Internet Draft Andy Bierman Cisco Systems, Inc. 25 November 2000 Remote Monitoring MIB Extensions for Virtual Data Sources Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 [RFC2026]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Distribution of this document is unlimited. Please send comments to the authors. 1. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. 2. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In Internet Draft VDS MIB November 2000 particular, it describes managed objects used for defining virtual data monitoring sources for use with existing RMON MIBs. 3. Table of Contents 1 Copyright Notice ................................................ 1 2 Abstract ........................................................ 1 3 Table of Contents ............................................... 2 4 The SNMP Management Framework ................................... 3 5 Overview ........................................................ 4 5.1 Relationship to the RMON-2 MIB ................................ 4 5.2 Relationship to the SMON MIB .................................. 4 5.3 Relationship to the Interfaces MIB ............................ 5 6 Virtual Data Sources ............................................ 5 6.1 Data Source Framework ......................................... 5 6.2 Virtual Data Source Components ................................ 7 6.3 Packet Selection Mechanisms ................................... 9 6.4 High Capacity Interface Monitoring ............................ 11 6.5 Configuration Restrictions .................................... 11 6.6 Interfaces MIB Implementation Requirements .................... 12 6.6.1 Mapping of the ifIndex object ............................... 12 6.6.2 Mapping of the ifDescr object ............................... 12 6.6.3 Mapping of the ifType object ................................ 12 6.6.4 Mapping of the ifSpeed object ............................... 12 6.6.5 Mapping of the ifPhysAddress object ......................... 12 6.6.6 Mapping of the ifAdminStatus object ......................... 13 6.6.7 Mapping of the ifOperStatus object .......................... 13 6.6.8 Mapping of the ifLastChange object .......................... 13 6.6.9 Mapping of the ifLinkUpDownTrapEnable object ................ 13 6.6.10 Mapping of the ifConnectorPresent object ................... 13 6.6.11 Mapping of the ifHighSpeed object .......................... 13 6.6.12 Mapping of the ifName object ............................... 13 6.6.13 Mapping of the ifNumber object ............................. 14 6.6.14 Mapping of the ifAlias object .............................. 14 6.6.15 Mapping of the ifTableLastChange object .................... 14 6.6.16 Mapping of the ifStackStatus object ........................ 14 6.6.17 Mapping of the ifStackLastChange object .................... 15 6.6.18 Mapping of the ifCounterDiscontinuityTime object ........... 15 7 MIB Description ................................................. 15 7.1 Virtual Data Source Control Group ............................. 15 7.2 Virtual Data Source Packet Selection Algorithms ............... 15 7.2.1 Virtual LAN Based Packet Selection .......................... 15 7.2.2 Network Address Based Packet Selection ...................... 16 7.2.3 Quality of Service Based Packet Selection ................... 16 7.2.4 Protocol Based Packet Selection ............................. 16 Expires May 25, 2001 [Page 2] Internet Draft VDS MIB November 2000 7.2.5 Content (channelTable) Based Packet Selection ............... 16 7.2.6 URL Based Packet Selection .................................. 16 7.3 Changes in the '01' Version ................................... 17 8 Definitions ..................................................... 17 9 Intellectual Property ........................................... 60 10 References ..................................................... 60 11 Security Considerations ........................................ 64 12 Author's Address ............................................... 64 13 Full Copyright Statement ....................................... 65 4. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [RFC2571]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [RFC1155], RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Expires May 25, 2001 [Page 3] Internet Draft VDS MIB November 2000 Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 5. Overview There is a need for a standardized way of defining additional data source capabilities for remote monitoring purposes. It is often desirable to monitor only a subset of the actual network traffic selected by existing RMON data sources. This subset is selected via configuration of various packet classification algorithms. This memo addresses the specific requirements of defining virtual dataSources for use with existing RMON collections, such as those defined in the RMON-1 [STD59], RMON-2 [RFC2021], SMON [RFC2613], and HC- RMON [HC-RMON] MIBs. It also specifies how these virtual data sources should be modeled as 'proprietary virtual' interfaces in the Interfaces MIB [RFC2863]. 5.1. Relationship to the RMON-2 MIB This MIB uses the protocolDirTable [RFC2021] to identify the protocols which are relevant to a particular virtual dataSource. Implementation of the protocolDirectoryGroup is required if protocol-based packet selection is implemented. 5.2. Relationship to the SMON MIB This MIB uses the SmonDataSource textual convention from the SMON MIB [RFC2613]. The virtual data source design specified in this MIB is an extension of the data source architecture defined in the RMON-1 [STD59] and SMON [RFC2613] MIBs. Expires May 25, 2001 [Page 4] Internet Draft VDS MIB November 2000 5.3. Relationship to the Interfaces MIB This MIB uses the Interfaces MIB to model virtual interfaces for remote monitoring purposes. An agent must implement the basic compliance level 'ifConformance2', for each virtual interface. There is one virtual interface for each active virtual data source. 6. Virtual Data Sources Most RMON control tables contain a read-create object that indicates the source of network traffic data for the associated collection. This is in the form of an OBJECT IDENTIFIER, which contains an instance of ifIndex [RFC2863], identifying the interface in the ifTable to monitor. 6.1. Data Source Framework The definition of an 'RMON data source' has evolved over the years. The SmonDataSource [RFC2613] allows physical entities (e.g., backplanes, repeater ports) defined in the Entity MIB [RFC2737] and global VLANs (i.e., all packets on all interfaces with the same VLAN ID) to be used as interfaces, for remote monitoring purposes. In order to preserve backward compatibility with existing RMON MIB definitions, all MIB objects of type DataSource must identify an instance of the ifIndex object. Therefore, a data source control table (dataSourceCapsTable) is used to create extended data sources (of type SmonDataSource). iIf needed, a virtual interface (i.e, ifEntry) is created on behalf of an SmonDataSource entry, to provide an ifEntry to use just for RMON collections. Expires May 25, 2001 [Page 5] Internet Draft VDS MIB November 2000 Figure 1: Current Data Source Framework --------------------------------------- +---------+ +---------+ +---------+ | | | | | | | Real | | ENTMIB | | global | | ifEntry | | PHY | | VLAN | | | | Entity | | | | | | | | | +---------+ +---------+ +---------+ | | | | | | +-----------------+-----------------+ | V +---------+ | | | Smon | | Data | | Source | | | +---------+ | | | for entPhysicalEntries +---------+ | and global VLANs | | | | prop. |<-----------+ | virtual | | ifEntry | | | +---------+ The remote monitoring data source framework needs to be expanded to allow for a more refined form of network traffic selection. A new 'classification-based traffic pre-filter' mechanism is needed. This will allow a network administrator to better focus the monitoring capacity of a given agent implementation, which in turn can reduce the number of MIB objects a management station application needs to retrieve, for a given function. Expires May 25, 2001 [Page 6] Internet Draft VDS MIB November 2000 Figure 2: Proposed Data Source Framework ---------------------------------------- +---------+ +---------+ +---------+ | | | | | | | Real | | ENTMIB | | global | | ifEntry | | PHY | | VLAN | | | | Entity | | | | | | | | | +---------+ +---------+ +---------+ | | | | | | +-----------------+-----------------+ | V +---------+ +---------+ | | | | | Smon | | Virtual | | Data |---------------->| Data | | Source | | Source | | | | | +---------+ +---------+ | | | | | for entPhysicalEntries | +---------+ | and global VLANs | | | | | | prop. |<-----------+ | | virtual |<---------------------------------------+ | ifEntry | for all virtual data sources | | +---------+ 6.2. Virtual Data Source Components A virtual data source is conceptually identical to the existing SmonDataSource mode for global VLANs. Some packet classification is performed on traffic detected on a real packet source, and a portion of that traffic (selected by the classification mechanism) is presented to RMON collections via a propVirtual [IANATYPE] interface. Expires May 25, 2001 [Page 7] Internet Draft VDS MIB November 2000 Figure 3: Virtual Data Source Components ---------------------------------------- +---------+ | | | SMON | Parent Data Source | Data | | Source | | | +---------+ | | | | V +---------+ | | | Packet | Boolean expression based; | Select | combination of one or more | Methods | packet classification methods | | +---------+ | | | | V +---------+ | | | Prop | ifEntry created by the agent | Virtual | for RMON monitoring purposes | ifEntry | | | +---------+ A virtual data source consists of three components: - Parent Data Source Any valid SmonDataSource can be used as the real source of packets. - Packet Selection Several types of packet classification mechanisms are provided to pre-filter traffic from the parent data source. Packets which do not meet the selection criteria are silently dropped by the agent. Expires May 25, 2001 [Page 8] Internet Draft VDS MIB November 2000 - Interface Table Entry The agent creates a single proprietary virtual interface on behalf of each virtual data source. The packets which are selected by the configured pre-filters are passed to this virtual interface. If the parent interface is a full-duplex interface, then the agent should preserve the packet direction information derived from the parent interface. 6.3. Packet Selection Mechanisms An agent must support one or more packet selection mechanisms, and may choose to limit the extent to which selection mechanisms can be combined to form complex packet classifiers. An agent may also choose to limit the number of expressions of the same type, within a single virtual data source. The outcome of the high level packet selection process is a single boolean result (i.e., 'selected' or 'not selected'), for each packet detected on the parent interface. Expires May 25, 2001 [Page 9] Internet Draft VDS MIB November 2000 Figure 4: Packet Selection Framework ------------------------------------ +---------+ +---------+ +---------+ Individual | | | | | | boolean +-+-------+ | +-+-------+ | +-+-------+ | expressions | | | | | | | | | are evaluated | Packet | | | Packet | | | Packet | | in groups, | Select | | | Select | | .. | Select | | forming an | Type 1 +-+ | Type 2 +-+ | Type N +-+ OR expression | | | | | | for each packet +---------+ +---------+ +---------+ selection type | | | | | | | | | V V V +---------+ +---------+ +---------+ | | | | | | The boolean | NOT | | NOT | | NOT | result for each | Type 1 | | Type 2 | .. | Type N | selection type | OR | | OR | | OR | can be inverted | Type 1 | | Type 2 | | Type N | independently +---------+ +---------+ +---------+ | | | | +-----+ | +-----+ | | | AND | | | AND | | +---->| --- |-----+-----| --- |-----+ | OR | | | OR | +-----+ | +-----+ | V +---------+ | | | Boolean | The intersection (AND expression) | Result | or the union (OR expression) of | for the | all results forms the final | packet | boolean result for the packet | | +---------+ Each packet selection mechanism control table shares the same simple indexing structure (e.g., Packet Select Type 1..N above). The major index is an arbitrary integer which defines a particular group of selection expressions, and the minor index is an arbitrary integer which Expires May 25, 2001 [Page 10] Internet Draft VDS MIB November 2000 identifies an individual selection expression within a particular selection group. Entries with the same index values in different packet selection control tables do not share any semantics whatsoever. If the agent allows multiple expressions per selection type, then an expression group is evaluated to produce a boolean result which is the union (OR expression) of all expressions within the group. The boolean result for each packet selection type can be inverted. If the agent allows multiple packet selection types for a single virtual data source, then the results of each selection type are combined to form an AND expression or an OR expression. The result of this boolean expression is used to determine if the packet being evaluated should be presented to the virtual data source for counting purposes. If the result is 'true', then the packet is passed on to the virtual data source, otherwise it is silently dropped. 6.4. High Capacity Interface Monitoring There is a need to standardize the manner in which classification-based pre-filtering is performed on high capacity interfaces, for remote monitoring purposes. It is possible that existing and future probe implementations have the ability to perform some sort of classification based pre-filtering at a much faster rate (e.g., line-rate) than the processing and collecting of arbitrary RMON configurations. It is also possible that management station applications can reduce the NMS and agent resources required to acquire the data relevant to a given monitoring task. This can be realized by reducing both the memory and SNMP polling transactions required. 6.5. Configuration Restrictions A balance is needed between flexibility and complexity, in order to increase the chance of multi-vendor interoperability. Therefore, the following constraints are applied to virtual data sources: - A virtual datasource must be derived directly from a single 'real' dataSource, i.e., any data source other than another virtual dataSource. - Each packet selection mechanism is optional, except that the implementation of at least one of these mechanisms is required. Expires May 25, 2001 [Page 11] Internet Draft VDS MIB November 2000 - The combination and number of configured selection mechanisms is implementation-dependent. 6.6. Interfaces MIB Implementation Requirements The agent is required to maintain certain objects in the Interfaces MIB [RFC2863], on behalf of each active virtual data source. Specifically, minimum conformance to the 'ifConformance2' MODULE-COMPLIANCE is required. One 'proprietary virtual' interface in maintained for each active virtual data source. 6.6.1. Mapping of the ifIndex object The ifIndex value for a virtual data source is chosen by the agent and is simply an arbitrary integer. This value will be stored (as a read- only object) in each virtual data source control entry (in the vdsControlIfIndex object). 6.6.2. Mapping of the ifDescr object The ifDescr value for a virtual data source is chosen by the management station and is a textual description of the virtual data source. This value will be configured in each virtual data source control entry (in the vdsControlIfDescr object). The agent will use this supplied value for the instance of the ifDescr object associated with the entry. 6.6.3. Mapping of the ifType object The interface type for virtual data sources shall be the IANAifType enumeration value 'propVirtual(53)'. [IANATYPE] [Open Issue: should a new IANAifType enumeration be defined for RMON virtual data sources?] 6.6.4. Mapping of the ifSpeed object The ifSpeed object for virtual data sources shall be set to zero. 6.6.5. Mapping of the ifPhysAddress object The ifPhysAddress object for virtual data sources shall be set to a zero length octet string. Expires May 25, 2001 [Page 12] Internet Draft VDS MIB November 2000 6.6.6. Mapping of the ifAdminStatus object The ifAdminStatus object for virtual data sources shall have the value 'up(1)', while the corresponding virtual data source control entry is active, and shall contain the value 'down(2)' otherwise. However, the ifAdminStatus object is not required to be instantiated unless the control entry is active. 6.6.7. Mapping of the ifOperStatus object The ifOperStatus object for virtual data sources shall have the value 'up(1)', while the corresponding virtual data source control entry is active, and shall contain the value 'down(2)' otherwise. However, the ifOperStatus object is not required to be instantiated unless the control entry is active. 6.6.8. Mapping of the ifLastChange object The ifLastChange object for virtual data sources shall have the value of sysUpTime at the time the corresponding virtual data source control entry (i.e., vdsControlStatus) last transitioned to the 'active' state. However, the ifLastChange object is not required to be instantiated unless the control entry is active. 6.6.9. Mapping of the ifLinkUpDownTrapEnable object The ifLinkUpDownTrapEnable object for virtual data sources shall contain the value 'disabled(2)'. Write access to this object is not required (or recommended). 6.6.10. Mapping of the ifConnectorPresent object The ifConnectorPresent object for virtual data sources shall contain the value 'false(2)'. 6.6.11. Mapping of the ifHighSpeed object The ifHighSpeed object for virtual data sources shall contain the value zero. 6.6.12. Mapping of the ifName object The ifName value for a virtual data source is chosen by the management station and is a textual name for the virtual data source. This value will be configured in each virtual data source control entry (in the Expires May 25, 2001 [Page 13] Internet Draft VDS MIB November 2000 vdsControlIfName object). The agent will use this supplied value for the instance of the ifName object associated with the entry. 6.6.13. Mapping of the ifNumber object Implementation of the ifNumber is required. Instantiation of a virtual interface on behalf of a virtual data source control entry shall cause ifNumber to be incremented by one. Destruction of a virtual interface upon the destruction of a virtual data source control entry shall cause ifNumber to be decremented by one. 6.6.14. Mapping of the ifAlias object The ifAlias value for a virtual data source is chosen by the management station and is a textual alias, intended to be saved in non-volatile storage, for the virtual data source. This value will be configured in each virtual data source control entry (in the vdsControlIfAlias object). The agent will use this supplied value for the instance of the ifAlias object associated with the entry. 6.6.15. Mapping of the ifTableLastChange object Implementation of the ifTableLastChange object is required. Creation or deletion of virtual interfaces on behalf of virtual data sources shall cause the ifTableLastChange object to be updated with the current sysUpTime. 6.6.16. Mapping of the ifStackStatus object Implementation of the ifStackTable is required. For each virtual interface maintained on behalf of a virtual data source control entry, an instance of the ifStackStatus object shall exist, with the following form: ifStackStatus.x.y=active where: x = ifIndex value of the virtual interface for the virtual data source y = ifIndex value of the parent interface configured in the virtual data source Expires May 25, 2001 [Page 14] Internet Draft VDS MIB November 2000 6.6.17. Mapping of the ifStackLastChange object Implementation of the ifStackLastChange object is required. Creation or deletion of virtual interfaces on behalf of virtual data sources shall cause the ifStackLastChange object to be updated with the current sysUpTime. 6.6.18. Mapping of the ifCounterDiscontinuityTime object Implementation of any Interfaces MIB counters is not required. However, if such counters are instantiated for a virtual interface (on behalf of a virtual data source), then this object should be implemented. Otherwise, the agent shall set this object to zero. 7. MIB Description The MIB contains a common control table for each virtual data source maintained by the agent, and a table for each type of pre-filter packet selection algorithm supported by the agent. There is also a scalar object to identify the packet selection capabilities of the agent. 7.1. Virtual Data Source Control Group This group contains the vdsControlTable and the vdsSelectCaps scalar object. Each vdsControlEntry contains a group of packet selection 'index pointers'. These pointers either contain a value of zero to indicate that a mechanism is not used, or a non-zero value to indicate the 'major index' into the appropriate packet selection control table. 7.2. Virtual Data Source Packet Selection Algorithms There are several mechanisms provided, within the framework defined in section x.x: - Virtual LAN Based Packet Selection - Network Address Based Packet Selection - Quality of Service Based Packet Selection - Protocol Based Packet Selection - Content (channelTable) Based Packet Selection - URL Based Packet Selection 7.2.1. Virtual LAN Based Packet Selection The vdsVlanSelTable is used to specify one or more IEEE 802.1Q Virtual LAN IDs as part or all of a virtual dataSource. Expires May 25, 2001 [Page 15] Internet Draft VDS MIB November 2000 7.2.2. Network Address Based Packet Selection The vdsAddrSelTable is used to specify one or more masked network address or address-pair filters to isolate traffic by host or conversation for individual interfaces or groupings (e.g., subnets) of addresses. 7.2.3. Quality of Service Based Packet Selection The vdsQosSelTable is used to specify one or more numeric 'Quality of Service' identifiers, as part or all of a virtual dataSource. There are three QoS mechanisms supported: - IP Precedence value - DIFFSERV Codepoint - IEEE 802.1p user_priority 7.2.4. Protocol Based Packet Selection The vdsProtoSelTable is used to specify one or more protocol encapsulations, as part or all of a virtual dataSource. The RMON-2 protocolDirTable is used to identify these encapsulations. 7.2.5. Content (channelTable) Based Packet Selection The vdsChanSelTable is used to specify one or more channelEntries, as part or all of a virtual dataSource. The RMON-1 filter and channel groups must be implemented to support this feature. This selection mechanism should only be used if none of the other classification mechanisms is appropriate, or if content based packet selection is required. Refer to the RMON-1 MIB [STD59] for details on configuring the filterTable and channelTable. 7.2.6. URL Based Packet Selection The vdsUrlSelTable is used to specify one or more Uniform Resource Locator strings, as part or all of a virtual dataSource. This mechanism first selects all all encapsulations of the HyperText Transfer Protocol (HTTP), then selects all packets associated with HTTP GET or POST transactions for specific 'URL strings'. Expires May 25, 2001 [Page 16] Internet Draft VDS MIB November 2000 7.3. Changes in the '01' Version The following changes have been made in this revision of the VDS MIB module: - Virtual Circuit (DLCI) selection mechanism removed since DLCIs will be monitored via individual ifIndex assignments - StorageType object added to each control table - IP Precedence support added to the vdsQosSelTable, by defining a new 'ipPrecedence' enumeration for the vdsQosSelType object - URL Query String selection support added to the vdsUrlSelTable, by defining a new 'urlQueryString' BIT field for the vdsUrlSelMatchFields object 8. Definitions VDS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, experimental FROM SNMPv2-SMI TruthValue, DisplayString, RowStatus, StorageType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF OwnerString FROM RMON-MIB SmonDataSource FROM SMON-MIB InterfaceIndexOrZero FROM IF-MIB; vdsMIB MODULE-IDENTITY LAST-UPDATED "200011250000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Andy Bierman Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 +1 408-527-3711 abierman@cisco.com" Expires May 25, 2001 [Page 17] Internet Draft VDS MIB November 2000 DESCRIPTION "The MIB module for representing Virtual Data Source Extensions to the Remote Monitoring MIB." REVISION "200011250000Z" DESCRIPTION "Initial Version of the Virtual Data Source MIB." ::= { experimental xxx } -- no number assigned vdsMIBObjects OBJECT IDENTIFIER ::= { vdsMIB 1 } vdsControl OBJECT IDENTIFIER ::= { vdsMIBObjects 1 } vdsSelect OBJECT IDENTIFIER ::= { vdsMIBObjects 2 } -- -- scalar identifying packet selection capabilities -- vdsSelectCaps OBJECT-TYPE SYNTAX BITS { vlanSelect(0), vlanMulti(1), addrSelect(2), addrMulti(3), qosSelect(4), qosMulti(5), protoSelect(6), protoMulti(7), chanSelect(8), chanMulti(9), urlSelect(10), urlMulti(11), comboSelect(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of the virtual data source packet selection capabilities of this agent. This object should be set during system initialization, and should remain stable until the next re-initialization of the agent. If this agent supports virtual LAN based packet selection, and therefore allows entries to be created in the vdsVlanSelTable, then the 'vlanSelect' BIT will be set. If Expires May 25, 2001 [Page 18] Internet Draft VDS MIB November 2000 this agent allows multiple vdsVlanSelEntries to be configured for a single virtual data source, then the 'vlanMulti' BIT will be set. If this agent supports network address based packet selection, and therefore allows entries to be created in the vdsAddrSelTable, then the 'addrSelect' BIT will be set. If this agent allows multiple vdsAddrSelEntries to be configured for a single virtual data source, then the 'addrMulti' BIT will be set. If this agent supports protocol based packet selection, and therefore allows entries to be created in the vdsProtoSelTable, then the 'protoSelect' BIT will be set. If this agent allows multiple vdsProtoSelEntries to be configured for a single virtual data source, then the 'protoMulti' BIT will be set. If this agent supports QoS based packet selection, and therefore allows entries to be created in the vdsQosSelTable, then the 'qosSelect' BIT will be set. If this agent allows multiple vdsQosSelEntries to be configured for a single virtual data source, then the 'qosMulti' BIT will be set. If this agent supports channelTable based packet selection, and therefore allows entries to be created in the vdsChanSelTable, then the 'chanSelect' BIT will be set. If this agent allows multiple vdsChanSelEntries to be configured for a single virtual data source, then the 'chanMulti' BIT will be set. If this agent supports URL based HTTP packet selection, and therefore allows entries to be created in the vdsUrlSelTable, then the 'urlSelect' BIT will be set. If this agent allows multiple vdsUrlSelEntries to be configured for a single virtual data source, then the 'urlMulti' BIT will be set. If this agent supports combinations of packet selection mechanisms to be used within the same virtual data source, and therefore allows entries to be created in at least two of the vds*SelTables, then the 'comboSelect' BIT will be set." ::= { vdsControl 1 } Expires May 25, 2001 [Page 19] Internet Draft VDS MIB November 2000 -- -- Virtual Data Source Control Table -- vdsControlTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains one row per virtual data source, as configured by NMS application(s). It is used to control the overall configuration of each virtual data source. The agent will maintain a proprietary virtual interface, on behalf of each active vdsControlEntry. All packets which are monitored on the 'parent' interface (identified by the vdsControlParent object) will be classified and processed according to the configuration for each relevant vdsControlEntry and associated vds*SelEntries. Each of the selection algorithms produces a boolean result (i.e., 'selected' or 'not selected'), and these results are combined (i.e., logical AND/OR expression) to produce a single boolean result for the packet. If a packet is selected, then it will be somehow presented for monitoring on the associated virtual interface maintained by the agent. Since a virtual interface only exists in the RMON agent, it is expected that the same agent will be supporting an implementation of one or more RMON MIBs, which will allow RMON control table dataSource objects to reference the ifEntry created on behalf of a vdsControlEntry. The implementation details of this 'linkage', or any use of this ifEntry other than remote monitoring, is outside the scope of this document. Additional entries in the vdsVlanSelTable, vdsAddrSelTable, vdsProtoSelTable, vdsQosSelTable, vdsChanSelTable, and/or vdsUrlSelTable will be required, depending on the configuration of this entry. At least one selection mechanism must be configured per vdsControlEntry. The initial state of all packet selection algorithms is 'not selected', therefore a virtual data source will have no effect unless a vds*SelEntry is properly Expires May 25, 2001 [Page 20] Internet Draft VDS MIB November 2000 configured (in addition to this entry). NMS applications must configure the appropriate vds*SelEntries before activated this control entry, and those vds*SelEntries may not be modified while this entry is active. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." ::= { vdsControl 2 } vdsControlEntry OBJECT-TYPE SYNTAX VdsControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular virtual data source." INDEX { vdsControlIndex } ::= { vdsControlTable 1 } VdsControlEntry ::= SEQUENCE { vdsControlIndex Integer32, vdsControlParent SmonDataSource, vdsControlIfDescr DisplayString, vdsControlIfName DisplayString, vdsControlIfAlias DisplayString, vdsControlVlanSelIndex Integer32, vdsControlVlanSelNegate TruthValue, vdsControlAddrSelIndex Integer32, vdsControlAddrSelNegate TruthValue, vdsControlProtoSelIndex Integer32, vdsControlProtoSelNegate TruthValue, vdsControlQosSelIndex Integer32, vdsControlQosSelNegate TruthValue, vdsControlChanSelIndex Integer32, vdsControlUrlSelIndex Integer32, vdsControlUrlSelNegate TruthValue, vdsControlExprType INTEGER, vdsControlIfIndex InterfaceIndexOrZero, vdsControlOwner OwnerString, vdsControlStorageType StorageType, vdsControlStatus RowStatus } Expires May 25, 2001 [Page 21] Internet Draft VDS MIB November 2000 vdsControlIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsControlEntry." ::= { vdsControlEntry 1 } vdsControlParent OBJECT-TYPE SYNTAX SmonDataSource MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the actual data source to be used as the source of all packets for this virtual data source. A valid dataSourceCapsEntry must be maintained by the agent on behalf of this 'parent' interface. If the ifOperStatus for the parent's ifEntry is not equal to 'up', then no packets will be available to this virtual data source. This object must identify a valid SmonDataSource. Virtual data sources cannot be represented in the SMON dataSourceCapsTable. However, the dataSourceRmonCaps object in the dataSourceCapsEntry for this entry can be used to identify most of the attributes that a virtual data source inherits from its parent. The 'countErrFrames', 'countAllGoodFrames', and 'babyGiantsCountAsGood' BITs are all inherited from the parent data source. The 'countAnyRmonTables' BIT is not inherited, as it is assumed to be set for virtual data sources. An agent is required to support at least one RMON collection type for each virtual data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." REFERENCE "Remote Network Monitoring MIB Extensions for Switched Networks, RFC 2613, section 2.3.1, and section 5." ::= { vdsControlEntry 2 } vdsControlIfDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-create Expires May 25, 2001 [Page 22] Internet Draft VDS MIB November 2000 STATUS current DESCRIPTION "A textual string describing this virtual data source. This configured value is used for the value of the ifDescr instance created on behalf of this control entry." ::= { vdsControlEntry 3 } vdsControlIfName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "A textual string naming this virtual data source. This configured value is used for the value of the ifName instance created on behalf of this control entry." ::= { vdsControlEntry 4 } vdsControlIfAlias OBJECT-TYPE SYNTAX DisplayString (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "A textual string specifying an alias name for this virtual data source. This configured value is used for the value of the ifAlias instance created on behalf of this control entry." ::= { vdsControlEntry 5 } vdsControlVlanSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any Virtual LAN traffic selection is performed on behalf of this vdsControlEntry, and is used in conjunction with the vdsControlVlanSelNegate object. If this object contains the value zero, then no Virtual LAN based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsVlanSelTable, (i.e., with the same vdsVlanSelIndex value as identified by this object) which specify the Virtual LANs to select for monitoring, from the parent data source. Expires May 25, 2001 [Page 23] Internet Draft VDS MIB November 2000 This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 6 } vdsControlVlanSelNegate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the boolean sense of the result of the Virtual LAN based packet selection algorithm, and has no effect if the associated vdsControlVlanSelIndex object is equal to zero. If a packet that is 'tested' against the selection list (specified by the vdsControlVlanSelIndex) would be selected, and this object equals 'true', then the packet is not selected. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." DEFVAL { false } ::= { vdsControlEntry 7 } vdsControlAddrSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any network address based traffic selection is performed on behalf of this vdsControlEntry, and is used in conjunction with the vdsControlAddrSelNegate object. If this object contains the value zero, then no network address based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsAddrSelTable, (i.e., with the same vdsAddrSelIndex value as identified by this object) which specify the hosts and/or host-pairs to select for monitoring, from the parent data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 8 } Expires May 25, 2001 [Page 24] Internet Draft VDS MIB November 2000 vdsControlAddrSelNegate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the boolean sense of the result of the network address based packet selection algorithm, and has no effect if the associated vdsControlAddrSelIndex object is equal to zero. If a packet that is 'tested' against the selection list (specified by the vdsControlAddrSelIndex) would be selected, and this object equals 'true', then the packet is not selected. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." DEFVAL { false } ::= { vdsControlEntry 9 } vdsControlProtoSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any protocol based traffic selection is performed on behalf of this vdsControlEntry, and is used in conjunction with the vdsControlProtoSelNegate object. If this object contains the value zero, then no protocol based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsProtoSelTable, (i.e., with the same vdsProtoSelIndex value as identified by this object) which specify the protocol encapsulations to select for monitoring, from the parent data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 10 } vdsControlProtoSelNegate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create Expires May 25, 2001 [Page 25] Internet Draft VDS MIB November 2000 STATUS current DESCRIPTION "This object controls the boolean sense of the result of the protocol based packet selection algorithm, and has no effect if the associated vdsControlProtoSelIndex object is equal to zero. If a packet that is 'tested' against the selection list (specified by the vdsControlProtoSelIndex) would be selected, and this object equals 'true', then the packet is not selected. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." DEFVAL { false } ::= { vdsControlEntry 11 } vdsControlQosSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any quality of service based traffic selection is performed on behalf of this vdsControlEntry, and is used in conjunction with the vdsControlQosSelNegate object. If this object contains the value zero, then no quality of service based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsQosSelTable, (i.e., with the same vdsQosSelIndex value as identified by this object) which specify the QoS classifications to select for monitoring, from the parent data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 12 } vdsControlQosSelNegate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the boolean sense of the result of the Expires May 25, 2001 [Page 26] Internet Draft VDS MIB November 2000 quality of service based packet selection algorithm, and has no effect if the associated vdsControlQosSelIndex object is equal to zero. If a packet that is 'tested' against the selection list (specified by the vdsControlQosSelIndex) would be selected, and this object equals 'true', then the packet is not selected. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." DEFVAL { false } ::= { vdsControlEntry 13 } vdsControlChanSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any content (channelTable) based traffic selection is performed on behalf of this vdsControlEntry. If this object contains the value zero, then no content based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsChanSelTable, (i.e., with the same vdsChanSelIndex value as identified by this object) which specify the RMON channels to select for monitoring, from the parent data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 14 } vdsControlUrlSelIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls whether any URL based traffic selection is performed on behalf of this vdsControlEntry, and is used in conjunction with the vdsControlUrlSelNegate object. Expires May 25, 2001 [Page 27] Internet Draft VDS MIB November 2000 If this object contains the value zero, then no URL based traffic selection is performed on behalf of this vdsControlEntry. Otherwise, this object identifies one or more rows in the vdsUrlSelTable, (i.e., with the same vdsUrlSelIndex value as identified by this object) which specify the URL classifications to select for monitoring, from the parent data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 15 } vdsControlUrlSelNegate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the boolean sense of the result of the URL based packet selection algorithm, and has no effect if the associated vdsControlUrlSelIndex object is equal to zero. If a packet that is 'tested' against the selection list (specified by the vdsControlUrlSelIndex) would be selected, and this object equals 'true', then the packet is not selected. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." DEFVAL { false } ::= { vdsControlEntry 16 } vdsControlExprType OBJECT-TYPE SYNTAX INTEGER { union(1), intersect(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls how the various packet selection mechanisms are combined, on behalf of this vdsControlEntry. Each vds*SelTable group configured on behalf of this entry will be evaluated according to the rules specified in each Expires May 25, 2001 [Page 28] Internet Draft VDS MIB November 2000 table. If combinations of packet selection sources are supported, then this object can be used to control how the boolean results from each selection process are combined. If this object contains the value 'union(1)', then the packets contained in this virtual data source are selected by the union of all packet selection mechanisms specified in this entry. I.e., any configured selection mechanism that produces a 'selected' result will cause a packet to be selected for the virtual data source. If this object contains the value 'intersect(1)', then the packets contained in this virtual data source are selected by the intersection of all packet selection mechanisms specified in this entry. I.e., all configured selection mechanisms must produce a 'selected' result, for a packet to be selected for the virtual data source. This object may not be modified if the associated vdsControlStatus object is equal to active(1)." ::= { vdsControlEntry 17 } vdsControlIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the virtual interface that has been created on behalf of this vdsControlEntry. Unless this entry is activated, this object will contain the value zero. Upon row activation, the agent will set this object to the ifIndex value assigned on behalf of this vdsControlEntry. The associated ifEntry (with an ifType of 'propVirtual') will exist in the ifTable as long as this entry is active." ::= { vdsControlEntry 18 } vdsControlOwner OBJECT-TYPE SYNTAX OwnerString MAX-ACCESS read-create STATUS current Expires May 25, 2001 [Page 29] Internet Draft VDS MIB November 2000 DESCRIPTION "The entity that configured this entry and is therefore using the resources assigned to it." ::= { vdsControlEntry 19 } vdsControlStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsControlEntry 20 } vdsControlStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this virtual data source entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. If this object is not equal to active(1), any RMON collection data in progress, for which the dataSource object references the ifEntry associated with this virtual data source, and the ifEntry itself, shall be deleted." ::= { vdsControlEntry 21 } -- -- Virtual LAN Select Table -- vdsVlanSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsVlanSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how Virtual LAN based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. For each vdsControlEntry that references this table, the vdsControlParent object must specify a data source in the Expires May 25, 2001 [Page 30] Internet Draft VDS MIB November 2000 form 'ifIndex.', where 'I' represents an ifIndex value of an interface which supports IEEE 802.1Q VLAN encapsulation. VLAN data sources are identified by the IEEE VLAN ID field [DOT1Q]. All packets which belong to the VLAN identified by the vdsVlanSelVID object shall be selected. All entries with the same vdsControlVlanSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." REFERENCE "Draft Standard for Virtual Bridged Local Area Networks, P802.1Q/D10, chapter 3.13" ::= { vdsSelect 1 } vdsVlanSelEntry OBJECT-TYPE SYNTAX VdsVlanSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular Virtual LAN based packet selection control entry." INDEX { vdsVlanSelIndex, vdsVlanSelSubIndex } ::= { vdsVlanSelTable 1 } VdsVlanSelEntry ::= SEQUENCE { vdsVlanSelIndex Integer32, vdsVlanSelSubIndex Integer32, vdsVlanSelVID Integer32, vdsVlanSelStorageType StorageType, vdsVlanSelStatus RowStatus } vdsVlanSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current Expires May 25, 2001 [Page 31] Internet Draft VDS MIB November 2000 DESCRIPTION "An arbitrary and unique group index for this vdsVlanSelEntry. All entries in this table, for which this object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsVlanSelEntry 1 } vdsVlanSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsVlanSelEntry. Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsVlanSelEntry 2 } vdsVlanSelVID OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "The VLAN ID value to be used for packet selection. Packets determined to belong to the VLAN identified by this object will be included for selection. The packets selected are based on the IEEE 802.1Q VLAN-ID (VID), for each good frame attributed to the data source for the collection. Tagged packets match the VID for the range between 1 and 4094. An external RMON probe MAY detect VID=0 on an Inter Switch Link, in which case the packet belongs to a VLAN determined by the PVID of the ingress port. This object may not be modified if the associated vdsVlanSelStatus object is equal to active(1)." ::= { vdsVlanSelEntry 3 } vdsVlanSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." Expires May 25, 2001 [Page 32] Internet Draft VDS MIB November 2000 ::= { vdsVlanSelEntry 4 } vdsVlanSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this Virtual LAN selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. This object may not be modified while any vdsControlEntry that references this entry is active." ::= { vdsVlanSelEntry 5 } -- -- Network Address Select Table -- vdsAddrSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsAddrSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how network address based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. Packet selection can be based on a single host address, or a host-address pair, and is determined only by the Source and Destination addresses found in each packet, not by the 'packet direction' on the network. One address or address- pair is specified in each vdsAddrSelEntry. All entries with the same vdsControlAddrSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual Expires May 25, 2001 [Page 33] Internet Draft VDS MIB November 2000 configurations will be constrained by agent functionality and platform resources." ::= { vdsSelect 2 } vdsAddrSelEntry OBJECT-TYPE SYNTAX VdsAddrSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular address based packet selection control entry." INDEX { vdsAddrSelIndex, vdsAddrSelSubIndex } ::= { vdsAddrSelTable 1 } VdsAddrSelEntry ::= SEQUENCE { vdsAddrSelIndex Integer32, vdsAddrSelSubIndex Integer32, vdsAddrSelType INTEGER, vdsAddrSelNetProtoID OCTET STRING, vdsAddrSelNetProtoParms OCTET STRING, vdsAddrSelHost1Addr OCTET STRING, vdsAddrSelHost1Mask OCTET STRING, vdsAddrSelHost2Addr OCTET STRING, vdsAddrSelHost2Mask OCTET STRING, vdsAddrSelStorageType StorageType, vdsAddrSelStatus RowStatus } vdsAddrSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique group index for this vdsAddrSelEntry. All entries in this table, for which this object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsAddrSelEntry 1 } vdsAddrSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsAddrSelEntry. Expires May 25, 2001 [Page 34] Internet Draft VDS MIB November 2000 Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsAddrSelEntry 2 } vdsAddrSelType OBJECT-TYPE SYNTAX INTEGER { host(1), conversation(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the way vdsAddrSelEntries are evaluated, for packet selection purposes. If this object has a value of 'host(1)', then this entry selects all packets addressed to or from 'host1', and only the vdsAddrSelHost1 and vdsAddrSelHost1Mask objects are used in this packet selection process. Refer to the description clauses for these objects for details on the packet selection algorithm. If this object has a value of 'conversation(2)', then this entry selects all packets addressed from 'host1' to 'host2', and all packets addressed from 'host2' to 'host1'. The vdsAddrSelHost1, vdsAddrSelHost1Mask, vdsAddrSelHost2 and vdsAddrSelHost2Mask objects are used in the packet selection process. Refer to the description clauses for these objects for details on the packet selection algorithm. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 3 } vdsAddrSelNetProtoID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used in conjunction with the vdsAddrSelNetProtoParms object to specify the protocolDirEntry which identifies the network layer protocol used in this entry. Only packets which contain a network layer protocol which matches the protocol identified by this entry will be considered in the address based packet Expires May 25, 2001 [Page 35] Internet Draft VDS MIB November 2000 selection algorithms defined in this table. If an 'exact' encapsulation of a network protocol is specified, (e.g., a specific base layer encapsulation is present instead of a 'wild-card' base layer, or a tunneled network encapsulation is present) then only packets which match the same encapsulation (i.e., same protocols up to and including the last protocol layer specified in this entry) will be considered in the address based packet selection algorithms defined in this table. The associated vdsAddrSelHost1, vdsAddrSelHostMask, vdsAddrSelHost2, and vdsAddrSelHost2Mask objects will be interpreted according to the value of this object and the associated vdsAddrSelNetProtoParms object. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 4 } vdsAddrSelNetProtoParms OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used in conjunction with the vdsAddrSelNetProtoID object to specify the protocolDirEntry which identifies the network layer protocol used in this entry. The associated vdsAddrSelHost1, vdsAddrSelHostMask, vdsAddrSelHost2, and vdsAddrSelHost2Mask objects will be interpreted according to the value of this object and the associated vdsAddrSelNetProtoID object. Refer to the vdsAddrSelNetProtoID description clause for more details pertaining to this object. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 5 } vdsAddrSelHost1Addr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create Expires May 25, 2001 [Page 36] Internet Draft VDS MIB November 2000 STATUS current DESCRIPTION "This object identifies a network address to be used as a parameter in the address based packet selection process. It must be a well-formed address according to the encoding rules defined for the network protocol for this entry (identified by the vdsAddrSelNetProtoID and vdsAddrSelNetProtoParms objects). For each examined packet which matches the network type (according to the algorithm defined in the vdsAddrSelNetProtoID object): 1) 'Bitwise AND' each octet of this object with each octet of the associated vdsAddrSelHost1Mask value. Note that the result of this step is a constant value, and may be used for all relevant packets, rather than re-computing this value each time a packet is processed. 2) 'Bitwise AND' each octet of the network source address in the packet with each octet of the associated vdsAddrSelHost1Mask value 3) Compare the results of step (1) and step (2); if equal, the packet is selected; otherwise continue to step (4) 4) 'Bitwise AND' each octet of the network destination address in the packet with each octet of the associated vdsAddrSelHost1Mask value 5) Compare the results of step (1) and step (4); if equal, the packet is selected, otherwise it is not selected. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 7 } vdsAddrSelHost1Mask OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies a mask that may be applied during network address packet selection. It is used differently, depending on the value of the associated vdsAddrSelType object. Expires May 25, 2001 [Page 37] Internet Draft VDS MIB November 2000 It must be a well-formed address mask, according to the encoding rules defined for the network protocol for this entry (identified by the vdsAddrSelNetProtoID and vdsAddrSelNetProtoParms objects). If this object is smaller in length than the vdsAddrSelHost1Addr object, then this object shall be conceptually extended with 'one' bits. If this object is larger in length than the vdsAddrSelHost1Addr object, then the extra bits in this object shall be ignored during packet processing on behalf of this entry. Refer to the vdsAddrSelHost1Addr description clause for more details pertaining to this object. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 8 } vdsAddrSelHost2Addr OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies a network address to be used as a parameter in the address based packet selection process. If the associated vdsAddrSelType object is equal to 'host(1)', then this object is ignored by the agent. Otherwise, this object must identify a well-formed address according to the encoding rules defined for the network protocol for this entry (identified by the vdsAddrSelNetProtoID and vdsAddrSelNetProtoParms objects), and the following algorithm is used to select packets on behalf of this entry: For each examined packet which matches the network type (according to the algorithm defined in the vdsAddrSelNetProtoID object): 1) 'Bitwise AND' each octet of the vdsAddrSelHost1Addr object with each octet of the associated vdsAddrSelHost1Mask value. Note that the result of this step is a constant value, and may be used for Expires May 25, 2001 [Page 38] Internet Draft VDS MIB November 2000 all relevant packets, rather than re-computing this value each time a packet is processed. 2) 'Bitwise AND' this each octet of object object with each octet of the associated vdsAddrSelHost2Mask value. Note that the result of this step is a constant value, and may be used for all relevant packets, rather than re-computing this value each time a packet is processed. 3) 'Bitwise AND' each octet of the network source address in the packet with each octet of the associated vdsAddrSelHost1Mask value 4) 'Bitwise AND' the each octet of the network destination address in the packet with each octet of the associated vdsAddrSelHost2Mask value 5) (Check if host1 is sending to host2) Compare the results of step (1) and step (3); Compare the results of step (2) and step (4); If the results of step (1) equals the results of step (3), and the results of step (2) equals the results of step (4), then the packet is selected; Otherwise continue to step (6) 6) (Check if host2 is sending to host1) Compare the results of step (1) and step (4); Compare the results of step (2) and step (3); If the results of step (1) equals the results of step (4), and the results of step (2) equals the results of step (3), then the packet is selected; Otherwise the packet is not selected. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 9 } vdsAddrSelHost2Mask OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies a mask that may be applied during network address packet selection. If the associated vdsAddrSelType object is equal to 'host(1)', then this object is ignored by the agent. Expires May 25, 2001 [Page 39] Internet Draft VDS MIB November 2000 Otherwise, this object must identify a well-formed address mask, according to the encoding rules defined for the network protocol for this entry (identified by the vdsAddrSelNetProtoID and vdsAddrSelNetProtoParms objects), and the algorithm defined in the vdsAddrSelHost2Addr object is used to select packets on behalf of this entry. If this object is smaller in length than the vdsAddrSelHost2Addr object, then this object shall be conceptually extended with 'one' bits. If this object is larger in length than the vdsAddrSelHost2Addr object, then the extra bits in this object shall be ignored during packet processing on behalf of this entry. Refer to the vdsAddrSelHost2Addr description clause for more details pertaining to this object. This object may not be modified if the associated vdsAddrSelStatus object is equal to active(1)." ::= { vdsAddrSelEntry 10 } vdsAddrSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsAddrSelEntry 11 } vdsAddrSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this address based packet selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. This object may not be modified while any vdsControlEntry that references this entry is active." ::= { vdsAddrSelEntry 12 } -- Expires May 25, 2001 [Page 40] Internet Draft VDS MIB November 2000 -- Protocol Select Table -- vdsProtoSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsProtoSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how protocol based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. A packet is selected if its protocol encapsulations match all of those specified by the vdsProtoSelID and vdsProtoSelParms objects in this entry. Note that the specified encapsulation may identify an internal protocol or a leaf (application) protocol, and the base layer may contain wild-card or exact encapsulations. All entries with the same vdsControlProtoSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." REFERENCE "Remote Network Monitoring Management Information Base Version 2 using SMIv2, RFC 2021, section 6." ::= { vdsSelect 3 } vdsProtoSelEntry OBJECT-TYPE SYNTAX VdsProtoSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular protocol based packet selection control entry." INDEX { vdsProtoSelIndex, vdsProtoSelSubIndex } ::= { vdsProtoSelTable 1 } Expires May 25, 2001 [Page 41] Internet Draft VDS MIB November 2000 VdsProtoSelEntry ::= SEQUENCE { vdsProtoSelIndex Integer32, vdsProtoSelSubIndex Integer32, vdsProtoSelID OCTET STRING, vdsProtoSelParms OCTET STRING, vdsProtoSelStorageType StorageType, vdsProtoSelStatus RowStatus } vdsProtoSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique group index for this vdsProtoSelEntry. All entries in this table, for which this object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsProtoSelEntry 1 } vdsProtoSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsProtoSelEntry. Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsProtoSelEntry 2 } vdsProtoSelID OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the protocolDirID portion of the index value which identifies the protocol encapsulation used in this entry. It is used in conjunction with the vdsProtoSelParms object to specify the protocolDirEntry associated with this entry. Packets which match all the protocol encapsulations identified by this entry are selected for processing, on behalf of a particular vdsControlEntry. Expires May 25, 2001 [Page 42] Internet Draft VDS MIB November 2000 Only the protocol layers identified by this entry are compared, even if additional protocol layers are present in the packet. This object may not be modified if the associated vdsProtoSelStatus object is equal to active(1)." ::= { vdsProtoSelEntry 3 } vdsProtoSelParms OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the protocolDirParameters portion of the index value which identifies the protocol encapsulation used in this entry. It is used in conjunction with the vdsProtoSelID object to specify the protocolDirEntry associated with this entry. Refer to the vdsProtoSelID description clause for more details pertaining to this object. This object may not be modified if the associated vdsProtoSelStatus object is equal to active(1)." ::= { vdsProtoSelEntry 4 } vdsProtoSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsProtoSelEntry 5 } vdsProtoSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this protocol based packet selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. This object may not be modified while any vdsControlEntry Expires May 25, 2001 [Page 43] Internet Draft VDS MIB November 2000 that references this entry is active." ::= { vdsProtoSelEntry 6 } -- -- Quality of Service Packet Select Table -- vdsQosSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsQosSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how Quality of Service based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. QoS data sources are identified by the type of QoS classification mechanism, and particular QoS classification values. All packets which match the configured QoS classifications are selected. Packet selection can be based on the following types of QoS: - DIFFSERV CodePoint (DSCP) - IEEE 802.1p user_priority field All entries with the same vdsControlQosSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." ::= { vdsSelect 4 } vdsQosSelEntry OBJECT-TYPE SYNTAX VdsQosSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular QoS based packet selection Expires May 25, 2001 [Page 44] Internet Draft VDS MIB November 2000 control entry." INDEX { vdsQosSelIndex, vdsQosSelSubIndex } ::= { vdsQosSelTable 1 } VdsQosSelEntry ::= SEQUENCE { vdsQosSelIndex Integer32, vdsQosSelSubIndex Integer32, vdsQosSelType INTEGER, vdsQosSelValue Integer32, vdsQosSelStorageType StorageType, vdsQosSelStatus RowStatus } vdsQosSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique group index for this vdsQosSelEntry. All entries in this table, for which this object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsQosSelEntry 1 } vdsQosSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsQosSelEntry. Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsQosSelEntry 2 } vdsQosSelType OBJECT-TYPE SYNTAX INTEGER { ipPrecedence(1), dscp(2), dot1qPrio(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object controls the way vdsQosSelEntries are evaluated, for packet selection purposes. Expires May 25, 2001 [Page 45] Internet Draft VDS MIB November 2000 If this object has a value of 'ipPrecedence(1)', then this entry selects all packets with the same IP header Precedence field value. If this object has a value of 'dscp(2)', then this entry selects all IPv4 and IPv6 packets with the same DIFFSERV CodePoint value as that specified in the associated vdsQosSelValue object. If this object has a value of 'dot1qPrio(3)', then this entry selects all IEEE 802.1Q VLAN based packets with the same 'user_priority' value as that specified in the associated vdsQosSelValue object. This object may not be modified if the associated vdsQosSelStatus object is equal to active(1)." ::= { vdsQosSelEntry 3 } vdsQosSelValue OBJECT-TYPE SYNTAX Integer32 (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains the numeric comparison value to be used in the QoS based packet selection algorithm on behalf of this entry. If the associated vdsQosSelType object has a value of 'ipPrecedence(1)', then this object must contain a value in the range of '0' to '7'. If the associated vdsQosSelType object has a value of 'dscp(2)', then this object must contain a value in the range of '0' to '63'. If the associated vdsQosSelType object has a value of 'dot1qPrio(3)', then this object must contain a value in the range of '0' to '7'. All packets which match the QoS classification type identified in the associated vdsQoSSelType object, and the QoS classification value identified by this object are selected. This object may not be modified if the associated Expires May 25, 2001 [Page 46] Internet Draft VDS MIB November 2000 vdsQosSelStatus object is equal to active(1)." ::= { vdsQosSelEntry 4 } vdsQosSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsQosSelEntry 5 } vdsQosSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this QoS based packet selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. This object may not be modified while any vdsControlEntry that references this entry is active." ::= { vdsQosSelEntry 6 } -- -- ChannelTable Based Packet Select Table -- vdsChanSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsChanSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how channelTable based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. All packets which would be accepted by an RMON channel and (potentially) processed by one or more bufferEntries, (i.e., the output of the channel function, after the channelAcceptType is applied) are selected for processing. Note that the channelIfIndex object in the specified channelEntry must identify the same interface as indicated by the vdsControlParent object in vdsControlEntries which Expires May 25, 2001 [Page 47] Internet Draft VDS MIB November 2000 reference this table. An agent will ignore entries in this table during the selection process, unless this condition is true. All entries with the same vdsControlChanSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." REFERENCE "Remote Network Monitoring Management Information Base, STD 59, RFC 2819, section 5." ::= { vdsSelect 5 } vdsChanSelEntry OBJECT-TYPE SYNTAX VdsChanSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular channelTable based packet selection control entry." INDEX { vdsChanSelIndex, vdsChanSelSubIndex } ::= { vdsChanSelTable 1 } VdsChanSelEntry ::= SEQUENCE { vdsChanSelIndex Integer32, vdsChanSelSubIndex Integer32, vdsChanSelChanIdx Integer32, vdsChanSelStorageType StorageType, vdsChanSelStatus RowStatus } vdsChanSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique group index for this vdsChanSelEntry. All entries in this table, for which this Expires May 25, 2001 [Page 48] Internet Draft VDS MIB November 2000 object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsChanSelEntry 1 } vdsChanSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsChanSelEntry. Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsChanSelEntry 2 } vdsChanSelChanIdx OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the channelIndex value associated with the channelEntry to use on behalf of this entry. If this object does not reference a valid and active channelEntry, then this entry is ignored in the packet selection algorithm. Otherwise, the packets selected by the identified channelEntry are selected by this entry. This object may not be modified if the associated vdsChanSelStatus object is equal to active(1)." ::= { vdsChanSelEntry 3 } vdsChanSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsChanSelEntry 4 } vdsChanSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION Expires May 25, 2001 [Page 49] Internet Draft VDS MIB November 2000 "The status of this channelTable based packet selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. This object may not be modified while any vdsControlEntry that references this entry is active." ::= { vdsChanSelEntry 5 } -- -- URL Based Packet Select Table -- vdsUrlSelTable OBJECT-TYPE SYNTAX SEQUENCE OF VdsUrlSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls how URL based packet selection is performed on behalf of particular vdsControlEntries configured on this agent. All packets which match some encapsulation of HTTP are considered for selection. The agent must be capable of associating the URL that identifies some amount of HTTP based content, to individual packets on a network. If a packet is part of the content associated with a URL that matches any of the 'URL strings' within a group (defined below), then it is selected. All entries with the same vdsControlUrlSelIndex are evaluated as a group, and an individual packet is selected if the evaluation of any row within the group produces a 'selected' result. There is no evaluation ordering defined for each row within a group, and an agent may choose to stop evaluation after the first 'selected' result. It is an implementation-specific manner as to the complexity and capacity of the entries allowed in this table. Actual configurations will be constrained by agent functionality and platform resources." ::= { vdsSelect 6 } Expires May 25, 2001 [Page 50] Internet Draft VDS MIB November 2000 vdsUrlSelEntry OBJECT-TYPE SYNTAX VdsUrlSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular URL based packet selection control entry." INDEX { vdsUrlSelIndex, vdsUrlSelSubIndex } ::= { vdsUrlSelTable 1 } VdsUrlSelEntry ::= SEQUENCE { vdsUrlSelIndex Integer32, vdsUrlSelSubIndex Integer32, vdsUrlSelString OCTET STRING, vdsUrlSelMatchFields BITS, vdsUrlSelPathMatchType INTEGER, vdsUrlSelStorageType StorageType, vdsUrlSelStatus RowStatus } vdsUrlSelIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique group index for this vdsUrlSelEntry. All entries in this table, for which this object contains the same value, will be evaluated together as a group, on behalf of particular vdsControlEntries." ::= { vdsUrlSelEntry 1 } vdsUrlSelSubIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary and unique index for this vdsUrlSelEntry. Note that no packet selection algorithm evaluation order is implied by the value of this object." ::= { vdsUrlSelEntry 2 } vdsUrlSelString OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..2048)) MAX-ACCESS read-create STATUS current Expires May 25, 2001 [Page 51] Internet Draft VDS MIB November 2000 DESCRIPTION "This object identifies the URL to match against HTTP packets, to use on behalf of this entry. A packet is selected if the URL string value associated with the packet matches this entry. The match algorithm is specified by and the associated vdsUrlSelMatchFields and vdsUrlSelPathMatchType objects. This object may not be modified if the associated vdsUrlSelStatus object is equal to active(1)." ::= { vdsUrlSelEntry 3 } vdsUrlSelMatchFields OBJECT-TYPE SYNTAX BITS { urlScheme(0), urlUser(1), urlPasswd(2), urlHost(3), urlPort(4), urlPath(5), urlQueryString(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the individual URL fields which should be considered in the pattern match algorithm executed on behalf of this entry. It is used with the associated vdsUrlSelString and vdsUrlSelPathMatchType objects to select particular HTTP packets for processing on behalf of each relevant virtual data source. If the URL 'scheme' field (e.g., http, https, ftp) should be considered in the URL match algorithm for this entry, then the 'urlScheme' bit should be set in this mask. This bit has no affect if the URL scheme field is not present in the associated vdsUrlSelString. If the URL 'user' field (e.g., joe) should be considered in the URL match algorithm for this entry, then the 'urlUser' bit should be set in this mask. This bit has no affect if the URL user field is not present in the associated vdsUrlSelString. Expires May 25, 2001 [Page 52] Internet Draft VDS MIB November 2000 If the URL 'password' field (e.g., bonelesschickenranch) should be considered in the URL match algorithm for this entry, then the 'urlPasswd' bit should be set in this mask. This bit has no affect if the URL password field is not present in the associated vdsUrlSelString. If the URL 'host' field (e.g., acme.com) should be considered in the URL match algorithm for this entry, then the 'urlHost' bit should be set in this mask. This bit has no affect if the URL host field is not present in the associated vdsUrlSelString. If the URL 'port' field (e.g., :443 or :8080) should be considered in the URL match algorithm for this entry, then the 'urlPort' bit should be set in this mask. This bit has no affect if the URL port field is not present in the associated vdsUrlSelString. If the URL 'path' field (e.g., /, /sales/reports/, or /sales/reports/jun2000/index.html) should be considered in the URL match algorithm for this entry, then the 'urlPath' bit should be set in this mask. This bit has no affect if the URL path field is not present in the associated vdsUrlSelString. If the URL 'query-string' field, which is considered to be all characters after the question mark ('?') character to indicate the start of the optional query string field (e.g. 'partno=104' or 'fname=john&lname=doe') should be considered in the URL match algorithm for this entry, then the 'urlQueryString' bit should be set in this mask. This bit has no affect if the URL query string field is not present in the associated vdsUrlSelString. This object may not be modified if the associated vdsUrlSelStatus object is equal to active(1)." REFERENCE "Uniform Resource Identifiers, RFC 1738, section 3." ::= { vdsUrlSelEntry 4 } vdsUrlSelPathMatchType OBJECT-TYPE SYNTAX INTEGER { urlPrefixMatch(1), urlExactMatch(2) } Expires May 25, 2001 [Page 53] Internet Draft VDS MIB November 2000 MAX-ACCESS read-create STATUS current DESCRIPTION "The type of URL path field string match algorithm that should be performed on behalf of this entry. This object has no affect if the 'urlPath(5)' bit is not set in the associated vdsUrlSelMatchFields object. If this object is equal to 'urlPrefixMatch(1)', then the associated vdsUrlString object may contain a partial URL path field. The first 'N' characters of the URL path field associated with each packet must exactly match all characters of the URL path field in the associated vdsUrlSelString object (i.e., 'N' equals the length of the URL path field in the vdsUrlSelString object). If this object is equal to 'urlExactMatch(2)', then the associated vdsUrlString object must contain a complete URL path field. All of the characters of the URL path field associated with each packet must exactly match the all characters of the URL path field in the associated vdsUrlSelString object. This object may not be modified if the associated vdsUrlSelStatus object is equal to active(1)." ::= { vdsUrlSelEntry 5 } vdsUrlSelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The non-volatile storage behavior for this entry." ::= { vdsUrlSelEntry 6 } vdsUrlSelStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this URL based packet selection entry. An entry may not exist in the active state unless all objects in the entry have an appropriate value. Expires May 25, 2001 [Page 54] Internet Draft VDS MIB November 2000 This object may not be modified while any vdsControlEntry that references this entry is active." ::= { vdsUrlSelEntry 7 } -- placeholder vdsNotifications OBJECT IDENTIFIER ::= { vdsMIB 2 } -- conformance information vdsConformance OBJECT IDENTIFIER ::= { vdsMIB 3 } vdsCompliances OBJECT IDENTIFIER ::= { vdsConformance 1 } vdsGroups OBJECT IDENTIFIER ::= { vdsConformance 2 } -- compliance statements vdsCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement version 1 of the Virtual Data Source MIB." MODULE -- this module MANDATORY-GROUPS { vdsControlGroup } GROUP vdsVlanSelectGroup DESCRIPTION "This group is mandatory for agents which support Virtual LAN based packet selection." GROUP vdsAddrSelectGroup DESCRIPTION "This group is mandatory for agents which support network address based packet selection." GROUP vdsProtoSelectGroup DESCRIPTION "This group is mandatory for agents which support protocol based packet selection." GROUP vdsQosSelectGroup DESCRIPTION "This group is mandatory for agents which support quality of service based packet selection." GROUP vdsChanSelectGroup DESCRIPTION "This group is mandatory for agents which implement content (channelTable) based packet selection." Expires May 25, 2001 [Page 55] Internet Draft VDS MIB November 2000 GROUP vdsUrlSelectGroup DESCRIPTION "This group is mandatory for agents which implement URL based (HTTP) packet selection." OBJECT vdsControlVlanSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if Virtual LAN based packet selection is supported." OBJECT vdsControlAddrSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if network address based packet selection is supported." OBJECT vdsControlProtoSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if protocol based packet selection is supported." OBJECT vdsControlQosSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if quality of service based packet selection is supported." OBJECT vdsControlChanSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if content (channelTable) based packet selection is supported." OBJECT vdsControlUrlSelIndex MIN-ACCESS read-only DESCRIPTION "Write access is required if URL based HTTP packet selection is supported." ::= { vdsCompliances 1 } -- MIB groupings vdsControlGroup OBJECT-GROUP OBJECTS { vdsSelectCaps, vdsControlParent, vdsControlIfDescr, vdsControlIfName, vdsControlIfAlias, Expires May 25, 2001 [Page 56] Internet Draft VDS MIB November 2000 vdsControlVlanSelIndex, vdsControlVlanSelNegate, vdsControlAddrSelIndex, vdsControlAddrSelNegate, vdsControlProtoSelIndex, vdsControlProtoSelNegate, vdsControlQosSelIndex, vdsControlQosSelNegate, vdsControlChanSelIndex, vdsControlUrlSelIndex, vdsControlUrlSelNegate, vdsControlExprType, vdsControlIfIndex, vdsControlOwner, vdsControlStorageType, vdsControlStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent Virtual Data Source common configuration support, for which a single agent provides management information." ::= { vdsGroups 1 } vdsVlanSelectGroup OBJECT-GROUP OBJECTS { vdsVlanSelVID, vdsVlanSelStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent Virtual LAN based packet selection support, for which a single agent provides management information." ::= { vdsGroups 2 } vdsAddrSelectGroup OBJECT-GROUP OBJECTS { vdsAddrSelType, vdsAddrSelNetProtoID, vdsAddrSelNetProtoParms, vdsAddrSelHost1Addr, vdsAddrSelHost1Mask, vdsAddrSelHost2Addr, vdsAddrSelHost2Mask, Expires May 25, 2001 [Page 57] Internet Draft VDS MIB November 2000 vdsAddrSelStorageType, vdsAddrSelStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent Address based packet selection support, for which a single agent provides management information." ::= { vdsGroups 3 } vdsProtoSelectGroup OBJECT-GROUP OBJECTS { vdsProtoSelID, vdsProtoSelParms, vdsProtoSelStorageType, vdsProtoSelStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent protocol based packet selection support, for which a single agent provides management information." ::= { vdsGroups 4 } vdsQosSelectGroup OBJECT-GROUP OBJECTS { vdsQosSelType, vdsQosSelValue, vdsQosSelStorageType, vdsQosSelStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent quality of service based packet selection support, for which a single agent provides management information." ::= { vdsGroups 5 } vdsChanSelectGroup OBJECT-GROUP OBJECTS { vdsChanSelChanIdx, vdsChanSelStorageType, vdsChanSelStatus } STATUS current Expires May 25, 2001 [Page 58] Internet Draft VDS MIB November 2000 DESCRIPTION "The collection of objects which are used to represent channelTable based packet selection support, for which a single agent provides management information." ::= { vdsGroups 6 } vdsUrlSelectGroup OBJECT-GROUP OBJECTS { vdsUrlSelString, vdsUrlSelMatchFields, vdsUrlSelPathMatchType, vdsUrlSelStorageType, vdsUrlSelStatus } STATUS current DESCRIPTION "The collection of objects which are used to represent URL based packet selection support, for which a single agent provides management information." ::= { vdsGroups 7 } END Expires May 25, 2001 [Page 59] Internet Draft VDS MIB November 2000 9. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards- related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 10. References [DOT1Q] ANSI/IEEE Draft Standard P802.1Q/D10, "IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks", March 1998. [HC-RMON] Waldbusser, S., "Remote Network Monitoring Management Information Base for High Capacity Networks", draft-ietf-rmonmib-hcrmon-06.txt, International Network Services, June 1999. [IANATYPE] Internet Assigned Numbers Authority, "IANAIfType Textual Convention Definition", ftp://ftp//ftp.isi.edu/mib/ianaiftype.mib. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, STD 16, Performance Systems International, Hughes LAN Systems, May 1990. Expires May 25, 2001 [Page 60] Internet Draft VDS MIB November 2000 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, STD 15, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, STD 16, Performance Systems International, Hughes LAN Systems, March 1991. [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [RFC2021] S. Waldbusser, "Remote Network Monitoring MIB (RMON-2)", RFC 2021, International Network Services, January 1997. [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", RFC 2026, Harvard University, October, 1996. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Expires May 25, 2001 [Page 61] Internet Draft VDS MIB November 2000 Version 3 of the Internet-standard Network Management Framework", RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates, Inc., Ericsson, Cisco Systems, April 1999. [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, IBM T. J. Watson Research, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc., Cisco Systems, Inc., April 1999. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999. Expires May 25, 2001 [Page 62] Internet Draft VDS MIB November 2000 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999. [RFC2613] Waterman, R., Lahaye, B., Romascanu, D., and S. Waldbusser, "Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0", RFC 2613, Allot Networks, Xylan Corp., Lucent Technologies, INS, June 1999. [RFC2737] McCloghrie, K., and A. Bierman, "Entity MIB (Version 2)", RFC 2737, Cisco Systems, December 1999. [RFC2863] McCloghrie, K., and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, Cisco Systems, FTP Software, June 2000. [STD59] S. Waldbusser, "Remote Network Monitoring Management Information Base", STD 59, RFC 2819, Lucent Technologies, May 2000. Expires May 25, 2001 [Page 63] Internet Draft VDS MIB November 2000 11. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User- based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 12. Author's Address Andy Bierman Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Phone: +1 408-527-3711 Email: abierman@cisco.com Expires May 25, 2001 [Page 64] Internet Draft VDS MIB November 2000 13. Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires May 25, 2001 [Page 65]