AAA Working Group J. Koehler Internet-Draft M. Eklund Category: Standards Track H. Li Cisco Systems, Inc. expires May 2002 February 2002 Diameter Base Protocol MIB Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at: http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at: http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract The Diameter base protocol is intended to provide a AAA framework for Mobile-IP [17, 18] , NASREQ [16] and ROAMOPS [21]. This draft defines the Management Information Base (MIB) module which describes the minimum amount of objects needed to manage the implementation of the Diameter base protocol. 1. Introduction Koehler et al. [Page 1] Internet-Draft Diameter Base Protocol MIB February 2002 This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects used for managing Diameter base protocol. The Diameter base protocol provides the minimum requirements needed for an AAA transport protocol, as required by NASREQ [16], Mobile IP [17, 18], and ROAMOPS [21]. Over time, routers and network access servers (NAS) have increased in complexity and density, making the historically used RADIUS protocol increasingly unsuitable. The basic concept behind Diameter is to provide a base protocol that can be extended in order to provide AAA services to new access technologies. Currently, the protocol only concerns itself with Internet access, both in the traditional PPP sense as well as taking into account the ROAMOPS model, and Mobile-IP. 2. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [1]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 15, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in STD 58, RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13]. o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15]. Koehler et al. [Page 2] Internet-Draft Diameter Base Protocol MIB February 2002 A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [22]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3. Overview The base Diameter protocol is never used on its own. It is always extended for a particular application. Three Diameter applications are defined by companion documents: NASREQ [16], Mobile IP [17, 18], End-to-End Security [19]. This MIB supports objects which are defined in the base Diameter protocol as described in [20]. Objects related to the additional applications mentioned above will be implemented in separate MIBS as well as any additional applications added in the future. 4. Definitions DIAMETER-BASE-PROTOCOL-MIB DEFINITIONS ::= BEGIN IMPORTS InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32, Gauge32, TimeTicks, mib-2 FROM SNMPv2-SMI SnmpAdminString FROM SNMP-FRAMEWORK-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; diameterMIB MODULE-IDENTITY LAST-UPDATED "200202260000Z" ORGANIZATION "IETF AAA Working Group." CONTACT-INFO " Jay Koehler Cisco Systems, Inc. Koehler et al. [Page 3] Internet-Draft Diameter Base Protocol MIB February 2002 10850 Murdock Road Knoxville, TN 37932 US Phone: +1 865 671 0429 EMail: jkoehler@cisco.com Mark Eklund Cisco Systems, Inc. 10850 Murdock Road Knoxville, TN 37932 US Phone: +1 865 671 6255 Email: meklund@cisco.com Hai Li Cisco Systems, Inc. 10850 Murdock Road Knoxville, TN 37932 US Phone: +1 865 671 0429 EMail: haili@cisco.com " DESCRIPTION "The MIB module is based on the Diameter base protocol, draft-ietf-aaa-diameter-08.txt." ::= { mib-2 119 } -- experimental number assigned by IANA -- Top-Level Components of this MIB. diameterBaseProtocolMIB OBJECT IDENTIFIER ::= { diameterMIB 1 } diameterBaseNotifs OBJECT IDENTIFIER ::= { diameterBaseProtocolMIB 0 } diameterBaseObjects OBJECT IDENTIFIER ::= { diameterBaseProtocolMIB 1 } diameterBaseConform OBJECT IDENTIFIER ::= { diameterBaseProtocolMIB 2 } dbpHostCfgs OBJECT IDENTIFIER ::= { diameterBaseObjects 1 } dbpHostStats OBJECT IDENTIFIER ::= { diameterBaseObjects 2 } dbpPeerCfgs OBJECT IDENTIFIER ::= { diameterBaseObjects 3 } dbpPeerStats OBJECT IDENTIFIER ::= { diameterBaseObjects 4 } dbpRealmCfgs OBJECT IDENTIFIER ::= { diameterBaseObjects 5 } dbpRealmStats OBJECT IDENTIFIER ::= { diameterBaseObjects 6 } dbpServerID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current Koehler et al. [Page 4] Internet-Draft Diameter Base Protocol MIB February 2002 DESCRIPTION "The implementation identification string for the Diameter authentication server software in use on the system, for example; `diameterd'" ::= { dbpHostCfgs 1 } dbpHostAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of internet address stored in diameterHostAddress." ::= { dbpHostCfgs 2 } dbpHostAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP-Address that corresponds to the Origin-Host AVP." ::= { dbpHostCfgs 3 } dbpTcpListenPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Diameter Tcp listen port." ::= { dbpHostCfgs 4 } dbpSctpListenPort OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Diameter Sctp listen port." ::= { dbpHostCfgs 5 } dbpServerStatsTotalPacketsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets in." ::= { dbpHostStats 1 } Koehler et al. [Page 5] Internet-Draft Diameter Base Protocol MIB February 2002 dbpServerStatsTotalPacketsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets out." ::= { dbpHostStats 2 } dbpServerStatsTotalUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The total server up time." ::= { dbpHostStats 3 } dbpServerResetTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "If the server has a persistent state (e.g., a process) and supports a `reset' operation (e.g., can be told to re-read configuration files), this value will be the time elapsed (in hundredths of a second) since the server was `reset.' For software that does not have persistence or does not support a `reset' operation, this value will be zero." ::= { dbpHostStats 4 } dbpServerConfigReset OBJECT-TYPE SYNTAX INTEGER { other(1), reset(2), initializing(3), running(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Status/action object to reinitialize any persistent server state. When set to reset(2), any persistent server state (such as a process) is reinitialized as if the server had just been started. This value will never be returned by a read operation. When read, one of the following values will be returned: other(1) - server in some unknown state; initializing(3) - server (re)initializing; running(4) - server currently running." ::= { dbpHostStats 5 } Koehler et al. [Page 6] Internet-Draft Diameter Base Protocol MIB February 2002 dbpApplicationsTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpApplicationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter supported applications." ::= { dbpHostCfgs 6 } dbpApplicationsEntry OBJECT-TYPE SYNTAX DbpApplicationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter server." INDEX { dbpApplicationsIndex } ::= { dbpApplicationsTable 1 } DbpApplicationsEntry ::= SEQUENCE { dbpApplicationsIndex Unsigned32 } dbpApplicationsIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "A number uniquely identifying the Diameter server supported applications." ::= { dbpApplicationsEntry 1 } dbpPeerServerTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpPeerServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter discovered and configured peer servers information." ::= { dbpPeerCfgs 1 } dbpPeerServerEntry OBJECT-TYPE SYNTAX DbpPeerServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter discovered and configured peer server." INDEX { dbpPeerServerIndex } ::= { dbpPeerServerTable 1 } Koehler et al. [Page 7] Internet-Draft Diameter Base Protocol MIB February 2002 DbpPeerServerEntry ::= SEQUENCE { dbpPeerServerIndex Unsigned32, dbpPeerServerId SnmpAdminString, dbpPeerServerPortConnect Unsigned32, dbpPeerServerPortListen Unsigned32, dbpPeerServerProtocol INTEGER, dbpPeerServerSecurity INTEGER, dbpPeerServerVendorId Unsigned32, dbpPeerServerFirmwareRevision Unsigned32 } dbpPeerServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying each Diameter peer with which the host server communicates." ::= { dbpPeerServerEntry 1 } dbpPeerServerId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The server identifier for the Diameter peer." ::= { dbpPeerServerEntry 2 } dbpPeerServerPortConnect OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The connection port the server used to connect to the Diameter peer. If there is no active connection, this value will be zero(0)." ::= { dbpPeerServerEntry 5 } dbpPeerServerPortListen OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The port the server is listening on." ::= { dbpPeerServerEntry 6 } dbpPeerServerProtocol OBJECT-TYPE SYNTAX INTEGER { tcp(1), Koehler et al. [Page 8] Internet-Draft Diameter Base Protocol MIB February 2002 sctp(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The transport protocol (tcp/sctp) the Diameter peer is using." ::= { dbpPeerServerEntry 7 } dbpPeerServerSecurity OBJECT-TYPE SYNTAX INTEGER { tls(1), ipsec(2), other(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The security the Diameter peer is using. tls - Transport Layer Security Protocol ipsec - Internet Protocol Security" ::= { dbpPeerServerEntry 8 } dbpPeerServerVendorId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The IANA Enterprise Code value assigned to the vendor of the Diameter device." ::= { dbpPeerServerEntry 9 } dbpPeerServerFirmwareRevision OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Firmware revision of peer. If no firmware revision, the revision of the Diameter software module may be reported instead." ::= { dbpPeerServerEntry 10 } dbpPeerIpAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpPeerIpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter peer IP Addresses." ::= { dbpPeerCfgs 2 } Koehler et al. [Page 9] Internet-Draft Diameter Base Protocol MIB February 2002 dbpPeerIpAddrEntry OBJECT-TYPE SYNTAX DbpPeerIpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a peer Diameter server." INDEX { dbpPeerServerIndex, dbpIpAddressIndex } ::= { dbpPeerIpAddrTable 1 } DbpPeerIpAddrEntry ::= SEQUENCE { dbpIpAddressIndex Unsigned32, dbpIpAddressType InetAddressType, dbpIpAddress InetAddress } dbpIpAddressIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying the number of IP Addresses supported by all peer Diameter Servers." ::= { dbpPeerIpAddrEntry 1 } dbpIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address stored in diameterIpAddress." ::= {dbpPeerIpAddrEntry 2} dbpIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The active IP Address(es) used for connections." ::= {dbpPeerIpAddrEntry 3} dbpAdvToPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpAdvToPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the advertised Koehler et al. [Page 10] Internet-Draft Diameter Base Protocol MIB February 2002 applications from host to peer and the type of services supported, accounting, authentication or both." ::= { dbpHostCfgs 7 } dbpAdvToPeerEntry OBJECT-TYPE SYNTAX DbpAdvToPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter discovered and configured peer server." INDEX { dbpPeerServerIndex, dbpAdvToPeerVendorId, dbpAdvToPeerIndex } ::= { dbpAdvToPeerTable 1 } DbpAdvToPeerEntry ::= SEQUENCE { dbpAdvToPeerVendorId Unsigned32, dbpAdvToPeerIndex Unsigned32, dbpAdvToPeerServices INTEGER } dbpAdvToPeerVendorId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IANA Enterprise Code value assigned to the vendor of the Diameter device." ::= { dbpAdvToPeerEntry 1 } dbpAdvToPeerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying the applications advertised to be supported to each Diameter peer." ::= { dbpAdvToPeerEntry 2 } dbpAdvToPeerServices OBJECT-TYPE SYNTAX INTEGER { acct(1), auth(2), both(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of services supported for each application, Koehler et al. [Page 11] Internet-Draft Diameter Base Protocol MIB February 2002 accounting, authentication or both." ::= { dbpAdvToPeerEntry 3 } dbpAdvFromPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpAdvFromPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the advertised applications to peer from host and the type of services supported, accounting, authentication or both." ::= { dbpPeerCfgs 3 } dbpAdvFromPeerEntry OBJECT-TYPE SYNTAX DbpAdvFromPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter discovered and configured peer server." INDEX { dbpPeerServerIndex, dbpAdvFromPeerVendorId, dbpAdvFromPeerIndex } ::= { dbpAdvFromPeerTable 1 } DbpAdvFromPeerEntry ::= SEQUENCE { dbpAdvFromPeerVendorId Unsigned32, dbpAdvFromPeerIndex Unsigned32, dbpAdvFromPeerTypes INTEGER } dbpAdvFromPeerVendorId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IANA Enterprise Code value assigned to the vendor of the Diameter device." ::= { dbpAdvFromPeerEntry 1 } dbpAdvFromPeerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying the applications advertised to be supported from each Diameter peer." ::= { dbpAdvFromPeerEntry 2 } Koehler et al. [Page 12] Internet-Draft Diameter Base Protocol MIB February 2002 dbpAdvFromPeerTypes OBJECT-TYPE SYNTAX INTEGER { acct(1), auth(2), both(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of services supported for each application, accounting, authentication or both." ::= { dbpAdvFromPeerEntry 3 } dbpPerPeerStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpPerPeerStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter peer statistics." ::= { dbpPeerStats 1 } dbpPerPeerStatsEntry OBJECT-TYPE SYNTAX DbpPerPeerStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter peer." INDEX { dbpPeerServerIndex } ::= { dbpPerPeerStatsTable 1 } DbpPerPeerStatsEntry ::= SEQUENCE { dbpPerPeerStatsState INTEGER, dbpPerPeerStatsStateDuration TimeTicks, dbpPerPeerStatsLastDiscCause INTEGER, dbpPerPeerStatsWhoInitDisconnect INTEGER, dbpPerPeerStatsDWCurrentStatus INTEGER, dbpPerPeerStatsTimeoutConnAtmpts Counter32, dbpPerPeerStatsASRsIn Counter32, dbpPerPeerStatsASRsOut Counter32, dbpPerPeerStatsASAsIn Counter32, dbpPerPeerStatsASAsOut Counter32, dbpPerPeerStatsACRsIn Counter32, dbpPerPeerStatsACRsOut Counter32, dbpPerPeerStatsACAsIn Counter32, dbpPerPeerStatsACAsOut Counter32, dbpPerPeerStatsCERsIn Counter32, dbpPerPeerStatsCERsOut Counter32, dbpPerPeerStatsCEAsIn Counter32, dbpPerPeerStatsCEAsOut Counter32, dbpPerPeerStatsDWRsIn Counter32, Koehler et al. [Page 13] Internet-Draft Diameter Base Protocol MIB February 2002 dbpPerPeerStatsDWRsOut Counter32, dbpPerPeerStatsDWAsIn Counter32, dbpPerPeerStatsDWAsOut Counter32, dbpPerPeerStatsDPRsIn Counter32, dbpPerPeerStatsDPRsOut Counter32, dbpPerPeerStatsDPAsIn Counter32, dbpPerPeerStatsDPAsOut Counter32, dbpPerPeerStatsRARsIn Counter32, dbpPerPeerStatsRARsOut Counter32, dbpPerPeerStatsRAAsIn Counter32, dbpPerPeerStatsRAAsOut Counter32, dbpPerPeerStatsSTRsIn Counter32, dbpPerPeerStatsSTRsOut Counter32, dbpPerPeerStatsSTAsIn Counter32, dbpPerPeerStatsSTAsOut Counter32, dbpPerPeerStatsDWReqTimer TimeTicks, dbpPerPeerStatsRedirectEvents Counter32, dbpPerPeerStatsAccDupRequests Counter32, dbpPerPeerStatsMalformedReqsts Counter32, dbpPerPeerStatsAccsNotRecorded Counter32, dbpPerPeerStatsAccRetrans Counter32, dbpPerPeerStatsTotalRetrans Counter32, dbpPerPeerStatsAccPendReqstsOut Gauge32, dbpPerPeerStatsAccReqstsDropped Counter32, dbpPerPeerStatsHByHDropMessages Counter32, dbpPerPeerStatsEToEDupMessages Counter32, dbpPerPeerStatsUnknownTypes Counter32, dbpPerPeerStatsProtocolErrors Counter32, dbpPerPeerStatsTransientFailures Counter32, dbpPerPeerStatsPermanentFailures Counter32, dbpPerPeerStatsTransportDown Counter32 } dbpPerPeerStatsState OBJECT-TYPE SYNTAX INTEGER { closed(1), waitConnAck(2), waitICea(3), elect(4), waitReturns(5), rOpen(6), iOpen(7), closing(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "Connection state in the Peer State Machine of the peer that this Diameter server is communicating. closed - Connection closed with this peer. waitConnAck - Waiting for an acknowledgment Koehler et al. [Page 14] Internet-Draft Diameter Base Protocol MIB February 2002 from this peer. waitICea - Waiting for a Capabilities-Exchange- Answer from this peer. elect - When the peer and the server are both trying to bring up a connection with each other at the same time. An election process begins which determines which socket remains open. waitReturns - Waiting for election returns. r-open - Responder transport connection is used for communication. i-open - Initiator transport connection is used for communication. closing - Actively closing and doing cleanup." ::= { dbpPerPeerStatsEntry 1 } dbpPerPeerStatsStateDuration OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Peer state duration." ::= { dbpPerPeerStatsEntry 2 } dbpPerPeerStatsLastDiscCause OBJECT-TYPE SYNTAX INTEGER { rebooting(1), busy(2), doNotWantToTalk(3), election(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The last cause for a peers disconnection. rebooting - A scheduled reboot is imminent. busy - The peer's internal resources are constrained, and it has determined that the transport connection needs to be shutdown. doNotWantToTalk - The peer has determined that it does not see a need for the transport connection to exist, since it does not expect any messages to be exchanged in the foreseeable future. electionLost - The peer has determined that it has lost the election process and has therefore disconnected the transport connection." Koehler et al. [Page 15] Internet-Draft Diameter Base Protocol MIB February 2002 ::= { dbpPerPeerStatsEntry 3 } dbpPerPeerStatsWhoInitDisconnect OBJECT-TYPE SYNTAX INTEGER { host(1), peer(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Did the host or peer initiate the disconnect. host - If this server initiated the disconnect. peer - If the peer with which this server was connected initiated the disconnect." ::= { dbpPerPeerStatsEntry 4 } dbpPerPeerStatsDWCurrentStatus OBJECT-TYPE SYNTAX INTEGER { okay(1), suspect(2), down(3), reopen(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "okay - Indicates the connection is presumed working. suspect - Indicates the connection is possibly congested or down. down - The peer is no longer reachable, causing the transport connection to be shutdown. reopen - Three watchdog messages are exchanged with accepted round trip times, and the connection to the peer is considered stabilized." ::= { dbpPerPeerStatsEntry 5 } dbpPerPeerStatsTimeoutConnAtmpts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "If there is no transport connection with a peer, this is the number of times the server attempts to connect to that peer. This is reset on disconnection." ::= { dbpPerPeerStatsEntry 6 } dbpPerPeerStatsASRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Koehler et al. [Page 16] Internet-Draft Diameter Base Protocol MIB February 2002 "Abort-Session-Request's in per peer." ::= { dbpPerPeerStatsEntry 7 } dbpPerPeerStatsASRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Request's out per peer." ::= { dbpPerPeerStatsEntry 8 } dbpPerPeerStatsASAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Answer in per peer." ::= { dbpPerPeerStatsEntry 9 } dbpPerPeerStatsASAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Answer out per peer." ::= { dbpPerPeerStatsEntry 10 } dbpPerPeerStatsACRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Request in per peer." ::= { dbpPerPeerStatsEntry 11 } dbpPerPeerStatsACRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Request out per peer." ::= { dbpPerPeerStatsEntry 12 } dbpPerPeerStatsACAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Koehler et al. [Page 17] Internet-Draft Diameter Base Protocol MIB February 2002 "Accounting-Answer in per peer." ::= { dbpPerPeerStatsEntry 13 } dbpPerPeerStatsACAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Answer out per peer." ::= { dbpPerPeerStatsEntry 14 } dbpPerPeerStatsCERsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Capabilities-Exchange-Request in per peer." ::= { dbpPerPeerStatsEntry 15 } dbpPerPeerStatsCERsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Capabilities-Exchange-Request out per peer." ::= { dbpPerPeerStatsEntry 16 } dbpPerPeerStatsCEAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Capabilities-Exchange-Answer in per peer." ::= { dbpPerPeerStatsEntry 17 } dbpPerPeerStatsCEAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Capabilities-Exchange-Answer out per peer." ::= { dbpPerPeerStatsEntry 18 } dbpPerPeerStatsDWRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Koehler et al. [Page 18] Internet-Draft Diameter Base Protocol MIB February 2002 "Device-Watchdog-Request in per peer." ::= { dbpPerPeerStatsEntry 19 } dbpPerPeerStatsDWRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Device-Watchdog-Request out per peer." ::= { dbpPerPeerStatsEntry 20 } dbpPerPeerStatsDWAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Device-Watchdog-Answer in per peer." ::= { dbpPerPeerStatsEntry 21 } dbpPerPeerStatsDWAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Device-Watchdog-Answer out per peer." ::= { dbpPerPeerStatsEntry 22 } dbpPerPeerStatsDPRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Disconnect-Peer-Request messages received." ::= { dbpPerPeerStatsEntry 23 } dbpPerPeerStatsDPRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Disconnect-Peer-Request messages sent." ::= { dbpPerPeerStatsEntry 24 } dbpPerPeerStatsDPAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Koehler et al. [Page 19] Internet-Draft Diameter Base Protocol MIB February 2002 STATUS current DESCRIPTION "Number of Disconnect-Peer-Answer messages received." ::= { dbpPerPeerStatsEntry 25 } dbpPerPeerStatsDPAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Disconnect-Peer-Answer messages sent." ::= { dbpPerPeerStatsEntry 26 } dbpPerPeerStatsRARsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Re-Auth-Request messages received." ::= { dbpPerPeerStatsEntry 27 } dbpPerPeerStatsRARsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Re-Auth-Request messages sent." ::= { dbpPerPeerStatsEntry 28 } dbpPerPeerStatsRAAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Re-Auth-Answer messages received." ::= { dbpPerPeerStatsEntry 29 } dbpPerPeerStatsRAAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Re-Auth-Answer messages Koehler et al. [Page 20] Internet-Draft Diameter Base Protocol MIB February 2002 sent." ::= { dbpPerPeerStatsEntry 30 } dbpPerPeerStatsSTRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Request in per peer." ::= { dbpPerPeerStatsEntry 31 } dbpPerPeerStatsSTRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Request out per peer." ::= { dbpPerPeerStatsEntry 32 } dbpPerPeerStatsSTAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Answer in per peer." ::= { dbpPerPeerStatsEntry 33 } dbpPerPeerStatsSTAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Answer out per peer." ::= { dbpPerPeerStatsEntry 34 } dbpPerPeerStatsDWReqTimer OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Device-Watchdog Request Timer, which is the time between packets sent to peers." ::= { dbpPerPeerStatsEntry 35 } dbpPerPeerStatsRedirectEvents OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Koehler et al. [Page 21] Internet-Draft Diameter Base Protocol MIB February 2002 STATUS current DESCRIPTION "Redirect Event count, which is the number of redirects sent from a peer." ::= { dbpPerPeerStatsEntry 36 } dbpPerPeerStatsAccDupRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of duplicate Diameter Accounting-Request packets received." ::= { dbpPerPeerStatsEntry 37 } dbpPerPeerStatsMalformedReqsts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of malformed Diameter packets received." ::= { dbpPerPeerStatsEntry 38 } dbpPerPeerStatsAccsNotRecorded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter Accounting-Request packets which were received and responded to but not recorded." ::= { dbpPerPeerStatsEntry 39 } dbpPerPeerStatsAccRetrans OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter Accounting-Request packets retransmitted to this Diameter server." ::= { dbpPerPeerStatsEntry 40 } dbpPerPeerStatsTotalRetrans OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Koehler et al. [Page 22] Internet-Draft Diameter Base Protocol MIB February 2002 "The number of Diameter packets retransmitted to this Diameter server, not to include Diameter Accounting-Request packets retransmitted." ::= { dbpPerPeerStatsEntry 41 } dbpPerPeerStatsAccPendReqstsOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter Accounting-Request packets sent to this peer that have not yet timed out or received a response. This variable is incremented when an Accounting-Request is sent to this server and decremented due to receipt of an Accounting-Response, a timeout or a retransmission." ::= { dbpPerPeerStatsEntry 42 } dbpPerPeerStatsAccReqstsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Accounting-Requests to this server that have been dropped." ::= { dbpPerPeerStatsEntry 43 } dbpPerPeerStatsHByHDropMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "An answer message that is received with an unknown Hop-by-Hop Identifier. Does not include Accounting Requests dropped." ::= { dbpPerPeerStatsEntry 44 } dbpPerPeerStatsEToEDupMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Duplicate answer messages that are to be locally consumed. Does not include duplicate Accounting Requests received." ::= { dbpPerPeerStatsEntry 45 } dbpPerPeerStatsUnknownTypes OBJECT-TYPE Koehler et al. [Page 23] Internet-Draft Diameter Base Protocol MIB February 2002 SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter packets of unknowntype which were received." ::= { dbpPerPeerStatsEntry 46 } dbpPerPeerStatsProtocolErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of protocol errors returned to peer, but not including redirects." ::= { dbpPerPeerStatsEntry 47 } dbpPerPeerStatsTransientFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Transient Failure count." ::= { dbpPerPeerStatsEntry 48 } dbpPerPeerStatsPermanentFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of permanent failures returned to peer." ::= { dbpPerPeerStatsEntry 49 } dbpPerPeerStatsTransportDown OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of unexpected transport down's." ::= { dbpPerPeerStatsEntry 50 } dbpRealmMessageRouteTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpRealmMessageRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter Realm Based Message Route information." Koehler et al. [Page 24] Internet-Draft Diameter Base Protocol MIB February 2002 ::= { dbpRealmStats 1 } dbpRealmMessageRouteEntry OBJECT-TYPE SYNTAX DbpRealmMessageRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter Realm Based Message Route server." INDEX { dbpRealmMessageRouteIndex } ::= { dbpRealmMessageRouteTable 1 } DbpRealmMessageRouteEntry ::= SEQUENCE { dbpRealmMessageRouteIndex Unsigned32, dbpRealmMessageRouteRealm SnmpAdminString, dbpRealmMessageRouteApp Unsigned32, dbpRealmMessageRouteType INTEGER, dbpRealmMessageRouteAction INTEGER, dbpRealmMessageRouteACRsIn Counter32, dbpRealmMessageRouteACRsOut Counter32, dbpRealmMessageRouteACAsIn Counter32, dbpRealmMessageRouteACAsOut Counter32, dbpRealmMessageRouteRARsIn Counter32, dbpRealmMessageRouteRARsOut Counter32, dbpRealmMessageRouteRAAsIn Counter32, dbpRealmMessageRouteRAAsOut Counter32, dbpRealmMessageRouteSTRsIn Counter32, dbpRealmMessageRouteSTRsOut Counter32, dbpRealmMessageRouteSTAsIn Counter32, dbpRealmMessageRouteSTAsOut Counter32, dbpRealmMessageRouteASRsIn Counter32, dbpRealmMessageRouteASRsOut Counter32, dbpRealmMessageRouteASAsIn Counter32, dbpRealmMessageRouteASAsOut Counter32, dbpRealmMessageRouteAccRetrans Counter32, dbpRealmMessageRouteAccDupReqsts Counter32, dbpRealmMessageRoutePendReqstsOut Gauge32, dbpRealmMessageRouteReqstsDrop Counter32 } dbpRealmMessageRouteIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A number uniquely identifying each Realm." ::= { dbpRealmMessageRouteEntry 1 } dbpRealmMessageRouteRealm OBJECT-TYPE Koehler et al. [Page 25] Internet-Draft Diameter Base Protocol MIB February 2002 SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Realm name" ::= { dbpRealmMessageRouteEntry 2 } dbpRealmMessageRouteApp OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Application id used to route packets to this realm." ::= { dbpRealmMessageRouteEntry 3 } dbpRealmMessageRouteType OBJECT-TYPE SYNTAX INTEGER { acct(1), auth(2), both(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of services supported for each realm, application, accounting, authentication or both." ::= { dbpRealmMessageRouteEntry 4 } dbpRealmMessageRouteAction OBJECT-TYPE SYNTAX INTEGER { local(1), relay(2), proxy(3), redirect(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The action is used to identify how a message should be treated based on the realm, application and type. local - Diameter messages that resolve to a route entry with the Local Action set to Local can be satisfied locally, and do not need to be routed to another server. relay - All Diameter messages that fall within this category MUST be routed to a next hop server, without modifying any non-routing AVPs. proxy - All Diameter messages that fall within this category MUST be routed to a next hop server. Koehler et al. [Page 26] Internet-Draft Diameter Base Protocol MIB February 2002 redirect - Diameter messages that fall within this category MUST have the identity of the home Diameter server(s) appended, and returned to the sender of the message." ::= { dbpRealmMessageRouteEntry 5 } dbpRealmMessageRouteACRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Request's in per realm." ::= { dbpRealmMessageRouteEntry 6 } dbpRealmMessageRouteACRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Request's out per realm." ::= { dbpRealmMessageRouteEntry 7 } dbpRealmMessageRouteACAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Answer's in per realm." ::= { dbpRealmMessageRouteEntry 8 } dbpRealmMessageRouteACAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Accounting-Answer's out per realm." ::= { dbpRealmMessageRouteEntry 9 } dbpRealmMessageRouteRARsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Re-Auth-Request's in per realm." ::= { dbpRealmMessageRouteEntry 10 } dbpRealmMessageRouteRARsOut OBJECT-TYPE SYNTAX Counter32 Koehler et al. [Page 27] Internet-Draft Diameter Base Protocol MIB February 2002 MAX-ACCESS read-only STATUS current DESCRIPTION "Re-Auth-Request's out per realm." ::= { dbpRealmMessageRouteEntry 11 } dbpRealmMessageRouteRAAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Re-Auth-Answer's in per realm." ::= { dbpRealmMessageRouteEntry 12 } dbpRealmMessageRouteRAAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Re-Auth-Answer's out per realm." ::= { dbpRealmMessageRouteEntry 13 } dbpRealmMessageRouteSTRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Request's in per realm." ::= { dbpRealmMessageRouteEntry 14 } dbpRealmMessageRouteSTRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Request's out per realm." ::= { dbpRealmMessageRouteEntry 15 } dbpRealmMessageRouteSTAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Answer's in per realm." ::= { dbpRealmMessageRouteEntry 16 } dbpRealmMessageRouteSTAsOut OBJECT-TYPE SYNTAX Counter32 Koehler et al. [Page 28] Internet-Draft Diameter Base Protocol MIB February 2002 MAX-ACCESS read-only STATUS current DESCRIPTION "Session-Termination-Answer's out per realm." ::= { dbpRealmMessageRouteEntry 17 } dbpRealmMessageRouteASRsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Request's in per realm." ::= { dbpRealmMessageRouteEntry 18 } dbpRealmMessageRouteASRsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Request's out per realm." ::= { dbpRealmMessageRouteEntry 19 } dbpRealmMessageRouteASAsIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Answer's in per realm." ::= { dbpRealmMessageRouteEntry 20 } dbpRealmMessageRouteASAsOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Abort-Session-Answer's out per realm." ::= { dbpRealmMessageRouteEntry 21 } dbpRealmMessageRouteAccRetrans OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter accounting packets retransmitted to this realm." ::= { dbpRealmMessageRouteEntry 22 } dbpRealmMessageRouteAccDupReqsts OBJECT-TYPE Koehler et al. [Page 29] Internet-Draft Diameter Base Protocol MIB February 2002 SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of duplicate Diameter accounting packets sent to this realm." ::= { dbpRealmMessageRouteEntry 23 } dbpRealmMessageRoutePendReqstsOut OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of Diameter Accounting-Request packets sent to this peer that have not yet timed out or received a response. This variable is incremented when an Accounting-Request is sent to this server and decremented due to receipt of an Accounting-Response, a timeout or a retransmission." ::= { dbpRealmMessageRouteEntry 24 } dbpRealmMessageRouteReqstsDrop OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of requsts dropped by this realm." ::= { dbpRealmMessageRouteEntry 25 } dbpRealmKnownPeersTable OBJECT-TYPE SYNTAX SEQUENCE OF DbpRealmKnownPeersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table listing the Diameter Realms and known peers." ::= { dbpRealmCfgs 1 } dbpRealmKnownPeersEntry OBJECT-TYPE SYNTAX DbpRealmKnownPeersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row entry representing a Diameter Realm and known peers." INDEX { dbpRealmMessageRouteIndex, dbpRealmKnownPeersIndex } ::= { dbpRealmKnownPeersTable 1 } Koehler et al. [Page 30] Internet-Draft Diameter Base Protocol MIB February 2002 DbpRealmKnownPeersEntry ::= SEQUENCE { dbpRealmKnownPeersIndex Unsigned32, dbpRealmKnownPeers Unsigned32, dbpRealmKnownPeersChosen INTEGER } dbpRealmKnownPeersIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A sequential identifier number." ::= { dbpRealmKnownPeersEntry 1 } dbpRealmKnownPeers OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the peer this realm knows about. This is an ordered list, where the ordering signifies the order the peers are tried. Same as the dbpPeerServerIndex" ::= { dbpRealmKnownPeersEntry 2 } dbpRealmKnownPeersChosen OBJECT-TYPE SYNTAX INTEGER { roundRobin(1), loadBalance(2), firstPreferred(3), mostRecentFirst(4), other(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "How the realm chooses which peer to send packets to. roundRobin - The peer used for each transaction is selected based on the order of which peers are configured. loadBalance - The peer used for each transaction is based on the load metric (maybe implementation dependent) of all peers defined for the realm, with the least loaded server selected first. firstPreferred - The first defined server is always used for transactions unless failover occurs. mostRecentFirst - The most recent used server is used first Koehler et al. [Page 31] Internet-Draft Diameter Base Protocol MIB February 2002 for each transaction." ::= { dbpRealmKnownPeersEntry 3 } -- -- Conformance -- dbpMIBCompliances OBJECT IDENTIFIER ::= { diameterBaseConform 1 } dbpMIBGroups OBJECT IDENTIFIER ::= { diameterBaseConform 2 } -- -- Compliance Statements -- dbpMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for diameter base protocol entities." MODULE -- this module MANDATORY-GROUPS { dbpHostCfgGroup, dbpHostStatsGroup } ::= { dbpMIBCompliances 1 } -- -- Units of Conformance -- dbpHostCfgGroup OBJECT-GROUP OBJECTS { dbpServerID, dbpHostAddressType, dbpHostAddress, dbpTcpListenPort, dbpSctpListenPort } STATUS current DESCRIPTION "A collection of objects providing configuration common to the server." ::= { dbpMIBGroups 1 } dbpHostStatsGroup OBJECT-GROUP OBJECTS { dbpServerStatsTotalPacketsIn, dbpServerStatsTotalPacketsOut, dbpServerStatsTotalUpTime, dbpServerResetTime, dbpServerConfigReset } STATUS current DESCRIPTION "A collection of objects providing statistics common to the server." ::= { dbpMIBGroups 2 } Koehler et al. [Page 32] Internet-Draft Diameter Base Protocol MIB February 2002 END 5. References [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 2001. [2] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991. [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 2001. [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 2001. [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 2001. [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 2001. [12] Blumenthal, U., and B. Wijnen, "User-based Security Model for Version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 2001. Koehler et al. [Page 33] Internet-Draft Diameter Base Protocol MIB February 2002 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [14] Levi, D., Meyer, P., and B. Stewart, "SNMP Applications", RFC 2573, April 2001. [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model for the Simple Network Management Protocol (SNMP)", RFC 2575, April 2001. [16] P. Calhoun, W. Bulley, A. Rubens, J. Haag, "Diameter NASREQ Application", draft-ietf-aaa-diameter-nasreq-08.txt, IETF work in progress, November 2001. [17] P. Calhoun, C. Perkins, "Diameter Mobile IP Application", draft-ietf-aaa-diameter-mobileip-08.txt, IETF work in progress, November 2001. [18] T. Hiller and al, "CDMA2000 Wireless Data Requirements for AAA", RFC3141, June 2001. [19] P. Calhoun, W. Bulley, S. Farrell, "Diameter CMS Security appli- cation", draft-ietf-aaa-diameter-cms-sec-03.txt (work in pro- gress), November 2001. [20] P. Calhoun, H. Akhtar, J. Arkko, E. Guttman, A. Rubens, G. Zorn, "Diameter Base Protocol", draft-ietf-aaa-diameter-08.txt, IETF work in progress, November 2001. [21] B. Aboba, G. Zorn, "Criteria for Evaluating Roaming Protocols", RFC 2477, January 1999. [22] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. 6. Acknowledgements The authors would like to thank David Battle for his participation and suggestions in designing the table structures, Kevin Lingle for reviewing the MIB and making invaluable suggestions, and Greg Weber for his help in representing the MIB at IETF meetings. 7. Security Considerations There is a manageed object defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such an object may be Koehler et al. [Page 34] Internet-Draft Diameter Base Protocol MIB February 2002 considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. There are a number of managed objects in this MIB that may contain sensitive information. These are: diameterHostAddress, diameterPeerServerAddress, diameterPeerIpAddress, This can be used to determine the address of the Diameter host server, peer server, etc with which the servers are communicating. This information could be useful in impersonating the peer server. It is thus important to control GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), there is no control as to who on the secure network is allowed to access and GET (read) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [12] and the View-based Access Control Model RFC 2575 [15] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. Authors' Addresses Jay Koehler Cisco Systems, Inc. 10850 Murdock Road Knoxville, TN 37932 Phone: 865-671-0429 EMail: jkoehler@cisco.com Mark Eklund Koehler et al. [Page 35] Internet-Draft Diameter Base Protocol MIB February 2002 Cisco Systems, Inc. 10850 Murdock Road Knoxville, TN 37932 Phone: 865-671-6255 Email: meklund@cisco.com Hai Li Cisco Systems, Inc. 10850 Murdock Road Knoxville, TN 37932 Phone: 865-777-1563 EMail: haili@cisco.com 9. Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Koehler et al. [Page 36]