YANG model for Data Export over IP Flow Information Export (IPFIX) Protocol
draft-arokiarajseda-ipfix-data-export-yang-model-00

Document Type Active Internet-Draft (individual)
Authors Anand Arokiaraj  , Marta Seda 
Last updated 2021-10-08
Replaces draft-boydseda-ipfix-psamp-bulk-data-yang-model
Stream (None)
Intended RFC status (None)
Formats pdf htmlized bibtex
Reviews
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       A. Arokiaraj
Internet-Draft                                                     Nokia
Intended status: Standards Track                                 M. Seda
Expires: 11 April 2022                                             Calix
                                                          8 October 2021

   YANG model for Data Export over IP Flow Information Export (IPFIX)
                                Protocol
          draft-arokiarajseda-ipfix-data-export-yang-model-00

Abstract

   This document defines a flexible, modular YANG model for data export
   via the IPFIX protocol.  The YANG models in this document conform to
   the Network Management Datastore Architecture (NMDA) defined in RFC
   8342.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 11 April 2022.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Arokiaraj & Seda          Expires 11 April 2022                 [Page 1]
Internet-Draft        IPFIX Data Export Data Models         October 2021

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Tree Diagrams . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Objectives  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Structure of the Configuration Data Model . . . . . . . . . .   3
     3.1.  Data Exporter Decomposition . . . . . . . . . . . . . . .   4
   4.  Configuration and State Parameters  . . . . . . . . . . . . .   4
     4.1.  Exporting Process Class . . . . . . . . . . . . . . . . .   4
       4.1.1.  Exporter Class  . . . . . . . . . . . . . . . . . . .   6
     4.2.  Transport Layer Security Class  . . . . . . . . . . . . .   8
     4.3.  Transport Session Class . . . . . . . . . . . . . . . . .  11
     4.4.  Template Class  . . . . . . . . . . . . . . . . . . . . .  13
     4.5.  Data Class  . . . . . . . . . . . . . . . . . . . . . . .  15
   5.  YANG Modules  . . . . . . . . . . . . . . . . . . . . . . . .  16
     5.1.  ietf-ipfix-data-export  . . . . . . . . . . . . . . . . .  16
       5.1.1.  ietf-ipfix-data-export Module Structure . . . . . . .  16
       5.1.2.  ietf-ipfix-data-export YANG module  . . . . . . . . .  19
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  44
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  45
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  46
   9.  Normative References  . . . . . . . . . . . . . . . . . . . .  46
   10. Informative References  . . . . . . . . . . . . . . . . . . .  47
   Appendix A.  Example: ietf-ipfix-data-export Usage  . . . . . . .  48
   Appendix B.  Tree diagrams  . . . . . . . . . . . . . . . . . . .  49
     B.1.  ietf-ipfix-data-export  . . . . . . . . . . . . . . . . .  49
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  51

1.  Introduction

   A device may be exporting statistics and other data for the
   consumption of a collector.  The IPFIX protocol may be used to
   transport data such as:

   *  Statistics from interfaces and sessions: YANG models define
      statistics that can be retrieved via protocols such as NETCONF
      [RFC6241] or RESTCONF [RFC8040].

   *  State data that can be used to correlate the statisticis.

   These statistics and state information can be streamed using an IPFIX
   transport to an IPFIX collector that supports analytics tools.  An
   operator may wish to take the data and analyze it for trend analysis
   purposes or other usages (e.g., collect octet counts every 5 minutes
   for service level agreement purposes or collect reported device
   temperature for network health purposes).

Arokiaraj & Seda          Expires 11 April 2022                 [Page 2]
Internet-Draft        IPFIX Data Export Data Models         October 2021

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   The following terms that are defined in RFC7011 are not redefined
   here:
   Observation Domain Exporting Process Exporter IPFIX Device Collecting
   Process Collector Template IPFIX Message Template Record Data Record
   Options Template Record Set Template Set Options Template Set Data
   Set Information Element Transport Session

1.2.  Tree Diagrams

   Tree diagrams used in this document follow the notation defined in
   [RFC8340].

2.  Objectives

   This section describes some of the design objectives for the model
   presented in this RFC.

   *  The model should focus purely on the requirements for a data
      export mechanism and not involve packet sampling, selection or
      collection process.

   *  References to physical and logical interface should be as simple
      as possible (e.g., through a leafref).

   *  The model should support a reliable and secure transport
      mechanism.

   *  The data model should provide suffient state and statistic
      information for a network operator to determine the state of the
      individual transport sessions.

   *  The data model should provide reference in the template and IE id
      state information to correlate it to the configuration.

3.  Structure of the Configuration Data Model

   IPFIX data export yang model - inline with RFC 7317/RFC8343

Arokiaraj & Seda          Expires 11 April 2022                 [Page 3]
Internet-Draft        IPFIX Data Export Data Models         October 2021

3.1.  Data Exporter Decomposition

   Figure 1 shows the main classes of the configuration model that are
   involved in data export.  In a device that has a resource instance
   capable of reporting data through IPFIX, a data template is created
   and applied to that resource instance.

   The ExportingProcess class contains configuration and state
   parameters of an exporting-process.  It includes various TCP-specific
   parameters and the export destinations.  The data-template may refer
   to multiple instances of the ExportingProcess class.

    +--------------------------------+
    | module:ietf-ipfix--data-export |
    |--------------------------------|
    +--------------------------------+
                 ^
                 |
               1 |
    +------------+-------+              +---------------+
    | list:template-set  |              | list:resource |
    |--------------------|------------->+---------------|
    +------------+-------+         0..* +---------------+
                 |
            0..* | exporting-process-ref
                 v
    +-------------------------+
    | list:exporting-process  |
    |-------------------------|
    +-------------------------+

                       Figure 1: Data Exporter Model

4.  Configuration and State Parameters

   This section specifies the configuration and state parameters of the
   configuration data model separately for each class.

4.1.  Exporting Process Class

   The ExportingProcess class in Figure 2) specifies destinations to
   which the incoming packet reports and flow records are exported using
   objects of the destination class.  The destination class includes
   exporter.

   The ExportingProcess class contains the identifier of the exporting
   process (exporting-process-id).  This parameter corresponds to the
   information element exportingProcessId [IANA-IPFIX].  Its occurrence

Arokiaraj & Seda          Expires 11 April 2022                 [Page 4]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   helps to associate exporting process reliability statistics exported
   according to the IPFIX protocol specification [RFC7011] with the
   corresponding object of the ExportingProcess class.

   The order in which destination instances appear has a specific
   meaning only if the export-mode parameter is set to "fallback".

        +--rw exporting-process* [name] {exporter}?
           +--rw name                    name-type
           +--rw enabled?                boolean
           +--rw export-mode?            identityref
           +--rw destination* [name]
           |  +--rw name                   name-type
           |  +--rw exporter
           |         ...
           +--rw options* [name]
           |  +--rw name               name-type
           |  +--rw options-type       identityref
           |  +--rw options-timeout?   uint32
           +--ro exporting-process-id?   uint32

                     Figure 2: Exporting Process Class

   The Exporting Process parameters are defined as follows:

   enabled  Enables the exporting process to begin exporting data.  The
      default is "enabled".

   export-mode  Determines to which configured destination(s) the
      incoming data records are exported.  The following parameter
      values are specified by the configuration data model:

      *  parallel: every data record is exported to all configured
         destinations in parallel

      *  load-balancing: every data record is exported to exactly one
         configured destination according to a device-specific load-
         balancing policy

      *  fallback: every data record is exported to exactly one
         configured destination according to the fallback policy
         described below

Arokiaraj & Seda          Expires 11 April 2022                 [Page 5]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   If export-mode is set to "fallback", the first destination instance
   defines the primary destination, the second destination instance
   defines the secondary destination, and so on.  If the exporting
   process fails to export data records to the primary destination, it
   tries to export them to the secondary one.  If the secondary
   destination fails as well, it continues with the tertiary, etc.
   "parallel" is the default value if exportmode is not configured.

   Note that the export-mode parameter is related to the
   ipfixExportMemberType object in [RFC6615].  If export-mode is
   "parallel", the ipfixExportMemberType values of the corresponding
   entries in IpfixExportTable are set to parallel(3).  If export-mode
   is "load-balancing", the ipfixExportMemberType values of the
   corresponding entries in IpfixExportTable are set to
   loadBalancing(4).  If exportmode is "fallback", the
   ipfixExportMemberType value that refers to the primary destination is
   set to primary(1); the ipfixExportMemberType values that refer to the
   remaining destinations need to be set to secondary(2).  The IPFIX mib
   module does not define any value for tertiary destination, etc.

   The reporting of information with options templates is defined with
   objects of the Options class.

   The exporting process may modify the packet reports and flow records
   to enable a more efficient transmission or storage under the
   condition that no information is changed or suppressed.  For example,
   the exporting process may shorten the length of a field according to
   the rules of reduced size encoding [RFC7011].  The exporting process
   may also export certain fields in a separate data record as described
   in [RFC5476].

4.1.1.  Exporter Class

   The exporter class shown in {#exporter} contains the configuration
   parameters of a TCP export destination.

   Using the TransportLayerSecurity class described in Section 4.2,
   Transport Layer Security (TLS) is enabled and configured for this
   export destination.

   The TransportSession class is specified in Section 4.3.

Arokiaraj & Seda          Expires 11 April 2022                 [Page 6]
Internet-Draft        IPFIX Data Export Data Models         October 2021

           +--rw exporter
              +--rw ipfix-version?               uint16
              +--rw destination-port?
              |       inet:port-number
              +--rw send-buffer-size?            uint32
              +--rw rate-limit?                  uint32
              +--rw transport-layer-security!
              |     ...
              +--rw source
              |  +--rw (source-method)?
              |     +--:(source-address)
              |     |  +--rw source-address?   inet:host
              |     +--:(interface-ref)
              |     |  +--rw interface-ref?    if:interface-ref
              |     +--:(if-name) {if-mib}?
              |        +--rw if-name?          string
              +--rw destination
              |  +--rw (destination-method)
              |     +--:(destination-address)
              |        +--rw destination-address?   inet:host
              +--ro transport-session

       Figure 3: TCP Exporter Class {#tcpexporter} ### Options Class

   The Options class in Figure 4 defines the type of specific
   information to be reported, such as statistics and filtering
   parameters, etc.  [RFC7011] and [RFC5476] specify several types of
   reporting information that may be exported.

        +--rw options* [name]
           +--rw name               name-type
           +--rw options-type       identityref
           +--rw options-timeout?   uint32

                          Figure 4: Options Class

   The following parameter values are specified by the configuration
   data model:

   exporting-reliability  Export of exporting process reliability
      statistics using the exporting process reliability statistics
      options template [RFC7011].

   accuracy  Export of accuracy report interpretation [RFC5476].

   reducing-redundancy  Enables the utilization of options templates to

Arokiaraj & Seda          Expires 11 April 2022                 [Page 7]
Internet-Draft        IPFIX Data Export Data Models         October 2021

      reduce redundancy in the exported data records according to
      [RFC5473].  The exporting process decides when to apply these
      options templates.

   extended-type-information  Export of extended type information for
      enterprise-specific information elements used in the exported
      templates [RFC5610].

   The exporting process must choose a template definition according to
   the options type and available options data.  The options-timeout
   parameter specifies the reporting interval (in milliseconds) for
   periodic export of the option data.  A parameter value of zero means
   that the export of the option data is not triggered periodically, but
   whenever the available option data has changed.  this is the typical
   setting for options types accuracy and reducing-redundancy.  If
   options-timeout is not configured by the user, it is set by the
   monitoring device.

4.2.  Transport Layer Security Class

   Figure 5 shows the TransportLayerSecurity class which is used in the
   exporting process's class to enable and configure TLS for IPFIX.  If
   TLS is enabled, the endpoint must use TLS [RFC8446] since the
   transport protocol is TCP.

   [RFC7011] mandates strong mutual authentication of exporting
   processes as follows.  IPFIX exporting processes are identified by
   the fully qualified domain name (FQDN) of the interface on which
   IPFIX messages are sent or received, for purposes of X.509 client and
   server certificates as in [RFC5280].  To prevent man-in-the-middle
   attacks from impostor collecting processes, the export of data to an
   unauthorized collecting process, strong mutual authentication via
   asymmetric keys must be used for TLS.  Each of the IPFIX exporting
   processes must verify the identity of its peer against its authorized
   certificates, and must verify that the peer's certificate matches its
   fully qualified domain name.

   The fully qualified domain name used to identify an IPFIX collecting
   process or exporting process may be stored either in a subjectaltname
   extension of type dnsname, or in the most specific common name field
   of the subject field of the x.509 certificate.  If both are present,
   the subjectaltname extension is given preference.

Arokiaraj & Seda          Expires 11 April 2022                 [Page 8]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   In order to use TLS/DTLS, appropriate certificates and keys have to
   be previously installed on the monitoring devices.  For security
   reasons, the configuration data model does not offer the possibility
   to upload any certificates or keys on a monitoring device.  If TLS/
   DTLS is enabled on a monitoring device that does not dispose of
   appropriate certificates and keys, the configuration must be rejected
   with an error.

   The configuration data model allows restricting the authorization of
   remote endpoints to certificates issued by specific certification
   authorities or identifying specific fqdns for authorization.
   Furthermore, the configuration data model allows restricting the
   utilization of certificates identifying the local endpoint.  This is
   useful if the monitoring device disposes of more than one certificate
   for the given local endpoint.

        +--rw transport-layer-security!
           +--rw local-certification-authority-dn*    string
           +--rw local-subject-dn*                    string
           +--rw local-subject-fqdn*                  inet:domain-name
           +--rw remote-certification-authority-dn*   string
           +--rw remote-subject-dn*                   string
           +--rw remote-subject-fqdn*                 inet:domain-name

                  Figure 5: Transport Layer Security Class

   The configuration parameters are defined as follows:

   local-certification-authority-dn  This parameter may appear one or
      more times to restrict the identification of the local endpoint
      during the tls/dtls handshake to certificates issued by the
      configured certification authorities.  each occurrence of this
      parameter contains the distinguished name of one certification
      authority.  To identify the local endpoint, the exporting process
      or collecting process must use a certificate issued by one of the
      configured certification authorities.  Certificates issued by any
      other certification authority must not be sent to the remote peer
      during TLS/DTLS handshake.  If none of the certificates installed
      on the monitoring device fulfills the specified restrictions, the
      configuration must be rejected with an error.  If local-
      certification-authority-dn is not configured, the choice of
      certificates identifying the local endpoint is not restricted with
      respect to the issuing certification authority.

   local-subject-dn, local-subject-fqdn  Each of these parameters may
      appear one or more times to restrict the identification of the
      local endpoint during the TLS/DTLS handshake to certificates
      issued for specific subjects or for specific FQDNs.  Each

Arokiaraj & Seda          Expires 11 April 2022                 [Page 9]
Internet-Draft        IPFIX Data Export Data Models         October 2021

      occurrence of local-subject-dn contains a distinguished name
      identifying the local endpoint.  Each occurrence of local-subject-
      fqdn contains a FQDN which is assigned to the local endpoint.  To
      identify the local endpoint, the exporting process or collecting
      process must use a certificate that contains either one of the
      configured distinguished names in the subject field or at least
      one of the configured FQDNs in a dnsname component of the subject
      alternative extension field or in the most specific commonname
      component of the subject field.  If none of the certificates
      installed on the monitoring device fulfills the specified
      restrictions, the configuration must be rejected with an error.
      If any of the parameters local-subject-dn and local-subject-fqdn
      is configured at the same time as the local-certification-
      authority-dn parameter, certificates must also fulfill the
      specified restrictions regarding the certification authority.  If
      local-subject-dn and local-subject-fqdn are not configured, the
      choice of certificates identifying the local endpoint is not
      restricted with respect to the subject's distinguished name or
      FQDN.

   remote-certification-authority-dn  This parameter may appear one or
      more times to restrict the authentication of remote endpoints
      during the TLS/DTLS handshake to certificates issued by the
      configured certification authorities.  Each occurrence of this
      parameter contains the distinguished name of one certification
      authority.  To authenticate the remote endpoint, the remote
      exporting process or collecting process must provide a certificate
      issued by one of the configured certification authorities.
      Certificates issued by any other certification authority must be
      rejected during TLS/DTLS handshake.  If the monitoring device is
      not able to validate certificates issued by the configured
      certification authorities (e.g., because of missing public keys),
      the configuration must be rejected with an error.  If remote-
      certification-authority-dn is not configured, the authorization of
      remote endpoints is not restricted with respect to the issuing
      certification authority of the delivered certificate.

   remote-subject-dn, remote-subject-fqdn  Each of these parameters may
      appear one or more times to restrict the authentication of remote
      endpoints during the TLS/DTLS handshake to certificates issued for
      specific subjects or for specific FQDNs.  Each occurrence of
      remote-subject-dn contains a distinguished name identifying a
      remote endpoint.  Each occurrence of remote-subject-fqdn contains
      a FQDN that is assigned to a remote endpoint.  To authenticate a
      remote endpoint, the remote exporting process or collecting
      process must provide a certificate that contains either one of the
      configured distinguished names in the subject field or at least
      one of the configured FQDNs in a dnsname component of the subject

Arokiaraj & Seda          Expires 11 April 2022                [Page 10]
Internet-Draft        IPFIX Data Export Data Models         October 2021

      alternative extension field or in the most specific common name
      component of the subject field.  Certificates not fulfilling this
      condition must be rejected during TLS/DTLS handshake.  If any of
      the parameters remote-subject-dn and remote-subject-fqdn is
      configured at the same time as the remote-certification-authority-
      dn parameter, certificates must also fulfill the specified
      restrictions regarding the certification authority in order to be
      accepted.  If remote-subject-dn and remote-subject-FQDN are not
      configured, the authorization of remote endpoints is not
      restricted with respect to the subject's distinguished name or
      FQDN of the delivered certificate.

4.3.  Transport Session Class

   The TransportSession class contains state data about transport
   sessions originating from an exporting process or terminating at a
   collecting process.

   The following attributes are supported:

   ipfix-version  Used for exporting processes, this parameter contains
      the version number of the IPFIX protocol that the exporter uses to
      export its data in this transport session.  Hence, it is identical
      to the value of the configuration parameter ipfix-version of the
      exporter object.  When used for collecting processes, this
      parameter contains the version-number of the IPFIX protocol it
      receives for this transport session.  If IPFIX messages of
      different IPFIX protocol versions are received, this parameter
      contains the maximum version number.  This state parameter is
      identical to ipfixTransportSessionIpfixVersion in the IPFIX MIB
      module [RFC6615].

   source-address, destination-address  Source-address contains the IP
      address or hostname of the exporter, and destination-address
      contains the IP address or hostname of the collector.  Hence, the
      two parameters have identical values as
      ipfixTransportSessionSourceAddress and
      ipfixTransportSessionDestinationAddress in the IPFIX MIB module
      [RFC6615].

   source-port, destination-port  These state parameters contain the
      transport-protocol port numbers of the exporter and the collector
      of the transport session and thus are identical to
      ipfixTransportSessionSourcePort and
      ipfixTransportSessionDestinationPort in the IPFIX MIB module
      [RFC6615].

   status  Status of the transport session, which can be one of the

Arokiaraj & Seda          Expires 11 April 2022                [Page 11]
Internet-Draft        IPFIX Data Export Data Models         October 2021

      following:

      *  inactive: transport session is established, but no IPFIX
         messages are currently transferred (e.g., because this is a
         backup (secondary) session)

      *  active: transport session is established and transfers IPFIX
         messages

      *  unknown: transport session status cannot be determined; this
         state parameter is identical to ipfixTransportSessionStatus in
         the IPFIX MIB module [RFC6615]

   rate  The number of bytes per second transmitted by the exporting
      process or received by the collecting process.  This parameter is
      updated every second.  This state parameter is identical to
      ipfixtransportsessionrate in the IPFIX MIB module [RFC6615].

   bytes, messages, records, templates, options-templates  The number of
      bytes, IPFIX messages, data records, template records, and options
      template records transmitted by the exporting process or received
      by the collecting process.  Discontinuities in the values of these
      counters can occur at re-initialization of the management system,
      and at other times as indicated by the value of transport-session-
      discontinuity-time.

   discarded-messages  Used for exporting processes, this parameter
      indicates the number of messages that could not be sent due to
      internal buffer overflows, network congestion, routing issues,
      etc.  Used for collecting process, this parameter indicates the
      number of received IPFIX messages that are malformed, cannot be
      decoded, are received in the wrong order or are missing according
      to the sequence number.  Discontinuities in the value of this
      counter can occur at re-initialization of the management system,
      and at other times as indicated by the value of transport-session-
      discontinuity-time.

   transport-session-start-time  Timestamp of the start of the given
      transport session.

   transport-session-discontinuity-time  Timestamp of the most recent
      occasion at which one or more of the transport session counters
      suffered a discontinuity.  The time is absolute and not relative
      to sysUpTime.  Note that, if used for exporting processes, the
      values of the state parameters destination-address and
      destination-port match the values of the configuration parameters
      destination-ip-address and destination-port of the exporter.

Arokiaraj & Seda          Expires 11 April 2022                [Page 12]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   The TransportSession class includes Template class information and
   statistics about the templates transmitted or received on the given
   transport session.  The Template class is specified in Section 4.4.

        +--ro transport-session* [name]
           +--ro name                                    name-type
           +--ro ipfix-version?                          uint16
           +--ro source-address?                         inet:host
           +--ro destination-address?                    inet:host
           +--ro source-port?
           |       inet:port-number
           +--ro destination-port?
           |       inet:port-number
           +--ro status?
           |       transport-session-status
           +--ro rate?
           |       yang:gauge32
           +--ro bytes?
           |       yang:counter64
           +--ro messages?
           |       yang:counter64
           +--ro discarded-messages?
           |       yang:counter64
           +--ro records?
           |       yang:counter64
           +--ro templates?
           |       yang:counter32
           +--ro options-templates?
           |       yang:counter32
           +--ro transport-session-start-time?
           |       yang:date-and-time
           +--ro transport-session-discontinuity-time?
           |       yang:date-and-time
           +--ro template* []
             ...

                     Figure 6: Transport Session Class

4.4.  Template Class

   Figure 7 shows the Template class which contains state data about
   templates used by an exporting process or received by a collecting
   process in a specific transport session.  The field class defines one
   field of the template.

Arokiaraj & Seda          Expires 11 April 2022                [Page 13]
Internet-Draft        IPFIX Data Export Data Models         October 2021

           +--ro template* [name]
              +--ro name                           name-type
              +--ro observation-domain-id?         uint32
              +--ro template-id?                   uint16
              +--ro set-id?                        uint16
              +--ro access-time?                   yang:date-and-time
              +--ro template-data-records?         yang:counter64
              +--ro template-discontinuity-time?   yang:date-and-time
              +--ro field* [name]
                 +--ro name                    name-type
                 +--ro ie-id?                  ie-id-type
                 +--ro ie-length?              uint16
                 +--ro ie-enterprise-number?   uint32
                 +--ro is-scope?               empty

                          Figure 7: Template Class

   The names and semantics of the state parameters correspond to the
   managed objects in the ipfixTemplateTable,
   ipfixTemplateDefinitionTable, and ipfixTemplateStatsTable of the
   IPFIX MIB module [RFC6615]:

   observation-domain-id  The identifier of the observation domain for
      which this template is defined.

   template-id  This number indicates the template identifier in the
      IPFIX Message.

   set-id  This number indicates the set identifier of this template.
      Currently, there are two values defined [RFC7011].  The value 2 is
      used for sets containing template definitions.  The value 3 is
      used for sets containing options template definitions.

   access-time  Used for exporting processes, this parameter contains
      the time when this (Options) Template was last sent to the
      Collector or written to the file.  Used for Collecting Processes,
      this parameter contains the time when this (Options) Template was
      last received from the Exporter or read from the file.

   template-data-records  The number of transmitted or received data
      records defined by this (options) template since the point in time
      indicated by template-definition-time.

   template-discontinuity-time  Timestamp of the most recent occasion at
      which the counter template-data-records suffered a discontinuity.
      The time is absolute and not relative to sysUpTime.

   ie-id, ie-length, ie-enterprise-number  Information Element

Arokiaraj & Seda          Expires 11 April 2022                [Page 14]
Internet-Draft        IPFIX Data Export Data Models         October 2021

      identifier, length, and enterprise number of a field in the
      template.  If this is not an enterprise-specific Information
      Element, ie-enterprise-number is zero.  These state parameters are
      identical to ipfixTemplateDefinitionIeId,
      ipfixTemplateDefinitionIeLength, and
      ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX MIB module
      [RFC6615].

   is-scope  If this state parameter is present, this is a scope field.
      This parameter is only available for options templates (i.e., if
      setId is 3).

4.5.  Data Class

   The DataProcess class in Figure 8 specifies the data template to be
   applied to resource or set of resources and provides state
   information about the template records.

        +--rw data-export
           +--rw template* [name]
              +--rw name                     ietf-ipfix:name-type
              +--rw enabled?                 boolean
              +--rw export-interval?         uint32
              +--rw observation-domain-id?   uint32
              +--rw field-layout
              |  +--rw field* [name]
              |     +--rw name                    ietf-ipfix:name-type
              |     +--rw (identifier)
              |     |  +--:(ie-id)
              |     |     +--rw ie-id?            ietf-ipfix:ie-id-type
              |     +--rw ie-length?              uint16
              |     +--rw ie-enterprise-number?   uint32
              +--rw exporting-process*
              |       -> /ietf-ipfix:ipfix/exporting-process/name
              |       {ietf-ipfix:exporter}?
              +--rw resource*                resource
              +--ro data-records?            yang:counter64
              +--ro discontinuity-time?      yang:date-and-time

                            Figure 8: Data Class

   The following attributes are supported:

   enabled  Enables the template so that specified data may be exported.
      The default is "enabled".

   export-interval  The interval (in seconds) for periodical export of
      data records.

Arokiaraj & Seda          Expires 11 April 2022                [Page 15]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   observation-domain-id  The Observation Domain that is locally unique
      to an Exporting Process

   field-layout  The IPFIX template to be applied to the resource.  The
      following attributes are configurable:

      *  ie-id: Identifies the Information Element identifier.

      *  ie-enterprise-number: Identifies the enterprise identifier of
         the Information Element.  If 0, the enterprise ID is an IANA
         based Information Element.

      *  ie-length: Identifies the length of the Information Element.

   A data instance may refer to:

   *  one or more exporting-process instances

   *  one or more resource instances (e.g., different interface
      instances on a line card)

   The following state information is available;

   data-records  Reports the number of data records generated for this
      bulk data template.

   discontinuity-time  Timestamp of the most recent occasion at which
      the counter data records suffered a discontinuity.

5.  YANG Modules

   This document defines the ietf-ipfix-data-export YANG module.

5.1.  ietf-ipfix-data-export

   The ietf-ipfix-data-export YANG module defines an exporting-process
   based on TCP and a data-export template list.

5.1.1.  ietf-ipfix-data-export Module Structure

   This document defines the YANG module "ietf-ipfix-data-export", which
   has the following tentative structure:

Arokiaraj & Seda          Expires 11 April 2022                [Page 16]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   module: ietf-ipfix-data-export
     +--rw ipfix-data-export
        +--rw exporting-process* [name] {exporter}?
        |  +--rw name                    name-type
        |  +--rw enabled?                boolean
        |  +--rw export-mode?            identityref
        |  +--rw destination* [name]
        |  |  +--rw name        name-type
        |  |  +--rw exporter
        |  |     +--rw ipfix-version?              uint16
        |  |     +--rw source
        |  |     |  +--rw (source-method)?
        |  |     |     +--:(interface-ref)
        |  |     |     |  +--rw interface-ref?    if:interface-ref
        |  |     |     +--:(if-name) {if-mib}?
        |  |     |     |  +--rw if-name?          string
        |  |     |     +--:(source-address)
        |  |     |        +--rw source-address?   inet:host
        |  |     +--rw destination
        |  |     |  +--rw (destination-method)
        |  |     |     +--:(destination-address)
        |  |     |        +--rw destination-address?   inet:host
        |  |     +--rw destination-port?           inet:port-number
        |  |     +--rw send-buffer-size?           uint32
        |  |     +--rw rate-limit?                 uint32
        |  |     +--rw connection-timeout?         uint32
        |  |     +--rw retry-schedule?             uint32
        |  |     +--rw transport-layer-security!
        |  |     |  +--rw local-certification-authority-dn*    string
        |  |     |  +--rw local-subject-dn*                    string
        |  |     |  +--rw local-subject-fqdn*
        |  |     |  |       inet:domain-name
        |  |     |  +--rw remote-certification-authority-dn*   string
        |  |     |  +--rw remote-subject-dn*                   string
        |  |     |  +--rw remote-subject-fqdn*
        |  |     |          inet:domain-name
        |  |     +--ro transport-session
        |  |        +--ro ipfix-version?                          uint16
        |  |        +--ro source-address?
        |  |        |       inet:host
        |  |        +--ro destination-address?
        |  |        |       inet:host
        |  |        +--ro source-port?
        |  |        |       inet:port-number
        |  |        +--ro destination-port?
        |  |        |       inet:port-number
        |  |        +--ro status?
        |  |        |       transport-session-status

Arokiaraj & Seda          Expires 11 April 2022                [Page 17]
Internet-Draft        IPFIX Data Export Data Models         October 2021

        |  |        +--ro rate?
        |  |        |       yang:gauge32
        |  |        +--ro bytes?
        |  |        |       yang:counter64
        |  |        +--ro messages?
        |  |        |       yang:counter64
        |  |        +--ro discarded-messages?
        |  |        |       yang:counter64
        |  |        +--ro records?
        |  |        |       yang:counter64
        |  |        +--ro templates?
        |  |        |       yang:counter32
        |  |        +--ro options-templates?
        |  |        |       yang:counter32
        |  |        +--ro transport-session-start-time?
        |  |        |       yang:date-and-time
        |  |        +--ro transport-session-discontinuity-time?
        |  |        |       yang:date-and-time
        |  |        +--ro template* [name]
        |  |           +--ro name                           name-type
        |  |           +--ro observation-domain-id?         uint32
        |  |           +--ro template-id?                   uint16
        |  |           +--ro set-id?                        uint16
        |  |           +--ro access-time?
        |  |           |       yang:date-and-time
        |  |           +--ro template-data-records?
        |  |           |       yang:counter64
        |  |           +--ro template-discontinuity-time?
        |  |           |       yang:date-and-time
        |  |           +--ro field* [name]
        |  |              +--ro name                    name-type
        |  |              +--ro ie-id?                  ie-id-type
        |  |              +--ro ie-length?              uint16
        |  |              +--ro ie-enterprise-number?   uint32
        |  |              +--ro is-scope?               empty
        |  +--rw options* [name]
        |  |  +--rw name               name-type
        |  |  +--rw options-type       identityref
        |  |  +--rw options-timeout?   uint32
        |  +--ro exporting-process-id?   uint32
        +--rw data-export
           +--rw template* [name]
              +--rw name                       name-type
              +--rw enabled?                   boolean
              +--rw export-interval?           uint32
              +--rw observation-domain-id?     uint32
              +--rw field-layout
              |  +--rw field* [name]

Arokiaraj & Seda          Expires 11 April 2022                [Page 18]
Internet-Draft        IPFIX Data Export Data Models         October 2021

              |     +--rw name                    name-type
              |     +--rw (identifier)
              |     |  +--:(ie-name)
              |     |  |  +--rw ie-name?          ie-name-type
              |     |  +--:(ie-id)
              |     |     +--rw ie-id?            ie-id-type
              |     +--rw ie-length?              uint16
              |     +--rw ie-enterprise-number?   uint32
              +--rw exporting-process*
              |       -> /ipfix-data-export/exporting-process/name
              |       {exporter}?
              +--rw (resource-identifier)?
              |  +--:(resource-instance)
              |     +--rw resource-instance*   resource
              +--ro data-records?              yang:counter64
              +--ro discontinuity-time?        yang:date-and-time

5.1.2.  ietf-ipfix-data-export YANG module

   This YANG Module imports typedefs from [RFC6991].

<CODE BEGINS> file "ietf-ipfix-data-export@2021-02-02.yang"            /

   module ietf-ipfix-data-export {
     yang-version 1.1;

     namespace
       "urn:ietf:params:xml:ns:yang:ietf-ipfix-data-export";

     prefix ipfixde;

     import ietf-inet-types {
       prefix inet;
       reference
         "RFC 6991: Common YANG Data Types";
     }

     import ietf-yang-types {
       prefix yang;
       reference
         "RFC 6991: Common YANG Data Types";
     }

     import ietf-interfaces {
       prefix if;
       reference
         "RFC 8343: A YANG Model for Interface Management";
     }

Arokiaraj & Seda          Expires 11 April 2022                [Page 19]
Internet-Draft        IPFIX Data Export Data Models         October 2021

     organization
       "IETF";

     contact
       "Web:      TBD
        List:     TBD

        Editor:   Anand Arokiaraj
                  <mailto:anand.arokiaraj@nokia.com>
        Editor:   Marta Seda
                  <mailto:marta.seda@calix.com>";

     // RFC Ed.: replace XXXX with actual RFC numbers and
     // remove this note.

     description
       "This module contains a collection of YANG definitions for the
        management exporting data over IPFIX.

        This data model is designed for the Network Management Datastore
        Architecture defined in RFC 8342.

        The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
        NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
        'MAY', and 'OPTIONAL' in this document are to be interpreted as
        described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
        they appear in all capitals, as shown here.

        Copyright (c) 2021 IETF Trust and the persons identified as
        authors of the code.  All rights reserved.

        Redistribution and use in source and binary forms, with or
        without modification, is permitted pursuant to, and subject to
        the license terms contained in, the Simplified BSD License set
        forth in Section 4.c of the IETF Trust's Legal Provisions
        Relating to IETF Documents
        (https://trustee.ietf.org/license-info).

        This version of this YANG module is part of RFC XXXX
        (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
        for full legal notices.";

     revision 2021-02-02 {
       description
         "Initial revision.";
       reference
         "RFC XXXX: YANG Data Model for the IP Flow Information Export
                    (IPFIX) Data Export";

Arokiaraj & Seda          Expires 11 April 2022                [Page 20]
Internet-Draft        IPFIX Data Export Data Models         October 2021

     }

     feature exporter {
       description
         "If supported, the Monitoring Device can be used as
          an Exporter. Exporting Processes can be configured.";
     }

     feature if-mib {
       description
         "This feature indicates that the device implements
          the IF-MIB.";
       reference
         "RFC 2863: The Interfaces Group MIB";
     }

     identity export-mode {
       description
         "Base identity for different usages of export
          destinations configured for an Exporting Process.";
       reference
         "RFC 6615, Section 8 (ipfixExportMemberType)";
     }

     identity parallel {
       base export-mode;
       description
         "Parallel export of Data Records to all destinations configured
          for the Exporting Process.";
       reference
         "RFC 6615, Section 8 (ipfixExportMemberType)";
     }

     identity load-balancing {
       base export-mode;
       description
         "Load-balancing between the different destinations
          configured for the Exporting Process.";
       reference
         "RFC 6615, Section 8 (ipfixExportMemberType)";
     }

     identity fallback {
       base export-mode;
       description
         "Export to the primary destination (i.e., the first
          destination configured for the Exporting Process). If the
          export to the primary destination fails, the Exporting Process

Arokiaraj & Seda          Expires 11 April 2022                [Page 21]
Internet-Draft        IPFIX Data Export Data Models         October 2021

          tries to export to the secondary destination.  If the
          secondary destination fails as well, it continues with the
          tertiary, etc.";
       reference
         "RFC 6615, Section 8 (ipfixExportMemberType)";
     }

     identity options-type {
       description
         "Base identity for report types exported with
          options templates.";
     }

     identity exporting-reliability {
       base options-type;
       description
         "Exporting Process Reliability Statistics.";
       reference
         "RFC 7011, Section 4.3";
     }

     identity reducing-redundancy {
       base options-type;
       description
         "Enables the utilization of Options Templates to reduce
          redundancy in the exported Data Records.";
       reference
         "RFC 5473";
     }

     identity extended-type-information {
       base options-type;
       description
         "Export of extended type information for enterprise-specific
          Information Elements used in the exported Templates.";
       reference
         "RFC 5610";
     }

     typedef ie-name-type {
       type string {
         length "1..max";
         pattern '\S+';
       }
       description
         "Type for Information Element names. Whitespaces are not
          allowed.";
     }

Arokiaraj & Seda          Expires 11 April 2022                [Page 22]
Internet-Draft        IPFIX Data Export Data Models         October 2021

     typedef name-type {
       type string {
         length "1..max";
         pattern '\S(.*\S)?';
       }
       description
         "Type for 'name' leafs, which are used to identify specific
          instances within lists, etc.

          Leading and trailing whitespaces are not allowed.";
     }

     typedef ie-id-type {
       type uint16 {
         range "1..32767";
       }
       description
         "Type for Information Element identifiers.";
     }

     typedef transport-session-status {
       type enumeration {
         enum "inactive" {
           value 0;
           description
             "This value MUST be used for Transport Sessions that are
              specified in the system but currently not active.

              The value can be used for Transport Sessions that are
              backup (secondary) sessions.";
         }
         enum "active" {
           value 1;
           description
             "This value MUST be used for Transport Sessions that are
              currently active and transmitting or receiving data.";
         }
         enum "unknown" {
           value 2;
           description
             "This value MUST be used if the status of the Transport
              Sessions cannot be detected by the device.

              This value should be avoided as far as possible.";
         }
       }
       description
         "Status of a Transport Session.";

Arokiaraj & Seda          Expires 11 April 2022                [Page 23]
Internet-Draft        IPFIX Data Export Data Models         October 2021

       reference
         "RFC 6615, Section 8 (ipfixTransportSessionStatus)";
     }

     typedef resource {
       type instance-identifier {
         require-instance false;
       }
       description
         "A resource from which data will be exported.";
     }

     grouping transport-layer-security-parameters {
       description
         "TLS parameters.";

       container transport-layer-security {
         presence
           "The presence of this container indicates TLS is enabled.";
         description
           "TLS configuration.";

         leaf-list local-certification-authority-dn {
           type string;
           description
             "Distinguished names of certification authorities whose
              certificates may be used to identify the local endpoint.";
           reference
             "RFC 5280";
         }

         leaf-list local-subject-dn {
           type string;
           description
             "Distinguished names that may be used in the certificates
              to identify the local endpoint.";
           reference
             "RFC 5280.";
         }

         leaf-list local-subject-fqdn {
           type inet:domain-name;
           description
             "Fully qualified domain names that may be used in the
              certificates to identify the local endpoint.";
           reference
             "RFC 5280";
         }

Arokiaraj & Seda          Expires 11 April 2022                [Page 24]
Internet-Draft        IPFIX Data Export Data Models         October 2021

         leaf-list remote-certification-authority-dn {
           type string;
           description
             "Distinguished names of certification authorities whose
              certificates are accepted to authorize remote endpoints.";
           reference
             "RFC 5280";
         }

         leaf-list remote-subject-dn {
           type string;
           description
             "Distinguished names which are accepted in certificates to
              authorize remote endpoints.";
           reference
             "RFC 5280";
         }

         leaf-list remote-subject-fqdn {
           type inet:domain-name;
           description
             "Fully qualified domain names that are accepted in
              certificates to authorize remote endpoints.";
           reference
             "RFC 5280";
         }
       }
     }

     grouping transport-session-state-parameters {
       description
         "State parameters of a Transport Session originating from an
          Exporting Process or terminating at a Collecting Process.
          Parameter names and semantics correspond to the managed
          objects in IPFIX-MIB.";
       reference
         "RFC 7011; RFC 6615, Section 8 (ipfixTransportSessionEntry,
          ipfixTransportSessionStatsEntry)";

       leaf ipfix-version {
         type uint16;
         description
           "Used for Exporting Processes, this parameter contains the
            version number of the IPFIX protocol that the Exporter uses
            to export its data in this Transport Session.

            Used for Collecting Processes, this parameter contains the
            version number of the IPFIX protocol it receives for this

Arokiaraj & Seda          Expires 11 April 2022                [Page 25]
Internet-Draft        IPFIX Data Export Data Models         October 2021

            Transport Session. If IPFIX Messages of different IPFIX
            protocol versions are received, this parameter contains the
            maximum version number.

            Note that this parameter corresponds to
            ipfixTransportSessionIpfixVersion in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionIpfixVersion)";
       }

       leaf source-address {
         type inet:host;
         description
           "The source address of the Exporter of the IPFIX Transport
            Session.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionSourceAddressType,
            ipfixTransportSessionSourceAddress);
            RFC 4960, Section 6.4";
       }

       leaf destination-address {
         type inet:host;
         description
           "The destination address of the path that is selected by the
            Exporter to send IPFIX messages to the Collector.

            It is possible that if an FQDN address
            is configured it resolves into many addresses.

            Note that this parameter functionally corresponds to
            ipfixTransportSessionDestinationAddressType and
            ipfixTransportSessionDestinationAddress in the IPFIX MIB
            module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionDestinationAddressType,
            ipfixTransportSessionDestinationAddress);
            RFC 4960, Section 6.4";
       }

       leaf source-port {
         type inet:port-number;
         description
           "The transport-protocol port number of the Exporter of the
            IPFIX Transport Session.

Arokiaraj & Seda          Expires 11 April 2022                [Page 26]
Internet-Draft        IPFIX Data Export Data Models         October 2021

            Note that this parameter corresponds to
            ipfixTransportSessionSourcePort in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionSourcePort).";
       }

       leaf destination-port {
         type inet:port-number;
         description
           "The transport-protocol port number of the Collector of the
            IPFIX Transport Session.

            Note that this parameter corresponds to
            ipfixTransportSessionDestinationPort in the IPFIX MIB
            module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionDestinationPort)";
       }

       leaf status {
         type transport-session-status;
         description
           "Status of the Transport Session.

            Note that this parameter corresponds to
            ipfixTransportSessionStatus in the IPFIX MIB module.";
           reference
            "RFC 6615, Section 8 (ipfixTransportSessionStatus)";
       }

       leaf rate {
         type yang:gauge32;
         units "bytes per second";
         description
           "The number of bytes per second transmitted by the
            Exporting Process or received by the Collecting Process.
            This parameter is updated every second.

            Note that this parameter corresponds to
            ipfixTransportSessionRate in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8 (ipfixTransportSessionRate)";
       }

       leaf bytes {
         type yang:counter64;

Arokiaraj & Seda          Expires 11 April 2022                [Page 27]
Internet-Draft        IPFIX Data Export Data Models         October 2021

         units "bytes";
         description
           "The number of bytes transmitted by the Exporting Process or
            received by the Collecting Process.

            Discontinuities in the value of this counter can occur at
            re-initialization of the management system, and at other
            times as indicated by the value of
            transport-session-discontinuity-time.

            Note that this parameter corresponds to
            ipfixTransportSessionBytes in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8 (ipfixTransportSessionBytes)";
       }

       leaf messages {
          type yang:counter64;
          units "IPFIX Messages";
          description
            "The number of messages transmitted by the Exporting Process
             or received by the Collecting Process.

             Discontinuities in the value of this counter can occur at
             re-initialization of the management system, and at other
             times as indicated by the value of
             transport-session-discontinuity-time.

             Note that this parameter corresponds to
             ipfixTransportSessionMessages in the IPFIX MIB module.";
          reference
            "RFC 6615, Section 8
             (ipfixTransportSessionMessages)";
       }

       leaf discarded-messages {
         type yang:counter64;
         units "IPFIX Messages";
         description
           "Used for Exporting Processes, this parameter indicates the
            number of messages that could not be sent due to internal
            buffer overflows, network congestion, routing issues, etc.
            Used for Collecting Process, this parameter indicates the
            number of received IPFIX Message that are malformed, cannot
            be decoded, are received in the wrong order or are missing
            according to the sequence number.

            Discontinuities in the value of this counter can occur at

Arokiaraj & Seda          Expires 11 April 2022                [Page 28]
Internet-Draft        IPFIX Data Export Data Models         October 2021

            re-initialization of the management system, and at other
            times as indicated by the value of
            transport-session-discontinuity-time.

            Note that this parameter corresponds to
            ipfixTransportSessionDiscardedMessages in the IPFIX MIB
            module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionDiscardedMessages)";
       }

       leaf records {
         type yang:counter64;
         units "Data Records";
         description
           "The number of Data Records transmitted by the Exporting
            Process or received by the Collecting Process.

            Discontinuities in the value of this counter can occur at
            re-initialization of the management system, and at other
            times as indicated by the value of
            transport-session-discontinuity-time.

            Note that this parameter corresponds to
            ipfixTransportSessionRecords in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionRecords)";
       }

       leaf templates {
         type yang:counter32;
         units "Templates";
         description
           "The number of Templates transmitted by the Exporting Process
            or received by the Collecting Process.

            Discontinuities in the value of this counter can occur at
            re-initialization of the management system, and at other
            times as indicated by the value of
            transport-session-discontinuity-time.

            Note that this parameter corresponds to
            ipfixTransportSessionTemplates in the IPFIX MIB module.";
         reference
           "RFC 6615, Section 8
           (ipfixTransportSessionTemplates)";

Arokiaraj & Seda          Expires 11 April 2022                [Page 29]
Internet-Draft        IPFIX Data Export Data Models         October 2021

       }

       leaf options-templates {
         type yang:counter32;
         units "Options Templates";
         description
           "The number of Option Templates transmitted by the Exporting
            Process or received by the Collecting Process.

            Discontinuities in the value of this counter can occur at
            re-initialization of the management system, and at other
            times as indicated by the value of
            transport-session-discontinuity-time.

            Note that this parameter corresponds to
            ipfixTransportSessionOptionsTemplates in the IPFIX MIB
            module.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionOptionsTemplates)";
       }

       leaf transport-session-start-time {
         type yang:date-and-time;
         description
           "Timestamp of the start of the given Transport Session.

            This state parameter does not correspond to any object in
            the IPFIX MIB module.";
       }

       leaf transport-session-discontinuity-time {
         type yang:date-and-time;
         description
           "Timestamp of the most recent occasion at which one or more
            of the Transport Session counters suffered a discontinuity.

            Note that this parameter functionally corresponds to
            ipfixTransportSessionDiscontinuityTime in the IPFIX MIB
            module. In contrast to
            ipfixTransportSessionDiscontinuityTime, the time is
            absolute and not relative to sysUpTime.";
         reference
           "RFC 6615, Section 8
            (ipfixTransportSessionDiscontinuityTime)";
       }
     }

Arokiaraj & Seda          Expires 11 April 2022                [Page 30]
Internet-Draft        IPFIX Data Export Data Models         October 2021

     grouping export-template-state-parameters {
       description
         "State parameters of a (Options) Template used by an Exporting
          Process in a specific Transport Session or by a File Writer.
          Parameter names and semantics correspond to the managed
          objects in IPFIX-MIB.";
       reference
         "RFC 7011; RFC 6615, Section 8 (ipfixTemplateEntry,
          ipfixTemplateDefinitionEntry, ipfixTemplateStatsEntry)";

       list template {
         key "name";
         description
           "This list contains the Templates and Options Templates that
            are transmitted by the Exporting Process or written by the
            File Writer.

            Withdrawn or invalidated (Options) Templates MUST be removed
            from this list.";

         leaf name {
           type name-type;
           description
             "An arbitrary string which uniquely identifies the
              template.";
         }

         leaf observation-domain-id {
           type uint32;
           description
             "The ID of the Observation Domain for which this Template
              is defined.

              Note that this parameter corresponds to
              ipfixTemplateObservationDomainId in the IPFIX MIB
              module.";
           reference
             "RFC 6615, Section 8
              (ipfixTemplateObservationDomainId).";
         }

         leaf template-id {
           type uint16 {
             range "256..65535";
           }
           description
             "This number indicates the Template ID in the IPFIX
              message.

Arokiaraj & Seda          Expires 11 April 2022                [Page 31]
Internet-Draft        IPFIX Data Export Data Models         October 2021

              Note that this parameter corresponds to ipfixTemplateId in
              the IPFIX MIB module.";
           reference
             "RFC 6615, Section 8 (ipfixTemplateId).";
         }

         leaf set-id {
           type uint16 {
             range "2..3 | 256..65535";
           }
           description
             "This number indicates the Set ID of the Template.
              A value of 2 is reserved for Template Sets.  A value of 3
              is reserved for Options Template Sets.  Values from 4 to
              255 are reserved for future use.  Values 256 and above
              are used for Data Sets.  The Set ID values of 0 and 1 are
              not used for historical reasons.

              Note that this parameter corresponds to ipfixTemplateSetId
              in the IPFIX MIB module.";
           reference
             "RFC 7011, Section 3.3.2;
              RFC 6615, Section 8 (ipfixTemplateSetId)";
         }

         leaf access-time {
           type yang:date-and-time;
           description
             "This parameter contains the time when this (Options)
              Template was last sent to the Collector(s) or written to
              the file.

              Note that this parameter corresponds to
              ipfixTemplateAccessTime in the IPFIX MIB module.";
           reference
             "RFC 6615, Section 8 (
              ipfixTemplateAccessTime).";
         }

         leaf template-data-records {
           type yang:counter64;
           description
             "The number of transmitted Data Records defined by this
              (Options) Template.

              Discontinuities in the value of this counter can occur at
              re-initialization of the management system, and at other
              times as indicated by the value of

Arokiaraj & Seda          Expires 11 April 2022                [Page 32]
Internet-Draft        IPFIX Data Export Data Models         October 2021

              template-discontinuity-time.

              Note that this parameter corresponds to
              ipfixTemplateDataRecords in the IPFIX MIB module.";
           reference
             "RFC 6615, Section 8 (ipfixTemplateDataRecords).";
         }

         leaf template-discontinuity-time {
           type yang:date-and-time;
           description
             "Timestamp of the most recent occasion at which the counter
              template-data-records suffered a discontinuity.

              Note that this parameter functionally
              corresponds to ipfixTemplateDiscontinuityTime in the IPFIX
              MIB module. In contrast to
              ipfixTemplateDiscontinuityTime, the time is absolute and
              not relative to sysUpTime.";
           reference
             "RFC 6615, Section 8
              (ipfixTemplateDiscontinuityTime).";
         }

         list field {
           key "name";
           description
             "This list contains the (Options) Template fields of which
              the (Options) Template is defined.

              The order of the list corresponds to the order
              of the fields in the (Option) Template Record.";

           leaf name {
             type name-type;
             description
               "An arbitrary string which uniquely identifies the
                template field.";
           }

           leaf ie-id {
             type ie-id-type;
             description
               "This parameter indicates the Information Element
                identifier of the field.

                Note that this parameter corresponds to
                ipfixTemplateDefinitionIeId in the IPFIX MIB module.";

Arokiaraj & Seda          Expires 11 April 2022                [Page 33]
Internet-Draft        IPFIX Data Export Data Models         October 2021

             reference
               "RFC 7011; RFC 6615, Section 8
                (ipfixTemplateDefinitionIeId).";
           }

           leaf ie-length {
             type uint16;
             units "octets";
             description
               "This parameter indicates the length of the Information
                Element of the field.

                Note that this parameter corresponds to
                ipfixTemplateDefinitionIeLength in the IPFIX MIB
                module.";
             reference
               "RFC 7011; RFC 6615, Section 8
                (ipfixTemplateDefinitionIeLength).";
           }

           leaf ie-enterprise-number {
             type uint32;
             description
               "This parameter indicates the IANA enterprise number of
                the authority defining the Information Element
                identifier.

                If the Information Element is not enterprise-specific,
                this state parameter is zero.

                Note that this parameter corresponds to
                ipfixTemplateDefinitionIeEnterpriseNumber in the IPFIX
                MIB module.";
             reference
               "RFC 6615, Section 8
                (ipfixTemplateDefinitionIeEnterpriseNumber);
                IANA registry for Private Enterprise Numbers,
                http://www.iana.org/assignments/enterprise-numbers.";
           }

           leaf is-scope {
             when "../../set-id = 3" {
             description
               "This parameter is available for Options Templates
                (Set ID is 3).";
             }
             type empty;
             description

Arokiaraj & Seda          Expires 11 April 2022                [Page 34]
Internet-Draft        IPFIX Data Export Data Models         October 2021

               "If present, this is a scope field.

                Note that this corresponds to scope(0) being set in
                ipfixTemplateDefinitionFlags.";
             reference
               "RFC 6615, Section 8
                (ipfixTemplateDefinitionFlags).";
           }
         }
       }
     }

     grouping exporter-parameters {
       description
         "Parameters of an exporter.";

       leaf ipfix-version {
         type uint16;
         default '10';
         description
           "IPFIX version number.";
         reference
           "RFC 7011.";
       }

       container source {
         description
           "Configuration corresponding to how exporter's source IP
            address is specified.";

         choice source-method {
           description
             "Method to configure the source address of the exporter
              or the interface to be used by the exporter.

              Note that it is expected that other methods be available.
              Those methods can augment this choice.";

           case interface-ref {
             leaf interface-ref {
               type if:interface-ref;
               description
                 "The interface to be used by the Exporting Process.";
             }
           }

           case if-name {
             if-feature if-mib;

Arokiaraj & Seda          Expires 11 April 2022                [Page 35]
Internet-Draft        IPFIX Data Export Data Models         October 2021

             leaf if-name {
               type string;
               description
                 "Name of an interface as stored in the ifTable
                  of IF-MIB.";
               reference
                 "RFC 2863.";
             }
           }

           case source-address {
             leaf source-address {
               type inet:host;
               description
                 "The source IP address or hostname used by the
                  Exporting Process.";
             }
           }
         }
       }

       container destination {
         description
           "Configuration corresponding to how exporter's destination IP
            address is specified.";

         choice destination-method {
           mandatory true;
           description
             "Method to configuring the destination address of the
              Collection Process to which IPFIX Messages are sent.

              Note it is expected that if other methods are available
              that they would augment from this statement.";

           case destination-address {
             leaf destination-address {
               type inet:host;
               description
                 "The destination IP address or hostname of the
                  Collecting Process to which IPFIX Messages are sent.
                  A hostname may resolve to one or more IP
                  addresses.";
             }
           }
         }
       }

Arokiaraj & Seda          Expires 11 April 2022                [Page 36]
Internet-Draft        IPFIX Data Export Data Models         October 2021

       leaf destination-port {
         type inet:port-number;
         description
           "If not configured by the user, the Monitoring Device uses
            the default port number for IPFIX, which is 4739 without TLS
            or DTLS and 4740 if TLS or DTLS is activated.";
       }

       leaf send-buffer-size {
         type uint32;
         units "bytes";
         description
           "Size of the socket send buffer.

            If not configured by the user, this parameter is set by
            the Monitoring Device.";
       }

       leaf rate-limit {
         type uint32;
         units "bytes per second";
         description
           "Maximum number of bytes per second the Exporting Process may
            export to the given destination.  The number of bytes is
            calculated from the lengths of the IPFIX Messages exported.
            If not configured, no rate limiting is performed.";
         reference
           "RFC 5476, Section 6.3.";
       }

       leaf connection-timeout {
         type uint32;
         units seconds;
         description
           "Time after which the exporting process deems the TCP
            connection to have failed.";
         reference
           "RFC 7011, Sections 10.4.4 and 10.4.5.";
       }

       leaf retry-schedule {
         type uint32 {
         range "60..max";
         }
         units seconds;
         description
           "Time after which the exporting process retries the TCP
            connection to a collector.";

Arokiaraj & Seda          Expires 11 April 2022                [Page 37]
Internet-Draft        IPFIX Data Export Data Models         October 2021

         reference
           "RFC 7011, Section 10.4.4.";
       }

       uses transport-layer-security-parameters;
     }

     grouping exporting-process-parameters {
       description
         "Parameters of an Exporting Process.";

       leaf export-mode {
         type identityref {
           base export-mode;
         }
         default 'fallback';
         description
           "This parameter determines to which configured destination(s)
            the incoming Data Records are exported.";
       }

       list destination {
         key "name";
         min-elements 1;
         description
           "List of export destinations.";

         leaf name {
           type name-type;
           description
             "An arbitrary string which uniquely identifies the export
              destination.";
         }

         container exporter {
           description
             "Exporter parameters.";

           uses exporter-parameters;

           container transport-session {
             config false;
             description
               "Transport session state data.";

             uses transport-session-state-parameters;
             uses export-template-state-parameters;
           }

Arokiaraj & Seda          Expires 11 April 2022                [Page 38]
Internet-Draft        IPFIX Data Export Data Models         October 2021

         }
       }

       list options {
         key "name";
         description
           "List of options reported by the Exporting Process.";

         leaf name {
           type name-type;
           description
             "An arbitrary string which uniquely identifies the
              option.";
         }
         uses options-parameters;
       }
     }

     grouping options-parameters {
       description
         "Parameters specifying the data export using an Options
          Template.";

       leaf options-type {
         type identityref {
           base options-type;
         }
         mandatory true;
         description
           "Type of the exported options data.";
       }

       leaf options-timeout {
         type uint32;
         units "milliseconds";
         description
           "Time interval for periodic export of the options data. If
            set to zero, the export is triggered when the options data
            has changed.

            If not configured by the user, this parameter is set by the
            Monitoring Device.";
       }
     }

     grouping data-template-parameters {
       description
         "Field Layout parameters.";

Arokiaraj & Seda          Expires 11 April 2022                [Page 39]
Internet-Draft        IPFIX Data Export Data Models         October 2021

       leaf observation-domain-id {
         type uint32;
         default 0;
         description
           "An identifier of an Observation Domain that is locally
            unique to an Exporting Process (see RFC 7011 Section 3.1).

            Typically, this Information Element is for limiting the
            scope of other Information Elements.

            A value of 0 indicates that no specific Observation Domain
            is identified by this Information Element.";
       }

       container field-layout {
         description
           "Field Layout parameters.";

         list field {
           key name;
           min-elements 1;
           description
             "Superset of statistics field names or special field-names
              (e.g., timestamps, etc) for interpreting statistics that
              are included in the Packet Reports or Flow Records
              generated by the device.";

           leaf name {
             type name-type;
             description
               "An arbitrary string which uniquely identifies the
                field.";
           }

           choice identifier {
             mandatory true;
             description
               "The Information Element to be added to the template.";

             case ie-name {
               leaf ie-name {
                 type ie-name-type;
                 description
                   "Name of the Information Element.";
               }
             }

             case ie-id {

Arokiaraj & Seda          Expires 11 April 2022                [Page 40]
Internet-Draft        IPFIX Data Export Data Models         October 2021

               leaf ie-id {
                 type ie-id-type;
                 description
                   "ID of the Information Element.";
               }
             }
           }

           leaf ie-length {
             type uint16;
             units octets;
             description
               "Length of the field in which the Information Element is
                encoded.  A value of 65535 specifies a variable-length
                Information Element.  For Information Elements of
                integer and float type, the field length MAY be set to a
                smaller value than the standard length of the abstract
                data type if the rules of reduced size encoding are
                fulfilled.

                If not configured by the user, this parameter is set by
                the Monitoring Device.";
             reference
               "RFC 7011, Section 6.2";
           }

           leaf ie-enterprise-number {
             type uint32;
             default 0;
             description
               "If this parameter is zero, the Information Element is
                registered in the IANA registry of IPFIX Information
                Elements or unspecified (if the Informational Element is
                not IANA registered).

                If this parameter is configured with a non-zero private
                enterprise number, the Information Element is
                enterprise-specific.";
             reference
               "RFC 7011; RFC 5103;
                IANA registry for Private Enterprise Numbers,
                http://www.iana.org/assignments/enterprise-numbers;
                IANA registry for IPFIX Entities,
                http://www.iana.org/assignments/ipfix";
           }
         }
       }
     }

Arokiaraj & Seda          Expires 11 April 2022                [Page 41]
Internet-Draft        IPFIX Data Export Data Models         October 2021

     container ipfix-data-export {
       description
         "IPFIX data export node.";

       list exporting-process {
         if-feature exporter;
         key "name";
         description
           "List of Exporting Processes of the IPFIX Monitoring Device
            for which configuration will be applied.";

         leaf name {
           type name-type;
           description
             "An arbitrary string which uniquely identifies the
              Exporting Process.";
         }

         leaf enabled {
           type boolean;
           default "true";
           description
             "If true, this Exporting Process is enabled for
              exporting.";
         }

         uses exporting-process-parameters;

         leaf exporting-process-id {
           type uint32;
           config false;
           description
             "The identifier of the Exporting Process.  This parameter
              corresponds to the Information Element exportingProcessId.
              Its occurrence helps to associate Exporting Process
              parameters with Exporing Process statistics exported by
              the Monitoring Device using the Exporting Process
              Reliability Statistics Template as defined by the IPFIX
              protocol specification.";
           reference
             "RFC 7011, Section 4.3; IANA registry for IPFIX
              Entities, http://www.iana.org/assignments/ipfix.";
         }
       }

       container data-export {
         description
           "Container for data export nodes.";

Arokiaraj & Seda          Expires 11 April 2022                [Page 42]
Internet-Draft        IPFIX Data Export Data Models         October 2021

         list template {
           key name;
           description
             "List of data templates of the Monitoring Device.";

           leaf name {
             type name-type;
             description
               "An arbitrary string which uniquely identifies the
                data template.";
           }

           leaf enabled {
             type boolean;
             default "true";
             description
               "If true, this template is enabled and the specified
                data is able to be exported.";
           }

           leaf export-interval {
             type uint32;
             units "seconds";
             description
               "This parameter configures the interval (in seconds) for
                periodical export of Flow Records.

                If not configured by the user, the Monitoring Device
                sets this parameter.";
           }

           uses data-template-parameters;

           leaf-list exporting-process {
             if-feature exporter;
             type leafref {
               path "/ipfix-data-export"
                  + "/exporting-process/name";
             }
             description
               "Records are exported by all Exporting Processes in the
                list.";
           }

           choice resource-identifier {
             description
               "Method to select the resources from which the records
                are to be exported.

Arokiaraj & Seda          Expires 11 April 2022                [Page 43]
Internet-Draft        IPFIX Data Export Data Models         October 2021

                Note that it is expected that other methods be available.
                Those methods can augment this choice.";

             case resource-instance {
               leaf-list resource-instance {
                 type resource;
                 description
                   "Records are sourced from all the resources in
                    this list.";
               }
             }
           }

           leaf data-records {
             type yang:counter64;
             units "Data Records";
             config false;
             description
               "The number of Data Records generated for this sampling
                template.

                Discontinuities in the value of this counter can occur
                at re-initialization of the management system, and at
                other times as indicated by the value of Discontinuity
                Time.";
           }

           leaf discontinuity-time {
             type yang:date-and-time;
             config false;
             description
               "Timestamp of the most recent occasion at which the
                counter data records suffered a discontinuity.";
           }
         }
       }
     }
   }

   <CODE ENDS>

6.  IANA Considerations

   This document registers 1 URI in the "IETF XML Registry".  [RFC3688].
   Following the format in RFC 3688, the following registrations have
   been made.

Arokiaraj & Seda          Expires 11 April 2022                [Page 44]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   URI: urn:ietf:params:xml:ns:yang:ietf-ipfix-data-export
   Registrant Contact: The IESG.
   XML: N/A, the requested URI is an XML namespace.

   This document registers 1 YANG module in the "YANG Module Names"
   registry.  Following the format in [RFC7950], the following have been
   registered.

   Name: ietf-ipfix-data-export
   Namespace: urn:ietf:params:xml:ns:yang:ietf-ipfix-data-export
   Prefix: ipfixde
   Reference: RFC XXXX: YANG Data Model for the IP Flow Information
              Export (IPFIX) Protocol Data Export

7.  Security Considerations

   The YANG module specified in this document defines a schema for data
   that is designed to be accessed via network management protocols such
   as NETCONF [RFC6241] or RESTCONF [RFC8040].  The lowest NETCONF layer
   is the secure transport layer, and the mandatory-to-implement secure
   transport is Secure Shell (SSH) [RFC6242].  The lowest RESTCONF layer
   is HTTPS, and the mandatory-to-implement secure transport is TLS
   [RFC8446].

   The NETCONF access control model [RFC8341] provides the means to
   restrict access for particular NETCONF or RESTCONF users to a
   preconfigured subset of all available NETCONF or RESTCONF protocol
   operations and content.

   There are a number of data nodes defined in this YANG module that are
   writable/creatable/deletable (i.e., config true, which is the
   default).  These data nodes may be considered sensitive or vulnerable
   in some network environments.  Write operations (e.g., NETCONF edit-
   config) to these data nodes without proper protection can have a
   negative effect on network operations.  These are the subtrees and
   data nodes and their sensitivity/vulnerability:

   *  /ipfix-data-export/exporting-process: The configuration parameters
      in this subtree specify to which Collectors Data Records are
      exported.  Write access to this subtree allows exporting
      potentially sensitive information to illegitimate Collectors.
      Furthermore, TLS parameters can be changed, which may affect the
      mutual authentication between Exporters and Collectors as well as
      the encrypted transport of the data.

Arokiaraj & Seda          Expires 11 April 2022                [Page 45]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   *  /ipfix-data-export/data-export/template: The configuration
      parameters in this subtree specify the fields included in the bulk
      data export.  Write access to this subtree allows adding fields
      which may cause export of sensitive configuration and/or
      statistics.

   Some of the readable data nodes in this YANG module may be considered
   sensitive or vulnerable in some network environments.  It is thus
   important to control read access (e.g., via get, get-config, or
   notification) to these data nodes.  These are the subtrees and data
   nodes and their sensitivity/vulnerability:

   *  /ipfix-data-export/exporting-process: Parameters in this subtree
      may be sensitive because they reveal information about the network
      infrastructure and the outgoing IPFIX Transport Sessions.  For
      example, it discloses the IP addresses of Collectors as well as
      the deployed TLS configuration, which may facilitate the
      interception of outgoing IPFIX Messages.

   *  /ipfix-data-export/data-export/template: Parameters in this
      subtree may be sensitive because they reveal information about the
      Monitoring Device itself and the observed traffic.  For example,
      the counters data-records allow inferring the number of packets.

8.  Acknowledgments

   The authors would like to thank Joey Boyd, William Lupton, and Benoit
   Claise for their contributions and feedback towards this document.

9.  Normative References

   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
              DOI 10.17487/RFC3688, January 2004,
              <https://www.rfc-editor.org/info/rfc3688>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/info/rfc5280>.

   [RFC5476]  Claise, B., Ed., Johnson, A., and J. Quittek, "Packet
              Sampling (PSAMP) Protocol Specifications", RFC 5476,
              DOI 10.17487/RFC5476, March 2009,
              <https://www.rfc-editor.org/info/rfc5476>.

Arokiaraj & Seda          Expires 11 April 2022                [Page 46]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   [RFC5610]  Boschi, E., Trammell, B., Mark, L., and T. Zseby,
              "Exporting Type Information for IP Flow Information Export
              (IPFIX) Information Elements", RFC 5610,
              DOI 10.17487/RFC5610, July 2009,
              <https://www.rfc-editor.org/info/rfc5610>.

   [RFC6615]  Dietz, T., Ed., Kobayashi, A., Claise, B., and G. Muenz,
              "Definitions of Managed Objects for IP Flow Information
              Export", RFC 6615, DOI 10.17487/RFC6615, June 2012,
              <https://www.rfc-editor.org/info/rfc6615>.

   [RFC6991]  Schoenwaelder, J., Ed., "Common YANG Data Types",
              RFC 6991, DOI 10.17487/RFC6991, July 2013,
              <https://www.rfc-editor.org/info/rfc6991>.

   [RFC7011]  Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
              "Specification of the IP Flow Information Export (IPFIX)
              Protocol for the Exchange of Flow Information", STD 77,
              RFC 7011, DOI 10.17487/RFC7011, September 2013,
              <https://www.rfc-editor.org/info/rfc7011>.

   [RFC7950]  Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
              RFC 7950, DOI 10.17487/RFC7950, August 2016,
              <https://www.rfc-editor.org/info/rfc7950>.

10.  Informative References

   [IANA-IPFIX]
              IANA, "IP Flow Information Export (IPFIX) Entities",
              <https://www.iana.org/assignments/ipfix>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC5473]  Boschi, E., Mark, L., and B. Claise, "Reducing Redundancy
              in IP Flow Information Export (IPFIX) and Packet Sampling
              (PSAMP) Reports", RFC 5473, DOI 10.17487/RFC5473, March
              2009, <https://www.rfc-editor.org/info/rfc5473>.

   [RFC6241]  Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
              and A. Bierman, Ed., "Network Configuration Protocol
              (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
              <https://www.rfc-editor.org/info/rfc6241>.

Arokiaraj & Seda          Expires 11 April 2022                [Page 47]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   [RFC6242]  Wasserman, M., "Using the NETCONF Protocol over Secure
              Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
              <https://www.rfc-editor.org/info/rfc6242>.

   [RFC8040]  Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
              Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
              <https://www.rfc-editor.org/info/rfc8040>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8340]  Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
              BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
              <https://www.rfc-editor.org/info/rfc8340>.

   [RFC8341]  Bierman, A. and M. Bjorklund, "Network Configuration
              Access Control Model", STD 91, RFC 8341,
              DOI 10.17487/RFC8341, March 2018,
              <https://www.rfc-editor.org/info/rfc8341>.

   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
              <https://www.rfc-editor.org/info/rfc8446>.

Appendix A.  Example: ietf-ipfix-data-export Usage

   The configuration example configures a field-layout template to
   export Ethernet statistics from eth0 and eth1.

Arokiaraj & Seda          Expires 11 April 2022                [Page 48]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   <ipfix-data-export xmlns="urn:ietf:params:xml:ns:yang:ietf-ipfix-data-export">
     <exporting-process>
       <name>ipfix data exporter</name>
       <enabled>true</enabled>
       <destination>
         <name>ipfix-collector</name>
         <exporter>
           <source>
             <source-address>192.100.2.1</source-address>
           </source>
           <destination>
             <destination-address>proxy1.sys.com</destination-address>
           </destination>
         </exporter>
       </destination>
       <options>
         <name>Options 1</name>
         <options-type>extended-type-information</options-type>
         <options-timeout>0</options-timeout>
       </options>
     </exporting-process>
   </ipfix-data-export>

Appendix B.  Tree diagrams

B.1.  ietf-ipfix-data-export

   The complete tree diagram for ietf-ipfix-bulk-data-export:

   module: ietf-ipfix-data-export
     +--rw ipfix-data-export
        +--rw exporting-process* [name] {exporter}?
        |  +--rw name                    name-type
        |  +--rw enabled?                boolean
        |  +--rw export-mode?            identityref
        |  +--rw destination* [name]
        |  |  +--rw name        name-type
        |  |  +--rw exporter
        |  |     +--rw ipfix-version?              uint16
        |  |     +--rw source
        |  |     |  +--rw (source-method)?
        |  |     |     +--:(interface-ref)
        |  |     |     |  +--rw interface-ref?    if:interface-ref
        |  |     |     +--:(if-name) {if-mib}?
        |  |     |     |  +--rw if-name?          string
        |  |     |     +--:(source-address)
        |  |     |        +--rw source-address?   inet:host
        |  |     +--rw destination

Arokiaraj & Seda          Expires 11 April 2022                [Page 49]
Internet-Draft        IPFIX Data Export Data Models         October 2021

        |  |     |  +--rw (destination-method)
        |  |     |     +--:(destination-address)
        |  |     |        +--rw destination-address?   inet:host
        |  |     +--rw destination-port?           inet:port-number
        |  |     +--rw send-buffer-size?           uint32
        |  |     +--rw rate-limit?                 uint32
        |  |     +--rw connection-timeout?         uint32
        |  |     +--rw retry-schedule?             uint32
        |  |     +--rw transport-layer-security!
        |  |     |  +--rw local-certification-authority-dn*    string
        |  |     |  +--rw local-subject-dn*                    string
        |  |     |  +--rw local-subject-fqdn*
        |  |     |  |       inet:domain-name
        |  |     |  +--rw remote-certification-authority-dn*   string
        |  |     |  +--rw remote-subject-dn*                   string
        |  |     |  +--rw remote-subject-fqdn*
        |  |     |          inet:domain-name
        |  |     +--ro transport-session
        |  |        +--ro ipfix-version?                          uint16
        |  |        +--ro source-address?
        |  |        |       inet:host
        |  |        +--ro destination-address?
        |  |        |       inet:host
        |  |        +--ro source-port?
        |  |        |       inet:port-number
        |  |        +--ro destination-port?
        |  |        |       inet:port-number
        |  |        +--ro status?
        |  |        |       transport-session-status
        |  |        +--ro rate?
        |  |        |       yang:gauge32
        |  |        +--ro bytes?
        |  |        |       yang:counter64
        |  |        +--ro messages?
        |  |        |       yang:counter64
        |  |        +--ro discarded-messages?
        |  |        |       yang:counter64
        |  |        +--ro records?
        |  |        |       yang:counter64
        |  |        +--ro templates?
        |  |        |       yang:counter32
        |  |        +--ro options-templates?
        |  |        |       yang:counter32
        |  |        +--ro transport-session-start-time?
        |  |        |       yang:date-and-time
        |  |        +--ro transport-session-discontinuity-time?
        |  |        |       yang:date-and-time
        |  |        +--ro template* [name]

Arokiaraj & Seda          Expires 11 April 2022                [Page 50]
Internet-Draft        IPFIX Data Export Data Models         October 2021

        |  |           +--ro name                           name-type
        |  |           +--ro observation-domain-id?         uint32
        |  |           +--ro template-id?                   uint16
        |  |           +--ro set-id?                        uint16
        |  |           +--ro access-time?
        |  |           |       yang:date-and-time
        |  |           +--ro template-data-records?
        |  |           |       yang:counter64
        |  |           +--ro template-discontinuity-time?
        |  |           |       yang:date-and-time
        |  |           +--ro field* [name]
        |  |              +--ro name                    name-type
        |  |              +--ro ie-id?                  ie-id-type
        |  |              +--ro ie-length?              uint16
        |  |              +--ro ie-enterprise-number?   uint32
        |  |              +--ro is-scope?               empty
        |  +--rw options* [name]
        |  |  +--rw name               name-type
        |  |  +--rw options-type       identityref
        |  |  +--rw options-timeout?   uint32
        |  +--ro exporting-process-id?   uint32
        +--rw data-export
           +--rw template* [name]
              +--rw name                       name-type
              +--rw enabled?                   boolean
              +--rw export-interval?           uint32
              +--rw observation-domain-id?     uint32
              +--rw field-layout
              |  +--rw field* [name]
              |     +--rw name                    name-type
              |     +--rw (identifier)
              |     |  +--:(ie-name)
              |     |  |  +--rw ie-name?          ie-name-type
              |     |  +--:(ie-id)
              |     |     +--rw ie-id?            ie-id-type
              |     +--rw ie-length?              uint16
              |     +--rw ie-enterprise-number?   uint32
              +--rw exporting-process*
              |       -> /ipfix-data-export/exporting-process/name
              |       {exporter}?
              +--rw (resource-identifier)?
              |  +--:(resource-instance)
              |     +--rw resource-instance*   resource
              +--ro data-records?              yang:counter64
              +--ro discontinuity-time?        yang:date-and-time

Authors' Addresses

Arokiaraj & Seda          Expires 11 April 2022                [Page 51]
Internet-Draft        IPFIX Data Export Data Models         October 2021

   Anand Arokiaraj
   Nokia

   Email: anand.arokiaraj@nokia.com

   Marta Seda
   Calix

   Email: marta.seda@calix.com

Arokiaraj & Seda          Expires 11 April 2022                [Page 52]