Network Working Group J. Boyd Internet-Draft ADTRAN Obsoletes: 6728 (if approved) M. Seda Intended status: Standards Track Calix Expires: April 25, 2019 October 22, 2018 Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export draft-boydseda-ipfix-psamp-bulk-data-yang-model-00 Abstract This document defines a flexible modular alternative YANG model for bulk data collection and export via the IPFIX protocol to the model defined in [RFC6728] "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols". The model defined in this RFC configures the IPFIX exporter and collector (if applicable) and refers to the bulk data monitoring configuration. Optionally, the model can be configured to support PSAMP export of data via IPFIX. This document obsoletes [RFC6728] (if approved). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 25, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Boyd & Seda Expires April 25, 2019 [Page 1] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Historical Perspective . . . . . . . . . . . . . . . . . 3 1.2. Relationship with RFC 6728 . . . . . . . . . . . . . . . 5 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 1.4. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 6 2. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. ietf-ipfix . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1. ietf-ipfix Module Structure . . . . . . . . . . . . . 6 3.1.2. ietf-ipfix YANG Module . . . . . . . . . . . . . . . 9 3.2. ietf-psamp . . . . . . . . . . . . . . . . . . . . . . . 32 3.2.1. ietf-psamp Module Structure . . . . . . . . . . . . . 32 3.2.2. ietf-psamp YANG module . . . . . . . . . . . . . . . 35 3.3. ietf-bulk-data-export . . . . . . . . . . . . . . . . . . 61 3.3.1. ietf-bulk-data-export Module Structure . . . . . . . 61 3.3.2. ietf-bulk-data-export YANG module . . . . . . . . . . 61 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 61 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 63 7.1. Normative References . . . . . . . . . . . . . . . . . . 63 7.2. Informative References . . . . . . . . . . . . . . . . . 64 Appendix A. Example: ietf-ipfix Usage . . . . . . . . . . . . . 65 Appendix B. Example: ietf-psamp Usage . . . . . . . . . . . . . 67 Appendix C. Example: ietf-bulk-data-export Usage . . . . . . . . 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 67 1. Introduction Bulk data collection is an automated collection of data from a device that is packaged together and delivered to an IPFIX collector. The IPFIX protocol may be used to transport bulk data such as: o Sampled (metered) Packet SAMPling (PSAMP) data: [RFC5476] defines PSAMP operations that a device may implement to sample packets passing a network element for reporting purposes. Boyd & Seda Expires April 25, 2019 [Page 2] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 o Statistics from interfaces, subinterfaces and sessions: YANG models define statistics that can be retrieved via protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. These statistics can be streamed using an IPFIX transport to an IPFIX collector that supports analytics tools. An operator may wish to take the bulk data and analyze it for trend analysis purposes or other usages (e.g., collect octet counts every 5 minutes for service level agreement purposes or collect reported device temperature for network health purposes). IPFIX can also be used to meet the bulk transport requirements of other protocols. For example: * [BBF.TR-352] ICTP (Inter-Channel Transport Protocol): ICTP uses IPFIX to transport dynamic data (e.g., lease information) across participating NGPON2 (Next-Generation Passive Optical Network 2) systems. 1.1. Historical Perspective Below is a historical timeline of IETF IPFIX and YANG RFCs: o RFC 5101 (2008), obsoleted by [RFC7011] (2013), defines the IPFIX protocol. o [RFC5476] (2009) defines the PSAMP operations of selection (random selection, deterministic selection or hash-based selection) for capturing or metering packets arriving on a device. o RFC 6020 (2010) and [RFC7950] (2016) define v1.0 and v1.1 of the YANG data modeling language (respectively), and [RFC8342] (2018) updates RFC 7950 to define NMDA (Network Management Datastore Architecture). o [RFC6728] (2012) defines a Packet SAMPling (PSAMP) YANG model for devices that use PSAMP for capturing (for metering purposes) a subset of all packets traversing a device. o RFC 7223 (2014), obsoleted by [RFC8343] (2018), defines a YANG data model for interfaces. o IETF, IEEE, BBF etc. (2015 to 2018) have incorporated reporting of statistics into corresponding YANG models (G.fast, PON, etc.). [RFC6728] defines a single YANG module that performs PSAMP sampling. The collection process (PSAMP) and the IPFIX exporting process are part of the same YANG module. The PSAMP YANG model defines a variety of features. However, it only supports a PSAMP meter and it assumes a device supports SCTP (minimally). Both constructs prove Boyd & Seda Expires April 25, 2019 [Page 3] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 challenging to other applications that use IPFIX for transport of bulk data: o [BBF.TR-352] supports only TCP and TLS as IPFIX transport protocols. The [RFC6728] YANG model does not allow for explicit non-support for SCTP, therefore requiring the need for YANG deviations to announce non-support. * A preferable solution is one that is more flexible (e.g., allows different underlying transport options and avoids the need for deviations to announce non-support for features which an access node is not required to support). o The PSAMP meter does not need to be configured if the observation point is already defined by other YANG models. One could attempt to augment PSAMP YANG to reference where the observation point is being configured (but then would have to express feature "non- support" on features unlikely to be needed or required by access devices). Rather than these approaches, it would be preferable that a new YANG model be developed where functionality is separated into different modules such that the functions can be independently leveraged. These are some of the other issues with the current model: o The PSAMP YANG model defines the frequency of export in the PSAMP cache. Bulk data needs the export frequency to be controlled by the exporting process. * It would be preferable that these cache functions be moved closer to the function performing the export. * If a new YANG model is developed, the bulk data and PSAMP collection processes can be modeled independently. o The PSAMP YANG model supports IPFIX mediators. Access nodes may need to support large IPFIX mediation functions. * If a new YANG model is developed, the transport sessions should be modeled such that they can be retrieved individually in addition to retrieving the entire list (which may be quite large for access devices such as an NG-PON2 OLT). o The PSAMP YANG model contains references which correlate to MIB definitions. For example, interfaces are referenced via ifIndex. For most NETCONF managed devices, interfaces are referenced by name as defined in [RFC8343]. Boyd & Seda Expires April 25, 2019 [Page 4] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 * If a new YANG model is developed, options should be provided to allow use of either MIB or newer reference methods. 1.2. Relationship with RFC 6728 This RFC uses the general principles defined in [RFC6728] with the following exceptions: o [RFC6728] was developed prior to [RFC8407] YANG guidelines publication. This RFC adopts and conforms to the latest YANG guidelines for identifier naming conventions and is therefore not backwards compatible with RFC 6728. o The YANG model adds support for [RFC8343] interface references. o The YANG model is separated into the following three modules: * ietf-ipfix: Describes the IPFIX collector and exporter functions. * ietf-psamp: Describes the PSAMP functions for configuring a device to sample/meter a subset of packets from the network. * ietf-bulk-data-export: Describes the bulk data IPFIX templates and filtering functions to apply to bulk data (outside PSAMP bulk data application). o SCTP data nodes are made optional via the sctp feature for applications not requiring to support SCTP. o IPFIX transport sessions allow transport session information to be retrieved individually. o Source and destination address type choice statements are added to improve extensibility of the model. Bulk data applications that use this RFC are expected to only need to import the applicable YANG modules. For example: o PSAMP uses the ietf-ipfix and ietf-psamp modules. o Statistics use the ietf-ipfix and ietf-bulk-data-export modules. o TR-352 ICTP applications use only the ietf-ipfix module. Boyd & Seda Expires April 25, 2019 [Page 5] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 1.3. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. The following terms are defined in [RFC7950] and are not redefined here: o TBD 1.4. Tree Diagrams Tree diagrams used in this document follow the notation defined in [RFC8340]. 2. Objectives This document defines a YANG data model for the configuration and state retrieval of bulk data collection and export via IPFIX. The YANG module in this document conforms to the Network Management Datastore Architecture (NMDA) [RFC8342] and [RFC8407] YANG guidelines. 3. YANG Modules This document defines three YANG modules: o ietf-ipfix o ietf-psamp o ietf-bulk-data-export 3.1. ietf-ipfix 3.1.1. ietf-ipfix Module Structure This document defines the YANG module "ietf-ipfix", which has the following structure: module: ietf-ipfix +--rw ipfix +--rw collecting-process* [name] {collector}? | +--rw name name-type | +--rw tcp-collector* [name] {tcp-transport}? Boyd & Seda Expires April 25, 2019 [Page 6] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | | +--rw name name-type | | +--rw local-port? inet:port-number | | +--rw transport-layer-security! | | | +--rw local-certification-authority-dn* string | | | +--rw local-subject-dn* string | | | +--rw local-subject-fqdn* inet:domain-name | | | +--rw remote-certification-authority-dn* string | | | +--rw remote-subject-dn* string | | | +--rw remote-subject-fqdn* inet:domain-name | | +--rw (local-address-method)? | | | +--:(local-address) | | | +--rw local-ip-address* inet:ip-address | | +--ro transport-session* [name] | | +--ro name name-type | | +--ro ipfix-version? uint16 | | +--ro source-ip-address? inet:ip-address | | +--ro destination-ip-address? inet:ip-address | | +--ro source-port? inet:port-number | | +--ro destination-port? inet:port-number | | +--ro status? transport-session-status | | +--ro rate? yang:gauge32 | | +--ro bytes? yang:counter64 | | +--ro messages? yang:counter64 | | +--ro discarded-messages? yang:counter64 | | +--ro records? yang:counter64 | | +--ro templates? yang:counter32 | | +--ro options-templates? yang:counter32 | | +--ro transport-session-start-time? yang:date-and-time | | +--ro transport-session-discontinuity-time? yang:date-and-time | | +--ro template* [] | | +--ro observation-domain-id? uint32 | | +--ro template-id? uint16 | | +--ro set-id? uint16 | | +--ro access-time? yang:date-and-time | | +--ro template-data-records? yang:counter64 | | +--ro template-discontinuity-time? yang:date-and-time | | +--ro field* [] | | +--ro ie-id? ie-id-type | | +--ro ie-length? uint16 | | +--ro ie-enterprise-number? uint32 | | +--ro is-flow-key? empty | | +--ro is-scope? empty | +--rw exporting-process* -> /ipfix/exporting-process/name {exporter}? +--rw exporting-process* [name] {exporter}? +--rw name name-type +--rw export-mode? identityref +--rw destination* [name] | +--rw name name-type Boyd & Seda Expires April 25, 2019 [Page 7] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | +--rw (destination-parameters) | +--:(tcp-exporter) | +--rw tcp-exporter {tcp-transport}? | +--rw ipfix-version? uint16 | +--rw destination-port? inet:port-number | +--rw send-buffer-size? uint32 | +--rw rate-limit? uint32 | +--rw transport-layer-security! | | +--rw local-certification-authority-dn* string | | +--rw local-subject-dn* string | | +--rw local-subject-fqdn* inet:domain-name | | +--rw remote-certification-authority-dn* string | | +--rw remote-subject-dn* string | | +--rw remote-subject-fqdn* inet:domain-name | +--rw (source-method)? | | +--:(source-address) | | +--rw source-address? inet:ip-address | +--rw (destination-method) | | +--:(destination-address) | | +--rw destination-address? inet:host | +--ro transport-session | +--ro ipfix-version? uint16 | +--ro source-ip-address? inet:ip-address | +--ro destination-ip-address? inet:ip-address | +--ro source-port? inet:port-number | +--ro destination-port? inet:port-number | +--ro status? transport-session-status | +--ro rate? yang:gauge32 | +--ro bytes? yang:counter64 | +--ro messages? yang:counter64 | +--ro discarded-messages? yang:counter64 | +--ro records? yang:counter64 | +--ro templates? yang:counter32 | +--ro options-templates? yang:counter32 | +--ro transport-session-start-time? yang:date-and-time | +--ro transport-session-discontinuity-time? yang:date-and-time | +--ro template* [] | +--ro observation-domain-id? uint32 | +--ro template-id? uint16 | +--ro set-id? uint16 | +--ro access-time? yang:date-and-time | +--ro template-data-records? yang:counter64 | +--ro template-discontinuity-time? yang:date-and-time | +--ro field* [] | +--ro ie-id? ie-id-type | +--ro ie-length? uint16 | +--ro ie-enterprise-number? uint32 | +--ro is-flow-key? empty Boyd & Seda Expires April 25, 2019 [Page 8] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | +--ro is-scope? empty +--rw options* [name] | +--rw name name-type | +--rw options-type identityref | +--rw options-timeout? uint32 +--ro exporting-process-id? uint32 3.1.2. ietf-ipfix YANG Module This YANG Module imports typedefs from [RFC6991]. file "ietf-ipfix@2018-10-22.yang" module ietf-ipfix { yang-version 1.1; namespace "urn:ietf-params:xml:ns:yang:ietf-ipfix"; prefix ietf-ipfix; import ietf-inet-types { prefix inet; } import ietf-yang-types { prefix yang; } organization "TBD"; contact "TBD"; description "TBD. Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of XXX; see the RFC Boyd & Seda Expires April 25, 2019 [Page 9] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 itself for full legal notices."; revision 2018-10-22 { description "Initial revision."; reference "Internet draft: draft-ipfix-psamp-bulk-data-yang-model-00"; } feature exporter { description "If supported, the Monitoring Device can be used as an Exporter. Exporting Processes can be configured."; } feature tcp-transport { description "If supported, the Monitoring Device supports TCP as the transport protocol."; } feature collector { description "If supported, the Monitoring Device can be used as a Collector. Collecting Processes can be configured."; } identity export-mode { description "Base identity for different usages of export destinations configured for an Exporting Process."; } identity parallel { base export-mode; description "Parallel export of Data Records to all destinations configured for the Exporting Process."; } identity load-balancing { base export-mode; description "Load-balancing between the different destinations configured for the Exporting Process."; } Boyd & Seda Expires April 25, 2019 [Page 10] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 identity fallback { base export-mode; description "Export to the primary destination (i.e., the first destination configured for the Exporting Process). If the export to the primary destination fails, the Exporting Process tries to export to the secondary destination. If the secondary destination fails as well, it continues with the tertiary, etc."; } identity options-type { description "Base identity for report types exported with options templates."; } identity metering-statistics { base options-type; description "Metering Process Statistics."; reference "RFC 5101, Section 4.1."; } identity metering-reliability { base options-type; description "Metering Process Reliability Statistics."; reference "RFC 5101, Section 4.2."; } identity exporting-reliability { base options-type; description "Exporting Process Reliability Statistics."; reference "RFC 5101, Section 4.3."; } identity flow-keys { base options-type; description "Flow Keys."; reference "RFC 5101, Section 4.4."; } Boyd & Seda Expires April 25, 2019 [Page 11] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 identity selection-sequence { base options-type; description "Selection Sequence and Selector Reports."; reference "RFC 5476, Sections 6.5.1 and 6.5.2."; } identity selection-statistics { base options-type; description "Selection Sequence Statistics Report."; reference "RFC 5476, Sections 6.5.3."; } identity accuracy { base options-type; description "Accuracy Report."; reference "RFC 5476, Section 6.5.4."; } identity reducing-redundancy { base options-type; description "Enables the utilization of Options Templates to reduce redundancy in the exported Data Records."; reference "RFC 5473."; } identity extended-type-information { base options-type; description "Export of extended type information for enterprise-specific Information Elements used in the exported Templates."; reference "RFC 5610."; } typedef ie-name-type { type string { length "1..max"; pattern '\S+'; } Boyd & Seda Expires April 25, 2019 [Page 12] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 description "Type for Information Element names. Whitespaces are not allowed."; } typedef name-type { type string { length "1..max"; pattern '\S(.*\S)?'; } description "Type for 'name' leafs, which are used to identify specific instances within lists, etc. Leading and trailing whitespaces are not allowed."; } typedef ie-id-type { type uint16 { range "1..32767"; } description "Type for Information Element identifiers."; } typedef transport-session-status { type enumeration { enum "inactive" { value 0; description "This value MUST be used for Transport Sessions that are specified in the system but currently not active. The value can be used for Transport Sessions that are backup (secondary) sessions."; } enum "active" { value 1; description "This value MUST be used for Transport Sessions that are currently active and transmitting or receiving data."; } enum "unknown" { value 2; description "This value MUST be used if the status of the Transport Sessions cannot be detected by the device. This value should be avoided as far as possible."; } Boyd & Seda Expires April 25, 2019 [Page 13] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 } description "Status of a Transport Session."; reference "RFC 6615, Section 8 (ipfixTransportSessionStatus)."; } grouping transport-layer-security-parameters { description "TLS or DTLS parameters."; leaf-list local-certification-authority-dn { type string; description "Distinguished names of certification authorities whose certificates may be used to identify the local endpoint."; reference "RFC 5280."; } leaf-list local-subject-dn { type string; description "Distinguished names that may be used in the certificates to identify the local endpoint."; reference "RFC 5280."; } leaf-list local-subject-fqdn { type inet:domain-name; description "Fully qualified domain names that may be used to in the certificates to identify the local endpoint."; reference "RFC 5280."; } leaf-list remote-certification-authority-dn { type string; description "Distinguished names of certification authorities whose certificates are accepted to authorize remote endpoints."; reference "RFC 5280."; Boyd & Seda Expires April 25, 2019 [Page 14] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 } leaf-list remote-subject-dn { type string; description "Distinguished names which are accepted in certificates to authorize remote endpoints."; reference "RFC 5280."; } leaf-list remote-subject-fqdn { type inet:domain-name; description "Fully qualified domain names that are accepted in certificates to authorize remote endpoints."; reference "RFC 5280."; } } grouping transport-session-state-parameters { description "State parameters of a Transport Session originating from an Exporting Process or terminating at a Collecting Process. Parameter names and semantics correspond to the managed objects in IPFIX-MIB."; reference "RFC 5101; RFC 6615, Section 8 (ipfixTransportSessionEntry, ipfixTransportSessionStatsEntry)."; leaf ipfix-version { type uint16; description "Used for Exporting Processes, this parameter contains the version number of the IPFIX protocol that the Exporter uses to export its data in this Transport Session. Used for Collecting Processes, this parameter contains the version number of the IPFIX protocol it receives for this Transport Session. If IPFIX Messages of different IPFIX protocol versions are received, this parameter contains the maximum version number. Note that this parameter corresponds to ipfixTransportSessionIpfixVersion in the IPFIX MIB module."; Boyd & Seda Expires April 25, 2019 [Page 15] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 reference "RFC 6615, Section 8 (ipfixTransportSessionIpfixVersion)."; } leaf source-ip-address { type inet:ip-address; description "The source address of the Exporter of the IPFIX Transport Session. "; reference "RFC 6615, Section 8 (ipfixTransportSessionSourceAddressType, ipfixTransportSessionSourceAddress); RFC 4960, Section 6.4."; } leaf destination-ip-address { type inet:ip-address; description "The destination IP address of the path that is selected by the Exporter to send IPFIX messages to the Collector. In the case of TCP, it is possible that if an FQDN address is configured it resolves into many IP addresses. Note that this parameter functionally corresponds to ipfixTransportSessionDestinationAddressType and ipfixTransportSessionDestinationAddress in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDestinationAddressType, ipfixTransportSessionDestinationAddress); RFC 4960, Section 6.4."; } leaf source-port { type inet:port-number; description "The transport-protocol port number of the Exporter of the IPFIX Transport Session. Note that this parameter corresponds to ipfixTransportSessionSourcePort in the IPFIX MIB module."; reference Boyd & Seda Expires April 25, 2019 [Page 16] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "RFC 6615, Section 8 (ipfixTransportSessionSourcePort)."; } leaf destination-port { type inet:port-number; description "The transport-protocol port number of the Collector of the IPFIX Transport Session. Note that this parameter corresponds to ipfixTransportSessionDestinationPort in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDestinationPort)."; } leaf status { type transport-session-status; description "Status of the Transport Session. Note that this parameter corresponds to ipfixTransportSessionStatus in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionStatus)."; } leaf rate { type yang:gauge32; units "bytes per second"; description "The number of bytes per second transmitted by the Exporting Process or received by the Collecting Process. This parameter is updated every second. Note that this parameter corresponds to ipfixTransportSessionRate in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionRate)."; } leaf bytes { type yang:counter64; units "bytes"; description "The number of bytes transmitted by the Boyd & Seda Expires April 25, 2019 [Page 17] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transportSessionDiscontinuityTime. Note that this parameter corresponds to ipfixTransportSessionBytes in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionBytes)."; } leaf messages { type yang:counter64; units "IPFIX Messages"; description "The number of messages transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transportSessionDiscontinuityTime. Note that this parameter corresponds to ipfixTransportSessionMessages in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionMessages)."; } leaf discarded-messages { type yang:counter64; units "IPFIX Messages"; description "Used for Exporting Processes, this parameter indicates the number of messages that could not be sent due to internal buffer overflows, network congestion, routing issues, etc. Used for Collecting Process, this parameter indicates the number of received IPFIX Message that are malformed, cannot be decoded, are received in the wrong order or are missing according to the sequence number. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transport-session-discontinuity-time. Note that this parameter corresponds to ipfixTransportSessionDiscardedMessages in the IPFIX MIB Boyd & Seda Expires April 25, 2019 [Page 18] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 module."; reference "RFC 6615, Section 8 (ipfixTransportSessionDiscardedMessages)."; } leaf records { type yang:counter64; units "Data Records"; description "The number of Data Records transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transportSessionDiscontinuityTime. Note that this parameter corresponds to ipfixTransportSessionRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionRecords)."; } leaf templates { type yang:counter32; units "Templates"; description "The number of Templates transmitted by the Exporting Process or received by the Collecting Process. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transportSessionDiscontinuityTime. Note that this parameter corresponds to ipfixTransportSessionTemplates in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionTemplates)."; } leaf options-templates { type yang:counter32; units "Options Templates"; description "The number of Option Templates transmitted by the Exporting Process or received by the Collecting Process. Boyd & Seda Expires April 25, 2019 [Page 19] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of transportSessionDiscontinuityTime. Note that this parameter corresponds to ipfixTransportSessionOptionsTemplates in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTransportSessionOptionsTemplates)."; } leaf transport-session-start-time { type yang:date-and-time; description "Timestamp of the start of the given Transport Session. This state parameter does not correspond to any object in the IPFIX MIB module."; } leaf transport-session-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which one or more of the Transport Session counters suffered a discontinuity. Note that this parameter functionally corresponds to ipfixTransportSessionDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixTransportSessionDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixTransportSessionDiscontinuityTime)."; } list template { description "This list contains the Templates and Options Templates that are transmitted by the Exporting Process or received by the Collecting Process. Withdrawn or invalidated (Options) Templates MUST be removed from this list."; Boyd & Seda Expires April 25, 2019 [Page 20] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 uses template-parameters-state; } } grouping template-parameters-state { description "State parameters of a Template used by an Exporting Process or received by a Collecting Process in a specific Transport Session. Parameter names and semantics correspond to the managed objects in IPFIX-MIB"; reference "RFC 5101; RFC 6615, Section 8 (ipfixTemplateEntry, ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)"; leaf observation-domain-id { type uint32; description "The ID of the Observation Domain for which this Template is defined. Note that this parameter corresponds to ipfixTemplateObservationDomainId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateObservationDomainId)."; } leaf template-id { type uint16 { range "256..65535"; } description "This number indicates the Template ID in the IPFIX message. Note that this parameter corresponds to ipfixTemplateId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateId)."; } leaf set-id { type uint16; description "This number indicates the Set ID of the Template. Currently, there are two values defined. The value 2 is used for Sets containing Template definitions. The value 3 is used for Sets containing Options Template definitions. Note that this parameter Boyd & Seda Expires April 25, 2019 [Page 21] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 corresponds to ipfixTemplateSetId in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateSetId)."; } leaf access-time { type yang:date-and-time; description "Used for Exporting Processes, this parameter contains the time when this (Options) Template was last sent to the Collector(s) or written to the file. Used for Collecting Processes, this parameter contains the time when this (Options) Template was last received from the Exporter or read from the file. Note that this parameter corresponds to ipfixTemplateAccessTime in the IPFIX MIB module."; reference "RFC 6615, Section 8 ( ipfixTemplateAccessTime)."; } leaf template-data-records { type yang:counter64; description "The number of transmitted or received Data Records defined by this (Options) Template. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of templateDiscontinuityTime. Note that this parameter corresponds to ipfixTemplateDataRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDataRecords)."; } leaf template-discontinuity-time { type yang:date-and-time; description "Timestamp of the most recent occasion at which the counter templateDataRecords suffered a discontinuity. Note that this parameter functionally corresponds to ipfixTemplateDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixTemplateDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 Boyd & Seda Expires April 25, 2019 [Page 22] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 (ipfixTemplateDiscontinuityTime)."; } list field { description "This list contains the (Options) Template fields of which the (Options) Template is defined. The order of the list corresponds to the order of the fields in the (Option) Template Record."; leaf ie-id { type ie-id-type; description "This parameter indicates the Information Element identifier of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeId in the IPFIX MIB module."; reference "RFC 5101; RFC 6615, Section 8 (ipfixTemplateDefinitionIeId)."; } leaf ie-length { type uint16; units "octets"; description "This parameter indicates the length of the Information Element of the field. Note that this parameter corresponds to ipfixTemplateDefinitionIeLength in the IPFIX MIB module."; reference "RFC 5101; RFC 6615, Section 8 (ipfixTemplateDefinitionIeLength)."; } leaf ie-enterprise-number { type uint32; description "This parameter indicates the IANA enterprise number of the authority defining the Information Element identifier. If the Information Element is not enterprise-specific, this state parameter is zero. Note that this parameter corresponds to Boyd & Seda Expires April 25, 2019 [Page 23] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionIeEnterpriseNumber); IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers."; } leaf is-flow-key { when "../../set-id = 2" { description "This parameter is available for non-Options Templates (Set ID is 2)."; } type empty; description "If present, this is a Flow Key field. Note that this corresponds to flowKey(1) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)."; } leaf is-scope { when "../../set-id = 3" { description "This parameter is available for Options Templates (Set ID is 3)."; } type empty; description "If present, this is a scope field. Note that this corresponds to scope(0) being set in ipfixTemplateDefinitionFlags."; reference "RFC 6615, Section 8 (ipfixTemplateDefinitionFlags)."; } } } grouping common-collector-parameters { description Boyd & Seda Expires April 25, 2019 [Page 24] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "Parameters of a Collecting Process that are common to all transport protocols."; leaf local-port { type inet:port-number; description "If not configured, the Monitoring Device uses the default port number for IPFIX, which is 4739 without TLS or DTLS and 4740 if TLS or DTLS is activated."; } container transport-layer-security { presence "The presence of this container indicates TLS is enabled."; description "TLS or DTLS configuration."; uses transport-layer-security-parameters; } } grouping common-collector-parameters-state { description "Parameters of a Collecting Process that are common to all transport protocols."; list transport-session { key name; config false; description "This list contains the currently established Transport Sessions terminating at the given socket."; leaf name { type name-type; description "The name of the transporter session."; } uses transport-session-state-parameters; } } grouping tcp-collector-parameters { description "Parameters of a listening TCP socket at a Collecting Process."; Boyd & Seda Expires April 25, 2019 [Page 25] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 uses common-collector-parameters; choice local-address-method { description "Method to configure the local IP address of the collecting process. Note that it is expected that other methods be available. Those method can augment this choice."; case local-address { leaf-list local-ip-address { type inet:ip-address; description "List of local IP addresses on which the Collecting Process listens for IPFIX Messages."; } } } } grouping collecting-process-parameters { description "Parameters of a Collecting Process."; list tcp-collector { if-feature tcp-transport; key "name"; description "List of TCP receivers (sockets) on which the Collecting Process receives IPFIX Messages."; leaf name { type name-type; description "Name of the TCP collector."; } uses tcp-collector-parameters; uses common-collector-parameters-state; } } grouping exporting-process-parameters { description "Parameters of an Exporting Process."; Boyd & Seda Expires April 25, 2019 [Page 26] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 leaf export-mode { type identityref { base export-mode; } default 'parallel'; description "This parameter determines to which configured destination(s) the incoming Data Records are exported."; } list destination { key "name"; min-elements 1; description "List of export destinations."; leaf name { type name-type; description "Export destination name."; } choice destination-parameters { mandatory true; description "Destination configuration."; container tcp-exporter { if-feature tcp-transport; description "TCP parameters."; uses tcp-exporter-parameters; container transport-session { config false; description "Transport session state data."; uses transport-session-state-parameters; } } } } list options { key "name"; description Boyd & Seda Expires April 25, 2019 [Page 27] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "List of options reported by the Exporting Process."; leaf name { type name-type; description "Name of the option."; } uses options-parameters; } } grouping common-exporter-parameters { description "Parameters of en export destination that are common to all transport protocols."; leaf ipfix-version { type uint16; default '10'; description "IPFIX version number."; reference "RFC 5101."; } leaf destination-port { type inet:port-number; description "If not configured by the user, the Monitoring Device uses the default port number for IPFIX, which is 4739 without TLS or DTLS and 4740 if TLS or DTLS is activated."; } leaf send-buffer-size { type uint32; units "bytes"; description "Size of the socket send buffer. If not configured by the user, this parameter is set by the Monitoring Device."; } leaf rate-limit { type uint32; units "bytes per second"; description Boyd & Seda Expires April 25, 2019 [Page 28] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "Maximum number of bytes per second the Exporting Process may export to the given destination. The number of bytes is calculated from the lengths of the IPFIX Messages exported. If not configured, no rate limiting is performed."; reference "RFC 5476, Section 6.3."; } container transport-layer-security { presence "The presence of this container indicates TLS is enabled."; description "TLS or DTLS configuration."; uses transport-layer-security-parameters; } } grouping tcp-exporter-parameters { description "Parameters of a TCP export destination."; uses common-exporter-parameters; choice source-method { description "Method to configure the source IP address of the exporter. Note that it is expected that other methods be available. Those methods can augment this choice."; case source-address { leaf source-address { type inet:ip-address; description "Select the source IP address used by the Exporting Process."; } } } choice destination-method { mandatory true; description "Method to configuring the IP address destination of the Collection Process to which IPFIX Messages are sent. Boyd & Seda Expires April 25, 2019 [Page 29] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Note it is expected that if other methods are available that they would augment from this statement."; case destination-address { leaf destination-address { type inet:host; description "Destination IP address or hostname. A hostname may resolve to one or more IP addresses."; } } } } grouping options-parameters { description "Parameters specifying the data export using an Options Template."; leaf options-type { type identityref { base options-type; } mandatory true; description "Type of the exported options data."; } leaf options-timeout { type uint32; units "milliseconds"; description "Time interval for periodic export of the options data. If set to zero, the export is triggered when the options data has changed. If not configured by the user, this parameter is set by the Monitoring Device."; } } container ipfix { description "IPFIX Exporter and/or Collector data nodes."; list collecting-process { if-feature collector; key "name"; Boyd & Seda Expires April 25, 2019 [Page 30] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 description "Collecting Process of the Monitoring Device."; leaf name { type name-type; description "Name of the collecting process."; } uses collecting-process-parameters; leaf-list exporting-process { if-feature exporter; type leafref { path "/ietf-ipfix:ipfix" + "/ietf-ipfix:exporting-process" + "/ietf-ipfix:name"; } description "Export of received records without any modifications. Records are processed by all Exporting Processes in the list."; } } list exporting-process { if-feature exporter; key "name"; description "List of Exporting Processes of the IPFIX Monitoring Device for which configuration will be applied."; leaf name { type name-type; description "Name of the exporting process."; } uses exporting-process-parameters; leaf exporting-process-id { type uint32; config false; description "The identifier of the Exporting Process. This parameter corresponds to the Information Element exportingProcessId. Its occurrence helps to associate Exporting Process parameters with Exporing Process Boyd & Seda Expires April 25, 2019 [Page 31] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 statistics exported by the Monitoring Device using the Exporting Process Reliability Statistics Template as defined by the IPFIX protocol specification."; reference "RFC 5101, Section 4.3; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } } } } 3.2. ietf-psamp 3.2.1. ietf-psamp Module Structure This document defines the YANG module "ietf-psamp", which has the following structure: module: ietf-psamp augment /ietf-ipfix:ipfix: +--rw psamp +--rw observation-point* [name] {meter}? | +--rw name ietf-ipfix:name-type | +--rw observation-domain-id uint32 | +--rw interface-ref* if:interface-ref | +--rw ent-physical-name* string | +--rw direction? direction | +--rw selection-process* -> /ietf-ipfix:ipfix/psamp/selection-process/name +--rw selection-process* [name] {meter}? | +--rw name ietf-ipfix:name-type | +--rw selector* [name] | | +--rw name ietf-ipfix:name-type | | +--rw (method) | | | +--:(select-all) | | | | +--rw select-all? empty | | | +--:(samp-count-based) | | | | +--rw samp-count-based {psamp-samp-count-based}? | | | | +--rw packet-interval uint32 | | | | +--rw packet-space uint32 | | | +--:(samp-time-based) | | | | +--rw samp-time-based {psamp-samp-time-based}? | | | | +--rw time-interval uint32 | | | | +--rw time-space uint32 | | | +--:(samp-rand-out-of-n) | | | | +--rw samp-rand-out-of-n {psamp-samp-rand-out-of-n}? | | | | +--rw size uint32 Boyd & Seda Expires April 25, 2019 [Page 32] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | | | | +--rw population uint32 | | | +--:(samp-uni-prob) | | | | +--rw samp-uni-prob {psamp-samp-uni-prob}? | | | | +--rw probability decimal64 | | | +--:(filter-match) | | | | +--rw filter-match {psamp-filter-match}? | | | | +--rw (name-or-id) | | | | | +--:(ie-name) | | | | | | +--rw ie-name? ietf-ipfix:ie-name-type | | | | | +--:(ie-id) | | | | | +--rw ie-id? ietf-ipfix:ie-id-type | | | | +--rw ie-enterprise-number? uint32 | | | | +--rw value string | | | +--:(filter-hash) | | | +--rw filter-hash {psamp-filter-hash}? | | | +--rw hash-function? identityref | | | +--rw initializer-value? uint64 | | | +--rw ip-payload-offset? uint64 | | | +--rw ip-payload-size? uint64 | | | +--rw digest-output? boolean | | | +--rw selected-range* [name] | | | | +--rw name ietf-ipfix:name-type | | | | +--rw min? uint64 | | | | +--rw max? uint64 | | | +--ro output-range-min? uint64 | | | +--ro output-range-max? uint64 | | +--ro packets-observed? yang:counter64 | | +--ro packets-dropped? yang:counter64 | | +--ro selector-discontinuity-time? yang:date-and-time | +--rw cache? -> /ietf-ipfix:ipfix/psamp/cache/name | +--ro selection-sequence* [] | +--ro observation-domain-id? uint32 | +--ro selection-sequence-id? uint64 +--rw cache* [name] {meter}? +--rw name ietf-ipfix:name-type +--ro metering-process-id? uint32 +--ro data-records? yang:counter64 +--ro cache-discontinuity-time? yang:date-and-time +--rw (cache-type) | +--:(immediate-cache) | | +--rw immediate-cache {immediate-cache}? | | +--rw cache-layout | | +--rw cache-field* [name] | | +--rw name ietf-ipfix:name-type | | +--rw (name-or-id) | | | +--:(ie-name) | | | | +--rw ie-name? ietf-ipfix:ie-name-type | | | +--:(ie-id) Boyd & Seda Expires April 25, 2019 [Page 33] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | | | +--rw ie-id? ietf-ipfix:ie-id-type | | +--rw ie-length? uint16 | | +--rw ie-enterprise-number? uint32 | | +--rw is-flow-key? empty | +--:(timeout-cache) | | +--rw timeout-cache {timeout-cache}? | | +--rw max-flows? uint32 | | +--rw active-timeout? uint32 | | +--rw idle-timeout? uint32 | | +--rw export-interval? uint32 | | +--rw cache-layout | | | +--rw cache-field* [name] | | | +--rw name ietf-ipfix:name-type | | | +--rw (name-or-id) | | | | +--:(ie-name) | | | | | +--rw ie-name? ietf-ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? ietf-ipfix:ie-id-type | | | +--rw ie-length? uint16 | | | +--rw ie-enterprise-number? uint32 | | | +--rw is-flow-key? empty | | +--ro active-flows? yang:gauge32 | | +--ro unused-cache-entries? yang:gauge32 | +--:(natural-cache) | | +--rw natural-cache {natural-cache}? | | +--rw max-flows? uint32 | | +--rw active-timeout? uint32 | | +--rw idle-timeout? uint32 | | +--rw export-interval? uint32 | | +--rw cache-layout | | | +--rw cache-field* [name] | | | +--rw name ietf-ipfix:name-type | | | +--rw (name-or-id) | | | | +--:(ie-name) | | | | | +--rw ie-name? ietf-ipfix:ie-name-type | | | | +--:(ie-id) | | | | +--rw ie-id? ietf-ipfix:ie-id-type | | | +--rw ie-length? uint16 | | | +--rw ie-enterprise-number? uint32 | | | +--rw is-flow-key? empty | | +--ro active-flows? yang:gauge32 | | +--ro unused-cache-entries? yang:gauge32 | +--:(permanent-cache) | +--rw permanent-cache {permanent-cache}? | +--rw max-flows? uint32 | +--rw active-timeout? uint32 | +--rw idle-timeout? uint32 | +--rw export-interval? uint32 Boyd & Seda Expires April 25, 2019 [Page 34] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 | +--rw cache-layout | | +--rw cache-field* [name] | | +--rw name ietf-ipfix:name-type | | +--rw (name-or-id) | | | +--:(ie-name) | | | | +--rw ie-name? ietf-ipfix:ie-name-type | | | +--:(ie-id) | | | +--rw ie-id? ietf-ipfix:ie-id-type | | +--rw ie-length? uint16 | | +--rw ie-enterprise-number? uint32 | | +--rw is-flow-key? empty | +--ro active-flows? yang:gauge32 | +--ro unused-cache-entries? yang:gauge32 +--rw exporting-process* -> /ietf-ipfix:ipfix/exporting-process/name {ietf-ipfix:exporter}? 3.2.2. ietf-psamp YANG module This YANG Module imports typedefs from [RFC6991]. file "ietf-psamp@2018-10-22.yang" module ietf-psamp { yang-version 1.1; namespace "urn:ietf-params:xml:ns:yang:ietf-psamp"; prefix ietf-psamp; import ietf-yang-types { prefix yang; } import ietf-ipfix { prefix ietf-ipfix; } import ietf-interfaces { prefix if; } organization "TBD"; contact "TBD"; description "TBD. Boyd & Seda Expires April 25, 2019 [Page 35] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of XXX; see the RFC itself for full legal notices."; revision 2018-10-22 { description "Initial revision."; reference "Internet draft: draft-ipfix-psamp-bulk-data-yang-model-00"; } feature meter { description "If supported, Observation Points, Selection Processes, and Caches can be configured."; } feature psamp-samp-count-based { description "If supported, the Monitoring Device supports count-based Sampling. The Selector method sampCountBased can be configured."; } feature psamp-samp-time-based { description "If supported, the Monitoring Device supports time-based Sampling. The Selector method sampTimeBased can be configured."; } feature psamp-samp-rand-out-of-n { description "If supported, the Monitoring Device supports random n-out-of-N Sampling. The Selector method sampRandOutOfN can be configured."; } Boyd & Seda Expires April 25, 2019 [Page 36] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 feature psamp-samp-uni-prob { description "If supported, the Monitoring Device supports uniform probabilistic Sampling. The Selector method sampUniProb can be configured."; } feature psamp-filter-match { description "If supported, the Monitoring Device supports property match Filtering. The Selector method filterMatch can be configured."; } feature psamp-filter-hash { description "If supported, the Monitoring Device supports hash-based Filtering. The Selector method filterHash can be configured."; } feature immediate-cache { description "If supported, the Monitoring Device supports Caches generating PSAMP Packet Reports by configuration with immediateCache."; } feature timeout-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with timeoutCache."; } feature natural-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with naturalCache."; } feature permanent-cache { description "If supported, the Monitoring Device supports Caches generating IPFIX Flow Records by configuration with permanentCache."; } Boyd & Seda Expires April 25, 2019 [Page 37] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 identity bob { base hash-function; description "BOB hash function."; reference "RFC 5475, Section 6.2.4.1."; } identity ipsx { base hash-function; description "IPSX hash function."; reference "RFC 5475, Section 6.2.4.1."; } identity crc { base hash-function; description "CRC hash function."; reference "RFC 5475, Section 6.2.4.1."; } identity hash-function { description "Base identity for all hash functions used for hash-based packet Filtering."; } typedef if-name-type { type string { length "1..255"; } description "This corresponds to the DisplayString textual convention of SNMPv2-TC, which is used for ifName in the IF MIB module."; reference "RFC 2863 (ifName)."; } typedef direction { type enumeration { enum "ingress" { value 0; description "This value is used for monitoring incoming packets."; Boyd & Seda Expires April 25, 2019 [Page 38] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 } enum "egress" { value 1; description "This value is used for monitoring outgoing packets."; } enum "both" { value 2; description "This value is used for monitoring incoming and outgoing packets."; } } description "Direction of packets going through an interface."; } grouping observation-point-parameters { description "Interface as input to Observation Point."; leaf observation-domain-id { type uint32; mandatory true; description "The Observation Domain ID associates the Observation Point to an Observation Domain. Observation Points with identical Observation Domain IDs belong to the same Observation Domain. Note that this parameter corresponds to ipfixObservationPointObservationDomainId in the IPFIX MIB module."; reference "RFC 5101; RFC 6615, Section 8 (ipfixObservationPointObservationDomainId)."; } leaf-list interface-ref { type if:interface-ref; description "List of names identifying interfaces of the Monitoring Device. The Observation Point observes packets at the specified interfaces."; } leaf-list ent-physical-name { type string; description Boyd & Seda Expires April 25, 2019 [Page 39] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "List of names identifying physical entities of the Monitoring Device. The Observation Point observes packets at the specified entities."; } leaf direction { type direction; default "both"; description "Direction of packets. If not applicable (e.g., in the case of a sniffing interface in promiscuous mode), this parameter is ignored."; } } grouping samp-count-based-parameters { description "Configuration parameters of a Selector applying systematic count-based packet Sampling to the packet stream."; reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.1."; leaf packet-interval { type uint32; units "packets"; mandatory true; description "The number of packets that are consecutively sampled between gaps of length packetSpace. This parameter corresponds to the Information Element samplingPacketInterval and to psampSampCountBasedInterval in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.2; RFC 6727, Section 6 (psampSampCountBasedInterval)."; } leaf packet-space { type uint32; units "packets"; mandatory true; description "The number of unsampled packets between two Sampling intervals. This parameter corresponds to the Information Element Boyd & Seda Expires April 25, 2019 [Page 40] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 samplingPacketSpace and to psampSampCountBasedSpace in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.3; RFC 6727, Section 6 (psampSampCountBasedSpace)."; } } grouping samp-time-based-parameters { description "Configuration parameters of a Selector applying systematic time-based packet Sampling to the packet stream."; reference "RFC 5475, Section 5.1; RFC 5476, Section 6.5.2.2."; leaf time-interval { type uint32; units "microseconds"; mandatory true; description "The time interval in microseconds during which all arriving packets are sampled between gaps of length timeSpace. This parameter corresponds to the Information Element samplingTimeInterval and to psampSampTimeBasedInterval in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.4; RFC 6727, Section 6 (psampSampTimeBasedInterval)."; } leaf time-space { type uint32; units "microseconds"; mandatory true; description "The time interval in microseconds during which no packets are sampled between two Sampling intervals specified by timeInterval. This parameter corresponds to the Information Element samplingTimeInterval and to psampSampTimeBasedSpace in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.5; RFC 6727, Section 6 (psampSampTimeBasedSpace)."; Boyd & Seda Expires April 25, 2019 [Page 41] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 } } grouping samp-rand-out-of-n-parameters { description "Configuration parameters of a Selector applying n-out-of-N packet Sampling to the packet stream."; reference "RFC 5475, Section 5.2.1; RFC 5476, Section 6.5.2.3."; leaf size { type uint32; units "packets"; mandatory true; description "The number of elements taken from the parent population. This parameter corresponds to the Information Element samplingSize and to psampSampRandOutOfNSize in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.6; RFC 6727, Section 6 (psampSampRandOutOfNSize)."; } leaf population { type uint32; units "packets"; mandatory true; description "The number of elements in the parent population. This parameter corresponds to the Information Element samplingPopulation and to psampSampRandOutOfNPopulation in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.7; RFC 6727, Section 6 (psampSampRandOutOfNPopulation)."; } } grouping samp-uni-prob-parameters { description "Configuration parameters of a Selector applying uniform probabilistic packet Sampling (with equal probability per packet) to the packet stream."; Boyd & Seda Expires April 25, 2019 [Page 42] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 reference "RFC 5475, Section 5.2.2.1; RFC 5476, Section 6.5.2.4."; leaf probability { type decimal64 { fraction-digits 18; range "0..1"; } mandatory true; description "Probability that a packet is sampled, expressed as a value between 0 and 1. The probability is equal for every packet. This parameter corresponds to the Information Element samplingProbability and to psampSampUniProbProbability in the PSAMP MIB module."; reference "RFC 5477, Section 8.2.8; RFC 6727, Section 6 (psampSampUniProbProbability)."; } } grouping filter-match-parameters { description "Configuration parameters of a Selector applying property match Filtering to the packet stream. The field to be matched is specified as an Information Element."; reference "RFC 5475, Section 6.1; RFC 5476, Section 6.5.2.5."; choice name-or-id { mandatory true; description "The field to be matched is specified by either the name or the identifier of the Information Element."; leaf ie-name { type ietf-ipfix:ie-name-type; description "Name of the Information Element."; } leaf ie-id { Boyd & Seda Expires April 25, 2019 [Page 43] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 type ietf-ipfix:ie-id-type; description "Identifier of the Information Element."; } } leaf ie-enterprise-number { type uint32; default '0'; description "If this parameter is zero, the Information Element is registered in the IANA registry of IPFIX Information Elements. If this parameter is configured with a non-zero private enterprise number, the Information Element is enterprise-specific."; reference "IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } leaf value { type string; mandatory true; description "Matching value of the Information Element."; } } grouping filter-hash-parameters { description "Configuration parameters of a Selector applying hash-based Filtering to the packet stream."; reference "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6."; leaf hash-function { type identityref { base hash-function; } default 'bob'; description "Hash function to be applied. According to RFC 5475, Section 6.2.4.1, 'BOB' must be used in order to be compliant with PSAMP. Boyd & Seda Expires April 25, 2019 [Page 44] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 This parameter functionally corresponds to psampFiltHashFunction in the PSAMP MIB module."; reference "RFC 6727, Section 6 (psampFiltHashFunction)"; } leaf initializer-value { type uint64; description "Initializer value to the hash function. If not configured by the user, the Monitoring Device arbitrarily chooses an initializer value. This parameter corresponds to the Information Element hashInitialiserValue and to psampFiltHashInitializerValue in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.9; RFC 6727, Section 6 (psampFiltHashInitializerValue)."; } leaf ip-payload-offset { type uint64; units "octets"; default '0'; description "IP payload offset indicating the position of the first payload byte considered as input to the hash function. Default value 0 corresponds to the minimum offset that must be configurable according to RFC 5476, Section 6.5.2.6. This parameter corresponds to the Information Element hashIPPayloadOffset and to psampFiltHashIpPayloadOffset in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.2; RFC 6727, Section 6 (psampFiltHashIpPayloadOffset)."; } leaf ip-payload-size { type uint64; units "octets"; default '8'; description "Number of IP payload bytes used as input to the hash function, counted from the payload offset. Boyd & Seda Expires April 25, 2019 [Page 45] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 If the IP payload is shorter than the payload range, all available payload octets are used as input. Default value 8 corresponds to the minimum IP payload size that must be configurable according to RFC 5476, Section 6.5.2.6. This parameter corresponds to the Information Element hashIPPayloadSize and to psampFiltHashIpPayloadSize in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.3; RFC 6727, Section 6 (psampFiltHashIpPayloadSize)."; } leaf digest-output { type boolean; default 'false'; description "If true, the output from this Selector is included in the Packet Report as a packet digest. Therefore, the configured Cache Layout needs to contain a digestHashValue field. This parameter corresponds to the Information Element hashDigestOutput."; reference "RFC 5477, Section 8.3.8."; } list selected-range { key "name"; min-elements 1; description "List of hash function return ranges for which packets are selected."; leaf name { type ietf-ipfix:name-type; description "Name of the selected range."; } leaf min { type uint64; description "Beginning of the hash function's selected range. Boyd & Seda Expires April 25, 2019 [Page 46] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 This parameter corresponds to the Information Element hashSelectedRangeMin and to psampFiltHashSelectedRangeMin in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.6; RFC 6727, Section 6 (psampFiltHashSelectedRangeMin)."; } leaf max { type uint64; description "End of the hash function's selected range. This parameter corresponds to the Information Element hashSelectedRangeMax and to psampFiltHashSelectedRangeMax in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.7; RFC 6727, Section 6 (psampFiltHashSelectedRangeMax)."; } } } grouping filter-hash-parameters-state { description "Configuration parameters of a Selector applying hash-based Filtering to the packet stream."; reference "RFC 5475, Section 6.2; RFC 5476, Section 6.5.2.6."; leaf output-range-min { type uint64; config false; description "Beginning of the hash function's potential range. This parameter corresponds to the Information Element hashOutputRangeMin and to psampFiltHashOutputRangeMin in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.4; RFC 6727, Section 6 (psampFiltHashOutputRangeMin)."; } leaf output-range-max { type uint64; config false; Boyd & Seda Expires April 25, 2019 [Page 47] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 description "End of the hash function's potential range. This parameter corresponds to the Information Element hashOutputRangeMax and to psampFiltHashOutputRangeMax in the PSAMP MIB module."; reference "RFC 5477, Section 8.3.5; RFC 6727, Section 6 (psampFiltHashOutputRangeMax)."; } } grouping selector-parameters { description "Configuration and state parameters of a Selector."; choice method { mandatory true; description "Packet selection method applied by the Selector."; leaf select-all { type empty; description "Method that selects all packets."; } container samp-count-based { if-feature psamp-samp-count-based; description "Systematic count-based packet Sampling."; uses samp-count-based-parameters; } container samp-time-based { if-feature psamp-samp-time-based; description "Systematic time-based packet Sampling."; uses samp-time-based-parameters; } container samp-rand-out-of-n { if-feature psamp-samp-rand-out-of-n; description "n-out-of-N packet Sampling."; Boyd & Seda Expires April 25, 2019 [Page 48] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 uses samp-rand-out-of-n-parameters; } container samp-uni-prob { if-feature psamp-samp-uni-prob; description "Uniform probabilistic packet Sampling."; uses samp-uni-prob-parameters; } container filter-match { if-feature psamp-filter-match; description "Property match Filtering."; uses filter-match-parameters; } container filter-hash { if-feature psamp-filter-hash; description "Hash-based Filtering."; uses filter-hash-parameters; uses filter-hash-parameters-state; } } } grouping selector-parameters-state { description "Configuration and state parameters of a Selector."; leaf packets-observed { type yang:counter64; config false; description "The number of packets observed at the input of the Selector. If this is the first Selector in the Selection Process, this counter corresponds to the total number of packets in all Observed Packet Streams at the input of the Selection Process. Otherwise, the counter corresponds to the total number of packets at the output of the preceding Selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other Boyd & Seda Expires April 25, 2019 [Page 49] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 times as indicated by the value of selectorDiscontinuityTime. Note that this parameter corresponds to ipfixSelectorStatsPacketsObserved in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixSelectorStatsPacketsObserved)."; } leaf packets-dropped { type yang:counter64; config false; description "The total number of packets discarded by the Selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selectorDiscontinuityTime. Note that this parameter corresponds to ipfixSelectorStatsPacketsDropped in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixSelectorStatsPacketsDropped)."; } leaf selector-discontinuity-time { type yang:date-and-time; config false; description "Timestamp of the most recent occasion at which one or more of the Selector counters suffered a discontinuity. Note that this parameter functionally corresponds to ipfixSelectionProcessStatsDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixSelectionProcessStatsDiscontinuityTime)."; } Boyd & Seda Expires April 25, 2019 [Page 50] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 } grouping cache-layout-parameters { description "Cache Layout parameters used by immediateCache, timeoutCache, naturalCache, and permanentCache."; container cache-layout { description "Cache Layout parameters."; list cache-field { key "name"; min-elements 1; description "Superset of fields that are included in the Packet Reports or Flow Records generated by the Cache."; leaf name { type ietf-ipfix:name-type; description "Name of the cache field."; } choice name-or-id { mandatory true; description "Name or identifier of the Information Element."; reference "RFC 5102, Section 2; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; leaf ie-name { type ietf-ipfix:ie-name-type; description "Name of the Information Element."; } leaf ie-id { type ietf-ipfix:ie-id-type; description "Identifier of the Information Element."; } } leaf ie-length { type uint16; Boyd & Seda Expires April 25, 2019 [Page 51] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 units "octets"; description "Length of the field in which the Information Element is encoded. A value of 65535 specifies a variable-length Information Element. For Information Elements of integer and float type, the field length MAY be set to a smaller value than the standard length of the abstract data type if the rules of reduced size encoding are fulfilled. If not configured by the user, this parameter is set by the Monitoring Device."; reference "RFC 5101, Section 6.2."; } leaf ie-enterprise-number { type uint32; default '0'; description "If this parameter is zero, the Information Element is registered in the IANA registry of IPFIX Information Elements. If this parameter is configured with a non-zero private enterprise number, the Information Element is enterprise-specific. If the enterprise number is set to 29305, this field contains a Reverse Information Element. In this case, the Cache MUST generate Data Records in accordance to RFC 5103."; reference "RFC 5101; RFC 5103; IANA registry for Private Enterprise Numbers, http://www.iana.org/assignments/enterprise-numbers; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } leaf is-flow-key { when "(name(../../..) != 'immediate-cache') and ((count(../ie-enterprise-number) = 0) or (../ie-enterprise-number != 29305))" { description Boyd & Seda Expires April 25, 2019 [Page 52] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "This parameter is not available for Reverse Information Elements (which have enterprise number 29305). It is also not available for immediateCache."; } type empty; description "If present, this is a flow key."; } } } } grouping flow-cache-parameters { description "Configuration parameters of a Cache generating Flow Records."; leaf max-flows { type uint32; units "flows"; description "This parameter configures the maximum number of Flows in the Cache, which is the maximum number of Flows that can be measured simultaneously. The Monitoring Device MUST ensure that sufficient resources are available to store the configured maximum number of Flows. If the maximum number of Flows is measured, an additional Flow can be measured only if an existing entry is removed. However, traffic that pertains to existing Flows can continue to be measured."; } leaf active-timeout { when "(name(..) = 'timeout-cache') or (name(..) = 'natural-cache')" { description "This parameter is only available for timeoutCache and naturalCache."; } type uint32; units "seconds"; description "This parameter configures the time in seconds after which a Flow is expired even though packets matching this Flow are still received by the Cache. Boyd & Seda Expires April 25, 2019 [Page 53] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 The parameter value zero indicates infinity, meaning that there is no active timeout. If not configured by the user, the Monitoring Device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheActiveTimeout)."; } leaf idle-timeout { when "(name(..) = 'timeout-cache') or (name(..) = 'natural-cache')" { description "This parameter is only available for timeoutCache and naturalCache."; } type uint32; units "seconds"; description "This parameter configures the time in seconds after which a Flow is expired if no more packets matching this Flow are received by the Cache. The parameter value zero indicates infinity, meaning that there is no idle timeout. If not configured by the user, the Monitoring Device sets this parameter. Note that this parameter corresponds to ipfixMeteringProcessCacheIdleTimeout in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheIdleTimeout)."; } leaf export-interval { when "name(..) = 'permanent-cache'" { description "This parameter is only available for permanentCache."; } Boyd & Seda Expires April 25, 2019 [Page 54] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 type uint32; units "seconds"; description "This parameter configures the interval (in seconds) for periodical export of Flow Records. If not configured by the user, the Monitoring Device sets this parameter."; } } grouping flow-cache-parameters-state { description "State parameters of a Cache generating Flow Records."; leaf active-flows { type yang:gauge32; units "flows"; config false; description "The number of Flows currently active in this Cache. Note that this parameter corresponds to ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheActiveFlows)."; } leaf unused-cache-entries { type yang:gauge32; units "flows"; config false; description "The number of unused Cache entries in this Cache. Note that this parameter corresponds to ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessCacheUnusedCacheEntries)."; } } augment '/ietf-ipfix:ipfix' { description Boyd & Seda Expires April 25, 2019 [Page 55] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 "Augment IPFIX transport to add PSAMP."; container psamp { description "Container for PSAMP configuration."; list observation-point { if-feature meter; key "name"; description "Observation Point of the Monitoring Device."; leaf name { type ietf-ipfix:name-type; description "Name of the observation point."; } uses observation-point-parameters; leaf-list selection-process { type leafref { path "/ietf-ipfix:ipfix/psamp/selection-process/name"; } description "Selection Processes in this list process packets in parallel."; } } list selection-process { if-feature meter; key "name"; description "Selection Process of the Monitoring Device."; leaf name { type ietf-ipfix:name-type; description "Name of the selection process."; } list selector { key "name"; min-elements 1; ordered-by user; description "List of Selectors that define the action of the Selection Process on a single packet. The Selectors Boyd & Seda Expires April 25, 2019 [Page 56] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 are serially invoked in the same order as they appear in this list."; leaf name { type ietf-ipfix:name-type; description "Name of the selector."; } uses selector-parameters; uses selector-parameters-state; } leaf cache { type leafref { path "/ietf-ipfix:ipfix/psamp/cache/name"; } description "Cache that receives the output of the Selection Process."; } list selection-sequence { config false; description "This list contains the Selection Sequence IDs that are assigned by the Monitoring Device to distinguish different Selection Sequences passing through the Selection Process. As Selection Sequence IDs are unique per Observation Domain, the corresponding Observation Domain IDs are included as well. With this information, it is possible to associate Selection Sequence (Statistics) Report Interpretations exported according to the PSAMP protocol with a Selection Process in the configuration data."; reference "RFC 5476."; leaf observation-domain-id { type uint32; description "Observation Domain ID for which the Selection Sequence ID is assigned."; } Boyd & Seda Expires April 25, 2019 [Page 57] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 leaf selection-sequence-id { type uint64; description "Selection Sequence ID used in the Selection Sequence (Statistics) Report Interpretation."; } } } list cache { if-feature meter; key "name"; description "Cache of the Monitoring Device."; leaf name { type ietf-ipfix:name-type; description "Name of the cache."; } leaf metering-process-id { type uint32; config false; description "The identifier of the Metering Process this Cache belongs to. This parameter corresponds to the Information Element meteringProcessId. Its occurrence helps to associate Cache parameters with Metering Process statistics exported by the Monitoring Device using the Metering Process (Reliability) Statistics Template as defined by the IPFIX protocol specification."; reference "RFC 5101, Sections 4.1 and 4.2; IANA registry for IPFIX Entities, http://www.iana.org/assignments/ipfix."; } leaf data-records { type yang:counter64; units "Data Records"; config false; description "The number of Data Records generated by this Cache. Boyd & Seda Expires April 25, 2019 [Page 58] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of cacheDiscontinuityTime. Note that this parameter corresponds to ipfixMeteringProcessDataRecords in the IPFIX MIB module."; reference "RFC 6615, Section 8 (ipfixMeteringProcessDataRecords)."; } leaf cache-discontinuity-time { type yang:date-and-time; config false; description "Timestamp of the most recent occasion at which the counter dataRecords suffered a discontinuity. Note that this parameter functionally corresponds to ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module. In contrast to ipfixMeteringProcessDiscontinuityTime, the time is absolute and not relative to sysUpTime."; reference "RFC 6615, Section 8 (ipfixMeteringProcessDiscontinuityTime)."; } choice cache-type { mandatory true; description "Type of Cache and specific parameters."; container immediate-cache { if-feature immediate-cache; description "Flow expiration after the first packet; generation of Packet Records."; uses cache-layout-parameters; } container timeout-cache { if-feature timeout-cache; description "Flow expiration after active and idle Boyd & Seda Expires April 25, 2019 [Page 59] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 timeout; generation of Flow Records."; uses flow-cache-parameters; uses cache-layout-parameters; uses flow-cache-parameters-state; } container natural-cache { if-feature natural-cache; description "Flow expiration after active and idle timeout, or on natural termination (e.g., TCP FIN or TCP RST) of the Flow; generation of Flow Records."; uses flow-cache-parameters; uses cache-layout-parameters; uses flow-cache-parameters-state; } container permanent-cache { if-feature permanent-cache; description "No flow expiration, periodical export with time interval exportInterval; generation of Flow Records."; uses flow-cache-parameters; uses cache-layout-parameters; uses flow-cache-parameters-state; } } leaf-list exporting-process { if-feature ietf-ipfix:exporter; type leafref { path "/ietf-ipfix:ipfix" + "/ietf-ipfix:exporting-process" + "/ietf-ipfix:name"; } description "Records are exported by all Exporting Processes in the list."; } } } } } Boyd & Seda Expires April 25, 2019 [Page 60] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 3.3. ietf-bulk-data-export 3.3.1. ietf-bulk-data-export Module Structure This document defines the YANG module "ietf-bulk-data-export", which has the following tentative structure: TBD 3.3.2. ietf-bulk-data-export YANG module This YANG Module imports typedefs from [RFC6991]. TBD 4. IANA Considerations This document registers a URI in the "IETF XML Registry". [RFC3688]. Following the format in RFC 3688, the following registration has been made. URI: urn:ietf:params:xml:ns:yang:ietf-TBD Registrant Contact: The IESG. XML: N/A, the requested URI is an XML namespace. This document registers a YANG module in the "YANG Module Names" registry. Following the format in [RFC7950], the following has been registered. Name: ietf-TBD Namespace: urn:ietf:params:xml:ns:yang:ietf-TBD Prefix: TBD Reference: TBD 5. Security Considerations The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS [RFC5246]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. Boyd & Seda Expires April 25, 2019 [Page 61] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability: o /ipfix/psamp/observation-point: The configuration parameters in this subtree specify where packets are observed and by which Selection Processes they will be processed. Write access to this subtree allows observing packets at arbitrary interfaces or linecards of the Monitoring Device and may thus lead to the export of sensitive traffic information. o /ipfix/psamp/selection-process: The configuration parameters in this subtree specify for which packets information will be reported in Packet Reports or Flow Records. Write access to this subtree allows changing the subset of packets for which information will be reported and may thus lead to the export of sensitive traffic information. o /ipfix/psamp/cache: The configuration parameters in this subtree specify the fields included in Packet Reports or Flow Records. Write access to this subtree allows adding fields which may contain sensitive traffic information, such as IP addresses or parts of the packet payload. o /ipfix/exporting-process: The configuration parameters in this subtree specify to which Collectors Packet Reports or Flow Records are exported. Write access to this subtree allows exporting potentially sensitive traffic information to illegitimate Collectors. Furthermore, TLS/DTLS parameters can be changed, which may affect the mutual authentication between Exporters and Collectors as well as the encrypted transport of the data. o /ipfix/collecting-process: The configuration parameters in this subtree may specify that collected Packet Reports and Flow Records are reexported to another Collector or written to a file. Write access to this subtree potentially allows reexporting or storing the sensitive traffic information. Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability: Boyd & Seda Expires April 25, 2019 [Page 62] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 o /ipfix/psamp/observation-point: Parameters in this subtree may be sensitive because they reveal information about the Monitoring Device itself and the network infrastructure. o /ipfix/psamp/selection-process: Parameters in this subtree may be sensitive because they reveal information about the Monitoring Device itself and the observed traffic. For example, the counters packetsObserved and packetsDropped inferring the number of observed packets. o /ipfix/psamp/cache: Parameters in this subtree may be sensitive because they reveal information about the Monitoring Device itself and the observed traffic. For example, the counters activeFlows and dataRecords allow inferring the number of measured Flows or packets. o /ipfix/exporting-process: Parameters in this subtree may be sensitive because they reveal information about the network infrastructure and the outgoing IPFIX Transport Sessions. For example, it discloses the IP addresses of Collectors as well as the deployed TLS/DTLS configuration, which may facilitate the interception of outgoing IPFIX Messages. o /ipfix/collecting-process: Parameters in this subtree may be sensitive because they reveal information about the network infrastructure and the incoming IPFIX Transport Sessions. For example, it discloses the IP addresses of Exporters as well as the deployed TLS/DTLS configuration, which may facilitate the interception of incoming IPFIX Messages. (The section needs to be expanded to include bulk data export YANG.) 6. Acknowledgments TBD 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . Boyd & Seda Expires April 25, 2019 [Page 63] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 [RFC5476] Claise, B., Ed., Johnson, A., and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications", RFC 5476, DOI 10.17487/RFC5476, March 2009, . [RFC6728] Muenz, G., Claise, B., and P. Aitken, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols", RFC 6728, DOI 10.17487/RFC6728, October 2012, . [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013, . [RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013, . [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., and R. Wilton, "Network Management Datastore Architecture (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, . [RFC8343] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, . 7.2. Informative References [BBF.TR-352] Broadband Forum, "Multi-wavelength PON Inter-Channel- Termination Protocol (ICTP) Specification", May 2017, . Boyd & Seda Expires April 25, 2019 [Page 64] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, . [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, . [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, . [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, DOI 10.17487/RFC6536, March 2012, . [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, . [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, . [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of Documents Containing YANG Data Models", BCP 216, RFC 8407, DOI 10.17487/RFC8407, October 2018, . Appendix A. Example: ietf-ipfix Usage This configuration example configures an IPFIX exporter for a BBF TR-352 ICTP Proxy. Boyd & Seda Expires April 25, 2019 [Page 65] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 TR352-exporter ICTP-Proxy1-collector source-address 192.0.2.1 destination-address ictp-proxy-1.ngpon2-system1.com Options 1 extended-type-information 0 This configuration example configures an IPFIX mediator. Boyd & Seda Expires April 25, 2019 [Page 66] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 OLT-collector myolt-tcp-collector local-ip-address 192.100.2.1 OLT-exporter OLT-exporter big-collector source-address 192.100.2.1 destination-address big-collector1.system.com Options 1 extended-type-information 0 Appendix B. Example: ietf-psamp Usage TBD Appendix C. Example: ietf-bulk-data-export Usage The configuration example configures a field-layout template: TBD Authors' Addresses Joey Boyd ADTRAN Email: joey.boyd@adtran.com Boyd & Seda Expires April 25, 2019 [Page 67] Internet-Draft IPFIX/PSAMP/Bulk Data Export Data Models October 2018 Marta Seda Calix Email: marta.seda@calix.com Boyd & Seda Expires April 25, 2019 [Page 68]