A. Valentine Internet Draft Hughes Network Systems Ltd Document: draft-ietf-ipcdn-dvbnetint-mib-02.txt January 2001 Category: Informational DVB Cable Network Interface Unit MIB for EuroModem compliant Cable Modems Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for SNMP- based management of EuroModem v1.0 compliant Cable Network Interface Units. This memo specifies a MIB module in a manner that is compliant to the SNMP SMIv2[RFC2578][RFC2579][RFC2580]. The set of objects is consistent with the SNMP framework and existing SNMP standards. This memo is a product of the DVB/DAVIC interoperability consortium which has been adopted as a work item of the IPCDN WG. Comments are solicited and should be addressed to the author 1. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: Valentine Informational - Expires July 2001 1 DVB Cable Network Interface Unit MIB January 2001 o An overall architecture, described in RFC 2571 [RFC2571]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 2. Glossary 2.1. CATV Originally "Community Antenna Television", now used to refer to any Valentine Informational - Expires July 2001 2 DVB Cable Network Interface Unit MIB January 2001 cable or hybrid fiber and cable system used to deliver video signals to a community. 2.2. DAVIC Digital Audiovisual Council. International council for internetworking audio and video systems. 2.3. Downstream The direction from the head-end towards the subscriber. 2.4. DVB Digital Video Broadcasting. The DVB projects produce open and interoperable global standards for digital audio and video distribution. 2.5. EuroModem. EuroModem. A specification for an interoperable European Cable Modem [EUROM]. 2.6. Head-end The origination point in most cable systems of the subscriber video signals. Generally also the location of the INA equipment. 2.7. INA Interactive Network Adapter. This can act as a bridge or router in the cable head-end. It is responsible for controlling the bandwidth available to each NIU. 2.8. NIU Network Interface Unit. The unit is located at the subscriber premises and provides interactive services via the cable network. The NIU is under the control of the INA, but may request additional bandwidth/connections when required. The NIU can act as a bridge or router. 2.9. RF Radio Frequency. 2.10. Upstream The direction from the subscriber towards the head-end. 3. Overview Valentine Informational - Expires July 2001 3 DVB Cable Network Interface Unit MIB January 2001 This MIB provides a set of objects required for the management of EuroModem v1.0 compliant NIUs. The MIB specification is derived from the EuroModem v1.0 specification [EUROM]. EuroModem NIUs are currently IPv4 only devices and may implement either SNMPv1 or SNMPv3. This MIB is intended for NIUs that implement SNNMPv3 and IPv4, however all IP addresses have been represented as described in [RFCxx] to aid future migration to IPv6. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3.1. Structure of the MIB This MIB is structured into nine groups: o The dvbNiuSystem group extends the MIB-II 'system' group with objects needed for cable device system management. o The dvbNiuSoftware group provides objects necessary for managing software images and upgrades via download. See 3.2.1 o The dvbNiuDhcp group configures DHCP/BOOTP functionality provided by the NIU. This group is optional. See 3.2.2 o The dvbNiuEvent group provides control and logging for event reporting. See 3.2.3 o The dvbNiuIpFilter group configures filters at the IP layer. The IP filter table is also used to provide support for anti spoofing, NAT, NAPT and TOS mapping. This group is optional. See 3.3 o The dvbNiuNat group provides basic configuration for the NIU NAT capability. This group is optional. o The dvbNiuNapt group provides basic configuration for the NIU NAPT capability. This group is optional. o The dvbNiuEthFilter group configures filters at the link layer. This is primarily intended for use when the NIU is performing Ethernet MAC bridging. This group is optional. See 3.3 o The dvbNiuCpe group provides control over which IP addresses may be used by customer premises equipment (e.g. PCs) serviced by a given NIU. This provides anti-spoofing control at the point of origin for a large cable modem system. This group is optional. See 3.3 3.2. Management requirements 3.2.1. Software Management Valentine Informational - Expires July 2001 4 DVB Cable Network Interface Unit MIB January 2001 The NIU may download and store multiple software images. The method for performing the download and using the image is as follows: o set dvbNiuSwServer to the address of the TFTP server for software upgrades. o set dvbNiuSwFilename to the filename including path of the image to download to the NIU. o set dvbNiuDownloadSlot to the image slot on the NIU in which to place the downloaded image. By default this will be set to the next free slot or the first slot designated as 'backup'. o set dvbNiuSwAdminStatus to 'initUpgrd'. The status of the software download is obtained by reading dvbNiuSwAdminStatus. If the NIU was unable to successfully perform the download, the status returned will reflect the cause. Upon successful download the operator must configure dvbNiuSwVerTable if they wish to use the image as the boot or backup version. Note only one image may be marked as bootable. 3.2.3. IP Address Assignment IP addresses may be assigned to NIU interfaces using static and dynamic assignments. Objects are provided by the MIB to support both methods. dvbNiuStaticIpTable provides objects to assign static IP addresses to NIU interfaces, where each interface may have multiple IP addresses. An IP address assignment in the table MUST NOT be removed from the table if the destination address of the SNMP packet removing it is using that IP address. dvbNiuDhcpTable provides objects for managing dynamically assigned IP addresses via DHCP and BOOTP. DHCP/BOOTP requests may be for NIU interfaces and relayed requests from the subscriber. If an NIU interface does not have dynamic IP address allocation enabled then the IP address of the interface MUST be specified in dvbNiuStaticIpTable. Note: The dvbNiuStaticIpTable should be used with care. Where possible dvbNiuDhcpTable SHOULD be used in preference. When an interface has both a static IP address assigned and dynamic addresses assignment enabled, the assigned dynamic address overrides all assignments for that interface in the dvbNiuStaticIpTable table. 3.2.3. Events and Traps This MIB provides control facilities for reporting events through traps and non-volatile logging. If events are reported through traps, the specified conventions must be followed. Other means of event reporting are outside the scope of this document. Valentine Informational - Expires July 2001 5 DVB Cable Network Interface Unit MIB January 2001 Vendors SHOULD provide time-of-day clocks in NIUs to provide useful time stamping of events. Where possible this SHOULD be synchronised with a central time source, this will aid fault finding when multiple equipment logs are being investigated. When dvbNiuEventPolicy is set to clearNow(4), the first entry in the log MUST be the date and time the log was cleared and the source IP address of the SNMP SET request which caused the log to be cleared. For each vendor-specific event that is reportable via TRAP, the vendor must create an enterprise-specific trap definition. Trap definitions MUST include the event reason encoded as SnmpAdminString and should be defined as: trapName NOTIFICATION-TYPE OBJECTS { ifIndex, eventReason, other useful objects } STATUS current DESCRIPTION "trap description" ::= Object Id Note that ifIndex is only included if the event or trap is interface related. An example (fake) vendor defined trap might be: xyzVendorRsUncorrHighMark NOTIFICATION-TYPE OBJECTS { eventReason, xyzRsUncorrCount } STATUS current DESCRIPTION "Sent by a NIU when a configurable number of reed solomon uncorrectable errors occur during the sampling period (5 minutes). Used to warn a management station of potential degradation of the HFC." ::= { xyzTraps 23 } In this example eventReason is a SnmpAdminString providing a human readable error message and xyzRsUncorrCount is a Integer32 which indicates the number of reed solomon uncorrectable errors during the epoch. 3.2.4. Trap Throttling The NIU MUST provide support for trap message throttling as described below. The network operator can employ message rate Valentine Informational - Expires July 2001 6 DVB Cable Network Interface Unit MIB January 2001 throttling or trap limiting by manipulating the appropriate MIB variables. 3.2.4.1. Trap rate throttling Network operators may employ either of two rate control methods. In the first method, the device ceases to send traps when the rate exceeds the specified maximum message rate. It resumes sending traps only if reactivated by a network management station request. In the second method, the device resumes sending traps when the rate falls below the specified maximum message rate. The network operator configures the specified maximum message rate by setting the measurement interval (in seconds), and the maximum number of traps to be transmitted within the measurement interval. The operator can query the operational throttling state (to determine whether traps are enabled or blocked by throttling) of the device, as well as query and set the administrative throttling state (to manage the rate control method) of the device. 3.2.4.2. Limiting the trap rate Network operators may wish to limit the number of traps sent by a device over a specified time period. The device ceases to send traps when the number of traps exceeds the specified threshold. It resumes sending traps only when the measurement interval has passed. The network operator defines the maximum number of traps he is willing to handle and sets the measurement interval to a large number (in hundredths of a second). For this case, the administrative throttling state is set to stop at threshold which is the maximum number of traps. See "Techniques for Managing Asynchronously Generated Alerts" [RFC1224] for further information. 3.3. Protocol Filters The NIU MIB provides objects for both Ethernet and IP protocol filters. The Ethernet protocol filter entries can be used to limit NIU forwarding to a restricted set of network-layer protocols (such as IP, IPX, NetBIOS, and Appletalk). The IP protocol filter entries can be used to restrict upstream or downstream traffic based on source and destination IP addresses, transport-layer protocols (such as TCP, UDP, and ICMP), and source and destination TCP/UDP port numbers. In general, a NIU applies filters (or more properly, classifiers) in an order appropriate to the layering model. Specifically, the Valentine Informational - Expires July 2001 7 DVB Cable Network Interface Unit MIB January 2001 Ethernet layer filters are applied first, then the IP layer inbound filter and finally the IP layer outbound ******************* * Ethernet Filter * ******************* | v ******************** * IP Anti-Spoofing * ******************** | v **************** * IP Filter In * **************** | v ***************** * IP Filter Out * ***************** 3.3.1. Ethernet EtherType/SNAP/LLC Filters dvbNiuEthernetFilterTable The Ethernet (level-2) filters are contained in the dvbNiuEthernetFilterTable and are applied to level-2 frames entering the cable modem from either the DVB MAC interface or from one of the CPE (Ethernet or other Ethernet like) interfaces. These filters are used to prohibit the processing and forwarding of certain types of level-2 traffic that may be disruptive to the network. The filters, as currently specified, can be set to cause the NIU to either drop frames which match at least one filter, or to process a frame which matches at least filter. Some examples of possible configurations would be to only permit IP (and ARP) traffic, or to drop NETBUEI traffic. 3.3.2 IP Anti-Spoofing Filters - dvbNiuCpeTable IP Anti-spoofing filters are applied to packets entering the NIU from one of the CPE interfaces and are intended to prevent a subscriber from stealing or mis-using IP addresses that were not assigned to the subscriber. If the filters are active (enabled), the source address of the IP packet must match at least one IP address/range in this table or it is discarded without further processing. The table can be automatically populated where the first N different IP addresses seen from the CPE side of the NIU are used to automatically populate the table. The anti-spoofing filters are Valentine Informational - Expires July 2001 8 DVB Cable Network Interface Unit MIB January 2001 specified in the dvbNiuCpeTable and the policy for automatically creating filters in that table is controlled by docsDevCpeEnroll and DvbNiuCpeMax as well as the network management agent. 3.3.3. IP Filtering - dvbNiuIpFilterTable The IP Filtering table acts as a classifier table. Each row in the table describes a template against which IP packets are compared. The template includes source and destination addresses (and their associated masks), upper level protocol (e.g. TCP, UDP), source and destination port ranges, TOS and TOS mask. A row also contains interface and traffic direction match values which have to be considered in combination. All columns of a particular row must match the appropriate fields in the packet, and must match the interface and direction items for the packet to result in a match to the packet. When classifying a packet, the table is scanned beginning with the lowest number filter. If the agent finds a match, it performs the specified action. If the matched filter has the continue bit set, the agent continues the scan possibly matching additional filters and performing the specified actions. This allows the agent to take one set of actions for the 24.0.16/255.255.255.0 group and one set of actions for telnet packets to/from 24.0.16.30 and these sets of actions may not be mutually exclusive. Once a packet is matched, one of five actions happen based on the setting of dvbNiuFilterAction in the row. The actions are: o Discarded. The packet is dropped, and no further processing is required. o Accept. The packet is accepted and processing of the packet continues. o NAT. The packet is to be accepted and have NAT applied. Processing of the packet continues using its new IP address. o NAPT. The packet is to be accepted and have NAT applied. Processing of the packet continues using its new IP address and port number. o TosMap. Invokes the action of rewriting the TOS bits in the IP header based up the entry in dvbNiuIpTOSMapTable identified by dvbNiuIpFilterActionPtr. If dvbNiuIpFilterContinue is set to true, scanning of the table continues (unless the packet was discarded) and additional matches may result. 4. Definitions DVB-CABLE-NIU-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Valentine Informational - Expires July 2001 9 DVB Cable Network Interface Unit MIB January 2001 OBJECT-TYPE, Counter32, Integer32, Unsigned32, experimental FROM SNMPv2-SMI InetAddress, InetAddressType FROM INET-ADDRESS-MIB RowStatus, DateAndTime, TruthValue TEXTUAL-CONVENTION FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF InterfaceIndexOrZero, InterfaceIndex, ifIndex FROM IF-MIB; dvbDevice OBJECT IDENTIFIER ::= { experimental 110 } dvbNiu MODULE-IDENTITY LAST-UPDATED "0101150000Z" ORGANIZATION "IETF IPCDN Working Group DVB/DAVIC Interoperability Consortium Technical Working Group" CONTACT-INFO " Andrew Valentine Postal: Engineering Design Centre Hughes Network Systems Ltd Saxon Street, Linford Wood, Milton Keynes. MK14 6LD ENGLAND Tel: +44 1908 221122 Fax: +44 1908 221127 E-mail: a.valentine@eu.hns.com IETF IPCDN Working Group General Discussion: ipcdn@ietf.org Subscribe: http://www.ietf.org/mailman/listinfo/ipcdn Archive: ftp://ftp.ietf.org/ietf-mail-archive/ipcdn Co-chairs: Richard Woundy, rwoundy@cisco.com Andrew Valentine, a.valentine@eu.hns.com" Valentine Informational - Expires July 2001 10 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "The MIB modules for NIUs that conform to the EuroModem specification. This MIB assumes the NIU implements MIB-II RFC 1213" REVISION "0101150000Z" DESCRIPTION "ORGANIZATION and CONTACT-INFO updated. dvbNiuCpeIpMax recommended default is now 1, this is based on experience from another MIB with a simlar table." REVISION "0011010000Z" DESCRIPTION "New dvbNiuMulticast object. NAT descriptions updated. New and simpler to implement Anti-spoofing table dvbNiuCpe, and IP filter table modified to support this." REVISION "0005150000Z" DESCRIPTION "All objects of type IpAddress now consist of two objects (See RFC2851). Descriptions for DHCP related objects have been fixed. Indices for some the tables have been modified to improve use." REVISION "0003050000Z" DESCRIPTION "dvbNiuNmAccessTable has been removed as this MIB is intended for SNMPv3" REVISION "9912030000Z" DESCRIPTION "All references to modem/Cdm have been replaced with NIU. Fixed group references in the compliance section. Removed DEFVAL clause from scalar objects. Corrected description of dvbNiuEventTable. dvbNiuDhcpTable has been modified to support backup DHCP servers. dvbNiuEuroloader object has been added to enable or disable the EuroLoader. dvbNiuOperStatus now only reflects the NIU status, MAC status has been moved to the interface MIB." REVISION "9910010000Z" DESCRIPTION "The mib has been modified to incorporate the comments made by the WGT during the 27/28 Sep 1999 meeting. The most significant changes were to the DHCP group and to the management of traps. Also some groups are now optional." REVISION "9907071500Z" DESCRIPTION "The initial version of the MIB" ::= {dvbDevice 1} Valentine Informational - Expires July 2001 11 DVB Cable Network Interface Unit MIB January 2001 -- Sub divided dvbNiu into MIB objects and conformance dvbNiuMIBobjects OBJECT IDENTIFIER ::= {dvbNiu 1} dvbNiuMIBConform OBJECT IDENTIFIER ::= {dvbNiu 2} -- Define groups under dvbNiuMIBobjects dvbNiuSystem OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 1} dvbNiuSoftware OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 2} dvbNiuDhcp OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 3} dvbNiuEvent OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 4} dvbNiuIpFilter OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 5} dvbNiuNat OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 6} dvbNiuNapt OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 7} dvdNiuEthFilter OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 8} dvbNiuCpe OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 9} --Define identifiers under dvbNiuMIBConform dvbNiuCompliances OBJECT IDENTIFIER ::= {dvbNiuMIBConform 1} dvbNiuGroups OBJECT IDENTIFIER ::= {dvbNiuMIBConform 2} -- Definition of textual conventions DvbEventPriority ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This represents possible event priorities. These are ordered from most (emergency) critical to least (debug)critical." SYNTAX INTEGER { emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), information(7), debug(8) } -- Definition of MIB objects -- =============================================================== -- = NIU System Group = -- =============================================================== dvbNiuMibVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current Valentine Informational - Expires July 2001 12 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "The MIB version number." -- DEFVAL { '1.0' } ::= { dvbNiuSystem 1} dvbNiuSerialNum OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is the serial number of the equipment. It should identify the manufacturer, model and revsion of the equiment" ::= { dvbNiuSystem 2 } dvbNiuResetNow OBJECT-TYPE SYNTAX INTEGER { resetNow(1), ready(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When this object is set to resetNow it will cause a hardware reset followed by sign on. When read this object returns ready." ::= { dvbNiuSystem 3 } dvbNiuResetCounts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counts the number of system resets since last power on." ::= { dvbNiuSystem 4} dvbNiuDateAndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current DESCRIPTION "The date and time. See RFC1903" ::= { dvbNiuSystem 5} dvbNiuOperStatus OBJECT-TYPE SYNTAX INTEGER { provisioning(1), running(2), stopped(3), failed(4), other(5) } Valentine Informational - Expires July 2001 13 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS read-only STATUS current DESCRIPTION "The operational status of the NIU. provisioning - The NIU is currently provisioning. running - The NIU has at least one operating connection. stopped - The NIU has no operating connection. failed - The NIU has experienced a failure which prevents further operation. other - used for any case that is not explicitly identified" ::= { dvbNiuSystem 6 } dvbNiuModemtype OBJECT-TYPE SYNTAX INTEGER { classA(1), classB(2), other(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The EuroModem class to which the NIU belongs as specified in ECCA EuroModem Specification version 1.0" ::= { dvbNiuSystem 7 } -- Static IP address assignment table dvbNiuStaticIpTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuStaticIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to assign static IP addresses to NIU interfaces. It needs to be used with care! DHCP/BOOTP assigned addresses overide entries in this table. The table is related to ifTable in the IF-MIB." ::= { dvbNiuSystem 8 } dvbNiuStaticIpEntry OBJECT-TYPE SYNTAX DvbNiuStaticIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row can only be created if there is a corresponding row in ifTable. The IP address to be assigned must be unique within the NIU for the address type. The interface is identified by ifIndex. For the HFC interface which is identified by 3 interfaces, the dvbRccMacLayer I/F shall be used to identify it. Rows are created/delete using dvbNiuStaticIpStatus." INDEX { ifIndex, dvbNiuStaticIpAddrType, dvbNiuStaticIpAddr } ::= { dvbNiuStaticIpTable 1 } Valentine Informational - Expires July 2001 14 DVB Cable Network Interface Unit MIB January 2001 DvbNiuStaticIpEntry ::= SEQUENCE { dvbNiuStaticIpAddrType InetAddressType, dvbNiuStaticIpAddr InetAddress, dvbNiuStaticIpMaskType InetAddressType, dvbNiuStaticIpMask InetAddress, dvbNiuStaticIpStatus RowStatus } dvbNiuStaticIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of IP address assigned to the interface." ::= { dvbNiuStaticIpEntry 1 } dvbNiuStaticIpAddr OBJECT-TYPE SYNTAX InetAddress (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address assigned to the interface." ::= { dvbNiuStaticIpEntry 2 } dvbNiuStaticIpMaskType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address expressed by the mask." ::= { dvbNiuStaticIpEntry 3 } dvbNiuStaticIpMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP subnet mask for the interface." ::= { dvbNiuStaticIpEntry 4 } dvbNiuStaticIpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This controls and reflects the status of the row. Rows can be created by using both createAndGo and createAndWait. Rows can be modified/deleted ONLY if the SNMP set request destination IP address is NOT assigned by the row being modified/deleted unless." ::= { dvbNiuStaticIpEntry 5 } Valentine Informational - Expires July 2001 15 DVB Cable Network Interface Unit MIB January 2001 -- Removed and functionality replaced by RFC2573 -- dvbNiuNmAccessTable OBJECT-TYPE -- SYNTAX SEQUENCE OF DvbNiuNmAccessEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table controls access to SNMP objects by network -- management stations. If the table is empty, access -- to SNMP objects is unrestricted. This table exists only -- on SNMPv1 or v2c agents and does not exist on SNMPv3 -- agents. See the conformance section for details. -- Specifically, for v3 agents, the appropriate MIBs and -- security models apply in lieu of this table. -- An empty table will ONLY allow network management access -- from the HFC network, any IP address is accepted. -- Simultaneous write access to this MIB is not recommended" -- := { dvbNiuSystem 9 } dvbNiuConfigSet OBJECT-TYPE SYNTAX INTEGER { storeConfig(1), readConfig(2), setFactory(3), local(4), localUnsaved(5), localSaved(6), factoryDefault(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to manage the configuration of the NIU. The following can be used to set the object. storeConfig - stores the current configuration to non volatile storage. This action changes configuration status to localSaved readConfig - retrieves the configuration held in non volatile storage. This action changes configuration status to local setFactory - sets the current configuration to factory default. This excludes static assigned IP addresses. This action changes configuration status to factoryDefault When the object is read it reports the configuration being used. local - the configuration is unchanged since being retrieved from non volatile storage. When changed it becomes localUnsaved Valentine Informational - Expires July 2001 16 DVB Cable Network Interface Unit MIB January 2001 localUnsaved - the configuration has changed and requires storing. When stored it becomes localSaved localSaved - the current configuration has been saved since being retrieved from non volatile storage factoryDefault - the current configuration is the factory default and requires saving. Once saved it becomes localSaved. If modified it becomes localUnsaved" ::= { dvbNiuSystem 10 } dvbNiuEuroloader OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Enables and disables the EuroLoader." ::= { dvbNiuSystem 11 } dvbNiuImplSet OBJECT-TYPE SYNTAX BITS { dhcp(0), ipFilters(1), ethFilters(2), addrTransNat(3), addrTransNapt(4), cpeIpControl(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object when read identifies which optional groups have been implemented. Implemented groups have their bit set. The bits represent the following: dhcp - dvbNiuDhcp group ipFilters - dvbNiuIpFilter group ethFilters - dvbNiuEthFileter group addrTransNat - dvbNiuNat group addrTransNapt - dvbNiuNapt group cpeIpControl - dvbNiuCpe group" ::= { dvbNiuSystem 12 } dvbNiuMulticast OBJECT-TYPE SYNTAX INTEGER { disabled(1), downstreamOnly(2), upstreamOnly(3), enabled(4) } Valentine Informational - Expires July 2001 17 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to restrict the level of multicast support provided by the NIU. disabled - No IGMP or multicast packets are forwarded through the NIU in either direction. downstreamOnly - Only multicast packets in the downstream direction will be forwarded for the group to which the subscriber has membership. IGMP messages are allowed to manage group membership for downstream groups only. Any upstream multicast packets are discarded. upstreamOnly - Only multicast packets in the upstream direction will be forwarded by the NIU. IGMP messages are allowed to manage group membership for upstream groups only. enabled - Multicast forwarding in the downstream and upstream direction is allowed. IGMP messages are allowed to manage group membership for both upstream and downstream multicast groups." ::= { dvbNiuSystem 13 } -- =============================================================== -- = Software Group = -- =============================================================== -- Software version table dvbNiuSwVerTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuSwVerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to check the versions of software stored in the NIU. It is also used to configure which/when versions of software is executed." ::= { dvbNiuSoftware 1 } dvbNiuSwVerEntry OBJECT-TYPE SYNTAX DvbNiuSwVerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There will be a row for every storage slot within the NIU. A slot is a location where a full software image can be stored. Slot 0, is reserved for RAM." INDEX { dvbNiuSwSlot } ::= { dvbNiuSwVerTable 1 } DvbNiuSwVerEntry ::= SEQUENCE { Valentine Informational - Expires July 2001 18 DVB Cable Network Interface Unit MIB January 2001 dvbNiuSwSlot Integer32, dvbNiuSwVersion SnmpAdminString, dvbNiuSwState INTEGER, dvbNiuSwAction INTEGER, dvbNiuSwDateTime DateAndTime } dvbNiuSwSlot OBJECT-TYPE SYNTAX Integer32 (1..100) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The slot number the software image is held in. Slot 0 is reserved for RAM, it is used to identify an image directly loaded into RAM e.g. for debug purposes. The slots should be consecutively numbered starting from 1." ::= { dvbNiuSwVerEntry 1 } dvbNiuSwVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the software located in the slot. This is a manufacturer dependant string." ::= { dvbNiuSwVerEntry 2 } dvbNiuSwState OBJECT-TYPE SYNTAX INTEGER { executing(1), failed(2), none(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The execution state of the software in the slot. If the s/w is currently executing the state will be executing(1). If the s/w tried to execute but failed it will be failed(2). If the s/w is not in use then it will be none(3)." ::= { dvbNiuSwVerEntry 3 } dvbNiuSwAction OBJECT-TYPE SYNTAX INTEGER { boot(1), backup(2), none(3), emptySlot(4) } MAX-ACCESS read-write STATUS current Valentine Informational - Expires July 2001 19 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "When the NIU is initialising, this identifies which s/w image should be used. boot - identifies that this s/w should be used at initialisation. There must be one s/w version with this action and there must be only one. backup - is used to identify a s/w version to use in the event that the boot version fails. Multiple s/w versions may have this action. In this case they will be tried in slot order. none - is used to identify a s/w version that is not used at initialisation. emptySlot - identifies the slot as containing no s/w. If this is applied to a slot that currently contains a s/w image the image will be erased and not identified in the slot." ::= { dvbNiuSwVerEntry 4 } dvbNiuSwDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time the image was downloaded to the slot." ::= { dvbNiuSwVerEntry 5 } -- End of software version table dvbNiuSwServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "The type of address used for the TFTP server." ::= { dvbNiuSoftware 2 } dvbNiuSwServer OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This is the IP address of the TFTP server used for s/w updates" ::= { dvbNiuSoftware 3 } dvbNiuSwFilename OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..500)) MAX-ACCESS read-write STATUS current DESCRIPTION "This is the filename including the path for the software image that is to be downloaded." Valentine Informational - Expires July 2001 20 DVB Cable Network Interface Unit MIB January 2001 ::= { dvbNiuSoftware 4 } dvbNiuSwDownloadSlot OBJECT-TYPE SYNTAX Integer32 (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "This identifies the image slot which the software is to be downloaded into. The operator can manually select the slot to download into. Slot 0 is a special case which is used to identify a direct to RAM download, which should only be used for diagnostic purposes. By default this object will point to the first empty slot. If there are no empty slots it will point to the first backup image." ::= { dvbNiuSoftware 5 } dvbNiuSwAdminStatus OBJECT-TYPE SYNTAX INTEGER { initUpgrd(1), contactingTFTPServer(2), downloadInProgress(3), failureTFTP(4), badImage(5), badHardware(6), downloadSuccessful(7), idle(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "This will administer the software upgrade and provide status of its progress. InitiateUpgrade - This is the only admin selectable value and initiates the upgrade ContactingTFTPServer - The TFTP server is being contacted DownloadInProgress - The image is currently being downloaded to the Niu TFTPFailure - There was a failure at the TFTP layer while downloading BadImage - The downloaded software image failed an integrity check BadHardware - The downloaded software image is not suitable for the H/W platform DownloadSuccessful - The downloaded software image has been successful Idle - No attempt to download software has been made since the last reset" ::= { dvbNiuSoftware 6 } -- =============================================================== -- = DHCP Group = -- =============================================================== Valentine Informational - Expires July 2001 21 DVB Cable Network Interface Unit MIB January 2001 dvbNiuDhcpTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to manage the DHCP/BOOTP functionality on a per interface basis. All DHCP/BOOTP requests will be via the HFC interface." ::= { dvbNiuDhcp 1 } dvbNiuDhcpEntry OBJECT-TYPE SYNTAX DvbNiuDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There will be a row for every interface within the equipment. For the HFC interface which is identified by 3 interfaces, the dvbRccMacLayer I/F shall be used to identify it. For an interface it is possible to specify the DHCP/BOOTP server to be used to obtain an IP address for the interface and any DHCP/BOOTP requests received on that interface that require relaying. Backup DHCP/BOOTP servers can be specified for each interface." INDEX { ifIndex, dvbNiuDhcpIndex } ::= { dvbNiuDhcpTable 1 } DvbNiuDhcpEntry ::= SEQUENCE { dvbNiuDhcpIndex Unsigned32, dvbNiuDhcpServerAddrType InetAddressType, dvbNiuDhcpServer InetAddress, dvbNiuDhcpRelay INTEGER, dvbNiuDhcpReqIf INTEGER, dvbNiuDhcpSerType INTEGER, dvbNiuDhcpState INTEGER, dvbNiuDhcpStatus RowStatus } dvbNiuDhcpIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of backup entries." ::= { dvbNiuDhcpEntry 1 } dvbNiuDhcpServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION Valentine Informational - Expires July 2001 22 DVB Cable Network Interface Unit MIB January 2001 "The type of IP address for the DHCP server." ::= { dvbNiuDhcpEntry 2 } dvbNiuDhcpServer OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address of the DHCP / BOOTP server to be used for DHCP/BOOTP requests for the / received by the interface. This server MUST be accessible through the HFC interface. The broadcast IP address must be used when the IP address is to be unspecified or the interface is the HFC interface." ::= { dvbNiuDhcpEntry 3 } dvbNiuDhcpRelay OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to select whether the NIU will relay DHCP/BootP requests received from this interface to the HFC interface. This option is ignored for the HFC interface. enabled - relay DHCP/BootP as per RFCs 951,1542, 2131 disabled - discard DHCP/BootP" DEFVAL { disabled } ::= { dvbNiuDhcpEntry 4 } dvbNiuDhcpReqIf OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to select whether the NIU will request an IP address by DHCP/BootP for this interface via the HFC interface. If this is disabled then there must be an entry in the static IP table for this interface. enabled - request address by DHCP/BootP disabled - Use static IP address assignment" -- DEFVAL { enabled } for the HFC interface ::= { dvbNiuDhcpEntry 5 } dvbNiuDhcpSerType OBJECT-TYPE SYNTAX INTEGER { primary(1), Valentine Informational - Expires July 2001 23 DVB Cable Network Interface Unit MIB January 2001 backup(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to identify whether the specified server for the interface is the primary server or backup. In the event that the primary server does not respond, the backup server is used. There can be only one primary server for an interface, but multiple backup servers. The backup servers use the values dvbNiuDhcpRelay and dvbNiuDhcpReqIf specified for the primary server for the interface, if a primary server is present otherwise the values are as defined for the backup server row. The order in which backup servers are tried is implied by the value of dvbNiuDhcpIndex, lowest first. This field is not applicable for the HFC interface." DEFVAL { primary } ::= { dvbNiuDhcpEntry 6 } dvbNiuDhcpState OBJECT-TYPE SYNTAX INTEGER { idle(1), waitingForDHCPoffer(2), waitingForDHCPack(3), assigned(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This is the status for DHCP for this interface. idle - No DHCP request has been made waitingForDHCPoffer - Waiting for DHCP offer waitingForDHCPack - Waiting for DHCP ack assigned - IP address for I/F assigned by DHCP." ::= { dvbNiuDhcpEntry 7 } dvbNiuDhcpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Rows in this table may be created by either the create-and-go or create-and-wait paradigms. There is no restriction on changing values in a row of this table while the row is active." ::= { dvbNiuDhcpEntry 8 } -- =============================================================== -- = Event Group = -- =============================================================== Valentine Informational - Expires July 2001 24 DVB Cable Network Interface Unit MIB January 2001 dvbNiuEventPolicy OBJECT-TYPE SYNTAX INTEGER { wrap(1), stop(2), oneHour(3), clearNow(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This defines event log policy. wrap When full the log wraps stop Stop event logging when full oneHour Clear the log at the start of every hour clearNow Clears the event log. Previous policy is restored. At initial startup this object has the default value of wrap(1)." ::= { dvbNiuEvent 1 } -- Event control table dvbNiuEventControlTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the action to be taken for the defined event priorities. A row will exist for each priority: Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug. A bit field is used to identify the action to be taken for the event priority. Actions can be: place the event in the event table; issue an SNMP Trap" ::= { dvbNiuEvent 2 } dvbNiuEventControlEntry OBJECT-TYPE SYNTAX DvbNiuEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There is a row per event and are recorded in chronological order." INDEX { dvbNiuEventCtrlPriority } ::= { dvbNiuEventControlTable 1 } DvbNiuEventControlEntry ::= SEQUENCE { dvbNiuEventControlPriority DvbEventPriority, dvbNiuEventControlAction BITS } dvbNiuEventControlPriority OBJECT-TYPE Valentine Informational - Expires July 2001 25 DVB Cable Network Interface Unit MIB January 2001 SYNTAX DvbEventPriority MAX-ACCESS not-accessible STATUS current DESCRIPTION "The priority level that is controlled by this entry. These are ordered from most (emergency) to least (debug) critical. Each event with a NIU has a particular priority level associated with it (as defined by the vendor). During normal operation no event more critical than notice(6) should be generated. Events between warning and emergency should be generated at appropriate levels of problems (e.g. emergency when the box is about to crash)." ::= { dvbNiuEventControlEntry 1 } dvbNiuEventControlAction OBJECT-TYPE SYNTAX BITS { local(0), trap(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This defines the actions to perform when an event happens of this priority. local causes the event to be written to the local event log. trap causes a trap to be issued." ::= { dvbNiuEventControlEntry 2 } -- Currently no traps are defined, these need to be added. -- End of Event control table dvbNiuEventTableMaxSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries the event log may hold" ::= { dvbNiuEvent 3 } -- Event table dvbNiuEventTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Contains a log of network and device events that may be of interest in fault isolation and trouble shooting." ::= { dvbNiuEvent 4 } dvbNiuEventEntry OBJECT-TYPE SYNTAX DvbNiuEventEntry Valentine Informational - Expires July 2001 26 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries are created when an event occurrs. dvbNiuEventPolicy can be used to clear the table in addition individual events can be deleted." INDEX { dvbNiuEventIndex } ::= { dvbNiuEventTable 1 } DvbNiuEventEntry ::= SEQUENCE { dvbNiuEventIndex Unsigned32, dvbNiuEventType DvbEventPriority, dvbNiuEventDateTime DateAndTime, dvbNiuEventDescription SnmpAdminString, dvbNiuEventCode SnmpAdminString, dvbNiuEventStatus RowStatus } dvbNiuEventIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This provides relative ordering of the objects in the event log. This object will always increase except when (a) the log is reset via dvbNiuEventPolicy, (b) the device reboots and does not implement non- volatile storage for this log, or (c) it reaches the value 2^31. The next entry for all the above cases is 1." ::= { dvbNiuEventEntry 1 } dvbNiuEventType OBJECT-TYPE SYNTAX DvbEventPriority MAX-ACCESS read-only STATUS current DESCRIPTION "This is the priority of the event." ::= { dvbNiuEventEntry 2 } dvbNiuEventDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This is the date and time the event occurred." ::= { dvbNiuEventEntry 3 } dvbNiuEventDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION Valentine Informational - Expires July 2001 27 DVB Cable Network Interface Unit MIB January 2001 "This is a vendor specific textual description of the event." ::= { dvbNiuEventEntry 4 } dvbNiuEventCode OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is the event code which uniquely identifies the event. The event codes should be in the form tppxxxxx where:- t - identifies who allocated the event identifier; d = dvb, v = vendor pp - identifies the priority; em = emergency, al = alert, cr = critical, er = error, wa = warning, no = notice, in = information, de = debug xxxxxxx - the event identifier which is 5 characters." ::= { dvbNiuEventEntry 5 } dvbNiuEventStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This is used to delete individual events. The only valid management operation is destroy, which causes the event to be deleted. When read this object should always return active." ::= { dvbNiuEventEntry 6 } -- End of Event table -- These apply to traps sent to all dvbNiuEvThrottleAdminStatus OBJECT-TYPE SYNTAX INTEGER { unconstrained(1), maintainBelowThreshold(2), stopAtThreshold(3), inhibited(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the transmission of traps with respect to the trap pacing threshold. unconstrained(1) causes traps to be transmitted without regard to the threshold settings. maintainBelowThreshold(2) causes trap transmission to be suppressed if the number of traps would otherwise exceed the threshold. stopAtThreshold(3) causes trap transmission to cease at the threshold, and not resume until directed to do so. Valentine Informational - Expires July 2001 28 DVB Cable Network Interface Unit MIB January 2001 See also RFC 1224. inhibited(4) causes all trap transmission messages to be suppressed. Writing to this object resets the thresholding state. At initial startup, this object has a default value of unconstrained(1). All the network managers with the trap capability as per RFC2573 will be treated as a single entity with regard to Trap management. This is done to simplify implementation within the NIU." ::= { dvbNiuEvent 5 } dvbNiuEvThrottleInhibited OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If true(1), trap is currently inhibited due to thresholds and/or the current setting of dvbNiuEvThrottleAdminStatus. In addition, this is set to true(1) if transmission is inhibited due to no trap (dvbNiuNmAccessEntry) destinations having been set." ::= { dvbNiuEvent 6 } dvbNiuEvThrottleThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Number of trap events per DvbNiuEvThrottleInterval to be transmitted before throttling. At initial startup, this object returns 0." ::= { dvbNiuEvent 7 } dvbNiuEvThrottleInterval OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval over which the trap threshold applies. At initial startup, this object has a value of 1." ::= { dvbNiuEvent 8 } -- =============================================================== -- = IP Filter Group = -- =============================================================== Valentine Informational - Expires July 2001 29 DVB Cable Network Interface Unit MIB January 2001 dvbNiuIpFilterEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), countHits(3), disabled(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This controls the IP filter table. enable - Enables the IP filter table. countHits - This option is used to debug the filter table. It allows packets to be checked against the filter table and increments dvbNiuIpFilterMatches for a matching filter, but ALL PACKETS ARE ALLOWED THROUGH. disabled - Disables IP filtering, all packets are allowed through. At initial startup this object has the default value of disabled(4)." ::= { dvbNiuIpFilter 1 } dvbNiuIpFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuIpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An ordered list of filters or classifiers to apply to IP traffic. Filter application is ordered by the filter index, rather than by a best match algorithm (Note that this implies that the filter table may have gaps in the index values). Packets which have matched no filters will be discarded i.e. no hits on any filter. Any IP packet can theoretically match multiple rows of this table. When considering a packet, the table is scanned in row index order (e.g. filter 10 is checked before filter 20). If the packet matches that filter (which means that it matches ALL criteria for that row), actions appropriate to dvbNiuIpFilterAction and dvbNiuIpFilterActionPtr are taken. If the packet was discarded processing is complete. If dvbNiuIpFilterContinue is set to true, the filter comparison continues with the next row in the table looking for additional matches." ::= { dvbNiuIpFilter 2 } dvbNiuIpFilterEntry OBJECT-TYPE SYNTAX DvbNiuIpFilterEntry Valentine Informational - Expires July 2001 30 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a filter to apply to IP traffic received on a specified interface. All identity objects in this table (e.g. source and destination address/mask, protocol, source/dest port, TOS/mask, interface and direction) must match their respective fields in the packet for any given filter to match. To create an entry in this table, dvbNiuIpFilterIfIndex must be specified." INDEX { dvbNiuIpFilterIndex } ::= { dvbNiuIpFilterTable 1 } DvbNiuIpFilterEntry ::= SEQUENCE { dvbNiuIpFilterIndex Unsigned32, dvbNiuIpFilterStatus RowStatus, dvbNiuIpFilterIfIndex InterfaceIndexOrZero, dvbNiuIpFilterDirection INTEGER, dvbNiuIpFilterTos OCTET STRING, dvbNiuIpFilterTosMask OCTET STRING, dvbNiuIpFilterSrcAddrType InetAddressType, dvbNiuIpFilterSrcAddr InetAddress, dvbNiuIpFilterSrcMaskType InetAddressType, dvbNiuIpFilterSrcMask InetAddress, dvbNiuIpFilterDstAddrType InetAddressType, dvbNiuIpFilterDstAddr InetAddress, dvbNiuIpFilterDstMaskType InetAddressType, dvbNiuIpFilterDstMask InetAddress, dvbNiuIpFilterProtocol Integer32, dvbNiuIpFilterSrcPortLow Integer32, dvbNiuIpFilterSrcPortHigh Integer32, dvbNiuIpFilterDstPortLow Integer32, dvbNiuIpFilterDstPortHigh Integer32, dvbNiuIpFilterAction INTEGER, dvbNiuIpFilterMatches Counter32, dvbNiuIpFilterContinue TruthValue, dvbNiuIpFilterActionPtr Integer32 } dvbNiuIpFilterIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of filters. The filter with the lowest index is always applied first." ::= { dvbNiuIpFilterEntry 1 } dvbNiuIpFilterStatus OBJECT-TYPE SYNTAX RowStatus Valentine Informational - Expires July 2001 31 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Specifying only this object (with the appropriate index) on a NIU is sufficient to create a filter row which matches all inbound packets on the Ethernet interface, and results in the packets being discarded. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active." ::= { dvbNiuIpFilterEntry 2 } dvbNiuIpFilterIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in NIU is the index of the customer-side (e.g. ethernet) interface." ::= { dvbNiuIpFilterEntry 4 } dvbNiuIpFilterDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2), both(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Determines whether the filter is applied to inbound(1) traffic, outbound(2) traffic, or traffic in both(3) directions." DEFVAL { inbound } ::= { dvbNiuIpFilterEntry 5 } dvbNiuIpFilterTos OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "This is the value to be matched to the packet's TOS (Type of Service) value (after the TOS value is AND'd with dvbNiuIpFilterTosMask). A value for this object of 0 and a mask of 0 matches all TOS values." Valentine Informational - Expires July 2001 32 DVB Cable Network Interface Unit MIB January 2001 DEFVAL { '00'h } ::= { dvbNiuIpFilterEntry 6 } dvbNiuIpFilterTosMask OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask to be applied to the packet's TOS value before matching." DEFVAL { '00'h } ::= { dvbNiuIpFilterEntry 7 } dvbNiuIpFilterSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address for the source address." ::= { dvbNiuIpFilterEntry 8 } dvbNiuIpFilterSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against dvbNiuIpFilterSrcMask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." ::= { dvbNiuIpFilterEntry 9 } dvbNiuIpFilterSrcMaskType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address for the source address mask." ::= { dvbNiuIpFilterEntry 10 } dvbNiuIpFilterSrcMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." ::= { dvbNiuIpFilterEntry 11 } dvbNiuIpFilterDstAddrType OBJECT-TYPE Valentine Informational - Expires July 2001 33 DVB Cable Network Interface Unit MIB January 2001 SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address for the destination address." ::= { dvbNiuIpFilterEntry 12 } dvbNiuIpFilterDstAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against dvbNiuIpFilterDstMask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." ::= { dvbNiuIpFilterEntry 13 } dvbNiuIpFilterDstMaskType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address for the destination address mask." ::= { dvbNiuIpFilterEntry 14 } dvbNiuIpFilterDstMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." ::= { dvbNiuIpFilterEntry 15 } dvbNiuIpFilterProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The IP protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 256 matches ANY protocol." DEFVAL { 256 } ::= { dvbNiuIpFilterEntry 16 } dvbNiuIpFilterSrcPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current Valentine Informational - Expires July 2001 34 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 17 } dvbNiuIpFilterSrcPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { dvbNiuIpFilterEntry 18 } dvbNiuIpFilterDstPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 19 } dvbNiuIpFilterDstPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { dvbNiuIpFilterEntry 20 } dvbNiuIpFilterAction OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2), nat(3), napt(4), tosmap(5) } MAX-ACCESS read-create Valentine Informational - Expires July 2001 35 DVB Cable Network Interface Unit MIB January 2001 STATUS current DESCRIPTION "This is the action to be performed if there is a match against this filter. Possible actions are: discard - Discard the packet. accept - Accept the packet for further processing / forwarding. nat - Perform network address translation on this packet. This is used to identify internal addresses that can be mapped to external addresses. napt - Perform network port address translation on this packet. This is used to identify internal adresses that can be mapped to an external address/port. tosmap - Apply TOS to this packet." DEFVAL { discard } ::= { dvbNiuIpFilterEntry 21 } dvbNiuIpFilterMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { dvbNiuIpFilterEntry 22 } dvbNiuIpFilterContinue OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If this value is set to true and dvbNiuIpFilterAction is not discard, continue scanning and applying matching filter actions." DEFVAL { false } ::= { dvbNiuIpFilterEntry 23 } dvbNiuIpFilterActionPtr OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the dvbNiuIpTosMapPolicyId in dvbNiuIpTOSMapTable that is to be applied if dvbNiuIpFilterAction is set to tosMap. If no matching policy exists, treat as if dvbNiuIpFilterAction were set to accept (1). If this object is set to the value of 0, there is no matching policy, and dvbNiuIpTOSMapTable MUST NOT be consulted." Valentine Informational - Expires July 2001 36 DVB Cable Network Interface Unit MIB January 2001 DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 24 } -- End of IP filter table -- TOS Map Table dvbNiuIpTOSMapTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuIpTOSMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Table which maps between a policy id (dvbNiuIpTosMapPolicyId) and a policy to be applied. This table applies only to the TOS within the IP header. Policy ID 0 is reserved." ::= { dvbNiuIpFilter 3 } dvbNiuIpTOSMapEntry OBJECT-TYPE SYNTAX DvbNiuIpTOSMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table used to describe Type of Service (TOS) bits processing. This table is an adjunct to the dvbNiuIpFilterTable. Entries in the latter table can point to specific rows in this (and other)tables and cause specific actions to be taken. This table permits the manipulation of the value of the Type of Service bits in the IP header of the matched packet as follows: Set the tosBits of the packet to (tosBits & dvbNiuIpTosMapAndMask) | dvbNiuIpTosMapOrMask This construct allows you to do a clear and set of all the TOS bits in a flexible manner." INDEX { dvbNiuIpTosMapIndex } ::= { dvbNiuIpTOSMapTable 1 } DvbNiuIpTOSMapEntry ::= SEQUENCE { dvbNiuIpTosMapIndex Unsigned32, dvbNiuIpTosMapPolicyId Unsigned32, dvbNiuIpTosMapStatus RowStatus, dvbNiuIpTosMapAndMask OCTET STRING (SIZE (1)), dvbNiuIpTosMapOrMask OCTET STRING (SIZE (1)) } dvbNiuIpTosMapIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION Valentine Informational - Expires July 2001 37 DVB Cable Network Interface Unit MIB January 2001 "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuIpTOSMapEntry 1 } dvbNiuIpTosMapPolicyId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified. This index is used by dvbNiuIpFilterPolicyId as the pointer to the TOS mapping to be performed." ::= { dvbNiuIpTOSMapEntry 2 } dvbNiuIpTosMapStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object used to create and delete entries in this table. A row created by specifying just this object results in a row which specifies no change to the TOS bits. A row may be created using either the create-and-go or create-and-wait paradigms. There is no restriction on the ability to change values in this row while the row is active." ::= { dvbNiuIpTOSMapEntry 3 } dvbNiuIpTosMapAndMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "This value is bitwise AND'd with the matched packet's TOS bits." DEFVAL { 'ff'h } ::= { dvbNiuIpTOSMapEntry 4 } dvbNiuIpTosMapOrMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "After bitwise AND'ing with the above bits, the packet's TOS bits are bitwise OR'd with these bits." DEFVAL { '00'h } ::= { dvbNiuIpTOSMapEntry 5 } -- End of TOS Map table -- =============================================================== Valentine Informational - Expires July 2001 38 DVB Cable Network Interface Unit MIB January 2001 -- = NAT Group = -- =============================================================== -- NAT assignment table dvbNiuNatTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to list external IP addresses available for assignment to internal IP addresses. The filter table is used to identify internal addresses that require NAT before entering the external domain (upstream). In the downstream direction NAT (inverse of the NAT applied in the upstream) is applied before applying the IP filter table. NAT assignment algorithims are vendor dependant. When an external IP address is no longer assigned to an IP addess, dvbNiuNatIntIp should be all 0's. If there are no free external addresses the packet requiring translation should be dropped. NAPT is not applicable to multicast packets." ::= { dvbNiuNat 1 } dvbNiuNatEntry OBJECT-TYPE SYNTAX DvbNiuNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row should be created for each external IP address available for translation. When an internal address is assignened to an external address, dvbNiuNatIntIp will contained the mapped internal address." INDEX { dvbNiuNatExtIpType, dvbNiuNatExtIp } ::= { dvbNiuNatTable 1 } DvbNiuNatEntry ::= SEQUENCE { dvbNiuNatExtIpType InetAddressType, dvbNiuNatExtIp InetAddress, dvbNiuNatIntIpType InetAddressType, dvbNiuNatIntIp InetAddress, dvbNiuNatStatus RowStatus } dvbNiuNatExtIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the external IP address available for NAT assignment" ::= { dvbNiuNatEntry 1 } Valentine Informational - Expires July 2001 39 DVB Cable Network Interface Unit MIB January 2001 dvbNiuNatExtIp OBJECT-TYPE SYNTAX InetAddress (SIZE (1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An external IP address available for NAT assignment" ::= { dvbNiuNatEntry 2 } dvbNiuNatIntIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the internal IP address assigned for NAT." ::= { dvbNiuNatEntry 3 } dvbNiuNatIntIp OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The internal IP address assigned to the external IP address. If no address is assigned this will be all 0's." ::= { dvbNiuNatEntry 4 } dvbNiuNatStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This controls and reflects the status of the row. Rows can be created by using both createAndGo and createAndWait. Rows can be modified/deleted ONLY if the dvbNiuNatIntIp is all 0's. notInService can be applied to a row which currently has dvbNiuNatIntIp assigned, in this case when dvbNiuNatIntIp become free (all 0's) the associated dvbNiuNatExtIp cannot be used for further assigments." ::= { dvbNiuNatEntry 5 } -- End of NAT table -- =============================================================== -- = NAPT Group = -- =============================================================== dvbNiuNaptAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION Valentine Informational - Expires July 2001 40 DVB Cable Network Interface Unit MIB January 2001 "The type of external IP address to be used for NAPT." ::= { dvbNiuNapt 1 } dvbNiuNaptAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The external IP address to be used for NAPT. The filter table is used to identify internal addresses that require NAPT before entering the external domain (upstream). In the downstream direction NAPT (inverse of the NAPT applied in the upstream) is applied before applying the IP filter table. NAPT assignment algorithims are vendor dependant. The value of all 0's specifies that NAPT is not available and the packet requiring it should be discarded. A value with all bits set to 1 specifies that NAPT will use the IP address assigned to the HFC interface. NAPT is not applicable to multicast packets. At initial startup this object has the default value of all 0's" ::= { dvbNiuNapt 2 } -- NAPT assignment table dvbNiuNaptTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuNaptEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the current internal/external port assignments. The NAPT assignment algorithims used for port assignments are vendor dependant." ::= { dvbNiuNapt 3 } dvbNiuNaptEntry OBJECT-TYPE SYNTAX DvbNiuNaptEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row should be created for each internal to external port mapping. Each row contains the internal and external ports used in the mapping, and the internal IP address of the host being mapped. When the assignment is no longer required the row should be deleted." INDEX { dvbNiuNaptExtPort } ::= { dvbNiuNaptTable 1 } DvbNiuNaptEntry ::= SEQUENCE { dvbNiuNaptExtPort Integer32, Valentine Informational - Expires July 2001 41 DVB Cable Network Interface Unit MIB January 2001 dvbNiuNaptIntPort Integer32, dvbNiuNaptIntIpType InetAddressType, dvbNiuNaptIntIp InetAddress } dvbNiuNaptExtPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The external port assigned to the internal port/IP Address." ::= { dvbNiuNaptEntry 1 } dvbNiuNaptIntPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The internal port that required mapping to the external port." ::= { dvbNiuNaptEntry 2 } dvbNiuNaptIntIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The internal IP address type." ::= { dvbNiuNaptEntry 3 } dvbNiuNaptIntIp OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The internal IP address of the host to which the port mapping is being applied." ::= { dvbNiuNaptEntry 4 } -- End of NAPT table -- =============================================================== -- = Ethernet Filters Group = -- =============================================================== dvbNiuEthernetFilterEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), countHits(2), disabled(3) } Valentine Informational - Expires July 2001 42 DVB Cable Network Interface Unit MIB January 2001 MAX-ACCESS read-write STATUS current DESCRIPTION "This controls the Ethernet filter table. enable - Enables the Ethernet filter table. countHits - This option is used to debug the filter table. It allows framess to be checked against the filter table and increments dvbNiuEthernetFilterMatches for a matching filter, but ALL frames ARE ALLOWED THROUGH. disabled - Disables Ethernet filtering, all frames are allowed through. At initial startup this object has the default value of disabled(3)." ::= { dvdNiuEthFilter 1 } dvbNiuEthernetFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEthernetFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of filters to apply to Ethernet type frames to control the types of upper layer protocols that can be transported. The EtherType/LLC field is examined and the filter table is checked to see if there is a filter for the protocol. If no match is found the frame is discarded, otherwise the filter action is performed. The filter table does not have to be ordered as there can be only one possible match." ::= { dvdNiuEthFilter 2 } dvbNiuEthernetFilterEntry OBJECT-TYPE SYNTAX DvbNiuEthernetFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a filter to apply to Ethernet frame received on a specified interface. The dvbNiuEthernetFilterProtocol in this table must match its respective fields in the frame for any given filter to match." INDEX { dvbNiuEthernetFilterIndex } ::= { dvbNiuEthernetFilterTable 1 } DvbNiuEthernetFilterEntry ::= SEQUENCE { dvbNiuEthernetFilterIndex Unsigned32, dvbNiuEthernetFilterStatus RowStatus, dvbNiuEthernetFilterIfIndex InterfaceIndexOrZero, dvbNiuEthernetFilterEtherType INTEGER, dvbNiuEthernetFilterProtocol Integer32, dvbNiuEthernetFilterAction INTEGER, Valentine Informational - Expires July 2001 43 DVB Cable Network Interface Unit MIB January 2001 dvbNiuEthernetFilterMatches Counter32 } dvbNiuEthernetFilterIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuEthernetFilterEntry 1 } dvbNiuEthernetFilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active." ::= { dvbNiuEthernetFilterEntry 2 } dvbNiuEthernetFilterIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in NIUs is the index of the customer-side (e.g. ethernet) interface." ::= { dvbNiuEthernetFilterEntry 3 } dvbNiuEthernetFilterEtherType OBJECT-TYPE SYNTAX INTEGER { ethernet2(1), snap(2), llc(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The format of the etherent frame. This can be Ethernet2, 802.2 SNAP or 802.2 LLC. This is used to correctly locate the field identifying the protocol being transported." ::= { dvbNiuEthernetFilterEntry 4 } Valentine Informational - Expires July 2001 44 DVB Cable Network Interface Unit MIB January 2001 dvbNiuEthernetFilterProtocol OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol to filter on. For Ethernet2 and 802.2 SNAP the value in the EtherType field is checked. For 802.2 LLC the valus in the SAP field is checked." ::= { dvbNiuEthernetFilterEntry 4 } dvbNiuEthernetFilterAction OBJECT-TYPE SYNTAX INTEGER { accept(1), discard(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action to be taken when there is a filter match. If it is accept, the frame will be forwarded otherwise the frame will be discarded." ::= { dvbNiuEthernetFilterEntry 5 } dvbNiuEthernetFilterMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-create STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { dvbNiuEthernetFilterEntry 6 } -- =============================================================== -- = CPE IP Management and anti spoofing group = -- =============================================================== -- This CPE section is taken from RFC2669 and enhanced dvbNiuCpeEnroll OBJECT-TYPE SYNTAX INTEGER { none(1), any(2), } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the population of dvbNiuCpeTable. If set to none, the filters must be set manually. If set to any, the NIU sniffs the packets originating from the Ethernet and enrolls up to dvbNiuCpeIpMax Valentine Informational - Expires July 2001 45 DVB Cable Network Interface Unit MIB January 2001 addresses based on the source IP addresses of those packets. At initial system startup, default value for this object is any(2)." ::= { dvbNiuCpe 1 } dvbNiuCpeIpMax OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the maximum number of CPEs allowed to connect behind this device. If set to zero, any number of CPEs may connect up to the maximum permitted for the device or the maximum allowed for the subnet configured for the CPE (subscriber) interface, whichever is the smaller. If set to -1, no filtering is done on CPE source addresses, and no entries are made in the dvbNiuCpeTable. If an attempt is made to set this to a number greater than that permitted for the device/subnet, it is set to that maximum of the smallest value (device or subnet). At initial system startup, default value for this object is -1." ::= { dvbNiuCpe 2 } dvbNiuCpeTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuCpeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the IP addresses seen (or permitted) as source addresses in packets originating from the customer interface on this device. In addition, this table can be provisioned with the specific addresses permitted for the CPEs via the normal row creation mechanisms." ::= { dvbNiuCpe 3 } dvbNiuCpeEntry OBJECT-TYPE SYNTAX DvbNiuCpeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the dvbNiuCpeTable. There is one entry for each IP CPE seen or provisioned. If dvbNiuCpeIpMax is set to -1, this table is ignored, otherwise: Upon receipt of an IP packet from the customer interface of the CM, the source IP address is checked against this table. If the address is in the table, packet processing continues. If the address is not in the table, but dvbNiuCpeEnroll is set to any and the table size is less than dvbNiuCpeIpMax, the address is added to the table and packet processing continues. Otherwise, the packet is dropped. Valentine Informational - Expires July 2001 46 DVB Cable Network Interface Unit MIB January 2001 The filtering actions specified by this table occur after any Ethernet filtering (dvbNiuEthernetFilterTable), but prior to any IP filtering (dvbNiuIpFilterTable)." INDEX { dvbNiuCpeAddrType, dvbNiuCpeIp } ::= { dvbNiuCpeTable 1 } DvbNiuCpeEntry ::= SEQUENCE { dvbNiuCpeIpType InetAddressType, dvbNiuCpeIp InetAddress, dvbNiuCpeMaskType InetAddressType, dvbNiuCpeMask InetAddress, dvbNiuCpeSource INTEGER, dvbNiuCpeStatus RowStatus } dvbNiuCpeIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of IP address used for the identified CPE." ::= { dvbNiuCpeEntry 1 } dvbNiuCpeIp OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address to which this entry applies." ::= { dvbNiuCpeEntry 2 } dvbNiuCpeMaskType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address for the CPE address mask." ::= { dvbNiuCpeEntry 3 } dvbNiuCpeMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the CPE source IP address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous. When created automatically this will be all 1's. For manual entries, it can be used to represent a range (subnet) thus reducing the number of entries in the table." Valentine Informational - Expires July 2001 47 DVB Cable Network Interface Unit MIB January 2001 ::= { dvbNiuCpeEntry 4 } dvbNiuCpeSource OBJECT-TYPE SYNTAX INTEGER { other(1), manual(2), learned(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes how this entry was created. If the value is manual(2), this row was created by a network management action (either configuration, or SNMP set). If set to learned(3), then it was found via looking at the source IP address of a received packet." ::= { dvbNiuCpeEntry 5 } dvbNiuCpeStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Standard object to manipulate rows. To create a row in this table, you only need to specify this object. Management stations SHOULD use the create-and-go mechanism for creating rows in this table." ::= { dvbNiuCpeEntry 6 } -- Conformance statements dvbNiuCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for EuroModem NIUs which implement the DVB-CABLE-NIU-MIB MIB. An implmentation only has to support IPv4 addresses to be compliant." MODULE -- dvbNiu MANDATORY-GROUPS { dvbNiuSystemGroup, dvbNiuSoftwareGroup, dvbNiuEventGroup } GROUP dvbNiuDhcpGroup DESCRIPTION "The group is optional but should be implemented if DHCP/BOOTP is implemented." GROUP dvbNiuIpFilterGroup Valentine Informational - Expires July 2001 48 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "The group is optional but should be implemented if dvbNiuNatGroup or dvdNiuNaptGroup are implemeneted. The implementation of this group does not mandate the implementation of dvbNiuNatGroup or dvdNiuNaptGroup." GROUP dvbNiuNatGroup DESCRIPTION "The group is optional but should be implemented if NAT is implemented." GROUP dvbNiuNaptGroup DESCRIPTION "The group is optional but should be implemented if NAPT is implemented." GROUP dvbNiuEthFilterGroup DESCRIPTION "The group is optional but should be implemented if Ethernet filtering is implemented. If the NIU supports bridging then it is strongly recommended this group is implemented." GROUP dvbNiuCpeGroup DESCRIPTION "The group is optional but should be implemented to prevent spoofing type attacks and restrict the number of CPE devices attached to the NIU." OBJECT dvbNiuStaticIpMaskType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuStaticIpMask SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuSwServerAddrType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuSwServer SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." Valentine Informational - Expires July 2001 49 DVB Cable Network Interface Unit MIB January 2001 OBJECT dvbNiuDhcpServerAddrType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuDhcpServer SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. The broadcast address to be used for IPv4 is 255.255.255.255 and should be the default value." OBJECT dvbNiuIpFilterDstAddrType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuIpFilterDstAddr SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. The default value for this object for IPv4 is 0.0.0.0" OBJECT dvbNiuIpFilterSrcAddrType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuIpFilterSrcAddr SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. The default value for this object for IPv4 is 0.0.0.0" OBJECT dvbNiuIpFilterDstMaskType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuIpFilterDstMask SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. The default value for this object for IPv4 is 0.0.0.0" OBJECT dvbNiuIpFilterSrcMaskType Valentine Informational - Expires July 2001 50 DVB Cable Network Interface Unit MIB January 2001 SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuIpFilterSrcMask SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses. The default value for this object for IPv4 is 0.0.0.0" OBJECT dvbNiuNatIntIpType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuNatIntIp SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuNaptAddrType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuNaptAddr SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuNaptIntIpType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuNaptIntIp SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuCpeIpType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." Valentine Informational - Expires July 2001 51 DVB Cable Network Interface Unit MIB January 2001 OBJECT dvbNiuCpeIp SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuCpeMaskType SYNTAX InetAddressType { ipv4(1)} DESCRIPTION "An implementation is only required to support IPv4 addresses." OBJECT dvbNiuCpeMask SYNTAX InetAddress (SIZE(4)) DESCRIPTION "An implementation is only required to support IPv4 addresses." ::= { dvbNiuCompliances 1 } dvbNiuSystemGroup OBJECT-GROUP OBJECTS { dvbNiuConfigSet, dvbNiuMibVersion, dvbNiuSerialNum, dvbNiuResetNow, dvbNiuResetCounts, dvbNiuDateAndTime, dvbNiuOperStatus, dvbNiuModemtype, dvbNiuStaticIpMaskType, dvbNiuStaticIpMask, dvbNiuStaticIpStatus, dvbNiuEuroloader, dvbNiuImplSet, dvbNiuMulticast } STATUS current DESCRIPTION "A collection of objects providing basic system level control and instrumentation of the EuroModem." ::= { dvbNiuGroups 1 } dvbNiuSoftwareGroup OBJECT-GROUP OBJECTS { dvbNiuSwVersion, dvbNiuSwState, dvbNiuSwAction, dvbNiuSwDateTime, dvbNiuSwServerAddrType, dvbNiuSwServer, dvbNiuSwFilename, Valentine Informational - Expires July 2001 52 DVB Cable Network Interface Unit MIB January 2001 dvbNiuSwDownloadSlot, dvbNiuSwAdminStatus } STATUS current DESCRIPTION "A collection of objects providing control and instrumentation of the EuroModem's software." ::= { dvbNiuGroups 2 } dvbNiuDhcpGroup OBJECT-GROUP OBJECTS { dvbNiuDhcpServerAddrType, dvbNiuDhcpServer, dvbNiuDhcpRelay, dvdNiuDhcpReqIf, dvbNiuDhcpState, dvbNiuDhcpSerType, dvbNiuDhcpStatus } STATUS current DESCRIPTION "A collection of objects providing control over the EuroModem's DHCP/Bootp functionality." ::= { dvbNiuGroups 3 } dvbNiuEventGroup OBJECT-GROUP OBJECTS { dvbNiuEventPolicy, dvbNiuEventControlTable, dvbNiuEventTableMaxSize, dvbNiuTrapRate, dvbNiuEventControlPriority, dvbNiuEventControlAction, dvbNiuEventType, dvbEventDateTime, dvbEventDescription, dvbEventCode, dvbEventStatus, dvbNiuEvThrottleAdminStatus, dvbNiuEvThrottleInhibited, dvbNiuEvThrottleThreshold, dvbNiuEvThrottleInterval } STATUS current DESCRIPTION "A collection of objects used to control and monitor EuroModem events." ::= { dvbNiuGroups 4 } dvbNiuIpFilterGroup OBJECT-GROUP OBJECTS { dvbNiuIpFilterDstAddrType, dvbNiuIpFilterDstAddr, Valentine Informational - Expires July 2001 53 DVB Cable Network Interface Unit MIB January 2001 dvbNiuIpFilterDstMaskType, dvbNiuIpFilterDstMask, dvbNiuIpFilterStatus, dvbNiuIpFilterProtocol, dvbNiuIpFilterIfIndex, dvbNiuIpFilterSrcPortLow, dvbNiuIpFilterDirection, dvbNiuIpFilterSrcPortHigh, dvbNiuIpFilterTos, dvbNiuIpFilterDstPortLow, dvbNiuIpFilterTosMask, dvbNiuIpFilterDstPortHigh, dvbNiuIpFilterSrcAddrType, dvbNiuIpFilterSrcAddr, dvbNiuIpFilterAction, dvbNiuIpFilterMatches, dvbNiuIpFilterSrcMaskType, dvbNiuIpFilterSrcMask, dvbNiuIpFilterContinue, dvbNiuIpFilterEnable, dvbNiuIpTosMapIndex, dvbNiuIpTosMapStatus, dvbNiuIpTosMapAndMask, dvbNiuIpTosMapOrMask } STATUS current DESCRIPTION "A collection of objects providing a filtering capability at the IP layer." ::= { dvbNiuGroups 5 } dvbNiuEthFilterGroup OBJECT-GROUP OBJECTS { dvbNiuEthernetFilterStatus, dvbNiuEthernetFilterIfIndex, dvbNiuEthernetFilterEtherType, dvbNiuEthernetFilterAction, dvbNiuEthernetFilterMatches, dvbNiuEthernetFilterEnable } STATUS current DESCRIPTION "A collection of objects providing a filtering capability at the Ethernet layer." ::= { dvbNiuGroups 6 } dvbNiuNatGroup OBJECT-GROUP OBJECTS { dvbNiuNatIntIpType, dvbNiuNatIntIp, dvbNiuNatStatus } STATUS current Valentine Informational - Expires July 2001 54 DVB Cable Network Interface Unit MIB January 2001 DESCRIPTION "A collection of objects providing address translation at either the address level" ::= { dvbNiuGroups 7 } dvbNiuNaptGroup OBJECT-GROUP OBJECTS { dvbNiuNaptAddrType, dvbNiuNaptAddr, dvbNiuNaptIntPort, dvbNiuNaptIntIpType, dvbNiuNaptIntIp } STATUS current DESCRIPTION "A collection of objects providing address translation at either the port level" ::= { dvbNiuGroups 8 } dvbNiuCpeGroup OBJECT-GROUP OBJECTS { dvbNiuCpeEnroll, dvbNiuCpeIpMax, dvbNiuCpeIpType, dvbNiuCpeIp, dvbNiuCpeMaskType, dvbNiuCpeMask, dvbNiuCpeSource, dvbNiuCpeStatus } STATUS current DESCRIPTION "A collection of objects providing anti spoofing / CPE address management" ::= { dvbNiuGroups 9 } END 5. Security Considerations This MIB relates to a system which will provide metropolitan public internet access. As such, improper manipulation of the objects represented by this MIB may result in denial of service to a large number of end-users. In addition, manipulation of dvbNiuEthernetFilterTable and dvbNiuIpFilterTable may allow an end- user to increase their service levels, spoof their IP addresses or affect other end-users in either a positive or negative manner. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure Valentine Informational - Expires July 2001 55 DVB Cable Network Interface Unit MIB January 2001 environment without proper protection can have a negative effect on network operations. In addition to those mentioned above: o dvbNiuStaticIpTable and dvbNiuDhcpTable can be manipulated to prevent IP addresses being assigned to the NIU after a reset, which results in a denial of service. o The NIU may have its software changed by the actions of the management system. An improper software load may result in substantial vulnerabilities and the loss of the ability of the management system to control the NIU. o Setting docsDevEvThrottleAdminStatus = unconstrained(1) may cause flooding of traps, which can disrupt network service. This MIB does not affect confidentiality of services on a cable system. The DVB/DAVIC Interoperability Consortium expects to produce a MIB for the security mechanism in the near future. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User- based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 6. References [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. Valentine Informational - Expires July 2001 56 DVB Cable Network Interface Unit MIB January 2001 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC1224] Steinberg, L., "Techniques for Managing Asynchronously Generated Alerts", RFC 1224, May 1991. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Valentine Informational - Expires July 2001 57 DVB Cable Network Interface Unit MIB January 2001 Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2851 M. Daniele, B. Haberman, S. Routhier, J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", June 2000 [EUROM] ECCA,"Technical Specification of a European Cable Modem for digital bi-directional communications via cable networks", Version 1.0, 12th May 1999 7. Acknowledgments This MIB was the result of the work undertaken by DVB/DAVIC Interoperability consortium to define a common management interface for EuroModem compliant NIU. RFC 2669 edited by Michael St Johns was used as the template for this document. 8. Author's Addresses Andrew Valentine Engineering Design Centre Hughes Network Systems Ltd Saxon Street, Linford Wood, Milton Keynes. MK14 6LD ENGLAND Phone: +44 1908 221122 Email: a.valentine@eu.hns.com Valentine Informational - Expires July 2001 58 DVB Cable Network Interface Unit MIB January 2001 Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into Valentine Informational - Expires July 2001 59