idnits 2.17.1 draft-ietf-rtfm-acct-meter-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1355 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Feb 1996) is 10298 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1442 (ref. '2') (Obsoleted by RFC 1902) ** Obsolete normative reference: RFC 1443 (ref. '3') (Obsoleted by RFC 1903) ** Obsolete normative reference: RFC 1444 (ref. '4') (Obsoleted by RFC 1904) ** Obsolete normative reference: RFC 1452 (ref. '5') (Obsoleted by RFC 1908) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') -- Possible downref: Non-RFC (?) normative reference: ref. '9' ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '10') -- Possible downref: Non-RFC (?) normative reference: ref. '11' Summary: 14 errors (**), 0 flaws (~~), 2 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Nevil Brownlee 3 INTERNET-DRAFT The University of Auckland 4 Feb 1996 6 Traffic Flow Measurement: Meter MIB 7 9 Status of this Memo 11 This document is an Internet Draft. Internet Drafts are working 12 documents of the Internet Engineering Task Force (IETF), its Areas, and 13 its Working Groups. Note that other groups may also distribute working 14 documents as Internet Drafts. This Internet Draft is a product of the 15 Realtime Traffic Flow Measurement Working Group of the IETF. 17 Internet Drafts are draft documents valid for a maximum of six months. 18 Internet Drafts may be updated, replaced, or obsoleted by other 19 documents at any time. It is not appropriate to use Internet Drafts as 20 reference material or to cite them other than as a "working draft" or 21 "work in progress." 23 Please check the I-D abstract listing contained in the internet-drafts 24 Shadow Directories on nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, 25 ftp.nisc.sri.com or munnari.oz.au to learn the current status of this or 26 any other Internet Draft. 28 Abstract 30 This memo defines an experimental portion of the Management Information 31 Base (MIB) for use with network management protocols in TCP/IP-based 32 internets. In particular, this memo defines managed objects used for 33 obtaining traffic flow information from network traffic meters. 35 Contents 37 1 The Network Management Framework 1 39 2 Objects 2 40 2.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 3 42 3 Overview 3 43 3.1 Scope of Definitions, Textual Conventions . . . . . . . . . . 3 44 3.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 4 45 4 Definitions 5 47 5 Acknowledgements 33 49 6 References 33 51 7 Security Considerations 34 53 8 Author's Address 34 55 1 The Network Management Framework 57 The Internet-standard Network Management Framework consists of three 58 components. They are: 60 RFC 1155 defines the SMI, the mechanisms used for describing 61 and naming objects for the purpose of management. RFC 1212 62 defines a more concise description mechanism, which is wholly 63 consistent with the SMI. 65 RFC 1156 defines MIB-I, the core set of managed objects for the 66 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 67 evolution of MIB-I based on implementation experience and new 68 operational requirements. 70 RFC 1157 defines the SNMP, the protocol used for network access 71 to managed objects. 73 RFC 1442 [2] defines the SMI for version 2 of the Simple 74 Network Management Protocol. 76 RFCs 1443 and 1444 [3,4] define Textual Conventions and 77 Conformance Statements for version 2 of the Simple Network 78 Management Protocol. 80 RFC 1452 [5] describes how versions 1 and 2 of the Simple 81 Network Management Protocol should coexist. 83 The Framework permits new objects to be defined for the purpose of 84 experimentation and evaluation. 86 2 Objects 88 Managed objects are accessed via a virtual information store, termed the 89 Management Information Base or MIB. Objects in the MIB are defined using 90 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 91 SMI. In particular, each object has a name, a syntax, and an encoding. 92 The name is an object identifier, an administratively assigned name, 93 which specifies an object type. The object type together with an object 94 instance serves to uniquely identify a specific instantiation of the 95 object. For human convenience, we often use a textual string, termed 96 the OBJECT DESCRIPTOR, to also refer to the object type. 98 The syntax of an object type defines the abstract data structure 99 corresponding to that object type. The ASN.1 language is used for this 100 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 101 which may be used. These restrictions are explicitly made for 102 simplicity. 104 The encoding of an object type is simply how that object type is 105 represented using the object type's syntax. Implicitly tied to the 106 notion of an object type's syntax and encoding is how the object type is 107 represented when being transmitted on the network. 109 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 110 subject to the additional requirements imposed by the SNMP. 112 2.1 Format of Definitions 114 Section 4 contains contains the specification of all object types 115 contained in this MIB module. These object types are defined using the 116 conventions defined in [2] and [3]. 118 3 Overview 120 Traffic Flow Measurement seeks to provide a well-defined method for 121 gathering traffic flow information from networks and internetworks. The 122 background for this is given in "Traffic Flow Measurement: Background" 123 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 124 produced a measurement architecture to achieve it; this is documented in 125 "Traffic Flow Measurement: Architecture" [9]. The architecture defines 126 three entities: 128 - METERS, which observe network traffic flows and build up a table of 129 flow data records for them, 131 - METER REAERS, which collect traffic flow data from meters, and 133 - MANAGERS, which oversee the operation of meters and meter readers. 135 This memo defines the SNMP management information for a Traffic Flow 136 Meter (TFM). It documents the earlier work of the Internet Accounting 137 Working Group, and is intended to provide a starting point for the 138 Realtime Traffic Flow Measurement Working Group. 140 3.1 Scope of Definitions, Textual Conventions 142 All objects defined in this memo are registered in a single subtree 143 within the mib-2 namespace [1,2], and are for use in network devices 144 which may perform a PDU forwarding or monitoring function. For these 145 devices, the value of the ifSpecific variable in the MIB-II [1] has the 146 OBJECT IDENTIFIER value: 148 flowMIB OBJECT IDENTIFIER ::= mib-2 40 150 as defined below. 152 The RTFM Meter MIB was first produced and tested using SNMPv1. It has 153 been converted into SNMPv2 following the guidelines in RFC 1452 [5]. 155 3.2 Usage of the MIB variables 157 The MIB breaks into four parts - control, flows, rules and conformance 158 statements. 160 The rules implement the minumum set of packet-matching actions, as set 161 out in the "Traffic Flow Measurment: Architecture" document [9]. In 162 addition they provide for BASIC-style subroutines, allowing a network 163 manager to dramatically reduce the number of rules required to monitor a 164 big network. 166 Traffic flows are identified by a set of attributes for each of its 167 end-points. Attributes include network addresses for each layer of the 168 network protocol stack, and 'subscriber ids,' which may be used to 169 identify an accountable entity for the flow. 171 The conformance statements are set out as defined in [4]. They explain 172 what must be implemented in a meter which claims to conform to this MIB. 174 To retrieve flow data one could simply do a linear scan of the flow 175 table. This would certainly work, but would require a lot of protocol 176 exchanges. To reduce the overhead in retrieving flow data, there are 177 two 'indexes' into the flow table. The 'activity' index makes it easy 178 to find those flows which have been active at or after a given time; 179 this allows retrieval of flow data without using an opaque object. 181 The other index is the flowColumnActivityTable, which is (logically) a 182 three-dimensional array, subscripted by flow attribute, activity time 183 and starting flow number. This allows a meter reader to retrieve (in an 184 opaque object) data for a column of the flow table with a minimum of 185 SNMP overhead. An attempt has been made to include a full ASN.1 186 definition of the flowColumnActivityData object. 188 One aspect of data collection which needs emphasis is that all the MIB 189 variables are set up to allow multiple independent colletors to work 190 properly, i.e. the flow table indexes are stateless. An alternative 191 approach would have been to 'snapshot' the flow table, which would mean 192 that the meter readers would have to be synchronized. The stateless 193 approach does mean that two meter readers will never return exactly the 194 same set of traffic counts, but over long periods (e.g. 15-minute 195 collections over a day) the discrepancies are acceptable. If one really 196 needs a snapshot, this can be achieved by switching to an identical rule 197 set with a different RuleSet number, hence asynchronous collections may 198 be regarded as a useful generalisation of synchronised ones. 200 The control variables are the minimum set required for a meter reader. 201 Their number has been whittled down as experience has been gained with 202 the MIB implementation. 204 4 Definitions 206 FLOW-METER-MIB DEFINITIONS ::= BEGIN 208 IMPORTS 209 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, TimeTicks, 210 IpAddress 211 FROM SNMPv2-SMI 212 TEXTUAL-CONVENTION, RowStatus, TimeStamp 213 FROM SNMPv2-TC 214 OBJECT-GROUP, MODULE-COMPLIANCE 215 FROM SNMPv2-CONF 216 mib-2, ifIndex 217 FROM RFC1213-MIB; 219 flowMIB MODULE-IDENTITY 220 LAST-UPDATED "9602080845Z" 221 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 222 CONTACT-INFO 223 "Nevil Brownlee, The University of Auckland 224 Email: n.brownlee@auckland.ac.nz" 225 DESCRIPTION 226 "MIB for the RTFM Traffic Flow Meter." 227 ::= { mib-2 40 } 229 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 231 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 233 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 235 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 237 -- Textual Conventions 239 AddressType ::= TEXTUAL-CONVENTION 240 STATUS current 241 DESCRIPTION 242 "Indicates the type of an adjacent address or peer address. 243 The type of a transport address will depend on the peer 244 address type." 245 SYNTAX INTEGER { 246 ethernetAddress(1), 247 ipAddress(2), 248 nsapAddress(3), 249 idprAddress(4), 250 decnetAddress(5), 251 ipxnetAddress(6), 252 ethertalkAddress(7), 253 fddiAddress(8), 254 tokenringAddress(9) } 256 AdjacentAddress ::= TEXTUAL-CONVENTION 257 STATUS current 258 DESCRIPTION 259 "Specifies the value of an adjacent address for various 260 physical media. Address format depends on the actual media, 261 as follows: 263 Ethernet: ethernetAddress(1) 264 6-octet 802.3 MAC address in 'canonical' order 266 FDDI: fddiAddress(3) 267 FddiMACLongAddress, i.e. a 6-octet MAC address 268 in 'canonical' order (defined in the FDDI MIB [10]) 270 Token Ring: tokenringAddress(4) 271 6-octet 802.5 MAC address in 'canonical' order 272 " 273 SYNTAX OCTET STRING (SIZE (6)) 275 PeerAddress ::= TEXTUAL-CONVENTION 276 STATUS current 277 DESCRIPTION 278 "Specifies the value of a peer address for various network 279 protocols. Address format depends on the actual protocol, 280 as follows: 282 IP: ipAddress(2) 283 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 285 CLNS: nsapAddress(3) 286 NsapAddress (defined in the SNMPv2 SMI [2]) 288 IDRP: idprAddress(4) 289 InterDomain Routing Protocol (a version of BGP) 291 DECnet: decnetAddress(5) 292 1-octet Area number (in low-order six bits), 293 2-octet Host number (in low-order ten bits) 295 Novell: ipxnetAddress(6) 296 4-octet Network number, 297 6-octet Host number (MAC address) 299 AppleTalk: ethertalkAddress(7) 300 2-octet Network number (sixteen bits), 301 1-octet Host number (eight bits) 302 " 303 SYNTAX OCTET STRING (SIZE (3..20)) 305 TransportAddress ::= TEXTUAL-CONVENTION 306 STATUS current 307 DESCRIPTION 308 "Specifies the value of a transport address for various 309 network protocols. Format as follows: 311 IP: 312 2-octet UDP or TCP port number 314 Other protocols: 315 2-octet port number 316 " 317 SYNTAX OCTET STRING (SIZE (2)) 319 RuleAddress ::= TEXTUAL-CONVENTION 320 STATUS current 321 DESCRIPTION 322 "Specifies the value of an address. Is a superset of 323 AdjacentAddress, PeerAddress and TransportAddress." 324 SYNTAX OCTET STRING (SIZE (2..20)) 326 FlowAttributeNumber ::= TEXTUAL-CONVENTION 327 STATUS current 328 DESCRIPTION 329 "Uniquely identifies an attribute within a flow data record." 330 SYNTAX INTEGER { 331 flowIndex(1), 332 flowStatus(2), 333 sourceInterface(3), -- Source Address 334 sourceAdjacentType(4), 335 sourceAdjacentAddress(5), 336 sourceAdjacentMask(6), 337 sourcePeerType(7), 338 sourcePeerAddress(8), 339 sourcePeerMask(9), 340 sourceTransType(10), 341 sourceTransAddress(11), 342 sourceTransMask(12), 343 destInterface(13), -- Dest Address 344 destAdjacentType(14), 345 destAdjacentAddress(15), 346 destAdjacentMask(16), 347 destPeerType(17), 348 destPeerAddress(18), 349 destPeerMask(19), 350 destTransType(20), 351 destTransAddress(21), 352 destTransMask(22), 353 pduScale(23), -- Rule Set attributes 354 octetScale(24), 355 ruleSet(25), 356 toOctets(26), -- Source-to-Dest 357 toPDUs(27), 358 fromOctets(28), -- Dest-to-Source 359 fromPDUs(29), 360 firstTime(30), -- Activity times 361 lastActiveTime(31), 362 sourceSubscriberID(32), -- Subscriber ID 363 destSubscriberID(33), 364 sessionID(34), 365 sourceClass(35), -- Computed attributes 366 destClass(36), 367 flowClass(37), 368 sourceKind(38), 369 destKind(39), 370 flowKind(40) } 372 RuleAttributeNumber ::= TEXTUAL-CONVENTION 373 STATUS current 374 DESCRIPTION 375 "Uniquely identifies an attribute which may be tested in 376 a rule. These include attributes whose values come directly 377 from the flow's packets and the five 'meter' variables used to 378 hold an AttributeValue. Attributes derived from the rules - 379 e.g. address masks - may not be tested." 380 SYNTAX INTEGER { 381 null(0), 382 sourceInterface(3), -- Source Address 383 sourceAdjacentType(4), 384 sourceAdjacentAddress(5), 385 sourcePeerType(7), 386 sourcePeerAddress(8), 387 sourceTransType(10), 388 sourceTransAddress(11), 389 destInterface(13), -- Dest Address 390 destAdjacentType(14), 391 destAdjacentAddress(15), 392 destPeerType(17), 393 destPeerAddress(18), 394 destTransType(20), 395 destTransAddress(21), 396 sourceSubscriberID(32), -- Subscriber ID 397 destSubscriberID(33), 398 sessionID(34), 399 v1(51), -- Meter variables 400 v2(52), 401 v3(53), 402 v4(54), 403 v5(55) } 405 TimeFilter ::= TEXTUAL-CONVENTION 406 STATUS current 407 DESCRIPTION 408 "Used as an index to a table. A TimeFilter variable allows 409 a GetNext or GetBulk request to find rows in a table for 410 which the TimeFilter index variable is greater than or equal 411 to a specified value. For example, a meter reader could 412 use the FlowActivityTable to find the subscripts for all 413 rows in the flow table which have been active at or since 414 a specified time. 416 More details on TimeFilter variables, their implementation 417 and use can be found in the RMON2 MIB [11]." 418 SYNTAX TimeTicks 420 ActionNumber ::= TEXTUAL-CONVENTION 421 STATUS current 422 DESCRIPTION 423 "Uniquely identifies the action of a rule, i.e. the Pattern 424 Matching Engine's opcode number. Details of the opcodess 425 are given in the 'Traffic Flow Measurement: Architecture' 426 document [9]." 427 SYNTAX INTEGER { 428 ignore(1), 429 fail(2), 430 count(3), 431 countPkt(4), 432 return(5), 433 gosub(6), 434 gosubAct(7), 435 assign(8), 436 assignAct(9), 437 goto(10), 438 gotoAct(11), 439 pushRuleTo(12), 440 pushRuleToAct(13), 441 pushPktTo(14), 442 pushPktToAct(15) } 444 -- 445 -- Control Group: Rule Set Info Table 446 -- 448 flowRuleSetInfoTable OBJECT-TYPE 449 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 450 MAX-ACCESS not-accessible 451 STATUS current 452 DESCRIPTION 453 "An array of information about the rule sets held in the 454 meter. Rule set 1 is the meter default, used when the meter 455 starts up. It is built in to the meter; it may not be 456 changed." 457 ::= { flowControl 1 } 459 flowRuleSetInfoEntry OBJECT-TYPE 460 SYNTAX FlowRuleSetInfoEntry 461 MAX-ACCESS not-accessible 462 STATUS current 463 DESCRIPTION 464 "Information about a particular rule set." 465 INDEX { flowRuleInfoIndex } 466 ::= { flowRuleSetInfoTable 1 } 468 FlowRuleSetInfoEntry ::= SEQUENCE { 469 flowRuleInfoIndex Integer32, 470 flowRuleInfoSize Integer32, 471 flowRuleInfoOwner IpAddress, 472 flowRuleInfoTimeStamp TimeStamp, 473 flowRuleInfoStatus RowStatus 474 } 476 flowRuleInfoIndex OBJECT-TYPE 477 SYNTAX Integer32 478 MAX-ACCESS not-accessible 479 STATUS current 480 DESCRIPTION 481 "An index which selects an entry in the flowRuleSetInfoTable. 482 Each such entry contains control information for a particular 483 rule set which the meter may run." 484 ::= { flowRuleSetInfoEntry 1 } 486 flowRuleInfoSize OBJECT-TYPE 487 SYNTAX Integer32 488 MAX-ACCESS read-create 489 STATUS current 490 DESCRIPTION 491 "Number of rules in this rule set. Setting this variable will 492 cause the meter to allocate space for these rules." 493 ::= { flowRuleSetInfoEntry 2 } 495 flowRuleInfoOwner OBJECT-TYPE 496 SYNTAX IpAddress 497 MAX-ACCESS read-create 498 STATUS current 499 DESCRIPTION 500 "Identifies the meter reader which configured this rule set." 501 ::= { flowRuleSetInfoEntry 3 } 503 flowRuleInfoTimeStamp OBJECT-TYPE 504 SYNTAX TimeStamp 505 MAX-ACCESS read-create 506 STATUS current 507 DESCRIPTION 508 "Time this rule set was last changed." 509 ::= { flowRuleSetInfoEntry 4 } 511 flowRuleInfoStatus OBJECT-TYPE 512 SYNTAX RowStatus 513 MAX-ACCESS read-create 514 STATUS current 515 DESCRIPTION 516 "The status of this rule set. If this object's value is 517 not active(1), the meter will not attempt to use this 518 rule set." 519 ::= { flowRuleSetInfoEntry 5 } 521 -- 522 -- Control Group: Interface Info Table 523 -- 525 flowInterfaceTable OBJECT-TYPE 526 SYNTAX SEQUENCE OF FlowInterfaceEntry 527 MAX-ACCESS not-accessible 528 STATUS current 529 DESCRIPTION 530 "An array of information specific to each meter interface." 531 ::= { flowControl 2 } 533 flowInterfaceEntry OBJECT-TYPE 534 SYNTAX FlowInterfaceEntry 535 MAX-ACCESS not-accessible 536 STATUS current 537 DESCRIPTION 538 "Information about a particular interface." 539 INDEX { ifIndex } 540 ::= { flowInterfaceTable 1 } 542 FlowInterfaceEntry ::= SEQUENCE { 543 flowInterfaceRate Integer32, 544 flowInterfaceLostPackets Counter32 545 } 547 flowInterfaceRate OBJECT-TYPE 548 SYNTAX Integer32 549 MAX-ACCESS read-write 550 STATUS current 551 DESCRIPTION 552 "The parameter N for statistical counting on this interface. 553 Set to N to count 1/Nth of the packets appearing at this 554 interface. A meter should choose its own algorithm to 555 introduce variance into the sampling so that exactly every Nth 556 packet is not counted. A sampling rate of 1 yields a normal 557 counter. A sampling rate of 0 results in the interface 558 being ignored by the meter." 559 DEFVAL { 1 } -- Count every packet, 560 ::= { flowInterfaceEntry 1 } 562 flowInterfaceLostPackets OBJECT-TYPE 563 SYNTAX Counter32 564 MAX-ACCESS read-only 565 STATUS current 566 DESCRIPTION 567 "The number of packets the meter has lost for this interface. 568 Such losses may occur because the meter's network interface 569 hardware or software has been unable to keep up with the 570 traffic volume or because the meter has run out of memory 571 for new flows." 572 ::= { flowInterfaceEntry 2 } 574 -- 575 -- Control Group: Meter Reader Info Table 576 -- 577 -- At present any meter reader wishing to collect flow data may do so 578 -- by writing the flowLastReadTime object. The meter interprets 579 -- such a write as the start of a new collection and updates the meter 580 -- reader's row in the reader info table (creating a new row if 581 -- neccessary). In future it may be better to have meter readers 582 -- explicitly create a row in the reader info table, and indicate 583 -- that they are starting a collection by writing that row's 584 -- flowReaderLastTime object." 586 flowReaderInfoTable OBJECT-TYPE 587 SYNTAX SEQUENCE OF FlowReaderInfoEntry 588 MAX-ACCESS not-accessible 589 STATUS current 590 DESCRIPTION 591 "An array of information about meter readers which may 592 collect flow data from this meter." 593 ::= { flowControl 3 } 595 flowReaderInfoEntry OBJECT-TYPE 596 SYNTAX FlowReaderInfoEntry 597 MAX-ACCESS not-accessible 598 STATUS current 599 DESCRIPTION 600 "Information about a particular meter reader." 601 INDEX { flowReaderIndex } 602 ::= { flowReaderInfoTable 1 } 604 FlowReaderInfoEntry ::= SEQUENCE { 605 flowReaderIndex Integer32, 606 flowReaderOwner IpAddress, 607 flowReaderLastTime TimeStamp, 608 flowReaderPreviousTime TimeStamp 609 } 611 flowReaderIndex OBJECT-TYPE 612 SYNTAX Integer32 613 MAX-ACCESS not-accessible 614 STATUS current 615 DESCRIPTION 616 "Selects an entry from the array of meter reader info entries." 617 ::= { flowReaderInfoEntry 1 } 619 flowReaderOwner OBJECT-TYPE 620 SYNTAX IpAddress 621 MAX-ACCESS read-only 622 STATUS current 623 DESCRIPTION 624 "Peer address of this meter reader." 625 ::= { flowReaderInfoEntry 2 } 627 flowReaderLastTime OBJECT-TYPE 628 SYNTAX TimeStamp 629 MAX-ACCESS read-only 630 STATUS current 631 DESCRIPTION 632 "Time this meter reader last began a data collection." 633 ::= { flowReaderInfoEntry 3 } 635 flowReaderPreviousTime OBJECT-TYPE 636 SYNTAX TimeStamp 637 MAX-ACCESS read-only 638 STATUS current 639 DESCRIPTION 640 "Time this meter reader began the collection before last." 641 ::= { flowReaderInfoEntry 4 } 643 flowLastReadTime OBJECT-TYPE 644 SYNTAX TimeTicks 645 MAX-ACCESS read-write 646 STATUS current 647 DESCRIPTION 648 "Time last collection of meter data began. This variable 649 will be written by a meter reader as the first step in reading 650 flow data. The meter will set its LastTime value to uptime 651 and set its PreviousTime value to the old LastTime. This 652 allows the meter to recover flows which have been inactive 653 since PreviousTime, for these have been collected at least 654 once. If the meter fails to write flowLastReadTime, e.g. 655 by failing authentication in the meter SNMP write community, 656 collection may still proceed but the meter may not be able to 657 recover inactive flows." 658 ::= { flowControl 4 } 660 -- 661 -- Control Group: General Meter Control Variables 662 -- 664 -- At present the meter only runs a single rule set - the 'current' 665 -- one and has a single 'standby' rule set. In future it may be 666 -- developed so as to run multiple rule sets simultaneously; that would 667 -- require a more elaborate set of control variables to allow reliable 668 -- operation. 670 flowCurrentRuleSet OBJECT-TYPE 671 SYNTAX INTEGER (0..255) 672 MAX-ACCESS read-write 673 STATUS current 674 DESCRIPTION 675 "Index to the array of rule tables. Specifies which set of 676 rules is currently being used for accounting by the meter. 677 When the manager sets this variable the meter will close its 678 current rule set and start using the new one. Flows created 679 by the old rule set remain in memory, orphaned until their 680 data has been read. Specifying rule set 0 (the empty set) 681 stops flow measurement." 682 ::= { flowControl 5 } 684 flowStandbyRuleSet OBJECT-TYPE 685 SYNTAX INTEGER (0..255) 686 MAX-ACCESS read-write 687 STATUS current 688 DESCRIPTION 689 "Index to the array of rule tables. After reaching 690 HighWaterMark (see below) the meter may switch to using it's 691 standby rule set. For this to be effective the manager should 692 have downloaded a standby rule set which uses a coarser 693 reporting granularity. The manager may also need to 694 decrease the meter reading interval so that the meter can 695 recover flows measured by its normal rule set." 696 ::= { flowControl 6 } 698 flowHighWaterMark OBJECT-TYPE 699 SYNTAX INTEGER (0..100) 700 MAX-ACCESS read-write 701 STATUS current 702 DESCRIPTION 703 "A value expressed as a percentage, interpreted by the meter 704 as an indication of how full the flow table should be before 705 it should switch to the standby rule set (if one has been 706 specified). Values of 0% or 100% disable the checking 707 represented by this variable." 708 ::= { flowControl 7 } 710 flowFloodMark OBJECT-TYPE 711 SYNTAX INTEGER (0..100) 712 MAX-ACCESS read-write 713 STATUS current 714 DESCRIPTION 715 "A value expressed as a percentage, interpreted by the meter 716 as an indication of how full the flow table should be before 717 it should take some action to avoid running out of resources 718 to handle new flows. Values of 0% or 100% disable the 719 checking represented by this variable." 720 ::= { flowControl 8 } 722 flowInactivityTimeout OBJECT-TYPE 723 SYNTAX Integer32 (1..3600) 724 MAX-ACCESS read-write 725 STATUS current 726 DESCRIPTION 727 "The time in seconds since the last packet seen, after 728 which the flow may be terminated. Note that although a 729 flow may have been terminated, its data must be collected 730 before its memory can be recovered." 731 DEFVAL { 600 } -- 10 minutes 732 ::= { flowControl 9 } 734 flowActiveFlows OBJECT-TYPE 735 SYNTAX Integer32 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 "The numbers of flows which are currently in use, i.e. have 740 been active since the last collection." 741 ::= { flowControl 10 } 743 flowMaxFlows OBJECT-TYPE 744 SYNTAX Integer32 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The maximum number of flows allowed in the meter's 749 flow table. At present this is determined when the meter 750 is first started up." 751 ::= { flowControl 11 } 753 -- 754 -- The Flow Table 755 -- 757 -- This is a table kept by a meter, with one flow data entry for every 758 -- flow being measured. Each flow data entry stores the attribute 759 -- values for a traffic flow. Details of flows and their attributes 760 -- are given in the 'Traffic Flow Measurement: Architecture' 761 -- document [9]. 763 -- From time to time a meter reader may sweep the flow table so as read 764 -- counts. To reduce the number of SNMP requests required to do this, 765 -- two further tables provide alternative windows into the flow table. 766 -- The Activity Table allows a meter reader to find all the flows which 767 -- were active at or after a specified time, and the Column Activity 768 -- Table allows a meter reader to retrieve part of a column from the 769 -- flow table. Note that it is not sensible for the meter to keep 770 -- the Activity Table in LastActiveTime order, since that would result 771 -- in very active flows being counted many times during the same 772 -- collection. 774 -- This scheme allows multiple meter readers to independently use the 775 -- same meter; the meter readers do not have to be synchronised and 776 -- they may use different collection intervals. 778 flowDataTable OBJECT-TYPE 779 SYNTAX SEQUENCE OF FlowDataEntry 780 MAX-ACCESS not-accessible 781 STATUS current 782 DESCRIPTION 783 "The list of all flows being measured." 784 ::= { flowData 1 } 786 flowDataEntry OBJECT-TYPE 787 SYNTAX FlowDataEntry 788 MAX-ACCESS not-accessible 789 STATUS current 790 DESCRIPTION 791 "The flow data record for a particular flow." 792 INDEX { flowDataIndex } 793 ::= { flowDataTable 1 } 795 FlowDataEntry ::= SEQUENCE { 796 flowDataIndex Integer32, 797 flowDataStatus INTEGER, 799 flowDataSourceInterface Integer32, -- Source Address 800 flowDataSourceAdjacentType AddressType, 801 flowDataSourceAdjacentAddress AdjacentAddress, 802 flowDataSourceAdjacentMask AdjacentAddress, 803 flowDataSourcePeerType AddressType, 804 flowDataSourcePeerAddress PeerAddress, 805 flowDataSourcePeerMask PeerAddress, 806 flowDataSourceTransType INTEGER, 807 flowDataSourceTransAddress TransportAddress, 808 flowDataSourceTransMask TransportAddress, 810 flowDataDestInterface Integer32, -- Dest Address 811 flowDataDestAdjacentType AddressType, 812 flowDataDestAdjacentAddress AdjacentAddress, 813 flowDataDestAdjacentMask AdjacentAddress, 814 flowDataDestPeerType AddressType, 815 flowDataDestPeerAddress PeerAddress, 816 flowDataDestPeerMask PeerAddress, 817 flowDataDestTransType INTEGER, 818 flowDataDestTransAddress TransportAddress, 819 flowDataDestTransMask TransportAddress, 821 flowDataPDUScale INTEGER, -- Rule Set 822 flowDataOctetScale INTEGER, 823 flowDataRuleSet INTEGER, 825 flowDataToOctets Counter32, -- Source->Dest 826 flowDataToPDUs Counter32, 827 flowDataFromOctets Counter32, -- Dest->Source 828 flowDataFromPDUs Counter32, 829 flowDataFirstTime TimeTicks, -- Activity times 830 flowDataLastActiveTime TimeTicks, 832 flowDataSourceSubscriberID OCTET STRING, 833 flowDataDestSubscriberID OCTET STRING, 834 flowDataSessionID OCTET STRING, 836 flowDataSourceClass INTEGER, 837 flowDataDestClass INTEGER, 838 flowDataClass INTEGER, 839 flowDataSourceKind INTEGER, 840 flowDataDestKind INTEGER, 841 flowDataKind INTEGER 842 } 844 flowDataIndex OBJECT-TYPE 845 SYNTAX Integer32 846 MAX-ACCESS read-only 847 STATUS current 848 DESCRIPTION 849 "Value of this flow data record's index within the meter's 850 flow table. 851 The value 0 should be used as an initial value for SNMP 852 GetNext requests when performing a serial search of the flow 853 table 854 The value 1 should NOT be used; it is reserved as a special 855 end marker for the flowColumnActivityData variable." 856 ::= { flowDataEntry 1 } 858 flowDataStatus OBJECT-TYPE 859 SYNTAX INTEGER { inactive(1), current(2), idle(3) } 860 MAX-ACCESS read-only 861 STATUS current 862 DESCRIPTION 863 "Status of this flow data record." 864 ::= { flowDataEntry 2 } 866 flowDataSourceInterface OBJECT-TYPE 867 SYNTAX Integer32 868 MAX-ACCESS read-only 869 STATUS current 870 DESCRIPTION 871 "Index of the interface associated with the source address 872 for this flow. It's value is one of those contained in the 873 ifIndex field of the meter's interfaces table." 874 ::= { flowDataEntry 3 } 876 flowDataSourceAdjacentType OBJECT-TYPE 877 SYNTAX AddressType 878 MAX-ACCESS read-only 879 STATUS current 880 DESCRIPTION 881 "Adjacent address type of the source for this flow. If 882 accounting is being performed at the network level the 883 adjacent address will probably be an 802 MAC address, and 884 the adjacent address type will indicate the medium type." 885 ::= { flowDataEntry 4 } 887 flowDataSourceAdjacentAddress OBJECT-TYPE 888 SYNTAX AdjacentAddress 889 MAX-ACCESS read-only 890 STATUS current 891 DESCRIPTION 892 "Address of the adjacent device on the path for the source 893 for this flow." 894 ::= { flowDataEntry 5 } 896 flowDataSourceAdjacentMask OBJECT-TYPE 897 SYNTAX AdjacentAddress 898 MAX-ACCESS read-only 899 STATUS current 900 DESCRIPTION 901 "1-bits in this mask indicate which bits must match when 902 comparing the adjacent source address for this flow." 903 ::= { flowDataEntry 6 } 905 flowDataSourcePeerType OBJECT-TYPE 906 SYNTAX AddressType 907 MAX-ACCESS read-only 908 STATUS current 909 DESCRIPTION 910 "Peer address type of the source for this flow." 911 ::= { flowDataEntry 7 } 913 flowDataSourcePeerAddress OBJECT-TYPE 914 SYNTAX PeerAddress 915 MAX-ACCESS read-only 916 STATUS current 917 DESCRIPTION 918 "Address of the peer device for the source of this flow." 919 ::= { flowDataEntry 8 } 921 flowDataSourcePeerMask OBJECT-TYPE 922 SYNTAX PeerAddress 923 MAX-ACCESS read-only 924 STATUS current 925 DESCRIPTION 926 "1-bits in this mask indicate which bits must match when 927 comparing the source peer address for this flow." 928 ::= { flowDataEntry 9 } 930 flowDataSourceTransType OBJECT-TYPE 931 SYNTAX INTEGER (1..255) 932 MAX-ACCESS read-only 933 STATUS current 934 DESCRIPTION 935 "Transport address type of the source for this flow. The 936 value of this attribute will depend on the peer address type." 937 ::= { flowDataEntry 10 } 939 flowDataSourceTransAddress OBJECT-TYPE 940 SYNTAX TransportAddress 941 MAX-ACCESS read-only 942 STATUS current 943 DESCRIPTION 944 "Transport address for the source of this flow." 945 ::= { flowDataEntry 11 } 947 flowDataSourceTransMask OBJECT-TYPE 948 SYNTAX TransportAddress 949 MAX-ACCESS read-only 950 STATUS current 951 DESCRIPTION 952 "1-bits in this mask indicate which bits must match when 953 comparing the transport source address for this flow." 954 ::= { flowDataEntry 12 } 956 flowDataDestInterface OBJECT-TYPE 957 SYNTAX Integer32 958 MAX-ACCESS read-only 959 STATUS current 960 DESCRIPTION 961 "Index of the interface associated with the dest address for 962 this flow. This value is one of the values contained in the 963 ifIndex field of the interfaces table." 964 ::= { flowDataEntry 13 } 966 flowDataDestAdjacentType OBJECT-TYPE 967 SYNTAX AddressType 968 MAX-ACCESS read-only 969 STATUS current 970 DESCRIPTION 971 "Adjacent address type of the destination for this flow." 972 ::= { flowDataEntry 14 } 974 flowDataDestAdjacentAddress OBJECT-TYPE 975 SYNTAX AdjacentAddress 976 MAX-ACCESS read-only 977 STATUS current 978 DESCRIPTION 979 "Address of the adjacent device on the path for the 980 destination for this flow." 981 ::= { flowDataEntry 15 } 983 flowDataDestAdjacentMask OBJECT-TYPE 984 SYNTAX AdjacentAddress 985 MAX-ACCESS read-only 986 STATUS current 987 DESCRIPTION 988 "1-bits in this mask indicate which bits must match when 989 comparing the adjacent dest address for this flow." 990 ::= { flowDataEntry 16 } 992 flowDataDestPeerType OBJECT-TYPE 993 SYNTAX AddressType 994 MAX-ACCESS read-only 995 STATUS current 996 DESCRIPTION 997 "Peer address type of the destination for this flow." 998 ::= { flowDataEntry 17 } 1000 flowDataDestPeerAddress OBJECT-TYPE 1001 SYNTAX PeerAddress 1002 MAX-ACCESS read-only 1003 STATUS current 1004 DESCRIPTION 1005 "Address of the peer device for the destination of this flow." 1006 ::= { flowDataEntry 18 } 1008 flowDataDestPeerMask OBJECT-TYPE 1009 SYNTAX PeerAddress 1010 MAX-ACCESS read-only 1011 STATUS current 1012 DESCRIPTION 1013 "1-bits in this mask indicate which bits must match when 1014 comparing the dest peer type for this flow." 1015 ::= { flowDataEntry 19 } 1017 flowDataDestTransType OBJECT-TYPE 1018 SYNTAX INTEGER (1..255) 1019 MAX-ACCESS read-only 1020 STATUS current 1021 DESCRIPTION 1022 "Transport address type of the destination for this flow. The 1023 value of this attribute will depend on the peer address type." 1024 ::= { flowDataEntry 20 } 1026 flowDataDestTransAddress OBJECT-TYPE 1027 SYNTAX TransportAddress 1028 MAX-ACCESS read-only 1029 STATUS current 1030 DESCRIPTION 1031 "Transport address for the destination of this flow." 1032 ::= { flowDataEntry 21 } 1034 flowDataDestTransMask OBJECT-TYPE 1035 SYNTAX TransportAddress 1036 MAX-ACCESS read-only 1037 STATUS current 1038 DESCRIPTION 1039 "1-bits in this mask indicate which bits must match when 1040 comparing the transport destination address for this flow." 1041 ::= { flowDataEntry 22 } 1043 flowDataPDUScale OBJECT-TYPE 1044 SYNTAX INTEGER (1..255) 1045 MAX-ACCESS read-only 1046 STATUS current 1047 DESCRIPTION 1048 "The scale factor applied to this particular flow. Indicates 1049 the number of bits the PDU counter values should be moved left 1050 to obtain the actual values." 1051 ::= { flowDataEntry 23 } 1053 flowDataOctetScale OBJECT-TYPE 1054 SYNTAX INTEGER (1..255) 1055 MAX-ACCESS read-only 1056 STATUS current 1057 DESCRIPTION 1058 "The scale factor applied to this particular flow. Indicates 1059 the number of bits the octet counter values should be moved 1060 left to obtain the actual values." 1061 ::= { flowDataEntry 24 } 1063 flowDataRuleSet OBJECT-TYPE 1064 SYNTAX INTEGER (1..255) 1065 MAX-ACCESS read-only 1066 STATUS current 1067 DESCRIPTION 1068 "The RuleSet number of the rule set which created this flow." 1069 ::= { flowDataEntry 25 } 1071 flowDataToOctets OBJECT-TYPE 1072 SYNTAX Counter32 1073 MAX-ACCESS read-only 1074 STATUS current 1075 DESCRIPTION 1076 "The count of octets flowing from source to dest address and 1077 being delivered to the protocol level being metered. In the 1078 case of IP this would count the number of octets delivered to 1079 the IP level." 1080 ::= { flowDataEntry 26 } 1082 flowDataToPDUs OBJECT-TYPE 1083 SYNTAX Counter32 1084 MAX-ACCESS read-only 1085 STATUS current 1086 DESCRIPTION 1087 "The count of protocol packets flowing from source to dest 1088 address and being delivered to the protocol level being 1089 metered. In the case of IP, for example, this would count the 1090 IP packets delivered to the IP protocol level." 1091 ::= { flowDataEntry 27 } 1093 flowDataFromOctets OBJECT-TYPE 1094 SYNTAX Counter32 1095 MAX-ACCESS read-only 1096 STATUS current 1097 DESCRIPTION 1098 "The count of octets flowing from dest to source address and 1099 being delivered to the protocol level being metered." 1100 ::= { flowDataEntry 28 } 1102 flowDataFromPDUs OBJECT-TYPE 1103 SYNTAX Counter32 1104 MAX-ACCESS read-only 1105 STATUS current 1106 DESCRIPTION 1107 "The count of protocol packets flowing from dest to source 1108 address and being delivered to the protocol level being 1109 metered. In the case of IP, for example, this would count 1110 the IP packets delivered to the IP protocol level." 1111 ::= { flowDataEntry 29 } 1113 flowDataFirstTime OBJECT-TYPE 1114 SYNTAX TimeTicks 1115 MAX-ACCESS read-only 1116 STATUS current 1117 DESCRIPTION 1118 "The time at which this flow was first entered in the table" 1119 ::= { flowDataEntry 30 } 1121 flowDataLastActiveTime OBJECT-TYPE 1122 SYNTAX TimeTicks 1123 MAX-ACCESS read-only 1124 STATUS current 1125 DESCRIPTION 1126 "The last time this flow had activity, i.e. the time of 1127 arrival of the most recent PDU belonging to this flow." 1128 ::= { flowDataEntry 31 } 1130 flowDataSourceSubscriberID OBJECT-TYPE 1131 SYNTAX OCTET STRING (SIZE (4..20)) 1132 MAX-ACCESS read-only 1133 STATUS current 1134 DESCRIPTION 1135 "Subscriber ID associated with the source address for this 1136 flow." 1137 ::= { flowDataEntry 32 } 1139 flowDataDestSubscriberID OBJECT-TYPE 1140 SYNTAX OCTET STRING (SIZE (4..20)) 1141 MAX-ACCESS read-only 1142 STATUS current 1143 DESCRIPTION 1144 "Subscriber ID associated with the dest address for this 1145 flow." 1146 ::= { flowDataEntry 33 } 1148 flowDataSessionID OBJECT-TYPE 1149 SYNTAX OCTET STRING (SIZE (4..10)) 1150 MAX-ACCESS read-only 1151 STATUS current 1152 DESCRIPTION 1153 "Session ID for this flow. Such an ID might be allocated 1154 by a network access server to distinguish a series of sessions 1155 between the same pair of addresses, which would otherwise 1156 appear to be parts of the same accounting flow." 1157 ::= { flowDataEntry 34 } 1159 flowDataSourceClass OBJECT-TYPE 1160 SYNTAX INTEGER (1..255) 1161 MAX-ACCESS read-only 1162 STATUS current 1163 DESCRIPTION 1164 "Source class for this flow. Determined by the rules, set by 1165 a PushRule action when this flow was entered in the table." 1166 ::= { flowDataEntry 35 } 1168 flowDataDestClass OBJECT-TYPE 1169 SYNTAX INTEGER (1..255) 1170 MAX-ACCESS read-only 1171 STATUS current 1172 DESCRIPTION 1173 "Destination class for this flow. Determined by the rules, set 1174 by a PushRule action when this flow was entered in the table." 1175 ::= { flowDataEntry 36 } 1177 flowDataClass OBJECT-TYPE 1178 SYNTAX INTEGER (1..255) 1179 MAX-ACCESS read-only 1180 STATUS current 1181 DESCRIPTION 1182 "Class for this flow. Determined by the rules, set by a 1183 PushRule action when this flow was entered in the table." 1184 ::= { flowDataEntry 37 } 1186 flowDataSourceKind OBJECT-TYPE 1187 SYNTAX INTEGER (1..255) 1188 MAX-ACCESS read-only 1189 STATUS current 1190 DESCRIPTION 1191 "Source kind for this flow. Determined by the rules, set by 1192 a PushRule action when this flow was entered in the table." 1193 ::= { flowDataEntry 38 } 1195 flowDataDestKind OBJECT-TYPE 1196 SYNTAX INTEGER (1..255) 1197 MAX-ACCESS read-only 1198 STATUS current 1199 DESCRIPTION 1200 "Destination kind for this flow. Determined by the rules, set 1201 by a PushRule action when this flow was entered in the table." 1202 ::= { flowDataEntry 39 } 1204 flowDataKind OBJECT-TYPE 1205 SYNTAX INTEGER (1..255) 1206 MAX-ACCESS read-only 1207 STATUS current 1208 DESCRIPTION 1209 "Class for this flow. Determined by the rules, set by a 1210 PushRule action when this flow was entered in the table." 1211 ::= { flowDataEntry 40 } 1213 -- 1214 -- The Activity Table 1215 -- 1217 flowActivityTable OBJECT-TYPE 1218 SYNTAX SEQUENCE OF FlowActivityEntry 1219 MAX-ACCESS not-accessible 1220 STATUS current 1221 DESCRIPTION 1222 "Index into the Flow Table. This is the 'Collect Index' 1223 described in the 'Traffic Flow Measurement: Architecture' 1224 document [9]. It allows a meter reader to retrieve a list 1225 containing the flow table indexess for all flows wich were 1226 last active at or after a given time." 1227 ::= { flowData 2 } 1229 flowActivityEntry OBJECT-TYPE 1230 SYNTAX FlowActivityEntry 1231 MAX-ACCESS not-accessible 1232 STATUS current 1233 DESCRIPTION 1234 "The Activity Entry for a particular activity time and flow." 1235 INDEX { flowActivityTime, flowActivityIndex } 1236 ::= { flowActivityTable 1 } 1238 FlowActivityEntry ::= SEQUENCE { 1239 flowActivityTime TimeFilter, 1240 flowActivityIndex Integer32 1241 } 1243 flowActivityTime OBJECT-TYPE 1244 SYNTAX TimeFilter 1245 MAX-ACCESS read-only 1246 STATUS current 1247 DESCRIPTION 1248 "This variable is a copy of flowDataLastActiveTime in the 1249 flow data record identified by the flowActivityIndex value 1250 of this flowActivityTable entry." 1251 ::= { flowActivityEntry 1 } 1253 flowActivityIndex OBJECT-TYPE 1254 SYNTAX Integer32 1255 MAX-ACCESS read-only 1256 STATUS current 1257 DESCRIPTION 1258 "Index of a flow table entry which was active at or after a 1259 specified flowActivity time. This index may be used to 1260 retrieve attribute values for that flow data record." 1261 ::= { flowActivityEntry 2 } 1263 -- 1264 -- The Activity Column Table 1265 -- 1267 flowColumnActivityTable OBJECT-TYPE 1268 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1269 MAX-ACCESS not-accessible 1270 STATUS current 1271 DESCRIPTION 1272 "Index into the Flow Table. Allows a meter reader to retrieve 1273 a list containing the flow table indeces of flows which were 1274 last active at or after a given time, together with the values 1275 of a specified attribute for each such flow." 1276 ::= { flowData 3 } 1278 flowColumnActivityEntry OBJECT-TYPE 1279 SYNTAX FlowColumnActivityEntry 1280 MAX-ACCESS not-accessible 1281 STATUS current 1282 DESCRIPTION 1283 "The Column Activity Entry for a particular attribute, 1284 activity time and flow." 1285 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1286 flowColumnActivityIndex } 1288 ::= { flowColumnActivityTable 1 } 1290 FlowColumnActivityEntry ::= SEQUENCE { 1291 flowColumnActivityAttribute FlowAttributeNumber, 1292 flowColumnActivityTime TimeFilter, 1293 flowColumnActivityIndex Integer32, 1294 flowColumnActivityData OCTET STRING 1295 } 1297 flowColumnActivityAttribute OBJECT-TYPE 1298 SYNTAX FlowAttributeNumber 1299 MAX-ACCESS read-only 1300 STATUS current 1301 DESCRIPTION 1302 "Specifies the attribute for which values are required from 1303 active flows." 1304 ::= { flowColumnActivityEntry 1 } 1306 flowColumnActivityTime OBJECT-TYPE 1307 SYNTAX TimeFilter 1308 MAX-ACCESS read-only 1309 STATUS current 1310 DESCRIPTION 1311 "This variable is a copy of flowDataLastActiveTime in the 1312 flow data record identified by the flowColumnActivityIndex 1313 value of this flowColumnActivityTable entry." 1314 ::= { flowColumnActivityEntry 2 } 1316 flowColumnActivityIndex OBJECT-TYPE 1317 SYNTAX Integer32 1318 MAX-ACCESS read-only 1319 STATUS current 1320 DESCRIPTION 1321 "Index of a flow table entry which was active at or after 1322 a specified flowColumnActivityTime." 1323 ::= { flowColumnActivityEntry 3 } 1325 flowColumnActivityData OBJECT-TYPE 1326 SYNTAX OCTET STRING (SIZE (5..1000)) 1327 MAX-ACCESS read-only 1328 STATUS current 1329 DESCRIPTION 1330 "Collection of attribute data for flows active after 1331 flowColumnActivityTime. Within the OCTET STRING is a 1332 sequence of { flow index, attribute value } pairs, one for 1333 each active flow. The end of the sequence is marked by a 1334 flow index value of 0 if there are no more rows in this 1335 column, and 1 otherwise. 1337 The format of objects inside flowColumnFlowData is as follows. 1338 All numbers are unsigned. Numbers and strings appear with 1339 their high-order bytes leading. Numbers are fixed size, as 1340 specified by their SYNTAX in the flow table (above), i.e. one 1341 octet for flowAddressType and small constants, and four octets 1342 for Counter and Timeticks. Strings are variable-length, with 1343 the length given in a single leading octet. 1345 The following is an attempt at an ASN.1 definition of 1346 flowColumnActivityData: 1348 flowColumnActivityData ::= SEQUENCE { 1349 RowItems flowRowItemList, 1350 EndMarker INTEGER (0..1) -- 0 = No more rows 1351 } 1352 flowRowItemList ::= SEQUENCE OF flowRowItemEntry 1353 flowRowItemEntry ::= SEQUENCE { 1354 flowRowNumber INTEGER (1..65535), 1355 flowDataValue flowDataType -- Choice depends on attribute 1356 } 1357 flowDataType ::= CHOICE { 1358 flowByteValue INTEGER (1..255), 1359 flowShortValue INTEGER (1..65535), 1360 flowLongValue Integer32, 1361 flowStringValue OCTET STRING -- Length (n) in first byte, 1362 -- n+1 bytes total length, trailing zeroes truncated 1363 }" 1364 ::= { flowColumnActivityEntry 4 } 1366 -- 1367 -- The Rule Table 1368 -- 1370 -- This is an array of rule tables; the one in use is selected by 1371 -- CurrentRuleSet. To change the rule set the manager chooses a set 1372 -- number which is not in use, downloads the new rule set there, then 1373 -- writes the new set number into CurrentRuleSet. Rule set 1 is the 1374 -- default rule set, used by the meter on start-up. Several rule sets 1375 -- can be held in a meter so that the manager can change the rules 1376 -- easily, for example with time of day. Note that the manager may 1377 -- not change the default rule set, nor the rules in the current rule 1378 -- set! See the 'Traffic Flow Measurement: Architecture' document [9] 1379 -- for details of rules and how they are used. 1381 flowRuleTable OBJECT-TYPE 1382 SYNTAX SEQUENCE OF FlowRuleEntry 1383 MAX-ACCESS not-accessible 1384 STATUS current 1385 DESCRIPTION 1386 "Contains all the rule sets which may be used by the meter." 1387 ::= { flowRules 1 } 1389 flowRuleEntry OBJECT-TYPE 1390 SYNTAX FlowRuleEntry 1391 MAX-ACCESS not-accessible 1392 STATUS current 1393 DESCRIPTION 1394 "The rule record itself." 1395 INDEX { flowRuleSet, flowRuleIndex } 1396 ::= { flowRuleTable 1 } 1398 FlowRuleEntry ::= SEQUENCE { 1399 flowRuleSet INTEGER, 1400 flowRuleIndex INTEGER, 1401 flowRuleSelector RuleAttributeNumber, 1402 flowRuleMask RuleAddress, 1403 flowRuleMatchedValue RuleAddress, 1404 flowRuleAction ActionNumber, 1405 flowRuleParameter Integer32 1406 } 1408 flowRuleSet OBJECT-TYPE 1409 SYNTAX INTEGER (1..255) 1410 MAX-ACCESS not-accessible 1411 STATUS current 1412 DESCRIPTION 1413 "Selects a rule set from the array of rule sets." 1414 ::= { flowRuleEntry 1 } 1416 flowRuleIndex OBJECT-TYPE 1417 SYNTAX INTEGER (1..65535) 1418 MAX-ACCESS not-accessible 1419 STATUS current 1420 DESCRIPTION 1421 "The index into the Rule table. N.B: These values will 1422 often be consecutive, given the fall-through semantics of 1423 processing the table." 1424 ::= { flowRuleEntry 2 } 1426 flowRuleSelector OBJECT-TYPE 1427 SYNTAX RuleAttributeNumber 1428 MAX-ACCESS read-create 1429 STATUS current 1430 DESCRIPTION 1431 "Defines the source of the value to match. 1433 null(0) is a special case; null rules always succeed. 1435 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1436 variables, each of which can hold the name (i.e. selector 1437 value) of an address attribute. When one of these is used 1438 as a selector, its value specifies the attribute to be 1439 tested. Variable values are set by an Assign action." 1441 ::= { flowRuleEntry 3 } 1443 flowRuleMask OBJECT-TYPE 1444 SYNTAX RuleAddress 1445 MAX-ACCESS read-create 1446 STATUS current 1447 DESCRIPTION 1448 "The initial mask used to compute the desired value. If the 1449 mask is zero the rule's test will always succeed." 1450 ::= { flowRuleEntry 4 } 1452 flowRuleMatchedValue OBJECT-TYPE 1453 SYNTAX RuleAddress 1454 MAX-ACCESS read-create 1455 STATUS current 1456 DESCRIPTION 1457 "The resulting value to be matched for equality. 1458 Specifically, if the attribute chosen by the flowRuleSelector 1459 logically ANDed with the mask specified by the flowRuleMask 1460 equals the value specified in the flowRuleMatchedValue, then 1461 continue processing the table entry based on the action 1462 specified by the flowRuleAction entry. Otherwise, proceed to 1463 the next entry in the rule table." 1464 ::= { flowRuleEntry 5 } 1466 flowRuleAction OBJECT-TYPE 1467 SYNTAX ActionNumber 1468 MAX-ACCESS read-create 1469 STATUS current 1470 DESCRIPTION 1471 "The action to be taken if this rule's test succeeds, or if 1472 the meter's 'test' flag is off. Actions are opcodes for the 1473 meter's Packet Matching Engine; details are given in the 1474 'Traffic Flow Measurement: Architecture' document [9]." 1475 ::= { flowRuleEntry 6 } 1477 flowRuleParameter OBJECT-TYPE 1478 SYNTAX Integer32 1479 MAX-ACCESS read-create 1480 STATUS current 1481 DESCRIPTION 1482 "A parameter value providing extra information for the 1483 rule's action." 1484 ::= { flowRuleEntry 7 } 1486 -- 1487 -- Accounting Meter conformance statement 1488 -- 1490 flowMIBCompliances 1491 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1493 flowMIBGroups 1494 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1496 flowControlGroup OBJECT-GROUP 1497 OBJECTS { 1498 flowRuleInfoSize, flowRuleInfoOwner, 1499 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1500 flowInterfaceRate, 1501 flowInterfaceLostPackets, 1502 flowReaderOwner, 1503 flowReaderLastTime, flowReaderPreviousTime, 1504 flowLastReadTime, 1505 flowCurrentRuleSet, 1506 flowStandbyRuleSet, 1507 flowHighWaterMark, 1508 flowFloodMark, 1509 flowInactivityTimeout, 1510 flowActiveFlows, 1511 flowMaxFlows } 1512 STATUS current 1513 DESCRIPTION 1514 "The control group defines objects which are used to control 1515 an accounting meter." 1516 ::= {flowMIBGroups 1 } 1518 flowDataTableGroup OBJECT-GROUP 1519 OBJECTS { 1520 flowDataIndex, 1521 flowDataStatus, 1522 flowDataSourceInterface, 1523 flowDataSourceAdjacentType, 1524 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 1525 flowDataSourcePeerType, 1526 flowDataSourcePeerAddress, flowDataSourcePeerMask, 1527 flowDataSourceTransType, 1528 flowDataSourceTransAddress, flowDataSourceTransMask, 1529 flowDataDestInterface, 1530 flowDataDestAdjacentType, 1531 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 1532 flowDataDestPeerType, 1533 flowDataDestPeerAddress, flowDataDestPeerMask, 1534 flowDataDestTransType, 1535 flowDataDestTransAddress, flowDataDestTransMask, 1536 flowDataRuleSet, 1537 flowDataToOctets, flowDataToPDUs, 1538 flowDataFromOctets, flowDataFromPDUs, 1539 flowDataFirstTime, flowDataLastActiveTime, 1540 flowDataSourceClass, flowDataDestClass, flowDataClass, 1541 flowDataSourceKind, flowDataDestKind, flowDataKind, 1542 flowActivityTime, flowActivityIndex 1543 } 1544 STATUS current 1545 DESCRIPTION 1546 "The flow table group defines objects which provide the 1547 structure for the rule table, including the creation time 1548 and activity time indexes into it. In addition it defines 1549 objects which provide a base set of flow attributes for the 1550 adjacent, peer and transport layers, together with a flow's 1551 counters and times. Finally it defines a flow's class and 1552 kind attributes, which are set by rule actions." 1553 ::= {flowMIBGroups 2 } 1555 flowDataScaleGroup OBJECT-GROUP 1556 OBJECTS { 1557 flowDataPDUScale, flowDataOctetScale 1558 } 1559 STATUS current 1560 DESCRIPTION 1561 "The flow scale group defines objects which specify scale 1562 factors for counters." 1563 ::= {flowMIBGroups 3 } 1565 flowDataSubscriberGroup OBJECT-GROUP 1566 OBJECTS { 1567 flowDataSourceSubscriberID, flowDataDestSubscriberID, 1568 flowDataSessionID 1569 } 1570 STATUS current 1571 DESCRIPTION 1572 "The flow subscriber group defines objects which may be used 1573 to identify the end point(s) of a flow." 1574 ::= {flowMIBGroups 4 } 1576 flowDataColumnTableGroup OBJECT-GROUP 1577 OBJECTS { 1578 flowColumnActivityAttribute, 1579 flowColumnActivityTime, 1580 flowColumnActivityIndex, 1581 flowColumnActivityData 1582 } 1583 STATUS current 1584 DESCRIPTION 1585 "The flow column table group defines objects which can be used 1586 to collect part of a column of attribute values from the flow 1587 table." 1588 ::= {flowMIBGroups 5 } 1590 flowRuleTableGroup OBJECT-GROUP 1591 OBJECTS { 1592 flowRuleSelector, 1593 flowRuleMask, flowRuleMatchedValue, 1594 flowRuleAction, flowRuleParameter 1595 } 1596 STATUS current 1597 DESCRIPTION 1598 "The rule table group defines objects which hold the set(s) 1599 of rules specifying which traffic flows are to be accounted 1600 for." 1601 ::= {flowMIBGroups 6 } 1603 flowMIBCompliance MODULE-COMPLIANCE 1604 STATUS current 1605 DESCRIPTION 1606 "The compliance statement for a Traffic Flow Meter." 1607 MODULE 1608 MANDATORY-GROUPS { 1609 flowControlGroup, 1610 flowDataTableGroup, 1611 flowRuleTableGroup 1612 } 1613 ::= { flowMIBCompliances 1 } 1615 END 1617 5 Acknowledgements 1619 An early draft of this document was produced under the auspices of the 1620 IETF's Accounting Working Group with assistance from SNMP and SAAG 1621 working groups. Particular thanks are due to Jim Barnes, Sig Handelman 1622 and Stephen Stibler for their support and their assistance with checking 1623 the MIB. 1625 6 References 1627 [1] McCloghrie, K., and Rose, M., Editors, "Management 1628 Information Base for Network Management of TCP/IP-based 1629 internets," RFC 1213, Performance Systems International, March 1630 1991. 1632 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 1633 "Structure of Management Information for version 2 of the 1634 Simple Network Managemenet Protocol," RFC 1442, SNMP Research 1635 Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie 1636 Mellon University, April 1993. 1638 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 1639 "Textual Conventions for version 2 of the Simple Network 1640 Managemenet Protocol SNMPv2", RFC 1443, SNMP Research Inc., 1641 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 1642 University, April 1993. 1644 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 1645 "Conformance Statements for version 2 of the Simple Network 1646 Managemenet Protocol (SNMPv2)," RFC 1444, SNMP Research Inc., 1647 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 1648 University, April 1993. 1650 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 1651 "Coexistence between version 1 and version 2 of the 1652 Internet-standard Network Management Framework," RFC 1452, SNMP 1653 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 1654 Carnegie Mellon University, April 1993. 1656 [6] Information processing systems - Open Systems 1657 Interconnection - Specification of Abstract Syntax Notation One 1658 (ASN.1), International Organization for Standardization, 1659 International Standard 8824, December 1987. 1661 [7] Information processing systems - Open Systems 1662 Interconnection - Specification of Basic Encoding Rules for 1663 Abstract Notation One (ASN.1), International Organization for 1664 Standardization, International Standard 8825, December 1987. 1666 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 1667 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 1668 Technology Corporation, November 1991. 1670 [9] Brownlee, N., Mills, C., and Ruth, G., "Traffic Flow 1671 Measurement: Architecture," Internet Draft (work in progress), 1672 The University of Auckland, Bolt Beranek and Newman Inc., GTE 1673 Laboratories, Inc, February 1995. 1675 [10] Case, J., "FDDI Management Information Base," RFC 1285, 1676 SNMP Research Incorporated, January 1992. 1678 [11] Waldbusser, S., "Remote Network Monitoring Management 1679 Information Base, Version 2," Internet Draft (work in 1680 progress). 1682 7 Security Considerations 1684 Security issues are not discussed in this document. 1686 8 Author's Address 1688 Nevil Brownlee 1689 Computer Centre 1690 The University of Auckland 1692 Phone: +64 9 373 7599 x8941 1693 E-mail: n.brownlee @auckland.ac.nz