idnits 2.17.1 draft-ietf-disman-express-mib-12.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 7 instances of too long lines in the document, the longest one being 6 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1123 has weird spacing: '...andType an op...' == Line 1128 has weird spacing: '...dValues eva...' == Line 1846 has weird spacing: '...for the purpo...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (12 June 2000) is 8716 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'MIBEventMIB' is mentioned on line 116, but not defined == Unused Reference: 'RFC1903' is defined on line 1761, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) -- Possible downref: Non-RFC (?) normative reference: ref. 'RFCEventMIB' -- Possible downref: Non-RFC (?) normative reference: ref. 'PracPersp' Summary: 18 errors (**), 0 flaws (~~), 10 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Editor of this version: 2 Internet-Draft Ramanathan R. Kavasseri 3 Expires December 2000 Cisco Systems, Inc. 4 Author of previous version: 5 Bob Stewart 6 12 June 2000 8 Distributed Management Expression MIB 10 draft-ietf-disman-express-mib-12.txt 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with all 15 provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering Task 18 Force (IETF), its areas, and its working groups. Note that other groups 19 may also distribute working documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as ``work in progress.'' 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Distribution of this document is unlimited. Please send comments to the 33 Distributed Management Working Group, . 35 Copyright Notice 37 Copyright (C) The Internet Society (2000). All Rights Reserved. 39 1. Abstract 41 This memo defines a portion of the Management Information Base (MIB) for 42 use with network management protocols in the Internet community. In 43 particular, it describes managed objects used for managing expressions 44 of MIB objects. The results of these expressions become MIB objects 45 usable like any other MIB object, such as for the test condition for 46 declaring an event. 48 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 49 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 50 document are to be interpreted as described in RFC 2119. 52 2. The SNMP Management Framework 54 The SNMP Management Framework presently consists of five major 55 components: 57 o An overall architecture, described in RFC 2571 [RFC2571]. 59 o Mechanisms for describing and naming objects and events for the 60 purpose of management. The first version of this Structure of 61 Management Information (SMI) is called SMIv1 and described in 62 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 63 1215 [RFC1215]. The second version, called SMIv2, is described 64 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 65 [RFC2580]. 67 o Message protocols for transferring management information. The 68 first version of the SNMP message protocol is called SNMPv1 and 69 described in STD 15, RFC 1157 [RFC1157]. A second version of the 70 SNMP message protocol, which is not an Internet standards track 71 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 72 and RFC 1906 [RFC1906]. The third version of the message 73 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 74 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 76 o Protocol operations for accessing management information. The 77 first set of protocol operations and associated PDU formats is 78 described in STD 15, RFC 1157 [RFC1157]. A second set of 79 protocol operations and associated PDU formats is described in 80 RFC 1905 [RFC1905]. 82 o A set of fundamental applications described in RFC 2573 83 [RFC2573] and the view-based access control mechanism described 84 in RFC 2575 [RFC2575]. 86 A more detailed introduction to the current SNMP Management Framework 87 can be found in RFC 2570 [RFC2570]. 89 Managed objects are accessed via a virtual information store, termed 90 the Management Information Base or MIB. Objects in the MIB are 91 defined using the mechanisms defined in the SMI. 93 This memo specifies a MIB module that is compliant to the SMIv2. A 94 MIB conforming to the SMIv1 can be produced through the appropriate 95 translations. The resulting translated MIB must be semantically 96 equivalent, except where objects or events are omitted because no 97 translation is possible (use of Counter64). Some machine readable 98 information in SMIv2 will be converted into textual descriptions in 99 SMIv1 during the translation process. However, this loss of machine 100 readable information is not considered to change the semantics of the 101 MIB. 103 3. Overview 105 Users of MIBs often desire MIB objects that MIB designers have not 106 provided. Furthermore, such needs vary from one management philosphy to 107 another. Rather than fill more and more MIBs with standardized objects, 108 the Expression MIB supports externally defined expressions of existing 109 MIB objects. 111 In the Expression MIB the results of an evaluated expression are MIB 112 objects that may be used like any other MIB objects. These custom- 113 defined objects are thus usable anywhere any other MIB object can be 114 used. For example, they can be used by a management application 115 directly or referenced from another MIB, such as the Event MIB 116 [MIBEventMIB]. They can even be used by the Expression MIB itself, 117 forming expressions of expressions. 119 The Expression MIB is instrumentation for a relatively powerful, 120 complex, high-level application, considerably different from simple 121 instrumentation for a communication driver or a protocol. The MIB is 122 appropriate in a relatively powerful, resource-rich managed system and 123 not necessarily in a severely limited environment. 125 Nevertheless, due to dependencies from the Event MIB [RFCEventMIB] and 126 the need to support as low-end a system as possible, the Expression MIB 127 can be somewhat stripped down for lower-power, lower-resource 128 implementations, as described in the Subsets section, below. 130 Implementation of the Expression MIB in a managed system led to the 131 addition of objects that may not have been necessary in an application 132 environment with complete knowledge of compiled MIB definitions. This 133 is appropriate since implementation must be possible within typical 134 managed systems with some constraints on system resources. 136 3.1. Usage 138 On managed systems that can afford the overhead, the Expression MIB is a 139 way to create new, customized MIB objects for monitoring. Although 140 these can save some network traffic and overhead on management systems, 141 that is often not a good tradeoff for objects that are simply to be 142 recorded or displayed. 144 An example of a use of the Expression MIB would be to provide custom 145 objects for the Event MIB [RFCEventMIB]. A complex expression can 146 evaluate to a rate of flow or a boolean and thus be subject to testing 147 as an event trigger, resulting in an SNMP notification. Without these 148 capabilities such monitoring would be limited to the objects in 149 predefined MIBs. The Expression MIB thus supports powerful tools for 150 the network manager faced with the monitoring of large, complex systems 151 that can support a significant level of self management. 153 3.2. Persistance 155 Although like most MIBs this one has no explicit controls for the 156 persistance of the values set in configuring an expression, a robust, 157 polite implementation would certainly not force its managing 158 applications to reconfigure it whenever it resets. 160 Again, as with most MIBs, it is implementation specific how a system 161 provides and manages such persistance. To speculate, one could imagine, 162 for example, that persistance depended on the context in which the 163 expression was configured, or perhaps system-specific characteristics of 164 the expression's owner. Or perhaps everything in a MIB such as this 165 one, which is clearly aimed at persistant configuration, is 166 automatically part of a system's other persistant configuration. 168 3.3. Operation 170 Most of the operation of the MIB is described or implied in the object 171 definitions but a few highlights bear mentioning here. 173 3.3.1. Sampling 175 The MIB supports three types of object sampling for the MIB objects that 176 make up the expression: absolute, delta, and changed. 178 Absolute samples are simply the value of the MIB object at the time it 179 is sampled. 181 Absolute samples are not sufficient for expressions of counters, as 182 counters have meaning only as a delta (difference) from one sample to 183 the next. Thus objects may be sampled as deltas. Delta sampling 184 requires the application to maintain state for the value at the last 185 sample, and to do continuous sampling whether or not anyone is looking 186 at the results. It thus creates constant overhead. 188 Changed sampling is a simple fallout of delta sampling where rather than 189 a difference the result is a boolean indicating whether or not the 190 object changed value since the last sample. 192 3.3.2. Wildcards 194 Wildcards allow the application of a single expression to multiple 195 instances of the same MIB object. The definer of the expression 196 indicates this choice and provides a partial object identifier, with 197 some or all of the instance portion left off. The application then does 198 the equivalent of GetNext to obtain the object values, thus discovering 199 the instances. 201 All wildcarded objects in an expression must have the same semantics for 202 the missing portion of their object identifiers. Otherwise, any 203 successful evaluation of the wildcarded expression would be the result 204 of the accidental matching of the wildcarded portion of the object 205 identifiers in the expression. Such an evaluation will likely produce 206 results which are not meaningful. 208 The expression can be evaluated only for those instances where all the 209 objects in the expression are available with the same value for the 210 wildcarded portion of the instance. 212 3.3.3. Evaluation 214 There are two important aspects of evaluation that may not be obvious: 215 what objects and when. 217 What objects get used in the evaluation depends on the type of request 218 and whether or not the expression contains wildcarded objects. If the 219 request was a Get, that locks down the instances to be used. If the 220 request was a GetNext or GetBulk, the application must work its way up 221 to the next full set of objects for the expression. 223 Evaluation of expressions happens at two possible times, depending on 224 the sampling method (delta or absolute) used to evaluate the expression. 226 If there are no delta or change values in an expression, the evaluation 227 occurs on demand, i.e. when a requester attempts to read the value of 228 the expression. In this case all requesters get a freshly calculated 229 value. 231 For expressions with delta or change values, evaluation goes on 232 continuously, every sample period. In this case requesters get the 233 value as of the last sample period. For any given sample period of a 234 given expression, only those instances exist that provided a full set of 235 object values. It may be possible that a delta expression which was 236 evaluated successfully for one sample period may not be successfully 237 evaluated in the next sample period. This may, for example, be due to 238 missing instances for some or all of the objects in the expression. In 239 such cases, the value from the previous sample period (with the 240 successful evaluation) must not be carried forward to the next sample 241 period (with the failed evaluation). 243 3.3.4. Value Identification 245 Values resulting from expression evaluation are identified with a 246 combination of the object identifier (OID) for the data type from 247 expValueTable (such as expValueCounter32Val), the expression name, and 248 an OID fragment. 250 The OID fragment is not an entire OID beginning with iso.dod.org 251 (1.3.6). Rather it begins with 0.0. The remainder is either another 0 252 when there is no wildcarding or the instance that satisfied the wildcard 253 if there is wildcarding. 255 3.4. Subsets 257 To pare down the Expression MIBs complexity and use of resources an 258 implementor can leave out various parts. 260 3.4.1. No Wildcards 262 Leaving out wildcarding significantly reduces the complexity of 263 retrieving values to evaluate expressions and the processing required to 264 do so. Such an implementation would allow expressions made up of 265 individual MIB objects but would not be suitable for expressions applied 266 across large tables as each instance in the table would require a 267 separate expression definition. 269 Furthermore it would not be suitable for tables with arbitrary, dynamic 270 instances, as expressions definitions could not predict what instance 271 values to use. 273 An implementation without wildcards might be useful for a self-managing 274 system with small tables or few dynamic instances, or one that can do 275 calculations only for a few key objects. 277 3.4.2. No Deltas 279 Leaving out delta processing significantly reduces state that must be 280 kept and the burden of ongoing processing even when no one is looking at 281 the results. Unfortunately it also makes expressions on counters 282 unusable, as counters have meaning only as deltas. 284 An implementation without deltas might be useful for a severly limited, 285 self-managing system that has no need for expressions or events on 286 counters. Although conceivable, such systems would be rare. 288 3.5. Structure 290 The MIB has the following sections: 292 o Resource -- management of the MIB's use of system resources. 294 o Definition -- definition of expressions. 296 o Value -- values of evaluated expressions. 298 3.5.1. Resource 300 The resource section has objects to manage resource usage by wildcarded 301 delta expressions, a potential major consumer of CPU and memory. 303 3.5.2. Definition 305 The definition section contains the tables that define expressions. 307 The expression table, indexed by expression owner and expression name, 308 contains those parameters that apply to the entire expression, such as 309 the expression itself, the data type of the result, and the sampling 310 interval if it contains delta or change values. 312 The object table, indexed by expression owner, expression name and 313 object index within each expression, contains the parameters that apply 314 to the individual objects that go into the expression, including the 315 object identifier, sample type, discontinuity indicator, and such. 317 3.5.3. Value 319 The value section contains the values of evaluated expressions. 321 The value table, indexed by expression name and instance fragment 322 contains a "discriminated union" of evaluated expression results. For a 323 given expression only one of the columns is instantiated, depending on 324 the result data type for the expression. The instance fragment is a 325 constant or the final section of the object identifier that filled in a 326 wildcard. 328 3.6. Examples 330 The examples refer to tables and objects defined below in the MIB 331 itself. They may well make more sense after reading those definitions. 333 3.6.1. Wildcarding 335 An expression may use wildcarded MIB objects that result in multiple 336 values for the expression. To specify a wildcarded MIB object a 337 management application leaves off part or all of the instance portion of 338 the object identifier, and sets expObjectWildcard to true(1) for that 339 object. For our example we'll use a counter of total blessings from a 340 table of people. Another table, indexed by town and person has 341 blessings just from that town. 343 So the index clauses are: 345 personEntry OBJECT-TYPE 346 ... 347 INDEX { personIndex } 349 And: 351 townPersonEntry OBJECT-TYPE 352 ... 353 INDEX { townIndex, personIndex } 355 In our friendly application we may have entered our expression as: 357 100 * townPersonBlessings.976.* / personBlessings.* 359 What goes in expExpression is: 361 100*$1/$2 363 For example purposes we'll use some slightly far-fetched OIDs. The 364 People MIB is 1.3.6.1.99.7 and the Town MIB is 1.3.6.1.99.11, so for our 365 two counters the OIDs are: 367 personBlessings 1.3.6.1.99.7.1.3.1.4 368 townPersonBlessings 1.3.6.1.99.11.1.2.1.9 370 The rule for wildcards is that all the wildcarded parts have to match 371 exactly. In this case that means we have to hardwire the town and only 372 the personIndex can be wildcarded. So our values for expObjectID are: 374 1.3.6.1.99.7.1.3.1.4 375 1.3.6.1.99.11.1.2.1.9.976 377 We're hardwired to townIndex 976 and personIndex is allowed to vary. 379 The value of expExpressionPrefix can be either of those two counter OIDs 380 (including the instance fragment in the second case), since either of 381 them takes you to a MIB definition where you can look at the INDEX 382 clause and figure out what's been left off. What's been left off 383 doesn't have to work out to be the same object, but it does have to work 384 out to be the same values (semantics) for the result to make sense. 385 Note that the managed system can not typically check such semantics and 386 if given nonsense will return nonsense. 388 If we have people numbered 6, 19, and 42 in town number 976, the 389 successive values of expValueInstance will be: 391 0.0.6 392 0.0.19 393 0.0.42 395 So there will be three values in expValueTable, with those OIDs as the 396 expValueInstance part of their indexing. 398 3.6.2. Calculation and Conditional 400 The following formula for line utilization of a half-duplex link is 401 adapted from [PracPersp]. 403 utilization = (ifInOctets + ifOutOctets) * 800 / seconds / ifSpeed 405 The expression results in the percentage line utilization per second. 406 The total octets are multipled by 8 to get bits and 100 to scale up the 407 percentage as an integer. 409 The following Expression MIB object values implement this as an 410 expression for all ifIndexes that directly represent actual hardware. 411 Since the octet counters are Counter32 values, they must be delta 412 sampled to be meaningful. The sample period is 6 seconds but for 413 accuracy and independence is calculated as a delta of sysUpTime. 415 The expObjectTable entry for ifInOctets has an expObjectConditional that 416 checks for being a hardware interface. Only one object in the 417 expression needs that check associated, since it applies to the whole 418 expression. Since ifConnectorPresent is a TruthValue with values of 1 419 or 2 rather than 0 and non-zero, it must also be in an expression rather 420 than used directly for the conditional. 422 The interface-specific discontinuity indicator is supplied only for 423 ifInOctets since invalidating that sample will invalidate an attempt at 424 evaluation, effectively invalidating ifOutOctets as well (correctly, 425 because it has the same indicator). 427 For notational clarity, in the rest of this document, a string in quotes 428 as part of the object instance indicates the value that would actually 429 be one subidentifier per byte. The objects all belong to owner "me". 431 Also for clarity OIDs are expressed as the object descriptor and 432 instance. In fact they must be supplied numerically, with all 433 subidentifiers in place before the part for the particular object and 434 instance. 436 What the user would set in expExpressionTable: 438 expExpression.2."me".4."hard" = "$1==1" 439 expExpressionValueType.2."me".4."hard" = unsigned32 440 expExpressionRowStatus.2."me"4."hard" = 'active' 442 expExpression.2."me".4."util" = "($1+$2)*800/$4/$3" 443 expExpressionValueType.2."me".4."util" = integer32 444 expExpressionDeltaInterval.2."me".4."util" = 6 445 expExpressionRowStatus.2."me"4."util" = 'active' 447 What the user would set in expObjectTable: 449 expObjectID.2."me".4."hard".1 = ifConnectorPresent 450 expObjectWildcard.2."me".4."hard".1 = 'true' 451 expObjectSampleType.2."me".4."hard".1 = 'absoluteValue' 452 expObjectRowStatus.2."me".4."hard".1 = 'active' 454 expObjectID.2."me".4."util".1 = ifInOctets 455 expObjectWildcard.2."me".4."util".1 = 'true' 456 expObjectSampleType.2."me".4."util".1 = 'deltaValue' 457 expObjectConditional.2."me".4."util".1 = 458 expValueUnsigned32Val.4."hard".0.0 459 expObjectConditionalWildcard.2."me".4."util".1 = 'true' 460 expObjectDiscontinuityID.2."me".4."util".1 = 461 ifCounterDiscontinuityTime 462 expObjectDiscontinuityIDWildcard.2."me".4."util".1 = 'true' 463 expObjectRowStatus.2."me".4."util".1 = 'active' 465 expObjectID.2."me".4."util".2 = ifOutOctets 466 expObjectWildcard.2."me".4."util".2 = 'true' 467 expObjectSampleType.2."me".4."util".2 = 'deltaValue' 468 expObjectRowStatus.2."me".4."util".2 = 'active' 470 expObjectID.2."me".4."util".3 = ifSpeed 471 expObjectWildcard.2."me".4."util".3 = 'true' 472 expObjectSampleType.2."me".4."util".3 = 'absoluteValue' 473 expObjectRowStatus.2."me".4."util".3 = 'active' 475 expObjectID.2."me".4."util".4 = sysUpTime.0 476 expObjectWildcard.2."me".4."util".4 = 'false' 477 expObjectSampleType.2."me".4."util".4 = 'deltaValue' 478 expObjectRowStatus.2."me".4."util".4 = 'active' 480 These settings will result in populating one column of expValueTable: 482 expValueInteger32Val.2."me".4."util".0.0.? 484 The subidentifier represented by "?" above represents one subidentifier 485 that takes on a value of ifIndex and identifies a row for each ifIndex 486 value where ifConnectorPresent is 'true' and the interface was present 487 for two samples to provide a delta. 489 This value could in turn be used as an event threshold [RFCEventMIB] to 490 watch for overutilization of all hardware network connections. 492 4. Definitions 494 DISMAN-EXPRESSION-MIB DEFINITIONS ::= BEGIN 496 IMPORTS 497 MODULE-IDENTITY, OBJECT-TYPE, 498 Integer32, Gauge32, Unsigned32, 499 Counter32, Counter64, IpAddress, 500 TimeTicks, mib-2, zeroDotZero FROM SNMPv2-SMI 501 RowStatus, TruthValue, TimeStamp FROM SNMPv2-TC 502 sysUpTime FROM SNMPv2-MIB 503 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 504 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 506 dismanExpressionMIB MODULE-IDENTITY 507 LAST-UPDATED "200006120000Z" -- 12 June 2000 508 ORGANIZATION "IETF Distributed Management Working Group" 509 CONTACT-INFO "Ramanathan Kavasseri 510 Cisco Systems, Inc. 511 170 West Tasman Drive, 512 San Jose CA 95134-1706. 513 Phone: +1 408 527 2446 514 Email: ramk@cisco.com" 515 DESCRIPTION 516 "The MIB module for defining expressions of MIB objects for 517 management purposes." 518 -- Revision History 520 REVISION "200006120000Z" -- 12 June 2000 521 DESCRIPTION "This is the initial version of this MIB. 522 Published as RFC xxxx" 523 ::= { mib-2 xx } -- final assignment by IANA at publication time 525 dismanExpressionMIBObjects OBJECT IDENTIFIER ::= { dismanExpressionMIB 1 } 527 expResource OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 1 } 528 expDefine OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 2 } 529 expValue OBJECT IDENTIFIER ::= { dismanExpressionMIBObjects 3 } 531 -- 532 -- Resource Control 533 -- 534 expResourceDeltaMinimum OBJECT-TYPE 535 SYNTAX Integer32 (-1 | 1..600) 536 UNITS "seconds" 537 MAX-ACCESS read-write 538 STATUS current 539 DESCRIPTION 540 "The minimum expExpressionDeltaInterval this system will 541 accept. A system may use the larger values of this minimum to 542 lessen the impact of constantly computing deltas. For larger 543 delta sampling intervals the system samples less often and 544 suffers less overhead. This object provides a way to enforce 545 such lower overhead for all expressions created after it is 546 set. 548 The value -1 indicates that expResourceDeltaMinimum is 549 irrelevant as the system will not accept 'deltaValue' as a 550 value for expObjectSampleType. 552 Unless explicitly resource limited, a system's value for 553 this object should be 1, allowing as small as a 1 second 554 interval for ongoing delta sampling. 556 Changing this value will not invalidate an existing setting 557 of expObjectSampleType." 558 ::= { expResource 1 } 560 expResourceDeltaWildcardInstanceMaximum OBJECT-TYPE 561 SYNTAX Unsigned32 562 UNITS "instances" 563 MAX-ACCESS read-write 564 STATUS current 565 DESCRIPTION 566 "For every instance of a deltaValue object, one dynamic instance 567 entry is needed for holding the instance value from the previous 568 sample, i.e. to maintain state. 570 This object limits maximum number of dynamic instance entries 571 this system will support for wildcarded delta objects in 572 expressions. For a given delta expression, the number of 573 dynamic instances is the number of values that meet all criteria 574 to exist times the number of delta values in the expression. 576 A value of 0 indicates no preset limit, that is, the limit 577 is dynamic based on system operation and resources. 579 Unless explicitly resource limited, a system's value for 580 this object should be 0. 582 Changing this value will not eliminate or inhibit existing delta 583 wildcard instance objects but will prevent the creation of more 584 such objects. 586 An attempt to allocate beyond the limit results in expErrorCode 587 being tooManyWildcardValues for that evaluation attempt." 588 ::= { expResource 2 } 590 expResourceDeltaWildcardInstances OBJECT-TYPE 591 SYNTAX Gauge32 592 UNITS "instances" 593 MAX-ACCESS read-only 594 STATUS current 595 DESCRIPTION 596 "The number of currently active instance entries as 597 defined for expResourceDeltaWildcardInstanceMaximum." 598 ::= { expResource 3 } 600 expResourceDeltaWildcardInstancesHigh OBJECT-TYPE 601 SYNTAX Gauge32 602 UNITS "instances" 603 MAX-ACCESS read-only 604 STATUS current 605 DESCRIPTION 606 "The highest value of expResourceDeltaWildcardInstances 607 that has occurred since initialization of the managed 608 system." 609 ::= { expResource 4 } 611 expResourceDeltaWildcardInstanceResourceLacks OBJECT-TYPE 612 SYNTAX Counter32 613 UNITS "instances" 614 MAX-ACCESS read-only 615 STATUS current 616 DESCRIPTION 617 "The number of times this system could not evaluate an 618 expression because that would have created a value instance in 619 excess of expResourceDeltaWildcardInstanceMaximum." 620 ::= { expResource 5 } 622 -- 623 -- Definition 624 -- 625 -- Expression Definition Table 626 -- 628 expExpressionTable OBJECT-TYPE 629 SYNTAX SEQUENCE OF ExpExpressionEntry 630 MAX-ACCESS not-accessible 631 STATUS current 632 DESCRIPTION 633 "A table of expression definitions." 634 ::= { expDefine 1 } 636 expExpressionEntry OBJECT-TYPE 637 SYNTAX ExpExpressionEntry 638 MAX-ACCESS not-accessible 639 STATUS current 640 DESCRIPTION 641 "Information about a single expression. New expressions 642 can be created using expExpressionRowStatus. 644 To create an expression first create the named entry in this 645 table. Then use expExpressionName to populate expObjectTable. 646 For expression evaluation to succeed all related entries in 647 expExpressionTable and expObjectTable must be 'active'. If 648 these conditions are not met the corresponding values in 649 expValue simply are not instantiated. 651 Deleting an entry deletes all related entries in expObjectTable 652 and expErrorTable. 654 Because of the relationships among the multiple tables for an 655 expression (expExpressionTable, expObjectTable, and 656 expValueTable) and the SNMP rules for independence in setting 657 object values, it is necessary to do final error checking when 658 an expression is evaluated, that is, when one of its instances 659 in expValueTable is read or a delta interval expires. Earlier 660 checking need not be done and an implementation may not impose 661 any ordering on the creation of objects related to an 662 expression. 664 To maintain security of MIB information, when creating a new row in 665 this table, the managed system must record the security credentials 666 of the requester. These security credentials are the parameters 667 necessary as inputs to isAccessAllowed from the Architecture for 668 Describing SNMP Management Frameworks. When obtaining the objects 669 that make up the expression, the system must (conceptually) use 670 isAccessAllowed to ensure that it does not violate security. 672 The evaluation of the expression takes place under the 673 security credentials of the creator of its expExpressionEntry. 675 Values of read-write objects in this table may be changed 676 at any time." 677 INDEX { expExpressionOwner, expExpressionName } 678 ::= { expExpressionTable 1 } 680 ExpExpressionEntry ::= SEQUENCE { 681 expExpressionOwner SnmpAdminString, 682 expExpressionName SnmpAdminString, 683 expExpression OCTET STRING, 684 expExpressionValueType INTEGER, 685 expExpressionComment SnmpAdminString, 686 expExpressionDeltaInterval Integer32, 687 expExpressionPrefix OBJECT IDENTIFIER, 688 expExpressionErrors Counter32, 689 expExpressionEntryStatus RowStatus 690 } 692 expExpressionOwner OBJECT-TYPE 693 SYNTAX SnmpAdminString (SIZE(0..32)) 694 MAX-ACCESS not-accessible 695 STATUS current 696 DESCRIPTION 697 "The owner of this entry. The exact semantics of this 698 string are subject to the security policy defined by the 699 security administrator." 700 ::= { expExpressionEntry 1 } 702 expExpressionName OBJECT-TYPE 703 SYNTAX SnmpAdminString (SIZE (1..32)) 704 MAX-ACCESS not-accessible 705 STATUS current 706 DESCRIPTION 707 "The name of the expression. This is locally unique, within 708 the scope of an expExpressionOwner." 709 ::= { expExpressionEntry 2 } 711 expExpression OBJECT-TYPE 712 SYNTAX OCTET STRING (SIZE (1..1024)) 713 MAX-ACCESS read-create 714 STATUS current 715 DESCRIPTION 716 "The expression to be evaluated. This object is the same 717 as a DisplayString (RFC 1903) except for its maximum length. 719 Except for the variable names the expression is in ANSI C 720 syntax. Only the subset of ANSI C operators and functions 721 listed here is allowed. 723 Variables are expressed as a dollar sign ('$') and an 724 integer that corresponds to an expObjectIndex. An 725 example of a valid expression is: 727 ($1-$5)*100 729 Expressions must not be recursive, that is although an expression 730 may use the results of another expression, it must not contain 731 any variable that is directly or indirectly a result of its own 732 evaluation. The managed system must check for recursive 733 expressions. 735 The only allowed operators are: 737 ( ) 738 - (unary) 739 + - * / % 740 & | ^ << >> ~ 741 ! && || == != > >= < <= 743 Note the parentheses are included for parenthesizing the 744 expression, not for casting data types. 746 The only constant types defined are: 748 int (32-bit signed) 749 long (64-bit signed) 750 unsigned int 751 unsigned long 752 hexadecimal 753 character 754 string 755 oid 757 The default type for a positive integer is int unless it is too 758 large in which case it is long. 760 All but oid are as defined for ANSI C. Note that a 761 hexadecimal constant may end up as a scalar or an array of 762 8-bit integers. A string constant is enclosed in double 763 quotes and may contain back-slashed individual characters 764 as in ANSI C. 766 An oid constant comprises 32-bit, unsigned integers and at 767 least one period, for example: 769 0. 770 .0 771 1.3.6.1 773 No additional leading or trailing subidentifiers are automatically 774 added to an OID constant. The constant is taken as expressed. 776 Integer-typed objects are treated as 32- or 64-bit, signed 777 or unsigned integers, as appropriate. The results of 778 mixing them are as for ANSI C, including the type of the 779 result. Note that a 32-bit value is thus promoted to 64 bits 780 only in an operation with a 64-bit value. There is no 781 provision for larger values to handle overflow. 783 Relative to SNMP data types, a resulting value becomes 784 unsigned when calculating it uses any unsigned value, 785 including a counter. To force the final value to be of 786 data type counter the expression must explicitly use the 787 counter32() or counter64() function (defined below). 789 OCTET STRINGS and OBJECT IDENTIFIERs are treated as 790 one-dimensioned arrays of unsigned 8-bit integers and 791 unsigned 32-bit integers, respectively. 793 IpAddresses are treated as 32-bit, unsigned integers in 794 network byte order, that is, the hex version of 255.0.0.0 is 795 0xff000000. 797 Conditional expressions result in a 32-bit, unsigned integer 798 of value 0 for false or 1 for true. When an arbitrary value 799 is used as a boolean 0 is false and non-zero is true. 801 Rules for the resulting data type from an operation, based on 802 the operator: 804 For << and >> the result is the same as the left hand operand. 806 For &&, ||, ==, !=, <, <=, >, and >= the result is always 807 Unsigned32. 809 For unary - the result is always Integer32. 811 For +, -, *, /, %, &, |, and ^ the result is promoted according 812 to the following rules, in order from most to least preferred: 814 If left hand and right hand operands are the same type, 815 use that. 817 If either side is Counter64, use that. 819 If either side is IpAddress, use that. 821 If either side is TimeTicks, use that. 823 If either side is Counter32, use that. 825 Otherwise use Unsigned32. 827 The following rules say what operators apply with what data 828 types. Any combination not explicitly defined does not work. 830 For all operators any of the following can be the left hand or 831 right hand operand: Integer32, Counter32, Unsigned32, Counter64. 833 The operators +, -, *, /, %, <, <=, >, and >= work with 834 TimeTicks. 836 The operators &, |, and ^ work with IpAddress. 838 The operators << and >> work with IpAddress but only as the 839 left hand operand. 841 The + operator performs a concatenation of two OCTET STRINGs or 842 two OBJECT IDENTIFIERs. 844 The operators &, | perform bitwise operations on OCTET STRINGs. 845 If the OCTET STRING happens to be a DisplayString the results 846 may be meaningless, but the agent system does not check this as 847 some such systems do not have this information. 849 The operators << and >> perform bitwise operations on OCTET 850 STRINGs appearing as the left hand operand. 852 The only functions defined are: 854 counter32 855 counter64 856 arraySection 857 stringBegins 858 stringEnds 859 stringContains 860 oidBegins 861 oidEnds 862 oidContains 863 average 864 maximum 865 minimum 866 sum 867 exists 869 The following function definitions indicate their parameters by 870 naming the data type of the parameter in the parameter's position 871 in the parameter list. The parameter must be of the type indicated 872 and generally may be a constant, a MIB object, a function, or an 873 expression. 875 counter32(integer) - wrapped around an integer value counter32 876 forces Counter32 as a data type. 878 counter64(integer) - similar to counter32 except that the 879 resulting data type is 'counter64'. 881 arraySection(array, integer, integer) - selects a piece of an 882 array (i.e. part of an OCTET STRING or OBJECT IDENTIFIER). The 883 integer arguments are in the range 0 to 4,294,967,295. The 884 first is an initial array index (one-dimensioned) and the second 885 is an ending array index. A value of 0 indicates first or last 886 element, respectively. If the first element is larger than the 887 array length the result is 0 length. If the second integer is 888 less than or equal to the first, the result is 0 length. If the 889 second is larger than the array length it indicates last 890 element. 892 stringBegins/Ends/Contains(octetString, octetString) - looks for 893 the second string (which can be a string constant) in the first 894 and returns the one-dimensioned arrayindex where the match began. 895 A return value of 0 indicates no match (i.e. boolean false). 897 oidBegins/Ends/Contains(oid, oid) - looks for the second OID 898 (which can be an OID constant) in the first and returns the 899 the one-dimensioned index where the match began. A return value 900 of 0 indicates no match (i.e. boolean false). 902 average/maximum/minimum(integer) - calculates the average, 903 minimum, or maximum value of the integer valued object over 904 multiple sample times. If the object disappears for any 905 sample period, the accumlation and the resulting value object 906 cease to exist until the object reappears at which point the 907 calculation starts over. 909 sum(integerObject*) - sums all available values of the 910 wildcarded integer object, resulting in an integer scalar. Must 911 be used with caution as it wraps on overflow with no 912 notification. 914 exists(anyTypeObject) - verifies the object instance exists. A 915 return value of 0 indicates NoSuchInstance (i.e. boolean 916 false)." 917 ::= { expExpressionEntry 3 } 919 expExpressionValueType OBJECT-TYPE 920 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 921 integer32(4), ipAddress(5), octetString(6), 922 objectId(7), counter64(8) } 923 MAX-ACCESS read-create 924 STATUS current 925 DESCRIPTION 926 "The type of the expression value. One and only one of the 927 value objects in expValueTable will be instantiated to match 928 this type. 930 If the result of the expression can not be made into this type, 931 an invalidOperandType error will occur." 932 DEFVAL { counter32 } 933 ::= { expExpressionEntry 4 } 935 expExpressionComment OBJECT-TYPE 936 SYNTAX SnmpAdminString 937 MAX-ACCESS read-create 938 STATUS current 939 DESCRIPTION 940 "A comment to explain the use or meaning of the expression." 941 DEFVAL { ''H } 942 ::= { expExpressionEntry 5 } 944 expExpressionDeltaInterval OBJECT-TYPE 945 SYNTAX Integer32 (0..86400) 946 UNITS "seconds" 947 MAX-ACCESS read-create 948 STATUS current 949 DESCRIPTION 950 "Sampling interval for objects in this expression with 951 expObjectSampleType 'deltaValue'. 953 This object has no effect if the the expression has no 954 deltaValue objects. 956 A value of 0 indicates no automated sampling. In this case 957 the delta is the difference from the last time the expression 958 was evaluated. Note that this is subject to unpredictable 959 delta times in the face of retries or multiple managers. 961 A value greater than zero is the number of seconds between 962 automated samples. 964 Until the delta interval has expired once the delta for the 965 object is effectively not instantiated and evaluating 966 the expression has results as if the object itself were not 967 instantiated. 969 Note that delta values potentially consume large amounts of 970 system CPU and memory. Delta state and processing must 971 continue constantly even if the expression is not being used. 972 That is, the expression is being evaluated every delta interval, 973 even if no application is reading those values. For wildcarded 974 objects this can be substantial overhead. 976 Note that delta intervals, external expression value sampling 977 intervals and delta intervals for expressions within other 978 expressions can have unusual interactions as they are impossible 979 to synchronize accurately. In general one interval embedded 980 below another must be enough shorter that the higher sample 981 sees relatively smooth, predictable behavior. So, for example, 982 to avoid the higher level getting the same sample twice, the 983 lower level should sample at least twice as fast as the higher 984 level does." 985 DEFVAL { 0 } 986 ::= { expExpressionEntry 6 } 988 expExpressionPrefix OBJECT-TYPE 989 SYNTAX OBJECT IDENTIFIER 990 MAX-ACCESS read-only 991 STATUS current 992 DESCRIPTION 993 "An object prefix to assist an application in determining 994 the instance indexing to use in expValueTable, relieving the 995 application of the need to scan the expObjectTable to 996 determine such a prefix. 998 See expObjectTable for information on wildcarded objects. 1000 If the expValueInstance portion of the value OID may 1001 be treated as a scalar (that is, normally, 0) the value of 1002 expExpressionPrefix is zero length, that is, no OID at all. 1003 Note that zero length implies a null OID, not the OID 0.0. 1005 Otherwise, the value of expExpressionPrefix is the expObjectID 1006 value of any one of the wildcarded objects for the expression. 1007 This is sufficient, as the remainder, that is, the instance 1008 fragment relevant to instancing the values, must be the same for 1009 all wildcarded objects in the expression." 1010 ::= { expExpressionEntry 7 } 1012 expExpressionErrors OBJECT-TYPE 1013 SYNTAX Counter32 1014 MAX-ACCESS read-only 1015 STATUS current 1016 DESCRIPTION 1017 "The number of errors encountered while evaluating this 1018 expression. 1020 Note that an object in the expression not being accessible, 1021 is not considered an error. An example of an inaccessible 1022 object is when the object is excluded from the view of the 1023 user whose security credentials are used in the expression 1024 evaluation. In such cases, it is a legitimate condition 1025 that causes the corresponding expression value not to be 1026 instantiated." 1027 ::= { expExpressionEntry 8 } 1029 expExpressionEntryStatus OBJECT-TYPE 1030 SYNTAX RowStatus 1031 MAX-ACCESS read-create 1032 STATUS current 1033 DESCRIPTION 1034 "The control that allows creation and deletion of entries." 1035 ::= { expExpressionEntry 9 } 1037 -- 1038 -- Expression Error Table 1039 -- 1041 expErrorTable OBJECT-TYPE 1042 SYNTAX SEQUENCE OF ExpErrorEntry 1043 MAX-ACCESS not-accessible 1044 STATUS current 1045 DESCRIPTION 1046 "A table of expression errors." 1047 ::= { expDefine 2 } 1049 expErrorEntry OBJECT-TYPE 1050 SYNTAX ExpErrorEntry 1051 MAX-ACCESS not-accessible 1052 STATUS current 1053 DESCRIPTION 1054 "Information about errors in processing an expression. 1056 Entries appear in this table only when there is a matching 1057 expExpressionEntry and then only when there has been an 1058 error for that expression as reflected by the error codes 1059 defined for expErrorCode." 1060 INDEX { expExpressionOwner, expExpressionName } 1061 ::= { expErrorTable 1 } 1063 ExpErrorEntry ::= SEQUENCE { 1064 expErrorTime TimeStamp, 1065 expErrorIndex Integer32, 1066 expErrorCode INTEGER, 1067 expErrorInstance OBJECT IDENTIFIER 1068 } 1070 expErrorTime OBJECT-TYPE 1071 SYNTAX TimeStamp 1072 MAX-ACCESS read-only 1073 STATUS current 1074 DESCRIPTION 1075 "The value of sysUpTime the last time an error caused a 1076 failure to evaluate this expression." 1077 ::= { expErrorEntry 1 } 1079 expErrorIndex OBJECT-TYPE 1080 SYNTAX Integer32 1081 MAX-ACCESS read-only 1082 STATUS current 1083 DESCRIPTION 1084 "The one-dimensioned character array index into 1085 expExpression for where the error occurred. The value 1086 zero indicates irrelevance." 1087 ::= { expErrorEntry 2 } 1089 expErrorCode OBJECT-TYPE 1090 SYNTAX INTEGER { 1091 invalidSyntax(1), 1092 undefinedObjectIndex(2), 1093 unrecognizedOperator(3), 1094 unrecognizedFunction(4), 1095 invalidOperandType(5), 1096 unmatchedParenthesis(6), 1097 tooManyWildcardValues(7), 1098 recursion(8), 1099 deltaTooShort(9), 1100 resourceUnavailable(10), 1101 divideByZero(11) 1102 } 1103 MAX-ACCESS read-only 1104 STATUS current 1105 DESCRIPTION 1106 "The error that occurred. In the following explanations the 1107 expected timing of the error is in parentheses. 'S' means 1108 the error occurs on a Set request. 'E' means the error 1109 occurs on the attempt to evaluate the expression either due to 1110 Get from expValueTable or in ongoing delta processing. 1112 invalidSyntax the value sent for expExpression is not 1113 valid Expression MIB expression syntax 1114 (S) 1115 undefinedObjectIndex an object reference ($n) in 1116 expExpression does not have a matching 1117 instance in expObjectTable (E) 1119 unrecognizedOperator the value sent for expExpression held an 1120 unrecognized operator (S) 1121 unrecognizedFunction the value sent for expExpression held an 1122 unrecognized function name (S) 1123 invalidOperandType an operand in expExpression is not the 1124 right type for the associated operator 1125 or result (SE) 1126 unmatchedParenthesis the value sent for expExpression is not 1127 correctly parenthesized (S) 1128 tooManyWildcardValues evaluating the expression exceeded the 1129 limit set by 1130 expResourceDeltaWildcardInstanceMaximum 1131 (E) 1132 recursion through some chain of embedded 1133 expressions the expression invokes itself 1134 (E) 1135 deltaTooShort the delta for the next evaluation passed 1136 before the system could evaluate the 1137 present sample (E) 1138 resourceUnavailable some resource, typically dynamic memory, 1139 was unavailable (SE) 1140 divideByZero an attempt to divide by zero occurred 1141 (E) 1143 For the errors that occur when the attempt is made to set 1144 expExpression Set request fails with the SNMP error code 1145 'wrongValue'. Such failures refer to the most recent failure to 1146 Set expExpression, not to the present value of expExpression 1147 which must be either unset or syntactically correct. 1149 Errors that occur during evaluation for a Get* operation return 1150 the SNMP error code 'genErr' except for 'tooManyWildcardValues' 1151 and 'resourceUnavailable' which return the SNMP error code 1152 'resourceUnavailable'." 1153 ::= { expErrorEntry 3 } 1155 expErrorInstance OBJECT-TYPE 1156 SYNTAX OBJECT IDENTIFIER 1157 MAX-ACCESS read-only 1158 STATUS current 1159 DESCRIPTION 1160 "The expValueInstance being evaluated when the error 1161 occurred. A zero-length indicates irrelevance." 1162 ::= { expErrorEntry 4 } 1164 -- 1165 -- Object Table 1166 -- 1168 expObjectTable OBJECT-TYPE 1169 SYNTAX SEQUENCE OF ExpObjectEntry 1170 MAX-ACCESS not-accessible 1171 STATUS current 1172 DESCRIPTION 1173 "A table of object definitions for each expExpression. 1175 Wildcarding instance IDs: 1177 It is legal to omit all or part of the instance portion for 1178 some or all of the objects in an expression. (See the 1179 DESCRIPTION of expObjectID for details. However, note that 1180 if more than one object in the same expression is wildcarded 1181 in this way, they all must be objects where that portion of 1182 the instance is the same. In other words, all objects may be 1183 in the same SEQUENCE or in different SEQUENCEs but with the 1184 same semantic index value (e.g., a value of ifIndex) 1185 for the wildcarded portion." 1186 ::= { expDefine 3 } 1188 expObjectEntry OBJECT-TYPE 1189 SYNTAX ExpObjectEntry 1190 MAX-ACCESS not-accessible 1191 STATUS current 1192 DESCRIPTION 1193 "Information about an object. An application uses 1194 expObjectEntryStatus to create entries in this table while 1195 in the process of defining an expression. 1197 Values of read-create objects in this table may be 1198 changed at any time." 1199 INDEX { expExpressionOwner, expExpressionName, expObjectIndex } 1200 ::= { expObjectTable 1 } 1202 ExpObjectEntry ::= SEQUENCE { 1203 expObjectIndex Unsigned32, 1204 expObjectID OBJECT IDENTIFIER, 1205 expObjectIDWildcard TruthValue, 1206 expObjectSampleType INTEGER, 1207 expObjectDeltaDiscontinuityID OBJECT IDENTIFIER, 1208 expObjectDiscontinuityIDWildcard TruthValue, 1209 expObjectDiscontinuityIDType INTEGER, 1210 expObjectConditional OBJECT IDENTIFIER, 1211 expObjectConditionalWildcard TruthValue, 1212 expObjectEntryStatus RowStatus 1213 } 1215 expObjectIndex OBJECT-TYPE 1216 SYNTAX Unsigned32 (1..4294967295) 1217 MAX-ACCESS not-accessible 1218 STATUS current 1219 DESCRIPTION 1220 "Within an expression, a unique, numeric identification for an 1221 object. Prefixed with a dollar sign ('$') this is used to 1222 reference the object in the corresponding expExpression." 1223 ::= { expObjectEntry 1 } 1225 expObjectID OBJECT-TYPE 1226 SYNTAX OBJECT IDENTIFIER 1227 MAX-ACCESS read-create 1228 STATUS current 1229 DESCRIPTION 1230 "The OBJECT IDENTIFIER (OID) of this object. The OID may be 1231 fully qualified, meaning it includes a complete instance 1232 identifier part (e.g., ifInOctets.1 or sysUpTime.0), or it 1233 may not be fully qualified, meaning it may lack all or part 1234 of the instance identifier. If the expObjectID is not fully 1235 qualified, then expObjectWildcard must be set to true(1). 1236 The value of the expression will be multiple 1237 values, as if done for a GetNext sweep of the object. 1239 An object here may itself be the result of an expression but 1240 recursion is not allowed. 1242 NOTE: The simplest implementations of this MIB may not allow 1243 wildcards." 1244 ::= { expObjectEntry 2 } 1246 expObjectIDWildcard OBJECT-TYPE 1247 SYNTAX TruthValue 1248 MAX-ACCESS read-create 1249 STATUS current 1250 DESCRIPTION 1251 "A true value indicates the expObjecID of this row is a wildcard 1252 object. False indicates that expObjectID is fully instanced. 1253 If all expObjectWildcard values for a given expression are FALSE, 1254 expExpressionPrefix will reflect a scalar object (ie will 1255 be 0.0). 1257 NOTE: The simplest implementations of this MIB may not allow 1258 wildcards." 1259 DEFVAL { false } 1260 ::= { expObjectEntry 3 } 1262 expObjectSampleType OBJECT-TYPE 1263 SYNTAX INTEGER { absoluteValue(1), deltaValue(2), 1264 changedValue(3) } 1265 MAX-ACCESS read-create 1266 STATUS current 1267 DESCRIPTION 1268 "The method of sampling the selected variable. 1270 An 'absoluteValue' is simply the present value of the object. 1272 A 'deltaValue' is the present value minus the previous value, 1273 which was sampled expExpressionDeltaInterval seconds ago. 1274 This is intended primarily for use with SNMP counters, which are 1275 meaningless as an 'absoluteValue', but may be used with any 1276 integer-based value. 1278 A 'changedValue' is a boolean for whether the present value is 1279 different from the previous value. It is applicable to any data 1280 type and results in an Unsigned32 with value 1 if the object's 1281 value is changed and 0 if not. In all other respects it is as a 1282 'deltaValue' and all statements and operation regarding delta 1283 values apply to changed values. 1285 When an expression contains both delta and absolute values 1286 the absolute values are obtained at the end of the delta 1287 period." 1288 DEFVAL { absoluteValue } 1289 ::= { expObjectEntry 4 } 1291 sysUpTimeInstance OBJECT IDENTIFIER ::= { sysUpTime 0 } 1293 expObjectDeltaDiscontinuityID OBJECT-TYPE 1294 SYNTAX OBJECT IDENTIFIER 1295 MAX-ACCESS read-create 1296 STATUS current 1297 DESCRIPTION 1298 "The OBJECT IDENTIFIER (OID) of a TimeTicks, TimeStamp, or 1299 DateAndTime object that indicates a discontinuity in the value 1300 at expObjectID. 1302 This object is instantiated only if expObjectSampleType is 1303 'deltaValue' or 'changedValue'. 1305 The OID may be for a leaf object (e.g. sysUpTime.0) or may 1306 be wildcarded to match expObjectID. 1308 This object supports normal checking for a discontinuity in a 1309 counter. Note that if this object does not point to sysUpTime 1310 discontinuity checking must still check sysUpTime for an overall 1311 discontinuity. 1313 If the object identified is not accessible no discontinuity 1314 check will be made." 1315 DEFVAL { sysUpTimeInstance } 1316 ::= { expObjectEntry 5 } 1318 expObjectDiscontinuityIDWildcard OBJECT-TYPE 1319 SYNTAX TruthValue 1320 MAX-ACCESS read-create 1321 STATUS current 1322 DESCRIPTION 1323 "A true value indicates the expObjectDeltaDiscontinuityID of 1324 this row is a wildcard object. False indicates that 1325 expObjectDeltaDiscontinuityID is fully instanced. 1327 This object is instantiated only if expObjectSampleType is 1328 'deltaValue' or 'changedValue'. 1330 NOTE: The simplest implementations of this MIB may not allow 1331 wildcards." 1332 DEFVAL { false } 1333 ::= { expObjectEntry 6 } 1335 expObjectDiscontinuityIDType OBJECT-TYPE 1336 SYNTAX INTEGER { timeTicks(1), timeStamp(2), dateAndTime(3) } 1337 MAX-ACCESS read-create 1338 STATUS current 1339 DESCRIPTION 1340 "The value 'timeTicks' indicates the expObjectDeltaDiscontinuityID 1341 of this row is of syntax TimeTicks. The value 'timeStamp' indicates 1342 syntax TimeStamp. The value 'dateAndTime indicates syntax 1343 DateAndTime. 1345 This object is instantiated only if expObjectSampleType is 1346 'deltaValue' or 'changedValue'." 1347 DEFVAL { timeTicks } 1348 ::= { expObjectEntry 7 } 1350 expObjectConditional OBJECT-TYPE 1351 SYNTAX OBJECT IDENTIFIER 1352 MAX-ACCESS read-create 1353 STATUS current 1354 DESCRIPTION 1355 "The OBJECT IDENTIFIER (OID) of an object that overrides 1356 whether the instance of expObjectID is to be considered 1357 usable. If the value of the object at expObjectConditional 1358 is 0 or not instantiated, the object at expObjectID is 1359 treated as if it is not instantiated. In other words, 1360 expObjectConditional is a filter that controls whether or 1361 not to use the value at expObjectID. 1363 The OID may be for a leaf object (e.g. sysObjectID.0) or may be 1364 wildcarded to match expObjectID. If expObject is wildcarded and 1365 expObjectID in the same row is not, the wild portion of 1366 expObjectConditional must match the wildcarding of the rest of 1367 the expression. If no object in the expression is wildcarded 1368 but expObjectConditional is, use the lexically first instance 1369 (if any) of expObjectConditional. 1371 If the value of expObjectConditional is 0.0 operation is 1372 as if the value pointed to by expObjectConditional is a 1373 non-zero (true) value. 1375 Note that expObjectConditional can not trivially use an object 1376 of syntax TruthValue, since the underlying value is not 0 or 1." 1377 DEFVAL { zeroDotZero } 1378 ::= { expObjectEntry 8 } 1380 expObjectConditionalWildcard OBJECT-TYPE 1381 SYNTAX TruthValue 1382 MAX-ACCESS read-create 1383 STATUS current 1384 DESCRIPTION 1386 "A true value indicates the expObjectConditional of this row is 1387 a wildcard object. False indicates that expObjectConditional is 1388 fully instanced. 1390 NOTE: The simplest implementations of this MIB may not allow 1391 wildcards." 1392 DEFVAL { false } 1393 ::= { expObjectEntry 9 } 1395 expObjectEntryStatus OBJECT-TYPE 1396 SYNTAX RowStatus 1397 MAX-ACCESS read-create 1398 STATUS current 1399 DESCRIPTION 1400 "The control that allows creation/deletion of entries. 1402 Objects in this table may be changed while 1403 expObjectEntryStatus is in any state." 1404 ::= { expObjectEntry 10 } 1406 -- 1407 -- Expression Value Table 1408 -- 1410 expValueTable OBJECT-TYPE 1411 SYNTAX SEQUENCE OF ExpValueEntry 1412 MAX-ACCESS not-accessible 1413 STATUS current 1414 DESCRIPTION 1415 "A table of values from evaluated expressions." 1416 ::= { expValue 1 } 1418 expValueEntry OBJECT-TYPE 1419 SYNTAX ExpValueEntry 1420 MAX-ACCESS not-accessible 1421 STATUS current 1422 DESCRIPTION 1423 "A single value from an evaluated expression. For a given 1424 instance, only one 'Val' object in the conceptual row will be 1425 instantiated, that is, the one with the appropriate type for 1426 the value. For values that contain no objects of 1427 expObjectSampleType 'deltaValue' or 'changedValue', reading a 1428 value from the table causes the evaluation of the expression 1429 for that value. For those that contain a 'deltaValue' or 1430 'changedValue' the value read is as of the last sampling 1431 interval. 1433 If in the attempt to evaluate the expression one or more 1434 of the necessary objects is not available, the corresponding 1435 entry in this table is effectively not instantiated. 1437 To maintain security of MIB information, when creating a new 1438 row in this table, the managed system must record the security 1439 credentials of the requester. These security credentials are 1440 the parameters necessary as inputs to isAccessAllowed from [RFC2571]. 1441 When obtaining the objects that make up the expression, the 1442 system must (conceptually) use isAccessAllowed to ensure that 1443 it does not violate security. 1445 The evaluation of that expression takes place under the 1446 security credentials of the creator of its expExpressionEntry. 1448 To maintain security of MIB information, expression evaluation must 1449 take place using security credentials for the implied Gets of the 1450 objects in the expression as inputs (conceptually) to 1451 isAccessAllowed from the Architecture for Describing SNMP Management 1452 Frameworks. These are the security credentials of the creator 1453 of the corresponding expExpressionEntry." 1454 INDEX { expExpressionOwner, expExpressionName, 1455 IMPLIED expValueInstance } 1456 ::= { expValueTable 1 } 1458 ExpValueEntry ::= SEQUENCE { 1459 expValueInstance OBJECT IDENTIFIER, 1460 expValueCounter32Val Counter32, 1461 expValueUnsigned32Val Unsigned32, 1462 expValueTimeTicksVal TimeTicks, 1463 expValueInteger32Val Integer32, 1464 expValueIpAddressVal IpAddress, 1465 expValueOctetStringVal OCTET STRING, 1466 expValueOidVal OBJECT IDENTIFIER, 1467 expValueCounter64Val Counter64 1468 } 1470 expValueInstance OBJECT-TYPE 1471 SYNTAX OBJECT IDENTIFIER 1472 MAX-ACCESS not-accessible 1473 STATUS current 1474 DESCRIPTION 1475 "The final instance portion of a value's OID according to 1476 the wildcarding in instances of expObjectID for the 1477 expression. The prefix of this OID fragment is 0.0, 1478 leading to the following behavior. 1480 If there is no wildcarding, the value is 0.0.0. In other 1481 words, there is one value which standing alone would have 1482 been a scalar with a 0 at the end of its OID. 1484 If there is wildcarding, the value is 0.0 followed by 1485 a value that the wildcard can take, thus defining one value 1486 instance for each real, possible value of the wildcard. 1487 So, for example, if the wildcard worked out to be an ifIndex, 1488 there is an expValueInstance for each applicable ifIndex." 1489 ::= { expValueEntry 1 } 1491 expValueCounter32Val OBJECT-TYPE 1492 SYNTAX Counter32 1493 MAX-ACCESS read-only 1494 STATUS current 1495 DESCRIPTION 1496 "The value when expExpressionValueType is 'counter32'." 1497 ::= { expValueEntry 2 } 1499 expValueUnsigned32Val OBJECT-TYPE 1500 SYNTAX Unsigned32 1501 MAX-ACCESS read-only 1502 STATUS current 1503 DESCRIPTION 1504 "The value when expExpressionValueType is 'unsigned32'." 1505 ::= { expValueEntry 3 } 1507 expValueTimeTicksVal OBJECT-TYPE 1508 SYNTAX TimeTicks 1509 MAX-ACCESS read-only 1510 STATUS current 1511 DESCRIPTION 1512 "The value when expExpressionValueType is 'timeTicks'." 1513 ::= { expValueEntry 4 } 1515 expValueInteger32Val OBJECT-TYPE 1516 SYNTAX Integer32 1517 MAX-ACCESS read-only 1518 STATUS current 1519 DESCRIPTION 1520 "The value when expExpressionValueType is 'integer32'." 1521 ::= { expValueEntry 5 } 1523 expValueIpAddressVal OBJECT-TYPE 1524 SYNTAX IpAddress 1525 MAX-ACCESS read-only 1526 STATUS current 1527 DESCRIPTION 1528 "The value when expExpressionValueType is 'ipAddress'." 1529 ::= { expValueEntry 6 } 1531 expValueOctetStringVal OBJECT-TYPE 1532 SYNTAX OCTET STRING (SIZE (0..65536)) 1533 MAX-ACCESS read-only 1534 STATUS current 1535 DESCRIPTION 1536 "The value when expExpressionValueType is 'octetString'." 1537 ::= { expValueEntry 7 } 1539 expValueOidVal OBJECT-TYPE 1540 SYNTAX OBJECT IDENTIFIER 1541 MAX-ACCESS read-only 1542 STATUS current 1543 DESCRIPTION 1544 "The value when expExpressionValueType is 'objectId'." 1545 ::= { expValueEntry 8 } 1547 expValueCounter64Val OBJECT-TYPE 1548 SYNTAX Counter64 1549 MAX-ACCESS read-only 1550 STATUS current 1551 DESCRIPTION 1552 "The value when expExpressionValueType is 'counter64'." 1553 ::= { expValueEntry 9 } 1555 -- 1556 -- Conformance 1557 -- 1559 dismanExpressionMIBConformance OBJECT IDENTIFIER ::= { dismanExpressionMIB 3 } 1560 dismanExpressionMIBCompliances OBJECT IDENTIFIER ::= 1561 { dismanExpressionMIBConformance 1 } 1562 dismanExpressionMIBGroups OBJECT IDENTIFIER ::= 1563 { dismanExpressionMIBConformance 2 } 1565 -- Compliance 1567 dismanExpressionMIBCompliance MODULE-COMPLIANCE 1568 STATUS current 1569 DESCRIPTION 1570 "The compliance statement for entities which implement 1571 the Expression MIB." 1572 MODULE -- this module 1573 MANDATORY-GROUPS { 1574 dismanExpressionResourceGroup, 1575 dismanExpressionDefinitionGroup, 1576 dismanExpressionValueGroup 1577 } 1579 OBJECT expResourceDeltaMinimum 1580 SYNTAX Integer32 (-1 | 60..600) 1581 DESCRIPTION 1582 "Implementation need not allow deltas or it may 1583 implement them and restrict them to higher values." 1585 OBJECT expObjectSampleType 1586 WRITE-SYNTAX INTEGER { absoluteValue(1) } 1587 DESCRIPTION 1588 "Implementation may disallow deltas calculation or 1589 change detection." 1591 OBJECT expObjectIDWildcard 1592 WRITE-SYNTAX INTEGER { false(2) } 1593 DESCRIPTION 1594 "Implementation may allow wildcards." 1596 OBJECT expObjectDiscontinuityIDWildcard 1597 WRITE-SYNTAX INTEGER { false(2) } 1598 DESCRIPTION 1599 "Implementation need not allow wildcards." 1601 OBJECT expObjectConditionalWildcard 1602 WRITE-SYNTAX INTEGER { false(2) } 1603 DESCRIPTION 1604 "Implementation need not allow deltas wildcards." 1606 ::= { dismanExpressionMIBCompliances 1 } 1608 -- Units of Conformance 1610 dismanExpressionResourceGroup OBJECT-GROUP 1611 OBJECTS { 1612 expResourceDeltaMinimum, 1613 expResourceDeltaWildcardInstanceMaximum, 1614 expResourceDeltaWildcardInstances, 1615 expResourceDeltaWildcardInstancesHigh, 1616 expResourceDeltaWildcardInstanceResourceLacks 1617 } 1618 STATUS current 1619 DESCRIPTION 1620 "Expression definition resource management." 1621 ::= { dismanExpressionMIBGroups 1 } 1623 dismanExpressionDefinitionGroup OBJECT-GROUP 1624 OBJECTS { 1625 expExpression, 1626 expExpressionValueType, 1627 expExpressionComment, 1628 expExpressionDeltaInterval, 1629 expExpressionPrefix, 1630 expExpressionErrors, 1631 expExpressionEntryStatus, 1633 expErrorTime, 1634 expErrorIndex, 1635 expErrorCode, 1636 expErrorInstance, 1638 expObjectID, 1639 expObjectIDWildcard, 1640 expObjectSampleType, 1641 expObjectDeltaDiscontinuityID, 1642 expObjectDiscontinuityIDWildcard, 1643 expObjectDiscontinuityIDType, 1644 expObjectConditional, 1645 expObjectConditionalWildcard, 1646 expObjectEntryStatus 1647 } 1648 STATUS current 1649 DESCRIPTION 1650 "Expression definition." 1651 ::= { dismanExpressionMIBGroups 2 } 1653 dismanExpressionValueGroup OBJECT-GROUP 1654 OBJECTS { 1655 expValueCounter32Val, 1656 expValueUnsigned32Val, 1657 expValueTimeTicksVal, 1658 expValueInteger32Val, 1659 expValueIpAddressVal, 1660 expValueOctetStringVal, 1661 expValueOidVal, 1662 expValueCounter64Val 1663 } 1664 STATUS current 1665 DESCRIPTION 1666 "Expression value." 1667 ::= { dismanExpressionMIBGroups 3 } 1669 END 1670 5. Intellectual Property 1672 The IETF takes no position regarding the validity or scope of any 1673 intellectual property or other rights that might be claimed to pertain 1674 to the implementation or use of the technology described in this 1675 document or the extent to which any license under such rights might or 1676 might not be available; neither does it represent that it has made any 1677 effort to identify any such rights. Information on the IETF's 1678 procedures with respect to rights in standards-track and standards- 1679 related documentation can be found in BCP-11. Copies of claims of 1680 rights made available for publication and any assurances of licenses to 1681 be made available, or the result of an attempt made to obtain a general 1682 license or permission for the use of such proprietary rights by 1683 implementors or users of this specification can be obtained from the 1684 IETF Secretariat. 1686 The IETF invites any interested party to bring to its attention any 1687 copyrights, patents or patent applications, or other proprietary rights 1688 which may cover technology that may be required to practice this 1689 standard. Please address the information to the IETF Executive 1690 Director. 1692 6. Acknowledgements 1694 This MIB contains considerable contributions from the Distributed 1695 Management Design Team (Andy Bierman, Maria Greene, Bob Stewart, and 1696 Steve Waldbusser), and colleagues at Cisco who did the first 1697 implemenation. 1699 7. References 1701 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 1702 for Describing SNMP Management Frameworks", RFC 2571, April 1703 1999 1705 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 1706 of Management Information for TCP/IP-based Internets", STD 1707 16, RFC 1155, May 1990 1709 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 1710 16, RFC 1212, March 1991 1712 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 1713 SNMP", RFC 1215, March 1991 1715 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1716 Rose, M., and S. Waldbusser, "Structure of Management 1717 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 1719 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1720 Rose, M., and S. Waldbusser, "Textual Conventions for 1721 SMIv2", STD 58, RFC 2579, April 1999 1723 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1724 Rose, M., and S. Waldbusser, "Conformance Statements for 1725 SMIv2", STD 58, RFC 2580, April 1999 1727 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1728 Network Management Protocol", STD 15, RFC 1157, May 1990. 1730 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1731 "Introduction to Community-based SNMPv2", RFC 1901, January 1732 1996. 1734 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1735 "Transport Mappings for Version 2 of the Simple Network 1736 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1738 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1739 Processing and Dispatching for the Simple Network Management 1740 Protocol (SNMP)", RFC 2572, April 1999 1742 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1743 (USM) for version 3 of the Simple Network Management 1744 Protocol (SNMPv3)", RFC 2574, April 1999 1746 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1747 "Protocol Operations for Version 2 of the Simple Network 1748 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1750 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1751 RFC 2573, April 1999 1753 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1754 Access Control Model (VACM) for the Simple Network 1755 Management Protocol (SNMP)", RFC 2575, April 1999 1757 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1758 "Introduction to Version 3 of the Internet-standard Network 1759 Management Framework", RFC 2570, April 1999 1761 [RFC1903] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 1762 "Coexistence between Version 1 and version 2 of the 1763 Internet-standard Network Management Framework", RFC 1903, 1764 January 1996. 1766 [RFCEventMIB] 1767 Stewart, B., "Event MIB", RFC ????, ?Month? 1999. 1769 [PracPersp] 1770 Leinwand, A. and K. Fang, "Network Management: A Practical 1771 Perspective", Addison-Wesley Publishing Company, Inc., 1993. 1773 8. Security Considerations 1775 Expression MIB security involves two perspectives: protection of 1776 expressions from tampering or unauthorized use of resources, and 1777 protection of the objects used to calculate the expressions. 1779 Security of expression definitions and results depends on the expression 1780 owner (expExpressionOwner). With view-based access control [RFC2575] a 1781 network manager can control who has what level of access to what 1782 expressions. 1784 Access control for the objects within the expression depends on the 1785 security credentials of the expression creator. These are the security 1786 credentials used to get the objects necessary to evaluate the 1787 expression. They are the security credentials that were used to set the 1788 expExpressionRowStatus object for that expression to 'active', as 1789 recorded by the managed system. 1791 This means that the results of an expression could potentially be made 1792 available to someone who does not have access to the raw data that went 1793 into them. This could be either legitimate or a security violation, 1794 depending on the specific situation and security policy. 1796 To facilitate the provisioning of access control by a security 1797 administrator for this MIB itself using the View-Based Access Control 1798 Model (VACM) defined in RFC 2575 [RFC2575] for tables in which multiple 1799 users may need to independently create or modify entries, the initial 1800 index is used as an "owner index". Such an initial index has a syntax of 1801 SnmpAdminString, and can thus be trivially mapped to a securityName or 1802 groupName as defined in VACM, in accordance with a security policy. 1804 All entries in related tables belonging to a particular user will have 1805 the same value for this initial index. For a given user's entries in a 1806 particular table, the object identifiers for the information in these 1807 entries will have the same subidentifiers (except for the "column" 1808 subidentifier) up to the end of the encoded owner index. To configure 1809 VACM to permit access to this portion of the table, one would create 1810 vacmViewTreeFamilyTable entries with the value of 1811 vacmViewTreeFamilySubtree including the owner index portion, and 1812 vacmViewTreeFamilyMask "wildcarding" the column subidentifier. More 1813 elaborate configurations are possible. 1815 9. Author's Address 1817 Bob Stewart 1818 Cisco Systems, Inc. 1819 170 West Tasman Drive 1820 San Jose, CA 95134-1706 1821 U.S.A. 1823 10. Editor's Address 1825 Ramanathan Kavasseri 1826 Cisco Systems, Inc. 1827 170 West Tasman Drive 1828 San Jose, CA 95134-1706 1829 U.S.A. 1831 Phone: +1 408 527 2446 1832 Email: ramk@cisco.com 1834 11. Full Copyright Statement 1836 Copyright (C) The Internet Society (1999). All Rights Reserved. 1838 This document and translations of it may be copied and furnished to 1839 others, and derivative works that comment on or otherwise explain it or 1840 assist in its implementation may be prepared, copied, published and 1841 distributed, in whole or in part, without restriction of any kind, 1842 provided that the above copyright notice and this paragraph are included 1843 on all such copies and derivative works. However, this document itself 1844 may not be modified in any way, such as by removing the copyright notice 1845 or references to the Internet Society or other Internet organizations, 1846 except as needed for the purpose of developing Internet standards in 1847 which case the procedures for copyrights defined in the Internet 1848 Standards process must be followed, or as required to translate it into 1849 languages other than English. 1851 The limited permissions granted above are perpetual and will not be 1852 revoked by the Internet Society or its successors or assigns. 1854 This document and the information contained herein is provided on an "AS 1855 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1856 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1857 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1858 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1859 FITNESS FOR A PARTICULAR PURPOSE. 1861 Table of Contents 1863 1 Abstract ........................................................ 2 1864 2 The SNMP Management Framework ................................... 2 1865 3 Overview ........................................................ 4 1866 3.1 Usage ......................................................... 4 1867 3.2 Persistance ................................................... 5 1868 3.3 Operation ..................................................... 5 1869 3.3.1 Sampling .................................................... 5 1870 3.3.2 Wildcards ................................................... 6 1871 3.3.3 Evaluation .................................................. 6 1872 3.3.4 Value Identification ........................................ 7 1873 3.4 Subsets ....................................................... 7 1874 3.4.1 No Wildcards ................................................ 7 1875 3.4.2 No Deltas ................................................... 8 1876 3.5 Structure ..................................................... 8 1877 3.5.1 Resource .................................................... 8 1878 3.5.2 Definition .................................................. 8 1879 3.5.3 Value ....................................................... 9 1880 3.6 Examples ...................................................... 9 1881 3.6.1 Wildcarding ................................................. 9 1882 3.6.2 Calculation and Conditional ................................. 11 1883 4 Definitions ..................................................... 14 1884 5 Intellectual Property ........................................... 41 1885 6 Acknowledgements ................................................ 42 1886 7 References ...................................................... 43 1887 8 Security Considerations ......................................... 45 1888 9 Author's Address ................................................ 46 1889 10 Editor's Address ............................................... 46 1890 11 Full Copyright Statement ....................................... 47