuityTime)"; } } grouping collection-template-state-parameters { description "State parameters of a (Options) Template received by a Collecting Process in a specific Transport Session or read by the File Reader. Parameter names and semantics correspond to the managed objects in IPFIX-MIB"; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry, ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; list template { key "name"; description "This list contains the Templates and Options Templates that are transmitted by the Exporting Process or received by the Collecting Process. Withdrawn or invalidated (Options) Templates MUST be removed from this list."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the template."; } leaf observation-domain-id { type uint32; description "The ID of the Observation Domain for which this Template is defined. Note that this parameter corresponds to ipfixTemplateObservationDomainId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateObservationDomainId)"; } leaf template-id { type uint16 { range "256..65535"; } description "This number indicates the Template ID in the IPFIX message. Note that this parameter corresponds to ipfixTemplateId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateId)"; } leaf set-id { type uint16 { range "2..3 | 256..65535"; } description "This number indicates the Set ID of the Template. A value of 2 is reserved for Template Sets. A value of 3 is reserved for Options Template Sets. Values from 4 to 255 are reserved for future use. Values 256 and above are used for Data Sets. The Set ID values of 0 and 1 are not used for historical reasons. Note that this parameter corresponds to ipfixTemplateSetId in the IPFIX MIB module."; reference "RFC 7011, Section 3.3.2; RFC 6615, Section 8 (ipfixTemplateSetId)"; } leaf access-time { type yang:date-and-time; description "This parameter contains the time when this (Options) Template was last received from the Exporter or read from the file. Note that this parameter corresponds to ipfixTemplateAccessTime in the IPFIX MIB module."; reference "RFC 6615, Section 8 ( ipfixTemplateAccessTime)"; } leaf template-data-records { type yang:counter64; description "The number of received Data Records defined by this (Options) Template. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of template-discontinuity-time. Note that this parameter corresponds to ipfixTemplateDataRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDataRecords)"; } leaf template-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which the counter template-data-records suffered a discontinuity. Note that this parameter functionally corresponds to ipfixTemplateDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixTemplateDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixTemplateDiscontinuityTime)"; } list field { key "name"; description "This list contains the (Options) Template fields of which the (Options) Template is defined. The order of the list corresponds to the order of the fields in the (Option) Template Record."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the template field."; } leaf ie-id { type ie-id-type; description "This parameter indicates the Information Element identifier of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeId in the IPFIX MIB module."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateDefinitionIeId)."; } leaf ie-length { type uint16; units "octets"; description "This parameter indicates the length of the Information Element of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeLength in the IPFIX MIB module."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateDefinitionIeLength)"; } leaf ie-enterprise-number { type uint32; description "This parameter indicates the IANA enterprise number of the authority defining the Information Element identifier. If the Information Element is not enterprise-specific, this state parameter is zero. Note that this parameter corresponds to ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionIeEnterpriseNumber); IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers"; } leaf is-flow-key { when "../../set-id = 2" { description "This parameter is available for non-Options Templates (Set ID is 2)."; } type empty; description "If present, this is a Flow Key field. Note that this corresponds to flowKey(1) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)"; } leaf is-scope { when "../../set-id = 3" { description "This parameter is available for Options Templates (Set ID is 3)."; } type empty; description "If present, this is a scope field. Note that this corresponds to scope(0) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)"; } } } } grouping common-collector-parameters { description "Parameters of a Collecting Process that are common to all transport protocols."; choice local-address-method { description "Method to configure the local address of the collecting process. Note that it is expected that other methods be available. Those method can augment this choice."; case local-address { leaf-list local-address { type inet:host; description "List of local addresses on which the Collecting Process listens for IPFIX Messages."; } } } leaf local-port { type inet:port-number; description "If not configured, the Monitoring Device uses the default port number for IPFIX, which is 4739 without TLS or DTLS and 4740 if TLS or DTLS is activated."; } } grouping tcp-collector-parameters { description "Parameters of a listening TCP socket at a Collecting Process."; uses common-collector-parameters; uses transport-layer-security-parameters; } grouping udp-collector-parameters { description "Parameters of a listening UDP socket at a Collecting Process."; uses common-collector-parameters; leaf template-life-time { type uint32; units seconds; default 1800; description "Sets the lifetime of Templates for all UDP Transport Sessions terminating at this UDP socket. Templates that are not received again within the configured lifetime become invalid at the Collecting Process. As specified in RFC 7011, the Template lifetime MUST be at least three times higher than the template-refresh-timeout parameter value configured on the corresponding Exporting Processes. Note that this parameter corresponds to ipfixTransportSessionTemplateRefreshTimeout in the IPFIX MIB module."; reference "RFC 7011, Section 10.3.7; RFC 6615, Section 8 (ipfixTransportSessionTemplateRefreshTimeout)."; } leaf options-template-life-time { type uint32; units seconds; default 1800; description "Sets the lifetime of Options Templates for all UDP Transport Sessions terminating at this UDP socket. Options Templates that are not received again within the configured lifetime become invalid at the Collecting Process. As specified in RFC 7011, the Options Template lifetime MUST be at least three times higher than the options-template-refresh-timeout parameter value configured on the corresponding Exporting Processes. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX MIB module."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; } leaf template-life-packet { type uint32; units "IPFIX Messages"; description "If this parameter is configured, Templates defined in a UDP Transport Session become invalid if they are neither included in a sequence of more than this number of IPFIX Messages nor received again within the period of time specified by template-life-time. Note that this parameter corresponds to ipfixTransportSessionTemplateRefreshPacket in the IPFIX MIB module."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionTemplateRefreshPacket)."; } leaf options-template-life-packet { type uint32; units "IPFIX Messages"; description "If this parameter is configured, Options Templates defined in a UDP Transport Session become invalid if they are neither included in a sequence of more than this number of IPFIX Messages nor received again within the period of time specified by options-template-life-time. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB module."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; } leaf maximum-reordering-delay { type uint32; units seconds; description "The maximum delay for the template to be received at the collector after the data record(s) has(have) been received. The collector is expected to buffer the data records till such a time."; reference "RFC 7011, Section 8.2"; } uses transport-layer-security-parameters; } grouping sctp-collector-parameters { description "Parameters of a listening SCTP socket at a Collecting Process."; uses common-collector-parameters; leaf maximum-reordering-delay { type uint32; units seconds; description "The maximum delay for the template to be received at the collector after the data record(s) has(have) been received. The collector is expected to buffer the data records till such a time."; reference "RFC 7011, Section 8.2"; } uses transport-layer-security-parameters; } grouping file-reader-state-parameters { description "State Parameters for the File Reader."; container file-reader-state { config false; description "File Reader parameters."; leaf bytes { type yang:counter64; units octets; description "The number of bytes read by the File Reader. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time."; } leaf messages { type yang:counter64; units "IPFIX Messages"; description "The number of IPFIX Messages read by the File Reader. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time."; } leaf records { type yang:counter64; units "Data Records"; description "The number of Data Records read by the File Reader. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time."; } leaf templates { type yang:counter32; units "Templates"; description "The number of Template Records (excluding Options Template Records) read by the File Reader. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time."; } leaf options-templates { type yang:counter32; units "Options Templates"; description "The number of Options Template Records read by the File Reader. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-reader-discontinuity-time."; } leaf file-reader-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which one or more File Reader counters suffered a discontinuity. In contrast to discontinuity times in the IPFIX MIB module, the time is absolute and not relative to sysUpTime."; } uses collection-template-state-parameters; } } grouping collecting-process-parameters { description "Parameters of a Collecting Process."; list tcp-collector { if-feature tcp-transport; key "name"; description "List of TCP receivers (sockets) on which the Collecting Process receives IPFIX Messages."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the TCP collector."; } uses tcp-collector-parameters; list transport-session { key name; config false; description "This list contains the currently established Transport Sessions terminating at the given socket."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the transport session."; } uses transport-session-state-parameters; uses collection-template-state-parameters; } } list udp-collector { if-feature udp-transport; key "name"; description "List of UDP receivers (sockets) on which the Collecting Process receives IPFIX Messages."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the UDP Collector."; } uses udp-collector-parameters; list transport-session { key name; config false; description "This list contains the currently established Transport Sessions terminating at the given socket."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the transport session."; } uses transport-session-state-parameters; uses collection-template-state-parameters; } } list sctp-collector { if-feature sctp-transport; key "name"; description "List of SCTP receivers on which the Collecting Process receives IPFIX Messages."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the SCTP Collector."; } uses sctp-collector-parameters; list transport-session { key name; config false; description "This list contains the currently established Transport Sessions terminating at the given socket."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the transport session."; } leaf sctp-association-id { type uint32; config false; description "The association ID used for the SCTP session between the Exporter and the Collector of the IPFIX Transport Session. It is equal to the sctpAssocId entry in the sctpAssocTable defined in the SCTP-MIB. This parameter is only available if the transport protocol is SCTP and if an SNMP agent on the same Monitoring Device enables access to the corresponding MIB objects in the sctpAssocTable. Note that this parameter corresponds to ipfixTransportSessionSctpAssocId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionSctpAssocId); RFC 3871"; } uses transport-session-state-parameters; uses collection-template-state-parameters; } } list file-reader { if-feature file-reader; key "name"; description "List of File Readers from which the Collecting Process reads the IPFIX Messages."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the File Reader."; } leaf file { type inet:uri; mandatory true; description "URI specifying the location of the file."; } uses file-reader-state-parameters; } } grouping export-template-state-parameters { description "State parameters of a (Options) Template used by an Exporting Process in a specific Transport Session or by a File Writer. Parameter names and semantics correspond to the managed objects in IPFIX-MIB."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry, ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; list template { key "name"; description "This list contains the Templates and Options Templates that are transmitted by the Exporting Process or written by the File Writer. Withdrawn or invalidated (Options) Templates MUST be removed from this list."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the template."; } leaf observation-domain-id { type uint32; description "The ID of the Observation Domain for which this Template is defined. Note that this parameter corresponds to ipfixTemplateObservationDomainId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateObservationDomainId)."; } leaf template-id { type uint16 { range "256..65535"; } description "This number indicates the Template ID in the IPFIX message. Note that this parameter corresponds to ipfixTemplateId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateId)."; } leaf set-id { type uint16 { range "2..3 | 256..65535"; } description "This number indicates the Set ID of the Template. A value of 2 is reserved for Template Sets. A value of 3 is reserved for Options Template Sets. Values from 4 to 255 are reserved for future use. Values 256 and above are used for Data Sets. The Set ID values of 0 and 1 are not used for historical reasons. Note that this parameter corresponds to ipfixTemplateSetId in the IPFIX MIB module."; reference "RFC 7011, Section 3.3.2; RFC 6615, Section 8 (ipfixTemplateSetId)"; } leaf access-time { type yang:date-and-time; description "This parameter contains the time when this (Options) Template was last sent to the Collector(s) or written to the file. Note that this parameter corresponds to ipfixTemplateAccessTime in the IPFIX MIB module."; reference "RFC 6615, Section 8 ( ipfixTemplateAccessTime)."; } leaf template-data-records { type yang:counter64; description "The number of transmitted Data Records defined by this (Options) Template. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of template-discontinuity-time. Note that this parameter corresponds to ipfixTemplateDataRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDataRecords)."; } leaf template-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which the counter template-data-records suffered a discontinuity. Note that this parameter functionally corresponds to ipfixTemplateDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixTemplateDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixTemplateDiscontinuityTime)."; } list field { key "name"; description "This list contains the (Options) Template fields of which the (Options) Template is defined. The order of the list corresponds to the order of the fields in the (Option) Template Record."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the template field."; } leaf ie-id { type ie-id-type; description "This parameter indicates the Information Element identifier of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeId in the IPFIX MIB module."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateDefinitionIeId)."; } leaf ie-length { type uint16; units "octets"; description "This parameter indicates the length of the Information Element of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeLength in the IPFIX MIB module."; reference "RFC 7011; RFC 6615, Section 8 (ipfixTemplateDefinitionIeLength)."; } leaf ie-enterprise-number { type uint32; description "This parameter indicates the IANA enterprise number of the authority defining the Information Element identifier. If the Information Element is not enterprise-specific, this state parameter is zero. Note that this parameter corresponds to ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionIeEnterpriseNumber); IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers."; } leaf is-flow-key { when "../../set-id = 2" { description "This parameter is available for non-Options Templates (Set ID is 2)."; } type empty; description "If present, this is a Flow Key field. Note that this corresponds to flowKey(1) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)."; } leaf is-scope { when "../../set-id = 3" { description "This parameter is available for Options Templates (Set ID is 3)."; } type empty; description "If present, this is a scope field. Note that this corresponds to scope(0) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)."; } } } } grouping common-exporter-parameters { description "Parameters of an export destination that are common to all transport protocols."; leaf ipfix-version { type uint16; default '10'; description "IPFIX version number."; reference "RFC 7011."; } container source { description "Configuration corresponding to how exporter's source IP address is specified."; choice source-method { description "Method to configure the source address of the exporter or the interface to be used by the exporter. Note that it is expected that other methods be available. Those methods can augment this choice."; case interface-ref { leaf interface-ref { type if:interface-ref; description "The interface to be used by the Exporting Process."; } } case if-index { if-feature if-mib; leaf if-index { type uint32; description "Index of an interface as stored in the ifTable of IF-MIB."; reference "RFC 2863."; } } case if-name { if-feature if-mib; leaf if-name { type string; description "Name of an interface as stored in the ifTable of IF-MIB."; reference "RFC 2863."; } } } } container destination { description "Configuration corresponding to how exporter's destination IP address is specified."; } leaf destination-port { type inet:port-number; description "If not configured by the user, the Monitoring Device uses the default port number for IPFIX, which is 4739 without TLS or DTLS and 4740 if TLS or DTLS is activated."; } leaf send-buffer-size { type uint32; units "bytes"; description "Size of the socket send buffer. If not configured by the user, this parameter is set by the Monitoring Device."; } leaf rate-limit { type uint32; units "bytes per second"; description "Maximum number of bytes per second the Exporting Process may export to the given destination. The number of bytes is calculated from the lengths of the IPFIX Messages exported. If not configured, no rate limiting is performed."; reference "RFC 5476, Section 6.3."; } } grouping tcp-exporter-parameters { description "Parameters of a TCP export destination."; uses common-exporter-parameters { augment "source/source-method" { description "Augment the source method to add the source IP address or hostname."; case source-address { leaf source-address { type inet:host; description "The source IP address or hostname used by the Exporting Process."; } } } augment "destination" { description "Augment the destination method to add the destination IP address or hostname."; choice destination-method { mandatory true; description "Method to configuring the destination address of the Collection Process to which IPFIX Messages are sent. Note it is expected that if other methods are available that they would augment from this statement."; case destination-address { leaf destination-address { type inet:host; description "The destination IP address or hostname of the Collecting Process to which IPFIX Messages are sent. A hostname may resolve to one or more IP addresses."; } } } } } leaf connection-timeout { type uint32; units seconds; description "Time after which the exporting process deems the TCP connection to have failed."; reference "RFC 7011, Sections 10.4.4 and 10.4.5."; } leaf retry-schedule { type uint32 { range "60..max"; } units seconds; description "Time after which the exporting process retries the TCP connection to a collector."; reference "RFC 7011, Section 10.4.4."; } uses transport-layer-security-parameters; } grouping udp-exporter-parameters { description "Parameters of a UDP export destination."; uses common-exporter-parameters { augment "source/source-method" { description "Augment the source method to add the source IP address or hostname."; case source-address { leaf source-address { type inet:host; description "The source IP address or hostname used by the Exporting Process."; } } } augment "destination" { description "Augment the destination method to add the destination IP address or hostname."; choice destination-method { mandatory true; description "Method to configuring the destination address of the Collection Process to which IPFIX Messages are sent. Note it is expected that if other methods are available that they would augment from this statement."; case destination-address { leaf destination-address { type inet:host; description "The destination IP address or hostname of the Collecting Process to which IPFIX Messages are sent. A hostname may resolve to one or more IP addresses."; } } } } } leaf maximum-packet-size { type uint16; units octets; description "This parameter specifies the maximum size of IP packets sent to the Collector. If set to zero, the Exporting Device MUST derive the maximum packet size from path MTU discovery mechanisms. If not configured by the user, this parameter is set by the Monitoring Device."; } leaf template-refresh-timeout { type uint32; units seconds; default 600; description "Sets time after which Templates are resent in the UDP Transport Session. Note that the configured lifetime MUST be adapted to the template-life-time parameter value at the receiving Collecting Process. Note that this parameter corresponds to ipfixTransportSessionTemplateRefreshTimeout in the IPFIX MIB module."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionTemplateRefreshTimeout)."; } leaf options-template-refresh-timeout { type uint32; units seconds; default 600; description "Sets time after which Options Templates are resent in the UDP Transport Session. Note that the configured lifetime MUST be adapted to the options-template-life-time parameter value at the receiving Collecting Process. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshTimeout in the IPFIX MIB module."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplateRefreshTimeout)."; } leaf template-refresh-packet { type uint32; units "IPFIX Messages"; description "Sets number of IPFIX Messages after which Templates are resent in the UDP Transport Session. Note that this parameter corresponds to ipfixTransportSessionTemplateRefreshPacket in the IPFIX MIB module. If omitted, Templates are only resent after timeout."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionTemplateRefreshPacket)."; } leaf options-template-refresh-packet { type uint32; units "IPFIX Messages"; description "Sets number of IPFIX Messages after which Options Templates are resent in the UDP Transport Session protocol. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB module. If omitted, Templates are only resent after timeout."; reference "RFC 7011, Section 8.4; RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplateRefreshPacket)."; } uses transport-layer-security-parameters; } grouping sctp-exporter-parameters { description "Parameters of a SCTP export destination."; uses common-exporter-parameters { augment "source/source-method" { description "Augment the source method to add the source IP address or hostname."; case source-address { leaf-list source-address { type inet:host; description "The source IP address(es) or hostname(s) used by the Exporting Process."; } } } augment "destination" { description "Augment the destination method to add the destination IP address or hostname."; choice destination-method { mandatory true; description "Method to configuring the destination address of the Collection Process to which IPFIX Messages are sent. Note it is expected that if other methods are available that they would augment from this statement."; case destination-address { leaf-list destination-address { type inet:host; description "List of destination IP addresses or hostnames. A hostname may resolve to one or more IP addresses. The user must ensure that all configured IP addresses belong to the same Collecting Process. The SCTP Exporting Processs tries to establish an SCTP association to any of the configured destination IP addresses."; } } } } } leaf timed-reliability { type uint32; units milliseconds; default 0; description "Lifetime in milliseconds until an IPFIX Message containing Data Sets only is 'abandoned' due to the timed reliability mechanism of PR-SCTP. If this parameter is set to zero, reliable SCTP transport is used for all Data Records. Regardless of the value of this parameter, the Exporting Process MAY use reliable SCTP transport for Data Sets associated with Options Templates."; reference "RFC 3758; RFC 4960."; } leaf association-timeout { type uint32; units seconds; description "Time after which the exporting process deems the SCTP association to have failed."; reference "RFC 7011, Sections 10.2.4 and 10.2.5."; } uses transport-layer-security-parameters; } grouping file-writer-state-parameters { description "State Parameters for the File Writer."; container file-writer-state { config false; description "File Writer parameters."; leaf bytes { type yang:counter64; units octets; description "The number of bytes written by the File Writer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf messages { type yang:counter64; units "IPFIX Messages"; description "The number of IPFIX Messages written by the File Writer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf discarded-messages { type yang:counter64; units "IPFIX Messages"; description "The number of IPFIX Messages that could not be written by the File Writer due to internal buffer overflows, limited storage capacity, etc. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf records { type yang:counter64; units "Data Records"; description "The number of Data Records written by the File Writer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf templates { type yang:counter32; units "Templates"; description "The number of Template Records (excluding Options Template Records) written by the File Writer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf options-templates { type yang:counter32; units "Options Templates"; description "The number of Options Template Records written by the File Writer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of file-writer-discontinuity-time."; } leaf file-writer-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which one or more File Writer counters suffered a discontinuity. In contrast to discontinuity times in the IPFIX MIB module, the time is absolute and not relative to sysUpTime."; } uses export-template-state-parameters; } } grouping exporting-process-parameters { description "Parameters of an Exporting Process."; leaf export-mode { type identityref { base export-mode; } default 'parallel'; description "This parameter determines to which configured destination(s) the incoming Data Records are exported."; } list destination { key "name"; min-elements 1; description "List of export destinations."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the export destination."; } choice destination-parameters { mandatory true; description "Destination configuration."; case tcp-exporter { container tcp-exporter { if-feature tcp-transport; description "TCP parameters."; uses tcp-exporter-parameters; container transport-session { config false; description "Transport session state data."; uses transport-session-state-parameters; uses export-template-state-parameters; } } } case udp-exporter { container udp-exporter { if-feature udp-transport; description "UDP parameters."; uses udp-exporter-parameters; container transport-session { config false; description "Transport session state data."; uses transport-session-state-parameters; uses export-template-state-parameters; } } } case sctp-exporter { container sctp-exporter { if-feature sctp-transport; description "SCTP parameters."; uses sctp-exporter-parameters; container transport-session { config false; description "Transport session state data."; leaf sctp-association-id { type uint32; description "The association ID used for the SCTP session between the Exporter and the Collector of the IPFIX Transport Session. It is equal to the sctpAssocId entry in the sctpAssocTable defined in the SCTP-MIB. This parameter is only available if the transport protocol is SCTP and if an SNMP agent on the same Monitoring Device enables access to the corresponding MIB objects in the sctpAssocTable. Note that this parameter corresponds to ipfixTransportSessionSctpAssocId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionSctpAssocId); RFC 3871"; } uses transport-session-state-parameters; uses export-template-state-parameters; } } } case file-writer { container file-writer { if-feature file-writer; description "File Writer parameters."; leaf ipfix-version { type uint16; default 10; description "IPFIX version number."; reference "RFC 7011."; } leaf file { type inet:uri; mandatory true; description "URI specifying the location of the file."; } uses file-writer-state-parameters; } } } } list options { key "name"; description "List of options reported by the Exporting Process."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the option."; } uses options-parameters; } } grouping options-parameters { description "Parameters specifying the data export using an Options Template."; leaf options-type { type identityref { base options-type; } mandatory true; description "Type of the exported options data."; } leaf options-timeout { type uint32; units "milliseconds"; description "Time interval for periodic export of the options data. If set to zero, the export is triggered when the options data has changed. If not configured by the user, this parameter is set by the Monitoring Device."; } } container ipfix { description "IPFIX Exporter and/or Collector data nodes."; list collecting-process { if-feature collector; key "name"; description "Collecting Process of the Monitoring Device."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the Collecting Process."; } uses collecting-process-parameters; leaf-list exporting-process { if-feature exporter; type leafref { path "/ietf-ipfix:ipfix" + "/ietf-ipfix:exporting-process" + "/ietf-ipfix:name"; } description "Export of received records without any modifications. Records are processed by all Exporting Processes in the list."; } } list exporting-process { if-feature exporter; key "name"; description "List of Exporting Processes of the IPFIX Monitoring Device for which configuration will be applied."; leaf name { type name-type; description "An arbitrary string which uniquely identifies the Exporting Process."; } leaf enabled { type boolean; default "true"; description "If true, this Exporting Process is enabled for exporting."; } uses exporting-process-parameters; leaf exporting-process-id { type uint32; config false; description "The identifier of the Exporting Process. This parameter corresponds to the Information Element exportingProcessId. Its occurrence helps to associate Exporting Process parameters with Exporing Process statistics exported by the Monitoring Device using the Exporting Process Reliability Statistics Template as defined by the IPFIX protocol specification."; reference "RFC 7011, Section 4.3; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } } } }
<CODE ENDS>
This document defines the YANG module "ietf-ipfix-packet-sampling", which has the following structure:
module: ietf-ipfix-packet-sampling augment /ipfix:ipfix: +--rw psamp +--rw observation-point* [name] | +--rw name ipfix:name-type | +--rw observation-domain-id uint32 | +--rw interface-ref* if:interface-ref | +--rw if-name* if-name-type {if-mib}? | +--rw if-index* uint32 {if-mib}? | +--rw hardware-ref* hardware-ref | +--rw ent-physical-name* string {entity-mib}? | +--rw ent-physical-index* uint32 {entity-mib}? | +--rw direction? direction | +--rw selection-process* | | -> /ipfix:ipfix/psamp/selection-process/name | +--ro observation-point-id? uint32 +--rw selection-process* [name] | +--rw name ipfix:name-type | +--rw selector* [name] | | ... | +--rw cache? | | -> /ipfix:ipfix/psamp/cache/name | +--ro selection-sequence* [] | ... +--rw cache* [name] +--rw name ipfix:name-type +--rw enabled? boolean +--rw (cache-type) | ... +--rw exporting-process* | -> /ipfix:ipfix/exporting-process/name | {ipfix:exporter}? +--ro metering-process-id? uint32 +--ro data-records? yang:counter64 +--ro cache-discontinuity-time? yang:date-and-time
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix-packet-sampling@2018-10-22.yang"
module ietf-ipfix-packet-sampling { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling"; prefix ips; import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A YANG Model for Interface Management"; } import ietf-hardware { prefix hw; reference "RFC 8348: A YANG Data Model for Hardware Management"; } import ietf-ipfix { prefix ipfix; reference "RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export"; } organization "IETF"; contact "Web: TBD List: TBD Editor: Joey Boyd <mailto:joey.boyd@adtran.com> Editor: Marta Seda <mailto:marta.seda@calix.com>"; // RFC Ed.: replace XXXX with actual RFC numbers and // remove this note. description "This module contains a collection of YANG definitions for the management Packet Sampling (PSAMP) over IPFIX. This data model is designed for the Network Management Datastore Architecture defined in RFC 8342. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2019 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices."; revision 2020-03-05 { description "Initial revision."; reference "RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export"; } feature if-mib { description "This feature indicates that the device implements the IF-MIB."; reference "RFC 2863: The Interfaces Group MIB"; } feature entity-mib { description "This feature indicates that the device implements the ENTITY-MIB."; reference "RFC 6933: Entity MIB (Version 4)"; } feature psamp-samp-count-based { description "If supported, the Monitoring Device supports count-based sampling. The Selector method sampCountBased can be configured."; reference "RFC 5475, Section 5.1"; } feature psamp-samp-time-based { description "If supported, the Monitoring Device supports time-based sampling. The Selector method sampTimeBased can be configured."; reference "RFC 5475, Section 5.1"; } feature psamp-samp-rand-out-of-n { description "If supported, the Monitoring Device supports random n-out-of-N sampling. The Selector method sampRandOutOfN can be configured."; reference "RFC 5475, Section 5.2.1"; } feature psamp-samp-uni-prob { description "If supported, the Monitoring Device supports uniform probabilistic sampling. The Selector method sampUniProb can be configured."; reference "RFC 5475, Section 5.2.2"; } feature psamp-filter-match { description "If supported, the Monitoring Device supports property match filtering. The Selector method filterMatch can be configured."; reference "RFC 5475, Section 6.1"; } feature psamp-filter-hash { description "If supported, the Monitoring Device supports hash-based filtering. The Selector method filterHash can be configured."; reference "RFC 5475, Section 6.2"; } feature immediate-cache { description "If supported, the Monitoring Device supports Caches generating PSAMP Packet Reports by configuration with immediateCache."; } feature timeout-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with timeoutCache."; } feature natural-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with naturalCache."; } feature permanent-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with permanentCache."; } identity hash-function { description "Base identity for all hash functions used for hash-based packet Filtering."; } identity bob { base hash-function; description "BOB hash function."; reference "RFC 5475, Section 6.2.4.1"; } identity ipsx { base hash-function; description "IPSX hash function."; reference "RFC 5475, Section 6.2.4.1"; } identity crc { base hash-function; description "CRC hash function."; reference "RFC 5475, Section 6.2.4.1"; } typedef hardware-ref { type leafref { path "/hw:hardware/hw:component/hw:name"; } description "This type is used to reference hardware components."; reference "RFC 8348"; } typedef if-name-type { type string { length "1..255"; } description "This corresponds to the DisplayString textual convention of SNMPv2-TC, which is used for ifName in the IF MIB module."; reference "RFC 2863 (ifName)"; } typedef direction { type enumeration { enum "ingress" { value 0; description "This value is used for monitoring incoming packets."; } enum "egress" { value 1; description "This value is used for monitoring outgoing packets."; } enum "both" { value 2; description "This value is used for monitoring incoming and outgoing packets."; } } description "Direction of packets going through an interface."; } grouping observation-point-parameters { description "Interface as input to Observation Point."; leaf observation-domain-id { type uint32; mandatory true; description "The Observation Domain ID associates the Observation Point to an Observation Domain. Observation Points with identical Observation Domain IDs belong to the same Observation Domain. Note that this parameter corresponds to ipfixObservationPointObservationDomainId in the IPFIX MIB module."; reference "RFC 7011; RFC 6615, Section 8 (ipfixObservationPointObservationDomainId)"; } leaf-list interface-ref { type if:interface-ref; description "List of interfaces of the Monitoring Device. The Observation Point observes packets at the specified interfaces."; } leaf-list if-name { if-feature if-mib; type if-name-type; description "List of names identifying interfaces of the Monitoring Device. The Observation Point observes packets at the specified interfaces."; } leaf-list if-index { if-feature if-mib; type uint32; description "List of if-index values pointing to entries in the ifTable of the IF-MIB module maintained by the Monitoring Device. The Observation Point observes packets at the specified interfaces. This parameter SHOULD only be used if an SNMP agent enables access to the ifTable. Note that this parameter corresponds to ipfixObservationPointPhysicalInterface in the IPFIX MIB module."; reference "RFC 2863; RFC 6615, Section 8 (ipfixObservationPointPhysicalInterface)"; } leaf-list hardware-ref { type hardware-ref; description "List of hardware components of the Monitoring Device. The Observation Points observes packets at the specified hardware components."; reference "RFC 8348"; } leaf-list ent-physical-name { if-feature entity-mib; type string; description "List of names identifying physical entities of the Monitoring Device. The Observation Point observes packets at the specified entities."; } leaf-list ent-physical-index { if-feature entity-mib; type uint32; description "List of ent-physical-index values pointing to entries in the entPhysicalTable of the ENTITY-MIB module maintained by the Monitoring Device. The Observation Point observes packets at the specified entities. This parameter SHOULD only be used if an SNMP agent enables access to the entPhysicalTable. Note that this parameter corresponds to ipfixObservationPointPhysicalEntity in the IPFIX MIB module."; reference "RFC 33; RFC 6615, Section 8 (ipfixObservationPointPhysicalInterface)"; } leaf direction { type direction; default "both"; description "Direction of packets. If not applicable (e.g., in the case of a sniffing interface in promiscuous mode), this parameter is ignored."; } } grouping samp-count-based-parameters { description "Configuration parameters of a Selector applying systematic count-based packet Sampling to the packet stream."; reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1."; leaf packet-interval { type uint32; units "packets"; mandatory true; description "The number of packets that are consecutively sampled between gaps of length packetSpace. This parameter corresponds to the Information Element samplingPacketInterval and to psampSampCountBasedInterval in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.2; RFC 6727, Section 6 (psampSampCountBasedInterval)"; } leaf packet-space { type uint32; units "packets"; mandatory true; description "The number of unsampled packets between two Sampling intervals. This parameter corresponds to the Information Element samplingPacketSpace and to psampSampCountBasedSpace in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.3; RFC 6727, Section 6 (psampSampCountBasedSpace)"; } } grouping samp-time-based-parameters { description "Configuration parameters of a Selector applying systematic time-based packet Sampling to the packet stream."; reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2"; leaf time-interval { type uint32; units "microseconds"; mandatory true; description "The time interval in microseconds during which all arriving packets are sampled between gaps of length timeSpace. This parameter corresponds to the Information Element samplingTimeInterval and to psampSampTimeBasedInterval in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.4; RFC 6727, Section 6 (psampSampTimeBasedInterval)"; } leaf time-space { type uint32; units "microseconds"; mandatory true; description "The time interval in microseconds during which no packets are sampled between two Sampling intervals specified by timeInterval. This parameter corresponds to the Information Element samplingTimeInterval and to psampSampTimeBasedSpace in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.5; RFC 6727, Section 6 (psampSampTimeBasedSpace)"; } } grouping samp-rand-out-of-n-parameters { description "Configuration parameters of a Selector applying n-out-of-N packet Sampling to the packet stream."; reference "RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3."; leaf size { type uint32; units "packets"; mandatory true; description "The number of elements taken from the parent population. This parameter corresponds to the Information Element samplingSize and to psampSampRandOutOfNSize in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.6; RFC 6727, Section 6 (psampSampRandOutOfNSize)"; } leaf population { type uint32; units "packets"; mandatory true; description "The number of elements in the parent population. This parameter corresponds to the Information Element samplingPopulation and to psampSampRandOutOfNPopulation in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.7; RFC 6727, Section 6 (psampSampRandOutOfNPopulation)"; } } grouping samp-uni-prob-parameters { description "Configuration parameters of a Selector applying uniform probabilistic packet Sampling (with equal probability per packet) to the packet stream."; reference "RFC 5475, Section 5.2.2.1; RFC 5476, Section 6.5.2.4"; leaf probability { type decimal64 { fraction-digits 18; range "0..1"; } mandatory true; description "Probability that a packet is sampled, expressed as a value between 0 and 1. The probability is equal for every packet. This parameter corresponds to the Information Element samplingProbability and to psampSampUniProbProbability in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.8; RFC 6727, Section 6 (psampSampUniProbProbability)"; } } grouping filter-match-parameters { description "Configuration parameters of a Selector applying property match Filtering to the packet stream. The field to be matched is specified as an Information Element."; reference "RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5"; choice information-element { mandatory true; description "The Information Element field to be matched."; case ie-name { leaf ie-name { type ipfix:ie-name-type; description "Name of the Information Element."; } } case ie-id { leaf ie-id { type ipfix:ie-id-type; description "ID of the Information Element."; } } } leaf ie-enterprise-number { type uint32; default '0'; description "If this parameter is zero, the Information Element is registered in the IANA registry of IPFIX Information Elements. If this parameter is configured with a non-zero private enterprise number, the Information Element is enterprise-specific."; reference "IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } leaf value { type string; mandatory true; description "Matching value of the Information Element"; } } grouping filter-hash-parameters { description "Configuration parameters of a Selector applying hash-based Filtering to the packet stream."; reference "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6"; leaf hash-function { type identityref { base hash-function; } default 'bob'; description "Hash function to be applied. According to RFC 5475, Section 6.2.4.1, 'BOB' must be used in order to be compliant with PSAMP. This parameter functionally corresponds to psampFiltHashFunction in the PSAMP MIB module."; reference "RFC 6727, Section 6 (psampFiltHashFunction)"; } leaf initializer-value { type uint64; description "Initializer value to the hash function. If not configured by the user, the Monitoring Device arbitrarily chooses an initializer value. This parameter corresponds to the Information Element hashInitialiserValue and to psampFiltHashInitializerValue in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.9; RFC 6727, Section 6 (psampFiltHashInitializerValue)"; } leaf ip-payload-offset { type uint64; units "octets"; default '0'; description "IP payload offset indicating the position of the first payload byte considered as input to the hash function. Default value 0 corresponds to the minimum offset that must be configurable according to RFC 5476, Section 6.5.2.6. This parameter corresponds to the Information Element hashIPPayloadOffset and to psampFiltHashIpPayloadOffset in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.2; RFC 6727, Section 6 (psampFiltHashIpPayloadOffset)"; } leaf ip-payload-size { type uint64; units "octets"; default '8'; description "Number of IP payload bytes used as input to the hash function, counted from the payload offset. If the IP payload is shorter than the payload range, all available payload octets are used as input. Default value 8 corresponds to the minimum IP payload size that must be configurable according to RFC 5476, Section 6.5.2.6. This parameter corresponds to the Information Element hashIPPayloadSize and to psampFiltHashIpPayloadSize in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.3; RFC 6727, Section 6 (psampFiltHashIpPayloadSize)"; } leaf digest-output { type boolean; default 'false'; description "If true, the output from this Selector is included in the Packet Report as a packet digest. Therefore, the configured Cache Layout needs to contain a digestHashValue field. This parameter corresponds to the Information Element hashDigestOutput."; reference "RFC 5477, Section 8.3.8"; } list selected-range { key "name"; min-elements 1; description "List of hash function return ranges for which packets are selected."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the hash function's selected range."; } leaf min { type uint64; description "Beginning of the hash function's selected range. This parameter corresponds to the Information Element hashSelectedRangeMin and to psampFiltHashSelectedRangeMin in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.6; RFC 6727, Section 6 (psampFiltHashSelectedRangeMin)"; } leaf max { type uint64; description "End of the hash function's selected range. This parameter corresponds to the Information Element hashSelectedRangeMax and to psampFiltHashSelectedRangeMax in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.7; RFC 6727, Section 6 (psampFiltHashSelectedRangeMax)"; } } } grouping filter-hash-parameters-state { description "Configuration parameters of a Selector applying hash-based Filtering to the packet stream."; reference "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6"; leaf output-range-min { type uint64; config false; description "Beginning of the hash function's potential range. This parameter corresponds to the Information Element hashOutputRangeMin and to psampFiltHashOutputRangeMin in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.4; RFC 6727, Section 6 (psampFiltHashOutputRangeMin)"; } leaf output-range-max { type uint64; config false; description "End of the hash function's potential range. This parameter corresponds to the Information Element hashOutputRangeMax and to psampFiltHashOutputRangeMax in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.5; RFC 6727, Section 6 (psampFiltHashOutputRangeMax)"; } } grouping selector-parameters { description "Configuration and state parameters of a Selector."; choice method { mandatory true; description "Packet selection method applied by the Selector."; case select-all { leaf select-all { type empty; description "Method that selects all packets."; } } case samp-count-based { container samp-count-based { if-feature psamp-samp-count-based; description "Systematic count-based packet Sampling."; uses samp-count-based-parameters; } } case samp-time-based { container samp-time-based { if-feature psamp-samp-time-based; description "Systematic time-based packet Sampling."; uses samp-time-based-parameters; } } case samp-rand-out-of-n { container samp-rand-out-of-n { if-feature psamp-samp-rand-out-of-n; description "n-out-of-N packet Sampling."; uses samp-rand-out-of-n-parameters; } } case samp-uni-prob { container samp-uni-prob { if-feature psamp-samp-uni-prob; description "Uniform probabilistic packet Sampling."; uses samp-uni-prob-parameters; } } case filter-match { container filter-match { if-feature psamp-filter-match; description "Property match Filtering."; uses filter-match-parameters; } } case filter-hash { container filter-hash { if-feature psamp-filter-hash; description "Hash-based Filtering."; uses filter-hash-parameters; uses filter-hash-parameters-state; } } } } grouping selector-parameters-state { description "Configuration and state parameters of a Selector."; leaf packets-observed { type yang:counter64; config false; description "The number of packets observed at the input of the Selector. If this is the first Selector in the Selection Process, this counter corresponds to the total number of packets in all Observed Packet Streams at the input of the Selection Process. Otherwise, the counter corresponds to the total number of packets at the output of the preceding Selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selectorDiscontinuityTime. Note that this parameter corresponds to ipfixSelectorStatsPacketsObserved in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixSelectorStatsPacketsObserved)"; } leaf packets-dropped { type yang:counter64; config false; description "The total number of packets discarded by the Selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selectorDiscontinuityTime. Note that this parameter corresponds to ipfixSelectorStatsPacketsDropped in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixSelectorStatsPacketsDropped)"; } leaf selector-discontinuity-time { type yang:date-and-time; config false; description "Timestamp of the most recent occasion at which one or more of the Selector counters suffered a discontinuity. Note that this parameter functionally corresponds to ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixSelectionProcessStatsDiscontinuityTime)"; } } grouping cache-layout-parameters { description "Cache Layout parameters used by immediate cache, timeout cache, natural cache, and permanent cache."; container cache-layout { description "Cache Layout parameters."; list cache-field { key "name"; min-elements 1; description "Superset of fields that are included in the Packet Reports or Flow Records generated by the Cache."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the cache field."; } choice information-element { mandatory true; description "The Information Element to be added to the template."; reference "RFC 7012, Section 2; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix"; case ie-name { leaf ie-name { type ipfix:ie-name-type; description "Name of the Information Element."; } } case ie-id { leaf ie-id { type ipfix:ie-id-type; description "ID of the Information Element."; } } } leaf ie-length { type uint16; units "octets"; description "Length of the field in which the Information Element is encoded. A value of 65535 specifies a variable-length Information Element. For Information Elements of integer and float type, the field length MAY be set to a smaller value than the standard length of the abstract data type if the rules of reduced size encoding are fulfilled. If not configured by the user, this parameter is set by the Monitoring Device."; reference "RFC 7011, Section 6.2"; } leaf ie-enterprise-number { type uint32; default '0'; description "If this parameter is zero, the Information Element is registered in the IANA registry of IPFIX Information Elements. If this parameter is configured with a non-zero private enterprise number, the Information Element is enterprise-specific. If the enterprise number is set to 29305, this field contains a Reverse Information Element. In this case, the Cache MUST generate Data Records in accordance to RFC 5103."; reference "RFC 7011; RFC 5103; IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix"; } } } } grouping flow-cache-base-parameters { description "Configuration parameters of a Cache generating Flow Records which are common to all Cache types."; leaf max-flows { type uint32; units "flows"; description "This parameter configures the maximum number of Flows in the Cache, which is the maximum number of Flows that can be measured simultaneously. The Monitoring Device MUST ensure that sufficient resources are available to store the configured maximum number of Flows. If the maximum number of Flows is measured, an additional Flow can be measured only if an existing entry is removed. However, traffic that pertains to existing Flows can continue to be measured."; } } grouping flow-permanent-cache-parameters { description "Configuration parameters of a Permanent Cache generating Flow Records."; uses flow-cache-base-parameters; leaf export-interval { type uint32; units "seconds"; description "This parameter configures the interval (in seconds) for periodical export of Flow Records. If not configured by the user, the Monitoring Device sets this parameter."; } } grouping flow-timeout-natural-cache-parameters { description "Configuration parameters of a Timeout or Natural Cache generating Flow Records."; uses flow-cache-base-parameters; leaf active-timeout { type uint32; units "seconds"; description "This parameter configures the time in seconds after which a Flow is expired even though packets matching this Flow are still received by the Cache. The parameter value zero indicates infinity, meaning that there is no active timeout. If not configured by the user, the Monitoring Device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheActiveTimeout)"; } leaf idle-timeout { type uint32; units "seconds"; description "This parameter configures the time in seconds after which a Flow is expired if no more packets matching this Flow are received by the Cache. The parameter value zero indicates infinity, meaning that there is no idle timeout. If not configured by the user, the Monitoring Device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheIdleTimeout in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheIdleTimeout)"; } } grouping flow-cache-parameters-state { description "State parameters of a Cache generating Flow Records."; leaf active-flows { type yang:gauge32; units "flows"; config false; description "The number of Flows currently active in this Cache. Note that this parameter corresponds to ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheActiveFlows)"; } leaf unused-cache-entries { type yang:gauge32; units "flows"; config false; description "The number of unused Cache entries in this Cache. Note that this parameter corresponds to ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheUnusedCacheEntries)"; } } augment '/ipfix:ipfix' { description "Augment IPFIX to add PSAMP."; container psamp { description "Container for PSAMP nodes."; list observation-point { key "name"; description "Observation Point of the Monitoring Device."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the Observation Point."; } uses observation-point-parameters; leaf-list selection-process { type leafref { path "/ipfix:ipfix/psamp/selection-process/name"; } description "Selection Processes in this list process packets in parallel."; } leaf observation-point-id { type uint32; config false; description "Observation Point ID (i.e., the value of the Information Element observationPointId) assigned by the Monitoring Device."; reference "IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix"; } } list selection-process { key "name"; description "Selection Process of the Monitoring Device."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the Selectiong Process."; } list selector { key "name"; min-elements 1; ordered-by user; description "List of Selectors that define the action of the Selection Process on a single packet. The Selectors are serially invoked in the same order as they appear in this list."; leaf name { type ipfix:name-type; description "Name of the selector."; } uses selector-parameters; uses selector-parameters-state; } leaf cache { type leafref { path "/ipfix:ipfix/psamp/cache/name"; } description "Cache that receives the output of the Selection Process."; } list selection-sequence { config false; description "This list contains the Selection Sequence IDs that are assigned by the Monitoring Device to distinguish different Selection Sequences passing through the Selection Process. As Selection Sequence IDs are unique per Observation Domain, the corresponding Observation Domain IDs are included as well. With this information, it is possible to associate Selection Sequence (Statistics) Report Interpretations exported according to the PSAMP protocol with a Selection Process in the configuration data."; reference "RFC 5476"; leaf observation-domain-id { type uint32; description "Observation Domain ID for which the Selection Sequence ID is assigned."; } leaf selection-sequence-id { type uint64; description "Selection Sequence ID used in the Selection Sequence (Statistics) Report Interpretation."; } } } list cache { key "name"; description "Cache of the Monitoring Device."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the cache."; } leaf enabled { type boolean; default "true"; description "If true, this cache is enabled and the specified data is able to be exported."; } choice cache-type { mandatory true; description "Type of Cache and specific parameters."; case immediate-cache { container immediate-cache { if-feature immediate-cache; description "Flow expiration after the first packet; generation of Packet Records."; uses cache-layout-parameters; } } case timeout-cache { container timeout-cache { if-feature timeout-cache; description "Flow expiration after active and idle timeout; generation of Flow Records."; uses flow-timeout-natural-cache-parameters; uses cache-layout-parameters { augment "cache-layout/cache-field" { description "Augment the Cache layout with timeout cache specific configuration."; leaf is-flow-key { when "../ie-enterprise-number != 29305" { description "This parameter is not available for Reverse Information Elements (which have enterprise number 29305)."; } type empty; description "If present, this is a flow key."; } } } uses flow-cache-parameters-state; } } case natural-cache { container natural-cache { if-feature natural-cache; description "Flow expiration after active and idle timeout, or on natural termination (e.g., TCP FIN or TCP RST) of the Flow; generation of Flow Records."; uses flow-timeout-natural-cache-parameters; uses cache-layout-parameters { augment "cache-layout/cache-field" { description "Augment the Cache layout with timeout cache specific configuration."; leaf is-flow-key { when "../ie-enterprise-number != 29305" { description "This parameter is not available for Reverse Information Elements (which have enterprise number 29305)."; } type empty; description "If present, this is a flow key."; } } } uses flow-cache-parameters-state; } } case permanent-cache { container permanent-cache { if-feature permanent-cache; description "No flow expiration, periodical export with time interval exportInterval; generation of Flow Records."; uses flow-permanent-cache-parameters; uses cache-layout-parameters { augment "cache-layout/cache-field" { description "Augment the Cache layout with timeout cache specific configuration."; leaf is-flow-key { when "../ie-enterprise-number != 29305" { description "This parameter is not available for Reverse Information Elements (which have enterprise number 29305)."; } type empty; description "If present, this is a flow key."; } } } uses flow-cache-parameters-state; } } } leaf-list exporting-process { if-feature ipfix:exporter; type leafref { path "/ipfix:ipfix" + "/ipfix:exporting-process" + "/ipfix:name"; } description "Records are exported by all Exporting Processes in the list."; } leaf metering-process-id { type uint32; config false; description "The identifier of the Metering Process this Cache belongs to. This parameter corresponds to the Information Element meteringProcessId. Its occurrence helps to associate Cache parameters with Metering Process statistics exported by the Monitoring Device using the Metering Process (Reliability) Statistics Template as defined by the IPFIX protocol specification."; reference "RFC 7011, Sections 4.1 and 4.2; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix"; } leaf data-records { type yang:counter64; units "Data Records"; config false; description "The number of Data Records generated by this Cache. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of cacheDiscontinuityTime. Note that this parameter corresponds to ipfixMeteringProcessDataRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessDataRecords)"; } leaf cache-discontinuity-time { type yang:date-and-time; config false; description "Timestamp of the most recent occasion at which the counter dataRecords suffered a discontinuity. Note that this parameter functionally corresponds to ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixMeteringProcessDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixMeteringProcessDiscontinuityTime)"; } } } } }
<CODE ENDS>
This document defines the YANG module "ietf-ipfix-bulk-data-export", which has the following tentative structure:
module: ietf-ipfix-bulk-data-export augment /ipfix:ipfix: +--rw bulk-data-export +--rw template* [name] +--rw name ipfix:name-type +--rw enabled? boolean +--rw export-interval? uint32 +--rw observation-domain-id? uint32 +--rw field-layout | ... +--rw exporting-process* | -> /ipfix:ipfix/exporting-process/name | {ipfix:exporter}? +--rw (resource-identifier)? | ... +--ro data-records? yang:counter64 +--ro discontinuity-time? yang:date-and-time
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix-bulk-data-export@2018-11-15.yang"
module ietf-ipfix-bulk-data-export { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export"; prefix ibde; import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-ipfix { prefix ipfix; reference "RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export"; } organization "IETF"; contact "Web: TBD List: TBD Editor: Joey Boyd <mailto:joey.boyd@adtran.com> Editor: Marta Seda <mailto:marta.seda@calix.com>"; // RFC Ed.: replace XXXX with actual RFC numbers and // remove this note. description "This module contains a collection of YANG definitions for the management exporting bulk data over IPFIX. This data model is designed for the Network Management Datastore Architecture defined in RFC 8342. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2019 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices."; revision 2020-03-05 { description "Initial revision."; reference "RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export"; } feature bulk-data { description "If supported, bulk data templates can be configured."; } typedef resource { type instance-identifier { require-instance false; } description "A resource from which bulk data will be exported."; } grouping bulk-data-template-parameters { description "Field Layout parameters."; leaf observation-domain-id { type uint32; default 0; description "An identifier of an Observation Domain that is locally unique to an Exporting Process (see RFC 7011 Section 3.1). Typically, this Information Element is for limiting the scope of other Information Elements. A value of 0 indicates that no specific Observation Domain is identified by this Information Element."; } container field-layout { description "Field Layout parameters."; list field { key name; min-elements 1; description "Superset of statistics field names or special field-names (e.g., timestamps, etc) for interpreting statistics that are included in the Packet Reports or Flow Records generated by the device."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the field."; } choice identifier { mandatory true; description "The Information Element to be added to the template."; case ie-name { leaf ie-name { type ipfix:ie-name-type; description "Name of the Information Element."; } } case ie-id { leaf ie-id { type ipfix:ie-id-type; description "ID of the Information Element."; } } } leaf ie-length { type uint16; units octets; description "Length of the field in which the Information Element is encoded. A value of 65535 specifies a variable-length Information Element. For Information Elements of integer and float type, the field length MAY be set to a smaller value than the standard length of the abstract data type if the rules of reduced size encoding are fulfilled. If not configured by the user, this parameter is set by the Monitoring Device."; reference "RFC 7011, Section 6.2"; } leaf ie-enterprise-number { type uint32; default 0; description "If this parameter is zero, the Information Element is registered in the IANA registry of IPFIX Information Elements or unspecified (if the Informational Element is not IANA registered). If this parameter is configured with a non-zero private enterprise number, the Information Element is enterprise-specific."; reference "RFC 7011; RFC 5103; IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix"; } } } } augment "/ipfix:ipfix" { description "Augment IPFIX to add bulk data."; container bulk-data-export { description "Container for bulk data export nodes."; list template { key name; description "List of bulk data templates of the Monitoring Device."; leaf name { type ipfix:name-type; description "An arbitrary string which uniquely identifies the bulk data template."; } leaf enabled { type boolean; default "true"; description "If true, this template is enabled and the specified data is able to be exported."; } leaf export-interval { type uint32; units "seconds"; description "This parameter configures the interval (in seconds) for periodical export of Flow Records. If not configured by the user, the Monitoring Device sets this parameter."; } uses bulk-data-template-parameters; leaf-list exporting-process { if-feature ipfix:exporter; type leafref { path "/ipfix:ipfix" + "/ipfix:exporting-process" + "/ipfix:name"; } description "Records are exported by all Exporting Processes in the list."; } choice resource-identifier { description "Method to select the resources from which the records are to be exported."; case resource-instance { leaf-list resource-instance { type resource; description "Records are sourced from all the resources in this list."; } } } leaf data-records { type yang:counter64; units "Data Records"; config false; description "The number of Data Records generated for this sampling template. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of Discontinuity Time."; } leaf discontinuity-time { type yang:date-and-time; config false; description "Timestamp of the most recent occasion at which the counter data records suffered a discontinuity."; } } } } }
<CODE ENDS>
This document registers 3 URIs in the "IETF XML Registry". [RFC3688]. Following the format in RFC 3688, the following registrations have been made.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
This document registers 3 YANG modules in the "YANG Module Names" registry. Following the format in [RFC7950], the following have been registered.
Name: ietf-ipfix Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix Prefix: ietf-ipfix Reference: RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
Name: ietf-ipfix-packet-sampling Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling Prefix: ietf-ipfix-packet-sampling Reference: RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
Name: ietf-ipfix-bulk-data-export Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export Prefix: ietf-bde Reference: RFC XXXX: YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].
The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., NETCONF edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
The authors would like to thank Anand Arokiaraj and William Lupton for their contributions towards creation of this document and associated YANG data models.
This configuration example configures an IPFIX exporter for a [BBF.TR-352] ICTP Proxy.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix"> <exporting-process> <name>TR352-exporter</name> <enabled>true</enabled> <destination> <name>ICTP-Proxy1-collector</name> <tcp-exporter> <source> <source-address>192.100.2.1</source-address> </source> <destination> <destination-address>proxy1.sys.com</destination-address> </destination> </tcp-exporter> </destination> <options> <name>Options 1</name> <options-type>extended-type-information</options-type> <options-timeout>0</options-timeout> </options> </exporting-process> </ipfix>
This configuration example configures an IPFIX mediator.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix"> <collecting-process> <name>OLT-collector</name> <tcp-collector> <name>myolt-tcp-collector</name> <local-address>192.100.2.1</local-address> </tcp-collector> <exporting-process>OLT-exporter</exporting-process> </collecting-process> <exporting-process> <name>OLT-exporter</name> <enabled>true</enabled> <destination> <name>big-collector</name> <tcp-exporter> <source> <source-address>192.100.2.1</source-address> </source> <destination> <destination-address>collect1.sys.com</destination-address> </destination> </tcp-exporter> </destination> <options> <name>Options 1</name> <options-type>extended-type-information</options-type> <options-timeout>0</options-timeout> </options> </exporting-process> </ipfix>
This configuration example configures two Observation Points capturing ingress traffic at eth0 and all traffic at eth1. Both Observed Packet Streams enter two different Selection Processes. The first Selection Process implements a Composite Selector of a filter for UDP packets and a random sampler. The second Selection Process implements a Primitive Selector of an ICMP filter. The Selected Packet Streams of both Selection Processes enter the same Cache. The Cache generates a PSAMP Packet Report for every selected packet.
The associated Exporting Process exports to a Collector using PR-SCTP and DTLS. The TLS/DTLS parameters specify that the collector must supply a certificate for the FQDN collector.example.net. Valid certificates from any certification authority will be accepted. As the destination transport port is omitted, the standard IPFIX-over-DTLS port 4740 is used.
The parameters of the Selection Processes are reported as Selection Sequence Report Interpretations and Selector Report Interpretations [RFC5476]. There will be two Selection Sequence Report Interpretations per Selection Process, one for each Observation Point. Selection Sequence Statistics Report Interpretations are exported every 30 seconds (30000 milliseconds).
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix"> <psamp xmlns= "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling"> <observation-point> <name>OP at eth0 (ingress)</name> <observation-domain-id>123</observation-domain-id> <interface-ref>eth0</interface-ref> <direction>ingress</direction> <selection-process>Sampled UDP packets</selection-process> <selection-process>ICMP packets</selection-process> </observation-point> <observation-point> <name>OP at eth1</name> <observation-domain-id>123</observation-domain-id> <interface-ref>eth1</interface-ref> <selection-process>Sampled UDP packets</selection-process> <selection-process>ICMP packets</selection-process> </observation-point> <selection-process> <name>Sampled UDP packets</name> <selector> <name>UDP filter</name> <filter-match> <ie-id>4</ie-id> <value>17</value> </filter-match> </selector> <selector> <name>10-out-of-100 sampler</name> <samp-rand-out-of-n> <size>10</size> <population>100</population> </samp-rand-out-of-n> </selector> <cache>PSAMP cache</cache> </selection-process> <selection-process> <name>ICMP packets</name> <selector> <name>ICMP filter</name> <filter-match> <ie-id>4</ie-id> <value>1</value> </filter-match> </selector> <cache>PSAMP cache</cache> </selection-process> <cache> <name>PSAMP cache</name> <immediate-cache> <cache-layout> <cache-field> <name>Field 1: ipHeaderPacketSection</name> <ie-id>313</ie-id> <ie-length>64</ie-length> </cache-field> <cache-field> <name>Field 2: observationTimeMilliseconds</name> <ie-id>322</ie-id> </cache-field> </cache-layout> </immediate-cache> <exporting-process>The only exporter</exporting-process> </cache> </psamp> <exporting-process> <name>The only exporter</name> <enabled>true</enabled> <destination> <name>PR-SCTP collector</name> <sctp-exporter> <destination> <destination-address>192.0.2.1</destination-address> </destination> <rate-limit>1000000</rate-limit> <timed-reliability>500</timed-reliability> <transport-layer-security> <remote-subject-fqdn>coll-1.ex.net</remote-subject-fqdn> </transport-layer-security> </sctp-exporter> </destination> <options> <name>Options 1</name> <options-type>selection-sequence</options-type> <options-timeout>0</options-timeout> </options> <options> <name>Options 2</name> <options-type>selection-statistics</options-type> <options-timeout>30000</options-timeout> </options> </exporting-process> </ipfix>
The configuration example configures a field-layout template to export Ethernet statistics from eth0 and eth1.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix" xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces"> <bulk-data-export xmlns= "urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export"> <template> <name>Ethernet Statistics</name> <enabled>true</enabled> <export-interval>300</export-interval> <observation-domain-id>123</observation-domain-id> <field-layout> <field> <name>in-octets</name> <ie-id>1001</ie-id> <ie-length>4</ie-length> <ie-enterprise-number>664</ie-enterprise-number> </field> <field> <name>out-octets</name> <ie-id>1002</ie-id> <ie-length>4</ie-length> <ie-enterprise-number>664</ie-enterprise-number> </field> </field-layout> <exporting-process>The only one</exporting-process> <resource-instance>/if:interfaces/if:interface[if:name='eth0'] </resource-instance> <resource-instance>/if:interfaces/if:interface[if:name='eth1'] </resource-instance> </template> </bulk-data-export> <exporting-process> <name>The only one</name> <enabled>true</enabled> <destination> <name>Bulk data collector</name> <tcp-exporter> <destination> <destination-address>192.0.2.2</destination-address> </destination> <rate-limit>1000000</rate-limit> <transport-layer-security> <remote-subject-fqdn>coll-2.ex.net</remote-subject-fqdn> </transport-layer-security> </tcp-exporter> </destination> </exporting-process> </ipfix>
The complete tree diagram for ietf-ipfix:
module: ietf-ipfix +--rw ipfix +--rw collecting-process* [name] {collector}? | +--rw name name-type | +--rw tcp-collector* [name] {tcp-transport}? | | +--rw name name-type | | +--rw (local-address-method)? | | | +--:(local-address) | | | +--rw local-address* inet:host | | +--rw local-port? inet:port-number | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* string | | | +--rw local-subject-dn* string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* string | | | +--rw remote-subject-dn* string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session* [name] | | +--ro name name-type | | +--ro ipfix-version? uint16 | | +--ro source-address? inet:host | | +--ro destination-address? inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--rw udp-collector* [name] {udp-transport}? | | +--rw name name-type | | +--rw (local-address-method)? | | | +--:(local-address) | | | +--rw local-address* inet:host | | +--rw local-port? inet:port-number | | +--rw template-life-time? uint32 | | +--rw options-template-life-time? uint32 | | +--rw template-life-packet? uint32 | | +--rw options-template-life-packet? uint32 | | +--rw maximum-reordering-delay? uint32 | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* string | | | +--rw local-subject-dn* string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* string | | | +--rw remote-subject-dn* string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session* [name] | | +--ro name name-type | | +--ro ipfix-version? uint16 | | +--ro source-address? inet:host | | +--ro destination-address? inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--rw sctp-collector* [name] {sctp-transport}? | | +--rw name name-type | | +--rw (local-address-method)? | | | +--:(local-address) | | | +--rw local-address* inet:host | | +--rw local-port? inet:port-number | | +--rw maximum-reordering-delay? uint32 | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* string | | | +--rw local-subject-dn* string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* string | | | +--rw remote-subject-dn* string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session* [name] | | +--ro name name-type | | +--ro sctp-association-id? uint32 | | +--ro ipfix-version? uint16 | | +--ro source-address? inet:host | | +--ro destination-address? inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--rw file-reader* [name] {file-reader}? | | +--rw name name-type | | +--rw file inet:uri | | +--ro file-reader-state | | +--ro bytes? yang:counter64 | | +--ro messages? yang:counter64 | | +--ro records? yang:counter64 | | +--ro templates? yang:counter32 | | +--ro options-templates? yang:counter32 | | +--ro file-reader-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--rw exporting-process* -> /ipfix/exporting-process/name | {exporter}? +--rw exporting-process* [name] {exporter}? +--rw name name-type +--rw enabled? boolean +--rw export-mode? identityref +--rw destination* [name] | +--rw name name-type | +--rw (destination-parameters) | +--:(tcp-exporter) | | +--rw tcp-exporter {tcp-transport}? | | +--rw ipfix-version? uint16 | | +--rw source | | | +--rw (source-method)? | | | +--:(interface-ref) | | | | +--rw interface-ref? if:interface-ref | | | +--:(if-index) {if-mib}? | | | | +--rw if-index? uint32 | | | +--:(if-name) {if-mib}? | | | | +--rw if-name? string | | | +--:(source-address) | | | +--rw source-address? inet:host | | +--rw destination | | | +--rw (destination-method) | | | +--:(destination-address) | | | +--rw destination-address? inet:host | | +--rw destination-port? | | | inet:port-number | | +--rw send-buffer-size? uint32 | | +--rw rate-limit? uint32 | | +--rw connection-timeout? uint32 | | +--rw retry-schedule? uint32 | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* | | | | string | | | +--rw local-subject-dn* | | | | string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* | | | | string | | | +--rw remote-subject-dn* | | | | string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session | | +--ro ipfix-version? | | | uint16 | | +--ro source-address? | | | inet:host | | +--ro destination-address? | | | inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name | | | name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? | | | yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--:(udp-exporter) | | +--rw udp-exporter {udp-transport}? | | +--rw ipfix-version? uint16 | | +--rw source | | | +--rw (source-method)? | | | +--:(interface-ref) | | | | +--rw interface-ref? if:interface-ref | | | +--:(if-index) {if-mib}? | | | | +--rw if-index? uint32 | | | +--:(if-name) {if-mib}? | | | | +--rw if-name? string | | | +--:(source-address) | | | +--rw source-address? inet:host | | +--rw destination | | | +--rw (destination-method) | | | +--:(destination-address) | | | +--rw destination-address? inet:host | | +--rw destination-port? | | | inet:port-number | | +--rw send-buffer-size? uint32 | | +--rw rate-limit? uint32 | | +--rw maximum-packet-size? uint16 | | +--rw template-refresh-timeout? uint32 | | +--rw options-template-refresh-timeout? uint32 | | +--rw template-refresh-packet? uint32 | | +--rw options-template-refresh-packet? uint32 | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* | | | | string | | | +--rw local-subject-dn* | | | | string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* | | | | string | | | +--rw remote-subject-dn* | | | | string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session | | +--ro ipfix-version? | | | uint16 | | +--ro source-address? | | | inet:host | | +--ro destination-address? | | | inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name | | | name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? | | | yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--:(sctp-exporter) | | +--rw sctp-exporter {sctp-transport}? | | +--rw ipfix-version? uint16 | | +--rw source | | | +--rw (source-method)? | | | +--:(interface-ref) | | | | +--rw interface-ref? if:interface-ref | | | +--:(if-index) {if-mib}? | | | | +--rw if-index? uint32 | | | +--:(if-name) {if-mib}? | | | | +--rw if-name? string | | | +--:(source-address) | | | +--rw source-address* inet:host | | +--rw destination | | | +--rw (destination-method) | | | +--:(destination-address) | | | +--rw destination-address* inet:host | | +--rw destination-port? | | | inet:port-number | | +--rw send-buffer-size? uint32 | | +--rw rate-limit? uint32 | | +--rw timed-reliability? uint32 | | +--rw association-timeout? uint32 | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* | | | | string | | | +--rw local-subject-dn* | | | | string | | | +--rw local-subject-fqdn* | | | | inet:domain-name | | | +--rw remote-certification-authority-dn* | | | | string | | | +--rw remote-subject-dn* | | | | string | | | +--rw remote-subject-fqdn* | | | inet:domain-name | | +--ro transport-session | | +--ro sctp-association-id? | | | uint32 | | +--ro ipfix-version? | | | uint16 | | +--ro source-address? | | | inet:host | | +--ro destination-address? | | | inet:host | | +--ro source-port? | | | inet:port-number | | +--ro destination-port? | | | inet:port-number | | +--ro status? | | | transport-session-status | | +--ro rate? | | | yang:gauge32 | | +--ro bytes? | | | yang:counter64 | | +--ro messages? | | | yang:counter64 | | +--ro discarded-messages? | | | yang:counter64 | | +--ro records? | | | yang:counter64 | | +--ro templates? | | | yang:counter32 | | +--ro options-templates? | | | yang:counter32 | | +--ro transport-session-start-time? | | | yang:date-and-time | | +--ro transport-session-discontinuity-time? | | | yang:date-and-time | | +--ro template* [name] | | +--ro name | | | name-type | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? | | | yang:date-and-time | | +--ro template-data-records? | | | yang:counter64 | | +--ro template-discontinuity-time? | | | yang:date-and-time | | +--ro field* [name] | | +--ro name name-type | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--:(file-writer) | +--rw file-writer {file-writer}? | +--rw ipfix-version? uint16 | +--rw file inet:uri | +--ro file-writer-state | +--ro bytes? | | yang:counter64 | +--ro messages? | | yang:counter64 | +--ro discarded-messages? | | yang:counter64 | +--ro records? | | yang:counter64 | +--ro templates? | | yang:counter32 | +--ro options-templates? | | yang:counter32 | +--ro file-writer-discontinuity-time? | | yang:date-and-time | +--ro template* [name] | +--ro name | | name-type | +--ro observation-domain-id? uint32 | +--ro template-id? uint16 | +--ro set-id? uint16 | +--ro access-time? | | yang:date-and-time | +--ro template-data-records? | | yang:counter64 | +--ro template-discontinuity-time? | | yang:date-and-time | +--ro field* [name] | +--ro name name-type | +--ro ie-id? ie-id-type | +--ro ie-length? uint16 | +--ro ie-enterprise-number? uint32 | +--ro is-flow-key? empty | +--ro is-scope? empty +--rw options* [name] | +--rw name name-type | +--rw options-type identityref | +--rw options-timeout? uint32 +--ro exporting-process-id? uint32
The complete tree diagram for ietf-ipfix-packet-sampling:
module: ietf-ipfix-packet-sampling augment /ipfix:ipfix: +--rw psamp +--rw observation-point* [name] | +--rw name ipfix:name-type | +--rw observation-domain-id uint32 | +--rw interface-ref* if:interface-ref | +--rw if-name* if-name-type {if-mib}? | +--rw if-index* uint32 {if-mib}? | +--rw hardware-ref* hardware-ref | +--rw ent-physical-name* string {entity-mib}? | +--rw ent-physical-index* uint32 {entity-mib}? | +--rw direction? direction | +--rw selection-process* | | -> /ipfix:ipfix/psamp/selection-process/name | +--ro observation-point-id? uint32 +--rw selection-process* [name] | +--rw name ipfix:name-type | +--rw selector* [name] | | +--rw name ipfix:name-type | | +--rw (method) | | | +--:(select-all) | | | | +--rw select-all? empty | | | +--:(samp-count-based) | | | | +--rw samp-count-based {psamp-samp-count-based}? | | | | +--rw packet-interval uint32 | | | | +--rw packet-space uint32 | | | +--:(samp-time-based) | | | | +--rw samp-time-based {psamp-samp-time-based}? | | | | +--rw time-interval uint32 | | | | +--rw time-space uint32 | | | +--:(samp-rand-out-of-n) | | | | +--rw samp-rand-out-of-n | | | | {psamp-samp-rand-out-of-n}? | | | | +--rw size uint32 | | | | +--rw population uint32 | | | +--:(samp-uni-prob) | | | | +--rw samp-uni-prob {psamp-samp-uni-prob}? | | | | +--rw probability decimal64 | | | +--:(filter-match) | | | | +--rw filter-match {psamp-filter-match}? | | | | +--rw (information-element) | | | | | +--:(ie-name) | | | | | | +--rw ie-name? | | | | | | ipfix:ie-name-type | | | | | +--:(ie-id) | | | | | +--rw ie-id? ipfix:ie-id-type | | | | +--rw ie-enterprise-number? uint32 | | | | +--rw value string | | | +--:(filter-hash) | | | +--rw filter-hash {psamp-filter-hash}? | | | +--rw hash-function? identityref | | | +--rw initializer-value? uint64 | | | +--rw ip-payload-offset? uint64 | | | +--rw ip-payload-size? uint64 | | | +--rw digest-output? boolean | | | +--rw selected-range* [name] | | | | +--rw name ipfix:name-type | | | | +--rw min? uint64 | | | | +--rw max? uint64 | | | +--ro output-range-min? uint64 | | | +--ro output-range-max? uint64 | | +--ro packets-observed? yang:counter64 | | +--ro packets-dropped? yang:counter64 | | +--ro selector-discontinuity-time? yang:date-and-time | +--rw cache? | | -> /ipfix:ipfix/psamp/cache/name | +--ro selection-sequence* [] | +--ro observation-domain-id? uint32 | +--ro selection-sequence-id? uint64 +--rw cache* [name] +--rw name ipfix:name-type +--rw enabled? boolean +--rw (cache-type) | +--:(immediate-cache) | | +--rw immediate-cache {immediate-cache}? | | +--rw cache-layout | | +--rw cache-field* [name] | | +--rw name | | | ipfix:name-type | | +--rw (information-element) | | | +--:(ie-name) | | | | +--rw ie-name? | | | | ipfix:ie-name-type | | | +--:(ie-id) | | | +--rw ie-id? | | | ipfix:ie-id-type | | +--rw ie-length? uint16 | | +--rw ie-enterprise-number? uint32 | +--:(timeout-cache) | | +--rw timeout-cache {timeout-cache}? | | +--rw max-flows? uint32 | | +--rw active-timeout? uint32 | | +--rw idle-timeout? uint32 | | +--rw cache-layout | | | +--rw cache-field* [name] | | | +--rw name | | | | ipfix:name-type | | | +--rw (information-element) | | | | +--:(ie-name) | | | | | +--rw ie-name? | | | | | ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? | | | | ipfix:ie-id-type | | | +--rw ie-length? uint16 | | | +--rw ie-enterprise-number? uint32 | | | +--rw is-flow-key? empty | | +--ro active-flows? yang:gauge32 | | +--ro unused-cache-entries? yang:gauge32 | +--:(natural-cache) | | +--rw natural-cache {natural-cache}? | | +--rw max-flows? uint32 | | +--rw active-timeout? uint32 | | +--rw idle-timeout? uint32 | | +--rw cache-layout | | | +--rw cache-field* [name] | | | +--rw name | | | | ipfix:name-type | | | +--rw (information-element) | | | | +--:(ie-name) | | | | | +--rw ie-name? | | | | | ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? | | | | ipfix:ie-id-type | | | +--rw ie-length? uint16 | | | +--rw ie-enterprise-number? uint32 | | | +--rw is-flow-key? empty | | +--ro active-flows? yang:gauge32 | | +--ro unused-cache-entries? yang:gauge32 | +--:(permanent-cache) | +--rw permanent-cache {permanent-cache}? | +--rw max-flows? uint32 | +--rw export-interval? uint32 | +--rw cache-layout | | +--rw cache-field* [name] | | +--rw name | | | ipfix:name-type | | +--rw (information-element) | | | +--:(ie-name) | | | | +--rw ie-name? | | | | ipfix:ie-name-type | | | +--:(ie-id) | | | +--rw ie-id? | | | ipfix:ie-id-type | | +--rw ie-length? uint16 | | +--rw ie-enterprise-number? uint32 | | +--rw is-flow-key? empty | +--ro active-flows? yang:gauge32 | +--ro unused-cache-entries? yang:gauge32 +--rw exporting-process* | -> /ipfix:ipfix/exporting-process/name | {ipfix:exporter}? +--ro metering-process-id? uint32 +--ro data-records? yang:counter64 +--ro cache-discontinuity-time? yang:date-and-time
The complete tree diagram for ietf-ipfix-bulk-data-export:
module: ietf-ipfix-bulk-data-export augment /ipfix:ipfix: +--rw bulk-data-export +--rw template* [name] +--rw name ipfix:name-type +--rw enabled? boolean +--rw export-interval? uint32 +--rw observation-domain-id? uint32 +--rw field-layout | +--rw field* [name] | +--rw name ipfix:name-type | +--rw (identifier) | | +--:(ie-name) | | | +--rw ie-name? ipfix:ie-name-type | | +--:(ie-id) | | +--rw ie-id? ipfix:ie-id-type | +--rw ie-length? uint16 | +--rw ie-enterprise-number? uint32 +--rw exporting-process* | -> /ipfix:ipfix/exporting-process/name | {ipfix:exporter}? +--rw (resource-identifier)? | +--:(resource-instance) | +--rw resource-instance* resource +--ro data-records? yang:counter64 +--ro discontinuity-time? yang:date-and-time