tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 6728

 
 
 

Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols

Part 6 of 6, p. 104 to 129
Prev RFC Part

 


prevText      Top      Up      ToC       Page 104 
7.  Examples

   This section shows example configurations conforming to the YANG
   module specified in Section 6.

7.1.  PSAMP Device

   This configuration example configures two Observation Points
   capturing ingress traffic at eth0 and all traffic at eth1.  Both
   Observed Packet Streams enter two different Selection Processes.  The
   first Selection Process implements a Composite Selector of a filter
   for UDP packets and a random sampler.  The second Selection Process
   implements a Primitive Selector of an ICMP filter.  The Selected
   Packet Streams of both Selection Processes enter the same Cache.  The
   Cache generates a PSAMP Packet Report for every selected packet.

   The associated Exporting Process exports to a Collector using PR-SCTP
   and DTLS.  The TLS/DTLS parameters specify that the collector must
   supply a certificate for the FQDN collector.example.net.  Valid
   certificates from any certification authority will be accepted.  As
   the destination transport port is omitted, the standard IPFIX-over-
   DTLS port 4740 is used.

   The parameters of the Selection Processes are reported as Selection
   Sequence Report Interpretations and Selector Report Interpretations
   [RFC5476].  There will be two Selection Sequence Report
   Interpretations per Selection Process, one for each Observation
   Point.  Selection Sequence Statistics Report Interpretations are
   exported every 30 seconds (30000 milliseconds).

   <ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp">

     <observationPoint>
       <name>OP at eth0 (ingress)</name>
       <observationDomainId>123</observationDomainId>
       <ifName>eth0</ifName>
       <direction>ingress</direction>
       <selectionProcess>Sampled UDP packets</selectionProcess>

Top      Up      ToC       Page 105 
       <selectionProcess>ICMP packets</selectionProcess>
     </observationPoint>

     <observationPoint>
       <name>OP at eth1</name>
       <observationDomainId>123</observationDomainId>
       <ifName>eth1</ifName>
       <selectionProcess>Sampled UDP packets</selectionProcess>
       <selectionProcess>ICMP packets</selectionProcess>
     </observationPoint>

     <selectionProcess>
       <name>Sampled UDP packets</name>
       <selector>
         <name>UDP filter</name>
         <filterMatch>
           <ieId>4</ieId>
           <value>17</value>
         </filterMatch>
       </selector>
       <selector>
         <name>10-out-of-100 sampler</name>
         <sampRandOutOfN>
           <size>10</size>
           <population>100</population>
         </sampRandOutOfN>
       </selector>
       <cache>PSAMP cache</cache>
     </selectionProcess>

     <selectionProcess>
       <name>ICMP packets</name>
       <selector>
         <name>ICMP filter</name>
         <filterMatch>
           <ieId>4</ieId>
           <value>1</value>
         </filterMatch>
       </selector>
       <cache>PSAMP cache</cache>
     </selectionProcess>

     <cache>
       <name>PSAMP cache</name>
       <immediateCache>
         <cacheLayout>
           <cacheField>
             <name>Field 1: ipHeaderPacketSection</name>

Top      Up      ToC       Page 106 
             <ieId>313</ieId>
             <ieLength>64</ieLength>
           </cacheField>
           <cacheField>
             <name>Field 2: observationTimeMilliseconds</name>
             <ieId>322</ieId>
           </cacheField>
         </cacheLayout>
       </immediateCache>
       <exportingProcess>The only exporter</exportingProcess>
     </cache>

     <exportingProcess>
       <name>The only exporter</name>
       <destination>
         <name>PR-SCTP collector</name>
         <sctpExporter>
           <destinationIPAddress>192.0.2.1</destinationIPAddress>
           <rateLimit>1000000</rateLimit>
           <timedReliability>500</timedReliability>
           <transportLayerSecurity>
             <remoteSubjectFQDN>coll-1.example.net</remoteSubjectFQDN>
           </transportLayerSecurity>
         </sctpExporter>
       </destination>
       <options>
         <name>Options 1</name>
         <optionsType>selectionSequence</optionsType>
         <optionsTimeout>0</optionsTimeout>
       </options>
       <options>
         <name>Options 2</name>
         <optionsType>selectionStatistics</optionsType>
         <optionsTimeout>30000</optionsTimeout>
       </options>
     </exportingProcess>

   </ipfix>

   The above configuration results in one Template and six Options
   Templates.  For the remainder of the example, we assume Template ID
   256 for the Template and Template IDs 257 to 262 for the Options
   Templates.  The Template is used to export the Packet Reports and has
   the following fields:

      Template ID: 256
      ipHeaderPacketSection (elementId = 313, length = 64)
      observationTimeMilliseconds (elementId = 322, length = 8)

Top      Up      ToC       Page 107 
   Two Options Templates are used for the Selection Sequence Report
   Interpretations.  The first one has one selectorId field and is used
   for the Selection Process "ICMP packets".  The second one has two
   selectorId fields to describe the two selectors of the Selection
   Process "Sampled UDP packets".

      Template ID: 257
      Scope: selectionSequenceId (elementId = 301, length = 8)
      observationPointId (elementId = 138, length = 4)
      selectorId (elementId = 302, length = 4)

      Template ID: 258
      Scope: selectionSequenceId (elementId = 301, length = 8)
      observationPointId (elementId = 138, length = 4)
      selectorId (elementId = 302, length = 4)
      selectorId (elementId = 302, length = 4)

   Another Options Template is used to carry the Property Match
   Filtering Selector Report Interpretation for the Selectors "UDP
   filter" and "ICMP filter":

      Template ID: 259
      Scope: selectorId (elementId = 302, length = 4)
      selectorAlgorithm (elementId = 304, length = 2)
      protocolIdentifier (elementId = 4, length = 1)

   Yet another Options Template is used to carry the Random n-out-of-N
   Sampling Selector Report Interpretation for the Selector "10-out-of-
   100 sampler":

      Template ID: 260
      Scope: selectorId (elementId = 302, length = 4)
      selectorAlgorithm (elementId = 304, length = 2)
      samplingSize (elementId = 319, length = 4)
      samplingPopulation (elementId = 310, length = 4)

   The last two Options Template are used to carry the Selection
   Sequence Statistics Report Interpretation for the Selection
   Processes, containing the statistics for one and two Selectors,
   respectively:

      Template ID: 261
      Scope: selectionSequenceId (elementId = 301, length = 8)
      selectorIdTotalPktsObserved (elementId = 318, length = 8)
      selectorIdTotalPktsSelected (elementId = 319, length = 8)

Top      Up      ToC       Page 108 
      Template ID: 262
      Scope: selectionSequenceId (elementId = 301, length = 8)
      selectorIdTotalPktsObserved (elementId = 318, length = 8)
      selectorIdTotalPktsSelected (elementId = 319, length = 8)
      selectorIdTotalPktsObserved (elementId = 318, length = 8)
      selectorIdTotalPktsSelected (elementId = 319, length = 8)

   After a short runtime, 100 packets have been observed at the two
   Observation Points, including 20 UDP and 5 ICMP packets. 3 of the UDP
   packets are selected by the random sampler, which results in a total
   of 8 Packet Reports generated by the Cache.  Under these
   circumstances, the complete configuration and state data of the PSAMP
   Device may look as follows:

   <ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp">

     <observationPoint>
       <name>OP at eth0 (ingress)</name>
       <observationPointId>1</observationPointId>
       <observationDomainId>123</observationDomainId>
       <ifName>eth0</ifName>
       <direction>ingress</direction>
       <selectionProcess>Sampled UDP packets</selectionProcess>
       <selectionProcess>ICMP packets</selectionProcess>
     </observationPoint>

     <observationPoint>
       <name>OP at eth1</name>
       <observationPointId>2</observationPointId>
       <observationDomainId>123</observationDomainId>
       <ifName>eth1</ifName>
       <direction>both</direction>
       <selectionProcess>Sampled UDP packets</selectionProcess>
       <selectionProcess>ICMP packets</selectionProcess>
     </observationPoint>

     <selectionProcess>
       <name>Sampled UDP packets</name>
       <selector>
         <name>UDP filter</name>
         <filterMatch>
           <ieId>4</ieId>
           <value>17</value>
         </filterMatch>
         <packetsObserved>100</packetsObserved>
         <packetsDropped>80</packetsDropped>
         <selectorDiscontinuityTime>2010-03-15T00:00:00.00Z
             </selectorDiscontinuityTime>

Top      Up      ToC       Page 109 
       </selector>
       <selector>
         <name>10-out-of-100 sampler</name>
         <sampRandOutOfN>
           <size>10</size>
           <population>100</population>
         </sampRandOutOfN>
         <packetsObserved>20</packetsObserved>
         <packetsDropped>17</packetsDropped>
         <selectorDiscontinuityTime>2010-03-15T00:00:00.00Z
             </selectorDiscontinuityTime>
       </selector>
       <selectionSequence>
           <observationDomainId>123</observationDomainId>
           <selectionSequenceId>1</selectionSequenceId>
       </selectionSequence>
       <selectionSequence>
           <observationDomainId>123</observationDomainId>
           <selectionSequenceId>2</selectionSequenceId>
       </selectionSequence>
       <cache>PSAMP cache</cache>
     </selectionProcess>

     <selectionProcess>
       <name>ICMP packets</name>
       <selector>
         <name>ICMP filter</name>
         <filterMatch>
           <ieId>4</ieId>
           <value>1</value>
         </filterMatch>
         <packetsObserved>100</packetsObserved>
         <packetsDropped>95</packetsDropped>
         <selectorDiscontinuityTime>2010-03-15T00:00:00.00Z
             </selectorDiscontinuityTime>
       </selector>
       <selectionSequence>
           <observationDomainId>123</observationDomainId>
           <selectionSequenceId>3</selectionSequenceId>
       </selectionSequence>
       <selectionSequence>
           <observationDomainId>123</observationDomainId>
           <selectionSequenceId>4</selectionSequenceId>
       </selectionSequence>
       <cache>PSAMP cache</cache>
     </selectionProcess>

     <cache>

Top      Up      ToC       Page 110 
       <name>PSAMP cache</name>
       <meteringProcessId>1</meteringProcessId>
       <immediateCache>
         <cacheLayout>
           <cacheField>
             <name>Field 1: ipHeaderPacketSection</name>
             <ieId>313</ieId>
             <ieLength>64</ieLength>
           </cacheField>
           <cacheField>
             <name>Field 2: observationTimeMilliseconds</name>
             <ieId>322</ieId>
           </cacheField>
         </cacheLayout>
       </immediateCache>
       <dataRecords>8</dataRecords>
       <cacheDiscontinuityTime>2010-03-15T00:00:00.00Z
           </cacheDiscontinuityTime>
       <exportingProcess>The only exporter</exportingProcess>
     </cache>

     <exportingProcess>
       <name>The only exporter</name>
       <exportingProcessId>1</exportingProcessId>
       <exportMode>parallel</exportMode>
       <destination>
         <name>PR-SCTP collector</name>
         <sctpExporter>
           <ipfixVersion>10</ipfixVersion>
           <destinationIPAddress>192.0.2.1</destinationIPAddress>
           <destinationPort>4740</destinationPort>
           <sendBufferSize>32768</sendBufferSize>
           <rateLimit>1000000</rateLimit>
           <timedReliability>500</timedReliability>
           <transportLayerSecurity>
             <remoteSubjectFQDN>coll-1.example.net</remoteSubjectFQDN>
           </transportLayerSecurity>
           <transportSession>
             <ipfixVersion>10</ipfixVersion>
             <sourceAddress>192.0.2.100</sourceAddress>
             <destinationAddress>192.0.2.1</destinationAddress>
             <sourcePort>45687</sourcePort>
             <destinationPort>4740</destinationPort>
             <sctpAssocId>1</sctpAssocId>
             <status>active</status>
             <rate>230</rate>
             <bytes>978</bytes>
             <messages>3</messages>

Top      Up      ToC       Page 111 
             <records>19</records>
             <templates>1</templates>
             <optionsTemplates>6</optionsTemplates>
             <transportSessionStartTime>2010-03-15T00:00:00.50Z
                 </transportSessionStartTime>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>256</templateId>
               <setId>2</setId>
               <accessTime>2010-03-15T00:00:02.15Z</accessTime>
               <templateDataRecords>8</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>313</ieId>
                 <ieLength>64</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>154</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>257</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:02.15Z</accessTime>
               <templateDataRecords>2</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>301</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>138</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>302</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>

Top      Up      ToC       Page 112 
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>258</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:02.15Z</accessTime>
               <templateDataRecords>2</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>301</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>138</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>302</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>302</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>259</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:02.15Z</accessTime>
               <templateDataRecords>2</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>302</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>304</ieId>
                 <ieLength>2</ieLength>

Top      Up      ToC       Page 113 
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>4</ieId>
                 <ieLength>1</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>260</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:02.15Z</accessTime>
               <templateDataRecords>1</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>302</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>304</ieId>
                 <ieLength>2</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>309</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>310</ieId>
                 <ieLength>4</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>261</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:03.10Z</accessTime>
               <templateDataRecords>2</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>301</ieId>

Top      Up      ToC       Page 114 
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>318</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>319</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
             </template>
             <template>
               <observationDomainId>123</observationDomainId>
               <templateId>262</templateId>
               <setId>3</setId>
               <accessTime>2010-03-15T00:00:03.10Z</accessTime>
               <templateDataRecords>2</templateDataRecords>
               <templateDiscontinuityTime>2010-03-15T00:00:01.10Z
                   </templateDiscontinuityTime>
               <field>
                 <ieId>301</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
                 <isScope/>
               </field>
               <field>
                 <ieId>318</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>319</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>318</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>
               </field>
               <field>
                 <ieId>319</ieId>
                 <ieLength>8</ieLength>
                 <ieEnterpriseNumber>0</ieEnterpriseNumber>

Top      Up      ToC       Page 115 
               </field>
             </template>
           </transportSession>
         </sctpExporter>
       </destination>
       <options>
         <name>Options 1</name>
         <optionsType>selectionSequence</optionsType>
         <optionsTimeout>0</optionsTimeout>
       </options>
       <options>
         <name>Options 2</name>
         <optionsType>selectionStatistics</optionsType>
         <optionsTimeout>30000</optionsTimeout>
       </options>
     </exportingProcess>

   </ipfix>

7.2.  IPFIX Device

   This configuration example demonstrates the shared usage of a Cache
   for maintaining Flow Records from two Observation Points belonging to
   different Observation Domains.  Packets are selected using different
   Sampling techniques: count-based Sampling for the first Observation
   Point (eth0) and selection of all packets for the second Observation
   Point (eth1).  The Exporting Process sends the Flow Records to a
   primary destination using SCTP.  A UDP Collector is specified as
   secondary destination.

   Exporting Process reliability statistics [RFC5101] are exported
   periodically every minute (60000 milliseconds).  Selection Sequence
   Report Interpretations and Selector Report Interpretations [RFC5476]
   are exported once after configuring the Selection Processes.  In
   total, two Selection Sequence Report Interpretations will be
   exported, one for each Selection Process.

   <ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp">

     <observationPoint>
       <name>OP at eth0 (ingress)</name>
       <observationDomainId>123</observationDomainId>
       <ifName>eth0</ifName>
       <direction>ingress</direction>
       <selectionProcess>Count-based packet selection</selectionProcess>
     </observationPoint>

     <observationPoint>

Top      Up      ToC       Page 116 
       <name>OP at eth1</name>
       <observationDomainId>456</observationDomainId>
       <ifName>eth1</ifName>
       <selectionProcess>All packet selection</selectionProcess>
     </observationPoint>

     <selectionProcess>
       <name>Count-based packet selection</name>
       <selector>
         <name>Count-based sampler</name>
         <sampCountBased>
           <packetInterval>1</packetInterval>
           <packetSpace>99</packetSpace>
         </sampCountBased>
       </selector>
       <cache>Flow cache</cache>
     </selectionProcess>

     <selectionProcess>
       <name>All packet selection</name>
       <selector>
         <name>Select all</name>
         <selectAll/>
       </selector>
       <cache>Flow cache</cache>
     </selectionProcess>

     <cache>
       <name>Flow cache</name>
       <timeoutCache>
         <maxFlows>4096</maxFlows>
         <activeTimeout>5000</activeTimeout>
         <idleTimeout>10000</idleTimeout>
         <cacheLayout>
           <cacheField>
             <name>Field 1</name>
             <ieName>sourceIPv4Address</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 2</name>
             <ieName>destinationIPv4Address</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 3</name>
             <ieName>protocolIdentifier</ieName>
             <isFlowKey/>

Top      Up      ToC       Page 117 
           </cacheField>
           <cacheField>
             <name>Field 4</name>
             <ieName>sourceTransportPort</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 5</name>
             <ieName>destinationTransportPort</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 6</name>
             <ieName>flowStartMilliseconds</ieName>
           </cacheField>
           <cacheField>
             <name>Field 7</name>
             <ieName>flowEndSeconds</ieName>
           </cacheField>
           <cacheField>
             <name>Field 8</name>
             <ieName>octetDeltaCount</ieName>
           </cacheField>
           <cacheField>
             <name>Field 9</name>
             <ieName>packetDeltaCount</ieName>
           </cacheField>
         </cacheLayout>
       </timeoutCache>
       <exportingProcess>SCTP export with UDP backup</exportingProcess>
     </cache>

     <exportingProcess>
       <name>SCTP export with UDP backup</name>
       <exportMode>fallback</exportMode>
       <destination>
         <name>SCTP destination (primary)</name>
         <sctpExporter>
           <destinationPort>4739</destinationPort>
           <destinationIPAddress>192.0.2.1</destinationIPAddress>
         </sctpExporter>
       </destination>
       <destination>
         <name>UDP destination (secondary)</name>
         <udpExporter>
           <destinationPort>4739</destinationPort>
           <destinationIPAddress>192.0.2.2</destinationIPAddress>
           <templateRefreshTimeout>300</templateRefreshTimeout>

Top      Up      ToC       Page 118 
           <optionsTemplateRefreshTimeout>300
               </optionsTemplateRefreshTimeout>
         </udpExporter>
       </destination>
       <options>
         <name>Options 1</name>
         <optionsType>selectionSequence</optionsType>
         <optionsTimeout>0</optionsTimeout>
       </options>
       <options>
         <name>Options 2</name>
         <optionsType>exportingReliability</optionsType>
         <optionsTimeout>60000</optionsTimeout>
       </options>
     </exportingProcess>

   </ipfix>

7.3.  Export of Flow Records and Packet Reports

   This configuration example demonstrates the combined export of Flow
   Records and Packet Reports for a single Observation Point.  One
   Selection Process applies random Sampling to the Observed Packet
   Stream.  Its output is passed to a Cache generating Flow Records.  In
   parallel, the Observed Packet Stream enters a second Selection
   Process that discards all non-ICMP packets and passes the selected
   packets to a second Cache for generating Packet Reports.  The output
   of both Caches is exported to a single Collector using SCTP.

   <ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp">

     <observationPoint>
       <name>OP at linecard 3</name>
       <observationDomainId>9876</observationDomainId>
       <ifIndex>4</ifIndex>
       <direction>ingress</direction>
       <selectionProcess>Sampling</selectionProcess>
       <selectionProcess>ICMP</selectionProcess>
     </observationPoint>

     <selectionProcess>
       <name>Sampling</name>
       <selector>
         <name>Random sampler</name>
         <sampUniProb>
           <probability>0.01</probability>
         </sampUniProb>
       </selector>

Top      Up      ToC       Page 119 
       <cache>Flow cache</cache>
     </selectionProcess>

     <selectionProcess>
       <name>ICMP</name>
       <selector>
         <name>ICMP filter</name>
         <filterMatch>
           <ieId>4</ieId>
           <value>1</value>
         </filterMatch>
       </selector>
       <cache>Packet reporting</cache>
     </selectionProcess>

     <cache>
       <name>Flow cache</name>
       <timeoutCache>
         <maxFlows>4096</maxFlows>
         <activeTimeout>5</activeTimeout>
         <idleTimeout>10</idleTimeout>
         <cacheLayout>
           <cacheField>
             <name>Field 1</name>
             <ieName>sourceIPv4Address</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 2</name>
             <ieName>destinationIPv4Address</ieName>
             <isFlowKey/>
           </cacheField>
           <cacheField>
             <name>Field 6</name>
             <ieName>flowStartMilliseconds</ieName>
           </cacheField>
           <cacheField>
             <name>Field 7</name>
             <ieName>flowEndSeconds</ieName>
           </cacheField>
           <cacheField>
             <name>Field 8</name>
             <ieName>octetDeltaCount</ieName>
           </cacheField>
           <cacheField>
             <name>Field 9</name>
             <ieName>packetDeltaCount</ieName>
           </cacheField>

Top      Up      ToC       Page 120 
         </cacheLayout>
       </timeoutCache>
       <exportingProcess>Export</exportingProcess>
     </cache>

     <cache>
       <name>Packet reporting</name>
       <immediateCache>
         <cacheLayout>
           <cacheField>
             <name>Field 1</name>
             <ieId>313</ieId>
             <ieLength>64</ieLength>
           </cacheField>
           <cacheField>
             <name>Field 2</name>
             <ieId>154</ieId>
           </cacheField>
         </cacheLayout>
       </immediateCache>
       <exportingProcess>Export</exportingProcess>
     </cache>

     <exportingProcess>
       <name>Export</name>
       <destination>
         <name>SCTP collector</name>
         <sctpExporter>
           <destinationIPAddress>192.0.2.1</destinationIPAddress>
           <timedReliability>0</timedReliability>
         </sctpExporter>
       </destination>
       <options>
         <name>Options 1</name>
         <optionsType>selectionSequence</optionsType>
         <optionsTimeout>0</optionsTimeout>
       </options>
     </exportingProcess>

   </ipfix>

Top      Up      ToC       Page 121 
7.4.  Collector and File Writer

   This configuration example configures a Collector that writes the
   received data to a file.

   <ipfix xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp">

     <collectingProcess>
       <name>SCTP collector</name>
       <sctpCollector>
         <name>Listening port 4739</name>
         <localPort>4739</localPort>
         <localIPAddress>192.0.2.1</localIPAddress>
       </sctpCollector>
       <exportingProcess>File writer</exportingProcess>
     </collectingProcess>

     <exportingProcess>
       <name>File writer</name>
       <destination>
         <name>Write to /tmp folder</name>
         <fileWriter>
           <file>file://tmp/collected-records.ipfix</file>
         </fileWriter>
       </destination>
     </exportingProcess>

   </ipfix>

Top      Up      ToC       Page 122 
7.5.  Deviations

   Assume that a Monitoring Device has only two interfaces ifIndex=1 and
   ifIndex=2, which can be configured as Observation Points.  The
   Observation Point ID is always identical to the ifIndex.

   The following YANG module specifies these deviations.

module my-ipfix-psamp-deviation {
  namespace "urn:my-company:xml:ns:ietf-ipfix-psamp";
  prefix my;

  import ietf-ipfix-psamp { prefix ipfix; }

  deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:entPhysicalIndex {
    deviate not-supported;
  }
  deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:entPhysicalName {
    deviate not-supported;
  }
  deviation /ipfix:ipfix/ipfix:observationPoint/ipfix:ifName {
    deviate not-supported;
  }
  deviation /ipfix:ipfix/ipfix:observationPoint {
    deviate add {
      must "ipfix:ifIndex=1 or ipfix:ifIndex=2";
    }
  }
  deviation
      /ipfix:ipfix/ipfix:observationPoint/ipfix:observationPointId {
    deviate add {
      must "current()=../ipfix:ifIndex";
    }
  }
}

8.  Security Considerations

   The YANG module defined in this memo is designed to be accessed via
   the NETCONF protocol [RFC6241].  The lowest NETCONF layer is the
   secure transport layer and the mandatory-to-implement secure
   transport is SSH [RFC6242].

   There are a number of data nodes defined in this YANG module which
   are writable/creatable/deletable (i.e., config true, which is the
   default).  These data nodes may be considered sensitive or vulnerable
   in some network environments.  Write operations (e.g., edit-config)

Top      Up      ToC       Page 123 
   to these data nodes without proper protection can have a negative
   effect on network operations.  These are the subtrees and data nodes
   and their sensitivity/vulnerability:

   /ipfix/observationPoint
      The configuration parameters in this subtree specify where packets
      are observed and by which Selection Processes they will be
      processed.  Write access to this subtree allows observing packets
      at arbitrary interfaces or linecards of the Monitoring Device and
      may thus lead to the export of sensitive traffic information.
   /ipfix/selectionProcess
      The configuration parameters in this subtree specify for which
      packets information will be reported in Packet Reports or Flow
      Records.  Write access to this subtree allows changing the subset
      of packets for which information will be reported and may thus
      lead to the export of sensitive traffic information.
   /ipfix/cache
      The configuration parameters in this subtree specify the fields
      included in Packet Reports or Flow Records.  Write access to this
      subtree allows adding fields which may contain sensitive traffic
      information, such as IP addresses or parts of the packet payload.
   /ipfix/exportingProcess
      The configuration parameters in this subtree specify to which
      Collectors Packet Reports or Flow Records are exported.  Write
      access to this subtree allows exporting potentially sensitive
      traffic information to illegitimate Collectors.  Furthermore, TLS/
      DTLS parameters can be changed, which may affect the mutual
      authentication between Exporters and Collectors as well as the
      encrypted transport of the data.
   /ipfix/collectingProcess
      The configuration parameters in this subtree may specify that
      collected Packet Reports and Flow Records are reexported to
      another Collector or written to a file.  Write access to this
      subtree potentially allows reexporting or storing the sensitive
      traffic information.

   Some of the readable data nodes in this YANG module may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control read access (e.g., via get, get-config, or
   notification) to these data nodes.  These are the subtrees and data
   nodes and their sensitivity/vulnerability:

   /ipfix/observationPoint
      Parameters in this subtree may be sensitive because they reveal
      information about the Monitoring Device itself and the network
      infrastructure.

Top      Up      ToC       Page 124 
   /ipfix/selectionProcess
      Parameters in this subtree may be sensitive because they reveal
      information about the Monitoring Device itself and the observed
      traffic.  For example, the counters packetsObserved and
      packetsDropped inferring the number of observed packets.
   /ipfix/cache
      Parameters in this subtree may be sensitive because they reveal
      information about the Monitoring Device itself and the observed
      traffic.  For example, the counters activeFlows and dataRecords
      allow inferring the number of measured Flows or packets.
   /ipfix/exportingProcess
      Parameters in this subtree may be sensitive because they reveal
      information about the network infrastructure and the outgoing
      IPFIX Transport Sessions.  For example, it discloses the IP
      addresses of Collectors as well as the deployed TLS/DTLS
      configuration, which may facilitate the interception of outgoing
      IPFIX Messages.
   /ipfix/collectingProcess
      Parameters in this subtree may be sensitive because they reveal
      information about the network infrastructure and the incoming
      IPFIX Transport Sessions.  For example, it discloses the IP
      addresses of Exporters as well as the deployed TLS/DTLS
      configuration, which may facilitate the interception of incoming
      IPFIX Messages.

9.  IANA Considerations

   This document registers a URI in the IETF XML registry [RFC3688].
   Following the format in RFC 3688, the following registration is
   requested.

      URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp
      Registrant Contact: The IPFIX WG of the IETF.
      XML: N/A, the requested URI is an XML namespace.

   This document registers a YANG module in the YANG Module Names
   registry [RFC6020].

      name: ietf-ipfix-psamp
      namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-psamp
      prefix: ipfix
      reference: RFC 6728

Top      Up      ToC       Page 125 
10.  Acknowledgements

   The authors thank Martin Bjorklund, Andy Bierman, and Ladislav Lhotka
   for helping specify the configuration data model in YANG, as well as
   Atsushi Kobayashi, Andrew Johnson, Lothar Braun, and Brian Trammell
   for their valuable reviews of this document.

11.  References

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5101]  Claise, B., "Specification of the IP Flow Information
              Export (IPFIX) Protocol for the Exchange of IP Traffic
              Flow Information", RFC 5101, January 2008.

   [RFC5102]  Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
              Meyer, "Information Model for IP Flow Information Export",
              RFC 5102, January 2008.

   [RFC5103]  Trammell, B. and E. Boschi, "Bidirectional Flow Export
              Using IP Flow Information Export (IPFIX)", RFC 5103,
              January 2008.

   [RFC5475]  Zseby, T., Molina, M., Duffield, N., Niccolini, S., and F.
              Raspall, "Sampling and Filtering Techniques for IP Packet
              Selection", RFC 5475, March 2009.

   [RFC5476]  Claise, B., Johnson, A., and J. Quittek, "Packet Sampling
              (PSAMP) Protocol Specifications", RFC 5476, March 2009.

   [RFC5477]  Dietz, T., Claise, B., Aitken, P., Dressler, F., and G.
              Carle, "Information Model for Packet Sampling Exports",
              RFC 5477, March 2009.

   [RFC6020]  Bjorklund, M., "YANG - A Data Modeling Language for the
              Network Configuration Protocol (NETCONF)", RFC 6020,
              October 2010.

   [RFC6021]  Schoenwaelder, J., "Common YANG Data Types", RFC 6021,
              October 2010.

   [UML]      Object Management Group, "OMG Unified Modeling Language
              (OMG UML), Superstructure, V2.2", OMG formal/2009-02-02,
              February 2009.

Top      Up      ToC       Page 126 
   [IANA-IPFIX]
              IANA, "IP Flow Information Export (IPFIX) Entities",
              <http://www.iana.org/assignments/ipfix>.

11.2.  Informative References

   [RFC1141]  Mallory, T. and A. Kullberg, "Incremental updating of the
              Internet checksum", RFC 1141, January 1990.

   [RFC2863]  McCloghrie, K. and F. Kastenholz, "The Interfaces Group
              MIB", RFC 2863, June 2000.

   [RFC3280]  Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
              X.509 Public Key Infrastructure Certificate and
              Certificate Revocation List (CRL) Profile", RFC 3280,
              April 2002.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, May 2008.

   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
              January 2004.

   [RFC3758]  Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P.
              Conrad, "Stream Control Transmission Protocol (SCTP)
              Partial Reliability Extension", RFC 3758, May 2004.

   [RFC3871]  Jones, G., "Operational Security Requirements for Large
              Internet Service Provider (ISP) IP Network
              Infrastructure", RFC 3871, September 2004.

   [RFC3917]  Quittek, J., Zseby, T., Claise, B., and S. Zander,
              "Requirements for IP Flow Information Export (IPFIX)",
              RFC 3917, October 2004.

   [RFC4133]  Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)",
              RFC 4133, August 2005.

   [RFC6347]  Rescorla, E. and N. Modadugu, "Datagram Transport Layer
              Security Version 1.2", RFC 6347, January 2012.

   [RFC6241]  Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
              Bierman, "Network Configuration Protocol (NETCONF)",
              RFC 6241, June 2011.

Top      Up      ToC       Page 127 
   [RFC6242]  Wasserman, M., "Using the NETCONF Protocol over Secure
              Shell (SSH)", RFC 6242, June 2011.

   [RFC4960]  Stewart, R., "Stream Control Transmission Protocol",
              RFC 4960, September 2007.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008.

   [RFC5470]  Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
              "Architecture for IP Flow Information Export", RFC 5470,
              March 2009.

   [RFC5472]  Zseby, T., Boschi, E., Brownlee, N., and B. Claise, "IP
              Flow Information Export (IPFIX) Applicability", RFC 5472,
              March 2009.

   [RFC5473]  Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy
              in IP Flow Information Export (IPFIX) and Packet Sampling
              (PSAMP) Reports", RFC 5473, March 2009.

   [RFC5474]  Duffield, N., Chiou, D., Claise, B., Greenberg, A.,
              Grossglauser, M., and J. Rexford, "A Framework for Packet
              Selection and Reporting", RFC 5474, March 2009.

   [RFC5610]  Boschi, E., Trammell, B., Mark, L., and T. Zseby,
              "Exporting Type Information for IP Flow Information Export
              (IPFIX) Information Elements", RFC 5610, July 2009.

   [RFC5655]  Trammell, B., Boschi, E., Mark, L., Zseby, T., and A.
              Wagner, "Specification of the IP Flow Information Export
              (IPFIX) File Format", RFC 5655, October 2009.

   [RFC6110]  Lhotka, L., "Mapping YANG to Document Schema Definition
              Languages and Validating NETCONF Content", RFC 6110,
              February 2011.

   [RFC6526]  Claise, B., Aitken, P., Johnson, A., and G. Muenz, "IP
              Flow Information Export (IPFIX) Per Stream Control
              Transmission Protocol (SCTP) Stream", RFC 6526,
              March 2012.

   [RFC6615]  Dietz, T., Kobayashi, A., Claise, B., and G. Muenz,
              "Definitions of Managed Objects for IP Flow Information
              Export", RFC 6615, June 2012.

Top      Up      ToC       Page 128 
   [W3C.REC-xml-20081126]
              Sperberg-McQueen, C., Yergeau, F., Bray, T., Paoli, J.,
              and E. Maler, "Extensible Markup Language (XML) 1.0 (Fifth
              Edition)", World Wide Web Consortium Recommendation
              REC-xml-20081126, November 2008,
              <http://www.w3.org/TR/2008/REC-xml-20081126>.

   [W3C.REC-xmlschema-0-20041028]
              Walmsley, P. and D. Fallside, "XML Schema Part 0: Primer
              Second Edition", World Wide Web Consortium Recommendation
              REC-xmlschema-0-20041028, October 2004,
              <http://www.w3.org/TR/2004/REC-xmlschema-0-20041028>.

   [RFC6727]  Dietz, T., Claise, B., and J. Quittek, "Definitions of
              Managed Objects for Packet Sampling", RFC 6727, October
              2012.

   [YANG-WEB]
              Bjoerklund, M., "YANG WebHome", March 2011,
              <http://www.yang-central.org/>.

   [IANA-ENTERPRISE-NUMBERS]
              IANA, "Private Enterprise Numbers",
              <http://www.iana.org/assignments/enterprise-numbers>.

Top      Up      ToC       Page 129 
Authors' Addresses

   Gerhard Muenz
   Technische Universitaet Muenchen
   Department of Informatics
   Chair for Network Architectures and Services (I8)
   Boltzmannstr. 3
   85748 Garching
   Germany

   EMail: muenz@net.in.tum.de
   URI:   http://www.net.in.tum.de/~muenz


   Benoit Claise
   Cisco Systems, Inc.
   De Kleetlaan 6a b1
   1831 Diegem
   Belgium

   Phone: +32 2 704 5622
   EMail: bclaise@cisco.com


   Paul Aitken
   Cisco Systems, Inc.
   96 Commercial Quay
   Commercial Street
   Edinburgh  EH6 6LX
   United Kingdom

   Phone: +44 131 561 3616
   EMail: paitken@cisco.com