| Network Working Group | J. Boyd |
| Internet-Draft | ADTRAN |
| Obsoletes: 6728 (if approved) | M. Seda |
| Intended status: Standards Track | Calix |
| Expires: September 10, 2020 | March 9, 2020 |
YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export
draft-boydseda-ipfix-psamp-bulk-data-yang-model-03
This document defines a flexible, modular YANG model for packet sampling (PSAMP) and bulk data collection and export via the IPFIX protocol. This new model replaces the model defined in RFC 6728, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols". All functionality modeled in RFC 6728 has been carried over to this new model.
The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in RFC 8342.
This document obsoletes RFC 6728 (if approved).
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2020.
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Bulk data collection is an automated collection of device data that is packaged together and delivered to an IPFIX collector. The IPFIX protocol may be used to transport bulk data such as:
IPFIX can also be used to meet the bulk transport requirements of other protocols. For example:
The YANG data models in this document conform to the Network Management Datastore Architecture (NMDA) defined in [RFC8342].
Below is a historical timeline of IETF IPFIX and YANG RFCs:
[RFC6728] defines a single YANG module for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) protocols. The PSAMP collecting process and the IPFIX exporting process are tightly coupled in this module. Moreover, the exporting process requires a device to support SCTP. This coupling and transport requirement makes it difficult for a device, which does not support SCTP, to use the model for collecting and exporting non-PSAMP bulk data.
Rather than this approach, a new YANG model has been developed where functionality is separated into different modules such that the functions can be independently leveraged.
These are some of the other issues with the current model:
This RFC adheres to all principles defined in [RFC6728], however, in order to address the issues identified in the previous section, the YANG model has changed as follows:
Applications that use this RFC are expected to only need to import the applicable YANG modules. For example:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The following terms are used in this RFC:
Tree diagrams used in this document follow the notation defined in [RFC8340].
This document defines a YANG data model for the configuration and state retrieval of basic IPFIX functionality as well as PSAMP and bulk data export applications over IPFIX. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA) [RFC8342] and [RFC8407] YANG guidelines.
The reference model described in this RFC describes the following models:
Figure 1 illustrates the PSAMP metered UML model for a PSAMP/IPFIX monitoring device. The metering process is contained in the ietf-ipfix-packet-sampling module. The metering process comprises a selection-process and cache that refers to an exporting-process. Further explanations about the relationship between selection-process and cache are given in Section 3.1.1. Section 4.4 describes the exporting-process configuration.
+--------------------------------------------------------------+
| +--------------------+ Metering Process |
| | Module: ietf-ipfix | |
| | -packet-sampling| |
| |--------------------|<------------------------+ |
| | |<--------+ 1 | |
| +--------------------+ | +-------------+-----------+ |
| ^ | | list: selection-process | |
| | | |-------------------------| |
| 1 | | | | |
| +--------+-------------+ | +-----------------+-------+ |
| | list: observation-pt | | ^ | |
| |----------------------| selection-process-ref | | |
| | +-------|---------------+ | |
| +----------------------+ | 0..* | |
| 1 | | |
| +-------+-------+ | |
| | list: cache | | |
| |---------------| 0..1 | |
| | |<----------+ |
| +---------------+ cache-ref |
+--------------------------------+-----------------------------+
+--------------------+ |
| Module: ietf-ipfix | |
|--------------------| |
| | |
+--------------------+ |
^ | exporting-process-ref
| |
1 | |
+---------+---------------+ |
| list: exporting-process | |
|-------------------------| |
| |<----+
+-------------------------+ 0..*
Figure 1: PSAMP-IPFIX metered model
PSAMP/IPFIX monitoring device implementations usually maintain the separation of various functional blocks, although they do not necessarily implement all of them. The configuration data model enables the setting of commonly available configuration parameters for selection-processes and caches, and supports optional configuration for features like the [RFC2863] IF-MIB and [RFC6933] ENTITY-MIB.
In a monitoring device implementation, the functionality of the metering process is split into the selection process and cache. Figure 2 shows a metering process example. The selection-process takes an observed packet stream as its input and selects a subset of that stream as its output (selected packet stream). The action of the selection-process on a single packet of its input is defined by one selector (called a primitive selector) or an ordered composition of multiple selectors (called a composite selector). The cache generates flow records or packet reports from the selected packet stream, depending on its configuration.
+------------------------------------+
| Metering Process |
| +------------+ Selected |
Observed | | selection- | Packet +-------+ | Stream of
Packet -->| process |---------->| cache |--> Flow Records or
Stream | +------------+ Stream +-------+ | Packet Reports
+------------------------------------+
Figure 2: Selection Process and Cache forming a Metering Process
A metering process must always have a selection-process. It is possible to select all packets in the observed packet stream, and pass them to the cache unfiltered by configuring the selector-method to "select-all".
A metering process can be configured to support multiple selection processes that receive packets from multiple observation points within the same observation domain. In this case, the observed packet streams of the observation points are processed in independent selection sequences. As specified in [RFC5476], a distinct set of selector instances needs to be maintained per selection sequence in order to keep the selection states and statistics separate.
With the configuration data model, it is possible to configure a metering process with multiple selection processes whose output is processed by a single cache. This is illustrated in Figure 3.
+--------------------------------------+
| Metering Process |
| +------------+ Selected |
Observed | | selection- | Packet |
Packet -->| process |----------+ +-------+ |
Stream | +------------+ Stream +->| | | Stream of
| ... | cache |--> Flow Records or
| +------------+ Selected +->| | | Packet Reports
Observed | | selection- | Packet | +-------+ |
Packet -->| process |----------+ |
Stream | +------------+ Stream |
+--------------------------------------+
Figure 3: Metering Process with multiple Selection Processes
The observed packet streams at the input of a metering process may originate from observation points belonging to different observation domains. By definition of the observation domain (see [RFC7011]), a cache must not aggregate packets observed at different observation domains in the same flow. Hence, if the cache is configured to generate flow records, it needs to distinguish packets according to their observation domains.
Figure 4 below shows the main classes of the configuration data model that are involved in the configuration of an IPFIX or PSAMP Exporter. The role of the classes can be briefly summarized as follows:
+-------------------+
| observation-point |
+---------+---------+
0..* |
|
0..* v
+-------------------+
| selection-process |
+---------+---------+
0..* |
|
0..1 v
+-------------------+
| cache |
+---------+---------+
0..* |
|
0..* v
+-------------------+
| exporting-process |
+-------------------+
Figure 4: Class diagram of Exporter configuration
+--------------------+
| Module: ietf-ipfix |
|--------------------|<------------------+
| | 1 |
+--------------------+ +-------------+------------+
^ | list: collecting-process |
| |--------------------------|
| +-------------+------------+
| |
1 | |
+---------+---------------+ |
| list: exporting-process | |
|-------------------------| 0..* |
| |<-------------+
+-------------------------+ exporting-process-ref
Figure 5: Collector/Exporter Model
Figure 5 shows the main classes of the configuration data model that are involved in the configuration of a collector. An instance of the CollectingProcess class specifies the local IP addresses, transport protocols, and port numbers of a collecting-process.
A collecting-process MAY be configured as a File Reader according to [RFC5655].
A CollectingProcess class instance may refer to one or more exporting-process instances configuring exporting processes that re-export the received data. As an example, an exporting process can be configured as a file-writer in order to save the received IPFIX messages in a file.
+------------------------------------+
| module:ietf-ipfix-bulk-data-export |
|------------------------------------|
+------------------------------------+
^
|
1 |
+------------+------------+ +---------------+
| list:bulk-data-template | | list:resource |
|-------------------------|------------->+---------------|
+------------+------------+ 0..* +---------------+
|
0..* | exporting-process-ref
v
+-------------------------+
| list:exporting-process |
|-------------------------|
+-------------------------+
Figure 6: Bulk Data Exporter Model
Figure 6 shows the main classes of the configuration model that are involved in bulk data export. A device that has a resource instance capable of reporting bulk data through IPFIX does not need an IPFIX meter to be created. Instead a bulk-data template is created and applied to that resource instance.
The ExportingProcess class contains configuration and state parameters of an exporting-process. It includes various transport-protocol-specific parameters and the export destinations. The bulk-data-template may refer to multiple instances of the ExportingProcess class.
This section specifies the configuration and state parameters of the configuration data model separately for each class.
Figure 7 shows the observation-point attributes of an IPFIX monitoring device. As defined in [RFC7011], an observation point can be any location where packets are observed. A IPFIX monitoring device potentially has more than one such location. An instance of observation-point defines which location is associated with a specific observation point. For this purpose, interfaces (ietf-interfaces module [RFC8343]) and hardware components (ietf-hardware module [RFC8348]) are identified using their names.
By its definition in [RFC7011], an observation point may be associated with a set of interfaces. Therefore, the configuration data model allows configuring multiple interfaces and hardware components for a single observation point. The observation-point-id (i.e., the value of the information element observationPointId [IANA-IPFIX]) is assigned by the monitoring device.
+--rw observation-point* [name]
+--rw name ietf-ipfix:name-type
+--rw observation-domain-id uint32
+--rw interface-ref* if:interface-ref
+--rw if-name* if-name-type {if-mib}?
+--rw if-index* uint32 {if-mib}?
+--rw hardware-ref* hardware-ref
+--rw ent-physical-name* string {entity-mib}?
+--rw ent-physical-index* uint32 {entity-mib}?
+--rw direction? direction
+--ro observation-point-id? uint32
+--rw selection-process*
-> /ietf-ipfix:ipfix/psamp/selection-process/name
Figure 7: Observation Point Attributes
The configuration parameters of the observation point are:
Figure 8 shows the selection-process attributes. The selection-process class contains the configuration and state parameters of a selection process that selects packets from one or more observed packet streams and generates a selected packet stream as its output. A non-empty ordered list defines a sequence of selectors. The actions defined by the selectors are applied to the stream of incoming packets in the specified order.
If the selection process receives packets from multiple observation points, the observed packet streams need to be processed independently in separate selection sequences. Each selection sequence is identified by a selection sequence id that is unique within the observation domain the observation point belongs to (see [RFC5477]). Selection sequence ids are assigned by the monitoring device.
As state parameters, the selection-process class contains a list of (observation-domain-id, selection-sequence-id) tuples specifying the assigned selection sequence ids and corresponding observation domain ids. With this information, it is possible to associate selection sequence (statistics) report interpretations exported according to the PSAMP protocol specification [RFC5476] with the corresponding selection-process instance.
A selection-process instance may include a reference to a cache class instance to generate packet reports or flow records from the selected packet stream.
+--rw selection-process* [name]
+--rw name ietf-ipfix:name-type
+--rw selector* [name]
| +--rw name
| | ietf-ipfix:name-type
| +--rw (method)
| | +--:(select-all)
| | | +--rw select-all? empty
| | +--:(samp-count-based)
| | | ...
| | +--:(samp-time-based)
| | | ...
| | +--:(samp-rand-out-of-n)
| | | ...
| | +--:(samp-uni-prob)
| | | ...
| | +--:(filter-match)
| | | ...
| | +--:(filter-hash)
| | | ...
| +--ro packets-observed? yang:counter64
| +--ro packets-dropped? yang:counter64
| +--ro selector-discontinuity-time? yang:date-and-time
+--rw cache?
| -> /ietf-ipfix:ipfix/psamp/cache/name
+--ro selection-sequence* []
+--ro observation-domain-id? uint32
+--ro selection-sequence-id? uint64
Figure 8: Selection Process Attributes
Standardized PSAMP sampling and filtering methods are described in [RFC5475]; their configuration parameters are specified in the classes samp-count-based, samp-time-based, samp-rand-out-of-n, samp-uni-prob, filter-match, and filter-hash. In addition, the select-all class, which has no parameters, is used for a selector that selects all packets. The selector class includes exactly one of these sampler and filter classes, depending on the applied method.
+--rw selection-process* [name]
+--rw name ietf-ipfix:name-type
+--rw selector* [name]
| +--rw name
| | ietf-ipfix:name-type
| | ...
| +--ro packets-observed? yang:counter64
| +--ro packets-dropped? yang:counter64
| +--ro selector-discontinuity-time? yang:date-and-time
Figure 9: Selector Class Attributes
The selector class, shown in Figure 9 contains the selector statistics packets-observed and packets-dropped as well as selector-discontinuity-time, which correspond to the IPFIX MIB module objects ipfixSelectionProcessStatsPacketsObserved, ipfixSelectionProcessStatsPacketsDropped, and ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]:
Note that packets-observed and packets-dropped are aggregate statistics calculated over all selection sequences of the selection process. This is in contrast to the counter values in the selection sequence statistics report interpretation [RFC5476], which are related to a single selection sequence only.
| | +--:(samp-count-based)
| | | +--rw samp-count-based {psamp-samp-count-based}?
| | | +--rw packet-interval uint32
| | | +--rw packet-space uint32
| | +--:(samp-time-based)
| | | +--rw samp-time-based {psamp-samp-time-based}?
| | | +--rw time-interval uint32
| | | +--rw time-space uint32
| | +--:(samp-rand-out-of-n)
| | | +--rw samp-rand-out-of-n
| | | {psamp-samp-rand-out-of-n}?
| | | +--rw size uint32
| | | +--rw population uint32
| | +--:(samp-uni-prob)
| | | +--rw samp-uni-prob {psamp-samp-uni-prob}?
| | | +--rw probability decimal64
Figure 10: Sampler Method Attributes
Figure 10 shows the following sampler methods:
samp-count-based (Systematic Count-based Sampling): The following attributes are configurable:
Samp-Time-Based (Systematic Time-based Sampling): The following attributes are configurable:
Samp-Rand-Out-of-N: The following attributes are configurable:
samp-uni-prob: The following attributes are configurable:
| | +--:(filter-match)
| | | +--rw filter-match {psamp-filter-match}?
| | | +--rw (information-element)
| | | | +--:(ie-name)
| | | | | +--rw ie-name?
| | | | | ietf-ipfix:ie-name-type
| | | | +--:(ie-id)
| | | | +--rw ie-id?
| | | | ietf-ipfix:ie-id-type
| | | +--rw ie-enterprise-number? uint32
| | | +--rw value string
| | +--:(filter-hash)
| | +--rw filter-hash {psamp-filter-hash}?
| | +--rw hash-function? identityref
| | +--rw initializer-value? uint64
| | +--rw ip-payload-offset? uint64
| | +--rw ip-payload-size? uint64
| | +--rw digest-output? boolean
| | +--rw selected-range* [name]
| | | +--rw name ietf-ipfix:name-type
| | | +--rw min? uint64
| | | +--rw max? uint64
| | +--ro output-range-min? uint64
| | +--ro output-range-max? uint64
Figure 11: Filter Method Attributes
Figure 11 shows the following filter methods:
Property-Match Filtering: The following attributes are configurable:
For hash-based filtering, the configuration and state attributes are:
One or more ranges of matching hash values are defined by the min and max parameters of the selected-range subclass. These parameters correspond to the Information Elements hashSelectedRangeMin and hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax [RFC6727].
Figure 12 shows the cache class that contains the configuration and state parameters of a cache. Most of these parameters are specific to the type of the cache and therefore contained in the subclasses immediate-cache, timeout-cache, natural-cache, and permanent-cache, which are presented below in Section 4.3.1 and Section 4.3.2.
+--rw cache* [name]
+--rw name ietf-ipfix:name-type
+--rw enabled boolean
+--ro metering-process-id? uint32
+--ro data-records? yang:counter64
+--ro cache-discontinuity-time? yang:date-and-time
+--rw (cache-type)
| +--:(immediate-cache)
| | ...
| +--:(timeout-cache)
| | ...
| +--:(natural-cache)
| | ...
| +--:(permanent-cache)
| | ...
+--rw exporting-process*
-> /ietf-ipfix:ipfix/exporting-process/name
{ietf-ipfix:exporter}?
Figure 12: Cache Attributes
The following configuration and state parameters are common to all caches and therefore included in the cache class itself:
A cache object may refer to one or more exporting-process instances.
The immediate-cache type class depicted in Figure 13 is used to configure a cache that generates a PSAMP Packet Report for each packet at its input. The fields contained in the generated data records are defined in an object of the cache-layout, which is defined below in Section 4.3.3.
+--rw (cache-type)
| +--:(immediate-cache)
| | +--rw immediate-cache {immediate-cache}?
| | +--rw cache-layout
| | +--rw cache-field* [name]
| | +--rw name
| | | ietf-ipfix:name-type
| | +--rw (information-element)
| | | +--:(ie-name)
| | | | +--rw ie-name?
| | | | ietf-ipfix:ie-name-type
| | | +--:(ie-id)
| | | +--rw ie-id?
| | | ietf-ipfix:ie-id-type
| | +--rw ie-length? uint16
| | +--rw ie-enterprise-number? uint32
| | +--rw is-flow-key? empty
Figure 13: Immediate Cache Attributes
Figure 14 shows the timeout-cache, natural-cache, and permanent-cache type classes. These classes are used to configure a cache that aggregates the packets at its input and generates IPFIX flow records.
+--rw (cache-type)
| +--:(timeout-cache)
| | +--rw timeout-cache {timeout-cache}?
| | +--rw max-flows? uint32
| | +--rw active-timeout? uint32
| | +--rw idle-timeout? uint32
| | +--rw export-interval? uint32
| | +--rw cache-layout
| | | ...
| | +--ro active-flows? yang:gauge32
| | +--ro unused-cache-entries? yang:gauge32
| +--:(natural-cache)
| | +--rw natural-cache {natural-cache}?
| | { same as timeout-cache }
| +--:(permanent-cache)
| +--rw permanent-cache {permanent-cache}?
| { same as timeout-cache }
Figure 14: Timeout, Natural and Permanent Cache Attributes
The three classes differ in when flows expire:
The following configuration and state parameters are common to the three classes:
The following timeout parameters are only available in the timeout-cache and the natural-cache cache-types:
The following interval parameter is only available in the permanent-cache class:
Every generated flow record must be associated with a single observation domain. Hence, although a cache may be configured to process packets observed at multiple observation domains, the cache must not aggregate packets observed at different observation domains in the same flow.
An object of the cache class contains an object of the cache-layout class that defines which fields are included in the flow records.
A cache generates and maintains packet reports or flow records containing information that has been extracted from the incoming stream of packets. Using the cache-field class, the cache-layout class specifies the superset of fields that are included in the packet reports or flow records (see Figure 15).
If packet reports are generated (i.e., if immediate-cache class is used to configure the cache), every field specified by the cache-layout must be included in the resulting packet report unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other field specified by the cache layout may only be included in the packet report if it is obvious from the field value itself or from the values of other fields in same packet report that the field value was not determined from the packet.
For example, if a field is configured to contain the TCP source port (information element tcpSourcePort [IANA-IPFIX]), the field must be included in all packet reports that are related to TCP packets. Although the field value cannot be determined for non-TCP packets, the field may be included in the packet reports if another field contains the transport protocol identifier (information element protocolIdentifier [IANA-IPFIX]).
If flow records are generated (i.e., if timeout-cache, natural-cache, or permanent-cache class is used to configure the cache), the cache layout differentiates between flow key fields and non-key fields. Every flow key field specified by the cache layout must be included as flow key in the resulting flow record unless the corresponding information element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other flow key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other flow key fields in the same flow record that the field value was not determined from the packet. Two packets are accounted by the same flow record if none of their flow key fields differ. If a flow key field can be determined for one packet but not for the other, the two packets are accounted in different flow records.
Every non-key field specified by the cache layout must be included in the resulting flow record unless the corresponding information element is not applicable or cannot be derived for the given flow. Any other non-key field specified by the cache layout may only be included in the flow record if it is obvious from the field value itself or from the values of other fields in same flow record that the field value was not determined from the packet. Packets which are accounted by the same flow record may differ in their non-key fields, or one or more of the non-key fields can be undetermined for all or some of the packets.
For example, if a non-key field specifies an information element whose value is determined by the first packet observed within a flow (which is the default rule according to [RFC7012] unless specified differently in the description of the information element), this field must be included in the resulting flow record if it can be determined from the first packet of the flow.
| | +--rw cache-layout
| | | +--rw cache-field* [name]
| | | +--rw name
| | | | ietf-ipfix:name-type
| | | +--rw (information-element)
| | | | +--:(ie-name)
| | | | | +--rw ie-name?
| | | | | ietf-ipfix:ie-name-type
| | | | +--:(ie-id)
| | | | +--rw ie-id?
| | | | ietf-ipfix:ie-id-type
| | | +--rw ie-length? uint16
| | | +--rw ie-enterprise-number? uint32
| | | +--rw is-flow-key? empty
Figure 15: Cache Field Attributes
The cache-layout class does not have any parameters. The configuration parameters of the cache-field class (see Figure 15) are as follows:
Note that the use of information elements can be restricted to certain cache types as well as to flow key or non-key fields. Such restrictions may result from information element definitions or from device-specific constraints. According to Section 5, the monitoring device must notify the user if a cache field cannot be configured with the given information element.
The ExportingProcess class in Figure 16) specifies destinations to which the incoming packet reports and flow records are exported using objects of the destination class. The destination class includes a choice of type of exporter (sctp-exporter, udp-exporter, tcp-exporter, or file-writer) which contains further configuration parameters. Those exporter type classes are described in Section 4.4.1, Section 4.4.2, Section 4.4.3, and Section 4.4.4.
The ExportingProcess class contains the identifier of the exporting process (exporting-process-id). This parameter corresponds to the information element exportingProcessId [IANA-IPFIX]. Its occurrence helps to associate exporting process reliability statistics exported according to the IPFIX protocol specification [RFC7011] with the corresponding object of the ExportingProcess class.
The order in which destination instances appear has a specific meaning only if the export-mode parameter is set to "fallback".
+--rw exporting-process* [name] {exporter}?
+--rw name name-type
+--rw enabled? boolean
+--rw export-mode? identityref
+--rw destination* [name]
| +--rw name name-type
| +--rw (destination-parameters)
| +--:(tcp-exporter)
| ...
| +--:(udp-exporter)
| ...
| +--:(sctp-exporter)
| ...
| +--:(file-writer)
| ...
+--rw options* [name]
| +--rw name name-type
| +--rw options-type identityref
| +--rw options-timeout? uint32
+--ro exporting-process-id? uint32
Figure 16: Exporting Process Class
The Exporting Process parameters are defined as follows:
If export-mode is set to "fallback", the first destination instance defines the primary destination, the second destination instance defines the secondary destination, and so on. If the exporting process fails to export data records to the primary destination, it tries to export them to the secondary one. If the secondary destination fails as well, it continues with the tertiary, etc. "parallel" is the default value if exportmode is not configured.
Note that the export-mode parameter is related to the ipfixExportMemberType object in [RFC6615]. If export-mode is "parallel", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to parallel(3). If export-mode is "load-balancing", the ipfixExportMemberType values of the corresponding entries in IpfixExportTable are set to loadBalancing(4). If exportmode is "fallback", the ipfixExportMemberType value that refers to the primary destination is set to primary(1); the ipfixExportMemberType values that refer to the remaining destinations need to be set to secondary(2). The IPFIX mib module does not define any value for tertiary destination, etc.
The reporting of information with options templates is defined with objects of the Options class.
The exporting process may modify the packet reports and flow records to enable a more efficient transmission or storage under the condition that no information is changed or suppressed. For example, the exporting process may shorten the length of a field according to the rules of reduced size encoding [RFC7011]. The exporting process may also export certain fields in a separate data record as described in [RFC5476].
The SctpExporter class shown in Figure 17 contains the configuration parameters of an SCTP export destination.
+--:(sctp-exporter)
+--rw sctp-exporter {sctp-transport}?
+--rw ipfix-version? uint16
+--rw destination-port?
| inet:port-number
+--rw send-buffer-size? uint32
+--rw rate-limit? uint32
+--rw transport-layer-security!
| ...
+--rw source
| +--rw (source-method)?
| +--:(source-address)
| | +--rw source-address? inet:host
| +--:(interface-ref)
| | +--rw interface-ref? if:interface-ref
| +--:(if-index) {if-mib}?
| | +--rw if-index? uint32
| +--:(if-name) {if-mib}?
| +--rw if-name? string
+--rw destination
| +--rw (destination-method)
| +--:(destination-address)
| +--rw destination-address? inet:host
+--rw timed-reliability? uint32
+--ro transport-session
...
Figure 17: SCTP Exporter Class
The configuration parameters are:
Using the TransportLayerSecurity class described in Section 4.6, Datagram Transport Layer Security (DTLS) is enabled and configured for this export destination.
The TransportSession class is discussed in Section 4.7.
The UdpExporter class shown in Figure 18 contains the configuration parameters of a UDP export destination. The parameters ipfix-version, destination-port, if-name, if-index, send-buffer-size, and rate-limit have the same meaning as in the SctpExporter class (see Section 4.4.1).
+--:(udp-exporter)
+--rw udp-exporter {udp-transport}?
+--rw ipfix-version? uint16
+--rw destination-port?
| inet:port-number
+--rw send-buffer-size? uint32
+--rw rate-limit? uint32
+--rw transport-layer-security!
| ...
+--rw source
| +--rw (source-method)?
| +--:(source-address)
| | +--rw source-address? inet:host
| +--:(interface-ref)
| | +--rw interface-ref? if:interface-ref
| +--:(if-index) {if-mib}?
| | +--rw if-index? uint32
| +--:(if-name) {if-mib}?
| +--rw if-name? string
+--rw destination
| +--rw (destination-method)
| +--:(destination-address)
| +--rw destination-address? inet:host
+--rw maximum-packet-size? uint16
+--rw template-refresh-timeout? uint32
+--rw options-template-refresh-timeout? uint32
+--rw template-refresh-packet? uint32
+--rw options-template-refresh-packet? uint32
+--ro transport-session
....
Figure 18: UDP Exporter Class
The remaining configuration parameters are:
Note that the values configured for template-refresh-timeout and options-template-refresh-timeout must be adapted to the template-lifetime and options-template-lifetime parameter settings at the receiving collecting process (see Section 4.5.2).
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this export destination. The TransportSession class is specified in Section 4.7.
The TcpExporter class shown in Figure 19 contains the configuration parameters of a TCP export destination. The parameters have the same meaning as in the UdpExporter class (see Section 4.4.2).
Using the TransportLayerSecurity class described in Section 4.6, Transport Layer Security (TLS) is enabled and configured for this export destination.
The TransportSession class is specified in Section 4.7.
+--:(tcp-exporter)
+--rw tcp-exporter {tcp-transport}?
+--rw ipfix-version? uint16
+--rw destination-port?
| inet:port-number
+--rw send-buffer-size? uint32
+--rw rate-limit? uint32
+--rw transport-layer-security!
| ...
+--rw source
| +--rw (source-method)?
| +--:(source-address)
| | +--rw source-address? inet:host
| +--:(interface-ref)
| | +--rw interface-ref? if:interface-ref
| +--:(if-index) {if-mib}?
| | +--rw if-index? uint32
| +--:(if-name) {if-mib}?
| +--rw if-name? string
+--rw destination
| +--rw (destination-method)
| +--:(destination-address)
| +--rw destination-address? inet:host
+--ro transport-session
Figure 19: TCP Exporter Class
If file-writer instance is included in an object of the destination class, IPFIX messages are written into a file as specified in [RFC5655].
+--:(file-writer)
+--rw file-writer {file-writer}?
+--rw ipfix-version? uint16
+--rw file inet:uri
+--ro file-writer-state
+--ro bytes?
| yang:counter64
+--ro messages?
| yang:counter64
+--ro discarded-messages?
| yang:counter64
+--ro records?
| yang:counter64
+--ro templates?
| yang:counter32
+--ro options-templates?
| yang:counter32
+--ro file-writer-discontinuity-time?
| yang:date-and-time
+--ro template* []
+--ro observation-domain-id? uint32
+--ro template-id? uint16
+--ro set-id? uint16
+--ro access-time?
| yang:date-and-time
+--ro template-data-records?
| yang:counter64
+--ro template-discontinuity-time?
| yang:date-and-time
+--ro field* []
+--ro ie-id? ie-id-type
+--ro ie-length? uint16
+--ro ie-enterprise-number? uint32
+--ro is-flow-key? empty
+--ro is-scope? empty
Figure 20: File Writer Class
The FileWriter class contains the following configuration parameters:
The state parameters of the FileWriter class are:
Each FileWriter class instance includes statistics about the templates written to the file. The Template class is specified in Section 4.8.
The Options class in Figure 21 defines the type of specific information to be reported, such as statistics, flow keys, sampling and filtering parameters, etc. [RFC7011] and [RFC5476] specify several types of reporting information that may be exported.
+--rw options* [name]
+--rw name name-type
+--rw options-type identityref
+--rw options-timeout? uint32
Figure 21: Options Class
The following parameter values are specified by the configuration data model:
The exporting process must choose a template definition according to the options type and available options data. The options-timeout parameter specifies the reporting interval (in milliseconds) for periodic export of the option data. A parameter value of zero means that the export of the option data is not triggered periodically, but whenever the available option data has changed. this is the typical setting for options types flow-keys, selection-sequence, accuracy, and reducing-redundancy. If options-timeout is not configured by the user, it is set by the monitoring device.
Figure 22 shows the CollectingProcess class that contains the configuration and state parameters of a collecting process. The sctp-collector, udp-collector, and TcpCollector classes specify how IPFIX messages are received from remote exporters. The collecting process can also be configured as a file reader using the FileReader class. These classes are described in Section 4.5.1, Section 4.5.2, Section 4.5.3, and Section 4.5.4.
A collecting-process instance may refer to one or more exporting-process instances configuring exporting processes that export the received data without modifications to a file or to another remote collector.
+--rw collecting-process* [name] {collector}?
+--rw name name-type
+--rw tcp-collector* [name] {tcp-transport}?
...
+--rw udp-collector* [name] {udp-transport}?
...
+--rw sctp-collector* [name] {sctp-transport}?
...
+--rw file-reader* [name] {file-reader}?
...
+--rw exporting-process* -> /ipfix/exporting-process/name
{exporter}?
Figure 22: Collecting Process Class
The SctpCollector class contains the configuration parameters of a listening SCTP socket at a collecting process.
+--rw sctp-collector* [name] {sctp-transport}?
+--rw name name-type
+--rw local-port? inet:port-number
| +--rw transport-layer-security!
| | ...
+--rw (local-address-method)?
| +--:(local-address)
| +--rw local-address* inet:host
+--ro transport-session* [name]
...
Figure 23: SCTP Collector Class
The parameters are:
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
The UdpCollector class shown in Figure 24 contains the configuration parameters of a listening UDP socket at a collecting process. The parameter local-port has the same meaning as in the SctpCollector class (see Section 4.5.1).
+--rw udp-collector* [name] {udp-transport}?
+--rw name name-type
+--rw local-port? inet:port-number
+--rw transport-layer-security!
| ...
+--rw (local-address-method)?
| +--:(local-address)
| +--rw local-address* inet:host
+--rw template-life-time? uint32
+--rw options-template-life-time? uint32
+--rw template-life-packet? uint32
+--rw options-template-life-packet? uint32
+--ro transport-session* [name]
...
Figure 24: UDP Collector Class
The remaining parameters are:
Using the TransportLayerSecurity class described in Section 4.6, DTLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
The TcpCollector class contains the configuration parameters of a listening TCP socket at a collecting process. The parameters have the same meaning as in the UdpCollector class (Section 4.5.2).
Using the TransportLayerSecurity class described in Section 4.6, TLS is enabled and configured for this receiving socket.
The TransportSession class is specified in Section 4.7.
+--rw tcp-collector* [name] {tcp-transport}?
+--rw name name-type
+--rw local-port? inet:port-number
+--rw transport-layer-security!
| ...
+--rw (local-address-method)?
| +--:(local-address)
| +--rw local-address* inet:host
+--ro transport-session* [name]
...
Figure 25: TCP Collector Class
Figure 26 shows the FileReader class via which the collecting process may import IPFIX messages from a file as specified in [RFC5655].
+--rw file-reader* [name] {file-reader}?
+--rw name name-type
+--rw file inet:uri
+--ro file-reader-state
+--ro bytes? yang:counter64
+--ro messages? yang:counter64
+--ro records? yang:counter64
+--ro templates? yang:counter32
+--ro options-templates? yang:counter32
+--ro file-reader-discontinuity-time?
| yang:date-and-time
+--ro template* []
...
Figure 26: File Reader Class
The FileReader class defines the following configuration parameter:
The state parameters of the FileReader class are:
The FileReader class includes information about the Template class and statistics. The Template class is specified in Section 4.8.
Figure 27 shows the TransportLayerSecurity class which is used in the exporting process's sctp-exporter, udp-exporter, and TcpExporter classes, and the collecting process's SctpCollector, UdpCollector, and TcpCollector classes to enable and configure TLS/DTLS for IPFIX. If TLS/DTLS is enabled, the endpoint must use DTLS [RFC6347] if the transport protocol is SCTP or UDP and TLS [RFC8446] if the transport protocol is TCP.
[RFC7011] mandates strong mutual authentication of exporting processes and collecting process as follows. IPFIX exporting processes and IPFIX collecting processes are identified by the fully qualified domain name (FQDN) of the interface on which IPFIX messages are sent or received, for purposes of X.509 client and server certificates as in [RFC5280]. To prevent man-in-the-middle attacks from impostor exporting or collecting processes, the acceptance of data from an unauthorized exporting process, or the export of data to an unauthorized collecting process, strong mutual authentication via asymmetric keys must be used for both TLS and DTLS. Each of the IPFIX exporting and collecting processes must verify the identity of its peer against its authorized certificates, and must verify that the peer's certificate matches its fully qualified domain name, or, in the case of SCTP, the fully qualified domain name of one of its endpoints.
The fully qualified domain name used to identify an IPFIX collecting process or exporting process may be stored either in a subjectaltname extension of type dnsname, or in the most specific common name field of the subject field of the x.509 certificate. If both are present, the subjectaltname extension is given preference.
In order to use TLS/DTLS, appropriate certificates and keys have to be previously installed on the monitoring devices. For security reasons, the configuration data model does not offer the possibility to upload any certificates or keys on a monitoring device. If TLS/DTLS is enabled on a monitoring device that does not dispose of appropriate certificates and keys, the configuration must be rejected with an error.
The configuration data model allows restricting the authorization of remote endpoints to certificates issued by specific certification authorities or identifying specific fqdns for authorization. Furthermore, the configuration data model allows restricting the utilization of certificates identifying the local endpoint. This is useful if the monitoring device disposes of more than one certificate for the given local endpoint.
+--rw transport-layer-security!
+--rw local-certification-authority-dn* string
+--rw local-subject-dn* string
+--rw local-subject-fqdn* inet:domain-name
+--rw remote-certification-authority-dn* string
+--rw remote-subject-dn* string
+--rw remote-subject-fqdn* inet:domain-name
Figure 27: Transport Layer Security Class
The configuration parameters are defined as follows:
The TransportSession class contains state data about transport sessions originating from an exporting process or terminating at a collecting process. If SCTP is the transport protocol, the exporter or collector may be multihomed SCTP endpoints (see [RFC4960], Section 6.4), in which case more than one IP address will be used.
The following attributes are supported:
The TransportSession class includes Template class information and statistics about the templates transmitted or received on the given transport session. The Template class is specified in Section 4.8.
+--ro transport-session* [name]
+--ro name name-type
+--ro ipfix-version? uint16
+--ro source-address? inet:host
+--ro destination-address? inet:host
+--ro source-port?
| inet:port-number
+--ro destination-port?
| inet:port-number
+--ro status?
| transport-session-status
+--ro rate?
| yang:gauge32
+--ro bytes?
| yang:counter64
+--ro messages?
| yang:counter64
+--ro discarded-messages?
| yang:counter64
+--ro records?
| yang:counter64
+--ro templates?
| yang:counter32
+--ro options-templates?
| yang:counter32
+--ro transport-session-start-time?
| yang:date-and-time
+--ro transport-session-discontinuity-time?
| yang:date-and-time
+--ro template* []
...
Figure 28: Transport Session Class
Figure 29 shows the Template class which contains state data about templates used by an exporting process or received by a collecting process in a specific transport session. The field class defines one field of the template.
+--ro template* []
+--ro observation-domain-id? uint32
+--ro template-id? uint16
+--ro set-id? uint16
+--ro access-time? yang:date-and-time
+--ro template-data-records? yang:counter64
+--ro template-discontinuity-time? yang:date-and-time
+--ro field* []
+--ro ie-id? ie-id-type
+--ro ie-length? uint16
+--ro ie-enterprise-number? uint32
+--ro is-flow-key? empty
+--ro is-scope? empty
Figure 29: Template Class
The names and semantics of the state parameters correspond to the managed objects in the ipfixTemplateTable, ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the IPFIX MIB module [RFC6615]:
The BulkDataProcess class in Figure 30 specifies the bulk data template to be applied to resource or set of resources and provides state information about the template records.
+--rw bulk-data-export
+--rw template* [name]
+--rw name ietf-ipfix:name-type
+--rw enabled? boolean
+--rw export-interval? uint32
+--rw observation-domain-id? uint32
+--rw field-layout
| +--rw field* [name]
| +--rw name ietf-ipfix:name-type
| +--rw (identifier)
| | +--:(ie-id)
| | +--rw ie-id? ietf-ipfix:ie-id-type
| +--rw ie-length? uint16
| +--rw ie-enterprise-number? uint32
+--rw exporting-process*
| -> /ietf-ipfix:ipfix/exporting-process/name
| {ietf-ipfix:exporter}?
+--rw resource* resource
+--ro data-records? yang:counter64
+--ro discontinuity-time? yang:date-and-time
Figure 30: Bulk Data Class
The following attributes are supported:
A bulk data instance may refer to:
The following state information is available;
The configuration data model standardizes a superset of common IPFIX and PSAMP configuration parameters. A typical monitoring device implementation will not support the entire range of possible configurations. Certain functions may not be supported, such as the collecting process that does not exist on a monitoring device that is conceived as exporter only. The configuration of other functions may be subject to resource limitations or functional restrictions. For example, the cache size is typically limited according to the available memory on the device. It is also possible that a monitoring device implementation requires the configuration of additional parameters that are not part of the configuration data model in order to function properly.
The configuration data model for IPFIX and PSAMP covers the configuration of Exporters, Collectors, and devices that may act as both. As Exporters and Collectors implement different functions, the corresponding portions of the model are conditional on the following features:
Exporters do not necessarily implement any Selection Processes, Caches, or even Observation Points in particular cases. Therefore, the corresponding portions of the model are conditional on the following feature:
Additional features refer to different PSAMP Sampling and Filtering methods as well as to the supported types of Caches:
The following features concern the support of UDP and TCP as transport protocols and the support of File Readers and File Writers:
This document defines three YANG modules:
This document defines the YANG module "ietf-ipfix", which has the following structure:
module: ietf-ipfix
+--rw ipfix
+--rw collecting-process* [name] {collector}?
| +--rw name name-type
| +--rw tcp-collector* [name] {tcp-transport}?
| | ...
| +--rw udp-collector* [name] {udp-transport}?
| | ...
| +--rw sctp-collector* [name] {sctp-transport}?
| | ...
| +--rw file-reader* [name] {file-reader}?
| | ...
| +--rw exporting-process* -> /ipfix/exporting-process/name
| {exporter}?
+--rw exporting-process* [name] {exporter}?
+--rw name name-type
+--rw enabled? boolean
+--rw export-mode? identityref
+--rw destination* [name]
| ...
+--rw options* [name]
| ...
+--ro exporting-process-id? uint32
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix@2018-10-22.yang"
module ietf-ipfix {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix";
prefix ietf-ipfix;
import ietf-inet-types {
prefix inet;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Model for Interface Management";
}
organization
"IETF";
contact
"Web: TBD
List: TBD
Editor: Joey Boyd
<mailto:joey.boyd@adtran.com>
Editor: Marta Seda
<mailto:marta.seda@calix.com>";
// RFC Ed.: replace XXXX with actual RFC numbers and
// remove this note.
description
"This module contains a collection of YANG definitions for the
management of IP Flow Information Export (IPFIX).
This data model is designed for the Network Management Datastore
Architecture defined in RFC 8342.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.";
revision 2020-03-05 {
description
"Initial revision.";
reference
"RFC XXXX: YANG Data Models for the IP Flow Information Export
(IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export";
}
feature exporter {
description
"If supported, the Monitoring Device can be used as
an Exporter. Exporting Processes can be configured.";
}
feature collector {
description
"If supported, the Monitoring Device can be used as
a Collector. Collecting Processes can be configured.";
}
feature tcp-transport {
description
"If supported, the Monitoring Device supports TCP
as the transport protocol.";
}
feature udp-transport {
description
"If supported, the Monitoring Device supports UDP
as the transport protocol.";
}
feature sctp-transport {
description
"If supported, the Monitoring Device supports SCTP
as the transport protocol.";
}
feature file-reader {
description
"If supported, the Monitoring Device supports the
configuration of Collecting Processes as File Readers.";
}
feature file-writer {
description
"If supported, the Monitoring Device supports the
configuration of Exporting Processes as File Writers.";
}
feature if-mib {
description
"This feature indicates that the device implements
the IF-MIB.";
reference
"RFC 2863: The Interfaces Group MIB";
}
identity export-mode {
description
"Base identity for different usages of export
destinations configured for an Exporting Process.";
reference
"RFC 6615, Section 8 (ipfixExportMemberType)";
}
identity parallel {
base export-mode;
description
"Parallel export of Data Records to all destinations configured
for the Exporting Process.";
reference
"RFC 6615, Section 8 (ipfixExportMemberType)";
}
identity load-balancing {
base export-mode;
description
"Load-balancing between the different destinations
configured for the Exporting Process.";
reference
"RFC 6615, Section 8 (ipfixExportMemberType)";
}
identity fallback {
base export-mode;
description
"Export to the primary destination (i.e., the first
destination configured for the Exporting Process). If the
export to the primary destination fails, the Exporting Process
tries to export to the secondary destination. If the
secondary destination fails as well, it continues with the
tertiary, etc.";
reference
"RFC 6615, Section 8 (ipfixExportMemberType)";
}
identity options-type {
description
"Base identity for report types exported with
options templates.";
}
identity metering-statistics {
base options-type;
description
"Metering Process Statistics.";
reference
"RFC 7011, Section 4.1";
}
identity metering-reliability {
base options-type;
description
"Metering Process Reliability Statistics.";
reference
"RFC 7011, Section 4.2";
}
identity exporting-reliability {
base options-type;
description
"Exporting Process Reliability Statistics.";
reference
"RFC 7011, Section 4.3";
}
identity flow-keys {
base options-type;
description
"Flow Keys.";
reference
"RFC 7011, Section 4.4";
}
identity selection-sequence {
base options-type;
description
"Selection Sequence and Selector Reports.";
reference
"RFC 5476, Sections 6.5.1 and 6.5.2";
}
identity selection-statistics {
base options-type;
description
"Selection Sequence Statistics Report.";
reference
"RFC 5476, Sections 6.5.3";
}
identity accuracy {
base options-type;
description
"Accuracy Report.";
reference
"RFC 5476, Section 6.5.4";
}
identity reducing-redundancy {
base options-type;
description
"Enables the utilization of Options Templates to reduce
redundancy in the exported Data Records.";
reference
"RFC 5473";
}
identity extended-type-information {
base options-type;
description
"Export of extended type information for enterprise-specific
Information Elements used in the exported Templates.";
reference
"RFC 5610";
}
typedef ie-name-type {
type string {
length "1..max";
pattern '\S+';
}
description
"Type for Information Element names. Whitespaces are not
allowed.";
}
typedef name-type {
type string {
length "1..max";
pattern '\S(.*\S)?';
}
description
"Type for 'name' leafs, which are used to identify specific
instances within lists, etc.
Leading and trailing whitespaces are not allowed.";
}
typedef ie-id-type {
type uint16 {
range "1..32767";
}
description
"Type for Information Element identifiers.";
}
typedef transport-session-status {
type enumeration {
enum "inactive" {
value 0;
description
"This value MUST be used for Transport Sessions that are
specified in the system but currently not active.
The value can be used for Transport Sessions that are
backup (secondary) sessions.";
}
enum "active" {
value 1;
description
"This value MUST be used for Transport Sessions that are
currently active and transmitting or receiving data.";
}
enum "unknown" {
value 2;
description
"This value MUST be used if the status of the Transport
Sessions cannot be detected by the device.
This value should be avoided as far as possible.";
}
}
description
"Status of a Transport Session.";
reference
"RFC 6615, Section 8 (ipfixTransportSessionStatus)";
}
grouping transport-layer-security-parameters {
description
"TLS or DTLS parameters.";
container transport-layer-security {
presence
"The presence of this container indicates TLS is enabled.";
description
"TLS or DTLS configuration.";
leaf-list local-certification-authority-dn {
type string;
description
"Distinguished names of certification authorities whose
certificates may be used to identify the local endpoint.";
reference
"RFC 5280";
}
leaf-list local-subject-dn {
type string;
description
"Distinguished names that may be used in the certificates
to identify the local endpoint.";
reference
"RFC 5280.";
}
leaf-list local-subject-fqdn {
type inet:domain-name;
description
"Fully qualified domain names that may be used in the
certificates to identify the local endpoint.";
reference
"RFC 5280";
}
leaf-list remote-certification-authority-dn {
type string;
description
"Distinguished names of certification authorities whose
certificates are accepted to authorize remote endpoints.";
reference
"RFC 5280";
}
leaf-list remote-subject-dn {
type string;
description
"Distinguished names which are accepted in certificates to
authorize remote endpoints.";
reference
"RFC 5280";
}
leaf-list remote-subject-fqdn {
type inet:domain-name;
description
"Fully qualified domain names that are accepted in
certificates to authorize remote endpoints.";
reference
"RFC 5280";
}
}
}
grouping transport-session-state-parameters {
description
"State parameters of a Transport Session originating from an
Exporting Process or terminating at a Collecting Process.
Parameter names and semantics correspond to the managed
objects in IPFIX-MIB.";
reference
"RFC 7011; RFC 6615, Section 8 (ipfixTransportSessionEntry,
ipfixTransportSessionStatsEntry)";
leaf ipfix-version {
type uint16;
description
"Used for Exporting Processes, this parameter contains the
version number of the IPFIX protocol that the Exporter uses
to export its data in this Transport Session.
Used for Collecting Processes, this parameter contains the
version number of the IPFIX protocol it receives for this
Transport Session. If IPFIX Messages of different IPFIX
protocol versions are received, this parameter contains the
maximum version number.
Note that this parameter corresponds to
ipfixTransportSessionIpfixVersion in the IPFIX MIB module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionIpfixVersion)";
}
leaf source-address {
type inet:host;
description
"The source address of the Exporter of the IPFIX Transport
Session.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionSourceAddressType,
ipfixTransportSessionSourceAddress);
RFC 4960, Section 6.4";
}
leaf destination-address {
type inet:host;
description
"The destination address of the path that is selected by the
Exporter to send IPFIX messages to the Collector.
In the case of TCP, it is possible that if an FQDN address
is configured it resolves into many addresses.
Note that this parameter functionally corresponds to
ipfixTransportSessionDestinationAddressType and
ipfixTransportSessionDestinationAddress in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionDestinationAddressType,
ipfixTransportSessionDestinationAddress);
RFC 4960, Section 6.4";
}
leaf source-port {
type inet:port-number;
description
"The transport-protocol port number of the Exporter of the
IPFIX Transport Session.
Note that this parameter corresponds to
ipfixTransportSessionSourcePort in the IPFIX MIB module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionSourcePort).";
}
leaf destination-port {
type inet:port-number;
description
"The transport-protocol port number of the Collector of the
IPFIX Transport Session.
Note that this parameter corresponds to
ipfixTransportSessionDestinationPort in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionDestinationPort)";
}
leaf status {
type transport-session-status;
description
"Status of the Transport Session.
Note that this parameter corresponds to
ipfixTransportSessionStatus in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTransportSessionStatus)";
}
leaf rate {
type yang:gauge32;
units "bytes per second";
description
"The number of bytes per second transmitted by the
Exporting Process or received by the Collecting Process.
This parameter is updated every second.
Note that this parameter corresponds to
ipfixTransportSessionRate in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTransportSessionRate)";
}
leaf bytes {
type yang:counter64;
units "bytes";
description
"The number of bytes transmitted by the Exporting Process or
received by the Collecting Process.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionBytes in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTransportSessionBytes)";
}
leaf messages {
type yang:counter64;
units "IPFIX Messages";
description
"The number of messages transmitted by the Exporting Process
or received by the Collecting Process.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionMessages in the IPFIX MIB module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionMessages)";
}
leaf discarded-messages {
type yang:counter64;
units "IPFIX Messages";
description
"Used for Exporting Processes, this parameter indicates the
number of messages that could not be sent due to internal
buffer overflows, network congestion, routing issues, etc.
Used for Collecting Process, this parameter indicates the
number of received IPFIX Message that are malformed, cannot
be decoded, are received in the wrong order or are missing
according to the sequence number.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionDiscardedMessages in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionDiscardedMessages)";
}
leaf records {
type yang:counter64;
units "Data Records";
description
"The number of Data Records transmitted by the Exporting
Process or received by the Collecting Process.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionRecords in the IPFIX MIB module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionRecords)";
}
leaf templates {
type yang:counter32;
units "Templates";
description
"The number of Templates transmitted by the Exporting Process
or received by the Collecting Process.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionTemplates in the IPFIX MIB module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionTemplates)";
}
leaf options-templates {
type yang:counter32;
units "Options Templates";
description
"The number of Option Templates transmitted by the Exporting
Process or received by the Collecting Process.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
transport-session-discontinuity-time.
Note that this parameter corresponds to
ipfixTransportSessionOptionsTemplates in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionOptionsTemplates)";
}
leaf transport-session-start-time {
type yang:date-and-time;
description
"Timestamp of the start of the given Transport Session.
This state parameter does not correspond to any object in
the IPFIX MIB module.";
}
leaf transport-session-discontinuity-time {
type yang:date-and-time;
description
"Timestamp of the most recent occasion at which one or more
of the Transport Session counters suffered a discontinuity.
Note that this parameter functionally corresponds to
ipfixTransportSessionDiscontinuityTime in the IPFIX MIB
module. In contrast to
ipfixTransportSessionDiscontinuityTime, the time is
absolute and not relative to sysUpTime.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionDiscontinuityTime)";
}
}
grouping collection-template-state-parameters {
description
"State parameters of a (Options) Template received by a
Collecting Process in a specific Transport Session or read by
the File Reader.
Parameter names and semantics correspond to the
managed objects in IPFIX-MIB";
reference
"RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry,
ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";
list template {
key "name";
description
"This list contains the Templates and Options Templates that
are transmitted by the Exporting Process or received by the
Collecting Process.
Withdrawn or invalidated (Options) Templates MUST be removed
from this list.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
template.";
}
leaf observation-domain-id {
type uint32;
description
"The ID of the Observation Domain for which this Template
is defined.
Note that this parameter corresponds to
ipfixTemplateObservationDomainId in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTemplateObservationDomainId)";
}
leaf template-id {
type uint16 {
range "256..65535";
}
description
"This number indicates the Template ID in the IPFIX
message.
Note that this parameter corresponds to ipfixTemplateId in
the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTemplateId)";
}
leaf set-id {
type uint16 {
range "2..3 | 256..65535";
}
description
"This number indicates the Set ID of the Template.
A value of 2 is reserved for Template Sets. A value of 3
is reserved for Options Template Sets. Values from 4 to
255 are reserved for future use. Values 256 and above
are used for Data Sets. The Set ID values of 0 and 1 are
not used for historical reasons.
Note that this parameter corresponds to ipfixTemplateSetId
in the IPFIX MIB module.";
reference
"RFC 7011, Section 3.3.2;
RFC 6615, Section 8 (ipfixTemplateSetId)";
}
leaf access-time {
type yang:date-and-time;
description
"This parameter contains the time when this (Options)
Template was last received from the Exporter or read from
the file.
Note that this parameter corresponds to
ipfixTemplateAccessTime in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (
ipfixTemplateAccessTime)";
}
leaf template-data-records {
type yang:counter64;
description
"The number of received Data Records defined by this
(Options) Template.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
template-discontinuity-time.
Note that this parameter corresponds to
ipfixTemplateDataRecords in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTemplateDataRecords)";
}
leaf template-discontinuity-time {
type yang:date-and-time;
description
"Timestamp of the most recent occasion at which the counter
template-data-records suffered a discontinuity.
Note that this parameter functionally corresponds to
ipfixTemplateDiscontinuityTime in the IPFIX MIB module. In
contrast to ipfixTemplateDiscontinuityTime, the time is
absolute and not relative to sysUpTime.";
reference
"RFC 6615, Section 8
(ipfixTemplateDiscontinuityTime)";
}
list field {
key "name";
description
"This list contains the (Options) Template fields of which
the (Options) Template is defined.
The order of the list corresponds to the order of the
fields in the (Option) Template Record.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
template field.";
}
leaf ie-id {
type ie-id-type;
description
"This parameter indicates the Information Element
identifier of the field.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeId in the IPFIX MIB module.";
reference
"RFC 7011; RFC 6615, Section 8
(ipfixTemplateDefinitionIeId).";
}
leaf ie-length {
type uint16;
units "octets";
description
"This parameter indicates the length of the Information
Element of the field.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeLength in the IPFIX MIB
module.";
reference
"RFC 7011; RFC 6615, Section 8
(ipfixTemplateDefinitionIeLength)";
}
leaf ie-enterprise-number {
type uint32;
description
"This parameter indicates the IANA enterprise number of
the authority defining the Information Element
identifier.
If the Information Element is not enterprise-specific,
this state parameter is zero.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
MIB module.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionIeEnterpriseNumber);
IANA registry for Private Enterprise Numbers,
http://www.iana.org/assignments/enterprise-numbers";
}
leaf is-flow-key {
when "../../set-id = 2" {
description
"This parameter is available for non-Options Templates
(Set ID is 2).";
}
type empty;
description
"If present, this is a Flow Key field.
Note that this corresponds to flowKey(1) being set in
ipfixTemplateDefinitionFlags.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionFlags)";
}
leaf is-scope {
when "../../set-id = 3" {
description
"This parameter is available for Options
Templates (Set ID is 3).";
}
type empty;
description
"If present, this is a scope field.
Note that this corresponds to scope(0) being set in
ipfixTemplateDefinitionFlags.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionFlags)";
}
}
}
}
grouping common-collector-parameters {
description
"Parameters of a Collecting Process that are common to all
transport protocols.";
choice local-address-method {
description
"Method to configure the local address of the collecting
process. Note that it is expected that other methods be
available. Those method can augment this choice.";
case local-address {
leaf-list local-address {
type inet:host;
description
"List of local addresses on which the Collecting
Process listens for IPFIX Messages.";
}
}
}
leaf local-port {
type inet:port-number;
description
"If not configured, the Monitoring Device uses the default
port number for IPFIX, which is 4739 without TLS or DTLS and
4740 if TLS or DTLS is activated.";
}
}
grouping tcp-collector-parameters {
description
"Parameters of a listening TCP socket at a Collecting
Process.";
uses common-collector-parameters;
uses transport-layer-security-parameters;
}
grouping udp-collector-parameters {
description
"Parameters of a listening UDP socket at a Collecting
Process.";
uses common-collector-parameters;
leaf template-life-time {
type uint32;
units seconds;
default 1800;
description
"Sets the lifetime of Templates for all UDP Transport
Sessions terminating at this UDP socket. Templates that are
not received again within the configured lifetime become
invalid at the Collecting Process.
As specified in RFC 7011, the Template lifetime MUST be at
least three times higher than the template-refresh-timeout
parameter value configured on the corresponding Exporting
Processes.
Note that this parameter corresponds to
ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
MIB module.";
reference
"RFC 7011, Section 10.3.7; RFC 6615, Section 8
(ipfixTransportSessionTemplateRefreshTimeout).";
}
leaf options-template-life-time {
type uint32;
units seconds;
default 1800;
description
"Sets the lifetime of Options Templates for all UDP Transport
Sessions terminating at this UDP socket. Options Templates
that are not received again within the configured lifetime
become invalid at the Collecting Process.
As specified in RFC 7011, the Options Template lifetime MUST
be at least three times higher than the
options-template-refresh-timeout parameter value configured
on the corresponding Exporting Processes.
Note that this parameter corresponds to
ipfixTransportSessionOptionsTemplateRefreshTimeout in the
IPFIX MIB module.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionOptionsTemplateRefreshTimeout).";
}
leaf template-life-packet {
type uint32;
units "IPFIX Messages";
description
"If this parameter is configured, Templates defined in a UDP
Transport Session become invalid if they are neither
included in a sequence of more than this number of IPFIX
Messages nor received again within the period of time
specified by template-life-time.
Note that this parameter corresponds to
ipfixTransportSessionTemplateRefreshPacket in the IPFIX
MIB module.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionTemplateRefreshPacket).";
}
leaf options-template-life-packet {
type uint32;
units "IPFIX Messages";
description
"If this parameter is configured, Options Templates defined
in a UDP Transport Session become invalid if they are
neither included in a sequence of more than this number of
IPFIX Messages nor received again within the period of time
specified by options-template-life-time.
Note that this parameter corresponds to
ipfixTransportSessionOptionsTemplateRefreshPacket in the
IPFIX MIB module.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionOptionsTemplateRefreshPacket).";
}
leaf maximum-reordering-delay {
type uint32;
units seconds;
description
"The maximum delay for the template to be received at the
collector after the data record(s) has(have) been received.
The collector is expected to buffer the data records till
such a time.";
reference
"RFC 7011, Section 8.2";
}
uses transport-layer-security-parameters;
}
grouping sctp-collector-parameters {
description
"Parameters of a listening SCTP socket at a Collecting
Process.";
uses common-collector-parameters;
leaf maximum-reordering-delay {
type uint32;
units seconds;
description
"The maximum delay for the template to be received at the
collector after the data record(s) has(have) been received.
The collector is expected to buffer the data records till
such a time.";
reference
"RFC 7011, Section 8.2";
}
uses transport-layer-security-parameters;
}
grouping file-reader-state-parameters {
description
"State Parameters for the File Reader.";
container file-reader-state {
config false;
description
"File Reader parameters.";
leaf bytes {
type yang:counter64;
units octets;
description
"The number of bytes read by the File Reader.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-reader-discontinuity-time.";
}
leaf messages {
type yang:counter64;
units "IPFIX Messages";
description
"The number of IPFIX Messages read by the File Reader.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-reader-discontinuity-time.";
}
leaf records {
type yang:counter64;
units "Data Records";
description
"The number of Data Records read by the File Reader.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-reader-discontinuity-time.";
}
leaf templates {
type yang:counter32;
units "Templates";
description
"The number of Template Records (excluding Options Template
Records) read by the File Reader.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-reader-discontinuity-time.";
}
leaf options-templates {
type yang:counter32;
units "Options Templates";
description
"The number of Options Template Records read by the File
Reader.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-reader-discontinuity-time.";
}
leaf file-reader-discontinuity-time {
type yang:date-and-time;
description
"Timestamp of the most recent occasion at which one or more
File Reader counters suffered a discontinuity.
In contrast to discontinuity times in the IPFIX MIB
module, the time is absolute and not relative to
sysUpTime.";
}
uses collection-template-state-parameters;
}
}
grouping collecting-process-parameters {
description
"Parameters of a Collecting Process.";
list tcp-collector {
if-feature tcp-transport;
key "name";
description
"List of TCP receivers (sockets) on which the Collecting
Process receives IPFIX Messages.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the TCP
collector.";
}
uses tcp-collector-parameters;
list transport-session {
key name;
config false;
description
"This list contains the currently established Transport
Sessions terminating at the given socket.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
transport session.";
}
uses transport-session-state-parameters;
uses collection-template-state-parameters;
}
}
list udp-collector {
if-feature udp-transport;
key "name";
description
"List of UDP receivers (sockets) on which the Collecting
Process receives IPFIX Messages.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the UDP
Collector.";
}
uses udp-collector-parameters;
list transport-session {
key name;
config false;
description
"This list contains the currently established Transport
Sessions terminating at the given socket.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
transport session.";
}
uses transport-session-state-parameters;
uses collection-template-state-parameters;
}
}
list sctp-collector {
if-feature sctp-transport;
key "name";
description
"List of SCTP receivers on which the Collecting Process
receives IPFIX Messages.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the SCTP
Collector.";
}
uses sctp-collector-parameters;
list transport-session {
key name;
config false;
description
"This list contains the currently established Transport
Sessions terminating at the given socket.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
transport session.";
}
leaf sctp-association-id {
type uint32;
config false;
description
"The association ID used for the SCTP session between the
Exporter and the Collector of the IPFIX Transport
Session. It is equal to the sctpAssocId entry in the
sctpAssocTable defined in the SCTP-MIB.
This parameter is only available if the transport
protocol is SCTP and if an SNMP agent on the same
Monitoring Device enables access to the corresponding
MIB objects in the sctpAssocTable.
Note that this parameter corresponds to
ipfixTransportSessionSctpAssocId in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionSctpAssocId);
RFC 3871";
}
uses transport-session-state-parameters;
uses collection-template-state-parameters;
}
}
list file-reader {
if-feature file-reader;
key "name";
description
"List of File Readers from which the Collecting Process reads
the IPFIX Messages.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the File
Reader.";
}
leaf file {
type inet:uri;
mandatory true;
description
"URI specifying the location of the file.";
}
uses file-reader-state-parameters;
}
}
grouping export-template-state-parameters {
description
"State parameters of a (Options) Template used by an Exporting
Process in a specific Transport Session or by a File Writer.
Parameter names and semantics correspond to the managed
objects in IPFIX-MIB.";
reference
"RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry,
ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";
list template {
key "name";
description
"This list contains the Templates and Options Templates that
are transmitted by the Exporting Process or written by the
File Writer.
Withdrawn or invalidated (Options) Templates MUST be removed
from this list.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
template.";
}
leaf observation-domain-id {
type uint32;
description
"The ID of the Observation Domain for which this Template
is defined.
Note that this parameter corresponds to
ipfixTemplateObservationDomainId in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTemplateObservationDomainId).";
}
leaf template-id {
type uint16 {
range "256..65535";
}
description
"This number indicates the Template ID in the IPFIX
message.
Note that this parameter corresponds to ipfixTemplateId in
the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTemplateId).";
}
leaf set-id {
type uint16 {
range "2..3 | 256..65535";
}
description
"This number indicates the Set ID of the Template.
A value of 2 is reserved for Template Sets. A value of 3
is reserved for Options Template Sets. Values from 4 to
255 are reserved for future use. Values 256 and above
are used for Data Sets. The Set ID values of 0 and 1 are
not used for historical reasons.
Note that this parameter corresponds to ipfixTemplateSetId
in the IPFIX MIB module.";
reference
"RFC 7011, Section 3.3.2;
RFC 6615, Section 8 (ipfixTemplateSetId)";
}
leaf access-time {
type yang:date-and-time;
description
"This parameter contains the time when this (Options)
Template was last sent to the Collector(s) or written to
the file.
Note that this parameter corresponds to
ipfixTemplateAccessTime in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (
ipfixTemplateAccessTime).";
}
leaf template-data-records {
type yang:counter64;
description
"The number of transmitted Data Records defined by this
(Options) Template.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
template-discontinuity-time.
Note that this parameter corresponds to
ipfixTemplateDataRecords in the IPFIX MIB module.";
reference
"RFC 6615, Section 8 (ipfixTemplateDataRecords).";
}
leaf template-discontinuity-time {
type yang:date-and-time;
description
"Timestamp of the most recent occasion at which the counter
template-data-records suffered a discontinuity.
Note that this parameter functionally
corresponds to ipfixTemplateDiscontinuityTime in the IPFIX
MIB module. In contrast to
ipfixTemplateDiscontinuityTime, the time is absolute and
not relative to sysUpTime.";
reference
"RFC 6615, Section 8
(ipfixTemplateDiscontinuityTime).";
}
list field {
key "name";
description
"This list contains the (Options) Template fields of which
the (Options) Template is defined.
The order of the list corresponds to the order
of the fields in the (Option) Template Record.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
template field.";
}
leaf ie-id {
type ie-id-type;
description
"This parameter indicates the Information Element
identifier of the field.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeId in the IPFIX MIB module.";
reference
"RFC 7011; RFC 6615, Section 8
(ipfixTemplateDefinitionIeId).";
}
leaf ie-length {
type uint16;
units "octets";
description
"This parameter indicates the length of the Information
Element of the field.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeLength in the IPFIX MIB
module.";
reference
"RFC 7011; RFC 6615, Section 8
(ipfixTemplateDefinitionIeLength).";
}
leaf ie-enterprise-number {
type uint32;
description
"This parameter indicates the IANA enterprise number of
the authority defining the Information Element
identifier.
If the Information Element is not enterprise-specific,
this state parameter is zero.
Note that this parameter corresponds to
ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
MIB module.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionIeEnterpriseNumber);
IANA registry for Private Enterprise Numbers,
http://www.iana.org/assignments/enterprise-numbers.";
}
leaf is-flow-key {
when "../../set-id = 2" {
description
"This parameter is available for non-Options Templates
(Set ID is 2).";
}
type empty;
description
"If present, this is a Flow Key field.
Note that this corresponds to flowKey(1) being set in
ipfixTemplateDefinitionFlags.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionFlags).";
}
leaf is-scope {
when "../../set-id = 3" {
description
"This parameter is available for Options Templates
(Set ID is 3).";
}
type empty;
description
"If present, this is a scope field.
Note that this corresponds to scope(0) being set in
ipfixTemplateDefinitionFlags.";
reference
"RFC 6615, Section 8
(ipfixTemplateDefinitionFlags).";
}
}
}
}
grouping common-exporter-parameters {
description
"Parameters of an export destination that are common to all
transport protocols.";
leaf ipfix-version {
type uint16;
default '10';
description
"IPFIX version number.";
reference
"RFC 7011.";
}
container source {
description
"Configuration corresponding to how exporter's source IP
address is specified.";
choice source-method {
description
"Method to configure the source address of the exporter
or the interface to be used by the exporter.
Note that it is expected that other methods be available.
Those methods can augment this choice.";
case interface-ref {
leaf interface-ref {
type if:interface-ref;
description
"The interface to be used by the Exporting Process.";
}
}
case if-index {
if-feature if-mib;
leaf if-index {
type uint32;
description
"Index of an interface as stored in the ifTable
of IF-MIB.";
reference
"RFC 2863.";
}
}
case if-name {
if-feature if-mib;
leaf if-name {
type string;
description
"Name of an interface as stored in the ifTable
of IF-MIB.";
reference
"RFC 2863.";
}
}
}
}
container destination {
description
"Configuration corresponding to how exporter's destination IP
address is specified.";
}
leaf destination-port {
type inet:port-number;
description
"If not configured by the user, the Monitoring Device uses
the default port number for IPFIX, which is 4739 without TLS
or DTLS and 4740 if TLS or DTLS is activated.";
}
leaf send-buffer-size {
type uint32;
units "bytes";
description
"Size of the socket send buffer.
If not configured by the user, this parameter is set by
the Monitoring Device.";
}
leaf rate-limit {
type uint32;
units "bytes per second";
description
"Maximum number of bytes per second the Exporting Process may
export to the given destination. The number of bytes is
calculated from the lengths of the IPFIX Messages exported.
If not configured, no rate limiting is performed.";
reference
"RFC 5476, Section 6.3.";
}
}
grouping tcp-exporter-parameters {
description
"Parameters of a TCP export destination.";
uses common-exporter-parameters {
augment "source/source-method" {
description
"Augment the source method to add the source IP address or
hostname.";
case source-address {
leaf source-address {
type inet:host;
description
"The source IP address or hostname used by the
Exporting Process.";
}
}
}
augment "destination" {
description
"Augment the destination method to add the destination
IP address or hostname.";
choice destination-method {
mandatory true;
description
"Method to configuring the destination address of the
Collection Process to which IPFIX Messages are sent.
Note it is expected that if other methods are available
that they would augment from this statement.";
case destination-address {
leaf destination-address {
type inet:host;
description
"The destination IP address or hostname of the
Collecting Process to which IPFIX Messages are sent.
A hostname may resolve to one or more IP
addresses.";
}
}
}
}
}
leaf connection-timeout {
type uint32;
units seconds;
description
"Time after which the exporting process deems the TCP
connection to have failed.";
reference
"RFC 7011, Sections 10.4.4 and 10.4.5.";
}
leaf retry-schedule {
type uint32 {
range "60..max";
}
units seconds;
description
"Time after which the exporting process retries the TCP
connection to a collector.";
reference
"RFC 7011, Section 10.4.4.";
}
uses transport-layer-security-parameters;
}
grouping udp-exporter-parameters {
description
"Parameters of a UDP export destination.";
uses common-exporter-parameters {
augment "source/source-method" {
description
"Augment the source method to add the source IP address or
hostname.";
case source-address {
leaf source-address {
type inet:host;
description
"The source IP address or hostname used by the
Exporting Process.";
}
}
}
augment "destination" {
description
"Augment the destination method to add the destination
IP address or hostname.";
choice destination-method {
mandatory true;
description
"Method to configuring the destination address of the
Collection Process to which IPFIX Messages are sent.
Note it is expected that if other methods are available
that they would augment from this statement.";
case destination-address {
leaf destination-address {
type inet:host;
description
"The destination IP address or hostname of the
Collecting Process to which IPFIX Messages are sent.
A hostname may resolve to one or more IP
addresses.";
}
}
}
}
}
leaf maximum-packet-size {
type uint16;
units octets;
description
"This parameter specifies the maximum size of IP packets sent
to the Collector. If set to zero, the Exporting Device MUST
derive the maximum packet size from path MTU discovery
mechanisms.
If not configured by the user, this parameter is set by
the Monitoring Device.";
}
leaf template-refresh-timeout {
type uint32;
units seconds;
default 600;
description
"Sets time after which Templates are resent in the UDP
Transport Session.
Note that the configured lifetime MUST be adapted to the
template-life-time parameter value at the receiving
Collecting Process.
Note that this parameter corresponds to
ipfixTransportSessionTemplateRefreshTimeout in the IPFIX
MIB module.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionTemplateRefreshTimeout).";
}
leaf options-template-refresh-timeout {
type uint32;
units seconds;
default 600;
description
"Sets time after which Options Templates are resent in the
UDP Transport Session.
Note that the configured lifetime MUST be adapted to the
options-template-life-time parameter value at the receiving
Collecting Process.
Note that this parameter corresponds to
ipfixTransportSessionOptionsTemplateRefreshTimeout in the
IPFIX MIB module.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionOptionsTemplateRefreshTimeout).";
}
leaf template-refresh-packet {
type uint32;
units "IPFIX Messages";
description
"Sets number of IPFIX Messages after which Templates are
resent in the UDP Transport Session.
Note that this parameter corresponds to
ipfixTransportSessionTemplateRefreshPacket in the IPFIX
MIB module.
If omitted, Templates are only resent after timeout.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionTemplateRefreshPacket).";
}
leaf options-template-refresh-packet {
type uint32;
units "IPFIX Messages";
description
"Sets number of IPFIX Messages after which Options Templates
are resent in the UDP Transport Session protocol.
Note that this parameter corresponds to
ipfixTransportSessionOptionsTemplateRefreshPacket in the
IPFIX MIB module.
If omitted, Templates are only resent after timeout.";
reference
"RFC 7011, Section 8.4; RFC 6615, Section 8
(ipfixTransportSessionOptionsTemplateRefreshPacket).";
}
uses transport-layer-security-parameters;
}
grouping sctp-exporter-parameters {
description
"Parameters of a SCTP export destination.";
uses common-exporter-parameters {
augment "source/source-method" {
description
"Augment the source method to add the source IP address or
hostname.";
case source-address {
leaf-list source-address {
type inet:host;
description
"The source IP address(es) or hostname(s) used by the
Exporting Process.";
}
}
}
augment "destination" {
description
"Augment the destination method to add the destination
IP address or hostname.";
choice destination-method {
mandatory true;
description
"Method to configuring the destination address of the
Collection Process to which IPFIX Messages are sent.
Note it is expected that if other methods are available
that they would augment from this statement.";
case destination-address {
leaf-list destination-address {
type inet:host;
description
"List of destination IP addresses or hostnames.
A hostname may resolve to one or more IP addresses.
The user must ensure that all configured IP
addresses belong to the same Collecting Process.
The SCTP Exporting Processs tries to establish an
SCTP association to any of the configured
destination IP addresses.";
}
}
}
}
}
leaf timed-reliability {
type uint32;
units milliseconds;
default 0;
description
"Lifetime in milliseconds until an IPFIX Message containing
Data Sets only is 'abandoned' due to the timed reliability
mechanism of PR-SCTP.
If this parameter is set to zero, reliable SCTP transport is
used for all Data Records.
Regardless of the value of this parameter, the Exporting
Process MAY use reliable SCTP transport for Data Sets
associated with Options Templates.";
reference
"RFC 3758; RFC 4960.";
}
leaf association-timeout {
type uint32;
units seconds;
description
"Time after which the exporting process deems the SCTP
association to have failed.";
reference
"RFC 7011, Sections 10.2.4 and 10.2.5.";
}
uses transport-layer-security-parameters;
}
grouping file-writer-state-parameters {
description
"State Parameters for the File Writer.";
container file-writer-state {
config false;
description
"File Writer parameters.";
leaf bytes {
type yang:counter64;
units octets;
description
"The number of bytes written by the File Writer.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf messages {
type yang:counter64;
units "IPFIX Messages";
description
"The number of IPFIX Messages written by the File Writer.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf discarded-messages {
type yang:counter64;
units "IPFIX Messages";
description
"The number of IPFIX Messages that could not be written by
the File Writer due to internal buffer overflows, limited
storage capacity, etc.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf records {
type yang:counter64;
units "Data Records";
description
"The number of Data Records written by the File Writer.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf templates {
type yang:counter32;
units "Templates";
description
"The number of Template Records (excluding Options Template
Records) written by the File Writer.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf options-templates {
type yang:counter32;
units "Options Templates";
description
"The number of Options Template Records written by the File
Writer.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
file-writer-discontinuity-time.";
}
leaf file-writer-discontinuity-time {
type yang:date-and-time;
description
"Timestamp of the most recent occasion at which one or more
File Writer counters suffered a discontinuity.
In contrast to discontinuity times in the IPFIX MIB
module, the time is absolute and not relative to
sysUpTime.";
}
uses export-template-state-parameters;
}
}
grouping exporting-process-parameters {
description
"Parameters of an Exporting Process.";
leaf export-mode {
type identityref {
base export-mode;
}
default 'parallel';
description
"This parameter determines to which configured destination(s)
the incoming Data Records are exported.";
}
list destination {
key "name";
min-elements 1;
description
"List of export destinations.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the export
destination.";
}
choice destination-parameters {
mandatory true;
description
"Destination configuration.";
case tcp-exporter {
container tcp-exporter {
if-feature tcp-transport;
description
"TCP parameters.";
uses tcp-exporter-parameters;
container transport-session {
config false;
description
"Transport session state data.";
uses transport-session-state-parameters;
uses export-template-state-parameters;
}
}
}
case udp-exporter {
container udp-exporter {
if-feature udp-transport;
description
"UDP parameters.";
uses udp-exporter-parameters;
container transport-session {
config false;
description
"Transport session state data.";
uses transport-session-state-parameters;
uses export-template-state-parameters;
}
}
}
case sctp-exporter {
container sctp-exporter {
if-feature sctp-transport;
description
"SCTP parameters.";
uses sctp-exporter-parameters;
container transport-session {
config false;
description
"Transport session state data.";
leaf sctp-association-id {
type uint32;
description
"The association ID used for the SCTP session
between the Exporter and the Collector of the
IPFIX Transport Session. It is equal to the
sctpAssocId entry in the sctpAssocTable defined in
the SCTP-MIB.
This parameter is only available if the transport
protocol is SCTP and if an SNMP agent on the same
Monitoring Device enables access to the
corresponding MIB objects in the sctpAssocTable.
Note that this parameter corresponds to
ipfixTransportSessionSctpAssocId in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixTransportSessionSctpAssocId);
RFC 3871";
}
uses transport-session-state-parameters;
uses export-template-state-parameters;
}
}
}
case file-writer {
container file-writer {
if-feature file-writer;
description
"File Writer parameters.";
leaf ipfix-version {
type uint16;
default 10;
description
"IPFIX version number.";
reference
"RFC 7011.";
}
leaf file {
type inet:uri;
mandatory true;
description
"URI specifying the location of the file.";
}
uses file-writer-state-parameters;
}
}
}
}
list options {
key "name";
description
"List of options reported by the Exporting Process.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
option.";
}
uses options-parameters;
}
}
grouping options-parameters {
description
"Parameters specifying the data export using an Options
Template.";
leaf options-type {
type identityref {
base options-type;
}
mandatory true;
description
"Type of the exported options data.";
}
leaf options-timeout {
type uint32;
units "milliseconds";
description
"Time interval for periodic export of the options data. If
set to zero, the export is triggered when the options data
has changed.
If not configured by the user, this parameter is set by the
Monitoring Device.";
}
}
container ipfix {
description
"IPFIX Exporter and/or Collector data nodes.";
list collecting-process {
if-feature collector;
key "name";
description
"Collecting Process of the Monitoring Device.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
Collecting Process.";
}
uses collecting-process-parameters;
leaf-list exporting-process {
if-feature exporter;
type leafref {
path "/ietf-ipfix:ipfix"
+ "/ietf-ipfix:exporting-process"
+ "/ietf-ipfix:name";
}
description
"Export of received records without any modifications.
Records are processed by all Exporting Processes in the
list.";
}
}
list exporting-process {
if-feature exporter;
key "name";
description
"List of Exporting Processes of the IPFIX Monitoring Device
for which configuration will be applied.";
leaf name {
type name-type;
description
"An arbitrary string which uniquely identifies the
Exporting Process.";
}
leaf enabled {
type boolean;
default "true";
description
"If true, this Exporting Process is enabled for
exporting.";
}
uses exporting-process-parameters;
leaf exporting-process-id {
type uint32;
config false;
description
"The identifier of the Exporting Process. This parameter
corresponds to the Information Element exportingProcessId.
Its occurrence helps to associate Exporting Process
parameters with Exporing Process statistics exported by
the Monitoring Device using the Exporting Process
Reliability Statistics Template as defined by the IPFIX
protocol specification.";
reference
"RFC 7011, Section 4.3; IANA registry for IPFIX
Entities, http://www.iana.org/assignments/ipfix.";
}
}
}
}
<CODE ENDS>
This document defines the YANG module "ietf-ipfix-packet-sampling", which has the following structure:
module: ietf-ipfix-packet-sampling
augment /ipfix:ipfix:
+--rw psamp
+--rw observation-point* [name]
| +--rw name ipfix:name-type
| +--rw observation-domain-id uint32
| +--rw interface-ref* if:interface-ref
| +--rw if-name* if-name-type {if-mib}?
| +--rw if-index* uint32 {if-mib}?
| +--rw hardware-ref* hardware-ref
| +--rw ent-physical-name* string {entity-mib}?
| +--rw ent-physical-index* uint32 {entity-mib}?
| +--rw direction? direction
| +--rw selection-process*
| | -> /ipfix:ipfix/psamp/selection-process/name
| +--ro observation-point-id? uint32
+--rw selection-process* [name]
| +--rw name ipfix:name-type
| +--rw selector* [name]
| | ...
| +--rw cache?
| | -> /ipfix:ipfix/psamp/cache/name
| +--ro selection-sequence* []
| ...
+--rw cache* [name]
+--rw name ipfix:name-type
+--rw enabled? boolean
+--rw (cache-type)
| ...
+--rw exporting-process*
| -> /ipfix:ipfix/exporting-process/name
| {ipfix:exporter}?
+--ro metering-process-id? uint32
+--ro data-records? yang:counter64
+--ro cache-discontinuity-time? yang:date-and-time
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix-packet-sampling@2018-10-22.yang"
module ietf-ipfix-packet-sampling {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling";
prefix ips;
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Model for Interface Management";
}
import ietf-hardware {
prefix hw;
reference
"RFC 8348: A YANG Data Model for Hardware Management";
}
import ietf-ipfix {
prefix ipfix;
reference
"RFC XXXX: YANG Data Models for the IP Flow Information Export
(IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk
Data Export";
}
organization
"IETF";
contact
"Web: TBD
List: TBD
Editor: Joey Boyd
<mailto:joey.boyd@adtran.com>
Editor: Marta Seda
<mailto:marta.seda@calix.com>";
// RFC Ed.: replace XXXX with actual RFC numbers and
// remove this note.
description
"This module contains a collection of YANG definitions for the
management Packet Sampling (PSAMP) over IPFIX.
This data model is designed for the Network Management Datastore
Architecture defined in RFC 8342.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.";
revision 2020-03-05 {
description
"Initial revision.";
reference
"RFC XXXX: YANG Data Models for the IP Flow Information Export
(IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export";
}
feature if-mib {
description
"This feature indicates that the device implements the
IF-MIB.";
reference
"RFC 2863: The Interfaces Group MIB";
}
feature entity-mib {
description
"This feature indicates that the device implements the
ENTITY-MIB.";
reference
"RFC 6933: Entity MIB (Version 4)";
}
feature psamp-samp-count-based {
description
"If supported, the Monitoring Device supports count-based
sampling. The Selector method sampCountBased can be
configured.";
reference
"RFC 5475, Section 5.1";
}
feature psamp-samp-time-based {
description
"If supported, the Monitoring Device supports time-based
sampling. The Selector method sampTimeBased can be
configured.";
reference
"RFC 5475, Section 5.1";
}
feature psamp-samp-rand-out-of-n {
description
"If supported, the Monitoring Device supports random n-out-of-N
sampling. The Selector method sampRandOutOfN can be
configured.";
reference
"RFC 5475, Section 5.2.1";
}
feature psamp-samp-uni-prob {
description
"If supported, the Monitoring Device supports uniform
probabilistic sampling. The Selector method sampUniProb can be
configured.";
reference
"RFC 5475, Section 5.2.2";
}
feature psamp-filter-match {
description
"If supported, the Monitoring Device supports property match
filtering. The Selector method filterMatch can be
configured.";
reference
"RFC 5475, Section 6.1";
}
feature psamp-filter-hash {
description
"If supported, the Monitoring Device supports hash-based
filtering. The Selector method filterHash can be configured.";
reference
"RFC 5475, Section 6.2";
}
feature immediate-cache {
description
"If supported, the Monitoring Device supports
Caches generating PSAMP Packet Reports by configuration with
immediateCache.";
}
feature timeout-cache {
description
"If supported, the Monitoring Device supports
Caches generating IPFIX Flow Records by configuration with
timeoutCache.";
}
feature natural-cache {
description
"If supported, the Monitoring Device supports
Caches generating IPFIX Flow Records by configuration with
naturalCache.";
}
feature permanent-cache {
description
"If supported, the Monitoring Device supports
Caches generating IPFIX Flow Records by configuration with
permanentCache.";
}
identity hash-function {
description
"Base identity for all hash functions used for
hash-based packet Filtering.";
}
identity bob {
base hash-function;
description
"BOB hash function.";
reference
"RFC 5475, Section 6.2.4.1";
}
identity ipsx {
base hash-function;
description
"IPSX hash function.";
reference
"RFC 5475, Section 6.2.4.1";
}
identity crc {
base hash-function;
description
"CRC hash function.";
reference
"RFC 5475, Section 6.2.4.1";
}
typedef hardware-ref {
type leafref {
path "/hw:hardware/hw:component/hw:name";
}
description
"This type is used to reference hardware components.";
reference
"RFC 8348";
}
typedef if-name-type {
type string {
length "1..255";
}
description
"This corresponds to the DisplayString textual
convention of SNMPv2-TC, which is used for ifName in the IF
MIB module.";
reference
"RFC 2863 (ifName)";
}
typedef direction {
type enumeration {
enum "ingress" {
value 0;
description
"This value is used for monitoring incoming packets.";
}
enum "egress" {
value 1;
description
"This value is used for monitoring outgoing packets.";
}
enum "both" {
value 2;
description
"This value is used for monitoring incoming and outgoing
packets.";
}
}
description
"Direction of packets going through an interface.";
}
grouping observation-point-parameters {
description
"Interface as input to Observation Point.";
leaf observation-domain-id {
type uint32;
mandatory true;
description
"The Observation Domain ID associates the Observation Point
to an Observation Domain. Observation Points with identical
Observation Domain IDs belong to the same Observation
Domain.
Note that this parameter corresponds to
ipfixObservationPointObservationDomainId in the IPFIX MIB
module.";
reference
"RFC 7011; RFC 6615, Section 8
(ipfixObservationPointObservationDomainId)";
}
leaf-list interface-ref {
type if:interface-ref;
description
"List of interfaces of the Monitoring Device. The
Observation Point observes packets at the specified
interfaces.";
}
leaf-list if-name {
if-feature if-mib;
type if-name-type;
description
"List of names identifying interfaces of the Monitoring
Device. The Observation Point observes packets at the
specified interfaces.";
}
leaf-list if-index {
if-feature if-mib;
type uint32;
description
"List of if-index values pointing to entries in the ifTable
of the IF-MIB module maintained by the Monitoring
Device. The Observation Point observes packets at the
specified interfaces.
This parameter SHOULD only be used if an SNMP agent enables
access to the ifTable.
Note that this parameter corresponds to
ipfixObservationPointPhysicalInterface in the IPFIX MIB
module.";
reference
"RFC 2863; RFC 6615, Section 8
(ipfixObservationPointPhysicalInterface)";
}
leaf-list hardware-ref {
type hardware-ref;
description
"List of hardware components of the Monitoring Device.
The Observation Points observes packets at the specified
hardware components.";
reference
"RFC 8348";
}
leaf-list ent-physical-name {
if-feature entity-mib;
type string;
description
"List of names identifying physical entities of the
Monitoring Device. The Observation Point observes packets
at the specified entities.";
}
leaf-list ent-physical-index {
if-feature entity-mib;
type uint32;
description
"List of ent-physical-index values pointing to entries in the
entPhysicalTable of the ENTITY-MIB module maintained by the
Monitoring Device. The Observation Point observes packets
at the specified entities.
This parameter SHOULD only be used if an SNMP agent enables
access to the entPhysicalTable.
Note that this parameter corresponds to
ipfixObservationPointPhysicalEntity in the IPFIX MIB
module.";
reference
"RFC 33; RFC 6615, Section 8
(ipfixObservationPointPhysicalInterface)";
}
leaf direction {
type direction;
default "both";
description
"Direction of packets. If not applicable (e.g., in the case
of a sniffing interface in promiscuous mode), this
parameter is ignored.";
}
}
grouping samp-count-based-parameters {
description
"Configuration parameters of a Selector applying systematic
count-based packet Sampling to the packet stream.";
reference
"RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1.";
leaf packet-interval {
type uint32;
units "packets";
mandatory true;
description
"The number of packets that are consecutively sampled between
gaps of length packetSpace.
This parameter corresponds to the Information Element
samplingPacketInterval and to psampSampCountBasedInterval
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.2; RFC 6727, Section 6
(psampSampCountBasedInterval)";
}
leaf packet-space {
type uint32;
units "packets";
mandatory true;
description
"The number of unsampled packets between two Sampling
intervals.
This parameter corresponds to the Information Element
samplingPacketSpace and to psampSampCountBasedSpace
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.3; RFC 6727, Section 6
(psampSampCountBasedSpace)";
}
}
grouping samp-time-based-parameters {
description
"Configuration parameters of a Selector applying systematic
time-based packet Sampling to the packet stream.";
reference
"RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2";
leaf time-interval {
type uint32;
units "microseconds";
mandatory true;
description
"The time interval in microseconds during which all arriving
packets are sampled between gaps of length timeSpace.
This parameter corresponds to the Information Element
samplingTimeInterval and to psampSampTimeBasedInterval
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.4; RFC 6727, Section 6
(psampSampTimeBasedInterval)";
}
leaf time-space {
type uint32;
units "microseconds";
mandatory true;
description
"The time interval in microseconds during which no packets
are sampled between two Sampling intervals specified by
timeInterval.
This parameter corresponds to the Information Element
samplingTimeInterval and to psampSampTimeBasedSpace
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.5; RFC 6727, Section 6
(psampSampTimeBasedSpace)";
}
}
grouping samp-rand-out-of-n-parameters {
description
"Configuration parameters of a Selector applying n-out-of-N
packet Sampling to the packet stream.";
reference
"RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3.";
leaf size {
type uint32;
units "packets";
mandatory true;
description
"The number of elements taken from the parent population.
This parameter corresponds to the Information Element
samplingSize and to psampSampRandOutOfNSize in the PSAMP
MIB module.";
reference
"RFC 5477, Section 8.2.6; RFC 6727, Section 6
(psampSampRandOutOfNSize)";
}
leaf population {
type uint32;
units "packets";
mandatory true;
description
"The number of elements in the parent population.
This parameter corresponds to the Information Element
samplingPopulation and to psampSampRandOutOfNPopulation
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.7; RFC 6727, Section 6
(psampSampRandOutOfNPopulation)";
}
}
grouping samp-uni-prob-parameters {
description
"Configuration parameters of a Selector applying uniform
probabilistic packet Sampling (with equal probability per
packet) to the packet stream.";
reference
"RFC 5475, Section 5.2.2.1;
RFC 5476, Section 6.5.2.4";
leaf probability {
type decimal64 {
fraction-digits 18;
range "0..1";
}
mandatory true;
description
"Probability that a packet is sampled, expressed as a value
between 0 and 1. The probability is equal for every
packet.
This parameter corresponds to the Information Element
samplingProbability and to psampSampUniProbProbability
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.2.8; RFC 6727, Section 6
(psampSampUniProbProbability)";
}
}
grouping filter-match-parameters {
description
"Configuration parameters of a Selector applying property match
Filtering to the packet stream.
The field to be matched is specified as an Information
Element.";
reference
"RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5";
choice information-element {
mandatory true;
description
"The Information Element field to be matched.";
case ie-name {
leaf ie-name {
type ipfix:ie-name-type;
description
"Name of the Information Element.";
}
}
case ie-id {
leaf ie-id {
type ipfix:ie-id-type;
description
"ID of the Information Element.";
}
}
}
leaf ie-enterprise-number {
type uint32;
default '0';
description
"If this parameter is zero, the Information Element is
registered in the IANA registry of IPFIX Information
Elements.
If this parameter is configured with a non-zero private
enterprise number, the Information Element is
enterprise-specific.";
reference
"IANA registry for Private Enterprise Numbers,
http://www.iana.org/assignments/enterprise-numbers;
IANA registry for IPFIX Entities,
http://www.iana.org/assignments/ipfix.";
}
leaf value {
type string;
mandatory true;
description
"Matching value of the Information Element";
}
}
grouping filter-hash-parameters {
description
"Configuration parameters of a Selector applying hash-based
Filtering to the packet stream.";
reference
"RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6";
leaf hash-function {
type identityref {
base hash-function;
}
default 'bob';
description
"Hash function to be applied. According to RFC 5475,
Section 6.2.4.1, 'BOB' must be used in order to be compliant
with PSAMP.
This parameter functionally corresponds to
psampFiltHashFunction in the PSAMP MIB module.";
reference
"RFC 6727, Section 6 (psampFiltHashFunction)";
}
leaf initializer-value {
type uint64;
description
"Initializer value to the hash function.
If not configured by the user, the Monitoring Device
arbitrarily chooses an initializer value.
This parameter corresponds to the Information Element
hashInitialiserValue and to psampFiltHashInitializerValue
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.9; RFC 6727, Section 6
(psampFiltHashInitializerValue)";
}
leaf ip-payload-offset {
type uint64;
units "octets";
default '0';
description
"IP payload offset indicating the position of the first
payload byte considered as input to the hash function.
Default value 0 corresponds to the minimum offset that
must be configurable according to RFC 5476, Section
6.5.2.6.
This parameter corresponds to the Information Element
hashIPPayloadOffset and to psampFiltHashIpPayloadOffset
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.2; RFC 6727, Section 6
(psampFiltHashIpPayloadOffset)";
}
leaf ip-payload-size {
type uint64;
units "octets";
default '8';
description
"Number of IP payload bytes used as input to the hash
function, counted from the payload offset. If the IP
payload is shorter than the payload range, all available
payload octets are used as input.
Default value 8 corresponds to the minimum IP payload
size that must be configurable according to RFC 5476,
Section 6.5.2.6.
This parameter corresponds to the Information Element
hashIPPayloadSize and to psampFiltHashIpPayloadSize
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.3; RFC 6727, Section 6
(psampFiltHashIpPayloadSize)";
}
leaf digest-output {
type boolean;
default 'false';
description
"If true, the output from this Selector is included in the
Packet Report as a packet digest. Therefore, the configured
Cache Layout needs to contain a digestHashValue field.
This parameter corresponds to the Information Element
hashDigestOutput.";
reference
"RFC 5477, Section 8.3.8";
}
list selected-range {
key "name";
min-elements 1;
description
"List of hash function return ranges for which packets are
selected.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
hash function's selected range.";
}
leaf min {
type uint64;
description
"Beginning of the hash function's selected range.
This parameter corresponds to the Information Element
hashSelectedRangeMin and to psampFiltHashSelectedRangeMin
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.6; RFC 6727, Section 6
(psampFiltHashSelectedRangeMin)";
}
leaf max {
type uint64;
description
"End of the hash function's selected range.
This parameter corresponds to the Information Element
hashSelectedRangeMax and to psampFiltHashSelectedRangeMax
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.7; RFC 6727, Section 6
(psampFiltHashSelectedRangeMax)";
}
}
}
grouping filter-hash-parameters-state {
description
"Configuration parameters of a Selector applying hash-based
Filtering to the packet stream.";
reference
"RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6";
leaf output-range-min {
type uint64;
config false;
description
"Beginning of the hash function's potential range.
This parameter corresponds to the Information Element
hashOutputRangeMin and to psampFiltHashOutputRangeMin
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.4; RFC 6727, Section 6
(psampFiltHashOutputRangeMin)";
}
leaf output-range-max {
type uint64;
config false;
description
"End of the hash function's potential range.
This parameter corresponds to the Information Element
hashOutputRangeMax and to psampFiltHashOutputRangeMax
in the PSAMP MIB module.";
reference
"RFC 5477, Section 8.3.5; RFC 6727, Section 6
(psampFiltHashOutputRangeMax)";
}
}
grouping selector-parameters {
description
"Configuration and state parameters of a Selector.";
choice method {
mandatory true;
description
"Packet selection method applied by the Selector.";
case select-all {
leaf select-all {
type empty;
description
"Method that selects all packets.";
}
}
case samp-count-based {
container samp-count-based {
if-feature psamp-samp-count-based;
description
"Systematic count-based packet Sampling.";
uses samp-count-based-parameters;
}
}
case samp-time-based {
container samp-time-based {
if-feature psamp-samp-time-based;
description
"Systematic time-based packet Sampling.";
uses samp-time-based-parameters;
}
}
case samp-rand-out-of-n {
container samp-rand-out-of-n {
if-feature psamp-samp-rand-out-of-n;
description
"n-out-of-N packet Sampling.";
uses samp-rand-out-of-n-parameters;
}
}
case samp-uni-prob {
container samp-uni-prob {
if-feature psamp-samp-uni-prob;
description
"Uniform probabilistic packet Sampling.";
uses samp-uni-prob-parameters;
}
}
case filter-match {
container filter-match {
if-feature psamp-filter-match;
description
"Property match Filtering.";
uses filter-match-parameters;
}
}
case filter-hash {
container filter-hash {
if-feature psamp-filter-hash;
description
"Hash-based Filtering.";
uses filter-hash-parameters;
uses filter-hash-parameters-state;
}
}
}
}
grouping selector-parameters-state {
description
"Configuration and state parameters of a Selector.";
leaf packets-observed {
type yang:counter64;
config false;
description
"The number of packets observed at the input of the
Selector.
If this is the first Selector in the Selection Process,
this counter corresponds to the total number of packets in
all Observed Packet Streams at the input of the Selection
Process. Otherwise, the counter corresponds to the total
number of packets at the output of the preceding Selector.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
selectorDiscontinuityTime.
Note that this parameter corresponds to
ipfixSelectorStatsPacketsObserved in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixSelectorStatsPacketsObserved)";
}
leaf packets-dropped {
type yang:counter64;
config false;
description
"The total number of packets discarded by the Selector.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other
times as indicated by the value of
selectorDiscontinuityTime.
Note that this parameter corresponds to
ipfixSelectorStatsPacketsDropped in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixSelectorStatsPacketsDropped)";
}
leaf selector-discontinuity-time {
type yang:date-and-time;
config false;
description
"Timestamp of the most recent occasion at which one or more
of the Selector counters suffered a discontinuity.
Note that this parameter functionally corresponds to
ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX
MIB module. In contrast to
ipfixSelectionProcessStatsDiscontinuityTime, the time is
absolute and not relative to sysUpTime.";
reference
"RFC 6615, Section 8
(ipfixSelectionProcessStatsDiscontinuityTime)";
}
}
grouping cache-layout-parameters {
description
"Cache Layout parameters used by immediate cache, timeout
cache, natural cache, and permanent cache.";
container cache-layout {
description
"Cache Layout parameters.";
list cache-field {
key "name";
min-elements 1;
description
"Superset of fields that are included in the Packet Reports
or Flow Records generated by the Cache.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
cache field.";
}
choice information-element {
mandatory true;
description
"The Information Element to be added to the template.";
reference
"RFC 7012, Section 2; IANA registry for IPFIX
Entities, http://www.iana.org/assignments/ipfix";
case ie-name {
leaf ie-name {
type ipfix:ie-name-type;
description
"Name of the Information Element.";
}
}
case ie-id {
leaf ie-id {
type ipfix:ie-id-type;
description
"ID of the Information Element.";
}
}
}
leaf ie-length {
type uint16;
units "octets";
description
"Length of the field in which the Information Element is
encoded. A value of 65535 specifies a variable-length
Information Element. For Information Elements of integer
and float type, the field length MAY be set to a smaller
value than the standard length of the abstract data type
if the rules of reduced size encoding are fulfilled.
If not configured by the user, this parameter is set by
the Monitoring Device.";
reference
"RFC 7011, Section 6.2";
}
leaf ie-enterprise-number {
type uint32;
default '0';
description
"If this parameter is zero, the Information Element is
registered in the IANA registry of IPFIX Information
Elements.
If this parameter is configured with a non-zero private
enterprise number, the Information Element is
enterprise-specific.
If the enterprise number is set to 29305, this field
contains a Reverse Information Element. In this case,
the Cache MUST generate Data Records in accordance to
RFC 5103.";
reference
"RFC 7011; RFC 5103;
IANA registry for Private Enterprise Numbers,
http://www.iana.org/assignments/enterprise-numbers;
IANA registry for IPFIX Entities,
http://www.iana.org/assignments/ipfix";
}
}
}
}
grouping flow-cache-base-parameters {
description
"Configuration parameters of a Cache generating Flow Records
which are common to all Cache types.";
leaf max-flows {
type uint32;
units "flows";
description
"This parameter configures the maximum number of Flows in the
Cache, which is the maximum number of Flows that can be
measured simultaneously.
The Monitoring Device MUST ensure that sufficient resources
are available to store the configured maximum number of
Flows.
If the maximum number of Flows is measured, an additional
Flow can be measured only if an existing entry is removed.
However, traffic that pertains to existing Flows can
continue to be measured.";
}
}
grouping flow-permanent-cache-parameters {
description
"Configuration parameters of a Permanent Cache generating Flow
Records.";
uses flow-cache-base-parameters;
leaf export-interval {
type uint32;
units "seconds";
description
"This parameter configures the interval (in seconds) for
periodical export of Flow Records.
If not configured by the user, the Monitoring Device sets
this parameter.";
}
}
grouping flow-timeout-natural-cache-parameters {
description
"Configuration parameters of a Timeout or Natural Cache
generating Flow Records.";
uses flow-cache-base-parameters;
leaf active-timeout {
type uint32;
units "seconds";
description
"This parameter configures the time in seconds after which a
Flow is expired even though packets matching this Flow are
still received by the Cache.
The parameter value zero indicates infinity, meaning that
there is no active timeout.
If not configured by the user, the Monitoring Device sets
this parameter.
Note that this parameter corresponds to
ipfixMeteringProcessCacheActiveTimeout in the IPFIX
MIB module.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessCacheActiveTimeout)";
}
leaf idle-timeout {
type uint32;
units "seconds";
description
"This parameter configures the time in seconds after which a
Flow is expired if no more packets matching this Flow are
received by the Cache.
The parameter value zero indicates infinity, meaning that
there is no idle timeout.
If not configured by the user, the Monitoring Device sets
this parameter.
Note that this parameter corresponds to
ipfixMeteringProcessCacheIdleTimeout in the IPFIX
MIB module.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessCacheIdleTimeout)";
}
}
grouping flow-cache-parameters-state {
description
"State parameters of a Cache generating Flow Records.";
leaf active-flows {
type yang:gauge32;
units "flows";
config false;
description
"The number of Flows currently active in this Cache.
Note that this parameter corresponds to
ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessCacheActiveFlows)";
}
leaf unused-cache-entries {
type yang:gauge32;
units "flows";
config false;
description
"The number of unused Cache entries in this Cache.
Note that this parameter corresponds to
ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX
MIB module.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessCacheUnusedCacheEntries)";
}
}
augment '/ipfix:ipfix' {
description
"Augment IPFIX to add PSAMP.";
container psamp {
description
"Container for PSAMP nodes.";
list observation-point {
key "name";
description
"Observation Point of the Monitoring Device.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
Observation Point.";
}
uses observation-point-parameters;
leaf-list selection-process {
type leafref {
path "/ipfix:ipfix/psamp/selection-process/name";
}
description
"Selection Processes in this list process packets in
parallel.";
}
leaf observation-point-id {
type uint32;
config false;
description
"Observation Point ID (i.e., the value of the Information
Element observationPointId) assigned by the Monitoring
Device.";
reference
"IANA registry for IPFIX Entities,
http://www.iana.org/assignments/ipfix";
}
}
list selection-process {
key "name";
description
"Selection Process of the Monitoring Device.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
Selectiong Process.";
}
list selector {
key "name";
min-elements 1;
ordered-by user;
description
"List of Selectors that define the action of the
Selection Process on a single packet. The Selectors
are serially invoked in the same order as they appear
in this list.";
leaf name {
type ipfix:name-type;
description
"Name of the selector.";
}
uses selector-parameters;
uses selector-parameters-state;
}
leaf cache {
type leafref {
path "/ipfix:ipfix/psamp/cache/name";
}
description
"Cache that receives the output of the Selection
Process.";
}
list selection-sequence {
config false;
description
"This list contains the Selection Sequence IDs that are
assigned by the Monitoring Device to distinguish
different Selection Sequences passing through the
Selection Process.
As Selection Sequence IDs are unique per Observation
Domain, the corresponding Observation Domain IDs are
included as well.
With this information, it is possible to associate
Selection Sequence (Statistics) Report Interpretations
exported according to the PSAMP protocol with a
Selection Process in the configuration data.";
reference
"RFC 5476";
leaf observation-domain-id {
type uint32;
description
"Observation Domain ID for which the
Selection Sequence ID is assigned.";
}
leaf selection-sequence-id {
type uint64;
description
"Selection Sequence ID used in the Selection
Sequence (Statistics) Report Interpretation.";
}
}
}
list cache {
key "name";
description
"Cache of the Monitoring Device.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
cache.";
}
leaf enabled {
type boolean;
default "true";
description
"If true, this cache is enabled and the specified data is
able to be exported.";
}
choice cache-type {
mandatory true;
description
"Type of Cache and specific parameters.";
case immediate-cache {
container immediate-cache {
if-feature immediate-cache;
description
"Flow expiration after the first packet; generation
of Packet Records.";
uses cache-layout-parameters;
}
}
case timeout-cache {
container timeout-cache {
if-feature timeout-cache;
description
"Flow expiration after active and idle timeout;
generation of Flow Records.";
uses flow-timeout-natural-cache-parameters;
uses cache-layout-parameters {
augment "cache-layout/cache-field" {
description
"Augment the Cache layout with timeout cache
specific configuration.";
leaf is-flow-key {
when
"../ie-enterprise-number != 29305" {
description
"This parameter is not available for Reverse
Information Elements (which have enterprise
number 29305).";
}
type empty;
description
"If present, this is a flow key.";
}
}
}
uses flow-cache-parameters-state;
}
}
case natural-cache {
container natural-cache {
if-feature natural-cache;
description
"Flow expiration after active and idle timeout, or on
natural termination (e.g., TCP FIN or TCP RST) of
the Flow; generation of Flow Records.";
uses flow-timeout-natural-cache-parameters;
uses cache-layout-parameters {
augment "cache-layout/cache-field" {
description
"Augment the Cache layout with timeout cache
specific configuration.";
leaf is-flow-key {
when
"../ie-enterprise-number != 29305" {
description
"This parameter is not available for Reverse
Information Elements (which have enterprise
number 29305).";
}
type empty;
description
"If present, this is a flow key.";
}
}
}
uses flow-cache-parameters-state;
}
}
case permanent-cache {
container permanent-cache {
if-feature permanent-cache;
description
"No flow expiration, periodical export with time
interval exportInterval; generation of Flow
Records.";
uses flow-permanent-cache-parameters;
uses cache-layout-parameters {
augment "cache-layout/cache-field" {
description
"Augment the Cache layout with timeout cache
specific configuration.";
leaf is-flow-key {
when
"../ie-enterprise-number != 29305" {
description
"This parameter is not available for Reverse
Information Elements (which have enterprise
number 29305).";
}
type empty;
description
"If present, this is a flow key.";
}
}
}
uses flow-cache-parameters-state;
}
}
}
leaf-list exporting-process {
if-feature ipfix:exporter;
type leafref {
path "/ipfix:ipfix"
+ "/ipfix:exporting-process"
+ "/ipfix:name";
}
description
"Records are exported by all Exporting Processes in the
list.";
}
leaf metering-process-id {
type uint32;
config false;
description
"The identifier of the Metering Process this Cache
belongs to.
This parameter corresponds to the Information Element
meteringProcessId. Its occurrence helps to associate
Cache parameters with Metering Process statistics
exported by the Monitoring Device using the Metering
Process (Reliability) Statistics Template as
defined by the IPFIX protocol specification.";
reference
"RFC 7011, Sections 4.1 and 4.2;
IANA registry for IPFIX Entities,
http://www.iana.org/assignments/ipfix";
}
leaf data-records {
type yang:counter64;
units "Data Records";
config false;
description
"The number of Data Records generated by this Cache.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of
cacheDiscontinuityTime.
Note that this parameter corresponds to
ipfixMeteringProcessDataRecords in the IPFIX MIB
module.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessDataRecords)";
}
leaf cache-discontinuity-time {
type yang:date-and-time;
config false;
description
"Timestamp of the most recent occasion at which the
counter dataRecords suffered a discontinuity.
Note that this parameter functionally corresponds to
ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB
module. In contrast to
ipfixMeteringProcessDiscontinuityTime, the time is
absolute and not relative to sysUpTime.";
reference
"RFC 6615, Section 8
(ipfixMeteringProcessDiscontinuityTime)";
}
}
}
}
}
<CODE ENDS>
This document defines the YANG module "ietf-ipfix-bulk-data-export", which has the following tentative structure:
module: ietf-ipfix-bulk-data-export
augment /ipfix:ipfix:
+--rw bulk-data-export
+--rw template* [name]
+--rw name ipfix:name-type
+--rw enabled? boolean
+--rw export-interval? uint32
+--rw observation-domain-id? uint32
+--rw field-layout
| ...
+--rw exporting-process*
| -> /ipfix:ipfix/exporting-process/name
| {ipfix:exporter}?
+--rw (resource-identifier)?
| ...
+--ro data-records? yang:counter64
+--ro discontinuity-time? yang:date-and-time
This YANG Module imports typedefs from [RFC6991].
<CODE BEGINS> file "ietf-ipfix-bulk-data-export@2018-11-15.yang"
module ietf-ipfix-bulk-data-export {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export";
prefix ibde;
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-ipfix {
prefix ipfix;
reference
"RFC XXXX: YANG Data Models for the IP Flow Information Export
(IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk
Data Export";
}
organization
"IETF";
contact
"Web: TBD
List: TBD
Editor: Joey Boyd
<mailto:joey.boyd@adtran.com>
Editor: Marta Seda
<mailto:marta.seda@calix.com>";
// RFC Ed.: replace XXXX with actual RFC numbers and
// remove this note.
description
"This module contains a collection of YANG definitions for the
management exporting bulk data over IPFIX.
This data model is designed for the Network Management Datastore
Architecture defined in RFC 8342.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2019 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.";
revision 2020-03-05 {
description
"Initial revision.";
reference
"RFC XXXX: YANG Data Models for the IP Flow Information Export
(IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export";
}
feature bulk-data {
description
"If supported, bulk data templates can be configured.";
}
typedef resource {
type instance-identifier {
require-instance false;
}
description
"A resource from which bulk data will be exported.";
}
grouping bulk-data-template-parameters {
description
"Field Layout parameters.";
leaf observation-domain-id {
type uint32;
default 0;
description
"An identifier of an Observation Domain that is locally
unique to an Exporting Process (see RFC 7011 Section 3.1).
Typically, this Information Element is for limiting the
scope of other Information Elements.
A value of 0 indicates that no specific Observation Domain
is identified by this Information Element.";
}
container field-layout {
description
"Field Layout parameters.";
list field {
key name;
min-elements 1;
description
"Superset of statistics field names or special field-names
(e.g., timestamps, etc) for interpreting statistics that
are included in the Packet Reports or Flow Records
generated by the device.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
field.";
}
choice identifier {
mandatory true;
description
"The Information Element to be added to the template.";
case ie-name {
leaf ie-name {
type ipfix:ie-name-type;
description
"Name of the Information Element.";
}
}
case ie-id {
leaf ie-id {
type ipfix:ie-id-type;
description
"ID of the Information Element.";
}
}
}
leaf ie-length {
type uint16;
units octets;
description
"Length of the field in which the Information Element is
encoded. A value of 65535 specifies a variable-length
Information Element. For Information Elements of
integer and float type, the field length MAY be set to a
smaller value than the standard length of the abstract
data type if the rules of reduced size encoding are
fulfilled.
If not configured by the user, this parameter is set by
the Monitoring Device.";
reference
"RFC 7011, Section 6.2";
}
leaf ie-enterprise-number {
type uint32;
default 0;
description
"If this parameter is zero, the Information Element is
registered in the IANA registry of IPFIX Information
Elements or unspecified (if the Informational Element is
not IANA registered).
If this parameter is configured with a non-zero private
enterprise number, the Information Element is
enterprise-specific.";
reference
"RFC 7011; RFC 5103;
IANA registry for Private Enterprise Numbers,
http://www.iana.org/assignments/enterprise-numbers;
IANA registry for IPFIX Entities,
http://www.iana.org/assignments/ipfix";
}
}
}
}
augment "/ipfix:ipfix" {
description
"Augment IPFIX to add bulk data.";
container bulk-data-export {
description
"Container for bulk data export nodes.";
list template {
key name;
description
"List of bulk data templates of the Monitoring Device.";
leaf name {
type ipfix:name-type;
description
"An arbitrary string which uniquely identifies the
bulk data template.";
}
leaf enabled {
type boolean;
default "true";
description
"If true, this template is enabled and the specified
data is able to be exported.";
}
leaf export-interval {
type uint32;
units "seconds";
description
"This parameter configures the interval (in seconds) for
periodical export of Flow Records.
If not configured by the user, the Monitoring Device
sets this parameter.";
}
uses bulk-data-template-parameters;
leaf-list exporting-process {
if-feature ipfix:exporter;
type leafref {
path "/ipfix:ipfix"
+ "/ipfix:exporting-process"
+ "/ipfix:name";
}
description
"Records are exported by all Exporting Processes in the
list.";
}
choice resource-identifier {
description
"Method to select the resources from which the records
are to be exported.";
case resource-instance {
leaf-list resource-instance {
type resource;
description
"Records are sourced from all the resources in
this list.";
}
}
}
leaf data-records {
type yang:counter64;
units "Data Records";
config false;
description
"The number of Data Records generated for this sampling
template.
Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at
other times as indicated by the value of Discontinuity
Time.";
}
leaf discontinuity-time {
type yang:date-and-time;
config false;
description
"Timestamp of the most recent occasion at which the
counter data records suffered a discontinuity.";
}
}
}
}
}
<CODE ENDS>
This document registers 3 URIs in the "IETF XML Registry". [RFC3688]. Following the format in RFC 3688, the following registrations have been made.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace.
This document registers 3 YANG modules in the "YANG Module Names" registry. Following the format in [RFC7950], the following have been registered.
Name: ietf-ipfix
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix
Prefix: ietf-ipfix
Reference: RFC XXXX: YANG Data Models for the IP Flow Information
Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export
Name: ietf-ipfix-packet-sampling
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling
Prefix: ietf-ipfix-packet-sampling
Reference: RFC XXXX: YANG Data Models for the IP Flow Information
Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export
Name: ietf-ipfix-bulk-data-export
Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export
Prefix: ietf-bde
Reference: RFC XXXX: YANG Data Models for the IP Flow Information
Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol,
and Bulk Data Export
The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC8446].
The NETCONF access control model [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., NETCONF edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
The authors would like to thank Anand Arokiaraj and William Lupton for their contributions towards creation of this document and associated YANG data models.
This configuration example configures an IPFIX exporter for a [BBF.TR-352] ICTP Proxy.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
<exporting-process>
<name>TR352-exporter</name>
<enabled>true</enabled>
<destination>
<name>ICTP-Proxy1-collector</name>
<tcp-exporter>
<source>
<source-address>192.100.2.1</source-address>
</source>
<destination>
<destination-address>proxy1.sys.com</destination-address>
</destination>
</tcp-exporter>
</destination>
<options>
<name>Options 1</name>
<options-type>extended-type-information</options-type>
<options-timeout>0</options-timeout>
</options>
</exporting-process>
</ipfix>
This configuration example configures an IPFIX mediator.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
<collecting-process>
<name>OLT-collector</name>
<tcp-collector>
<name>myolt-tcp-collector</name>
<local-address>192.100.2.1</local-address>
</tcp-collector>
<exporting-process>OLT-exporter</exporting-process>
</collecting-process>
<exporting-process>
<name>OLT-exporter</name>
<enabled>true</enabled>
<destination>
<name>big-collector</name>
<tcp-exporter>
<source>
<source-address>192.100.2.1</source-address>
</source>
<destination>
<destination-address>collect1.sys.com</destination-address>
</destination>
</tcp-exporter>
</destination>
<options>
<name>Options 1</name>
<options-type>extended-type-information</options-type>
<options-timeout>0</options-timeout>
</options>
</exporting-process>
</ipfix>
This configuration example configures two Observation Points capturing ingress traffic at eth0 and all traffic at eth1. Both Observed Packet Streams enter two different Selection Processes. The first Selection Process implements a Composite Selector of a filter for UDP packets and a random sampler. The second Selection Process implements a Primitive Selector of an ICMP filter. The Selected Packet Streams of both Selection Processes enter the same Cache. The Cache generates a PSAMP Packet Report for every selected packet.
The associated Exporting Process exports to a Collector using PR-SCTP and DTLS. The TLS/DTLS parameters specify that the collector must supply a certificate for the FQDN collector.example.net. Valid certificates from any certification authority will be accepted. As the destination transport port is omitted, the standard IPFIX-over-DTLS port 4740 is used.
The parameters of the Selection Processes are reported as Selection Sequence Report Interpretations and Selector Report Interpretations [RFC5476]. There will be two Selection Sequence Report Interpretations per Selection Process, one for each Observation Point. Selection Sequence Statistics Report Interpretations are exported every 30 seconds (30000 milliseconds).
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix">
<psamp xmlns=
"urn:ietf:params:xml:ns:yang:ietf-ipfix-packet-sampling">
<observation-point>
<name>OP at eth0 (ingress)</name>
<observation-domain-id>123</observation-domain-id>
<interface-ref>eth0</interface-ref>
<direction>ingress</direction>
<selection-process>Sampled UDP packets</selection-process>
<selection-process>ICMP packets</selection-process>
</observation-point>
<observation-point>
<name>OP at eth1</name>
<observation-domain-id>123</observation-domain-id>
<interface-ref>eth1</interface-ref>
<selection-process>Sampled UDP packets</selection-process>
<selection-process>ICMP packets</selection-process>
</observation-point>
<selection-process>
<name>Sampled UDP packets</name>
<selector>
<name>UDP filter</name>
<filter-match>
<ie-id>4</ie-id>
<value>17</value>
</filter-match>
</selector>
<selector>
<name>10-out-of-100 sampler</name>
<samp-rand-out-of-n>
<size>10</size>
<population>100</population>
</samp-rand-out-of-n>
</selector>
<cache>PSAMP cache</cache>
</selection-process>
<selection-process>
<name>ICMP packets</name>
<selector>
<name>ICMP filter</name>
<filter-match>
<ie-id>4</ie-id>
<value>1</value>
</filter-match>
</selector>
<cache>PSAMP cache</cache>
</selection-process>
<cache>
<name>PSAMP cache</name>
<immediate-cache>
<cache-layout>
<cache-field>
<name>Field 1: ipHeaderPacketSection</name>
<ie-id>313</ie-id>
<ie-length>64</ie-length>
</cache-field>
<cache-field>
<name>Field 2: observationTimeMilliseconds</name>
<ie-id>322</ie-id>
</cache-field>
</cache-layout>
</immediate-cache>
<exporting-process>The only exporter</exporting-process>
</cache>
</psamp>
<exporting-process>
<name>The only exporter</name>
<enabled>true</enabled>
<destination>
<name>PR-SCTP collector</name>
<sctp-exporter>
<destination>
<destination-address>192.0.2.1</destination-address>
</destination>
<rate-limit>1000000</rate-limit>
<timed-reliability>500</timed-reliability>
<transport-layer-security>
<remote-subject-fqdn>coll-1.ex.net</remote-subject-fqdn>
</transport-layer-security>
</sctp-exporter>
</destination>
<options>
<name>Options 1</name>
<options-type>selection-sequence</options-type>
<options-timeout>0</options-timeout>
</options>
<options>
<name>Options 2</name>
<options-type>selection-statistics</options-type>
<options-timeout>30000</options-timeout>
</options>
</exporting-process>
</ipfix>
The configuration example configures a field-layout template to export Ethernet statistics from eth0 and eth1.
<ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix"
xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<bulk-data-export xmlns=
"urn:ietf:params:xml:ns:yang:ietf-ipfix-bulk-data-export">
<template>
<name>Ethernet Statistics</name>
<enabled>true</enabled>
<export-interval>300</export-interval>
<observation-domain-id>123</observation-domain-id>
<field-layout>
<field>
<name>in-octets</name>
<ie-id>1001</ie-id>
<ie-length>4</ie-length>
<ie-enterprise-number>664</ie-enterprise-number>
</field>
<field>
<name>out-octets</name>
<ie-id>1002</ie-id>
<ie-length>4</ie-length>
<ie-enterprise-number>664</ie-enterprise-number>
</field>
</field-layout>
<exporting-process>The only one</exporting-process>
<resource-instance>/if:interfaces/if:interface[if:name='eth0']
</resource-instance>
<resource-instance>/if:interfaces/if:interface[if:name='eth1']
</resource-instance>
</template>
</bulk-data-export>
<exporting-process>
<name>The only one</name>
<enabled>true</enabled>
<destination>
<name>Bulk data collector</name>
<tcp-exporter>
<destination>
<destination-address>192.0.2.2</destination-address>
</destination>
<rate-limit>1000000</rate-limit>
<transport-layer-security>
<remote-subject-fqdn>coll-2.ex.net</remote-subject-fqdn>
</transport-layer-security>
</tcp-exporter>
</destination>
</exporting-process>
</ipfix>
The complete tree diagram for ietf-ipfix:
module: ietf-ipfix
+--rw ipfix
+--rw collecting-process* [name] {collector}?
| +--rw name name-type
| +--rw tcp-collector* [name] {tcp-transport}?
| | +--rw name name-type
| | +--rw (local-address-method)?
| | | +--:(local-address)
| | | +--rw local-address* inet:host
| | +--rw local-port? inet:port-number
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn* string
| | | +--rw local-subject-dn* string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn* string
| | | +--rw remote-subject-dn* string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session* [name]
| | +--ro name name-type
| | +--ro ipfix-version? uint16
| | +--ro source-address? inet:host
| | +--ro destination-address? inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records? yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--rw udp-collector* [name] {udp-transport}?
| | +--rw name name-type
| | +--rw (local-address-method)?
| | | +--:(local-address)
| | | +--rw local-address* inet:host
| | +--rw local-port? inet:port-number
| | +--rw template-life-time? uint32
| | +--rw options-template-life-time? uint32
| | +--rw template-life-packet? uint32
| | +--rw options-template-life-packet? uint32
| | +--rw maximum-reordering-delay? uint32
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn* string
| | | +--rw local-subject-dn* string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn* string
| | | +--rw remote-subject-dn* string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session* [name]
| | +--ro name name-type
| | +--ro ipfix-version? uint16
| | +--ro source-address? inet:host
| | +--ro destination-address? inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records? yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--rw sctp-collector* [name] {sctp-transport}?
| | +--rw name name-type
| | +--rw (local-address-method)?
| | | +--:(local-address)
| | | +--rw local-address* inet:host
| | +--rw local-port? inet:port-number
| | +--rw maximum-reordering-delay? uint32
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn* string
| | | +--rw local-subject-dn* string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn* string
| | | +--rw remote-subject-dn* string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session* [name]
| | +--ro name name-type
| | +--ro sctp-association-id? uint32
| | +--ro ipfix-version? uint16
| | +--ro source-address? inet:host
| | +--ro destination-address? inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records? yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--rw file-reader* [name] {file-reader}?
| | +--rw name name-type
| | +--rw file inet:uri
| | +--ro file-reader-state
| | +--ro bytes? yang:counter64
| | +--ro messages? yang:counter64
| | +--ro records? yang:counter64
| | +--ro templates? yang:counter32
| | +--ro options-templates? yang:counter32
| | +--ro file-reader-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records? yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--rw exporting-process* -> /ipfix/exporting-process/name
| {exporter}?
+--rw exporting-process* [name] {exporter}?
+--rw name name-type
+--rw enabled? boolean
+--rw export-mode? identityref
+--rw destination* [name]
| +--rw name name-type
| +--rw (destination-parameters)
| +--:(tcp-exporter)
| | +--rw tcp-exporter {tcp-transport}?
| | +--rw ipfix-version? uint16
| | +--rw source
| | | +--rw (source-method)?
| | | +--:(interface-ref)
| | | | +--rw interface-ref? if:interface-ref
| | | +--:(if-index) {if-mib}?
| | | | +--rw if-index? uint32
| | | +--:(if-name) {if-mib}?
| | | | +--rw if-name? string
| | | +--:(source-address)
| | | +--rw source-address? inet:host
| | +--rw destination
| | | +--rw (destination-method)
| | | +--:(destination-address)
| | | +--rw destination-address? inet:host
| | +--rw destination-port?
| | | inet:port-number
| | +--rw send-buffer-size? uint32
| | +--rw rate-limit? uint32
| | +--rw connection-timeout? uint32
| | +--rw retry-schedule? uint32
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn*
| | | | string
| | | +--rw local-subject-dn*
| | | | string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn*
| | | | string
| | | +--rw remote-subject-dn*
| | | | string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session
| | +--ro ipfix-version?
| | | uint16
| | +--ro source-address?
| | | inet:host
| | +--ro destination-address?
| | | inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name
| | | name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records?
| | | yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--:(udp-exporter)
| | +--rw udp-exporter {udp-transport}?
| | +--rw ipfix-version? uint16
| | +--rw source
| | | +--rw (source-method)?
| | | +--:(interface-ref)
| | | | +--rw interface-ref? if:interface-ref
| | | +--:(if-index) {if-mib}?
| | | | +--rw if-index? uint32
| | | +--:(if-name) {if-mib}?
| | | | +--rw if-name? string
| | | +--:(source-address)
| | | +--rw source-address? inet:host
| | +--rw destination
| | | +--rw (destination-method)
| | | +--:(destination-address)
| | | +--rw destination-address? inet:host
| | +--rw destination-port?
| | | inet:port-number
| | +--rw send-buffer-size? uint32
| | +--rw rate-limit? uint32
| | +--rw maximum-packet-size? uint16
| | +--rw template-refresh-timeout? uint32
| | +--rw options-template-refresh-timeout? uint32
| | +--rw template-refresh-packet? uint32
| | +--rw options-template-refresh-packet? uint32
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn*
| | | | string
| | | +--rw local-subject-dn*
| | | | string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn*
| | | | string
| | | +--rw remote-subject-dn*
| | | | string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session
| | +--ro ipfix-version?
| | | uint16
| | +--ro source-address?
| | | inet:host
| | +--ro destination-address?
| | | inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name
| | | name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records?
| | | yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--:(sctp-exporter)
| | +--rw sctp-exporter {sctp-transport}?
| | +--rw ipfix-version? uint16
| | +--rw source
| | | +--rw (source-method)?
| | | +--:(interface-ref)
| | | | +--rw interface-ref? if:interface-ref
| | | +--:(if-index) {if-mib}?
| | | | +--rw if-index? uint32
| | | +--:(if-name) {if-mib}?
| | | | +--rw if-name? string
| | | +--:(source-address)
| | | +--rw source-address* inet:host
| | +--rw destination
| | | +--rw (destination-method)
| | | +--:(destination-address)
| | | +--rw destination-address* inet:host
| | +--rw destination-port?
| | | inet:port-number
| | +--rw send-buffer-size? uint32
| | +--rw rate-limit? uint32
| | +--rw timed-reliability? uint32
| | +--rw association-timeout? uint32
| | +--rw transport-layer-security!
| | | +--rw local-certification-authority-dn*
| | | | string
| | | +--rw local-subject-dn*
| | | | string
| | | +--rw local-subject-fqdn*
| | | | inet:domain-name
| | | +--rw remote-certification-authority-dn*
| | | | string
| | | +--rw remote-subject-dn*
| | | | string
| | | +--rw remote-subject-fqdn*
| | | inet:domain-name
| | +--ro transport-session
| | +--ro sctp-association-id?
| | | uint32
| | +--ro ipfix-version?
| | | uint16
| | +--ro source-address?
| | | inet:host
| | +--ro destination-address?
| | | inet:host
| | +--ro source-port?
| | | inet:port-number
| | +--ro destination-port?
| | | inet:port-number
| | +--ro status?
| | | transport-session-status
| | +--ro rate?
| | | yang:gauge32
| | +--ro bytes?
| | | yang:counter64
| | +--ro messages?
| | | yang:counter64
| | +--ro discarded-messages?
| | | yang:counter64
| | +--ro records?
| | | yang:counter64
| | +--ro templates?
| | | yang:counter32
| | +--ro options-templates?
| | | yang:counter32
| | +--ro transport-session-start-time?
| | | yang:date-and-time
| | +--ro transport-session-discontinuity-time?
| | | yang:date-and-time
| | +--ro template* [name]
| | +--ro name
| | | name-type
| | +--ro observation-domain-id? uint32
| | +--ro template-id? uint16
| | +--ro set-id? uint16
| | +--ro access-time?
| | | yang:date-and-time
| | +--ro template-data-records?
| | | yang:counter64
| | +--ro template-discontinuity-time?
| | | yang:date-and-time
| | +--ro field* [name]
| | +--ro name name-type
| | +--ro ie-id? ie-id-type
| | +--ro ie-length? uint16
| | +--ro ie-enterprise-number? uint32
| | +--ro is-flow-key? empty
| | +--ro is-scope? empty
| +--:(file-writer)
| +--rw file-writer {file-writer}?
| +--rw ipfix-version? uint16
| +--rw file inet:uri
| +--ro file-writer-state
| +--ro bytes?
| | yang:counter64
| +--ro messages?
| | yang:counter64
| +--ro discarded-messages?
| | yang:counter64
| +--ro records?
| | yang:counter64
| +--ro templates?
| | yang:counter32
| +--ro options-templates?
| | yang:counter32
| +--ro file-writer-discontinuity-time?
| | yang:date-and-time
| +--ro template* [name]
| +--ro name
| | name-type
| +--ro observation-domain-id? uint32
| +--ro template-id? uint16
| +--ro set-id? uint16
| +--ro access-time?
| | yang:date-and-time
| +--ro template-data-records?
| | yang:counter64
| +--ro template-discontinuity-time?
| | yang:date-and-time
| +--ro field* [name]
| +--ro name name-type
| +--ro ie-id? ie-id-type
| +--ro ie-length? uint16
| +--ro ie-enterprise-number? uint32
| +--ro is-flow-key? empty
| +--ro is-scope? empty
+--rw options* [name]
| +--rw name name-type
| +--rw options-type identityref
| +--rw options-timeout? uint32
+--ro exporting-process-id? uint32
The complete tree diagram for ietf-ipfix-packet-sampling:
module: ietf-ipfix-packet-sampling
augment /ipfix:ipfix:
+--rw psamp
+--rw observation-point* [name]
| +--rw name ipfix:name-type
| +--rw observation-domain-id uint32
| +--rw interface-ref* if:interface-ref
| +--rw if-name* if-name-type {if-mib}?
| +--rw if-index* uint32 {if-mib}?
| +--rw hardware-ref* hardware-ref
| +--rw ent-physical-name* string {entity-mib}?
| +--rw ent-physical-index* uint32 {entity-mib}?
| +--rw direction? direction
| +--rw selection-process*
| | -> /ipfix:ipfix/psamp/selection-process/name
| +--ro observation-point-id? uint32
+--rw selection-process* [name]
| +--rw name ipfix:name-type
| +--rw selector* [name]
| | +--rw name ipfix:name-type
| | +--rw (method)
| | | +--:(select-all)
| | | | +--rw select-all? empty
| | | +--:(samp-count-based)
| | | | +--rw samp-count-based {psamp-samp-count-based}?
| | | | +--rw packet-interval uint32
| | | | +--rw packet-space uint32
| | | +--:(samp-time-based)
| | | | +--rw samp-time-based {psamp-samp-time-based}?
| | | | +--rw time-interval uint32
| | | | +--rw time-space uint32
| | | +--:(samp-rand-out-of-n)
| | | | +--rw samp-rand-out-of-n
| | | | {psamp-samp-rand-out-of-n}?
| | | | +--rw size uint32
| | | | +--rw population uint32
| | | +--:(samp-uni-prob)
| | | | +--rw samp-uni-prob {psamp-samp-uni-prob}?
| | | | +--rw probability decimal64
| | | +--:(filter-match)
| | | | +--rw filter-match {psamp-filter-match}?
| | | | +--rw (information-element)
| | | | | +--:(ie-name)
| | | | | | +--rw ie-name?
| | | | | | ipfix:ie-name-type
| | | | | +--:(ie-id)
| | | | | +--rw ie-id? ipfix:ie-id-type
| | | | +--rw ie-enterprise-number? uint32
| | | | +--rw value string
| | | +--:(filter-hash)
| | | +--rw filter-hash {psamp-filter-hash}?
| | | +--rw hash-function? identityref
| | | +--rw initializer-value? uint64
| | | +--rw ip-payload-offset? uint64
| | | +--rw ip-payload-size? uint64
| | | +--rw digest-output? boolean
| | | +--rw selected-range* [name]
| | | | +--rw name ipfix:name-type
| | | | +--rw min? uint64
| | | | +--rw max? uint64
| | | +--ro output-range-min? uint64
| | | +--ro output-range-max? uint64
| | +--ro packets-observed? yang:counter64
| | +--ro packets-dropped? yang:counter64
| | +--ro selector-discontinuity-time? yang:date-and-time
| +--rw cache?
| | -> /ipfix:ipfix/psamp/cache/name
| +--ro selection-sequence* []
| +--ro observation-domain-id? uint32
| +--ro selection-sequence-id? uint64
+--rw cache* [name]
+--rw name ipfix:name-type
+--rw enabled? boolean
+--rw (cache-type)
| +--:(immediate-cache)
| | +--rw immediate-cache {immediate-cache}?
| | +--rw cache-layout
| | +--rw cache-field* [name]
| | +--rw name
| | | ipfix:name-type
| | +--rw (information-element)
| | | +--:(ie-name)
| | | | +--rw ie-name?
| | | | ipfix:ie-name-type
| | | +--:(ie-id)
| | | +--rw ie-id?
| | | ipfix:ie-id-type
| | +--rw ie-length? uint16
| | +--rw ie-enterprise-number? uint32
| +--:(timeout-cache)
| | +--rw timeout-cache {timeout-cache}?
| | +--rw max-flows? uint32
| | +--rw active-timeout? uint32
| | +--rw idle-timeout? uint32
| | +--rw cache-layout
| | | +--rw cache-field* [name]
| | | +--rw name
| | | | ipfix:name-type
| | | +--rw (information-element)
| | | | +--:(ie-name)
| | | | | +--rw ie-name?
| | | | | ipfix:ie-name-type
| | | | +--:(ie-id)
| | | | +--rw ie-id?
| | | | ipfix:ie-id-type
| | | +--rw ie-length? uint16
| | | +--rw ie-enterprise-number? uint32
| | | +--rw is-flow-key? empty
| | +--ro active-flows? yang:gauge32
| | +--ro unused-cache-entries? yang:gauge32
| +--:(natural-cache)
| | +--rw natural-cache {natural-cache}?
| | +--rw max-flows? uint32
| | +--rw active-timeout? uint32
| | +--rw idle-timeout? uint32
| | +--rw cache-layout
| | | +--rw cache-field* [name]
| | | +--rw name
| | | | ipfix:name-type
| | | +--rw (information-element)
| | | | +--:(ie-name)
| | | | | +--rw ie-name?
| | | | | ipfix:ie-name-type
| | | | +--:(ie-id)
| | | | +--rw ie-id?
| | | | ipfix:ie-id-type
| | | +--rw ie-length? uint16
| | | +--rw ie-enterprise-number? uint32
| | | +--rw is-flow-key? empty
| | +--ro active-flows? yang:gauge32
| | +--ro unused-cache-entries? yang:gauge32
| +--:(permanent-cache)
| +--rw permanent-cache {permanent-cache}?
| +--rw max-flows? uint32
| +--rw export-interval? uint32
| +--rw cache-layout
| | +--rw cache-field* [name]
| | +--rw name
| | | ipfix:name-type
| | +--rw (information-element)
| | | +--:(ie-name)
| | | | +--rw ie-name?
| | | | ipfix:ie-name-type
| | | +--:(ie-id)
| | | +--rw ie-id?
| | | ipfix:ie-id-type
| | +--rw ie-length? uint16
| | +--rw ie-enterprise-number? uint32
| | +--rw is-flow-key? empty
| +--ro active-flows? yang:gauge32
| +--ro unused-cache-entries? yang:gauge32
+--rw exporting-process*
| -> /ipfix:ipfix/exporting-process/name
| {ipfix:exporter}?
+--ro metering-process-id? uint32
+--ro data-records? yang:counter64
+--ro cache-discontinuity-time? yang:date-and-time
The complete tree diagram for ietf-ipfix-bulk-data-export:
module: ietf-ipfix-bulk-data-export
augment /ipfix:ipfix:
+--rw bulk-data-export
+--rw template* [name]
+--rw name ipfix:name-type
+--rw enabled? boolean
+--rw export-interval? uint32
+--rw observation-domain-id? uint32
+--rw field-layout
| +--rw field* [name]
| +--rw name ipfix:name-type
| +--rw (identifier)
| | +--:(ie-name)
| | | +--rw ie-name? ipfix:ie-name-type
| | +--:(ie-id)
| | +--rw ie-id? ipfix:ie-id-type
| +--rw ie-length? uint16
| +--rw ie-enterprise-number? uint32
+--rw exporting-process*
| -> /ipfix:ipfix/exporting-process/name
| {ipfix:exporter}?
+--rw (resource-identifier)?
| +--:(resource-instance)
| +--rw resource-instance* resource
+--ro data-records? yang:counter64
+--ro discontinuity-time? yang:date-and-time