Internet Draft DiffServ Policy MIB March 2001 Internet Engineering Task Force H. Hazewinkel INTERNET-DRAFT Covalent Expires September 2001 D. Partain Ericsson March 2001 The DiffServ Policy MIB draft-ietf-snmpconf-diffpolicy-04.txt Document Revision: 1.7 March 2001 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. 1. Abstract The MIB Module described in this document provides a conceptual layer SNMPCONF WG Expires September 2001 [Page 1] Internet Draft DiffServ Policy MIB March 2001 between high-level "network-wide" policy definitions that affect configuration of the differentiated services (DiffServ) subsystem and the instance-specific information that would include such details as the parameters for all the queues associated with each interface in a system. This essentially provides an interface for configuring DiffServ at a conceptually higher layer than that of the DiffServ Architecture MIB [DIFFSERVMIB]. This version of this memo is aligned with the DIFF-SERV-MIB [DIFFSERVMIB] found in draft-ietf-diffserv-mib-08.txt. This MIB module will be aligned with that work as updates are made. 2. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [1]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13]. o A set of fundamental applications described in RFC 2573 [14] SNMPCONF WG Expires September 2001 [Page 2] Internet Draft DiffServ Policy MIB March 2001 and the view-based access control mechanism described in RFC 2575 [15]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [16]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine-readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3. Introduction This memo defines a MIB module which can be used to convey information about desired network-wide DiffServ-based policy behavior. This module is designed to integrate with the Policy-based Management MIB module [POLICYMIB] as well as the DiffServ Architecture MIB module [DIFFSERVMIB] Together, these three documents represent an instance of an integrated architecture for both device- specific and network-wide policy management which is fully integrated with the Internet Standard Management Framework. This is the first of what is expected to be a wide number of other network-wide policy modules to be developed in the future in a wide range of areas. Within the DiffServ architecture a MIB module is already defined [DIFFSERVMIB] that operates on a device level. The MIB module in this memo (the DIFFSERV-POLICY-MIB) creates a coherent policy configuration management view (domain-specific) as an umbrella over this mechanism-specific MIB. That is, the DIFFSERV-POLICY-MIB provides a conceptual API for configuration of DiffServ parameters in a device at a higher level than the DiffServ Architecture MIB [DIFFSERVMIB]. SNMPCONF WG Expires September 2001 [Page 3] Internet Draft DiffServ Policy MIB March 2001 4. Definitions Terminology used in discussing policy-based configuration management has been the source of much discussion and confusion. [SNMPBCP] provides a discussion of the terms used in discussing this topic. 5. Relationship to other MIBs In this section we describe the relationship of this MIB module to other MIB modules. The overall architecture used for policy configuration management is described in [POLICYMIB]. 5.1. The Policy-based Management MIB module [POLICYMIB] defines a MIB module that enables policy-based configuration management of infrastructure using the Internet Standard Management Framework. The document includes a table for configuring policies to be implemented, tables for storing the roles of elements on a particular device, a table for representing the capabilities of a device with respect to policy management, a table for referencing elements affected by a policy, as well as other infrastructure. See [POLICYMIB] for a full description of the policy-based configuration framework it provides. 5.2. The DiffServ MIB module The DiffServ Architecture MIB module [DIFFSERVMIB] provides a common set of managed objects useful for configuring DiffServ parameters on a particular device. This is what is referred to as instance-level configuration. It is the alteration of the instance-level information in that MIB module which MAY be done via the objects provided by the DiffServ Policy MIB module defined in this memo. It is recognized that vendors may include additional managed objects in their devices (via vendor-specific MIB modules) for configuring SNMPCONF WG Expires September 2001 [Page 4] Internet Draft DiffServ Policy MIB March 2001 DiffServ parameters. If a vendor chooses to use the objects defined in this memo for configuration, the vendor should provide additional managed objects in a similar approach as defined for the DiffServ Architecture MIB module. Since the managed objects of the DiffServ Architecture MIB are not directly associated with an instance (interface and interface direction), the same managed objects can be used for traffic treatment configuration templates in a DiffServ capable device. Therefore, the tables as defined in the DiffServ Architecture MIB can directly be used for configuration purposes. Those tables are: diffServDataPathTable diffServClfrTable diffServClfrElementTable diffServSixTupleClfrTable diffServMeterTable diffServTBParamTable diffServActionTable diffServDscpMarkActTable diffServCountActTable diffServAlgDropTable diffServRandomDropTable diffServQTable diffServSchedulerTable diffServRateControlTable Readers familiar with the DiffServ Architecture MIB will notice that these are all templates except the diffServDataPathTable, which instantiates a DiffServ traffic treatment configuration on an interface and its interface direction. The approach taken in this document is to avoid duplication of managed objects and, therefore, the implementation of the DIFF- POLICY-MIB module should use of the tables defined in the DiffServ Architecture MIB. 5.3. The DiffServ Policy MIB module design The DiffServ Policy MIB module of the SNMP-based configuration management framework is positioned between the Policy-based Management MIB module and the instance-specific MIB module (the DiffServ Architecture MIB module) as described above. The Differentiated Services Policy MIB (DIFFSERV-POLICY-MIB) module SNMPCONF WG Expires September 2001 [Page 5] Internet Draft DiffServ Policy MIB March 2001 found in this memo is designed to have configuration templates for the Differentiated Services MIB (DIFFSERV-MIB) module. These templates represent a specific configuration of traffic treatment in a datapath of a Differentiated Services capable device. As soon as a configuration is made active via the POLICY-MANAGEMENT-MIB, the configuration defined within this MIB module will be instantiated on the instance-specific MIB (the DIFFSERV-MIB). Note that this is a conceptual process. That is, the configuration may not actually go through an API available in the subsystem which implements the DIFFSERV-MIB module. However, configuration via the DIFFSERV-POLICY-MIB module will alter the same instrumentation as the DIFF-SERV-MIB module whether it does it via the DIFFSERV-MIB module or not. The Differentiated Services Policy MIB module only needs to define a starting point of a traffic treatment configuration template. This table is similar to the diffServDataPathTable [DIFFSERV-MIB]. However, its has a semantic difference in that the diffServDataPathTable is associated with an instance (interface and interface direction) where the diffPolicyDPCTable is not instance- specific. Unlike most MIB modules, changes on the managed objects in this MIB module do not cause a change in the device. This MIB module is used to set up per-hop-behavior configurations. As soon as configurations are made active via the POLICY-MANAGEMENT-MIB, the configurations defined within this MIB module will be instantiated on the instance specific MIB, the DIFF-SERV-MIB. The table in the MIB module is: - The diffPolicyDPCTable provides managed objects for registering traffic treatment configurations used in differentiated services. The sole purpose of this table is to provide the starting point for a traffic treatment configuration template. The traffic treatment is performed by datapath elements [DIFFSERVMIB] 6. Template cloning The concept of the DIFF-POLICY-MIB is based on having traffic treatment configuration templates. The templates provide a set of configuration values that provide a certain behavior, such as EF traffic treatment in the datapath. The template can be considered as SNMPCONF WG Expires September 2001 [Page 6] Internet Draft DiffServ Policy MIB March 2001 a linked list from a starting point and each element is connected to the next element via a, so-called, The moment a template is activated on an interface and its interface direction (instantiated), the template needs to be copied/cloned, so that the template remains as a template. If the template does not stay as a template after an instantiation, the management station has to setup a new equivalent template, and the object amplification of configuration with SNMP is gone. A literal copy/clone of the template would not be possible, since the same indexes inside the element tables cannot be used again. The instantiation process must therefore generate a new index for each element. As a result of this, the 'NEXT' pointers also need to be updated. Otherwise, those will point to the template. What should a system containing DiffServ capabilities and DiffServ Policy capabilities do conceptually at the moment a template is activated on an interface? The following order or approach is not a pre-defined implementation, but a conceptual explanation of what should be done. 1) Get index of the template to be activated 2) Get RowPointer (current) from diffPolicyDPCConfiguration.index of diffPolicyDPCTable 3) Check if RowPointer (current) exists 4) Copy/Clone the entry pointed to by RowPointer a) Get a new index for the entry b) Configure the new entry with the values of the entry to be cloned c) Update the NEXT pointer with a new RowPointer that pointed to the previous entry that was copied part of this template 5) Store RowPointer of cloned entry as previous 6) Get the RowPointer of the next element in in the template as current 7) If current RowPointer does not equal zeroDotZero goto 4 6.1. Example This section provides an example for the concept provided in the previous section (7). This example will show a Diffserv-capable incoming (ingress) interface that only counts the amount of the SNMPCONF WG Expires September 2001 [Page 7] Internet Draft DiffServ Policy MIB March 2001 traffic stream. Then, with the policy-based configuration concept as defined in this document and in [POLICYMIB], a traffic marking configuration will be applied. The example will walk the reader through all of the steps involved in this process. 1) The initial situation The initial configuration is the existing configuration of an ingress interface. +------------------------------------+ | ingress datapath | | +----------------------------+ | | | | | --->|-->| action: count |-->|-----> | | | | routing | +----------------------------+ | core +------------------------------------+ This figure depicts a simple traffic treatment datapath for an ingress interface. The datapath only consists of a count action. Within the DIFFSERV-MIB this would be instantiated as follows in the appropriate tables. Note that RowPointer objects must point to the first accessible columnar object in the conceptual row. Thus, while perhaps more instructive to use the index value for the RowPointer object's value (e.g., diffServCountActId.1) in the example, it would nonetheless be incorrect, and the first accessible columnar object has been used as should be done (e.g., diffServCountActOctets.1). diffServDataPathTable +--------------------+-----------------------------+ | index | diffServDataPathStart | +--------------------+-----------------------------+ | ifIndex.ingress | diffServActionNext.1 | +--------------------+-----------------------------+ SNMPCONF WG Expires September 2001 [Page 8] Internet Draft DiffServ Policy MIB March 2001 diffServActionTable +----------+------------+-------------------------+--------------------+ | diffServ | diffServ | | | | ActionId | ActionNext |diffServActionSpecific | diffServActionType | +----------+------------+-------------------------+--------------------+ | 1 | 0.0 |diffServCountActOctets.1 | specific | +----------+------------+-------------------------+--------------------+ diffServCountActTable +-------------------+---------------------+-----------------------+ | diffServCountIdId | diffServCountOctets | ...... | +-------------------+---------------------+-----------------------+ | 1 | 123456789 | ...... | +-------------------+---------------------+-----------------------+ 2) The policy configuration template The following provides a defined policy configuration in which traffic is classified by a specific IP filter. That results in two classifers (1 for the IP filter and the match all). Both streams are then metered, marked and counted. An example of usage could be an incoming interface at the edge of an ISP that provides EF traffic treatment to a specific customer and others just AF traffic treatment. +------------------------------------------------------------+ | ingress datapath | | +------------+ +-------+ +---------+ +---------+ | | | | | | | action: | | action: | | -->|-->| classifier |-->| meter |-->| mark EF |-->| count |-->|-----> | | match | | | | | | | | | +------------+ +-------+ +---------+ +---------+ | | | \ | | | \ +---------+ | | | \ | action: | |routing | | * -->| dropper | |core | | / | | | | | / +---------+ | | V / | | +------------+ +-------+ +---------+ +---------+ | | | | | | | action: | | action: | | | | classifier |-->| meter |-->| mark AF |-->| count |-->|-----> | | match all | | | | | | | | | +------------+ +-------+ +---------+ +---------+ | +------------------------------------------------------------+ SNMPCONF WG Expires September 2001 [Page 9] Internet Draft DiffServ Policy MIB March 2001 This figure depicts a policy configuration for ingress traffic treatment in a diffserv capable device. The configuration is represented as follows in DIFFPOLICY-MIB module and the DIFFSERV-MIB module. NOTE: the original (existing) traffic treatment of 1) is also in the tables. diffPolicyDPCTable (in the MIB module in this memo) +-------+---------------------------------+--------------------------+ | index | diffPolicyDPCConfiguration | diffPolicyDPCDescription | +-------+---------------------------------+--------------------------+ | 1 | diffServClfrElementPrecedence.1 | EF traffic treatment | +-------+---------------------------------+--------------------------+ diffServClfrTable +--------------------+ | diffServClfrId | +--------------------+ | 1 | +--------------------+ diffServClfrElementTable +----------------+------------------------+--------------------------+ |diffServ |diffServ | diffServ | | ClfrElementId | ClfrElementClfrId | ClfrElementNext | +----------------+------------------------+--------------------------+ | 1 | 1 (diffServClfrId = 1) |diffServMeterSucceedNext.1| | 2 | 1 (diffServClfrId = 1) |diffServMeterSucceedNext.2| +----------------+------------------------+--------------------------+ diffServMeterTable +-----------+--------------------------+----------------------+------+ | diffServ | | | .... | | MeterId | diffServMeterSucceedNext |diffServMeterFailNext | .... | +-----------+--------------------------+----------------------+------+ | 1 | diffServActionNext.2 | diffServActionNext.4 | | | 2 | diffServActionNext.3 | diffServActionNext.4 | | +-----------+--------------------------+----------------------+------+ SNMPCONF WG Expires September 2001 [Page 10] Internet Draft DiffServ Policy MIB March 2001 diffServActionTable +---------+--------------------+--------------------------+--------------+ | diffServ|diffServ | diffServ | diffServ | | ActionId|ActionNext | ActionSpecific | ActionType | +---------+--------------------+--------------------------+--------------+ | 1 |0.0 |diffServCountActOctets.1 | specific | | 2 |diffServActionNext.4|diffServDscpMarkActDscp.AF| specific | | 3 |diffServActionNext.4|diffServDscpMarkActDscp.EF| specific | | 4 |0.0 |0.0 | absoluteDrop | | 5 |0.0 |diffServCountActOctets.2 | specific | | 6 |0.0 |diffServCountActOctets.3 | specific | +---------+--------------------+--------------------------+--------------+ diffServCountActTable +--------------------+-----------------------+ | diffServCountActId | ...... | +--------------------+-----------------------+ | 1 | ...... | | 2 | ...... | | 3 | ...... | +--------------------+-----------------------+ diffServDscpMarkActTable +-------------------------+ | diffServDscpMarkActDscp | +-------------------------+ | DSCP(AF) | +-------------------------+ | DSCP(EF) | +-------------------------+ 3) Applying the template Now we have the original ingress interface configuration and the policy configuration we want to apply to the actual interface. The example policy must provide to all interfaces used by system administrators the required diffserv traffic treatment. The traffic treatment required is described in 2). Therefore, we have the following example policy which is configured via the POLICY-BASED-MANAGEMENT-MIB module (see [POLICYMIB]): SNMPCONF WG Expires September 2001 [Page 11] Internet Draft DiffServ Policy MIB March 2001 IF roleMatch("Administrator") THEN setvar("diffServDataPathStart" + $1 + ".2", "diffServActionNext.1", Oid) For our purposes, we only apply this on the outbound direction (hence the 2 in the setvar) on the interface. For more information on policies and their syntax refer to [POLICYMIB]. The following tables of this section provide the cloned entries in the tables of the DIFFSERV-MIB module. NOTE: the original (existing) traffic treatment of 1) and 2) are also in the tables. diffPolicyDPCTable +-------+------------------------------------+--------------------------+ | index | diffPolicyDPCConfiguration | diffPolicyDPCDescription | +-------+------------------------------------+--------------------------+ | 1 | diffServClfrElementPrecedence.1 | EF traffic treatment | +-------+------------------------------------+--------------------------+ diffServDataPathTable +--------------------+-----------------------------+ | index | diffServDataPathStart | +--------------------+-----------------------------+ | ifIndex.ingress | diffServActionNext.2 | +--------------------+-----------------------------+ diffServClfrTable +--------------------+ | diffServClfrId | +--------------------+ | 1 | | 2 | +--------------------+ SNMPCONF WG Expires September 2001 [Page 12] Internet Draft DiffServ Policy MIB March 2001 diffServClfrElementTable +----------------+-----------------------+----------------------------+ | diffServ | diffServ | diffServ | | ClfrElementId | ClfrElementClfrId | ClfrElementNext | +----------------+-----------------------+----------------------------+ | 1 | 1 (diffServClfrId = 1)| diffServMeterSucceedNext.1 | | 2 | 1 (diffServClfrId = 1)| diffServMeterSucceedNext.2 | | 3 | 2 (diffServClfrId = 2)| diffServMeterSucceedNext.3 | | 4 | 2 (diffServClfrId = 2)| diffServMeterSucceedNext.4 | +----------------+-----------------------+----------------------------+ diffServMeterTable +-------------+-----------------------+-----------------------+------+ | diffServ | diffServ | diffServ | .... | | MeterId | MeterSucceedNext | MeterFailNext | | +-------------+-----------------------+-----------------------+------+ | 1 | diffServActionNext.2 | diffServActionNext.4 | | | 2 | diffServActionNext.3 | diffServActionNext.4 | | | 3 | diffServActionNext.7 | diffServActionNext.9 | | | 4 | diffServActionNext.8 | diffServActionNext.9 | | +-------------+-----------------------+-----------------------+------+ diffServActionTable +---------+--------------------+--------------------------+-------------+ | diffServ|diffServ |diffServ | diffServ | | ActionId|ActionNext |ActionSpecific | ActionType | +---------+--------------------+--------------------------+-------------+ | 1 |0.0 |diffServCountActOctets.1 | specific | | 2 |diffServActionNext.4|diffServDscpMarkActDscp.AF| specific | | 3 |diffServActionNext.4|diffServDscpMarkActDscp.EF| specific | | 4 |0.0 |0.0 | absoluteDrop| | 5 |0.0 |diffServCountActOctets.2 | specific | | 6 |0.0 |diffServCountActOctets.3 | specific | | 7 |diffServActionNext.9|diffServDscpMarkActDscp.AF| specific | | 8 |diffServActionNext.9|diffServDscpMarkActDscp.EF| specific | | 9 |0.0 |0.0 | absoluteDrop| | 10 |0.0 |diffServCountActOctets.4 | specific | | 11 |0.0 |diffServCountActOctets.5 | specific | +---------+--------------------+---------------------+------------------+ SNMPCONF WG Expires September 2001 [Page 13] Internet Draft DiffServ Policy MIB March 2001 diffServCountActTable +--------------------+-----------------------+ | diffServCountActId | ...... | +--------------------+-----------------------+ | 1 | ...... | | 2 | ...... | | 3 | ...... | | 4 | ...... | | 5 | ...... | +--------------------+-----------------------+ diffServDscpMarkActTable +-------------------------+ | diffServDscpMarkActDscp | +-------------------------+ | DSCP(AF) | +-------------------------+ | DSCP(EF) | +-------------------------+ As one can see in the example, the main elements from which a datapath are constructed are duplicated/copied/cloned. That process is needed in order to preserve the policy configuration for reuse at a later time. It is up to the SNMP agent to keep track of which network interfaces are under policy control and which policy rules. This avoids duplication of policy enforcement. How the agent does this is an implementation issue. One can see that the old datapath configurations stay in the MIB module tables. It is up to the SNMP agent implementation to decide whether to delete stale entries or keep them. Garbage collection of stale entries is an implementation issue. 7. Managed objects definitions (MIB module) DIFFSERV-POLICY-MIB DEFINITIONS ::= BEGIN -- This version of the MIB is aligned with the DiffServ WG's MIB -- found in draft-ietf-diffserv-mib-06.txt. This MIB module will SNMPCONF WG Expires September 2001 [Page 14] Internet Draft DiffServ Policy MIB March 2001 -- remain aligned with that work as updates are made. -- Note that much of the content of the MIBs in previous versions -- of this document have been removed since they were used for -- creating "templates" that were not bound to interface -- instances. That functionality now exists in the DIFF-SERV-MIB -- itself. IMPORTS Integer32, OBJECT-TYPE, MODULE-IDENTITY, zeroDotZero, mib-2 FROM SNMPv2-SMI RowStatus, RowPointer, TestAndIncr, DateAndTime FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; diffPolicyMib MODULE-IDENTITY LAST-UPDATED "200011130500Z" -- November 12, 2000, 20:00 San Francisco ORGANIZATION "SNMPCONF WG" CONTACT-INFO "SNMPCONF Working Group http://www.ietf.org/html.charters/snmpconf-charter.html Editors: Harrie Hazewinkel Postal: Covalent Technologies 706 Mission Street (2nd floor) San Francisco, CA - 94133 United States Tel: +1 415 536 5221 E-mail: harrie@covalent.net David Partain Postal: Ericsson Radio Systems P.O. Box 1248 SE-581 12 Linkoping Sweden Tel: +46 13 28 41 44 E-mail: David.Partain@ericsson.com" SNMPCONF WG Expires September 2001 [Page 15] Internet Draft DiffServ Policy MIB March 2001 DESCRIPTION "This MIB module contains differentiated services specific managed objects to perform policy-based configuration management. This MIB allows policies to use 'templates' to be used to instantiate diffserv datapath configurations to be assigned (associated with an interface and direction) when a policy is created and activated." ::= { mib-2 22222222 } -- Needs to be assigned by IANA diffPolicyMIBObjects OBJECT IDENTIFIER ::= { diffPolicyMib 1 } diffPolicyMIBConformance OBJECT IDENTIFIER ::= { diffPolicyMib 2 } -- -- The DiffServ Policy Configuration objects -- diffPolicyDPCUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicyDPCUnique object yields a unique new value for diffPolicyDPCId when read and subsequently set. This value must be tested for uniqueness." ::= { diffPolicyMIBObjects 1 } diffPolicyDPCTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicyDPCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which defines the various per-hop-behaviors for which the system has default 'templates'." ::= { diffPolicyMIBObjects 2 } diffPolicyDPCEntry OBJECT-TYPE SYNTAX DiffPolicyDPCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry defining a per-hop-behavior. Each entry in this table combines the various parameters (entries) into a specific per-hop-behavior. Entries in this table might be defined by a vendor (pre-configured) SNMPCONF WG Expires September 2001 [Page 16] Internet Draft DiffServ Policy MIB March 2001 or defined by a management application." INDEX { diffPolicyDPCId } ::= { diffPolicyDPCTable 1 } DiffPolicyDPCEntry ::= SEQUENCE { diffPolicyDPCId Integer32, diffPolicyDPCDescr SnmpAdminString, diffPolicyDPCOwner SnmpAdminString, diffPolicyDPCLastChange DateAndTime, diffPolicyDPCConfiguration RowPointer, diffPolicyDPCStatus RowStatus } diffPolicyDPCId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique id for the per-hop-behavior policy." ::= { diffPolicyDPCEntry 1 } diffPolicyDPCDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A human-readable description to identify this defined per-hop-behavior. Note that this is an SnmpAdminString, which permits UTF-8 strings." ::= { diffPolicyDPCEntry 2 } diffPolicyDPCOwner OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The owner who created this entry." ::= { diffPolicyDPCEntry 3 } diffPolicyDPCLastChange OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time when this entry was last changed." SNMPCONF WG Expires September 2001 [Page 17] Internet Draft DiffServ Policy MIB March 2001 ::= { diffPolicyDPCEntry 4 } diffPolicyDPCConfiguration OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The pointer to a datapath configuration template as set up in the DIFFSERV-MIB. This RowPointer should point to an instance of one of: diffServClfrElementEntry diffServClfrEntry diffServMeterEntry diffServActionEntry diffServAlgDropEntry diffServQEntry A value of zeroDotZero in this attribute indicates no further Diffserv treatment is performed on traffic of this datapath. If the row pointed to does not exist, the treatment is as if this attribute contains a value of zero- DotZero." DEFVAL { zeroDotZero } ::= { diffPolicyDPCEntry 5 } diffPolicyDPCStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus object used for creation and deletion of rows in this table." ::= { diffPolicyDPCEntry 11 } -- -- MIB Compliance statements. -- diffPolicyMIBCompliances OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 1 } diffPolicyMIBGroups OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 2 } diffPolicyMIBFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION SNMPCONF WG Expires September 2001 [Page 18] Internet Draft DiffServ Policy MIB March 2001 "The full compliance for this MIB module." MODULE -- This module MANDATORY-GROUPS { diffPolicyMIBDPCGroup } ::= { diffPolicyMIBCompliances 1 } diffPolicyMIBDPCGroup OBJECT-GROUP OBJECTS { diffPolicyDPCUnique, diffPolicyDPCDescr, diffPolicyDPCOwner, diffPolicyDPCLastChange, diffPolicyDPCConfiguration, diffPolicyDPCStatus } STATUS current DESCRIPTION "The per-hop-behavior Group defines the MIB Objects that describe the configuration template for the per-hop-behavior." ::= { diffPolicyMIBGroups 1 } END SNMPCONF WG Expires September 2001 [Page 19] Internet Draft DiffServ Policy MIB March 2001 8. Security Considerations Security information here 9. Editors' Addresses Harrie Hazewinkel Covalent Technologies 706 Mission Street (2nd floor) San Francisco, CA 94133 United States Phone: +1 415 536 5221 EMail: harrie@covalent.net David Partain Ericsson Radio Systems Research and Innovation P.O. Box 1248 SE-581 12 Linkoping Sweden Phone: +46 13 28 41 44 EMail: David.Partain@ericsson.com 10. Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. SNMPCONF WG Expires September 2001 [Page 20] Internet Draft DiffServ Policy MIB March 2001 The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 11. References Others to be added as time goes by! [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999 [2] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, STD 16, Performance Systems International, Hughes LAN Systems, May 1990 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, STD 16, Performance Systems International, Hughes LAN Systems, March 1991 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991 [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580, SNMPCONF WG Expires September 2001 [Page 21] Internet Draft DiffServ Policy MIB March 2001 STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, STD 15, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, IBM T. J. Watson Research, April 1999 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, April 1999 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc., Cisco Systems, Inc., April 1999 [16] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", SNMPCONF WG Expires September 2001 [Page 22] Internet Draft DiffServ Policy MIB March 2001 RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates, Inc., Ericsson, Cisco Systems, April 1999 [PBCM] J. Saperia, "Policy-based Configuration Management", Work in Progress, June 2000. [DIFFSERVMIB] Baker, F., K. Chan, and A. Smith, Management Information Base for the Differentiated Services Architecture, Work in Progress, May 2000. [POLICYMIB] Waldbusser, S., J. Saperia, T. Hongal, Policy Based Management MIB, Work in Progress, May 2000. [SNMPBCP] MacFaden M., J. Saperia, CONFIGURING NETWORKS AND DEVICES WITH SNMP, Work in Progress, May 2000. [COPS-PR] Chan, K.H.., D. Durham, S. Gai, S. Herzog, K. McCloghrie, F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, COPS Usage for Policy Provisioning, Work in Progress, March 2000. [IPSEC] To be added [BGP MIB] to be added if necessary. SNMPCONF WG Expires September 2001 [Page 23] Internet Draft DiffServ Policy MIB March 2001 Table of Contents 1 Abstract ........................................................ 1 2 The SNMP Management Framework ................................... 2 3 Introduction .................................................... 3 4 Definitions ..................................................... 4 5 Relationship to other MIBs ...................................... 4 5.1 The Policy-based Management MIB module ........................ 4 5.2 The DiffServ MIB module ....................................... 4 5.3 The DiffServ Policy MIB module design ......................... 5 6 Template cloning ................................................ 6 6.1 Example ....................................................... 7 7 Managed objects definitions (MIB module) ........................ 14 8 Security Considerations ......................................... 20 9 Editors' Addresses .............................................. 20 10 Full Copyright Statement ....................................... 20 11 References ..................................................... 21 SNMPCONF WG Expires September 2001 [Page 24]