idnits 2.17.1 draft-ietf-rtfm-meter-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1630 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 1997) is 9903 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1902 (ref. '2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '3') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '4') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1908 (ref. '5') (Obsoleted by RFC 2576) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') ** Obsolete normative reference: RFC 2063 (ref. '9') (Obsoleted by RFC 2722) ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 1884 (ref. '13') (Obsoleted by RFC 2373) Summary: 18 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Nevil Brownlee 3 INTERNET-DRAFT The University of Auckland 4 Expire in six months March 1997 6 Traffic Flow Measurement: Meter MIB 8 10 Status of this Memo 12 This document is an Internet Draft. Internet Drafts are working 13 documents of the Internet Engineering Task Force (IETF), its Areas, and 14 its Working Groups. Note that other groups may also distribute working 15 documents as Internet Drafts. This Internet Draft is a product of the 16 Realtime Traffic Flow Measurement Working Group of the IETF. 18 Internet Drafts are draft documents valid for a maximum of six months. 19 Internet Drafts may be updated, replaced, or obsoleted by other 20 documents at any time. It is not appropriate to use Internet Drafts as 21 reference material or to cite them other than as a "working draft" or 22 "work in progress." 24 Please check the I-D abstract listing contained in the internet-drafts 25 Shadow Directories on nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, 26 ftp.nisc.sri.com or munnari.oz.au to learn the current status of this or 27 any other Internet Draft. 29 Abstract 31 This memo defines a portion of the Management Information Base (MIB) for 32 use with network management protocols in TCP/IP-based internets. In 33 particular, this memo defines managed objects used for obtaining traffic 34 flow information from network traffic meters. 36 Contents 38 1 Introduction 2 40 2 The Network Management Framework 2 42 3 Objects 3 43 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 3 45 4 Overview 3 46 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . . 4 47 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 4 49 5 Definitions 6 51 6 Acknowledgements 40 53 7 References 41 55 8 Security Considerations 42 57 9 Author's Address 43 59 1 Introduction 61 This memo defines a portion of the Management Information Base (MIB) for 62 use with network management protocols in the Internet community. In 63 particular, it describes managed objects for managing and collecting 64 data from network Realtime Traffic Flow Meters, as described in [9] 66 2 The Network Management Framework 68 The Internet-standard Network Management Framework consists of three 69 components. They are: 71 RFC 1155 defines the SMI, the mechanisms used for describing 72 and naming objects for the purpose of management. RFC 1212 73 defines a more concise description mechanism, which is wholly 74 consistent with the SMI. 76 RFC 1156 defines MIB-I, the core set of managed objects for the 77 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 78 evolution of MIB-I based on implementation experience and new 79 operational requirements. 81 RFC 1157 defines the SNMP, the protocol used for network access 82 to managed objects. 84 RFC 1902 [2] defines the SMI for version 2 of the Simple 85 Network Management Protocol. 87 RFCs 1903 and 1904 [3,4] define Textual Conventions and 88 Conformance Statements for version 2 of the Simple Network 89 Management Protocol. 91 RFC 1908 [5] describes how versions 1 and 2 of the Simple 92 Network Management Protocol should coexist. 94 The Framework permits new objects to be defined for the purpose of 95 experimentation and evaluation. 97 3 Objects 99 Managed objects are accessed via a virtual information store, termed the 100 Management Information Base or MIB. Objects in the MIB are defined using 101 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 102 SMI. In particular, each object has a name, a syntax, and an encoding. 103 The name is an object identifier, an administratively assigned name, 104 which specifies an object type. The object type together with an object 105 instance serves to uniquely identify a specific instantiation of the 106 object. For human convenience, we often use a textual string, termed 107 the OBJECT DESCRIPTOR, to also refer to the object type. 109 The syntax of an object type defines the abstract data structure 110 corresponding to that object type. The ASN.1 language is used for this 111 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 112 which may be used. These restrictions are explicitly made for 113 simplicity. 115 The encoding of an object type is simply how that object type is 116 represented using the object type's syntax. Implicitly tied to the 117 notion of an object type's syntax and encoding is how the object type is 118 represented when being transmitted on the network. 120 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 121 subject to the additional requirements imposed by the SNMP. 123 3.1 Format of Definitions 125 Section 4 contains contains the specification of all object types 126 contained in this MIB module. These object types are defined using the 127 conventions defined in [2] and [3]. 129 4 Overview 131 Traffic Flow Measurement seeks to provide a well-defined method for 132 gathering traffic flow information from networks and internetworks. The 133 background for this is given in "Traffic Flow Measurement: Background" 134 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 135 produced a measurement architecture to achieve it; this is documented in 136 "Traffic Flow Measurement: Architecture" [9]. The architecture defines 137 three entities: 139 - METERS, which observe network traffic flows and build up a table of 140 flow data records for them, 142 - METER READERS, which collect traffic flow data from meters, and 144 - MANAGERS, which oversee the operation of meters and meter readers. 146 This memo defines the SNMP management information for a Traffic Flow 147 Meter (TFM). It documents the earlier work of the Internet Accounting 148 Working Group, and is intended to provide a starting point for the 149 Realtime Traffic Flow Measurement Working Group. 151 4.1 Scope of Definitions, Textual Conventions 153 All objects defined in this memo are registered in a single subtree 154 within the mib-2 namespace [1,2], and are for use in network devices 155 which may perform a PDU forwarding or monitoring function. For these 156 devices, the value of the ifSpecific variable in the MIB-II [1] has the 157 OBJECT IDENTIFIER value: 159 flowMIB OBJECT IDENTIFIER ::= mib-2 40 161 as defined below. 163 The RTFM Meter MIB was first produced and tested using SNMPv1. It has 164 been converted into SNMPv2 following the guidelines in RFC 1452 [5]. 166 4.2 Usage of the MIB variables 168 The MIB breaks into four parts - control, flows, rules and conformance 169 statements. 171 The rules implement the minumum set of packet-matching actions, as set 172 out in the "Traffic Flow Measurment: Architecture" document [9]. In 173 addition they provide for BASIC-style subroutines, allowing a network 174 manager to dramatically reduce the number of rules required to monitor a 175 large network. 177 Traffic flows are identified by a set of attributes for each of their 178 end-points. Attributes include network addresses for each layer of the 179 network protocol stack, and 'subscriber ids,' which may be used to 180 identify an accountable entity for the flow. 182 The conformance statements are set out as defined in [4]. They explain 183 what must be implemented in a meter which claims to conform to this MIB. 185 To retrieve flow data one could simply do a linear scan of the flow 186 table. This would certainly work, but would require a lot of protocol 187 exchanges. To reduce the overhead in retrieving flow data the flow 188 table uses a TimeFilter variable, defined as a Textual Convention in the 189 RMON2 MIB [10]. This, when used together with SNMPv2's GetBulk request, 190 allows a meter reader to scan the flow table and upload a specified set 191 of flow attributes for those rows which have changed since the last 192 reading. 194 As an alternative method of reading flow data, the MIB provides an index 195 into the flow table called flowColumnActivityTable. This is (logically) 196 a three-dimensional array, subscripted by flow attribute, activity time 197 and starting flow number. It allows a meter reader to retrieve (in an 198 octet string) data for a column of the flow table with a minimum of SNMP 199 overhead. An attempt has been made to include a full ASN.1 definition 200 of the flowColumnActivityData object. 202 One aspect of data collection which needs emphasis is that all the MIB 203 variables are set up to allow multiple independent meter readers to work 204 properly, i.e. the flow table indexes are stateless. An alternative 205 approach would have been to 'snapshot' the flow table, which would mean 206 that the meter readers would have to be synchronized. The stateless 207 approach does mean that two meter readers will never return exactly the 208 same set of traffic counts, but over long periods (e.g. 15-minute 209 collections over a day) the discrepancies are acceptable. If one really 210 needs a snapshot, this can be achieved by switching to an identical rule 211 set with a different RuleSet number, hence asynchronous collections may 212 be regarded as a useful generalisation of synchronised ones. 214 The control variables are the minimum set required for a meter reader. 215 Their number has been whittled down as experience has been gained with 216 the MIB implementation. A few of them are 'general,' i.e. they control 217 the overall behaviour of the meter. These are set by a single 'master' 218 manager, and no other manager should attempt to change their values. 219 The decision as to which manager is the 'master' must be made by the 220 network operations personnel responsible; this MIB does not attempt to 221 define any interaction between managers. 223 There are three other groups of control groups, arranged into tables in 224 the same way as in the RMON2 MIB [10]. They are used as follows: 226 - RULE SET INFO: Before attempting to download a RuleSet, a manager 227 must create a row in the flowRuleSetInfoTable with 228 flowRuleInfoStatus set to 'createAndWait' and set flowRuleInfoSize 229 to a value large enough to hold the RuleSet. When the rule set is 230 ready the manager must set flowRuleInfoStatus to 'active,' 231 indicating that the rule set is ready for use (but not yet 232 'running'). 234 - METER READER INFO: Any meter reader wishing to collect data 235 reliably for all flows should first create a row in the 236 flowReaderInfoTable with flowReaderStatus set to 'active.' It 237 should write that row's flowReaderLastTime object each time it 238 starts a collection pass through the flow table. The meter will 239 not recover a flow's memory until every meter reader holding a row 240 in this table has collected that flow's data. 242 - MANAGER INFO: Any manager wishing to run a rule set in the meter 243 must create a row in the flowManagerInfo table designating the rule 244 set as either a 'current' or a 'standby' rule set, and set the 245 row's flowManagerStatus variable to 'active.' 247 5 Definitions 249 FLOW-METER-MIB DEFINITIONS ::= BEGIN 251 IMPORTS 252 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 253 FROM SNMPv2-SMI 254 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 255 FROM SNMPv2-TC 256 OBJECT-GROUP, MODULE-COMPLIANCE 257 FROM SNMPv2-CONF 258 mib-2, ifIndex 259 FROM RFC1213-MIB 260 TimeFilter, OwnerString 261 FROM RMON-MIB; 263 flowMIB MODULE-IDENTITY 264 LAST-UPDATED "9703111620Z" 265 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 266 CONTACT-INFO 267 "Nevil Brownlee, The University of Auckland 269 Postal: Information Technology Sytems & Services 270 The University of Auckland 271 Private Bag 92-019 272 Auckland, New Zealand 274 Phone: +64 9 373 7599 x8941 275 E-mail: n.brownlee@auckland.ac.nz" 276 DESCRIPTION 277 "MIB for the RTFM Traffic Flow Meter." 278 ::= { mib-2 40 } 280 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 282 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 284 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 286 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 288 -- Textual Conventions 290 MediumType ::= TEXTUAL-CONVENTION 291 STATUS current 292 DESCRIPTION 293 "Specifies the type of a MediumAddress (see below). The 294 values used for IEEE 802 media are from the 'Network 295 Management Parameters (ifType definitions)' section of the 296 Assigned Numbers RFC [11]." 297 SYNTAX INTEGER { 298 ethernet(7), 299 tokenring(9), 300 fddi(15) } 302 MediumAddress ::= TEXTUAL-CONVENTION 303 STATUS current 304 DESCRIPTION 305 "Specifies the value of a Medium Access Control (MAC) address. 306 Address format depends on the actual Medium, as follows: 308 Ethernet: ethernet(7) 309 6-octet 802.3 MAC address in 'canonical' order 311 Token Ring: tokenring(9) 312 6-octet 802.5 MAC address in 'canonical' order 314 FDDI: fddi(15) 315 FddiMACLongAddress, i.e. a 6-octet MAC address 316 in 'canonical' order (defined in the FDDI MIB [12]) 317 " 318 SYNTAX OCTET STRING (SIZE (6..20)) 320 PeerType ::= TEXTUAL-CONVENTION 321 STATUS current 322 DESCRIPTION 323 "Indicates the type of a PeerAddress (see below). The values 324 used are from the 'Address Family Numbers' section of the 325 Assigned Numbers RFC [11]." 326 SYNTAX INTEGER { 327 ipv4(1), 328 ipv6(2), 329 nsap(3), 330 ipx(11), 331 appletalk(12), 332 decnet(13) } 334 PeerAddress ::= TEXTUAL-CONVENTION 335 STATUS current 336 DESCRIPTION 337 "Specifies the value of a peer address for various network 338 protocols. Address format depends on the actual protocol, 339 as indicated below: 341 IPv4: ipv4(1) 342 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 344 IPv6: ipv6(2) 345 16-octet IpAddress (defined in the 346 IPv6 Addressing RFC [13]) 348 CLNS: nsap(3) 349 NsapAddress (defined in the SNMPv2 SMI [2]) 351 Novell: ipx(11) 352 4-octet Network number, 353 6-octet Host number (MAC address) 355 AppleTalk: appletalk(12) 356 2-octet Network number (sixteen bits), 357 1-octet Host number (eight bits) 359 DECnet: decnet(13) 360 1-octet Area number (in low-order six bits), 361 2-octet Host number (in low-order ten bits) 362 " 363 SYNTAX OCTET STRING (SIZE (3..20)) 365 AdjacentType ::= TEXTUAL-CONVENTION 366 STATUS current 367 DESCRIPTION 368 "Indicates the type of an adjacent address. 369 Is a superset of MediumType and PeerType." 371 SYNTAX INTEGER { 372 ip(1), 373 nsap(3), 374 ethernet(7), 375 tokenring(9), 376 ipx(11), 377 appletalk(12), 378 decnet(13), 379 fddi(15) } 381 AdjacentAddress ::= TEXTUAL-CONVENTION 382 STATUS current 383 DESCRIPTION 384 "Specifies the value of an adjacent address. 385 Is a superset of MediumAddress and PeerAddress." 386 SYNTAX OCTET STRING (SIZE (3..20)) 388 TransportType ::= TEXTUAL-CONVENTION 389 STATUS current 390 DESCRIPTION 391 "Indicates the type of a TransportAddress (see below). Values 392 will depend on the actual protocol; for IP they will be those 393 given in the 'Protocol Numbers' section of the Assigned Numbers 394 RFC [11], including icmp(1), tcp(6) and udp(17)." 395 SYNTAX INTEGER (1..255) 397 TransportAddress ::= TEXTUAL-CONVENTION 398 STATUS current 399 DESCRIPTION 400 "Specifies the value of a transport address for various 401 network protocols. Format as follows: 403 IP: 404 2-octet UDP or TCP port number 406 Other protocols: 407 2-octet port number 408 " 409 SYNTAX OCTET STRING (SIZE (2)) 411 RuleAddress ::= TEXTUAL-CONVENTION 412 STATUS current 413 DESCRIPTION 414 "Specifies the value of an address. Is a superset of 415 MediumAddress, PeerAddress and TransportAddress." 416 SYNTAX OCTET STRING (SIZE (2..20)) 418 FlowAttributeNumber ::= TEXTUAL-CONVENTION 419 STATUS current 420 DESCRIPTION 421 "Uniquely identifies an attribute within a flow data record." 423 SYNTAX INTEGER { 424 flowIndex(1), 425 flowStatus(2), 426 flowTimeMark(3), 428 sourceInterface(4), 429 sourceAdjacentType(5), 430 sourceAdjacentAddress(6), 431 sourceAdjacentMask(7), 432 sourcePeerType(8), 433 sourcePeerAddress(9), 434 sourcePeerMask(10), 435 sourceTransType(11), 436 sourceTransAddress(12), 437 sourceTransMask(13), 439 destInterface(14), 440 destAdjacentType(15), 441 destAdjacentAddress(16), 442 destAdjacentMask(17), 443 destPeerType(18), 444 destPeerAddress(19), 445 destPeerMask(20), 446 destTransType(21), 447 destTransAddress(22), 448 destTransMask(23), 450 pduScale(24), 451 octetScale(25), 453 ruleSet(26), 454 toOctets(27), -- Source-to-Dest 455 toPDUs(28), 456 fromOctets(29), -- Dest-to-Source 457 fromPDUs(30), 458 firstTime(31), -- Activity times 459 lastActiveTime(32), 461 sourceSubscriberID(33), -- Subscriber ID 462 destSubscriberID(34), 463 sessionID(35), 465 sourceClass(36), -- Computed attributes 466 destClass(37), 467 flowClass(38), 468 sourceKind(39), 469 destKind(40), 470 flowKind(41) } 472 RuleAttributeNumber ::= TEXTUAL-CONVENTION 473 STATUS current 474 DESCRIPTION 475 "Uniquely identifies an attribute which may be tested in 476 a rule. These include attributes whose values come directly 477 from (or are computed from) the flow's packets, and the five 478 'meter' variables used to hold an AttributeValue." 479 SYNTAX INTEGER { 480 null(0), 481 sourceInterface(4), -- Source Address 482 sourceAdjacentType(5), 483 sourceAdjacentAddress(6), 484 sourcePeerType(8), 485 sourcePeerAddress(9), 486 sourceTransType(11), 487 sourceTransAddress(12), 489 destInterface(14), -- Dest Address 490 destAdjacentType(15), 491 destAdjacentAddress(16), 492 destPeerType(18), 493 destPeerAddress(19), 494 destTransType(21), 495 destTransAddress(22), 497 sourceSubscriberID(33), -- Subscriber ID 498 destSubscriberID(34), 499 sessionID(35), 501 sourceClass(36), -- Computed attributes 502 destClass(37), 503 flowClass(38), 504 sourceKind(39), 505 destKind(40), 506 flowKind(41), 508 matchingStoD(50), -- Packet matching 510 v1(51), -- Meter variables 511 v2(52), 512 v3(53), 513 v4(54), 514 v5(55) } 516 ActionNumber ::= TEXTUAL-CONVENTION 517 STATUS current 518 DESCRIPTION 519 "Uniquely identifies the action of a rule, i.e. the Pattern 520 Matching Engine's opcode number. Details of the opcodes 521 are given in the 'Traffic Flow Measurement: Architecture' 522 document [9]." 523 SYNTAX INTEGER { 524 ignore(1), 525 fail(2), 526 count(3), 527 countPkt(4), 528 return(5), 529 gosub(6), 530 gosubAct(7), 531 assign(8), 532 assignAct(9), 533 goto(10), 534 gotoAct(11), 535 pushRuleTo(12), 536 pushRuleToAct(13), 537 pushPktTo(14), 538 pushPktToAct(15) } 540 -- 541 -- Control Group: Rule Set Info Table 542 -- 544 flowRuleSetInfoTable OBJECT-TYPE 545 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 546 MAX-ACCESS not-accessible 547 STATUS current 548 DESCRIPTION 549 "An array of information about the rule sets held in the 550 meter. 552 Any manager may configure a new rule set for the meter by 553 creating a row in this table with status active(1), and setting 554 values for all the objects in its rules. At this stage the new 555 rule set is available but not 'running,' i.e. it is not being 556 used by the meter to produce entries in the flow table. 558 To actually 'run' a rule set a manager must create a row in 559 the flowManagerInfoTable, set it's flowManagerStatus to 560 active(1), and set either its CurrentRuleSet or StandbyRuleSet 561 to point to the rule set to be run. 563 Once a rule set is running a manager may not change any of the 564 objects within the rule set itself. 566 Any manager may stop a rule set running by removing all 567 references to it in the flowManagerInfoTable (i.e. by setting 568 CurrentRuleSet and StandbyRuleSet values to 0). This provides a 569 way to stop rule sets left running if a manager fails." 570 ::= { flowControl 1 } 572 flowRuleSetInfoEntry OBJECT-TYPE 573 SYNTAX FlowRuleSetInfoEntry 574 MAX-ACCESS not-accessible 575 STATUS current 576 DESCRIPTION 577 "Information about a particular rule set." 578 INDEX { flowRuleInfoIndex } 579 ::= { flowRuleSetInfoTable 1 } 581 FlowRuleSetInfoEntry ::= SEQUENCE { 582 flowRuleInfoIndex Integer32, 583 flowRuleInfoSize Integer32, 584 flowRuleInfoOwner OwnerString, 585 flowRuleInfoTimeStamp TimeStamp, 586 flowRuleInfoStatus RowStatus, 587 flowRuleInfoName OCTET STRING, 588 flowRuleInfoRulesReady TruthValue, 589 flowRuleInfoFlowRecords Integer32 590 } 592 flowRuleInfoIndex OBJECT-TYPE 593 SYNTAX Integer32 594 MAX-ACCESS not-accessible 595 STATUS current 596 DESCRIPTION 597 "An index which selects an entry in the flowRuleSetInfoTable. 598 Each such entry contains control information for a particular 599 rule set which the meter may run." 600 ::= { flowRuleSetInfoEntry 1 } 602 flowRuleInfoSize OBJECT-TYPE 603 SYNTAX Integer32 604 MAX-ACCESS read-create 605 STATUS current 606 DESCRIPTION 607 "Number of rules in this rule set. Setting this variable will 608 cause the meter to allocate space for these rules." 609 ::= { flowRuleSetInfoEntry 2 } 611 flowRuleInfoOwner OBJECT-TYPE 612 SYNTAX OwnerString 613 MAX-ACCESS read-create 614 STATUS current 615 DESCRIPTION 616 "Identifies the manager which 'owns' this rule set. A manager 617 must set this variable when creating a row in this table." 618 ::= { flowRuleSetInfoEntry 3 } 620 flowRuleInfoTimeStamp OBJECT-TYPE 621 SYNTAX TimeStamp 622 MAX-ACCESS read-only 623 STATUS current 624 DESCRIPTION 625 "Time this row's associated rule set was last changed." 627 ::= { flowRuleSetInfoEntry 4 } 629 flowRuleInfoStatus OBJECT-TYPE 630 SYNTAX RowStatus 631 MAX-ACCESS read-create 632 STATUS current 633 DESCRIPTION 634 "The status of this flowRuleSetInfoEntry. If this value is 635 not active(1) the meter must not attempt to use this row's 636 associated rule set. Once its value has been set to active(1) 637 a manager may change any of this row's variables except 638 flowRuleInfoOwner and flowRuleInfoTimeStamp." 639 ::= { flowRuleSetInfoEntry 5 } 641 flowRuleInfoName OBJECT-TYPE 642 SYNTAX OCTET STRING 643 MAX-ACCESS read-create 644 STATUS current 645 DESCRIPTION 646 "An alphanumeric identifier used by managers and readers to 647 identify a rule set. For example, a manager wishing to run a 648 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 649 to see whether the WWW-FLOWS rule set is already available on 650 the meter. 652 Note that references to rule sets in the flowManagerInfoTable 653 use indexes for their flowRuleSetInfoTable entries. These may 654 be different each time the rule set is loaded into a meter." 655 ::= { flowRuleSetInfoEntry 6 } 657 flowRuleRulesReady OBJECT-TYPE 658 SYNTAX TruthValue 659 MAX-ACCESS read-create 660 STATUS current 661 DESCRIPTION 662 "Indicates whether the rules for this row's associated rule set 663 are ready for use. The meter will refuse to 'run' the rule set 664 unless this variable has been set to true(1)." 665 ::= { flowRuleSetInfoEntry 7 } 667 flowRuleInfoFlowRecords OBJECT-TYPE 668 SYNTAX Integer32 669 MAX-ACCESS read-only 670 STATUS current 671 DESCRIPTION 672 "The number of entries in the flow table for this rule set. 673 These may be current (waiting for collection by one or more 674 meter readers) or idle (waiting for the meter to recover 675 their memory)." 676 ::= { flowRuleSetInfoEntry 8 } 678 -- 679 -- Control Group: Interface Info Table 680 -- 682 flowInterfaceTable OBJECT-TYPE 683 SYNTAX SEQUENCE OF FlowInterfaceEntry 684 MAX-ACCESS not-accessible 685 STATUS current 686 DESCRIPTION 687 "An array of information specific to each meter interface." 688 ::= { flowControl 2 } 690 flowInterfaceEntry OBJECT-TYPE 691 SYNTAX FlowInterfaceEntry 692 MAX-ACCESS not-accessible 693 STATUS current 694 DESCRIPTION 695 "Information about a particular interface." 696 INDEX { ifIndex } 697 ::= { flowInterfaceTable 1 } 699 FlowInterfaceEntry ::= SEQUENCE { 700 flowInterfaceSampleRate Integer32, 701 flowInterfaceLostPackets Counter32 702 } 704 flowInterfaceSampleRate OBJECT-TYPE 705 SYNTAX Integer32 706 MAX-ACCESS read-write 707 STATUS current 708 DESCRIPTION 709 "The parameter N for statistical counting on this interface. 710 Set to N to count 1/Nth of the packets appearing at this 711 interface. A meter should choose its own algorithm to 712 introduce variance into the sampling so that exactly every Nth 713 packet is not counted. A sampling rate of 1 counts all 714 packets. A sampling rate of 0 results in the interface 715 being ignored by the meter." 716 DEFVAL { 1 } 717 ::= { flowInterfaceEntry 1 } 719 flowInterfaceLostPackets OBJECT-TYPE 720 SYNTAX Counter32 721 MAX-ACCESS read-only 722 STATUS current 723 DESCRIPTION 724 "The number of packets the meter has lost for this interface. 725 Such losses may occur because the meter has been unable to 726 keep up with the traffic volume." 727 ::= { flowInterfaceEntry 2 } 729 -- 730 -- Control Group: Meter Reader Info Table 731 -- 733 -- Any meter reader wishing to collect data reliably for all flows 734 -- should first create a row in this table. It should write that 735 -- row's flowReaderLastTime object each time it starts a collection 736 -- pass through the flow table. 738 -- If a meter reader (MR) does not create a row in this table, e.g. 739 -- because it failed authentication in the meter's SNMP write 740 -- community, collection can still proceed but the meter will not be 741 -- aware of meter reader MR. This could lead the meter to recover 742 -- flows before they have been collected by MR. 744 flowReaderInfoTable OBJECT-TYPE 745 SYNTAX SEQUENCE OF FlowReaderInfoEntry 746 MAX-ACCESS not-accessible 747 STATUS current 748 DESCRIPTION 749 "An array of information about meter readers which have 750 registered their intent to collect flow data from this meter." 751 ::= { flowControl 3 } 753 flowReaderInfoEntry OBJECT-TYPE 754 SYNTAX FlowReaderInfoEntry 755 MAX-ACCESS not-accessible 756 STATUS current 757 DESCRIPTION 758 "Information about a particular meter reader." 759 INDEX { flowReaderIndex } 760 ::= { flowReaderInfoTable 1 } 762 FlowReaderInfoEntry ::= SEQUENCE { 763 flowReaderIndex Integer32, 764 flowReaderTimeout Integer32, 765 flowReaderOwner OwnerString, 766 flowReaderLastTime TimeStamp, 767 flowReaderPreviousTime TimeStamp, 768 flowReaderStatus RowStatus, 769 flowReaderRuleSetName OCTET STRING 770 } 772 flowReaderIndex OBJECT-TYPE 773 SYNTAX Integer32 774 MAX-ACCESS not-accessible 775 STATUS current 776 DESCRIPTION 777 "An index which selects an entry in the flowReaderInfoTable." 778 ::= { flowReaderInfoEntry 1 } 780 flowReaderTimeout OBJECT-TYPE 781 SYNTAX Integer32 782 MAX-ACCESS read-create 783 STATUS current 784 DESCRIPTION 785 "Specifies the maximum time (in seconds) between flow data 786 collections for this meter reader. If this time elapses 787 without a collection, the meter should assume that this meter 788 reader has stopped collecting, and delete this row from the 789 table." 790 ::= { flowReaderInfoEntry 2 } 792 flowReaderOwner OBJECT-TYPE 793 SYNTAX OwnerString 794 MAX-ACCESS read-create 795 STATUS current 796 DESCRIPTION 797 "Identifies the meter reader which created this row." 798 ::= { flowReaderInfoEntry 3 } 800 flowReaderLastTime OBJECT-TYPE 801 SYNTAX TimeStamp 802 MAX-ACCESS read-only 803 STATUS current 804 DESCRIPTION 805 "Time this meter reader began its most recent data collection. 807 This variable should be written by a meter reader as its first 808 step in reading flow data. The meter will set this LastTime 809 value to sysUptime and set its PreviousTime value (below) to 810 the old LastTime. This allows the meter to recover flows 811 which have been inactive since PreviousTime, for these have 812 been collected at least once. 814 If the meter reader fails to write flowLastReadTime, collection 815 may still proceed but the meter may not be able to recover 816 inactive flows until the flowReaderTimeout has been reached 817 for this entry." 818 ::= { flowReaderInfoEntry 4 } 820 flowReaderPreviousTime OBJECT-TYPE 821 SYNTAX TimeStamp 822 MAX-ACCESS read-only 823 STATUS current 824 DESCRIPTION 825 "Time this meter reader began the collection before last." 826 ::= { flowReaderInfoEntry 5 } 828 flowReaderStatus OBJECT-TYPE 829 SYNTAX RowStatus 830 MAX-ACCESS read-create 831 STATUS current 832 DESCRIPTION 833 "The status of this FlowReaderInfoEntry. A value of active(1) 834 implies that the associated reader should be collecting data 835 from the meter. Once this variable has been set to active(1) 836 a manager may only change this row's flowReaderLastTime and 837 flowReaderTimeout variables." 838 ::= { flowReaderInfoEntry 6 } 840 flowReaderRuleSetName OBJECT-TYPE 841 SYNTAX OCTET STRING 842 MAX-ACCESS read-create 843 STATUS current 844 DESCRIPTION 845 "An alphanumeric identifier identifying a rule set of interest 846 to this meter reader. The reader will attempt to collect any 847 data generated by the meter for this rule set, and the meter 848 will not recover the memory of any of the rule set's flows 849 until this collection has taken place. Note that a reader may 850 have entries in this table for several rule sets." 851 ::= { flowReaderInfoEntry 7 } 853 -- 854 -- Control Group: Manager Info Table 855 -- 857 -- Any manager wishing to run a rule set must create a row in this 858 -- table. Once it has a table row, the manager may set the control 859 -- variables in its row so as to cause the meter to run any valid 860 -- rule set held by the meter. 862 -- A single manager may run several rule sets; it must create a row 863 -- in this table for each of them. In short, each row of this table 864 -- describes (and controls) a 'task' which the meter is executing. 866 flowManagerInfoTable OBJECT-TYPE 867 SYNTAX SEQUENCE OF FlowManagerInfoEntry 868 MAX-ACCESS not-accessible 869 STATUS current 870 DESCRIPTION 871 "An array of information about managers which have 872 registered their intent to run rule sets on this meter." 873 ::= { flowControl 4 } 875 flowManagerInfoEntry OBJECT-TYPE 876 SYNTAX FlowManagerInfoEntry 877 MAX-ACCESS not-accessible 878 STATUS current 879 DESCRIPTION 880 "Information about a particular meter 'task.' By creating 881 an entry in this table and activating it, a manager requests 882 that the meter 'run' the indicated rule set. 884 The entry also specifies a HighWaterMark and a StandbyRuleSet. 885 If the meter's flow table usage exceeds this task's 886 HighWaterMark the meter will stop running the task's 887 CurrentRuleSet and switch to its StandbyRuleSet. 889 If the value of the task's StandbyRuleSet is 0 when its 890 HighWaterMark is exceeded, the meter simply stops running the 891 task's CurrentRuleSet. By careful selection of HighWaterMarks 892 for the various tasks a manager can ensure that the most 893 critical rule sets are the last to stop running as the number 894 of flows increases. 896 When a manager has determined that the demand for flow table 897 space has abated, it may cause the task to switch back to its 898 CurrentRuleSet by setting its flowManagerRunningStandby 899 variable to false(2)." 900 INDEX { flowManagerIndex } 901 ::= { flowManagerInfoTable 1 } 903 FlowManagerInfoEntry ::= SEQUENCE { 904 flowManagerIndex Integer32, 905 flowManagerCurrentRuleSet Integer32, 906 flowManagerStandbyRuleSet Integer32, 907 flowManagerHighWaterMark INTEGER, 908 flowManagerCounterWrap INTEGER, 909 flowManagerOwner OwnerString, 910 flowManagerTimeStamp TimeStamp, 911 flowManagerStatus RowStatus, 912 flowManagerRunningStandby TruthValue 913 } 915 flowManagerIndex OBJECT-TYPE 916 SYNTAX Integer32 917 MAX-ACCESS not-accessible 918 STATUS current 919 DESCRIPTION 920 "An index which selects an entry in the flowManagerInfoTable." 921 ::= { flowManagerInfoEntry 1 } 923 flowManagerCurrentRuleSet OBJECT-TYPE 924 SYNTAX Integer32 925 MAX-ACCESS read-create 926 STATUS current 927 DESCRIPTION 928 "Index to the array of rule sets. Specifies which set of 929 rules is currently being used for accounting by this task. 930 When the manager sets this variable the meter will close the 931 task's current rule set and start using the new one, and will 932 set the task's flowManagerRunningStandby value to false(2). 934 Flows created by the old rule set remain in memory, orphaned 935 until their data has been read. Specifying rule set 0 (the 936 empty set) stops flow measurement by this manager." 937 ::= { flowManagerInfoEntry 2 } 939 flowManagerStandbyRuleSet OBJECT-TYPE 940 SYNTAX Integer32 941 MAX-ACCESS read-create 942 STATUS current 943 DESCRIPTION 944 "Index to the array of rule sets. After reaching HighWaterMark 945 (see below) the manager will switch to using the task's 946 StandbyRuleSet in place of its CurrentRuleSet. For this to be 947 effective the designated StandbyRuleSet should have a coarser 948 reporting granularity then the CurrentRuleSet. The manager may 949 also need to decrease the meter reading interval so that the 950 meter can recover flows measured by the (old) CurrentRuleSet." 951 DEFVAL { 0 } -- No standby 952 ::= { flowManagerInfoEntry 3 } 954 flowManagerHighWaterMark OBJECT-TYPE 955 SYNTAX INTEGER (0..100) 956 MAX-ACCESS read-create 957 STATUS current 958 DESCRIPTION 959 "A value expressed as a percentage, interpreted by the meter 960 as an indication of how full the flow table should be before 961 it should switch to the standby rule set (if one has been 962 specified) for this task. Values of 0% or 100% disable the 963 checking represented by this variable." 964 ::= { flowManagerInfoEntry 4 } 966 flowManagerCounterWrap OBJECT-TYPE 967 SYNTAX INTEGER { wrap(1), scale(2) } 968 MAX-ACCESS read-create 969 STATUS deprecated 970 DESCRIPTION 971 "Specifies whether PDU and octet counters should wrap when 972 they reach the top of their range (normal behaviour for 973 Counter64 objects), or whether their scale factors should 974 be used instead. The combination of counter and scale 975 factor allows counts to be returned as binary floating 976 point numbers, with 64-bit mantissas and 8-bit exponents." 977 DEFVAL { wrap } 978 ::= { flowManagerInfoEntry 5 } 980 flowManagerOwner OBJECT-TYPE 981 SYNTAX OwnerString 982 MAX-ACCESS read-create 983 STATUS current 984 DESCRIPTION 985 "Identifies the manager which created this row." 986 ::= { flowManagerInfoEntry 6 } 988 flowManagerTimeStamp OBJECT-TYPE 989 SYNTAX TimeStamp 990 MAX-ACCESS read-only 991 STATUS current 992 DESCRIPTION 993 "Time this row was last changed by its manager." 994 ::= { flowManagerInfoEntry 7 } 996 flowManagerStatus OBJECT-TYPE 997 SYNTAX RowStatus 998 MAX-ACCESS read-create 999 STATUS current 1000 DESCRIPTION 1001 "The status of this row in the flowManagerInfoTable. A value 1002 of active(1) implies that this task may be activated, by 1003 setting its CurrentRuleSet and StandbyRuleSet variables. 1004 Its HighWaterMark and RunningStandby variables may also be 1005 changed." 1006 ::= { flowManagerInfoEntry 8 } 1008 flowManagerRunningStandby OBJECT-TYPE 1009 SYNTAX TruthValue 1010 MAX-ACCESS read-write 1011 STATUS deprecated 1012 DESCRIPTION 1013 "Set to true(1) by the meter to indicate that it has switched 1014 to runnning this task's StandbyRuleSet in place of its 1015 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1016 manager may simply set this variable to false(2)." 1017 DEFVAL { false } 1018 ::= { flowManagerInfoEntry 9 } 1020 -- 1021 -- Control Group: General Meter Control Variables 1022 -- 1024 flowFloodMark OBJECT-TYPE 1025 SYNTAX INTEGER (0..100) 1026 MAX-ACCESS read-write 1027 STATUS current 1028 DESCRIPTION 1029 "A value expressed as a percentage, interpreted by the meter 1030 as an indication of how full the flow table should be before 1031 it should take some action to avoid running out of resources 1032 to handle new flows. Values of 0% or 100% disable the 1033 checking represented by this variable." 1034 DEFVAL { 95 } -- Enabled by default. 1035 ::= { flowControl 5 } 1037 flowInactivityTimeout OBJECT-TYPE 1038 SYNTAX Integer32 1039 MAX-ACCESS read-write 1040 STATUS current 1041 DESCRIPTION 1042 "The time in seconds since the last packet seen, after which a 1043 flow may be discarded. Note that although a flow may be 'idle', 1044 it will not be discarded (and its memory recovered) until after 1045 its data has been collected by all 'registered' meter readers." 1046 DEFVAL { 600 } -- 10 minutes 1047 ::= { flowControl 6 } 1049 flowActiveFlows OBJECT-TYPE 1050 SYNTAX Integer32 1051 MAX-ACCESS read-only 1052 STATUS current 1053 DESCRIPTION 1054 "The numbers of flows which are currently in use." 1055 ::= { flowControl 7 } 1057 flowMaxFlows OBJECT-TYPE 1058 SYNTAX Integer32 1059 MAX-ACCESS read-only 1060 STATUS current 1061 DESCRIPTION 1062 "The maximum number of flows allowed in the meter's 1063 flow table. At present this is determined when the meter 1064 is first started up." 1065 ::= { flowControl 8 } 1067 flowFloodMode OBJECT-TYPE 1068 SYNTAX TruthValue 1069 MAX-ACCESS read-only 1070 STATUS current 1071 DESCRIPTION 1072 "Indicates that the meter has passed its FloodMark and 1073 is not running in its normal mode. When a manager notices 1074 this it should take action to remedy the problem which 1075 caused the flooding." 1076 ::= { flowControl 9 } 1078 -- 1079 -- The Flow Table 1080 -- 1082 -- This is a table kept by a meter, with one flow data entry for every 1083 -- flow being measured. Each flow data entry stores the attribute 1084 -- values for a traffic flow. Details of flows and their attributes 1085 -- are given in the 'Traffic Flow Measurement: Architecture' 1086 -- document [9]. 1088 -- From time to time a meter reader may sweep the flow table so as 1089 -- to read counts. This is most effectively achieved by using the 1090 -- TimeMark variable together with successive GetBulk requests to 1091 -- retrieve the values of the desired flow attribute variables. 1093 -- This scheme allows multiple meter readers to independently use the 1094 -- same meter; the meter readers do not have to be synchronised and 1095 -- they may use different collection intervals. 1097 flowDataTable OBJECT-TYPE 1098 SYNTAX SEQUENCE OF FlowDataEntry 1099 MAX-ACCESS not-accessible 1100 STATUS current 1101 DESCRIPTION 1102 "The list of all flows being measured." 1103 ::= { flowData 1 } 1105 flowDataEntry OBJECT-TYPE 1106 SYNTAX FlowDataEntry 1107 MAX-ACCESS not-accessible 1108 STATUS current 1109 DESCRIPTION 1110 "The flow data record for a particular flow." 1111 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1112 ::= { flowDataTable 1 } 1114 FlowDataEntry ::= SEQUENCE { 1115 flowDataIndex Integer32, 1116 flowDataTimeMark TimeFilter, 1117 flowDataStatus INTEGER, 1119 flowDataSourceInterface Integer32, 1120 flowDataSourceAdjacentType AdjacentType, 1121 flowDataSourceAdjacentAddress AdjacentAddress, 1122 flowDataSourceAdjacentMask AdjacentAddress, 1123 flowDataSourcePeerType PeerType, 1124 flowDataSourcePeerAddress PeerAddress, 1125 flowDataSourcePeerMask PeerAddress, 1126 flowDataSourceTransType TransportType, 1127 flowDataSourceTransAddress TransportAddress, 1128 flowDataSourceTransMask TransportAddress, 1130 flowDataDestInterface Integer32, 1131 flowDataDestAdjacentType AdjacentType, 1132 flowDataDestAdjacentAddress AdjacentAddress, 1133 flowDataDestAdjacentMask AdjacentAddress, 1134 flowDataDestPeerType PeerType, 1135 flowDataDestPeerAddress PeerAddress, 1136 flowDataDestPeerMask PeerAddress, 1137 flowDataDestTransType TransportType, 1138 flowDataDestTransAddress TransportAddress, 1139 flowDataDestTransMask TransportAddress, 1141 flowDataPDUScale INTEGER, 1142 flowDataOctetScale INTEGER, 1144 flowDataRuleSet INTEGER, 1146 flowDataToOctets Counter64, -- Source->Dest 1147 flowDataToPDUs Counter64, 1148 flowDataFromOctets Counter64, -- Dest->Source 1149 flowDataFromPDUs Counter64, 1150 flowDataFirstTime TimeStamp, -- Activity times 1151 flowDataLastActiveTime TimeStamp, 1153 flowDataSourceSubscriberID OCTET STRING, 1154 flowDataDestSubscriberID OCTET STRING, 1155 flowDataSessionID OCTET STRING, 1157 flowDataSourceClass INTEGER, 1158 flowDataDestClass INTEGER, 1159 flowDataClass INTEGER, 1160 flowDataSourceKind INTEGER, 1161 flowDataDestKind INTEGER, 1162 flowDataKind INTEGER 1163 } 1165 flowDataIndex OBJECT-TYPE 1166 SYNTAX Integer32 1167 MAX-ACCESS not-accessible 1168 STATUS current 1169 DESCRIPTION 1170 "Value of this flow data record's index within the meter's 1171 flow table." 1172 ::= { flowDataEntry 1 } 1174 flowDataTimeMark OBJECT-TYPE 1175 SYNTAX TimeFilter 1176 MAX-ACCESS not-accessible 1177 STATUS current 1178 DESCRIPTION 1179 "A TimeFilter for this entry. Allows GetNext and GetBulk 1180 to find flow table rows which have changed since a specified 1181 value of sysUptime." 1182 ::= { flowDataEntry 2 } 1184 flowDataStatus OBJECT-TYPE 1185 SYNTAX INTEGER { inactive(1), current(2) } 1186 MAX-ACCESS read-only 1187 STATUS current 1188 DESCRIPTION 1189 "Status of this flow data record." 1190 ::= { flowDataEntry 3 } 1192 flowDataSourceInterface OBJECT-TYPE 1193 SYNTAX Integer32 1194 MAX-ACCESS read-only 1195 STATUS current 1196 DESCRIPTION 1197 "Index of the interface associated with the source address 1198 for this flow. It's value is one of those contained in the 1199 ifIndex field of the meter's interfaces table." 1200 ::= { flowDataEntry 4 } 1202 flowDataSourceAdjacentType OBJECT-TYPE 1203 SYNTAX AdjacentType 1204 MAX-ACCESS read-only 1205 STATUS current 1206 DESCRIPTION 1207 "Adjacent address type of the source for this flow. If 1208 metering is being performed at the network level this will 1209 probably be an 802 MAC address, and the adjacent type will 1210 indicate the medium being used. If traffic is being metered 1211 inside a tunnel, its adjacent address type will be the peer 1212 type of the host at the end of the tunnel." 1213 ::= { flowDataEntry 5 } 1215 flowDataSourceAdjacentAddress OBJECT-TYPE 1216 SYNTAX AdjacentAddress 1217 MAX-ACCESS read-only 1218 STATUS current 1219 DESCRIPTION 1220 "Address of the adjacent device on the path for the source 1221 for this flow." 1222 ::= { flowDataEntry 6 } 1224 flowDataSourceAdjacentMask OBJECT-TYPE 1225 SYNTAX AdjacentAddress 1226 MAX-ACCESS read-only 1227 STATUS current 1228 DESCRIPTION 1229 "1-bits in this mask indicate which bits must match when 1230 comparing the adjacent source address for this flow." 1231 ::= { flowDataEntry 7 } 1233 flowDataSourcePeerType OBJECT-TYPE 1234 SYNTAX PeerType 1235 MAX-ACCESS read-only 1236 STATUS current 1237 DESCRIPTION 1238 "Peer address type of the source for this flow." 1240 ::= { flowDataEntry 8 } 1242 flowDataSourcePeerAddress OBJECT-TYPE 1243 SYNTAX PeerAddress 1244 MAX-ACCESS read-only 1245 STATUS current 1246 DESCRIPTION 1247 "Address of the peer device for the source of this flow." 1248 ::= { flowDataEntry 9 } 1250 flowDataSourcePeerMask OBJECT-TYPE 1251 SYNTAX PeerAddress 1252 MAX-ACCESS read-only 1253 STATUS current 1254 DESCRIPTION 1255 "1-bits in this mask indicate which bits must match when 1256 comparing the source peer address for this flow." 1257 ::= { flowDataEntry 10 } 1259 flowDataSourceTransType OBJECT-TYPE 1260 SYNTAX TransportType 1261 MAX-ACCESS read-only 1262 STATUS current 1263 DESCRIPTION 1264 "Transport address type of the source for this flow. The 1265 value of this attribute will depend on the peer address type." 1266 ::= { flowDataEntry 11 } 1268 flowDataSourceTransAddress OBJECT-TYPE 1269 SYNTAX TransportAddress 1270 MAX-ACCESS read-only 1271 STATUS current 1272 DESCRIPTION 1273 "Transport address for the source of this flow." 1274 ::= { flowDataEntry 12 } 1276 flowDataSourceTransMask OBJECT-TYPE 1277 SYNTAX TransportAddress 1278 MAX-ACCESS read-only 1279 STATUS current 1280 DESCRIPTION 1281 "1-bits in this mask indicate which bits must match when 1282 comparing the transport source address for this flow." 1283 ::= { flowDataEntry 13 } 1285 flowDataDestInterface OBJECT-TYPE 1286 SYNTAX Integer32 1287 MAX-ACCESS read-only 1288 STATUS current 1289 DESCRIPTION 1290 "Index of the interface associated with the dest address for 1291 this flow. This value is one of the values contained in the 1292 ifIndex field of the interfaces table." 1293 ::= { flowDataEntry 14 } 1295 flowDataDestAdjacentType OBJECT-TYPE 1296 SYNTAX AdjacentType 1297 MAX-ACCESS read-only 1298 STATUS current 1299 DESCRIPTION 1300 "Adjacent address type of the destination for this flow." 1301 ::= { flowDataEntry 15 } 1303 flowDataDestAdjacentAddress OBJECT-TYPE 1304 SYNTAX AdjacentAddress 1305 MAX-ACCESS read-only 1306 STATUS current 1307 DESCRIPTION 1308 "Address of the adjacent device on the path for the 1309 destination for this flow." 1310 ::= { flowDataEntry 16 } 1312 flowDataDestAdjacentMask OBJECT-TYPE 1313 SYNTAX AdjacentAddress 1314 MAX-ACCESS read-only 1315 STATUS current 1316 DESCRIPTION 1317 "1-bits in this mask indicate which bits must match when 1318 comparing the adjacent dest address for this flow." 1319 ::= { flowDataEntry 17 } 1321 flowDataDestPeerType OBJECT-TYPE 1322 SYNTAX PeerType 1323 MAX-ACCESS read-only 1324 STATUS current 1325 DESCRIPTION 1326 "Peer address type of the destination for this flow." 1327 ::= { flowDataEntry 18 } 1329 flowDataDestPeerAddress OBJECT-TYPE 1330 SYNTAX PeerAddress 1331 MAX-ACCESS read-only 1332 STATUS current 1333 DESCRIPTION 1334 "Address of the peer device for the destination of this flow." 1335 ::= { flowDataEntry 19 } 1337 flowDataDestPeerMask OBJECT-TYPE 1338 SYNTAX PeerAddress 1339 MAX-ACCESS read-only 1340 STATUS current 1341 DESCRIPTION 1342 "1-bits in this mask indicate which bits must match when 1343 comparing the dest peer type for this flow." 1344 ::= { flowDataEntry 20 } 1346 flowDataDestTransType OBJECT-TYPE 1347 SYNTAX TransportType 1348 MAX-ACCESS read-only 1349 STATUS current 1350 DESCRIPTION 1351 "Transport address type of the destination for this flow. The 1352 value of this attribute will depend on the peer address type." 1353 ::= { flowDataEntry 21 } 1355 flowDataDestTransAddress OBJECT-TYPE 1356 SYNTAX TransportAddress 1357 MAX-ACCESS read-only 1358 STATUS current 1359 DESCRIPTION 1360 "Transport address for the destination of this flow." 1361 ::= { flowDataEntry 22 } 1363 flowDataDestTransMask OBJECT-TYPE 1364 SYNTAX TransportAddress 1365 MAX-ACCESS read-only 1366 STATUS current 1367 DESCRIPTION 1368 "1-bits in this mask indicate which bits must match when 1369 comparing the transport destination address for this flow." 1370 ::= { flowDataEntry 23 } 1372 flowDataPDUScale OBJECT-TYPE 1373 SYNTAX INTEGER (1..255) 1374 MAX-ACCESS read-only 1375 STATUS current 1376 DESCRIPTION 1377 "The scale factor applied to this particular flow. Indicates 1378 the number of bits the PDU counter values should be moved left 1379 to obtain the actual values." 1380 ::= { flowDataEntry 24 } 1382 flowDataOctetScale OBJECT-TYPE 1383 SYNTAX INTEGER (1..255) 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "The scale factor applied to this particular flow. Indicates 1388 the number of bits the octet counter values should be moved 1389 left to obtain the actual values." 1390 ::= { flowDataEntry 25 } 1392 flowDataRuleSet OBJECT-TYPE 1393 SYNTAX INTEGER (1..255) 1394 MAX-ACCESS not-accessible 1395 STATUS current 1396 DESCRIPTION 1397 "The RuleSet number of the rule set which created this flow." 1398 ::= { flowDataEntry 26 } 1400 flowDataToOctets OBJECT-TYPE 1401 SYNTAX Counter64 1402 MAX-ACCESS read-only 1403 STATUS current 1404 DESCRIPTION 1405 "The count of octets flowing from source to dest address and 1406 being delivered to the protocol level being metered. In the 1407 case of IP this would count the number of octets delivered to 1408 the IP level." 1409 ::= { flowDataEntry 27 } 1411 flowDataToPDUs OBJECT-TYPE 1412 SYNTAX Counter64 1413 MAX-ACCESS read-only 1414 STATUS current 1415 DESCRIPTION 1416 "The count of protocol packets flowing from source to dest 1417 address and being delivered to the protocol level being 1418 metered. In the case of IP, for example, this would count the 1419 IP packets delivered to the IP protocol level." 1420 ::= { flowDataEntry 28 } 1422 flowDataFromOctets OBJECT-TYPE 1423 SYNTAX Counter64 1424 MAX-ACCESS read-only 1425 STATUS current 1426 DESCRIPTION 1427 "The count of octets flowing from dest to source address and 1428 being delivered to the protocol level being metered." 1429 ::= { flowDataEntry 29 } 1431 flowDataFromPDUs OBJECT-TYPE 1432 SYNTAX Counter64 1433 MAX-ACCESS read-only 1434 STATUS current 1435 DESCRIPTION 1436 "The count of protocol packets flowing from dest to source 1437 address and being delivered to the protocol level being 1438 metered. In the case of IP, for example, this would count 1439 the IP packets delivered to the IP protocol level." 1440 ::= { flowDataEntry 30 } 1442 flowDataFirstTime OBJECT-TYPE 1443 SYNTAX TimeStamp 1444 MAX-ACCESS read-only 1445 STATUS current 1446 DESCRIPTION 1447 "The time at which this flow was first entered in the table" 1448 ::= { flowDataEntry 31 } 1450 flowDataLastActiveTime OBJECT-TYPE 1451 SYNTAX TimeStamp 1452 MAX-ACCESS read-only 1453 STATUS current 1454 DESCRIPTION 1455 "The last time this flow had activity, i.e. the time of 1456 arrival of the most recent PDU belonging to this flow." 1457 ::= { flowDataEntry 32 } 1459 flowDataSourceSubscriberID OBJECT-TYPE 1460 SYNTAX OCTET STRING (SIZE (4..20)) 1461 MAX-ACCESS read-only 1462 STATUS current 1463 DESCRIPTION 1464 "Subscriber ID associated with the source address for this 1465 flow." 1466 ::= { flowDataEntry 33 } 1468 flowDataDestSubscriberID OBJECT-TYPE 1469 SYNTAX OCTET STRING (SIZE (4..20)) 1470 MAX-ACCESS read-only 1471 STATUS current 1472 DESCRIPTION 1473 "Subscriber ID associated with the dest address for this 1474 flow." 1475 ::= { flowDataEntry 34 } 1477 flowDataSessionID OBJECT-TYPE 1478 SYNTAX OCTET STRING (SIZE (4..10)) 1479 MAX-ACCESS read-only 1480 STATUS current 1481 DESCRIPTION 1482 "Session ID for this flow. Such an ID might be allocated 1483 by a network access server to distinguish a series of sessions 1484 between the same pair of addresses, which would otherwise 1485 appear to be parts of the same accounting flow." 1486 ::= { flowDataEntry 35 } 1488 flowDataSourceClass OBJECT-TYPE 1489 SYNTAX INTEGER (1..255) 1490 MAX-ACCESS read-only 1491 STATUS current 1492 DESCRIPTION 1493 "Source class for this flow. Determined by the rules, set by 1494 a PushRule action when this flow was entered in the table." 1496 ::= { flowDataEntry 36 } 1498 flowDataDestClass OBJECT-TYPE 1499 SYNTAX INTEGER (1..255) 1500 MAX-ACCESS read-only 1501 STATUS current 1502 DESCRIPTION 1503 "Destination class for this flow. Determined by the rules, set 1504 by a PushRule action when this flow was entered in the table." 1505 ::= { flowDataEntry 37 } 1507 flowDataClass OBJECT-TYPE 1508 SYNTAX INTEGER (1..255) 1509 MAX-ACCESS read-only 1510 STATUS current 1511 DESCRIPTION 1512 "Class for this flow. Determined by the rules, set by a 1513 PushRule action when this flow was entered in the table." 1514 ::= { flowDataEntry 38 } 1516 flowDataSourceKind OBJECT-TYPE 1517 SYNTAX INTEGER (1..255) 1518 MAX-ACCESS read-only 1519 STATUS current 1520 DESCRIPTION 1521 "Source kind for this flow. Determined by the rules, set by 1522 a PushRule action when this flow was entered in the table." 1523 ::= { flowDataEntry 39 } 1525 flowDataDestKind OBJECT-TYPE 1526 SYNTAX INTEGER (1..255) 1527 MAX-ACCESS read-only 1528 STATUS current 1529 DESCRIPTION 1530 "Destination kind for this flow. Determined by the rules, set 1531 by a PushRule action when this flow was entered in the table." 1532 ::= { flowDataEntry 40 } 1534 flowDataKind OBJECT-TYPE 1535 SYNTAX INTEGER (1..255) 1536 MAX-ACCESS read-only 1537 STATUS current 1538 DESCRIPTION 1539 "Class for this flow. Determined by the rules, set by a 1540 PushRule action when this flow was entered in the table." 1541 ::= { flowDataEntry 41 } 1543 -- 1544 -- The Activity Column Table 1545 -- 1546 flowColumnActivityTable OBJECT-TYPE 1547 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1548 MAX-ACCESS not-accessible 1549 STATUS deprecated 1550 DESCRIPTION 1551 "Index into the Flow Table. Allows a meter reader to retrieve 1552 a list containing the flow table indeces of flows which were 1553 last active at or after a given time, together with the values 1554 of a specified attribute for each such flow." 1555 ::= { flowData 2 } 1557 flowColumnActivityEntry OBJECT-TYPE 1558 SYNTAX FlowColumnActivityEntry 1559 MAX-ACCESS not-accessible 1560 STATUS deprecated 1561 DESCRIPTION 1562 "The Column Activity Entry for a particular attribute, 1563 activity time and flow." 1564 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1565 flowColumnActivityIndex } 1566 ::= { flowColumnActivityTable 1 } 1568 FlowColumnActivityEntry ::= SEQUENCE { 1569 flowColumnActivityAttribute FlowAttributeNumber, 1570 flowColumnActivityTime TimeFilter, 1571 flowColumnActivityIndex Integer32, 1572 flowColumnActivityData OCTET STRING 1573 } 1575 flowColumnActivityAttribute OBJECT-TYPE 1576 SYNTAX FlowAttributeNumber 1577 MAX-ACCESS read-only 1578 STATUS deprecated 1579 DESCRIPTION 1580 "Specifies the attribute for which values are required from 1581 active flows." 1582 ::= { flowColumnActivityEntry 1 } 1584 flowColumnActivityTime OBJECT-TYPE 1585 SYNTAX TimeFilter 1586 MAX-ACCESS read-only 1587 STATUS deprecated 1588 DESCRIPTION 1589 "This variable is a copy of flowDataLastActiveTime in the 1590 flow data record identified by the flowColumnActivityIndex 1591 value of this flowColumnActivityTable entry." 1592 ::= { flowColumnActivityEntry 2 } 1594 flowColumnActivityIndex OBJECT-TYPE 1595 SYNTAX Integer32 1596 MAX-ACCESS read-only 1597 STATUS deprecated 1598 DESCRIPTION 1599 "Index of a flow table entry which was active at or after 1600 a specified flowColumnActivityTime." 1601 ::= { flowColumnActivityEntry 3 } 1603 flowColumnActivityData OBJECT-TYPE 1604 SYNTAX OCTET STRING (SIZE (3..1000)) 1605 MAX-ACCESS read-only 1606 STATUS deprecated 1607 DESCRIPTION 1608 "Collection of attribute data for flows active after 1609 flowColumnActivityTime. Within the OCTET STRING is a 1610 sequence of { flow index, attribute value } pairs, one for 1611 each active flow. The end of the sequence is marked by a 1612 flow index value of 0, indicating that there are no more 1613 rows in this column. 1615 The format of objects inside flowColumnFlowData is as follows. 1616 All numbers are unsigned. Numbers and strings appear with 1617 their high-order bytes leading. Numbers are fixed size, as 1618 specified by their SYNTAX in the flow table (above), i.e. one 1619 octet for flowAddressType and small constants, and four octets 1620 for Counter and TimeStamp. Strings are variable-length, with 1621 the length given in a single leading octet. 1623 The following is an attempt at an ASN.1 definition of 1624 flowColumnActivityData: 1626 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1627 flowRowItemEntry ::= SEQUENCE { 1628 flowRowNumber INTEGER (1..65535), 1629 -- 0 indicates the end of this column 1630 flowDataValue flowDataType -- Choice depends on attribute 1631 } 1632 flowDataType ::= CHOICE { 1633 flowByteValue INTEGER (1..255), 1634 flowShortValue INTEGER (1..65535), 1635 flowLongValue Integer32, 1636 flowStringValue OCTET STRING -- Length (n) in first byte, 1637 -- n+1 bytes total length, trailing zeroes truncated 1638 }" 1639 ::= { flowColumnActivityEntry 4 } 1641 flowDataPackageTable OBJECT-TYPE 1642 SYNTAX SEQUENCE OF FlowDataPackageEntry 1643 MAX-ACCESS not-accessible 1644 STATUS current 1645 DESCRIPTION 1646 "Index into the Flow Table. Allows a meter reader to retrieve 1647 a sequence containing the values of a specified set of 1648 attributes for a flow which came from a specified rule set and 1649 which was last active at or after a given time." 1650 ::= { flowData 3 } 1652 flowDataPackageEntry OBJECT-TYPE 1653 SYNTAX FlowDataPackageEntry 1654 MAX-ACCESS not-accessible 1655 STATUS current 1656 DESCRIPTION 1657 "The data package containing selected variables from 1658 active rows in the flow table." 1659 INDEX { flowPackageSelector, 1660 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1661 ::= { flowDataPackageTable 1 } 1663 FlowDataPackageEntry ::= SEQUENCE { 1664 flowPackageSelector OCTET STRING, 1665 flowPackageRuleSet INTEGER, 1666 flowPackageTime TimeFilter, 1667 flowPackageIndex Integer32, 1668 flowPackageData OCTET STRING 1669 } 1671 flowPackageSelector OBJECT-TYPE 1672 SYNTAX OCTET STRING 1673 MAX-ACCESS not-accessible 1674 STATUS current 1675 DESCRIPTION 1676 "Specifies the attributes for which values are required from 1677 an active flow. These are encoded as a sequence of octets 1678 each containing a FlowAttribute number, preceded by an octet 1679 giving the length of the sequence (not including the length 1680 octet)." 1681 ::= { flowDataPackageEntry 1 } 1683 flowPackageRuleSet OBJECT-TYPE 1684 SYNTAX INTEGER (1..255) 1685 MAX-ACCESS not-accessible 1686 STATUS current 1687 DESCRIPTION 1688 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1689 set which produced the required flow." 1690 ::= { flowDataPackageEntry 2 } 1692 flowPackageTime OBJECT-TYPE 1693 SYNTAX TimeFilter 1694 MAX-ACCESS not-accessible 1695 STATUS current 1696 DESCRIPTION 1697 "This variable is a copy of flowDataLastActiveTime in the 1698 flow data record identified by the flowColumnActivityIndex 1699 value of this flowPackageTable entry." 1700 ::= { flowDataPackageEntry 3 } 1702 flowPackageIndex OBJECT-TYPE 1703 SYNTAX INTEGER 1704 MAX-ACCESS not-accessible 1705 STATUS current 1706 DESCRIPTION 1707 "Index of a flow table entry which was active at or after 1708 a specified flowPackageTime." 1709 ::= { flowDataPackageEntry 4 } 1711 flowPackageData OBJECT-TYPE 1712 SYNTAX OCTET STRING (SIZE (3..1000)) 1713 MAX-ACCESS read-only 1714 STATUS current 1715 DESCRIPTION 1716 "A Collection of attribute values for a single flow, as 1717 specified by the values of this row's indeces. The attribute 1718 values are contained within a BER-encoded sequence [7], in the 1719 order they appear in their flowPackageSelector. For example, 1720 to retrieve a flowPackage containing values for attributes 11, 1721 18 and 34, for flows in rule set 7, active since uptime 12345, 1722 beginning with the first row after row 3447, one would request 1723 the package whose OID is 1724 flowPackageData . 3.11.18.34 . 7. 12345 . 3447 " 1725 ::= { flowDataPackageEntry 5 } 1727 -- 1728 -- The Rule Table 1729 -- 1731 -- This is an array of rule tables; the 'running' ones are indicated 1732 -- by the entries in the meter's flowManagerInfoTable. Several rule 1733 -- sets can be held in a meter so that the manager can change the rules 1734 -- easily, for example with time of day. Note that a manager may 1735 -- not change the rules in any 'running' rule set! See the 'Traffic 1736 -- Flow Measurement: Architecture' document [9] for details of rules 1737 -- and how they are used. 1738 -- 1739 -- Space for a rule table is allocated by setting the value of 1740 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1742 flowRuleTable OBJECT-TYPE 1743 SYNTAX SEQUENCE OF FlowRuleEntry 1744 MAX-ACCESS not-accessible 1745 STATUS current 1746 DESCRIPTION 1747 "Contains all the rule sets which may be used by the meter." 1749 ::= { flowRules 1 } 1751 flowRuleEntry OBJECT-TYPE 1752 SYNTAX FlowRuleEntry 1753 MAX-ACCESS not-accessible 1754 STATUS current 1755 DESCRIPTION 1756 "The rule record itself." 1757 INDEX { flowRuleSet, flowRuleIndex } 1758 ::= { flowRuleTable 1 } 1760 FlowRuleEntry ::= SEQUENCE { 1761 flowRuleSet INTEGER, 1762 flowRuleIndex INTEGER, 1763 flowRuleSelector RuleAttributeNumber, 1764 flowRuleMask RuleAddress, 1765 flowRuleMatchedValue RuleAddress, 1766 flowRuleAction ActionNumber, 1767 flowRuleParameter INTEGER 1768 } 1770 flowRuleSet OBJECT-TYPE 1771 SYNTAX INTEGER (1..255) 1772 MAX-ACCESS not-accessible 1773 STATUS current 1774 DESCRIPTION 1775 "Selects a rule set from the array of rule sets." 1776 ::= { flowRuleEntry 1 } 1778 flowRuleIndex OBJECT-TYPE 1779 SYNTAX INTEGER (1..65535) 1780 MAX-ACCESS not-accessible 1781 STATUS current 1782 DESCRIPTION 1783 "The index into the Rule table. N.B: These values will 1784 often be consecutive, given the fall-through semantics of 1785 processing the table." 1786 ::= { flowRuleEntry 2 } 1788 flowRuleSelector OBJECT-TYPE 1789 SYNTAX RuleAttributeNumber 1790 MAX-ACCESS read-write 1791 STATUS current 1792 DESCRIPTION 1793 "Indicates the attribute to be matched. 1795 null(0) is a special case; null rules always succeed. 1797 matchingStoD(50) is set by the meter's Packet Matching Engine. 1798 Its value is true(1) if the PME is attempting to match the 1799 packet with its addresses in Source-to-Destination order (i.e. 1801 as they appear in the packet), and false(2) otherwise. 1802 Details of how packets are matched are given in the 'Traffic 1803 Flow Measurement: Architecture' document [9]. 1805 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1806 variables, each of which can hold the name (i.e. selector 1807 value) of an address attribute. When one of these is used 1808 as a selector, its value specifies the attribute to be 1809 tested. Variable values are set by an Assign action." 1810 ::= { flowRuleEntry 3 } 1812 flowRuleMask OBJECT-TYPE 1813 SYNTAX RuleAddress 1814 MAX-ACCESS read-write 1815 STATUS current 1816 DESCRIPTION 1817 "The initial mask used to compute the desired value. If the 1818 mask is zero the rule's test will always succeed." 1819 ::= { flowRuleEntry 4 } 1821 flowRuleMatchedValue OBJECT-TYPE 1822 SYNTAX RuleAddress 1823 MAX-ACCESS read-write 1824 STATUS current 1825 DESCRIPTION 1826 "The resulting value to be matched for equality. 1827 Specifically, if the attribute chosen by the flowRuleSelector 1828 logically ANDed with the mask specified by the flowRuleMask 1829 equals the value specified in the flowRuleMatchedValue, then 1830 continue processing the table entry based on the action 1831 specified by the flowRuleAction entry. Otherwise, proceed to 1832 the next entry in the rule table." 1833 ::= { flowRuleEntry 5 } 1835 flowRuleAction OBJECT-TYPE 1836 SYNTAX ActionNumber 1837 MAX-ACCESS read-write 1838 STATUS current 1839 DESCRIPTION 1840 "The action to be taken if this rule's test succeeds, or if 1841 the meter's 'test' flag is off. Actions are opcodes for the 1842 meter's Packet Matching Engine; details are given in the 1843 'Traffic Flow Measurement: Architecture' document [9]." 1844 ::= { flowRuleEntry 6 } 1846 flowRuleParameter OBJECT-TYPE 1847 SYNTAX INTEGER (1..65535) 1848 MAX-ACCESS read-write 1849 STATUS current 1850 DESCRIPTION 1851 "A parameter value providing extra information for the 1852 rule's action." 1853 ::= { flowRuleEntry 7 } 1855 -- 1856 -- Traffic Flow Meter conformance statement 1857 -- 1859 flowMIBCompliances 1860 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1862 flowMIBGroups 1863 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1865 flowControlGroup OBJECT-GROUP 1866 OBJECTS { 1867 flowRuleInfoSize, flowRuleInfoOwner, 1868 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1869 flowRuleInfoName, flowRuleInfoRulesReady, 1870 flowRuleInfoFlowRecords, 1871 flowInterfaceRate, 1872 flowInterfaceLostPackets, 1873 flowReaderTimeout, flowReaderOwner, 1874 flowReaderLastTime, flowReaderPreviousTime, 1875 flowReaderStatus, flowReaderRuleSetName, 1876 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 1877 flowManagerHighWaterMark, 1878 flowManagerOwner, flowManagerTimeStamp, 1879 flowManagerStatus, flowManagerRunningStandby, 1880 flowFloodMark, 1881 flowInactivityTimeout, flowActiveFlows, 1882 flowMaxFlows, flowFloodMode } 1883 STATUS current 1884 DESCRIPTION 1885 "The control group defines objects which are used to control 1886 an accounting meter." 1887 ::= {flowMIBGroups 1 } 1889 flowDataTableGroup OBJECT-GROUP 1890 OBJECTS { 1891 flowDataIndex, 1892 flowDataStatus, 1893 flowDataSourceInterface, 1894 flowDataSourceAdjacentType, 1895 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 1896 flowDataSourcePeerType, 1897 flowDataSourcePeerAddress, flowDataSourcePeerMask, 1898 flowDataSourceTransType, 1899 flowDataSourceTransAddress, flowDataSourceTransMask, 1900 flowDataDestInterface, 1901 flowDataDestAdjacentType, 1902 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 1903 flowDataDestPeerType, 1904 flowDataDestPeerAddress, flowDataDestPeerMask, 1905 flowDataDestTransType, 1906 flowDataDestTransAddress, flowDataDestTransMask, 1907 flowDataRuleSet, 1908 flowDataToOctets, flowDataToPDUs, 1909 flowDataFromOctets, flowDataFromPDUs, 1910 flowDataFirstTime, flowDataLastActiveTime, 1911 flowDataSourceClass, flowDataDestClass, flowDataClass, 1912 flowDataSourceKind, flowDataDestKind, flowDataKind 1913 } 1914 STATUS current 1915 DESCRIPTION 1916 "The flow table group defines objects which provide the 1917 structure for the rule table, including the creation time 1918 and activity time indexes into it. In addition it defines 1919 objects which provide a base set of flow attributes for the 1920 adjacent, peer and transport layers, together with a flow's 1921 counters and times. Finally it defines a flow's class and 1922 kind attributes, which are set by rule actions." 1923 ::= {flowMIBGroups 2 } 1925 flowDataScaleGroup OBJECT-GROUP 1926 OBJECTS { 1927 flowManagerCounterWrap, 1928 flowDataPDUScale, flowDataOctetScale 1929 } 1930 STATUS current 1931 DESCRIPTION 1932 "The flow scale group defines objects which specify scale 1933 factors for counters." 1934 ::= {flowMIBGroups 3 } 1936 flowDataSubscriberGroup OBJECT-GROUP 1937 OBJECTS { 1938 flowDataSourceSubscriberID, flowDataDestSubscriberID, 1939 flowDataSessionID 1940 } 1941 STATUS current 1942 DESCRIPTION 1943 "The flow subscriber group defines objects which may be used 1944 to identify the end point(s) of a flow." 1945 ::= {flowMIBGroups 4 } 1947 flowDataColumnTableGroup OBJECT-GROUP 1948 OBJECTS { 1949 flowColumnActivityAttribute, 1950 flowColumnActivityTime, 1951 flowColumnActivityIndex, 1952 flowColumnActivityData 1953 } 1954 STATUS current 1955 DESCRIPTION 1956 "The flow column table group defines objects which can be used 1957 to collect part of a column of attribute values from the flow 1958 table." 1959 ::= {flowMIBGroups 5 } 1961 flowDataPackageGroup OBJECT-GROUP 1962 OBJECTS { 1963 flowPackageSelector, flowPackageRuleSet, 1964 flowPackageIndex, flowPackageData 1965 } 1966 STATUS current 1967 DESCRIPTION 1968 "The data package group defines objects which can be used 1969 to collect a specified set of attribute values from a row of 1970 the flow table." 1971 ::= {flowMIBGroups 6 } 1973 flowRuleTableGroup OBJECT-GROUP 1974 OBJECTS { 1975 flowRuleSelector, 1976 flowRuleMask, flowRuleMatchedValue, 1977 flowRuleAction, flowRuleParameter 1978 } 1979 STATUS current 1980 DESCRIPTION 1981 "The rule table group defines objects which hold the set(s) 1982 of rules specifying which traffic flows are to be accounted 1983 for." 1984 ::= {flowMIBGroups 7 } 1986 flowMIBCompliance MODULE-COMPLIANCE 1987 STATUS current 1988 DESCRIPTION 1989 "The compliance statement for a Traffic Flow Meter." 1990 MODULE 1991 MANDATORY-GROUPS { 1992 flowControlGroup, 1993 flowDataTableGroup, 1994 flowRuleTableGroup 1995 } 1996 ::= { flowMIBCompliances 1 } 1998 END 1999 6 Acknowledgements 2001 An early draft of this document was produced under the auspices of the 2002 IETF's Accounting Working Group with assistance from SNMP and SAAG 2003 working groups. Particular thanks are due to Jim Barnes, Sig Handelman 2004 and Stephen Stibler for their support and their assistance with checking 2005 the MIB. 2007 7 References 2009 [1] McCloghrie, K., and Rose, M., Editors, "Management 2010 Information Base for Network Management of TCP/IP-based 2011 internets," RFC 1213, Performance Systems International, March 2012 1991. 2014 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 2015 "Structure of Management Information for version 2 of the 2016 Simple Network Managemenet Protocol," RFC 1902, SNMP Research 2017 Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie 2018 Mellon University, January 1996. 2020 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 2021 "Textual Conventions for version 2 of the Simple Network 2022 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2023 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2024 University, January 1996. 2026 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2027 "Conformance Statements for version 2 of the Simple Network 2028 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2029 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2030 University, January 1996. 2032 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2033 "Coexistence between version 1 and version 2 of the 2034 Internet-standard Network Management Framework," RFC 1908, SNMP 2035 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2036 Carnegie Mellon University, JAnuary 1996. 2038 [6] Information processing systems - Open Systems 2039 Interconnection - Specification of Abstract Syntax Notation One 2040 (ASN.1), International Organization for Standardization, 2041 International Standard 8824, December 1987. 2043 [7] Information processing systems - Open Systems 2044 Interconnection - Specification of Basic Encoding Rules for 2045 Abstract Notation One (ASN.1), International Organization for 2046 Standardization, International Standard 8825, December 1987. 2048 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2049 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2050 Technology Corporation, November 1991. 2052 [9] Brownlee, N., Mills, C., and G. Ruth, "Traffic Flow 2053 Measurement: Architecture", RFC 2063, The University of 2054 Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, 2055 January 1997. 2057 [10] Waldbusser, S., "Remote Network Monitoring Management 2058 Information Base Version 2 using SMIv2," RFC 2021, INS, January 2059 1997. 2061 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2062 ISI, October 1994. 2064 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2065 SNMP Research Incorporated, January 1992. 2067 [13] Hinden, R., Deering, S., "IP Version 6 Addressing 2068 Architecture," RFC 1884, Ipsilon Networks, Xerox PARC, December 2069 1995. 2071 8 Security Considerations 2073 This MIB describes how an RTFM traffic meter is controlled, and provides 2074 a way for traffic flow data to be retrieved from it by a meter reader. 2075 This is essentially an application using SNMP as a method of 2076 communication between co-operating hosts; the meter seems unlikely to 2077 have any inherent security risks. 2079 Since, however, the traffic flow data can be extremely valuable for 2080 network management purposes it is vital that sensible precautions be 2081 taken to keep the meter and its data secure. This could be achieved in 2082 many ways, for example 2084 - Physical Separation. Meter(s) and meter reader(s) could be 2085 deployed within a separate network, access to which is carefully 2086 controlled. 2088 - Application-layer Security. A minimal level of security for SNMP 2089 is provided by using 'community' strings, which are essentially 2090 clear-text passwords. Stronger security for SNMP is being 2091 developed within the IETF; when this becomes available it should be 2092 used to protect managed network equipment. 2094 - Lower-layer Security. Access to the meter can be protected using 2095 encryption at the network layer. For example, one could run SNMP 2096 to the meter through an encrypted TCP tunnel. 2098 When implementing a meter it may be sensible to use separate network 2099 interfaces for control and for metering. If this is done the control 2100 interface can be made physically secure, which also guards against 2101 denial-of-service attacks. Denial-of-service attacks on the metering 2102 interfaces are not a concern, since they appear as extra traffic flows 2103 which can be measured! 2105 9 Author's Address 2107 Nevil Brownlee 2108 Information Technology Sytems & Services 2109 The University of Auckland 2111 Phone: +64 9 373 7599 x8941 2112 E-mail: n.brownlee @auckland.ac.nz