Internet Draft DiffServ Policy MIB June 2000 The DiffServ Policy MIB draft-ietf-snmpconf-diffpolicy-02.txt Document Revision: 1.4 June 2000 Harrie Hazewinkel TBD harrie.hazewinkel@bigfoot.com David Partain Ericsson David.Partain@ericsson.com Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice SNMPCONF WG Expires December 2000 [Page 1] Internet Draft DiffServ Policy MIB June 2000 Copyright (C) The Internet Society (2000). All Rights Reserved. "Open Issues" * administrivia: various template things need to be put in (the internet standard management framework, appropriate references, security boilerplate, verify intellectual property clause, the MUST, MAY, SHOULD stuff, etc.) There are unresolved references. * Matt White comments: "I think the "What does this MIB do?" aspect needs to be expanded upon and clarified. Is it an abstraction of the DiffServ MIB? Is it a DiffServ macro storage facility? Is it a little of both? DLP: I've put in a place-holder, but the text is not written. * We need to include at least one example of usage. This will be put in after Pittsburgh based upon the presentation that we do there. After we're sure that our example reflects what is needed, we'll put it into this MIB. * to what degree do implementation-specific modules convey information about state or utilization and how do we get that information, and how is it shown in the policy system. * for each domain, we may need to understand capacity and utilization. If so, we need to have appropriate MIB objects that allow you to get this. 1. Abstract The MIB Module described in this document provides a conceptual layer between high-level "network-wide" policy definitions that affect configuration of the differentiated services (DiffServ) subsystem and the instance-specific information that would include such details as the parameters for all the queues associated with each interface in a system. This essentially provides an interface for configuring DiffServ at a conceptually higher layer than that of the DiffServ Architecture MIB [DIFFSERVMIB]. This version of this memo is aligned with the DIFF-SERV-MIB [DIFFSERVMIB] found in draft-ietf-diffserv-mib-03.txt. This MIB module will be aligned with that work as updates are made. SNMPCONF WG Expires December 2000 [Page 2] Internet Draft DiffServ Policy MIB June 2000 2. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [1]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13]. o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [16]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or SNMPCONF WG Expires December 2000 [Page 3] Internet Draft DiffServ Policy MIB June 2000 events are omitted because no translation is possible (use of Counter64). Some machine-readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3. Introduction This memo defines a MIB module which can be used to convey information about desired network-wide DiffServ-based policy behavior. This module is designed to integrate with the Policy-based Management MIB module [POLICYMIB] as well as the DiffServ Architecture MIB module [DIFFSERVMIB] published by the DiffServ working group. Together these three documents represent an instance of an integrated architecture for both device-specific and network-wide policy management which is fully integrated with the Internet Standard Management Framework. This is the first of what is expected to be a wide number of other network-wide policy modules to be developed in the future in a wide range of areas. Within the DiffServ architecture a MIB module is already defined [DIFFSERVMIB] that operates on a device level. The MIB module in this memo (the DIFFSERV-POLICY-MIB) creates a coherent policy configuration management view (domain- specific) as an umbrella over this mechanism-specific MIB. That is, DIFFSERV-POLICY-MIB provides a conceptual API for configuration of DiffServ parameters in a device at a higher level than the DiffServ Architecture MIB [DIFFSERVMIB]. 4. Definitions Terminology used in discussing policy-based configuration management have been the source of much discussion and confusion. [PBCM] provides a discussion of the terms used in discussing this topic. Note that this is simply a template which needs to be altered to fit into the documents better. SNMPCONF WG Expires December 2000 [Page 4] Internet Draft DiffServ Policy MIB June 2000 "Much of the information in this section is an adaptation and expansion of a presentations given at the 47th IETF in during the Policy Framework Working Group session. By adopting terms used by the Policy Framework Working Group wherever feasible; the SNMP Configuration Working Group hopes to reduce the terminology confusion that has existed in this area. Work is ongoing in the SNMP Configuration and Policy Framework groups as well as others; so some change is inevitable. Here are terms that are used to describe policy information at different levels of abstraction moving from the most general to the most specific. 1. Domain Specific. A domain is a general area of technology such as service quality or security. Services, or service level agreements, may span several domains, each of them potentially including many policies. As a general rule, people will not discuss these domains in the abstract. They will most often be discussed with technology or application-specific examples. Examples of technical domains include IPSec and Differentiated Services. When expressed in terms specific to a particular domain, a policy is said to be at the Domain Specific level of detail. There is little in common between how one would configure differentiated services with how one would configure IPsec [IPSEC]. They may both be required for a particular service agreement however. For example, people who want to use a voice over IP application might also want to ensure a certain level of security for these communications. 2. Mechanism Specific Mechanisms are technologies used within a particular domain. For example, in the differentiated services domain, RED or WRED (Weighted Random Early Detection) might be used as one of the mechanisms that devices employ to support differentiated services and the applications on which they rely. Policy descriptions that include the details associated with a particular mechanism, are said to be mechanism specific. 3. Implementation Specific SNMPCONF WG Expires December 2000 [Page 5] Internet Draft DiffServ Policy MIB June 2000 Implementation specific details are those parameters that a particular vendor might use in an implementation that augment a standard set of mechanism-specific parameters. Vendors often add special capabilities to basic mechanisms as a way of meeting special customer requirements or differentiating themselves from their competitors. These special capabilities are often a result of the implementation approach that a vendor has used for the product, thus the term, Implementation Specific. For example, if a router vendor implemented a particular routing protocol, they would have the mechanism specific parameters that control the behavior of that software. The vendor might have chosen to run several instances of that routing protocol, perhaps on different processors, for performance reasons. The parameters that are used to control the distribution of work on the different processors for that protocol would be implementation specific. 4. Instance Specific Network operators are most familiar and comfortable with information of this type. Instance specific information is information refers to parameter values that have been associated with a specific instance in a managed element. For example, The Border Gateway Protocol is a routing protocol that has a number of parameters that describe information about a particular router's view of other routers that it is sharing information with, peer routers. One such parameter defined in the BGP MIB Module [BGP MIB] is the desired connection retry interval for a peer, bgpPeerConnectRetryInterval. An example value would be 120 (seconds). When expressed with this level of specificity, one would say that this is mechanism specific data. If we were to see a value of bgpPeerConnectRetryInterval. 10.0.0.1 = 120 we would be looking at the retry interval of the peer router found at IP address 10.0.0.1. The value for this instance is 120 seconds, instance specific data. One of the goals of policy-based (configuration) management is to improve the efficiency of configuration operations. This is accomplished in part by eliminating the necessity of sending to the managed device a configuration object for every instance of that object in a system. For SNMPCONF WG Expires December 2000 [Page 6] Internet Draft DiffServ Policy MIB June 2000 example, if we wanted to change one of the BGP parameters referenced above on a large system for each interface that is supporting the BGP, there may be many individual commands needed to accomplish this task. If a command line interface were used as the primary configuration tool in this example, many configuration commands would be needed as well. When we say that a a policy is at the instance independent level of abstraction, we mean that the value for a particular parameter is independent of the instances to which it will be applied." 5. What this MIB Module Provides To be written: to provide a high-level description of what this MIB does. 6. Relationship to other MIBs In this section we describe the relationship of this MIB module to other MIB modules. The overall architecture used for policy configuration management is described in [POLICYMIB]. 6.1. The Policy-based Management MIB module [POLICYMIB] defines a MIB module that enables policy-based configuration management of infrastructure using the Internet Standard Management Framework. The document includes a table for configuring policies to be implemented, tables for storing the roles of elements on a particular device, a table for representing the capabilities of a device with respect to policy management, a table for referencing elements affected by a policy, and a table which points to into the mechanism- specific MIB (this memo). This last table of pointers enables management applications to determine the mechanism-specific configuration to which a particular policy applies. The primary purpose of this is to enable the manager to correct errors in installed policies. The pmPolicyMechanismTable (as the table in [POLICYMIB] is SNMPCONF WG Expires December 2000 [Page 7] Internet Draft DiffServ Policy MIB June 2000 tentatively called), points into mechanism-specific MIBs and includes a RowPointer object pointing into a row in the diffPolicyPHBTable defined below. See [POLICYMIB] for a full description of the policy-based configuration framework it provides. 6.2. The DiffServ MIB module The DiffServ Architecture MIB module [DIFFSERVMIB] provides a common set of managed objects useful for configuring DiffServ parameters on a particular device. This is what is refered to as instance-level configuration. It is the alteration of the instance-level information in that MIB module which MAY be done via the objects provided by the DiffServ Policy MIB module defined in this memo. It is recognized that vendors may include additional managed objects in their devices (via vendor-specific MIB modules) for configuring DiffServ parameters. If a vendor chooses to use the objects defined in this memo for configuration, the vendor should also provide additional managed objects in a similar approach as defined for the DiffServ Architecture MIB module and the DiffServ Policy MIB module. The remainder of this subsection describes the relationship of each table in the DiffServ Architecture MIB module to this MIB module. - diffServClassifierTable: instantiates the traffic classification data path. Whenever a configuration in the DiffServ Policy MIB module is made active, a new entry in the diffServClassifierTable will be created with data path configuration as defined in the diffPolicyPerHopBehaviorTable. - diffServSixTupleClfrTable: traffic identification table and does not have a direct influence on the per-hop-behavior. Entries identifying traffic can be used directly by the subsystem implementing the DiffServ Policy MIB module. SNMPCONF WG Expires December 2000 [Page 8] Internet Draft DiffServ Policy MIB June 2000 - diffServMeterTable is a possible target table for the diffPolicyMeterTable. - diffServTBMeterTable is also a target table for the diffPolicyMeterTable. When per-hop-behavior configurations are made active, the meter configuration used will be instantiated in the diffServTBMeterTable - diffServActionTable instantiates actions that can be performed on a stream of traffic. This table is the target for the diffPolicyActionTable whenever a configuration is made active. - diffServDscpMarkActTable is a configuration table for traffic marking. It is possible to have mark actions defined in this table that are not used for the traffic. For this reason the manager can use this table directly in conjunction with the DiffServ Policy MIB module. - diffServAlgDropTable is a configuration table for dropping traffic. It is possible to have mark actions defined in this table that are not used for the traffic. For this reason the manager can use this table directly in conjunction with the DiffServ Policy MIB module. The following tables are not used for configuration and are not referenced in any way: - diffServCountActTable - diffServCountActXTable - diffServDropActXTable - diffServQMeasureTable The Differentiated Services Policy MIB module was designed to have configuration templates for the Differentiated Services MIB module. Therefore, it may appear that the Differentiated Services Policy MIB is largely a copy of the DIFF-SERV-MIB. However, there is a significant difference in the semantics of the managed objects. In the DIFF-SERV-MIB [DIFFSERVMIB], meters, actions, queues and schedulers are directly related to interfaces and their interface direction. The objects directly influence traffic SNMPCONF WG Expires December 2000 [Page 9] Internet Draft DiffServ Policy MIB June 2000 behavior. This is in contrast to the objects in the Differentiated Services Policy MIB module, where only configuration templates are defined. The values of a template are only to be applied when a per-hop-behavior is activated via a policy. Only in that case are the values connected to an interface and its direction, which could be seen as being 7. MIB Module Design In this section the overall design of the DiffServ Policy MIB module is described. The first part will describe how this module is positioned within the overall architecture. The DiffServ Policy MIB module of the SNMP-based configuration management framework is positioned between the Policy-based Management MIB module and the instance-specific MIB module (the DiffServ Architecture MIB module) as described above. The following scheme of actions MAY be used for the subsystem: 1) The instance-specific MIB module (for this document the DiffServ Architecture MIB module) is assumed to be implemented on the device already. 2) The Policy-based Management MIB module includes the filters and actions and is implemented on the device. 3) The mechanism-specific policy MIB module (in this case the DiffServ Policy MIB module) registers its capability in the capability table of the Policy-based Management MIB module. 4) If a device has knowledge of default configurations, it can create the required managed objects for the default configurations in the tables of the mechanism-specific policy MIB module. 5) The manager can then read the capability table after which it knows about the capabilities and can start configuring the mechanism-specific policy MIB module and the various roles that may exist (this defines the configurations and associations as necessary) SNMPCONF WG Expires December 2000 [Page 10] Internet Draft DiffServ Policy MIB June 2000 6) The manager can then map/instantiate policies as required via the policy table. The MIB module is designed with the following tables: - A per-hop-behavior table (diffPolicyPHBTable) - A meter table (diffPolicyMeterTable) - An action table (diffPolicyActionTable) - A queue table (diffPolicyQTable) - A scheduler table (diffPolicySchedulerTable) Unlike most MIB modules, changes on the managed objects in this MIB module do not cause a change in the device. This MIB module is used to set up per-hop-behavior configurations. As soon as configurations are made active via the POLICY- MANAGEMENT-MIB, the configurations defined within this MIB module will be instantiated on the instance specific MIB, the DIFF-SERV-MIB. Note that this is a conceptual process. That is, the configuration may not actually go through an API available in the subsystem which implements the DIFF-SERV-MIB module. However, configuration via the DiffServ Policy MIB module will alter the same instrumentation as the DIFF-SERV-MIB module whether it does it via the DIFF-SERV-MIB module or not. The tables in the MIB module are: - The diffPolicyPHBTable provides managed objects for per-hop-behavior configuration. This table contains RowPointers into subsequent tables in such a way that the Traffic Control Block (TCB) can be created as soon as a configuration is made active. - The diffPolicyMeterTable provides the managed objects for the meters used in the per-hop-behavior configuration. This table also contains RowPointers into next data-path elements if the traffic conforms to the meter or not. - The diffPolicyActionTable provides managed objects for configuring actions that are connected with meters. Via this table, and using 'diffPolicyMeterFailNext' and/or 'diffPolicyMeterSucceedNext', the specific action can be configured. SNMPCONF WG Expires December 2000 [Page 11] Internet Draft DiffServ Policy MIB June 2000 - The diffPolicyQTable provides managed objects for setting up individual queue configurations. The individual queues can be configured with the sample interval and the weight of the queue. - The diffPolicySchedulerTable enumerates policy configuration templates for packet schedulers. 8. Managed objects definitions (MIB module) -- This version of the MIB is aligned with the DIFF-SERV-MIB -- found in draft-ietf-diffserv-mib-03.txt. This MIB module will -- be aligned with that work as updates are made. DIFFSERV-POLICY-MIB DEFINITIONS ::= BEGIN IMPORTS Unsigned32, Integer32, OBJECT-TYPE, MODULE-IDENTITY, zeroDotZero, mib-2 FROM SNMPv2-SMI RowStatus, RowPointer, TestAndIncr, DateAndTime FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; diffPolicyMib MODULE-IDENTITY LAST-UPDATED "200006301100Z" -- June 30, 2000, 13:00 Italy ORGANIZATION "SNMPCONF WG" CONTACT-INFO "SNMPCONF Working Group http://www.ietf.org/html.charters/snmpconf-charter.html Editors: Harrie Hazewinkel Postal: Titanstraat 2 9933 CE Delfzijl The Netherlands Tel: +31 596 615843 or +39 331974135 FAX: +39 0331974135 SNMPCONF WG Expires December 2000 [Page 12] Internet Draft DiffServ Policy MIB June 2000 E-mail: harrie.hazewinkel@bigfoot.com David Partain Postal: Ericsson Radio Systems P.O. Box 1248 SE-581 12 Linkoping Sweden Tel: +46 13 28 41 44 E-mail: David.Partain@ericsson.com" DESCRIPTION "This MIB module contains differentiated services specific managed objects to perform policy-based configuration management. This MIB defines 'templates' to be used to instantiate per-hop-behaviors to be assigned when a policy is created and activated." ::= { mib-2 22222222 } -- Needs to be assigned by IANA diffPolicyMIBObjects OBJECT IDENTIFIER ::= { diffPolicyMib 1 } diffPolicyMIBConformance OBJECT IDENTIFIER ::= { diffPolicyMib 3 } -- -- The per-hop-behavior -- -- Issues: -- Do we want a spin-lock on this whole table or on each row -- of the table, or not at all? diffPolicyPHBUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicyPHBUnique object yields a unique new value for diffPolicyPHBId when read and subsequently set. This value must be tested for uniqueness." ::= { diffPolicyMIBObjects 1 } diffPolicyPHBTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicyPHBEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION SNMPCONF WG Expires December 2000 [Page 13] Internet Draft DiffServ Policy MIB June 2000 "A table which defines the various per-hop-behaviors for which the system has default 'templates'." ::= { diffPolicyMIBObjects 2 } diffPolicyPHBEntry OBJECT-TYPE SYNTAX DiffPolicyPHBEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry defining a per-hop-behavior. Each entry in this table combines the various parameters (entries) into a specific per-hop-behavior. Entries in this table can as well being defined by a vendor (preconfigured) or as well being defined by a management application." INDEX { diffPolicyPHBId } ::= { diffPolicyPHBTable 1 } DiffPolicyPHBEntry ::= SEQUENCE { diffPolicyPHBId Integer32, diffPolicyPHBDescr SnmpAdminString, diffPolicyPHBOwner SnmpAdminString, diffPolicyPHBLastChange DateAndTime, diffPolicyPHBTrafficID RowPointer, diffPolicyPHBClassPrecedence Unsigned32, diffPolicyPHBMeter RowPointer, diffPolicyPHBAction RowPointer, diffPolicyPHBQueue RowPointer, diffPolicyPHBScheduler RowPointer, diffPolicyPHBStatus RowStatus } diffPolicyPHBId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique id for the per-hop-behavior policy." ::= { diffPolicyPHBEntry 1 } diffPolicyPHBDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION SNMPCONF WG Expires December 2000 [Page 14] Internet Draft DiffServ Policy MIB June 2000 "A human-readable description to identify this defined per-hop-behavior. Note that this is an SnmpAdminString, which permits UTF-8 strings." ::= { diffPolicyPHBEntry 2 } diffPolicyPHBOwner OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The owner who creates this entry." ::= { diffPolicyPHBEntry 3 } diffPolicyPHBLastChange OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time when this entry was changed for the last time." ::= { diffPolicyPHBEntry 4 } diffPolicyPHBTrafficID OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The pointer to traffic identification used for this per-hop-behavior definition. This value points to a traffic classifying entry in the 'diffServClassifierTable' or the 'diffServSixTupleClfrTable'. NOTE: The traffic classifying tables of the DIFF-SERV-MIB can be used for policy configuration in this MIB module because the entries in the tables 'diffServClassifierTable' or the 'diffServSixTupleClfrTable' configure traffic filter templates." ::= { diffPolicyPHBEntry 5 } diffPolicyPHBClassPrecedence OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current SNMPCONF WG Expires December 2000 [Page 15] Internet Draft DiffServ Policy MIB June 2000 DESCRIPTION "The precedence of the classifier for this per-hop-behavior definition." ::= { diffPolicyPHBEntry 6 } diffPolicyPHBMeter OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The meter which is next in the data path for the defined classifier applicable to this per-hop-behavior configuration. The value points to an entry in the 'diffPolicyMeterTable'." DEFVAL { zeroDotZero } ::= { diffPolicyPHBEntry 7 } diffPolicyPHBAction OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The action which is next in the data path for the defined classifier applicable to this per-hop-behavior definition. The value points to an entry in the 'diffPolicyActionTable'. The value 'zeroDotZero' is used when there is no action associated with the per-hop-behavior." DEFVAL { zeroDotZero } ::= { diffPolicyPHBEntry 8 } diffPolicyPHBQueue OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The queue defined that is used for the configuration of this per-hop-behavior. The value points to an entry in the 'diffPolicyQTable'. The value 'zeroDotZero' is used when there is no SNMPCONF WG Expires December 2000 [Page 16] Internet Draft DiffServ Policy MIB June 2000 queue associated with the per-hop-behavior." DEFVAL { zeroDotZero } ::= { diffPolicyPHBEntry 9 } diffPolicyPHBScheduler OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The Scheduler defined that is used for the configuration of this per-hop-behavior. The value points to an entry in the 'diffPolicySchedulerTable'. The value 'zeroDotZero' is used when there is no scheduler associated with the per-hop-behavior" DEFVAL { zeroDotZero } ::= { diffPolicyPHBEntry 10 } diffPolicyPHBStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus object used for creation and deletion of rows in this table." ::= { diffPolicyPHBEntry 11 } -- -- Meters Configuration -- diffPolicyMeterUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicyMeterUnique object yields a unique new value for diffPolicyMeterId when read and subsequently set. This value must be tested for uniqueness." ::= { diffPolicyMIBObjects 3 } diffPolicyMeterTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicyMeterEntry SNMPCONF WG Expires December 2000 [Page 17] Internet Draft DiffServ Policy MIB June 2000 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table enumerates templates for configuration of specific token bucket meters that can be used for per-hop-behavior definitions. This tables provides policy configuration templates for the 'diffServMeterTable' and the 'diffServTBMeterTable'. When changes are made in this table the behavior of the DiffServ router is not changed. The behavior only changes when the policy of which this meter is part is applied." ::= { diffPolicyMIBObjects 4 } diffPolicyMeterEntry OBJECT-TYPE SYNTAX DiffPolicyMeterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the meter table." INDEX { diffPolicyMeterId } ::= { diffPolicyMeterTable 1 } DiffPolicyMeterEntry ::= SEQUENCE { diffPolicyMeterId Integer32, diffPolicyMeterRate Unsigned32, diffPolicyMeterBurstSize Unsigned32, diffPolicyMeterFailNext RowPointer, diffPolicyMeterSucceedNext RowPointer, diffPolicyMeterStatus RowStatus } diffPolicyMeterId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index to make MeterId for each entry." ::= { diffPolicyMeterEntry 1 } diffPolicyMeterRate OBJECT-TYPE SYNTAX Unsigned32 UNITS "KBPS" -- kilobits SNMPCONF WG Expires December 2000 [Page 18] Internet Draft DiffServ Policy MIB June 2000 MAX-ACCESS read-create STATUS current DESCRIPTION "The token bucket rate, in kilo-bits per second (KBPS) applicable for this Meter definition." ::= { diffPolicyMeterEntry 2 } diffPolicyMeterBurstSize OBJECT-TYPE SYNTAX Unsigned32 UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The configuration value of the number of bytes in a single transmission burst when this policy configuration is applied to a Meter." ::= { diffPolicyMeterEntry 3 } diffPolicyMeterFailNext OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The next Meter or Action configured that will handle the traffic when the meter does not conform the meter. This value points can point towards an entry in the diffPolicyMeterTable, diffPolicyActionTable. The value 'zeroDotZero' is used when there is no next component in the data path." DEFVAL { zeroDotZero } ::= { diffPolicyMeterEntry 4 } diffPolicyMeterSucceedNext OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The next Meter or Action configured that will handle the traffic when the meter does conform the meter. This value points can point towards an entry in the diffPolicyMeterTable, diffPolicyActionTable. The value 'zeroDotZero' is used when there is no SNMPCONF WG Expires December 2000 [Page 19] Internet Draft DiffServ Policy MIB June 2000 next component in the data path." DEFVAL { zeroDotZero } ::= { diffPolicyMeterEntry 5 } diffPolicyMeterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus variable controls the creation or deletion of a meter configuration." ::= { diffPolicyMeterEntry 6 } -- -- Actions -- diffPolicyActionUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicyActionUnique object yields a unique new value for diffPolicyActionId when read and subsequently set. This value must be tested for uniqueness." ::= { diffPolicyMIBObjects 5 } diffPolicyActionTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicyActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table enumerates templates for actions that can be performed on a stream of traffic. Various templates can be concatenated. This table can be used for configuration of the 'diffServActionTable' and 'diffServDscpMarkActTable'. For policy configuration for these 2 tables they are combined in 1 table." ::= { diffPolicyMIBObjects 6 } diffPolicyActionEntry OBJECT-TYPE SYNTAX DiffPolicyActionEntry MAX-ACCESS not-accessible SNMPCONF WG Expires December 2000 [Page 20] Internet Draft DiffServ Policy MIB June 2000 STATUS current DESCRIPTION "An entry in the action table describes the actions applied to traffic exiting a given meter." INDEX { diffPolicyActionId } ::= { diffPolicyActionTable 1 } DiffPolicyActionEntry ::= SEQUENCE { diffPolicyActionId Unsigned32, diffPolicyActionNext RowPointer, diffPolicyActionType INTEGER, diffPolicyActionStatus RowStatus } diffPolicyActionId OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Action Id enumerates the Action entry for a per-hop-behavior definition." ::= { diffPolicyActionEntry 1 } diffPolicyActionNext OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The Next pointer indicates the next data path element to handle the traffic that is applicable to this per-hop-behavior definition. The value 'zeroDotZero' is used when there is no next component in the data path." DEFVAL { zeroDotZero } ::= { diffPolicyActionEntry 2 } diffPolicyActionType OBJECT-TYPE SYNTAX INTEGER { other(1), -- types not specified here. mark(2), -- mark or remark count(3), -- count alwaysDrop(4), -- disallow traffic tailDrop(5), -- fix queue size Drop randomDrop(6), -- Random Drop SNMPCONF WG Expires December 2000 [Page 21] Internet Draft DiffServ Policy MIB June 2000 deterDrop(7) -- Deterministic Drop } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the type of action for this configuration." ::= { diffPolicyActionEntry 3 } diffPolicyActionStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus variable controls the creation, or deletion of a action configuration." ::= { diffPolicyActionEntry 4 } -- -- Queues -- diffPolicyQUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicyQUnique object yields a unique new value for diffPolicyQId when read and subsequently set. This value must be tested for uniqueness." ::= { diffPolicyMIBObjects 7 } diffPolicyQTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicyQEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Queue Table enumerates the queues that can be assigned when a per-hop-behavior is assigned. This table includes the measure values which are defined in the DIFF-SERV-MIB in a separate table." ::= { diffPolicyMIBObjects 8 } diffPolicyQEntry OBJECT-TYPE SYNTAX DiffPolicyQEntry MAX-ACCESS not-accessible SNMPCONF WG Expires December 2000 [Page 22] Internet Draft DiffServ Policy MIB June 2000 STATUS current DESCRIPTION "An entry in the Queue Table describes a single FIFO queue." INDEX { diffPolicyQId, diffPolicyQId } ::= { diffPolicyQTable 1 } DiffPolicyQEntry ::= SEQUENCE { diffPolicyQId Integer32, diffPolicyQPriority Unsigned32, diffPolicyQMinRateAbs Unsigned32, diffPolicyQMinRateRel Unsigned32, diffPolicyQMaxRateAbs Unsigned32, diffPolicyQMaxRateRel Unsigned32, diffPolicyQStatus RowStatus } diffPolicyQId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Queue Id enumerates the Queue entry." ::= { diffPolicyQEntry 1 } diffPolicyQPriority OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The priority of the queue." ::= { diffPolicyQEntry 2 } diffPolicyQMinRateAbs OBJECT-TYPE SYNTAX Unsigned32 UNITS "kilobits per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The minimum absolute rate, in kilobits/sec, with which a downstream scheduler element should configured." REFERENCE "diffServQMinRateAbs from [DIFFSERVMIB]" ::= { diffPolicyQEntry 3 } SNMPCONF WG Expires December 2000 [Page 23] Internet Draft DiffServ Policy MIB June 2000 diffPolicyQMinRateRel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The minimum rate with which a downstream scheduler element should be configured." REFERENCE "diffServQMinRateRel from [DIFFSERVMIB]" ::= { diffPolicyQEntry 4 } diffPolicyQMaxRateAbs OBJECT-TYPE SYNTAX Unsigned32 UNITS "kilobits per second" MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum absolute rate, in kilobits/sec, with which a downstream scheduler element should configured." REFERENCE "diffServQMaxRateAbs from [DIFFSERVMIB]" ::= { diffPolicyQEntry 5 } diffPolicyQMaxRateRel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum rate with which a downstream scheduler element should be configured." REFERENCE "diffServQMaxRateRel from [DIFFSERVMIB]" ::= { diffPolicyQEntry 6 } diffPolicyQStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus variable controls the creation, or deletion of a queue configuration." ::= { diffPolicyQEntry 7 } -- -- Scheduler SNMPCONF WG Expires December 2000 [Page 24] Internet Draft DiffServ Policy MIB June 2000 -- diffPolicySchedulerUnique OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "The diffPolicySchedulerUnique object yields a unique new value for diffPolicySchedulerId when read and subsequently set. This value must be tested for uniqueness and can be used by a configuring system to obtain a unique value for diffPolicySchedulerId for purposes of row creation in the diffPolicySchedulerTable." ::= { diffPolicyMIBObjects 9 } diffPolicySchedulerTable OBJECT-TYPE SYNTAX SEQUENCE OF DiffPolicySchedulerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Scheduler Table enumerates policy configuration templates for packet schedulers." ::= { diffPolicyMIBObjects 10 } diffPolicySchedulerEntry OBJECT-TYPE SYNTAX DiffPolicySchedulerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Policy Scheduler Table describing a single configuration template for a scheduling algorithm." INDEX { diffPolicySchedulerId } ::= { diffPolicySchedulerTable 1 } DiffPolicySchedulerEntry ::= SEQUENCE { diffPolicySchedulerId Integer32, diffPolicySchedulerMethod INTEGER, diffPolicySchedulerNext RowPointer, diffPolicySchedulerStatus RowStatus } diffPolicySchedulerId OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS not-accessible STATUS current SNMPCONF WG Expires December 2000 [Page 25] Internet Draft DiffServ Policy MIB June 2000 DESCRIPTION "The Policy Scheduler Id enumerates the Policy Scheduler entry." ::= { diffPolicySchedulerEntry 1 } diffPolicySchedulerMethod OBJECT-TYPE SYNTAX INTEGER { other(1), -- not listed here priorityq(2), -- Priority Queueing wrr(3) -- Weighed Round Robin } MAX-ACCESS read-create STATUS current DESCRIPTION "The scheduling algorithm used when this policy is applied to a Scheduler." REFERENCE "diffServSchedulerMethod [DIFFSERV-MIB]" ::= { diffPolicySchedulerEntry 2 } diffPolicySchedulerNext OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "The next data path component that is applicable for this scheduler configuration. The value can point to an entry in the 'diffPolicyMeterTable', 'diffPolicyActionTable', 'diffPolicyQTable' or the 'diffPolicySchedulerTable'. The value 'zeroDotZero' is used when there is no next component in the data path." DEFVAL { zeroDotZero } ::= { diffPolicySchedulerEntry 3 } diffPolicySchedulerStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus variable via which this configuration template can be created, deleted or modified." ::= { diffPolicySchedulerEntry 4 } SNMPCONF WG Expires December 2000 [Page 26] Internet Draft DiffServ Policy MIB June 2000 -- -- MIB Compliance statements. -- diffPolicyMIBCompliances OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 1 } diffPolicyMIBGroups OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 2 } diffPolicyMIBFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The full compliance for this MIB module." MODULE -- This module MANDATORY-GROUPS { diffPolicyMIBPerHopBehaviorGroup, diffPolicyMIBMeterGroup, diffPolicyMIBActionGroup, diffPolicyMIBQueueGroup, diffPolicyMIBSchedulerGroup } ::= { diffPolicyMIBCompliances 1 } diffPolicyMIBPerHopBehaviorGroup OBJECT-GROUP OBJECTS { diffPolicyPHBDescr, diffPolicyPHBOwner, diffPolicyPHBLastChange, diffPolicyPHBTrafficID, diffPolicyPHBClassPrecedence, diffPolicyPHBMeter, diffPolicyPHBAction, diffPolicyPHBQueue, diffPolicyPHBScheduler, diffPolicyPHBStatus } STATUS current DESCRIPTION "The per-hop-behavior Group defines the MIB Objects that describe the configuration template for the per-hop-behavior." ::= { diffPolicyMIBGroups 1 } diffPolicyMIBMeterGroup OBJECT-GROUP OBJECTS { diffPolicyMeterRate, diffPolicyMeterBurstSize, diffPolicyMeterFailNext, diffPolicyMeterSucceedNext, diffPolicyMeterStatus } STATUS current SNMPCONF WG Expires December 2000 [Page 27] Internet Draft DiffServ Policy MIB June 2000 DESCRIPTION "The Meter Group defines the objects used for configuring a generic meter and token bucket elements." ::= { diffPolicyMIBGroups 2 } diffPolicyMIBActionGroup OBJECT-GROUP OBJECTS { diffPolicyActionNext, diffPolicyActionType, diffPolicyActionStatus } STATUS current DESCRIPTION "The Action Group defines the objects used for configuration of actions." ::= { diffPolicyMIBGroups 3 } diffPolicyMIBQueueGroup OBJECT-GROUP OBJECTS { diffPolicyQPriority, diffPolicyQMinRateAbs, diffPolicyQMinRateRel, diffPolicyQMaxRateAbs, diffPolicyQMaxRateRel, diffPolicyQStatus } STATUS current DESCRIPTION "The Queue Group contains the objects which can be used for configuration of Queues." ::= { diffPolicyMIBGroups 4 } diffPolicyMIBSchedulerGroup OBJECT-GROUP OBJECTS { diffPolicySchedulerMethod, diffPolicySchedulerNext, diffPolicySchedulerStatus } STATUS current DESCRIPTION "The Scheduler Group contains the objects that are used for configuration of packet schedulers on interfaces." ::= { diffPolicyMIBGroups 5 } END SNMPCONF WG Expires December 2000 [Page 28] Internet Draft DiffServ Policy MIB June 2000 9. Security Considerations Security information here 10. Editors' Addresses Harrie Hazewinkel Titanstraat 2 9933 CE Delfzijl The Netherlands Phone: +31 596 615843 or +39 331974135 EMail: harrie.hazewinkel@bigfoot.com David Partain Ericsson Radio Systems Research and Innovation P.O. Box 1248 SE-581 12 Linkoping Sweden Phone: +46 13 28 41 44 EMail: David.Partain@ericsson.com 11. Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will SNMPCONF WG Expires December 2000 [Page 29] Internet Draft DiffServ Policy MIB June 2000 not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 12. References Others to be added as time goes by! [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999 [2] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, STD 16, Performance Systems International, Hughes LAN Systems, May 1990 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, STD 16, Performance Systems International, Hughes LAN Systems, March 1991 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991 [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580, SNMPCONF WG Expires December 2000 [Page 30] Internet Draft DiffServ Policy MIB June 2000 STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First Virtual Holdings, International Network Services, April 1999 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, STD 15, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, IBM T. J. Watson Research, April 1999 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., International Network Services, January 1996. [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, April 1999 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc., Cisco Systems, Inc., April 1999 [16] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", SNMPCONF WG Expires December 2000 [Page 31] Internet Draft DiffServ Policy MIB June 2000 RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates, Inc., Ericsson, Cisco Systems, April 1999 [PBCM] J. Saperia, "Policy-based Configuration Management", Work in Progress, June 2000. [DIFFSERVMIB] Baker, F., K. Chan, and A. Smith, Management Information Base for the Differentiated Services Architecture, Work in Progress, May 2000. [POLICYMIB] Waldbusser, S., J. Saperia, T. Hongal, Policy Based Management MIB, Work in Progress, May 2000. [SNMPBCP] MacFaden M., J. Saperia, CONFIGURING NETWORKS AND DEVICES WITH SNMP, Work in Progress, May 2000. [COPS-PR] Chan, K.H.., D. Durham, S. Gai, S. Herzog, K. McCloghrie, F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, COPS Usage for Policy Provisioning, Work in Progress, March 2000. [IPSEC] To be added [BGP MIB] to be added if necessary. SNMPCONF WG Expires December 2000 [Page 32] Internet Draft DiffServ Policy MIB June 2000 Table of Contents 1 Abstract .............................................. 2 2 The SNMP Management Framework ......................... 3 3 Introduction .......................................... 4 4 Definitions ........................................... 4 5 What this MIB Module Provides ......................... 7 6 Relationship to other MIBs ............................ 7 6.1 The Policy-based Management MIB module .............. 7 6.2 The DiffServ MIB module ............................. 8 7 MIB Module Design ..................................... 10 8 Managed objects definitions (MIB module) .............. 12 9 Security Considerations ............................... 29 10 Editors' Addresses ................................... 29 11 Full Copyright Statement ............................. 29 12 References ........................................... 30 SNMPCONF WG Expires December 2000 [Page 33]