< draft-white-slapm-mib-05.txt   draft-white-slapm-mib-06.txt >
Network Working Group Kenneth White Network Working Group Kenneth White
Internet-draft IBM Corp. Internet-draft IBM Corp.
Expiration Date: January 2000 Expiration Date: March 2000
July 1999 September 1999
Definitions of Managed Objects for Definitions of Managed Objects for
Service Level Agreements Service Level Agreements
Performance Monitoring Performance Monitoring
<draft-white-slapm-mib-05.txt> <draft-white-slapm-mib-06.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet Drafts are working documents of the Internet Engineering Task Internet Drafts are working documents of the Internet Engineering Task
Force (IETF), its Areas, and its Working Groups. Note that other groups Force (IETF), its Areas, and its Working Groups. Note that other groups
may also distribute working documents as Internet Drafts. may also distribute working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other Internet Drafts may be updated, replaced, or obsoleted by other
documents at any time. It is not appropriate to use Internet Drafts as documents at any time. It is not appropriate to use Internet Drafts as
reference material or to cite them other than as a "working draft" or reference material or to cite them other than as a "working draft" or
"work in progress." "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Please check the I-D abstract listing contained in each Internet Draft Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any Internet Draft. directory to learn the current status of this or any Internet Draft.
Distribution of this document is unlimited. Distribution of this document is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved. Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract Abstract
This memo defines a Management Information Base (MIB) for performance This memo defines a Management Information Base (MIB) for performance
monitoring of Service Level Agreements (SLAs) defined via policy monitoring of Service Level Agreements (SLAs) defined via policy
definitions. The MIB defined herein focuses on defining a set of definitions. The MIB defined herein focuses on defining a set of
objects for monitoring SLAs and not on replication of the content of the objects for monitoring SLAs and not on replication of the content of the
policy definitions being monitored. The goal of the MIB defined within policy definitions being monitored. The goal of the MIB defined within
this document is to defined statistics related to a policy rule this document is to defined statistics related to a policy rule
definition for reporting on the effect that a policy rule has on a definition for reporting on the effect that a policy rule has on a
system and to defined a method of monitoring this data. system and to defined a method of monitoring this data.
Table of Contents Table of Contents
1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.0 The SNMP Network Management Framework . . . . . . . . . . . . 3 2.0 The SNMP Network Management Framework . . . . . . . . . . . . 3
3.0 Structure of the MIB . . . . . . . . . . . . . . . . . . . . . 3 3.0 Structure of the MIB . . . . . . . . . . . . . . . . . . . . . 3
3.1 Global simple objects . . . . . . . . . . . . . . . . . . . . 4 3.1 Scalar objects . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2 slapmPolicyNameTable . . . . . . . . . . . . . . . . . . . . . 5 3.2 slapmPolicyNameTable . . . . . . . . . . . . . . . . . . . . . 5
3.3 slapmPolicyRuleStatsTable . . . . . . . . . . . . . . . . . . 5 3.3 slapmPolicyRuleStatsTable . . . . . . . . . . . . . . . . . . 6
3.4 slapmPRMonTable . . . . . . . . . . . . . . . . . . . . . . . 6 3.4 slapmPRMonTable . . . . . . . . . . . . . . . . . . . . . . . 6
3.5 slapmSubcomponentTable . . . . . . . . . . . . . . . . . . . . 7 3.5 slapmSubcomponentTable . . . . . . . . . . . . . . . . . . . . 7
4.0 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 8 4.0 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.0 Security Considerations . . . . . . . . . . . . . . . . . . . 61 5.0 Security Considerations . . . . . . . . . . . . . . . . . . . 61
6.0 Intellectual Property . . . . . . . . . . . . . . . . . . . . 61 6.0 Intellectual Property . . . . . . . . . . . . . . . . . . . . 62
7.0 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 61 7.0 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 62
8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . 62 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . 62
9.0 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 63 9.0 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 64
10.0 Full Copyright Statement . . . . . . . . . . . . . . . . . . 63 10.0 Full Copyright Statement . . . . . . . . . . . . . . . . . . 64
1.0 Introduction 1.0 Introduction
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119, reference [13]. document are to be interpreted as described in RFC 2119, reference [13].
This document's purpose is to define a MIB module for performance This document's purpose is to define a MIB module for performance
management of Service Level Agreements (SLAs). It is assumed that an management of Service Level Agreements (SLAs). It is assumed that an
SLA is defined via policy schema definitions. The policy definitions SLA is defined via policy schema definitions. The policy definitions
skipping to change at page 3, line 53 skipping to change at page 3, line 53
translation is possible (use of Counter64). Some machine readable translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the readable information is not considered to change the semantics of the
MIB. MIB.
3.0 Structure of the MIB 3.0 Structure of the MIB
The SLAPM-MIB consists of the following components: The SLAPM-MIB consists of the following components:
o Global simple objects o scalar objects
o slapmPolicyNameTable o slapmPolicyNameTable
o slapmPolicyRuleStatsTable (equivalent to the deprecated o slapmPolicyRuleStatsTable (equivalent to the deprecated
slapmPolicyStatsTable) slapmPolicyStatsTable)
o slapmPRMonTable (equivalent to the deprecated o slapmPRMonTable (equivalent to the deprecated
slapmPolicyMonitorTable) slapmPolicyMonitorTable)
o slapmSubcomponentTable o slapmSubcomponentTable
Refer to the compliance statement defined within SLAPM-MIB for a Refer to the compliance statement defined within SLAPM-MIB for a
definition of what objects and notifications MUST be implemented by all definition of what objects and notifications MUST be implemented by all
systems as opposed to those that MUST be implemented by end systems systems as opposed to those that MUST be implemented by end systems
only. only.
Initially most of the tables defined by the MIB module within this Initially most of the tables defined by the MIB module within this
document where directly indexed using a policy's name and a subbordinate document where directly indexed using a policy's name and a subordinate
traffic profile name. Over time the structure and resulting naming has traffic profile name. Over time the structure and resulting naming has
grown more complex and as such has exceeded the capacity of being used grown more complex and as such has exceeded the capacity of being used
as a direct MIB table index. As a result of this the original tables as a direct MIB table index. As a result of this the original tables
(slapmPolicyStatsTable and slapmPolicyMonitorTable) have been deprecated (slapmPolicyStatsTable and slapmPolicyMonitorTable) have been deprecated
and replaced with new tables that use an Unsigned32 index element and replaced with new tables that use an Unsigned32 index element
instead of "names". A new table has been defined, slapmPolicyNameTable, instead of "names". A new table has been defined, slapmPolicyNameTable,
that maps the Unsigned32 index to a unique name associated with a given that maps the Unsigned32 index to a unique name associated with a given
policy rule definition. policy rule definition.
3.1 Global simple objects 3.1 Scalar objects
Global objects defined within SLAPM-MIB: Global objects defined within SLAPM-MIB:
o slapmSpinLock o slapmSpinLock
Enables multiple management application access to SLAPM-MIB. An Enables multiple management application access to SLAPM-MIB. An
agent MUST implement the slapmSpinLock object to enable management agent MUST implement the slapmSpinLock object to enable management
applications to coordinate their use of the SLAPM-MIB. Management applications to coordinate their use of the SLAPM-MIB. Management
application use of slapmSpinLock is OPTIONAL. application use of slapmSpinLock is OPTIONAL.
skipping to change at page 5, line 53 skipping to change at page 5, line 53
commonName. It specifies a user-friendly name by which the object is commonName. It specifies a user-friendly name by which the object is
commonly known. This name may be ambiguous by itself. This name is commonly known. This name may be ambiguous by itself. This name is
used in a limited scope (such as an organization). It conforms to the used in a limited scope (such as an organization). It conforms to the
naming conventions of the country or culture with which it is naming conventions of the country or culture with which it is
associated. CN is used universally in DEN as the naming attribute for a associated. CN is used universally in DEN as the naming attribute for a
class." class."
An slapmPolicyNameEntry contains a single object, slapmPolicyNameOfRule, An slapmPolicyNameEntry contains a single object, slapmPolicyNameOfRule,
that contains the unique name associated with a policy rule instance. that contains the unique name associated with a policy rule instance.
An slapmPolicyNameEntry is indexed by a Unsigned32 index, An slapmPolicyNameEntry is indexed by a Unsigned32 index,
slapmPolciNameIndex, that is assigned by the implementation of this MIB. slapmPolicyNameIndex, that is assigned by the implementation of this
MIB.
3.3 slapmPolicyRuleStatsTable 3.3 slapmPolicyRuleStatsTable
This table is functionally equivalent to the deprecated This table is functionally equivalent to the deprecated
slapmPolicyStatsTable. The slapmPolicyStatsTable uses the name of both a slapmPolicyStatsTable. The slapmPolicyStatsTable uses the name of both a
policy definition and a traffic profile name to index an entry. The policy definition and a traffic profile name to index an entry. The
slapmPolicyRuleStatsTable uses an slapmPolicyNameEntry index slapmPolicyRuleStatsTable uses an slapmPolicyNameEntry index
(Unsigned32) instead. (Unsigned32) instead.
The slapmPolicyRuleStatsTable is the main table defined by SLAPM-MIB. The slapmPolicyRuleStatsTable is the main table defined by SLAPM-MIB.
The primary index for this table is slapmPolicyNameSystemAddress that The primary index for this table is slapmPolicyNameSystemAddress that
enables support of multiple systems from a single policy agent. The enables support of multiple systems from a single policy agent. The
index element, slapmPolicyNameSystemAddress, value must be either the index element, slapmPolicyNameSystemAddress, value must be either the
zero-length octet string when at a policy agent only a single system is zero-length octet string when at a policy agent only a single system is
being support, 4 octets for a ipv4 address, or 16 octets for a ipv6 being support, 4 octets for a ipv4 address, or 16 octets for a ipv6
address. address.
It is possible that on a single system multiple policy agent instances It is possible that on a single system multiple policy agent instances
exists. The Entity MIB, refer to [20], should be used to handle the exists. The Entity MIB, refer to [19], should be used to handle the
resulting MIBs. resulting MIBs.
With respect to slapmPolicyNameSystemAddress one With respect to slapmPolicyNameSystemAddress one
slapmPolicyRuleStatsEntry exists for each policy rule instance. Entries slapmPolicyRuleStatsEntry exists for each policy rule instance. Entries
in this table are not administered via SNMP. An agent implementation in this table are not administered via SNMP. An agent implementation
for this table MUST reflect its current set of policy rule instances via for this table MUST reflect its current set of policy rule instances via
table entries. The mechanisms for policy administration are outside of table entries. The mechanisms for policy administration are outside of
the scope of this memo. the scope of this memo.
3.4 slapmPRMonTable 3.4 slapmPRMonTable
skipping to change at page 7, line 48 skipping to change at page 7, line 51
generated. The slapmPRMonControl BITS setting generated. The slapmPRMonControl BITS setting
monitorSubcomponents(5) MUST be selected in order for this setting monitorSubcomponents(5) MUST be selected in order for this setting
to be allowed. to be allowed.
o monitorSubcomponents(5) o monitorSubcomponents(5)
If selected monitor slapmSubcomponentTable entries individually. If selected monitor slapmSubcomponentTable entries individually.
Note: aggregate policy rule monitoring is always enabled. Note: aggregate policy rule monitoring is always enabled.
The index element slapmPRMonOwnerIndex is used as the first index in The index element slapmPRMonOwnerIndex is used as the first index in
slapmPRMonTable in order to enable SNMPv3 VACM security control. The slapmPRMonTable in order to enable SNMP VACM security control. The
slapmPRMonTable is the only table that supports SNMP RowStatus slapmPRMonTable is the only table that supports SNMP RowStatus
operations. operations.
3.5 slapmSubcomponentTable 3.5 slapmSubcomponentTable
Entries are made into this table for the protocol entities (policy Entries are made into this table for the protocol entities (policy
traffic profile subcomponents) to indicate actual policy rule usage, traffic profile subcomponents) to indicate actual policy rule usage,
provide general statistics at either a TCP connection or UDP listener provide general statistics at either a TCP connection or UDP listener
level, and enable subcomponent monitoring. level, and enable subcomponent monitoring.
skipping to change at page 8, line 26 skipping to change at page 8, line 27
TEXTUAL-CONVENTION, RowStatus, TEXTUAL-CONVENTION, RowStatus,
TestAndIncr, DateAndTime TestAndIncr, DateAndTime
FROM SNMPv2-TC -- RFC2579 FROM SNMPv2-TC -- RFC2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- RFC2580 FROM SNMPv2-CONF -- RFC2580
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB; -- RFC2571 FROM SNMP-FRAMEWORK-MIB; -- RFC2571
slapmMIB MODULE-IDENTITY slapmMIB MODULE-IDENTITY
LAST-UPDATED "9907280000Z" LAST-UPDATED "9910130000Z"
ORGANIZATION "Internet Engineering Task Force (IETF)" ORGANIZATION "Internet Engineering Task Force (IETF)"
CONTACT-INFO CONTACT-INFO
"Kenneth White "Kenneth White
International Business Machines Corporation International Business Machines Corporation
Network Computing Software Division Network Computing Software Division
Research Triangle Park, NC, USA Research Triangle Park, NC, USA
E-mail: wkenneth@us.ibm.com" E-mail: wkenneth@us.ibm.com"
DESCRIPTION DESCRIPTION
"The Service Level Agreement Performance Monitoring MIB "The Service Level Agreement Performance Monitoring MIB
(SLAPM-MIB) provides data collection and monitoring (SLAPM-MIB) provides data collection and monitoring
capabilities for Service Level Agreements (SLAs) capabilities for Service Level Agreements (SLAs)
policy definitions." policy definitions."
-- Revision history
REVISION "9910130000Z" -- 13 Oct. 1999
DESCRIPTION
"This version published as RFC xxxx."
-- RFC-editor assigns xxxx
::= { experimental 88 } ::= { experimental 88 }
-- Textual Conventions -- Textual Conventions
SlapmNameType ::= TEXTUAL-CONVENTION SlapmNameType ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The textual convention for naming entities "The textual convention for naming entities
within this MIB. The actual contents of an object within this MIB. The actual contents of an object
defined using this textual convention should consist defined using this textual convention should consist
skipping to change at page 9, line 36 skipping to change at page 9, line 45
slaMinOutRateNotAchieved(3), slaMinOutRateNotAchieved(3),
slaMaxOutRateExceeded(4), slaMaxOutRateExceeded(4),
monitorMinInRateNotAchieved(5), monitorMinInRateNotAchieved(5),
monitorMaxInRateExceeded(6), monitorMaxInRateExceeded(6),
monitorMaxDelayExceeded(7), monitorMaxDelayExceeded(7),
monitorMinOutRateNotAchieved(8), monitorMinOutRateNotAchieved(8),
monitorMaxOutRateExceeded(9) monitorMaxOutRateExceeded(9)
} }
SlapmPolicyRuleName ::= TEXTUAL-CONVENTION SlapmPolicyRuleName ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1024a" DISPLAY-HINT "1024t"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"To facilitate internationalization, this TC "To facilitate internationalization, this TC
represents information taken from the ISO/IEC IS represents information taken from the ISO/IEC IS
10646-1 character set, encoded as an octet string 10646-1 character set, encoded as an octet string
using the UTF-8 character encoding scheme described using the UTF-8 character encoding scheme described
in RFC 2044. For strings in 7-bit US-ASCII, in RFC 2044. For strings in 7-bit US-ASCII,
there is no impact since the UTF-8 representation there is no impact since the UTF-8 representation
is identical to the US-ASCII encoding." is identical to the US-ASCII encoding."
SYNTAX OCTET STRING (SIZE (0..1024)) SYNTAX OCTET STRING (SIZE (0..1024))
-- Top-level structure of the MIB -- Top-level structure of the MIB
slapmNotifications OBJECT IDENTIFIER ::= { slapmMIB 0 } slapmNotifications OBJECT IDENTIFIER ::= { slapmMIB 0 }
slapmObjects OBJECT IDENTIFIER ::= { slapmMIB 1 } slapmObjects OBJECT IDENTIFIER ::= { slapmMIB 1 }
slapmConformance OBJECT IDENTIFIER ::= { slapmMIB 2 } slapmConformance OBJECT IDENTIFIER ::= { slapmMIB 2 }
-- All simple objects -- All scalar objects
slapmBaseObjects OBJECT IDENTIFIER ::= { slapmObjects 1 } slapmBaseObjects OBJECT IDENTIFIER ::= { slapmObjects 1 }
-- Simple Object Definitions -- Scalar Object Definitions
slapmSpinLock OBJECT-TYPE slapmSpinLock OBJECT-TYPE
SYNTAX TestAndIncr SYNTAX TestAndIncr
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An advisory lock used to allow cooperating applications "An advisory lock used to allow cooperating applications
to coordinate their use of the contents of this MIB. This to coordinate their use of the contents of this MIB. This
typically occurs when an application seeks to create an typically occurs when an application seeks to create an
new entry or alter an existing entry in new entry or alter an existing entry in
skipping to change at page 13, line 45 skipping to change at page 13, line 54
slapmPolicyStatsInPackets Counter32, slapmPolicyStatsInPackets Counter32,
slapmPolicyStatsOutPackets Counter32, slapmPolicyStatsOutPackets Counter32,
slapmPolicyStatsInProfileOctets Counter32, slapmPolicyStatsInProfileOctets Counter32,
slapmPolicyStatsOutProfileOctets Counter32, slapmPolicyStatsOutProfileOctets Counter32,
slapmPolicyStatsMinRate Integer32, slapmPolicyStatsMinRate Integer32,
slapmPolicyStatsMaxRate Integer32, slapmPolicyStatsMaxRate Integer32,
slapmPolicyStatsMaxDelay Integer32 slapmPolicyStatsMaxDelay Integer32
} }
slapmPolicyStatsSystemAddress OBJECT-TYPE slapmPolicyStatsSystemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"Address of a system that an Policy definition relates to. "Address of a system that an Policy definition relates to.
A zero length octet string must be used to indicate that A zero length octet string must be used to indicate that
only a single system is being represented. only a single system is being represented.
Otherwise, the length of the octet string must be Otherwise, the length of the octet string must be
4 for an ipv4 address or 16 for an ipv6 address." 4 for an ipv4 address or 16 for an ipv6 address."
::= { slapmPolicyStatsEntry 1 } ::= { slapmPolicyStatsEntry 1 }
skipping to change at page 14, line 32 skipping to change at page 14, line 41
inactive(1), inactive(1),
active(2), active(2),
deleteNeeded(3) deleteNeeded(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The state of a policy entry: "The state of a policy entry:
inactive(1) - An policy entry was either defined inactive(1) - An policy entry was either defined
by local SYSDEF or discovered via by local system definition or
a directory search but has not been discovered via a directory search
activated (not currently being used). but has not been activated (not
currently being used).
active(2) - Policy entry is being used to affect active(2) - Policy entry is being used to affect
traffic flows. traffic flows.
deleteNeeded(3) - Either though local implementation deleteNeeded(3) - Either though local implementation
dependent methods or by discovering dependent methods or by discovering
that the directory entry corresponding that the directory entry corresponding
to this table entry no longer to this table entry no longer
exists and slapmPolicyPurgeTime needs exists and slapmPolicyPurgeTime needs
to expire before attempting to remove to expire before attempting to remove
the corresponding slapmPolicyStatsEntry the corresponding slapmPolicyStatsEntry
and any dependent slapmPolicyMonitor and any dependent slapmPolicyMonitor
skipping to change at page 19, line 52 skipping to change at page 20, line 9
subidentifier) up to the end of the encoded owner index. subidentifier) up to the end of the encoded owner index.
To configure VACM to permit access to this portion of the To configure VACM to permit access to this portion of the
table, one would create vacmViewTreeFamilyTable entries table, one would create vacmViewTreeFamilyTable entries
with the value of vacmViewTreeFamilySubtree including the with the value of vacmViewTreeFamilySubtree including the
owner index portion, and vacmViewTreeFamilyMask owner index portion, and vacmViewTreeFamilyMask
'wildcarding' the column subidentifier. More elaborate 'wildcarding' the column subidentifier. More elaborate
configurations are possible." configurations are possible."
::= { slapmPolicyMonitorEntry 1 } ::= { slapmPolicyMonitorEntry 1 }
slapmPolicyMonitorSystemAddress OBJECT-TYPE slapmPolicyMonitorSystemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"Address of a system that an Policy definition relates to. "Address of a system that an Policy definition relates to.
A zero length octet string can be used to indicate that A zero length octet string can be used to indicate that
only a single system is being represented. only a single system is being represented.
Otherwise, the length of the octet string should be Otherwise, the length of the octet string should be
4 for an ipv4 address and 16 for an ipv6 address." 4 for an ipv4 address and 16 for an ipv6 address."
::= { slapmPolicyMonitorEntry 2 } ::= { slapmPolicyMonitorEntry 2 }
slapmPolicyMonitorPolicyName OBJECT-TYPE slapmPolicyMonitorPolicyName OBJECT-TYPE
SYNTAX SlapmNameType SYNTAX SlapmNameType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
skipping to change at page 28, line 32 skipping to change at page 28, line 42
slapmSubcomponentOutPdus Counter32, slapmSubcomponentOutPdus Counter32,
slapmSubcomponentApplName SnmpAdminString, slapmSubcomponentApplName SnmpAdminString,
slapmSubcomponentMonitorStatus SlapmStatus, slapmSubcomponentMonitorStatus SlapmStatus,
slapmSubcomponentMonitorIntTime DateAndTime, slapmSubcomponentMonitorIntTime DateAndTime,
slapmSubcomponentMonitorCurrentInRate Gauge32, slapmSubcomponentMonitorCurrentInRate Gauge32,
slapmSubcomponentMonitorCurrentOutRate Gauge32, slapmSubcomponentMonitorCurrentOutRate Gauge32,
slapmSubcomponentPolicyRuleIndex Unsigned32 slapmSubcomponentPolicyRuleIndex Unsigned32
} }
slapmSubcomponentRemAddress OBJECT-TYPE slapmSubcomponentRemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicate the remote address of a subcomponent. "Indicate the remote address of a subcomponent.
A remote address can be either an ipv4 address in which A remote address can be either an ipv4 address in which
case 4 octets are required or as an ipv6 address that case 4 octets are required or as an ipv6 address that
requires 16 octets. The value of this subidentifier requires 16 octets. The value of this subidentifier
is a zero length octet string when this entry relates is a zero length octet string when this entry relates
to a UDP listener." to a UDP listener."
::= { slapmSubcomponentEntry 1 } ::= { slapmSubcomponentEntry 1 }
skipping to change at page 29, line 34 skipping to change at page 29, line 44
tcpConnection(2) tcpConnection(2)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicate the protocol in use that identifies the "Indicate the protocol in use that identifies the
type of subcomponent." type of subcomponent."
::= { slapmSubcomponentEntry 5 } ::= { slapmSubcomponentEntry 5 }
slapmSubcomponentSystemAddress OBJECT-TYPE slapmSubcomponentSystemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address of a system that an Policy definition relates to. "Address of a system that an Policy definition relates to.
A zero length octet string can be used to indicate that A zero length octet string can be used to indicate that
only a single system is being represented. only a single system is being represented.
Otherwise, the length of the octet string should be Otherwise, the length of the octet string should be
4 for an ipv4 address and 16 for an ipv6 address." 4 for an ipv4 address and 16 for an ipv6 address."
::= { slapmSubcomponentEntry 6 } ::= { slapmSubcomponentEntry 6 }
skipping to change at page 34, line 10 skipping to change at page 34, line 20
the slapmPRMonControl (or slapmPolicyMonitorControl) the slapmPRMonControl (or slapmPolicyMonitorControl)
BITS setting monitorSubcomponents(5) enabled. The value BITS setting monitorSubcomponents(5) enabled. The value
of this object is zero when monitoring is not in effect." of this object is zero when monitoring is not in effect."
::= { slapmSubcomponentEntry 23 } ::= { slapmSubcomponentEntry 23 }
slapmSubcomponentPolicyRuleIndex OBJECT-TYPE slapmSubcomponentPolicyRuleIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Points to an slapmPolicyNameEntry to indicate the "Points to an slapmPolicyNameEntry when combined with
slapmSubcomponentSystemAddress to indicate the
policy naming that relates to this entry." policy naming that relates to this entry."
::= { slapmSubcomponentEntry 24 } ::= { slapmSubcomponentEntry 24 }
-- Table that maps an unsigned integer index to whatever -- Table that maps an unsigned integer index to whatever
-- names a policy rule. -- names a policy rule.
slapmPolicyNameTable OBJECT-TYPE slapmPolicyNameTable OBJECT-TYPE
SYNTAX SEQUENCE OF SlapmPolicyNameEntry SYNTAX SEQUENCE OF SlapmPolicyNameEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 34, line 47 skipping to change at page 35, line 6
::= { slapmPolicyNameTable 1 } ::= { slapmPolicyNameTable 1 }
SlapmPolicyNameEntry ::= SlapmPolicyNameEntry ::=
SEQUENCE { SEQUENCE {
slapmPolicyNameSystemAddress OCTET STRING, slapmPolicyNameSystemAddress OCTET STRING,
slapmPolicyNameIndex Unsigned32, slapmPolicyNameIndex Unsigned32,
slapmPolicyNameOfRule SlapmPolicyRuleName slapmPolicyNameOfRule SlapmPolicyRuleName
} }
slapmPolicyNameSystemAddress OBJECT-TYPE slapmPolicyNameSystemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address of a system that an Policy rule definition relates "Address of a system that an Policy rule definition relates
to. A zero length octet string must be used to indicate to. A zero length octet string must be used to indicate
that only a single system is being represented. that only a single system is being represented.
Otherwise, the length of the octet string must be Otherwise, the length of the octet string must be
4 for an ipv4 address or 16 for an ipv6 address." 4 for an ipv4 address or 16 for an ipv6 address."
::= { slapmPolicyNameEntry 1 } ::= { slapmPolicyNameEntry 1 }
slapmPolicyNameIndex OBJECT-TYPE slapmPolicyNameIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A locally arbitrary, but unique identifier associated "A locally arbitrary, but unique identifier associated
with this table entry. This value is not expected to with this table entry. This value is not expected to
remain constant across reIPLs." remain constant across reIPLs."
skipping to change at page 36, line 38 skipping to change at page 36, line 49
inactive(1), inactive(1),
active(2), active(2),
deleteNeeded(3) deleteNeeded(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The state of a policy entry: "The state of a policy entry:
inactive(1) - An policy entry was either defined inactive(1) - An policy entry was either defined
by local SYSDEF or discovered via by local system definition or
discovered via
a directory search but has not been a directory search but has not been
activated (not currently being used). activated (not currently being used).
active(2) - Policy entry is being used to affect active(2) - Policy entry is being used to affect
traffic flows. traffic flows.
deleteNeeded(3) - Either though local implementation deleteNeeded(3) - Either though local implementation
dependent methods or by discovering dependent methods or by discovering
that the directory entry corresponding that the directory entry corresponding
to this table entry no longer to this table entry no longer
exists and slapmPolicyPurgeTime needs exists and slapmPolicyPurgeTime needs
to expire before attempting to remove to expire before attempting to remove
the corresponding slapmPolicyStatsEntry the corresponding slapmPolicyStatsEntry
and any dependent slapmPolicyMonitor and any dependent slapmPolicyMonitor
table entries. table entries.
Note: a policy traffic profile in a state other than Note: a policy rule in a state other than
active(1) is not being used to affect traffic flows." active(2) is not being used to affect traffic flows."
::= { slapmPolicyRuleStatsEntry 1 } ::= { slapmPolicyRuleStatsEntry 1 }
slapmPolicyRuleStatsActiveConns OBJECT-TYPE slapmPolicyRuleStatsActiveConns OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of active TCP connections that are "The number of active TCP connections that are
affected by the corresponding policy entry." affected by the corresponding policy entry."
::= { slapmPolicyRuleStatsEntry 2 } ::= { slapmPolicyRuleStatsEntry 2 }
skipping to change at page 42, line 14 skipping to change at page 42, line 26
subidentifier) up to the end of the encoded owner index. subidentifier) up to the end of the encoded owner index.
To configure VACM to permit access to this portion of the To configure VACM to permit access to this portion of the
table, one would create vacmViewTreeFamilyTable entries table, one would create vacmViewTreeFamilyTable entries
with the value of vacmViewTreeFamilySubtree including the with the value of vacmViewTreeFamilySubtree including the
owner index portion, and vacmViewTreeFamilyMask owner index portion, and vacmViewTreeFamilyMask
'wildcarding' the column subidentifier. More elaborate 'wildcarding' the column subidentifier. More elaborate
configurations are possible." configurations are possible."
::= { slapmPRMonEntry 1 } ::= { slapmPRMonEntry 1 }
slapmPRMonSystemAddress OBJECT-TYPE slapmPRMonSystemAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..16)) SYNTAX OCTET STRING (SIZE(0 | 4 | 16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address of a system that an Policy definition relates to. "Address of a system that an Policy definition relates to.
A zero length octet string can be used to indicate that A zero length octet string can be used to indicate that
only a single system is being represented. only a single system is being represented.
Otherwise, the length of the octet string should be Otherwise, the length of the octet string should be
4 for an ipv4 address and 16 for an ipv6 address." 4 for an ipv4 address and 16 for an ipv6 address."
::= { slapmPRMonEntry 2 } ::= { slapmPRMonEntry 2 }
skipping to change at page 43, line 5 skipping to change at page 43, line 17
of monitoring that is applied to a policy rule. The of monitoring that is applied to a policy rule. The
value of this object can't be changed once the table value of this object can't be changed once the table
entry that it is a part of is activated via a entry that it is a part of is activated via a
slapmPRMonRowStatus transition to active state. slapmPRMonRowStatus transition to active state.
monitorMinRate(0) - Monitor minimum transfer rate. monitorMinRate(0) - Monitor minimum transfer rate.
monitorMaxRate(1) - Monitor maximum transfer rate. monitorMaxRate(1) - Monitor maximum transfer rate.
monitorMaxDelay(2) - Monitor maximum delay. monitorMaxDelay(2) - Monitor maximum delay.
enableAggregateTraps(3) - The enableAggregateTraps(3) enableAggregateTraps(3) - The enableAggregateTraps(3)
BITS setting enables notification generation BITS setting enables notification generation
when monitoring a policy traffic profile as an when monitoring a policy rule as an
aggregate using the values in the corresponding aggregate using the values in the corresponding
slapmPRMonStatsEntry. By default this function slapmPRMonStatsEntry. By default this function
is not enabled. is not enabled.
enableSubcomponentTraps(4) - This BITS setting enables enableSubcomponentTraps(4) - This BITS setting enables
notification generation when monitoring all notification generation when monitoring all
subcomponents that are mapped to an corresponding subcomponents that are mapped to an corresponding
slapmPRMonStatsEntry. By default this slapmPRMonStatsEntry. By default this
function is not enabled. function is not enabled.
monitorSubcomponents(5) - This BITS setting enables monitorSubcomponents(5) - This BITS setting enables
monitoring of each subcomponent (typically a monitoring of each subcomponent (typically a
skipping to change at page 61, line 4 skipping to change at page 61, line 16
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The group of notifications defined by this MIB that MUST "The group of notifications defined by this MIB that MUST
be implemented." be implemented."
::= { slapmGroups 8 } ::= { slapmGroups 8 }
slapmEndSystemNotGroup2 NOTIFICATION-GROUP slapmEndSystemNotGroup2 NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
slapmSubcMonitorNotOkay, slapmSubcMonitorNotOkay,
slapmSubcMonitorOkay slapmSubcMonitorOkay
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The group of objects defined by this MIB that are "The group of objects defined by this MIB that are
required for end system implementations." required for end system implementations."
::= { slapmGroups 9 } ::= { slapmGroups 9 }
END END
5.0 Security Considerations 5.0 Security Considerations
Certain management information defined in this MIB may be considered Certain management information in the MIB defined by this document may
sensitive in some network environments. Therefore, authentication of be considered sensitive in some network environments. Therefore,
received SNMP requests and controlled access to management information authentication of received SNMP requests and controlled access to
SHOULD be employed in such environments. The method for this management information SHOULD be employed in such environments. The
authentication is a function of the SNMP Administrative Framework, and method for this authentication is a function of the SNMP Administrative
has not been expanded by this MIB. Framework, and has not been expanded by this MIB.
To facilitate the provisioning of access control by a security
administrator using the View-Based Access Control Model (VACM) defined
in RFC 2575 [11] for tables in which multiple users may need to
independently create or modify entries, the initial index is used as an
"owner index" (refer to slapmPRMonOwnerIndex in an slapmPRMonEntry).
Such an initial index has a syntax of SnmpAdminString, and can thus be
trivially mapped to a securityName or groupName as defined in VACM, in
accordance with a security policy.
All entries in related tables belonging to a particular user will have
the same value for this initial index. For a given user's entries in a
particular table, the object identifiers for the information in these
entries will have the same subidentifiers (except for the "column"
subidentifier) up to the end of the encoded owner index. To configure
VACM to permit access to this portion of the table, one would create
vacmViewTreeFamilyTable entries with the value of
vacmViewTreeFamilySubtree including the owner index portion, and
vacmViewTreeFamilyMask "wildcarding" the column subidentifier. More
elaborate configurations are possible. The VACM access control
mechanism described above provides control
It is RECOMMENDED that the slapmPRMonTable (equivalent to the deprecated It is RECOMMENDED that the slapmPRMonTable (equivalent to the deprecated
slapmPolicyMonitorTable) and the slapmSubcomponentTable not be supported slapmPolicyMonitorTable) and the slapmSubcomponentTable not be supported
in insecure environments. in insecure environments.
6.0 Intellectual Property 6.0 Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to pertain intellectual property or other rights that might be claimed to pertain
to the implementation or use of the technology described in this to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or document or the extent to which any license under such rights might or
skipping to change at page 63, line 32 skipping to change at page 64, line 16
"Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research,
Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
International Network Services, January 1996. International Network Services, January 1996.
[18] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport [18] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport
Mappings for Version 2 of the Simple Network Management Protocol Mappings for Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc.,
Dover Beach Consulting, Inc., International Network Services, Dover Beach Consulting, Inc., International Network Services,
January 1996. January 1996.
[19] "Schema for Service Level Administration of Differentiated Services [19] McCloghrie, K. and Bierman, A., "Entity MIB using SMIv2", RFC 2037,
and Integrated Services in Networks",
<draft-ellesson-sla-schema-02.txt>, June 1, 1998.
[20] McCloghrie, K. and Bierman, A., "Entity MIB using SMIv2", RFC 2037,
October 1996. October 1996.
[21] Bradner, S., "The Internet Standards Process -- Revision 3", RFC [20] Bradner, S., "The Internet Standards Process -- Revision 3", RFC
2026, BCP 9, Harvard University, October 1996. 2026, BCP 9, Harvard University, October 1996.
9.0 Author's Address 9.0 Author's Address
Kenneth D. White Kenneth D. White
Dept. BRQA/Bldg. 501/G114 Dept. BRQA/Bldg. 501/G114
IBM Corporation IBM Corporation
P.O.Box 12195 P.O.Box 12195
3039 Cornwallis 3039 Cornwallis
Research Triangle Park, NC 27709, USA Research Triangle Park, NC 27709, USA
 End of changes. 41 change blocks. 
53 lines changed or deleted 79 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/