Network Working Group M. Fine Internet Draft K. McCloghrie Cisco Systems S. Hahn Intel K. Chan Nortel Networks A. Smith Extreme Networks 26 February 1999 An Initial Quality of Service Policy Information Base for COPS-PR Clients and Servers draft-mfine-cops-pib-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To view the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow Directory, see http://www.ietf.org/shadow.html. Expires August 1999 [Page 1] Draft Initial PIB February 1999 1. Glossary PRC Policy Rule Class. A type of policy data. See [COPS-PR]. PRI Policy Rule Instance. An instance of a PRC. See [COPS-PR]. PIB Policy Information Base. The database of policy information. PDP Policy Decision Point. See [COPS]. PEP Policy Enforcement Point. See [COPS]. 2. Introduction This document defines an initial set of policy rule classes that describe the quality of service (QoS) policies for use by COPS-PR clients and servers. As described in [COPS-PR] QoS policy information is structured as instances of policy rule classes. A policy rule class (PRC) is an ordered set of scalar attributes. Policy rule classes are arranged in a hierarchical structure similar to tables in SNMP's SMI [SNMP-SMI]. As with SNMP tables, they are identified by a sequence of integer identifiers. For each policy rule class a device may have zero or more policy rule instances. Each policy instance is also identified by a sequence of integers where the first part of the sequence is the ID of the PRC. Collections of policy rule classes are defined in PIB modules. These modules are written using the same structure of management information used by SNMP with the following modifications. (1) The module begins with keyword PIB-DEFINITIONS rather than the keyword DEFINITIONS to identify it as a PIB rather than a MIB. (2) All policy rule classes as expressed as tables where each table is a PRC and the table columns are the class attributes. There is no scalar object as in SNMP. This makes for a more consistent "class-based" structure. (3) The OBJECT-TYPE macro has additional clause POLICY-ACCESS. This clause can only be applied to a policy rule class (i.e., the table definition). It takes the value "install", "install- notify" or "notify". "Install" or "install-notify" means that PDP may install instances of this policy rule class. "install- notify" or "notify" means that the PEP must report all instances of this class to the PDP in the initial request message, or when the PDP sends a message to synchronize state. The assumed value if none is explicitly provided is "install". Expires August 1999 [Page 2] Draft Initial PIB February 1999 For policy rule classes whose access is install or install- notify, the maximum access allowed from SNMP is read access. (4) The OBJECT-TYPE macro has additional clause INSTALL-ERRORS which enumerates the possible reasons for rejecting the install decision from the PDP. This clause may only appear on a policy rule class, i.e., on a table object type. If this clause is not present, the install can still fail, but no policy class-specific error is reported. To facilitate future extensions to the PIB, the attributes of a class may be augmented in another, perhaps enterprise specific, PIB by defining a class (using the AUGMENTS clause) in that newer PIB. Instances of the new class are related to instances of the existing class by means of the instance index. 3. Mapping the PIB to a MIB The PIB has been designed so that it can be easily and algorithmically mapped into a MIB for the purpose of monitoring by SNMP. This mapping is achieved by means of the following rules. (1) Replace the keyword POLICY-DEFINITIONS with the keyword DEFINITIONS. (2) Delete all the POLICY-ACCESS clauses. (3) Add a MAX-ACCESS clause for each OBJECT-TYPE. For each table and entry OBJECT-TYPE the MAX-ACCESS is "not-accessible". For each attribute that is an index, the MAX-ACCESS is "not-accessible". For the remaining attributes, the MAX-ACCESS is "read-only" if the POLICY-ACCESS for the class is "install" or "install-notify", and it is "read-create" if the POLICY-ACCESS for the class is "notify". (4) Add a columnar attribute of type RowStatus with name status and with the next available OID if the POLICY-ACCESS is "notify". (5) Delete all the INSTALL-ERRORS clauses. 4. ACEs and ACLs The basis of classification and policing for QoS is the access control entry (ACE). An ACE is simply a flow specification generally matching flows of a particular type rather than individual microflows or Expires August 1999 [Page 3] Draft Initial PIB February 1999 aggregates. Associated with each ACE is a permit or deny action. Ordered sets of these ACEs are used to create Access Control Lists (ACLs). Then, ordered sets of these ACLs are applied to interfaces together with a classification rule for each ACL (and a direction to indicate an input or output ACL). Thus, associated with each interface and direction is an ordered set of ACLs, each ACL consisting of an ordered set of ACEs. On input, each packet is checked against the set of ACLs configured on the ingress interface for the input direction starting with the first in the set. Similarly, on output each packet is checked against the set of ACLs configured on the egress interface for the output direction. For each ACL, the packet is checked against the set of ACEs in order. If a packet matches an ACE in an ACL and the action is a permit, then the action associated with that ACL is applied to that packet and no further ACEs are compared. If the action is a deny then the rest of the ACEs in the current ACL are skipped and the matching proceeds with the first ACE of the next ACL (thus, providing a rudimentary "NOT" capability). If the packet does not match any of the ACEs in the ACL, the next ACL is tried. 5. Roles The policy to apply to an interface may depend on many factors such as immutable characteristics of the interface (e.g., ethernet or frame relay), the status of the interface (e.g., half or full duplex), or user configuration (e.g., branch office or headquarters interface). Rather than specifying policies explicitly for each interface in the QoS domain, policies are specified in terms of interface functionality. To describe these functionalities of an interface we use the concept of "roles". A role is simply a string that is associated with an interface. A given interface may have any number of roles simultaneously. Policy rule classes have an attribute called a "role- combination" which is an unordered set of roles. Instances of a given policy rule class are applied to interface if and only if the set of roles in the role combination is identical to the set of the roles of the interface. Thus, roles provide a way to bind policy to interfaces without having to to explicitly identify interfaces in a consistent manner across all network devices. (The SNMP experience with ifIndex has proved this to be a difficult task.) That is, roles provide a level of indirection to the application of a set of policies to specific interfaces. Expires August 1999 [Page 4] Draft Initial PIB February 1999 Furthermore, if the same policy is being applied to several interfaces, that policy need be pushed to the device only once, rather than once per interface, as long as the interfaces are configured with the same role combination. We point out that, in the event that the administrator needs to have unique policy for each interface, this can be achieved by configuring each interface with a unique role. The PEP reports all its role combinations to the PDP at connect time or whenever they change. The comparing of roles (or role combinations) must be case insensitive. For display purposes, roles (or role combinations) should preserve the case specified by the user. The concept and usage of roles in this document is consistent with that specified in [QOS-POL]. Roles are currently under discussion in the IETF's Policy WG; as and when that discussion reaches a conclusion, this PIB will be updated in accordance with that conclusion. 6. Summary of the PIB This section gives a brief summary of the top level groups in the PIB. Device Configuration This group contains device configuration information. This configuration is either set by management or reflects the physical configuration of the device. General Policy Configuration This group contains general, global configuration such as the mapping from DSCP to 802.1p CoS. The IP Classification Group This group describes the IP ACLs used for classification of IP flows. QoS Interface Group This group specifies the configuration of the various interface types including the setting of queueing parameters and mapping of DSCPs to queues. Expires August 1999 [Page 5] Draft Initial PIB February 1999 7. PIB Definitions QOS-POLICY-PIB PIB-DEFINITIONS ::= BEGIN IMPORTS Unsigned32, IpAddress FROM SNMPv2-SMI DisplayString, TruthValue FROM SNMPv2-TC; qosPolicyPib MODULE-IDENTITY LAST-UPDATED "199902261800Z" ORGANIZATION "IETF RAP WG" CONTACT-INFO " Michael Fine Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Phone: +1 408 527 8218 Email: mfine@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive, San Jose CA 95134-1706. USA Phone: +1 408 526 5260 Email: kzm@cisco.com" DESCRIPTION "The PIB module containing an initial set of policy rule classes that describe the quality of service (QoS) policies." ::= { tbd } qosPolicyPibClasses OBJECT IDENTIFIER ::= { qosPolicyPib 1 } -- New textual conventions -- -- DiffServ Codepoint -- Dscp ::= TEXTUAL-CONVENTION DESCRIPTION "An integer that is in the range of the DiffServ codepoint values." Expires August 1999 [Page 6] Draft Initial PIB February 1999 SYNTAX INTEGER (0..63) -- Ip Precedence -- IpPrecedence ::= TEXTUAL-CONVENTION DESCRIPTION "An integer that is in the range of the IP precedence values." SYNTAX INTEGER (0..7) -- Layer 2 CoS -- QosLayer2Cos ::= TEXTUAL-CONVENTION DESCRIPTION "An integer that is in the range of the layer 2 CoS values. This corresponds to the 802.1p priority values." SYNTAX INTEGER (0..7) -- Interface types -- QosInterfaceQueueCount ::= TEXTUAL-CONVENTION DESCRIPTION "An integer that describes the number of queues an interface supports. It is limited to the range of DSCP values." SYNTAX INTEGER (0..63) -- Role -- Role ::= TEXTUAL-CONVENTION DESCRIPTION "A display string but where the characters '+', ' ' (space), NULL, LF, CR, BELL, BS, HT (tab) VT and FF are illegal." SYNTAX DisplayString (SIZE (0..31)) -- Role Combination -- RoleCombination ::= TEXTUAL-CONVENTION DESCRIPTION "A Display string consisting of a set of roles concatenated with a '+' character where the roles are in lexicographic Expires August 1999 [Page 7] Draft Initial PIB February 1999 order from minimum to maximum." SYNTAX DisplayString (SIZE (0..255)) -- Policy Instance Index -- PolicyInstanceId ::= TEXTUAL-CONVENTION DESCRIPTION "An textual convention for an attribute that is an an integer index attribute of class. It is used for attributes that exist for the purpose of providing a policy rule instance with a unique instance identifier. For any instance identifier that refers to another policy rule instance, that other policy instance must exist. Furthermore, it is an error to try to delete a policy rule instance that is referred to by another instance without first deleting the referencing instance." SYNTAX Unsigned32 -- -- Device Configuration -- -- This group contains device configuration information. This -- configuration is either set by management or reflects the physical -- configuration of the device. This configuration is generally -- reported to the PDP (i.e., the policy server so that the PDP can -- determine what policies to download to the PEP (i.e., the device). qosDeviceConfig ::= { qosPolicy 1 } qosPrcSupportTable OBJECT-TYPE SYNTAX SEQUENCE OF QosPrcSupportEntry POLICY-ACCESS notify STATUS current DESCRIPTION "Each instance of this class specifies a PRC that the device supports and a bit string to indicate the attributes of the class that are supported. These PRIs are sent to the PDP to indicate to the PDP which PRCs, and which attributes of these PRCs, the device supports. All install and install-notify PRCs Expires August 1999 [Page 8] Draft Initial PIB February 1999 supported by the device must be represented in this table." ::= { qosDeviceConfig 1 } qosPrcSupportEntry OBJECT-TYPE SYNTAX QosPrcSupportEntry INDEX { qosPrcSupportId } ::= { qosPrcSupportTable 1 } QosPrcSupportEntry ::= SEQUENCE { qosPrcSupportId PolicyInstanceId, qosPrcSupportSupportedPrc OBJECT IDENTIFIER, qosPrcSupportSupportedAttrs OCTET STRING } qosPrcSupportId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "Id to uniquely identify an instance." ::= { qosPrcSupportEntry 1 } qosPrcSupportSupportedPrc OBJECT-TYPE SYNTAX OBJECT IDENTIFIER DESCRIPTION "The object ID of a supported PRC. There may not be more than one instance of PRC qosPrcSupportTable with the same value of qosPrcSupportSupportedPrc." ::= { qosPrcSupportEntry 2 } qosPrcSupportSupportedAttrs OBJECT-TYPE SYNTAX OCTET STRING DESCRIPTION "A bit string representing the supported attributes of the class." ::= { qosPrcSupportEntry 3 } qosDevicePibIncarnationTable OBJECT-TYPE SYNTAX SEQUENCE OF QosDevicePibIncarnationEntry POLICY-ACCESS install-notify STATUS current DESCRIPTION "This class contains a single policy rule instance that identifies the current incarnation of the PIB and the PDP Expires August 1999 [Page 9] Draft Initial PIB February 1999 that installed this incarnation. The instance of this class is reported to the PDP at client connect time so that the PDP can (attempt to) ascertain the current state of the PIB." INSTALL-ERRORS { tooManyPris(1), } ::= { qosDeviceConfig 2 } qosDevicePibIncarnationEntry OBJECT-TYPE SYNTAX QosDevicePibIncarnationEntry INDEX { qosDeviceIncarnationId } ::= { qosDevicePibIncarnationTable 1 } QosDevicePibIncarnationEntry ::= SEQUENCE { qosDeviceIncarnationId PolicyInstanceId, qosDevicePdpName DisplayString qosDevicePibIncarnation OCTET STRING, qosDevicePibTtl Unsigned32 } qosDeviceIncarnationId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "Id to uniquely identify an instance." ::= { qosDevicePibIncarnationEntry 1 } qosDevicePdpName OBJECT-TYPE SYNTAX DisplayString DESCRIPTION "The name of the PDP that installed the current incarnation of the PIB into the device. By default it is the zero length string." ::= { qosDevicePibIncarnationEntry 2 } qosDevicePibIncarnation OBJECT-TYPE SYNTAX OCTET STRING DESCRIPTION "An ID to identify the current incarnation. It has meaning to the PDP that installed the PIB and perhaps its standby PDPs. By default the zero-length string." ::= { qosDevicePibIncarnationEntry 3 } qosDevicePibTtl OBJECT-TYPE Expires August 1999 [Page 10] Draft Initial PIB February 1999 SYNTAX Unsigned32 DESCRIPTION "The number of seconds after a client close or TCP timeout for which the PEP continues to enforce the policy in the PIB. After this interval, the PIB is considered expired and the device no longer enforces the policy installed in the PIB." ::= { qosDevicePibIncarnationEntry 4 } qosInterfaceTypeTable OBJECT-TYPE SYNTAX SEQUENCE OF QosInterfaceTypeEntry POLICY-ACCESS notify STATUS current DESCRIPTION "This class describes the interface types of the interfaces that exist on the device. It includes the queue count, role combination and capabilities of interfaces. An instance is required for each different combination of queue count, role combination, and interface capabilities that is operational on the device at any given time. The PEP does not report which specific interfaces have which characteristics." ::= { qosDeviceConfig 3 } qosInterfaceTypeEntry OBJECT-TYPE SYNTAX QosInterfaceTypeEntry INDEX { qosInterfaceTypeId } ::= { qosInterfaceTypeTable 1 } QosInterfaceTypeEntry ::= SEQUENCE { qosInterfaceTypeId PolicyInstanceId, qosInterfaceQueueCount QosInterfaceQueueCount, qosInterfaceTypeRoles RoleCombination, qosInterfaceTypeCapabilities BITS } qosInterfaceTypeId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "Id to uniquely identify an instance." ::= { qosInterfaceTypeEntry 1 } qosInterfaceQueueCount OBJECT-TYPE SYNTAX QosInterfaceQueueCount DESCRIPTION Expires August 1999 [Page 11] Draft Initial PIB February 1999 "The number of queues supported by interfaces to which this policy rule instance applies." ::= { qosInterfaceTypeEntry 2 } qosInterfaceTypeRoles OBJECT-TYPE SYNTAX RoleCombination DESCRIPTION "The role combination of interfaces to which this policy rule instance applies." ::= { qosInterfaceTypeEntry 3 } qosInterfaceTypeCapabilities OBJECT-TYPE SYNTAX BITS { other(1), -- Classification support inputIpClassification(2), outputIpClassification(3), -- Expect more to be added } DESCRIPTION "An enumeration of interface capabilities. Used by the PDP to select which policies and configuration it should push to the PEP." ::= { qosInterfaceTypeEntry 4 } -- -- General Config for the entire domain. -- qosDomainConfig ::= { qosPolicy 2 } -- Table of DiffServ codepoint mappings -- Maps DSCP to IP precedence and CoS qosDiffServMappingTable OBJECT-TYPE SYNTAX SEQUENCE OF QosDiffServMappingEntry POLICY-ACCESS install STATUS current DESCRIPTION "Maps each DSCP to an IP precedence and QosLayer2Cos. When configured for the first time, all 64 entries of the table Expires August 1999 [Page 12] Draft Initial PIB February 1999 must be specified. Thereafter, instances may be modified but not deleted unless all instances are deleted" INSTALL-ERRORS { tooManyPris(1), -- Must have 0 or 64 tooFewPris(2), outOfOrder(3), -- Must have all 64 values } ::= { qosDomainConfig 1 } qosDiffServMappingEntry OBJECT-TYPE SYNTAX QosDiffServMappingEntry INDEX { qosDscp } :: = { qosDiffServMappingTable 1 } QosDiffServMappingEntry ::= SEQUENCE { qosDscp Dscp, qosIpPrecedence IpPrecedence, qosL2Cos QosLayer2Cos } qosDscp OBJECT-TYPE SYNTAX Dscp DESCRIPTION "A DSCP" ::= { qosDiffServMappingEntry 1 } qosIpPrecedence OBJECT-TYPE SYNTAX IpPrecedence DESCRIPTION "The IP precedence to use when mapping this DSCP to an IP precedence." ::= { qosDiffServMappingEntry 2 } qosL2Cos OBJECT-TYPE SYNTAX QosLayer2Cos DESCRIPTION "The L2 CoS value to use when mapping this DSCP to layer 2 CoS." ::= { qosDiffServMappingEntry 3 } -- Table of Layer 2 CoS to DSCP mappings -- Expires August 1999 [Page 13] Draft Initial PIB February 1999 qosCosToDscpTable OBJECT-TYPE SYNTAX SEQUENCE OF QosCosToDscpEntry POLICY-ACCESS install STATUS current DESCRIPTION "Maps each of eight CoS values to a DSCP. When configured for the first time, all 8 entries of the table must be specified. Thereafter, instances may be modified but not deleted unless all instances are deleted." ::= { qosDomainConfig 2 } qosCosToDscpEntry OBJECT-TYPE SYNTAX QosCosToDscpEntry INDEX { qosCosToDscpCos } :: = { qosCosToDscpTable 1 } QosCosToDscpEntry ::= SEQUENCE { qosCosToDscpCos QosLayer2Cos, qosCosToDscpDscp Dscp } qosCosToDscpCos OBJECT-TYPE SYNTAX QosLayer2Cos DESCRIPTION "The L2 CoS value that is being mapped." ::= { qosDiffServMappingEntry 1 } qosCosToDscpDscp OBJECT-TYPE SYNTAX Dscp DESCRIPTION "The DSCP value to use when mapping the L2 CoS to a DSCP." ::= { qosDiffServMappingEntry 2 } -- -- The IP Classification and Policing Group -- qosIpQos ::= { qosPolicy 3 } -- The ACE Table Expires August 1999 [Page 14] Draft Initial PIB February 1999 -- qosIpAceTable OBJECT-TYPE SYNTAX SEQUENCE OF QosIpAceEntry POLICY-ACCESS install STATUS current DESCRIPTION "ACE definitions. A packet has to match all fields in an ACE. Wildcards may be specified for those fields that are not relevant." ::= { qosIpQos 1 } qosIpAceEntry OBJECT-TYPE SYNTAX QosIpAceEntry INDEX { qosIpAceId } ::= { qosIpAceTable 1 } QosIpAceEntry ::= SEQUENCE { qosIpAceId PolicyInstanceId, qosIpAceDstAddr IpAddress, qosIpAceDstAddrMask IpAddress, qosIpAceSrcAddr IpAddress, qosIpAceSrcAddrMask IpAddress, qosIpAceDscpMin Dscp, qosIpAceDscpMax Dscp, qosIpAceProtocol INTEGER, qosIpAceDstL4PortMin INTEGER, qosIpAceDstL4PortMax INTEGER, qosIpAceSrcL4PortMin INTEGER, qosIpAceSrcL4PortMax INTEGER, qosIpAcePermit TruthValue } qosIpAceId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "An integer index to uniquely identify this ACE among all the ACEs." ::= { qosIpAceEntry 1 } qosIpAceDstAddr OBJECT-TYPE SYNTAX IpAddress DESCRIPTION "The IP address to match against the packet's destination IP Expires August 1999 [Page 15] Draft Initial PIB February 1999 address." ::= { qosIpAceEntry 2 } qosIpAceDstAddrMask OBJECT-TYPE SYNTAX IpAddress DESCRIPTION "A mask for the matching of the destination IP address. A zero bit in the mask means that the corresponding bit in the address always matches." ::= { qosIpAceEntry 3 } qosIpAceSrcAddr OBJECT-TYPE SYNTAX IpAddress DESCRIPTION "The IP address to match against the packet's source IP address." ::= { qosIpAceEntry 4 } qosIpAceSrcAddrMask OBJECT-TYPE SYNTAX IpAddress DESCRIPTION "A mask for the matching of the source IP address." ::= { qosIpAceEntry 5 } qosIpAceDscpMin OBJECT-TYPE SYNTAX Dscp DESCRIPTION "The minimum value that the DSCP in the packet can have and match this ACE." ::= { qosIpAceEntry 6 } qosIpAceDscpMax OBJECT-TYPE SYNTAX Dscp DESCRIPTION "The maximum value that the DSCP in the packet can have and match this ACE." ::= { qosIpAceEntry 7 } qosIpAceProtocol OBJECT-TYPE SYNTAX INTEGER (0..255) DESCRIPTION "The IP protocol to match against the packet's protocol. A value of zero means match all." ::= { qosIpAceEntry 8 } Expires August 1999 [Page 16] Draft Initial PIB February 1999 qosIpAceDstL4PortMin OBJECT-TYPE SYNTAX INTEGER (0..65536) DESCRIPTION "The minimum value that the packet's layer 4 destination port number can have and match this ACE." ::= { qosIpAceEntry 9 } qosIpAceDstL4PortMax OBJECT-TYPE SYNTAX INTEGER (0..65536) DESCRIPTION "The maximum value that the packet's layer 4 destination port number can have and match this ACE." ::= { qosIpAceEntry 10 } qosIpAceSrcL4PortMin OBJECT-TYPE SYNTAX INTEGER (0..65536) DESCRIPTION "The minimum value that the packet's layer 4 source port number can have and match this ACE." ::= { qosIpAceEntry 11 } qosIpAceSrcL4PortMax OBJECT-TYPE SYNTAX INTEGER (0..65536) DESCRIPTION "The maximum value that the packet's layer 4 source port number can have and match this ACE." ::= { qosIpAceEntry 12 } qosIpAcePermit OBJECT-TYPE SYNTAX TruthValue DESCRIPTION "If the packet matches this ACE and the value of this attribute is true, then the matching process terminates and the QoS associated with this ACE (indirectly through the ACL) is applied to the packet. If the value of this attribute is false, then no more ACEs in this ACL are compared to this packet and matching continues with the first ACE of the next ACL." ::= { qosIpAceEntry 13 } -- The ACL Definition Table -- Expires August 1999 [Page 17] Draft Initial PIB February 1999 qosIpAclDefinitionTable OBJECT-TYPE SYNTAX QosIpAclDefinitionEntry POLICY-ACCESS install STATUS current DESCRIPTION "A class that defines a set of ACLs each being an ordered list of ACEs. Each instance of this class identifies one ACE of an ACL and the precedence order of that ACE with respect to other ACEs in the same ACL." ::= { qosIpQos 2 } qosIpAclDefinitionEntry OBJECT-TYPE SYNTAX QosIpAclDefinitionEntry INDEX { qosIpAclDefinitionId } ::= { qosIpAclDefinitionTable 1 } QosIpAclDefinitionEntry ::= SEQUENCE { qosIpAclDefinitionId PolicyInstanceId, qosIpAclId PolicyInstanceId, qosIpAceId PolicyInstanceId, qosIpAceOrder Unsigned32 } qosIpAclDefinitionId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "Unique ID of this policy rule instance." ::= { qosIpAclDefinitionEntry 1 } qosIpAclId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "An index for this ACL. There will be one instance of the class qosIpAclDefinition with this ID for each ACE in the ACL per role combination." ::= { qosIpAclDefinitionEntry 2 } qosIpAceId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "This attribute specifies the ACE in the qosIpAceTable that is in the ACL specified by qosIpAclId at the position specified by qosIpAceOrder." ::= { qosIpAclDefinitionEntry 3 } Expires August 1999 [Page 18] Draft Initial PIB February 1999 qosIpAceOrder OBJECT-TYPE SYNTAX Unsigned32 DESCRIPTION "The precedence order of this ACE. The precedence order determines the position of this ACE in the ACL. An ACE with a given precedence order is positioned in the access control list before one with a higher-valued precedence order." ::= { qosIpAclDefinitionEntry 4 } -- The ACL Action Table -- qosIpAclActionTable OBJECT-TYPE SYNTAX QosIpAclActionEntry POLICY-ACCESS install STATUS current DESCRIPTION "A class that applies a set of ACLs to interfaces specifying, for each interface, the precedence order of the ACL with respect to other ACLs applied to the same interface and, for each ACL, the action to take for a packet that matches a permit ACE in that ACL. Interfaces are specified abstractly in terms of interface roles." ::= { qosIpQos 3 } qosIpAclActionEntry OBJECT-TYPE SYNTAX QosIpAclActionEntry INDEX { qosIpAclActionId } ::= { qosIpAclActionTable 1 } QosIpAclActionEntry ::= SEQUENCE { qosIpAclActionId PolicyInstanceId, qosIpAclId PolicyInstanceId, qosIpAclInterfaceRoles RoleCombination, qosIpAclInterfaceDirection INTEGER, qosIpAclOrder Unsigned32, qosIpAclDscp Dscp } qosIpAclActionId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "An ID to uniquely identify the instance of the class." Expires August 1999 [Page 19] Draft Initial PIB February 1999 ::= { qosIpAclActionEntry 1 } qosIpAclId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "The ACL associated with this action." ::= { qosIpAclActionEntry 2 } qosIpAclInterfaceRoles OBJECT-TYPE SYNTAX RoleCombination DESCRIPTION "The interfaces to which this ACL applies specified in terms of a set of roles." ::= { qosIpAclActionEntry 3 } qosIpAclInterfaceDirection OBJECT-TYPE SYNTAX INTEGER { in(0), out(1) } DESCRIPTION "The direction of packet flow at the interface in question to which this ACL applies." ::= { qosIpAclActionEntry 4 } qosIpAclOrder OBJECT-TYPE SYNTAX Unsigned32 DESCRIPTION "An integer that determines the precedence order of this ACL in the list of ACLs applied to interfaces of the specified role combination. An ACL with a given precedence order is positioned in the list before one with a higher-valued precedence order." ::= { qosIpAclActionEntry 5 } qosIpAclDscp OBJECT-TYPE SYNTAX Dscp DESCRIPTION "The DSCP to classify the packet with in the event that the packet matches an ACE in this ACL and the ACE is a permit." ::= { qosIpAclActionEntry 6 } -- -- QoS Interface Group -- Expires August 1999 [Page 20] Draft Initial PIB February 1999 -- This group specifies the configuration of the various interface -- types including the setting of queueing parameters and the -- mapping of DSCPs to queues. qosIfParameters ::= { qosPolicy 4 } -- The Assignment of DSCPs to queues for each interface type. -- qosIfDscpAssignmentTable OBJECT-TYPE SYNTAX SEQUENCE OF QosIfDscpAssignmentEntry POLICY-ACCESS install STATUS current DESCRIPTION "The assignment of each DSCP to a queue for each interface queue count. There will be 64 instances of this class for each combination of queue count and role combination." ::= { qosIfParameters 1 } qosIfDscpAssignmentEntry OBJECT-TYPE SYNTAX QosIfDscpAssignmentEntry INDEX { qosIfDscpAssignmentId } ::= { qosIfAssignmentTable 1 } QosIfDscpAssignmentEntry ::= SEQUENCE { qosIfDscpAssignmentId PolicyInstanceId, qosIfDscpRoles RoleCombination, qosIfQueueCount QosInterfaceQueueCount, qosIfDscp Dscp, qosIfQueue INTEGER } qosIfDscpAssignmentId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "An ID to uniquely identify the instance of the class." ::= { qosIfAssignmentEntry 1 } qosIfDscpRoles OBJECT-TYPE SYNTAX RoleCombination DESCRIPTION "The role combination the interface must be configured with." ::= { qosIfAssignmentEntry 2 } Expires August 1999 [Page 21] Draft Initial PIB February 1999 qosIfQueueCount OBJECT-TYPE SYNTAX QosInterfaceQueueCount DESCRIPTION "This row applies only to interfaces that have as many queues as specified by this attribute." ::= { qosIfAssignmentEntry 3 } qosIfDscp OBJECT-TYPE SYNTAX Dscp DESCRIPTION "The DSCP to which this row applies." ::= { qosIfAssignmentEntry 4 } qosIfQueue OBJECT-TYPE SYNTAX INTEGER DESCRIPTION "The queue to be used for packets which have this DSCP. It must be in the range 1 through qosIfQueueCount." ::= { qosIfAssignmentEntry 5 } -- Weights for interfaces that support WRR. -- qosIfWeightsTable OBJECT-TYPE SYNTAX SEQUENCE OF QosIfWeightsEntry POLICY-ACCESS install STATUS current DESCRIPTION "A class of scheduling weights for each queue of an interface that supports weighted round robin scheduling. ::= { qosIfParameters 2 } qosIfWeightsEntry OBJECT-TYPE SYNTAX QosIfWeightsEntry INDEX { qosIfWeightsId } ::= { qosIfWeightsTable 1 } QosIfWeightsEntry ::= SEQUENCE { qosIfWeightsId PolicyInstanceId, qosIfWeightsRoles RoleCombination, qosIfWeightsNumQueues QosInterfaceQueueCount, qosIfWeightsQueue INTEGER, qosIfWeightsDrainSize INTEGER, Expires August 1999 [Page 22] Draft Initial PIB February 1999 qosIfWeightsQueueSize INTEGER, } qosIfWeightsId OBJECT-TYPE SYNTAX PolicyInstanceId DESCRIPTION "An ID to uniquely identify the instance of the class." ::= { qosIfWeightsEntry 1 } qosIfWeightsRoles OBJECT-TYPE SYNTAX RoleCombination DESCRIPTION "The role combination the interface must be configured with." ::= { qosIfWeightsEntry 2 } qosIfWeightsNumQueues OBJECT-TYPE SYNTAX QosInterfaceQueueCount DESCRIPTION "The value of the weight in this PRI applies only to interfaces with the number of queues specified by this attribute." ::= { qosIfWeightsEntry 3 } qosIfWeightsQueue OBJECT-TYPE SYNTAX INTEGER DESCRIPTION "The queue to which the weight applies" ::= { qosIfWeightsEntry 4 } qosIfWeightsDrainSize OBJECT-TYPE SYNTAX INTEGER DESCRIPTION "The maximum number of bytes that may be drained from the queue in one cycle. The percentage of the bandwidth allocated to this queue can be calculated from this attribute and the sum of the drain sizes of all the queues of the interface. For an interface that uses priority queueing, the drain size specifies the queue priority. The higher the drain size the higher the priority." ::= { qosIfWeightsEntry 5 } qosIfWeightsQueueSize OBJECT-TYPE SYNTAX INTEGER DESCRIPTION Expires August 1999 [Page 23] Draft Initial PIB February 1999 "The size of the queue in bytes. Some devices set queue size in terms of packets. These devices must calculate the queue size in packets by assuming an average packet size suitable for the particular interface. Some devices have a fixed size buffer to be shared among all queues. These devices must allocate a fraction of the total buffer space to this queue calculated as the the ratio of the queue size to the sum of the queue sizes for the interface." ::= { qosIfWeightsEntry 6 } END Expires August 1999 [Page 24] Draft Initial PIB February 1999 8. Security Considerations The information contained in a PIB when transported by the COPS protocol [COPS-PR] may be sensitive, and its function of provisioning a PEP requires that only authorized communication take place. The use of IPSEC between PDP and PEP, as described in [COPS], provides the necessary protection against these threats. 9. Intellectual Property Considerations The IETF is being notified of intellectual property rights claimed in regard to some or all of the specification contained in this docu- ment. For more information consult the online list of claimed rights. 10. Authors' Addresses Michael Fine Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Phone: +1 408 527 8218 Email: mfine@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Phone: +1 408 526 5260 Email: kzm@cisco.com Scott Hahn Intel 2111 NE 25th Avenue Hillsboro, OR 97124 USA 503.264.8231 Email: scott.hahn@intel.com Kwok Ho Chan Nortel Networks, Inc. 600 Technology Park Drive Billerica, MA 01821 USA Phone: (978) 916-8175 Email: khchan@nortelnetworks.com Expires August 1999 [Page 25] Draft Initial PIB February 1999 Andrew Smith Extreme Networks 10460 Bandley Drive Cupertino CA 95014 USA +1 (408) 342 0999 Email: andrew@extremenetworks.com 11. References [COPS] J. Boyle, R. Cohen, D. Durham, S. Herzog, R. Rajan, A. Sastry, "The COPS (Common Open Policy Service) Protocol" Internet-Draft, draft-ietf-rap-cops-06.txt, February 1999. [COPS-PR] R. Yavatkar, K. McCloghrie, S. Herzog, F. Reichmeyer, D. Durham, K. Chan, S. Gai, "COPS Usage for Policy Provisioning", draft-sgai-cops-provisioning-00.txt, February 1999. [QOS-POL] S. Gai, J. Strassner, D. Durham, S. Herzog, H. Mahon, F. Reichmeyer, "QoS Policy Framework Architecture", draft-sgai-policy-framework-00.txt, February 1999. [SNMP-SMI] SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose, S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996. Expires August 1999 [Page 26] Draft Initial PIB February 1999 Table of Contents 1 Glossary ........................................................ 2 2 Introduction .................................................... 2 3 Mapping the PIB to a MIB ........................................ 3 4 ACEs and ACLs ................................................... 3 5 Roles ........................................................... 4 6 Summary of the PIB .............................................. 5 7 PIB Definitions ................................................. 6 8 Security Considerations ......................................... 25 9 Intellectual Property Considerations ............................ 25 10 Authors' Addresses ............................................. 25 11 References ..................................................... 26 Expires August 1999 [Page 27]