RFC 6728
Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols
4. Configuration Parameters
This section specifies the configuration and state parameters of the configuration data model separately for each class.4.1. ObservationPoint Class
+-------------------------------+ | ObservationPoint | +-------------------------------+ | name | | observationPointId {readOnly} | | observationDomainId | 0..* | ifName[0..*] |-------------+ | ifIndex[0..*] | | 0..* | entPhysicalName[0..*] | V | entPhysicalIndex[0..*] | +------------------+ | direction = "both" | | SelectionProcess | +-------------------------------+ +------------------+ Figure 7: ObservationPoint class Figure 7 shows the ObservationPoint class that specifies an Observation Point of the Monitoring Device. As defined in [RFC5101], an Observation Point can be any location where packets are observed. A Monitoring Device potentially has more than one such location. An instance of ObservationPoint class defines which location is associated with a specific Observation Point. For this purpose, interfaces and physical entities are identified using their names. Alternatively, index values of the corresponding entries in the ifTable (IF-MIB module [RFC2863]) or the entPhysicalTable (ENTITY-MIB module [RFC4133]) can be used as identifiers. However, indices SHOULD only be used as identifiers if an SNMP agent on the same Monitoring Device enables access to the corresponding MIB tables.
By its definition in [RFC5101], an Observation Point may be associated with a set of interfaces. Therefore, the configuration data model allows configuring multiple interfaces and physical entities for a single Observation Point. The Observation Point ID (i.e., the value of the Information Element observationPointId [IANA-IPFIX]) is assigned by the Monitoring Device. It appears as a state parameter in the ObservationPoint class. The configuration parameters of the Observation Point are: observationDomainId: This parameter defines the identifier of the Observation Domain the Observation Point belongs to. Observation Points that are configured with the same Observation Domain ID belong to the same Observation Domain. Note that this parameter corresponds to ipfixObservationPointObservationDomainId in the IPFIX MIB module [RFC6615]. ifName/ifIndex/entPhysicalName/entPhysicalIndex: These parameters identify interfaces and physical entities (e.g., linecards) that are on the Monitoring Device and are associated with the given Observation Point. An interface is either identified by its name (ifName) or the ifIndex value of the corresponding object in the IF-MIB module [RFC2863]. ifIndex SHOULD only be used if an SNMP agent enables access to the ifTable. Similarly, a physical entity is either identified by its name (entPhysicalName) or the entPhysicalIndex value of the corresponding object in the ENTITY-MIB module [RFC4133]. entPhysicalIndex SHOULD only be used if an SNMP agent enables access to the entPhysicalTable. Note that the parameters ifIndex and entPhysicalIndex correspond to ipfixObservationPointPhysicalInterface and ipfixObservationPointPhysicalEntity in the IPFIX MIB module [RFC6615]. direction: This parameter specifies if ingress traffic, egress traffic, or both ingress and egress traffic is captured, using the values "ingress", "egress", and "both", respectively. If not configured, ingress and egress traffic is captured (i.e., the default value is "both"). If not applicable (e.g., in the case of a sniffing interface in promiscuous mode), the value of this parameter is ignored.
An ObservationPoint object MAY refer to one or more SelectionProcess objects configuring Selection Processes that process the observed packets in parallel.4.2. SelectionProcess Class
+------------------+ | SelectionProcess | +------------------+ 1..* +----------+ | name |<>------| Selector | | | +----------+ | | | | 0..* +--------------------------------+ | |<>------| SelectionSequence | | | +--------------------------------+ | | | observationDomainId {readOnly} | | | | selectionSequenceId {readOnly} | | | +--------------------------------+ | | | | 0..* 0..1 +-------+ | |----------->| Cache | +------------------+ +-------+ Figure 8: SelectionProcess class Figure 8 shows the SelectionProcess class. The SelectionProcess class contains the configuration and state parameters of a Selection Process that selects packets from one or more Observed Packet Streams and generates a Selected Packet Stream as its output. A non-empty ordered list defines a sequence of Selectors. The actions defined by the Selectors are applied to the stream of incoming packets in the specified order. If the Selection Process receives packets from multiple Observation Points, the Observed Packet Streams need to be processed independently in separate Selection Sequences. Each Selection Sequence is identified by a Selection Sequence ID that is unique within the Observation Domain the Observation Point belongs to (see [RFC5477]). Selection Sequence IDs are assigned by the Monitoring Device. As state parameters, the SelectionProcess class contains a list of (observationDomainId, selectionSequenceId) tuples specifying the assigned Selection Sequence IDs and corresponding Observation Domain IDs. With this information, it is possible to associate Selection Sequence (Statistics) Report Interpretations exported according to the PSAMP protocol specification [RFC5476] with the corresponding object of the SelectionProcess class.
A SelectionProcess object MAY include a reference to an object of the Cache class to generate Packet Reports or Flow Records from the Selected Packet Stream.4.2.1. Selector Class
+--------------------------------------+ | Selector | +--------------------------------------+ 1 +-----------------+ | name |<>------+ SelectAll/ | | packetsObserved {readOnly} | | SampCountBased/ | | packetsDropped {readOnly} | | SampTimeBased/ | | selectorDiscontinuityTime {readOnly} | | SampRandOutOfN/ | | | | SampUniProb/ | | | | FilterMatch/ | | | | FilterHash/ | +--------------------------------------+ +-----------------+ Figure 9: Selector class The Selector class in Figure 9 contains the configuration and state parameters of a Selector. Standardized PSAMP Sampling and Filtering methods are described in [RFC5475]; their configuration parameters are specified in the classes SampCountBased, SampTimeBased, SampRandOutOfN, SampUniProb, FilterMatch, and FilterHash. In addition, the SelectAll class, which has no parameters, is used for a Selector that selects all packets. The Selector class includes exactly one of these sampler and filter classes, depending on the applied method. As state parameters, the Selector class contains the Selector statistics packetsObserved and packetsDropped as well as selectorDiscontinuityTime, which correspond to the IPFIX MIB module objects ipfixSelectionProcessStatsPacketsObserved, ipfixSelectionProcessStatsPacketsDropped, and ipfixSelectionProcessStatsDiscontinuityTime, respectively [RFC6615]: packetsObserved: The total number of packets observed at the input of the Selector. If this is the first Selector in the Selection Process, this counter corresponds to the total number of packets in all Observed Packet Streams at the input of the Selection Process. Otherwise, the counter corresponds to the total number of packets at the output of the preceding Selector. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of selectorDiscontinuityTime.
packetsDropped: The total number of packets discarded by the
Selector. Discontinuities in the value of this counter can occur
at re-initialization of the management system, and at other times
as indicated by the value of selectorDiscontinuityTime.
selectorDiscontinuityTime: Timestamp of the most recent occasion at
which one or more of the Selector counters suffered a
discontinuity. In contrast to
ipfixSelectionProcessStatsDiscontinuityTime, the time is absolute
and not relative to sysUpTime.
Note that packetsObserved and packetsDropped are aggregate statistics
calculated over all Selection Sequences of the Selection Process.
This is in contrast to the counter values in the Selection Sequence
Statistics Report Interpretation [RFC5476], which are related to a
single Selection Sequence only.
4.2.2. Sampler Classes
+----------------+ +----------------+ +----------------+
| SampCountBased | | SampTimeBased | | SampRandOutOfN |
+----------------+ +----------------+ +----------------+
| packetInterval | | timeInterval | | population |
| packetSpace | | timeSpace | | size |
+----------------+ +----------------+ +----------------+
+----------------+
| SampUniProb |
+----------------+
| probability |
+----------------+
Figure 10: Sampler classes
The Sampler classes in Figure 10 contain the configuration parameters
of specific Sampling algorithms:
packetInterval, packetSpace: For systematic count-based Sampling,
packetInterval defines the number of packets that are
consecutively sampled between gaps of length packetSpace. These
parameters correspond to the Information Elements
samplingPacketInterval and samplingPacketSpace [RFC5477], as well
as to the PSAMP MIB objects psampSampCountBasedInterval and
psampSampCountBasedSpace [RFC6727].
timeInterval, timeSpace: For systematic time-based Sampling,
timeInterval defines the time interval during which all arriving
packets are sampled. timeSpace is the gap between two Sampling
intervals. These parameters correspond to the Information
Elements samplingTimeInterval and samplingTimeSpace [RFC5477], as
well as to the PSAMP MIB objects psampSampTimeBasedInterval and
psampSampTimeBasedSpace [RFC6727]. The unit is microseconds.
size, population: For n-out-of-N random Sampling, size defines the
number of elements taken from the parent population. population
defines the number of elements in the parent population. These
parameters correspond to the Information Elements samplingSize and
samplingPopulation [RFC5477], as well as to the PSAMP MIB objects
psampSampRandOutOfNSize and psampSampRandOutOfNPopulation
[RFC6727].
probability: For uniform probabilistic Sampling, probability defines
the Sampling probability. The probability is expressed as a value
between 0 and 1. This parameter corresponds to the Information
Element samplingProbability [RFC5477], as well as to the PSAMP MIB
object psampSampUniProbProbability [RFC6727].
4.2.3. Filter Classes
+---------------------------+
| FilterMatch |
+---------------------------+
| ieId/ieName |
| ieEnterpriseNumber = 0 |
| value |
+---------------------------+
+---------------------------+
| FilterHash |
+---------------------------+ 1..* +---------------+
| hashFunction = "BOB" |<>-------| SelectedRange |
| initializerValue[0..1] | +---------------+
| ipPayloadOffset = 0 | | name |
| ipPayloadSize = 8 | | min |
| digestOutput = "false" | | max |
| outputRangeMin {readOnly} | +---------------+
| outputRangeMax {readOnly} |
+---------------------------+
Figure 11: Filter classes
The Filter classes in Figure 11 contain the configuration parameters of specific Filtering methods. For property match Filtering, the configuration parameters are: ieId, ieName, ieEnterpriseNumber: The property to be matched is specified by either ieId or ieName, specifying the identifier or name of the Information Element, respectively. If ieEnterpriseNumber is zero (which is the default), this Information Element is registered in the IANA registry of IPFIX Information Elements [IANA-IPFIX]. A non-zero value of ieEnterpriseNumber specifies an enterprise-specific Information Element [IANA-ENTERPRISE-NUMBERS]. value: Matching value. For hash-based Filtering, the configuration and state parameters are: hashFunction: Hash function to be used. The following parameter values are defined by the configuration data model: * BOB: BOB Hash Function as specified in [RFC5475], Appendix A.2 * IPSX: IP Shift-XOR (IPSX) Hash Function as specified in [RFC5475], Appendix A.1 * CRC: CRC-32 function as specified in [RFC1141] Default value is "BOB". This parameter corresponds to the PSAMP MIB object psampFiltHashFunction [RFC6727]. initializerValue: Initializer value to the hash function. This parameter corresponds to the Information Element hashInitialiserValue [RFC5477], as well as to the PSAMP MIB object psampFiltHashInitializerValue [RFC6727]. If not configured by the user, the Monitoring Device arbitrarily chooses an initializer value. ipPayloadOffset, ipPayloadSize: ipPayloadOffset and ipPayloadSize configure the offset and the size of the payload section used as input to the hash function. Default values are 0 and 8, respectively, corresponding to the minimum configurable values according to [RFC5476], Section 6.5.2.6. These parameters correspond to the Information Elements hashIPPayloadOffset and hashIPPayloadSize [RFC5477], as well as to the PSAMP MIB objects psampFiltHashIpPayloadOffset and psampFiltHashIpPayloadSize [RFC6727]. digestOutput: digestOutput enables or disables the inclusion of the packet digest in the resulting PSAMP Packet Report. This requires that the Cache Layout of the Cache generating the Packet Reports includes a digestHashValue field. This parameter corresponds to the Information Element hashDigestOutput [RFC5477].
outputRangeMin, outputRangeMax: The values of these two state
parameters are the beginning and end of the hash function's
potential output range. These parameters correspond to the
Information Elements hashOutputRangeMin and hashOutputRangeMax
[RFC5477], as well as to the PSAMP MIB objects
psampFiltHashOutputRangeMin and psampFiltHashOutputRangeMax
[RFC6727].
One or more ranges of matching hash values are defined by the min and
max parameters of the SelectedRange subclass. These parameters
correspond to the Information Elements hashSelectedRangeMin and
hashSelectedRangeMax [RFC5477], as well as to the PSAMP MIB objects
psampFiltHashSelectedRangeMin and psampFiltHashSelectedRangeMax
[RFC6727].
4.3. Cache Class
+-----------------------------------+
| Cache |
+-----------------------------------+ 1 +------------------+
| name |<>--------| immediateCache/ |
| meteringProcessId {readOnly} | | timeoutCache/ |
| dataRecords {readOnly} | | naturalCache/ |
| cacheDiscontinuityTime {readOnly} | | permanentCache |
| | +------------------+
| |
| | 0..* +------------------+
| |--------->| ExportingProcess |
+-----------------------------------+ +------------------+
Figure 12: Cache class
Figure 12 shows the Cache class that contains the configuration and
state parameters of a Cache. Most of these parameters are specific
to the type of the Cache and therefore contained in the subclasses
immediateCache, timeoutCache, naturalCache, and permanentCache, which
are presented below in Sections 4.3.1 and 4.3.2. The following three
state parameters are common to all Caches and therefore included in
the Cache class itself:
meteringProcessId: The identifier of the Metering Process the Cache
belongs to.
This parameter corresponds to the Information Element
meteringProcessId [IANA-IPFIX]. Its occurrence helps to associate
Metering Process (Reliability) Statistics exported according to
the IPFIX protocol specification [RFC5101] with the corresponding
object of the MeteringProcess class.
dataRecords: The number of Data Records generated by this Cache.
Discontinuities in the value of this counter can occur at
re-initialization of the management system, and at other times as
indicated by the value of cacheDiscontinuityTime.
Note that this parameter corresponds to
ipfixMeteringProcessDataRecords in the IPFIX MIB module [RFC6615].
cacheDiscontinuityTime: Timestamp of the most recent occasion at
which dataRecords suffered a discontinuity. In contrast to
ipfixMeteringProcessDiscontinuityTime, the time is absolute and
not relative to sysUpTime.
Note that this parameter functionally corresponds to
ipfixMeteringProcessDiscontinuityTime in the IPFIX MIB module
[RFC6615].
A Cache object MAY refer to one or more ExportingProcess objects
configuring different Exporting Processes.
4.3.1. ImmediateCache Class
+-------------------------------+
| ImmediateCache |
+-------------------------------+ 1 +-------------+
| |<>-------| CacheLayout |
+-------------------------------+ +-------------+
Figure 13: ImmediateCache class
The ImmediateCache class depicted in Figure 13 is used to configure a
Cache that generates a PSAMP Packet Report for each packet at its
input. The fields contained in the generated Data Records are
defined in an object of the CacheLayout class, which is defined below
in Section 4.3.3.
4.3.2. TimeoutCache, NaturalCache, and PermanentCache Class
+-------------------------------+ | TimeoutCache | +-------------------------------+ 1 +-------------+ | maxFlows {opt.} |<>-------| CacheLayout | | activeTimeout {opt.} | +-------------+ | idleTimeout {opt.} | | activeFlows {readOnly} | | unusedCacheEntries {readOnly} | +-------------------------------+ +-------------------------------+ | NaturalCache | +-------------------------------+ 1 +-------------+ | maxFlows {opt.} |<>-------| CacheLayout | | activeTimeout {opt.} | +-------------+ | idleTimeout {opt.} | | activeFlows {readOnly} | | unusedCacheEntries {readOnly} | +-------------------------------+ +-------------------------------+ | PermanentCache | +-------------------------------+ 1 +-------------+ | maxFlows {opt.} |<>-------| CacheLayout | | exportInterval {opt.} | +-------------+ | activeFlows {readOnly} | | unusedCacheEntries {readOnly} | +-------------------------------+ Figure 14: TimeoutCache, NaturalCache, and PermanentCache class Figure 14 shows the TimeoutCache class, the NaturalCache class, and the PermanentCache class. These classes are used to configure a Cache that aggregates the packets at its input and generates IPFIX Flow Records. The three classes differ in when Flows expire: o TimeoutCache: Flows expire after active or idle timeout. o NaturalCache: Flows expire after active or idle timeout, or on natural termination (e.g., TCP FIN or TCP RST) of the Flow. o PermanentCache: Flows never expire, but are periodically exported with the interval set by exportInterval.
The following configuration and state parameters are common to the
three classes:
maxFlows: This parameter configures the maximum number of entries in
the Cache, which is the maximum number of Flows that can be
measured simultaneously.
If this parameter is configured, the Monitoring Device MUST ensure
that sufficient resources are available to store the configured
maximum number of Flows. If the maximum number of Cache entries
is in use, no additional Flows can be measured. However, traffic
that pertains to existing Flows can continue to be measured.
activeFlows: This state parameter indicates the number of Flows
currently active in this Cache (i.e., the number of Cache entries
currently in use).
Note that this parameter corresponds to
ipfixMeteringProcessCacheActiveFlows in the IPFIX MIB module
[RFC6615].
unusedCacheEntries: The number of unused cache entries. Note that
the sum of activeFlows and unusedCacheEntries equals maxFlows if
maxFlows is configured.
Note that this parameter corresponds to
ipfixMeteringProcessCacheUnusedCacheEntries in the IPFIX MIB
module [RFC6615].
The following timeout parameters are only available in the
TimeoutCache class and the NaturalCache class:
activeTimeout: This parameter configures the time in seconds after
which a Flow is expired even though packets matching this Flow are
still received by the Cache. The parameter value zero indicates
infinity, meaning that there is no active timeout.
If not configured by the user, the Monitoring Device sets this
parameter.
Note that this parameter corresponds to
ipfixMeteringProcessCacheActiveTimeout in the IPFIX MIB module
[RFC6615].
idleTimeout: This parameter configures the time in seconds after
which a Flow is expired if no more packets matching this Flow are
received by the Cache. The parameter value zero indicates
infinity, meaning that there is no idle timeout.
If not configured by the user, the Monitoring Device sets this
parameter.
Note that this parameter corresponds to
ipfixMeteringProcessCacheIdleTimeout in the IPFIX MIB module
[RFC6615].
The following interval parameter is only available in the
PermanentCache class:
exportInterval: This parameter configures the interval (in seconds)
for periodical export of Flow Records.
If not configured by the user, the Monitoring Device sets this
parameter.
Every generated Flow Record MUST be associated with a single
Observation Domain. Hence, although a Cache MAY be configured to
process packets observed at multiple Observation Domains, the Cache
MUST NOT aggregate packets observed at different Observation Domains
in the same Flow.
An object of the Cache class contains an object of the CacheLayout
class that defines which fields are included in the Flow Records.
4.3.3. CacheLayout Class
+--------------+
| CacheLayout |
+--------------+ 1..* +--------------------------------+
| |<>------| CacheField |
| | +--------------------------------+
| | | name |
| | | ieId/ieName |
| | | ieLength {opt.} |
| | | ieEnterpriseNumber = 0 |
| | | isFlowKey[0..1] {not used with |
| | | ImmediateCache class} |
+--------------+ +--------------------------------+
Figure 15: CacheLayout class
A Cache generates and maintains Packet Reports or Flow Records
containing information that has been extracted from the incoming
stream of packets. Using the CacheField class, the CacheLayout class
specifies the superset of fields that are included in the Packet
Reports or Flow Records (see Figure 15).
If Packet Reports are generated (i.e., if ImmediateCache class is
used to configure the Cache), every field specified by the Cache
Layout MUST be included in the resulting Packet Report unless the
corresponding Information Element is not applicable or cannot be
derived from the content or treatment of the incoming packet. Any
other field specified by the Cache Layout MAY only be included in the
Packet Report if it is obvious from the field value itself or from the values of other fields in same Packet Report that the field value was not determined from the packet. For example, if a field is configured to contain the TCP source port (Information Element tcpSourcePort [IANA-IPFIX]), the field MUST be included in all Packet Reports that are related to TCP packets. Although the field value cannot be determined for non-TCP packets, the field MAY be included in the Packet Reports if another field contains the transport protocol identifier (Information Element protocolIdentifier [IANA-IPFIX]). If Flow Records are generated (i.e., if TimeoutCache, NaturalCache, or PermanentCache class is used to configure the Cache), the Cache Layout differentiates between Flow Key fields and non-key fields. Every Flow Key field specified by the Cache Layout MUST be included as Flow Key in the resulting Flow Record unless the corresponding Information Element is not applicable or cannot be derived from the content or treatment of the incoming packet. Any other Flow Key field specified by the Cache Layout MAY only be included in the Flow Record if it is obvious from the field value itself or from the values of other Flow Key fields in the same Flow Record that the field value was not determined from the packet. Two packets are accounted by the same Flow Record if none of their Flow Key fields differ. If a Flow Key field can be determined for one packet but not for the other, the two packets are accounted in different Flow Records. Every non-key field specified by the Cache Layout MUST be included in the resulting Flow Record unless the corresponding Information Element is not applicable or cannot be derived for the given Flow. Any other non-key field specified by the Cache Layout MAY only be included in the Flow Record if it is obvious from the field value itself or from the values of other fields in same Flow Record that the field value was not determined from the packet. Packets which are accounted by the same Flow Record may differ in their non-key fields, or one or more of the non-key fields can be undetermined for all or some of the packets. For example, if a non-key field specifies an Information Element whose value is determined by the first packet observed within a Flow (which is the default rule according to [RFC5102] unless specified differently in the description of the Information Element), this field MUST be included in the resulting Flow Record if it can be determined from the first packet of the Flow.
The CacheLayout class does not have any parameters. The
configuration parameters of the CacheField class are as follows:
ieId, ieName, ieEnterpriseNumber: These parameters specify a field
by the combination of the Information Element identifier or name,
and the Information Element enterprise number. Either ieId or
ieName MUST be specified. If ieEnterpriseNumber is zero (which is
the default), this Information Element is registered in the IANA
registry of IPFIX Information Elements [IANA-IPFIX]. A non-zero
value of ieEnterpriseNumber specifies an enterprise-specific
Information Element [IANA-ENTERPRISE-NUMBERS].
If the enterprise number is set to 29305, this field contains a
Reverse Information Element. In this case, the Cache MUST
generate Data Records in accordance to [RFC5103].
ieLength: This parameter specifies the length of the field in
octets. A value of 65535 means that the field is encoded as a
variable-length Information Element. For Information Elements of
integer and float type, the field length MAY be set to a smaller
value than the standard length of the abstract data type if the
rules of reduced size encoding are fulfilled (see [RFC5101],
Section 6.2). If not configured by the user, the field length is
set by the Monitoring Device.
isFlowKey: If present, this field is a Flow Key. If the field
contains a Reverse Information Element, it MUST NOT be configured
as Flow Key.
This parameter is not available if the Cache is configured using
the ImmediateCache class since there is no distinction between
Flow Key fields and non-key fields in Packet Reports.
Note that the use of Information Elements can be restricted to
certain Cache types as well as to Flow Key or non-key fields. Such
restrictions may result from Information Element definitions or from
device-specific constraints. According to Section 5, the Monitoring
Device MUST notify the user if a Cache field cannot be configured
with the given Information Element.
4.4. ExportingProcess Class
+-------------------------------+ | ExportingProcess | +-------------------------------+ 1..* +-------------+ | name |<>------| Destination | | exportingProcessId {readOnly} | +-------------+ | exportMode = "parallel" | | name |<>-+ | | +-------------+ | 1 | | | | | +---------------+ | | | SctpExporter/ | | | | UdpExporter/ | | | | TcpExporter/ | | | | FileWriter | | | +---------------+ | | | | 0..* +------------------+ | |<>------| Options | +-------------------------------+ +------------------+ Figure 16: ExportingProcess class The ExportingProcess class in Figure 16 specifies destinations to which the incoming Packet Reports and Flow Records are exported using objects of the Destination class. The Destination class includes one object of the SctpExporter, UdpExporter, TcpExporter, or FileWriter class which contains further configuration parameters. These classes are described in Sections 4.4.1, 4.4.2, 4.4.3, and 4.4.4. As state parameter, the ExportingProcess class contains the identifier of the Exporting Process (exportingProcessId). This parameter corresponds to the Information Element exportingProcessId [IANA-IPFIX]. Its occurrence helps to associate Exporting Process Reliability Statistics exported according to the IPFIX protocol specification [RFC5101] with the corresponding object of the ExportingProcess class. The order in which objects of the Destination class appear is defined by the user. However, the order has a specific meaning only if the exportMode parameter is set to "fallback". The exportMode parameter is defined as follows: exportMode: This parameter determines to which configured destination(s) the incoming Data Records are exported. The following parameter values are specified by the configuration data model:
* parallel: every Data Record is exported to all configured
destinations in parallel
* loadBalancing: every Data Record is exported to exactly one
configured destination according to a device-specific load-
balancing policy
* fallback: every Data Record is exported to exactly one
configured destination according to the fallback policy
described below
If exportMode is set to "fallback", the first object of the
Destination class defines the primary destination, the second
object of the Destination class defines the secondary destination,
and so on. If the Exporting Process fails to export Data Records
to the primary destination, it tries to export them to the
secondary one. If the secondary destination fails as well, it
continues with the tertiary, etc.
"parallel" is the default value if exportMode is not configured.
Note that the exportMode parameter is related to the
ipfixExportMemberType object in [RFC6615]. If exportMode is
"parallel", the ipfixExportMemberType values of the corresponding
entries in ipfixExportTable are set to parallel(3). If exportMode is
"loadBalancing", the ipfixExportMemberType values of the
corresponding entries in ipfixExportTable are set to
loadBalancing(4). If exportMode is "fallback", the
ipfixExportMemberType value that refers to the primary destination is
set to primary(1); the ipfixExportMemberType values that refer to the
remaining destinations need to be set to secondary(2). The IPFIX MIB
module does not define any value for tertiary destination, etc.
The reporting of information with Options Templates is defined with
objects of the Options class.
The Exporting Process may modify the Packet Reports and Flow Records
to enable a more efficient transmission or storage under the
condition that no information is changed or suppressed. For example,
the Exporting Process may shorten the length of a field according to
the rules of reduced size encoding [RFC5101]. The Exporting Process
may also export certain fields in a separate Data Record as described
in [RFC5476].
4.4.1. SctpExporter Class
+------------------------------+ | SctpExporter | +------------------------------+ 0..1 +------------------------+ | ipfixVersion = 10 |<>-------| TransportLayerSecurity | | sourceIPAddress[0..*] | +------------------------+ | destinationIPAddress[1..*] | | destinationPort = 4739|4740 | 0..1 +------------------------+ | ifName/ifIndex[0..1] |<>-------| TransportSession | | sendBufferSize {opt.} | +------------------------+ | rateLimit[0..1] | | timedReliability = 0 | +------------------------------+ Figure 17: SctpExporter class The SctpExporter class shown in Figure 17 contains the configuration parameters of an SCTP export destination. The configuration parameters are: ipfixVersion: Version number of the IPFIX protocol used. If omitted, the default value is 10 (=0x000a) as specified in [RFC5101]. sourceIPAddress: List of source IP addresses used by the Exporting Process. If configured, the specified addresses are eligible local IP addresses of the multihomed SCTP endpoint. If not configured, all locally assigned IP addresses are eligible local IP addresses. destinationIPAddress: One or more IP addresses of the Collecting Process to which IPFIX Messages are sent. The user must ensure that all configured IP addresses belong to the same Collecting Process. The Exporting Process tries to establish an SCTP association to any of the configured destination IP addresses. destinationPort: Destination port number to be used. If not configured, standard port 4739 (IPFIX without TLS and DTLS) or 4740 (IPFIX over TLS or DTLS) is used. ifIndex/ifName: Either the index or the name of the interface used by the Exporting Process to export IPFIX Messages to the given destination MAY be specified according to corresponding objects in the IF-MIB [RFC2863]. If omitted, the Exporting Process selects the outgoing interface based on local routing decision and accepts return traffic, such as transport-layer acknowledgments, on all available interfaces.
sendBufferSize: Size of the socket send buffer in bytes. If not
configured by the user, the buffer size is set by the Monitoring
Device.
rateLimit: Maximum number of bytes per second the Exporting Process
may export to the given destination as required by [RFC5476]. The
number of bytes is calculated from the lengths of the IPFIX
Messages exported. If this parameter is not configured, no rate
limiting is performed for this destination.
timedReliability: Lifetime in milliseconds until an IPFIX Message
containing Data Sets only is "abandoned" due to the timed
reliability mechanism of the Partial Reliability extension of SCTP
(PR-SCTP) [RFC3758]. If this parameter is set to zero, reliable
SCTP transport MUST be used for all Data Records. Regardless of
the value of this parameter, the Exporting Process MAY use
reliable SCTP transport for Data Sets associated with certain
Options Templates, such as the Data Record Reliability Options
Template specified in [RFC6526].
Using the TransportLayerSecurity class described in Section 4.6,
Datagram Transport Layer Security (DTLS) is enabled and configured
for this export destination.
If a Transport Session is established to the configured destination,
the SctpExporter class includes an object of the TransportSession
class containing state parameters of the Transport Session. The
TransportSession class is specified in Section 4.7.
4.4.2. UdpExporter Class
+-------------------------------------+ | UdpExporter | +-------------------------------------+ 0..1 +------------------+ | ipfixVersion = 10 |<>------| TransportLayer- | | sourceIPAddress[0..1] | | Security | | destinationIPAddress | +------------------+ | destinationPort = 4739|4740 | | ifName/ifIndex[0..1] | 0..1 +------------------+ | sendBufferSize {opt.} |<>------| TransportSession | | rateLimit[0..1] | +------------------+ | maxPacketSize {opt.} | | templateRefreshTimeout = 600 | | optionsTemplateRefreshTimeout = 600 | | templateRefreshPacket[0..1] | | optionsTemplateRefreshPacket[0..1] | +-------------------------------------+ Figure 18: UdpExporter class The UdpExporter class shown in Figure 18 contains the configuration parameters of a UDP export destination. The parameters ipfixVersion, destinationPort, ifName, ifIndex, sendBufferSize, and rateLimit have the same meaning as in the SctpExporter class (see Section 4.4.1). The remaining configuration parameters are: sourceIPAddress: This parameter specifies the source IP address used by the Exporting Process. If this parameter is omitted, the IP address assigned to the outgoing interface is used as the source IP address. destinationIPAddress: Destination IP address to which IPFIX Messages are sent (i.e., the IP address of the Collecting Process). maxPacketSize: This parameter specifies the maximum size of IP packets sent to the Collector. If set to zero, the Exporting Device MUST derive the maximum packet size from path MTU discovery mechanisms. If not configured by the user, this parameter is set by the Monitoring Device. templateRefreshTimeout, optionsTemplateRefreshTimeout, templateRefreshPacket, optionsTemplateRefreshPacket: These parameters specify when (Options) Templates are refreshed by the Exporting Process. templateRefreshTimeout and optionsTemplateRefreshTimeout are specified in seconds between resendings of (Options) Templates.
If omitted, the default value of 600 seconds (10 minutes) is used
[RFC5101].
templateRefreshPacket and optionsTemplateRefreshPacket specify the
number of IPFIX Messages after which (Options) Templates are
resent. If omitted, the (Options) Templates are only resent after
timeout.
Note that the values configured for templateRefreshTimeout and
optionsTemplateRefreshTimeout MUST be adapted to the
templateLifeTime and optionsTemplateLifeTime parameter settings at
the receiving Collecting Process (see Section 4.5.2).
Note that these parameters correspond to
ipfixTransportSessionTemplateRefreshTimeout,
ipfixTransportSessionOptionsTemplateRefreshTimeout,
ipfixTransportSessionTemplateRefreshPacket, and
ipfixTransportSessionOptionsTemplateRefreshPacket in the IPFIX MIB
module [RFC6615].
Using the TransportLayerSecurity class described in Section 4.6, DTLS
is enabled and configured for this export destination.
If a Transport Session is established to the configured destination,
the UdpExporter class includes an object of the TransportSession
class containing state parameters of the Transport Session. The
TransportSession class is specified in Section 4.7.
4.4.3. TcpExporter Class
+------------------------------+
| TcpExporter |
+------------------------------+ 0..1 +------------------------+
| ipfixVersion = 10 |<>-------| TransportLayerSecurity |
| sourceIPAddress[0..1] | +------------------------+
| destinationIPAddress |
| destinationPort = 4739|4740 | 0..1 +------------------------+
| ifName/ifIndex[0..1] |<>-------| TransportSession |
| sendBufferSize {opt.} | +------------------------+
| rateLimit[0..1] |
+------------------------------+
Figure 19: TcpExporter class
The TcpExporter class shown in Figure 19 contains the configuration
parameters of a TCP export destination. The parameters have the same
meaning as in the UdpExporter class (see Section 4.4.2).
Using the TransportLayerSecurity class described in Section 4.6,
Transport Layer Security (TLS) is enabled and configured for this
export destination.
If a Transport Session is established to the configured destination, the TcpExporter class includes an object of the TransportSession class containing state parameters of the Transport Session. The TransportSession class is specified in Section 4.7.4.4.4. FileWriter Class
+-----------------------------------------+ | FileWriter | +-----------------------------------------+ 0..* +----------+ | ipfixVersion = 10 |<>-------| Template | | file | +----------+ | status {readOnly} | | bytes {readOnly} | | messages {readOnly} | | discardedMessages {readOnly} | | records {readOnly} | | templates {readOnly} | | optionsTemplates {readOnly} | | fileWriterDiscontinuityTime {readOnly} | +-----------------------------------------+ Figure 20: FileWriter classes If an object of the FileWriter class is included in an object of the Destination class, IPFIX Messages are written into a file as specified in [RFC5655]. The FileWriter class contains the following configuration parameters: ipfixVersion: Version number of the IPFIX protocol used. If omitted, the default value is 10 (=0x000a) as specified in [RFC5101]. file: File name and location specified as URI. The state parameters of the FileWriter class are: bytes, messages, records, templates, optionsTemplates: The number of bytes, IPFIX Messages, Data Records, Template Records, and Options Template Records written by the File Writer. Discontinuities in the values of these counters can occur at re-initialization of the management system, and at other times as indicated by the value of fileWriterDiscontinuityTime.
discardedMessages: The number of IPFIX Messages that could not be
written by the File Writer due to internal buffer overflows,
limited storage capacity, etc. Discontinuities in the value of
this counter can occur at re-initialization of the management
system, and at other times as indicated by the value of
fileWriterDiscontinuityTime.
fileWriterDiscontinuityTime: Timestamp of the most recent occasion
at which one or more File Writer counters suffered a
discontinuity. In contrast to discontinuity times in the IPFIX
MIB module, the time is absolute and not relative to sysUpTime.
Each object of the FileWriter class includes a list of objects of the
Template class with information and statistics about the Templates
written to the file. The Template class is specified in Section 4.8.
4.4.5. Options Class
+-----------------------+
| Options |
+-----------------------+
| name |
| optionsType |
| optionsTimeout {opt.} |
+-----------------------+
Figure 21: Options class
The Options class in Figure 21 defines the type of specific
information to be reported, such as statistics, flow keys, Sampling
and Filtering parameters, etc. [RFC5101] and [RFC5476] specify
several types of reporting information that may be exported. The
following parameter values are specified by the configuration data
model:
meteringStatistics: Export of Metering Process statistics using the
Metering Process Statistics Options Template [RFC5101].
meteringReliability: Export of Metering Process reliability
statistics using the Metering Process Reliability Statistics
Options Template [RFC5101].
exportingReliability: Export of Exporting Process reliability
statistics using the Exporting Process Reliability Statistics
Options Template [RFC5101].
flowKeys: Export of the Flow Key specification using the Flow Keys
Options Template [RFC5101].
selectionSequence: Export of Selection Sequence Report
Interpretation and Selector Report Interpretation [RFC5476].
selectionStatistics: Export of Selection Sequence Statistics Report
Interpretation [RFC5476].
accuracy: Export of Accuracy Report Interpretation [RFC5476].
reducingRedundancy: Enables the utilization of Options Templates to
reduce redundancy in the exported Data Records according to
[RFC5473]. The Exporting Process decides when to apply these
Options Templates.
extendedTypeInformation: Export of extended type information for
enterprise-specific Information Elements used in the exported
Templates [RFC5610].
The Exporting Process MUST choose a Template definition according to
the options type and available options data.
The optionsTimeout parameter specifies the reporting interval (in
milliseconds) for periodic export of the option data. A parameter
value of zero means that the export of the option data is not
triggered periodically, but whenever the available option data has
changed. This is the typical setting for options types flowKeys,
selectionSequence, accuracy, and reducingRedundancy. If
optionsTimeout is not configured by the user, it is set by the
Monitoring Device.
(next page on part 3)
