idnits 2.17.1 draft-ietf-rtfm-meter-mib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-23) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1719 has weird spacing: '...taValue flow...' == Line 1822 has weird spacing: '... been activ...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 1998) is 9536 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1902 (ref. '2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '3') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '4') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1908 (ref. '5') (Obsoleted by RFC 2576) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') ** Obsolete normative reference: RFC 2063 (ref. '9') (Obsoleted by RFC 2722) ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 1884 (ref. '13') (Obsoleted by RFC 2373) Summary: 18 errors (**), 0 flaws (~~), 4 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Nevil Brownlee 3 INTERNET-DRAFT The University of Auckland 4 November 1997 5 Expires March 1998 7 Traffic Flow Measurement: Meter MIB 9 11 Status of this Memo 13 This document is an Internet-Draft. Internet-Drafts are working 14 documents of the Internet Engineering Task Force (IETF), its Areas, and 15 its Working Groups. Note that other groups may also distribute working 16 documents as Internet-Drafts. This Internet Draft is a product of the 17 Realtime Traffic Flow Measurement Working Group of the IETF. 19 Internet Drafts are draft documents valid for a maximum of six months. 20 Internet Drafts may be updated, replaced, or obsoleted by other 21 documents at any time. It is not appropriate to use Internet Drafts as 22 reference material or to cite them other than as a "working draft" or 23 "work in progress." 25 To view the entire list of current Internet-Drafts, please check the 26 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 27 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), 28 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 29 ftp.isi.edu (US West Coast). 31 Abstract 33 A 'Traffic Meter' collects data relating to traffic flows within a 34 network. This document defines a Management Information Base (MIB) for 35 use in controlling a traffic meter, in particular for specifying the 36 flows to be measured. It also provides an efficient mechanism for 37 retrieving flow data from the meter using SNMP. Security issues 38 concerning the operation of traffic meters are summarised. 40 Contents 42 1 Introduction 2 44 2 The Network Management Framework 2 45 3 Objects 3 46 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 4 48 4 Overview 4 49 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . 4 50 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 5 52 5 Changes Introduced Since RFC 2064 6 54 6 Definitions 7 56 7 Security Considerations 43 58 8 Acknowledgements 44 60 9 References 44 62 10Author's Address 46 64 1 Introduction 66 This memo defines a portion of the Management Information Base (MIB) for 67 use with network management protocols in the Internet community. In 68 particular, it describes objects for managing and collecting data from 69 network Realtime Traffic Flow Meters, as described in [9]. 71 The MIB is 'basic' in the sense that it provides more than enough 72 information for everyday traffic measurment. Furthermore, it can be 73 easily extended by adding new attributes as required. The RTFM Working 74 group is actively pursuing the development of the meter in this way. 76 2 The Network Management Framework 78 The Internet-standard Network Management Framework consists of three 79 components. They are: 81 RFC 1155 defines the SMI, the mechanisms used for describing 82 and naming objects for the purpose of management. RFC 1212 83 defines a more concise description mechanism, which is wholly 84 consistent with the SMI. 86 RFC 1156 defines MIB-I, the core set of managed objects for the 87 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 88 evolution of MIB-I based on implementation experience and new 89 operational requirements. 91 RFC 1157 defines the SNMP, the protocol used for network access 92 to managed objects. 94 RFC 1902 [2] defines the SMI for version 2 of the Simple 95 Network Management Protocol. 97 RFCs 1903 and 1904 [3,4] define Textual Conventions and 98 Conformance Statements for version 2 of the Simple Network 99 Management Protocol. 101 RFC 1908 [5] describes how versions 1 and 2 of the Simple 102 Network Management Protocol should coexist. 104 The Framework permits new objects to be defined for the purpose of 105 experimentation and evaluation. 107 3 Objects 109 Managed objects are accessed via a virtual information store, termed the 110 Management Information Base or MIB. Objects in the MIB are defined using 111 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 112 SMI. In particular, each object has a name, a syntax, and an encoding. 113 The name is an object identifier, an administratively assigned name, 114 which specifies an object type. The object type together with an object 115 instance serves to uniquely identify a specific instantiation of the 116 object. For human convenience, we often use a textual string, termed 117 the OBJECT DESCRIPTOR, to also refer to the object type. 119 The syntax of an object type defines the abstract data structure 120 corresponding to that object type. The ASN.1 language is used for this 121 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 122 which may be used. These restrictions are explicitly made for 123 simplicity. 125 The encoding of an object type is simply how that object type is 126 represented using the object type's syntax. Implicitly tied to the 127 notion of an object type's syntax and encoding is how the object type is 128 represented when being transmitted on the network. 130 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 131 subject to the additional requirements imposed by the SNMP. 133 3.1 Format of Definitions 135 Section 4 contains the specification of all object types contained in 136 this MIB module. These object types are specified using the conventions 137 defined in [2] and [3]. 139 4 Overview 141 Traffic Flow Measurement seeks to provide a well-defined method for 142 gathering traffic flow information from networks and internetworks. The 143 background for this is given in "Traffic Flow Measurement: Background" 144 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 145 produced a measurement architecture to achieve this goal; this is 146 documented in "Traffic Flow Measurement: Architecture" [9]. The 147 architecture defines three entities: 149 - METERS, which observe network traffic flows and build up a table of 150 flow data records for them, 152 - METER READERS, which collect traffic flow data from meters, and 154 - MANAGERS, which oversee the operation of meters and meter readers. 156 This memo defines the SNMP management information for a Traffic Flow 157 Meter (TFM). Work in this field was begun by the Internet Accounting 158 Working Group. It has been further developed and expanded by the 159 Realtime Traffic Flow Measurement Working Group. 161 4.1 Scope of Definitions, Textual Conventions 163 All objects defined in this memo are registered in a single subtree 164 within the mib-2 namespace [1,2], and are for use in network devices 165 which may perform a PDU forwarding or monitoring function. For these 166 devices, the value of the ifSpecific variable in the MIB-II [1] has the 167 OBJECT IDENTIFIER value: 169 flowMIB OBJECT IDENTIFIER ::= mib-2 40 171 as defined below. 173 The RTFM Meter MIB was first produced and tested using SNMPv1. It was 174 converted into SNMPv2 following the guidelines in RFC 1908 [5]. 176 4.2 Usage of the MIB variables 178 The MIB is organised in four parts - control, data, rules and 179 conformance statements. 181 The rules implement the set of packet-matching actions, as described in 182 the "Traffic Flow Measurment: Architecture" document [9]. In addition 183 they provide for BASIC-style subroutines, allowing a network manager to 184 dramatically reduce the number of rules required to monitor a large 185 network. 187 Traffic flows are identified by a set of attributes for each of their 188 end-points. Attributes include network addresses for each layer of the 189 network protocol stack, and 'subscriber ids,' which may be used to 190 identify an accountable entity for the flow. 192 The conformance statements are set out as defined in [4]. They explain 193 what must be implemented in a meter which claims to conform to this MIB. 195 To retrieve flow data one could simply do a linear scan of the flow 196 table. This would certainly work, but would require a lot of protocol 197 exchanges. To reduce the overhead in retrieving flow data the flow 198 table uses a TimeFilter variable, defined as a Textual Convention in the 199 RMON2 MIB [10]. 201 As an alternative method of reading flow data, the MIB provides a view 202 of the flow table called the flowDataPackageTable. This is (logically) 203 a four-dimensional array, subscripted by package selector, ruleset, 204 activity time and starting flow number. The package selector is a 205 sequence of bytes which specifies a list of flow attributes. 207 A data package (as returned by the meter) is a sequence of values for 208 the attributes specified in its selector, encoded using the Basic 209 Encoding Rules [7]. It allows a meter reader to retrieve all the 210 attribute values it requires in a single MIB object. This, when used 211 together with SNMPv2's GetBulk request, allows a meter reader to scan 212 the flow table and upload a specified set of attribute values for flows 213 which have changed since the last reading, and which were created by a 214 specified rule set. 216 One aspect of data collection which needs emphasis is that all the MIB 217 variables are set up to allow multiple independent meter readers to work 218 properly, i.e. the flow table indexes are stateless. An alternative 219 approach would have been to 'snapshot' the flow table, which would mean 220 that the meter readers would have to be synchronized. The stateless 221 approach does mean that two meter readers will never return exactly the 222 same set of traffic counts, but over long periods (e.g. 15-minute 223 collections over a day) the discrepancies are acceptable. If one really 224 needs a snapshot, this can be achieved by switching to an identical rule 225 set with a different RuleSet number, hence asynchronous collections may 226 be regarded as a useful generalisation of synchronised ones. 228 The control variables are the minimum set required for a meter reader. 229 Their number has been whittled down as experience has been gained with 230 the MIB implementation. A few of them are 'general,' i.e. they control 231 the overall behaviour of the meter. These are set by a single 'master' 232 manager, and no other manager should attempt to change their values. 233 The decision as to which manager is the 'master' must be made by the 234 network operations personnel responsible; this MIB does not attempt to 235 define any interaction between managers. 237 There are three other groups of control variables, arranged into tables 238 in the same way as in the RMON2 MIB [10]. They are used as follows: 240 - RULE SET INFO: Before attempting to download a RuleSet, a manager 241 must create a row in the flowRuleSetInfoTable and set its 242 flowRuleInfoSize to a value large enough to hold the RuleSet. When 243 the rule set is ready the manager must set flowRuleInfoRulesReady 244 to 'true,' indicating that the rule set is ready for use (but not 245 yet 'running'). 247 - METER READER INFO: Any meter reader wishing to collect data 248 reliably for all flows from a RuleSet should first create a row in 249 the flowReaderInfoTable with flowReaderRuleSet set to that 250 RuleSet's index in the flowRuleSetInfoTable. It should write that 251 row's flowReaderLastTime object each time it starts a collection 252 pass through the flow table. The meter will not recover a flow's 253 memory until every meter reader holding a row for that flow's 254 RuleSet has collected the flow's data. 256 - MANAGER INFO: Any manager wishing to run a RuleSet in the meter 257 must create a row in the flowManagerInfo table, specifying the 258 desired RuleSet to run and its corresponding 'standby' Ruleset (if 259 one is desired). A current RuleSet is 'running' if its 260 flowManagerRunningStandby value is false(2), similarly a standby 261 RuleSet is 'running' if flowManagerRunningStandby is true(1). 263 5 Changes Introduced Since RFC 2064 265 The first version of the Meter MIB was published as RFC 2064 in January 266 1997. The most significant changes since then are summarised below. 268 - TEXTUAL CONVENTIONS: Greater use is made of textual conventions to 269 describe the various types of addresses used by the meter. 271 - PACKET MATCHING ATTRIBUTES: Computed attributes (e.g. FlowClass 272 and FlowKind) may now be tested. This allows one to use these 273 variables to store information during packet matching. 275 A new attribute, MatchingStoD, has been added. Its value is 1 276 while a packet is being matched with its adresses in 'wire' 277 (source-to-destination) order. 279 - FLOOD MODE: This is now a read-write variable. Setting it to 280 false(2) switches the meter out of flood mode and back to normal 281 operation. 283 - CONTROL TABLES: Several variables have been added to the RuleSet, 284 Reader and Manager tables to provide more effective control of the 285 meter's activities. 287 - FLOW TABLE: 64-bit counters are used for octet and PDU counts. 288 This reduces the problems caused by the wrap-around of 32-bit 289 counters in earlier versions. 291 flowDataRuleSet is now used as an index to the flow table. This 292 allows a meter reader to collect only those flow table rows created 293 by a specified RuleSet. 295 - DATA PACKAGES: This is a new table, allowing a meter reader to 296 retrieve values for a list of attributes from a flow as a single 297 object. When used with SNMP GetBulk requests it provides an 298 efficient way to recover flow data. 300 Earlier versions had a 'Column Activity Table;' using this it was 301 difficult to collect all data for a flow efficiently in a single 302 SNMP request. 304 6 Definitions 306 FLOW-METER-MIB DEFINITIONS ::= BEGIN 308 IMPORTS 309 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 310 FROM SNMPv2-SMI 311 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 312 FROM SNMPv2-TC 313 OBJECT-GROUP, MODULE-COMPLIANCE 314 FROM SNMPv2-CONF 315 mib-2, ifIndex 316 FROM RFC1213-MIB 317 OwnerString 318 FROM RMON-MIB 320 TimeFilter 321 FROM RMON2-MIB; 323 flowMIB MODULE-IDENTITY 324 LAST-UPDATED "9707071715Z" 325 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 326 CONTACT-INFO 327 "Nevil Brownlee, The University of Auckland 329 Postal: Information Technology Sytems & Services 330 The University of Auckland 331 Private Bag 92-019 332 Auckland, New Zealand 334 Phone: +64 9 373 7599 x8941 335 E-mail: n.brownlee@auckland.ac.nz" 336 DESCRIPTION 337 "MIB for the RTFM Traffic Flow Meter." 339 REVISION "9707071715Z" 340 DESCRIPTION 341 "Significant changes since RFC 2064 include: 342 - flowDataPackageTable added 343 - flowColumnActivityTable deprecated 344 - flowManagerCounterWrap deprecated" 346 REVISION "9603080208Z" 347 DESCRIPTION 348 "Initial version of this MIB (RFC 2064)" 349 ::= { mib-2 40 } 351 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 353 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 355 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 357 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 359 -- Textual Conventions 361 MediumType ::= TEXTUAL-CONVENTION 362 STATUS current 363 DESCRIPTION 364 "Specifies the type of a MediumAddress (see below). The 365 values used for IEEE 802 media are from the 'Network 366 Management Parameters (ifType definitions)' section of the 367 Assigned Numbers RFC [11]." 368 SYNTAX INTEGER { 369 ethernet(7), 370 tokenring(9), 371 fddi(15) } 373 MediumAddress ::= TEXTUAL-CONVENTION 374 STATUS current 375 DESCRIPTION 376 "Specifies the value of a Medium Access Control (MAC) address. 377 Address format depends on the actual Medium, as follows: 379 Ethernet: ethernet(7) 380 6-octet 802.3 MAC address in 'canonical' order 382 Token Ring: tokenring(9) 383 6-octet 802.5 MAC address in 'canonical' order 385 FDDI: fddi(15) 386 FddiMACLongAddress, i.e. a 6-octet MAC address 387 in 'canonical' order (defined in the FDDI MIB [12]) 388 " 389 SYNTAX OCTET STRING (SIZE (6..20)) 391 PeerType ::= TEXTUAL-CONVENTION 392 STATUS current 393 DESCRIPTION 394 "Indicates the type of a PeerAddress (see below). The values 395 used are from the 'Address Family Numbers' section of the 396 Assigned Numbers RFC [11]." 397 SYNTAX INTEGER { 398 ipv4(1), 399 ipv6(2), 400 nsap(3), 401 ipx(11), 402 appletalk(12), 403 decnet(13) } 405 PeerAddress ::= TEXTUAL-CONVENTION 406 STATUS current 407 DESCRIPTION 408 "Specifies the value of a peer address for various network 409 protocols. Address format depends on the actual protocol, 410 as indicated below: 412 IPv4: ipv4(1) 413 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 415 IPv6: ipv6(2) 416 16-octet IpAddress (defined in the 417 IPv6 Addressing RFC [13]) 419 CLNS: nsap(3) 420 NsapAddress (defined in the SNMPv2 SMI [2]) 422 Novell: ipx(11) 423 4-octet Network number, 424 6-octet Host number (MAC address) 426 AppleTalk: appletalk(12) 427 2-octet Network number (sixteen bits), 428 1-octet Host number (eight bits) 430 DECnet: decnet(13) 431 1-octet Area number (in low-order six bits), 432 2-octet Host number (in low-order ten bits) 433 " 434 SYNTAX OCTET STRING (SIZE (3..20)) 436 AdjacentType ::= TEXTUAL-CONVENTION 437 STATUS current 438 DESCRIPTION 439 "Indicates the type of an adjacent address. 440 Is a superset of MediumType and PeerType." 441 SYNTAX INTEGER { 442 ip(1), 443 nsap(3), 444 ethernet(7), 445 tokenring(9), 446 ipx(11), 447 appletalk(12), 448 decnet(13), 449 fddi(15) } 451 AdjacentAddress ::= TEXTUAL-CONVENTION 452 STATUS current 453 DESCRIPTION 454 "Specifies the value of an adjacent address. 455 Is a superset of MediumAddress and PeerAddress." 456 SYNTAX OCTET STRING (SIZE (3..20)) 458 TransportType ::= TEXTUAL-CONVENTION 459 STATUS current 460 DESCRIPTION 461 "Indicates the type of a TransportAddress (see below). Values 462 will depend on the actual protocol; for IP they will be those 463 given in the 'Protocol Numbers' section of the Assigned Numbers 464 RFC [11], including icmp(1), tcp(6) and udp(17)." 465 SYNTAX Integer32 (1..255) 467 TransportAddress ::= TEXTUAL-CONVENTION 468 STATUS current 469 DESCRIPTION 470 "Specifies the value of a transport address for various 471 network protocols. Format as follows: 473 IP: 474 2-octet UDP or TCP port number 476 Other protocols: 477 2-octet port number 478 " 479 SYNTAX OCTET STRING (SIZE (2)) 481 RuleAddress ::= TEXTUAL-CONVENTION 482 STATUS current 483 DESCRIPTION 484 "Specifies the value of an address. Is a superset of 485 MediumAddress, PeerAddress and TransportAddress." 486 SYNTAX OCTET STRING (SIZE (2..20)) 488 FlowAttributeNumber ::= TEXTUAL-CONVENTION 489 STATUS current 490 DESCRIPTION 491 "Uniquely identifies an attribute within a flow data record." 492 SYNTAX INTEGER { 493 flowIndex(1), 494 flowStatus(2), 495 flowTimeMark(3), 497 sourceInterface(4), 498 sourceAdjacentType(5), 499 sourceAdjacentAddress(6), 500 sourceAdjacentMask(7), 501 sourcePeerType(8), 502 sourcePeerAddress(9), 503 sourcePeerMask(10), 504 sourceTransType(11), 505 sourceTransAddress(12), 506 sourceTransMask(13), 508 destInterface(14), 509 destAdjacentType(15), 510 destAdjacentAddress(16), 511 destAdjacentMask(17), 512 destPeerType(18), 513 destPeerAddress(19), 514 destPeerMask(20), 515 destTransType(21), 516 destTransAddress(22), 517 destTransMask(23), 519 pduScale(24), 520 octetScale(25), 521 ruleSet(26), 522 toOctets(27), -- Source-to-Dest 523 toPDUs(28), 524 fromOctets(29), -- Dest-to-Source 525 fromPDUs(30), 526 firstTime(31), -- Activity times 527 lastActiveTime(32), 529 sourceSubscriberID(33), -- Subscriber ID 530 destSubscriberID(34), 531 sessionID(35), 533 sourceClass(36), -- Computed attributes 534 destClass(37), 535 flowClass(38), 536 sourceKind(39), 537 destKind(40), 538 flowKind(41) } 540 RuleAttributeNumber ::= TEXTUAL-CONVENTION 541 STATUS current 542 DESCRIPTION 543 "Uniquely identifies an attribute which may be tested in 544 a rule. These include attributes whose values come directly 545 from (or are computed from) the flow's packets, and the five 546 'meter' variables used to hold an Attribute Number." 547 SYNTAX INTEGER { 548 null(0), 549 sourceInterface(4), -- Source Address 550 sourceAdjacentType(5), 551 sourceAdjacentAddress(6), 552 sourcePeerType(8), 553 sourcePeerAddress(9), 554 sourceTransType(11), 555 sourceTransAddress(12), 557 destInterface(14), -- Dest Address 558 destAdjacentType(15), 559 destAdjacentAddress(16), 560 destPeerType(18), 561 destPeerAddress(19), 562 destTransType(21), 563 destTransAddress(22), 565 sourceSubscriberID(33), -- Subscriber ID 566 destSubscriberID(34), 567 sessionID(35), 569 sourceClass(36), -- Computed attributes 570 destClass(37), 571 flowClass(38), 572 sourceKind(39), 573 destKind(40), 574 flowKind(41), 576 matchingStoD(50), -- Packet matching 578 v1(51), -- Meter variables 579 v2(52), 580 v3(53), 581 v4(54), 582 v5(55) } 584 ActionNumber ::= TEXTUAL-CONVENTION 585 STATUS current 586 DESCRIPTION 587 "Uniquely identifies the action of a rule, i.e. the Pattern 588 Matching Engine's opcode number. Details of the opcodes 589 are given in the 'Traffic Flow Measurement: Architecture' 590 document [9]." 591 SYNTAX INTEGER { 592 ignore(1), 593 noMatch(2), 594 count(3), 595 countPkt(4), 596 return(5), 597 gosub(6), 598 gosubAct(7), 599 assign(8), 600 assignAct(9), 601 goto(10), 602 gotoAct(11), 603 pushRuleTo(12), 604 pushRuleToAct(13), 605 pushPktTo(14), 606 pushPktToAct(15) } 608 -- 609 -- Control Group: Rule Set Info Table 610 -- 612 flowRuleSetInfoTable OBJECT-TYPE 613 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 614 MAX-ACCESS not-accessible 615 STATUS current 616 DESCRIPTION 617 "An array of information about the rule sets held in the 618 meter. 620 Any manager may configure a new rule set for the meter by 621 creating a row in this table with status active(1), and setting 622 values for all the objects in its rules. At this stage the new 623 rule set is available but not 'running,' i.e. it is not being 624 used by the meter to produce entries in the flow table. 626 To actually 'run' a rule set a manager must create a row in 627 the flowManagerInfoTable, set it's flowManagerStatus to 628 active(1), and set either its CurrentRuleSet or StandbyRuleSet 629 to point to the rule set to be run. 631 Once a rule set is running a manager may not change any of the 632 objects within the rule set itself. 634 Any manager may stop a rule set running by removing all 635 references to it in the flowManagerInfoTable (i.e. by setting 636 CurrentRuleSet and StandbyRuleSet values to 0). This provides a 637 way to stop rule sets left running if a manager fails." 638 ::= { flowControl 1 } 640 flowRuleSetInfoEntry OBJECT-TYPE 641 SYNTAX FlowRuleSetInfoEntry 642 MAX-ACCESS not-accessible 643 STATUS current 644 DESCRIPTION 645 "Information about a particular rule set." 646 INDEX { flowRuleInfoIndex } 647 ::= { flowRuleSetInfoTable 1 } 649 FlowRuleSetInfoEntry ::= SEQUENCE { 650 flowRuleInfoIndex Integer32, 651 flowRuleInfoSize Integer32, 652 flowRuleInfoOwner OwnerString, 653 flowRuleInfoTimeStamp TimeStamp, 654 flowRuleInfoStatus RowStatus, 655 flowRuleInfoName OCTET STRING, 656 flowRuleInfoRulesReady TruthValue, 657 flowRuleInfoFlowRecords Integer32 658 } 660 flowRuleInfoIndex OBJECT-TYPE 661 SYNTAX Integer32 (1..2147483647) 662 MAX-ACCESS not-accessible 663 STATUS current 664 DESCRIPTION 665 "An index which selects an entry in the flowRuleSetInfoTable. 666 Each such entry contains control information for a particular 667 rule set which the meter may run." 668 ::= { flowRuleSetInfoEntry 1 } 670 flowRuleInfoSize OBJECT-TYPE 671 SYNTAX Integer32 672 MAX-ACCESS read-create 673 STATUS current 674 DESCRIPTION 675 "Number of rules in this rule set. Setting this variable will 676 cause the meter to allocate space for these rules." 677 ::= { flowRuleSetInfoEntry 2 } 679 flowRuleInfoOwner OBJECT-TYPE 680 SYNTAX OwnerString 681 MAX-ACCESS read-create 682 STATUS current 683 DESCRIPTION 684 "Identifies the manager which 'owns' this rule set. A manager 685 must set this variable when creating a row in this table." 686 ::= { flowRuleSetInfoEntry 3 } 688 flowRuleInfoTimeStamp OBJECT-TYPE 689 SYNTAX TimeStamp 690 MAX-ACCESS read-only 691 STATUS current 692 DESCRIPTION 693 "Time this row's associated rule set was last changed." 694 ::= { flowRuleSetInfoEntry 4 } 696 flowRuleInfoStatus OBJECT-TYPE 697 SYNTAX RowStatus 698 MAX-ACCESS read-create 699 STATUS current 700 DESCRIPTION 701 "The status of this flowRuleSetInfoEntry. If this value is 702 not active(1) the meter must not attempt to use the row's 703 associated rule set. Once its value has been set to active(1) 704 a manager may not change any of the other variables in the 705 row, nor the contents of the associated rule set. 707 To download a rule set, a manger could: 708 - Locate an open slot in the RuleSetInfoTable. 709 - Create a RuleSetInfoEntry by setting the status for this 710 open slot to createAndWait(5). 711 - Set flowRuleInfoSize and flowRuleInfoName as required. 712 - Download the rules into the row's rule table. 713 - Set flowRuleInfoStatus to active(1). 715 The rule set would then be ready to run. The manager is not 716 allowed to change the value of flowRuleInfoStatus from 717 active(1) if the associated RuleSet is being referenced by any 718 of the entries in the flowManagerInfoTable. 720 Setting RuleInfoStatus to destroy(6) destroys the associated 721 rule set together with any flow data collected by it." 722 ::= { flowRuleSetInfoEntry 5 } 724 flowRuleInfoName OBJECT-TYPE 725 SYNTAX OCTET STRING 726 MAX-ACCESS read-create 727 STATUS current 728 DESCRIPTION 729 "An alphanumeric identifier used by managers and readers to 730 identify a rule set. For example, a manager wishing to run a 731 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 732 to see whether the WWW-FLOWS rule set is already available on 733 the meter. 735 Note that references to rule sets in the flowManagerInfoTable 736 use indexes for their flowRuleSetInfoTable entries. These may 737 be different each time the rule set is loaded into a meter." 738 ::= { flowRuleSetInfoEntry 6 } 740 flowRuleInfoRulesReady OBJECT-TYPE 741 SYNTAX TruthValue 742 MAX-ACCESS read-create 743 STATUS current 744 DESCRIPTION 745 "Indicates whether the rules for this row's associated rule set 746 are ready for use. The meter will refuse to 'run' the rule set 747 unless this variable has been set to true(1). 748 While RulesReady is false(2), the manager may modify the rule 749 set, for example by downloading rules into it." 750 ::= { flowRuleSetInfoEntry 7 } 752 flowRuleInfoFlowRecords OBJECT-TYPE 753 SYNTAX Integer32 754 MAX-ACCESS read-only 755 STATUS current 756 DESCRIPTION 757 "The number of entries in the flow table for this rule set. 758 These may be current (waiting for collection by one or more 759 meter readers) or idle (waiting for the meter to recover 760 their memory)." 761 ::= { flowRuleSetInfoEntry 8 } 763 -- 764 -- Control Group: Interface Info Table 765 -- 767 flowInterfaceTable OBJECT-TYPE 768 SYNTAX SEQUENCE OF FlowInterfaceEntry 769 MAX-ACCESS not-accessible 770 STATUS current 771 DESCRIPTION 772 "An array of information specific to each meter interface." 773 ::= { flowControl 2 } 775 flowInterfaceEntry OBJECT-TYPE 776 SYNTAX FlowInterfaceEntry 777 MAX-ACCESS not-accessible 778 STATUS current 779 DESCRIPTION 780 "Information about a particular interface." 781 INDEX { ifIndex } 782 ::= { flowInterfaceTable 1 } 784 FlowInterfaceEntry ::= SEQUENCE { 785 flowInterfaceSampleRate Integer32, 786 flowInterfaceLostPackets Counter32 787 } 789 flowInterfaceSampleRate OBJECT-TYPE 790 SYNTAX Integer32 791 MAX-ACCESS read-write 792 STATUS current 793 DESCRIPTION 794 "The parameter N for statistical counting on this interface. 795 Set to N to count 1/Nth of the packets appearing at this 796 interface. A meter should choose its own algorithm to 797 introduce variance into the sampling so that exactly every Nth 798 packet is not counted. A sampling rate of 1 counts all 799 packets. A sampling rate of 0 results in the interface 800 being ignored by the meter." 801 DEFVAL { 1 } 802 ::= { flowInterfaceEntry 1 } 804 flowInterfaceLostPackets OBJECT-TYPE 805 SYNTAX Counter32 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "The number of packets the meter has lost for this interface. 810 Such losses may occur because the meter has been unable to 811 keep up with the traffic volume." 812 ::= { flowInterfaceEntry 2 } 814 -- 815 -- Control Group: Meter Reader Info Table 816 -- 818 -- Any meter reader wishing to collect data reliably for flows 819 -- should first create a row in this table. It should write that 820 -- row's flowReaderLastTime object each time it starts a collection 821 -- pass through the flow table. 823 -- If a meter reader (MR) does not create a row in this table, e.g. 824 -- because it failed authentication in the meter's SNMP write 825 -- community, collection can still proceed but the meter will not be 826 -- aware of meter reader MR. This could lead the meter to recover 827 -- flows before they have been collected by MR. 829 flowReaderInfoTable OBJECT-TYPE 830 SYNTAX SEQUENCE OF FlowReaderInfoEntry 831 MAX-ACCESS not-accessible 832 STATUS current 833 DESCRIPTION 834 "An array of information about meter readers which have 835 registered their intent to collect flow data from this meter." 836 ::= { flowControl 3 } 838 flowReaderInfoEntry OBJECT-TYPE 839 SYNTAX FlowReaderInfoEntry 840 MAX-ACCESS not-accessible 841 STATUS current 842 DESCRIPTION 843 "Information about a particular meter reader." 844 INDEX { flowReaderIndex } 845 ::= { flowReaderInfoTable 1 } 847 FlowReaderInfoEntry ::= SEQUENCE { 848 flowReaderIndex Integer32, 849 flowReaderTimeout Integer32, 850 flowReaderOwner OwnerString, 851 flowReaderLastTime TimeStamp, 852 flowReaderPreviousTime TimeStamp, 853 flowReaderStatus RowStatus, 854 flowReaderRuleSet Integer32 855 } 857 flowReaderIndex OBJECT-TYPE 858 SYNTAX Integer32 (1..2147483647) 859 MAX-ACCESS not-accessible 860 STATUS current 861 DESCRIPTION 862 "An index which selects an entry in the flowReaderInfoTable." 863 ::= { flowReaderInfoEntry 1 } 865 flowReaderTimeout OBJECT-TYPE 866 SYNTAX Integer32 867 MAX-ACCESS read-create 868 STATUS current 869 DESCRIPTION 870 "Specifies the maximum time (in seconds) between flow data 871 collections for this meter reader. If this time elapses 872 without a collection, the meter should assume that this meter 873 reader has stopped collecting, and delete this row from the 874 table. A value of zero indicates that this row should not be 875 timed out." 876 ::= { flowReaderInfoEntry 2 } 878 flowReaderOwner OBJECT-TYPE 879 SYNTAX OwnerString 880 MAX-ACCESS read-create 881 STATUS current 882 DESCRIPTION 883 "Identifies the meter reader which created this row." 884 ::= { flowReaderInfoEntry 3 } 886 flowReaderLastTime OBJECT-TYPE 887 SYNTAX TimeStamp 888 MAX-ACCESS read-create 889 STATUS current 890 DESCRIPTION 891 "Time this meter reader began its most recent data collection. 893 This variable should be written by a meter reader as its first 894 step in reading flow data. The meter will set this LastTime 895 value to sysUptime and set its PreviousTime value (below) to 896 the old LastTime. This allows the meter to recover flows 897 which have been inactive since PreviousTime, for these have 898 been collected at least once. 900 If the meter reader fails to write flowLastReadTime, collection 901 may still proceed but the meter may not be able to recover 902 inactive flows until the flowReaderTimeout has been reached 903 for this entry." 904 ::= { flowReaderInfoEntry 4 } 906 flowReaderPreviousTime OBJECT-TYPE 907 SYNTAX TimeStamp 908 MAX-ACCESS read-only 909 STATUS current 910 DESCRIPTION 911 "Time this meter reader began the collection before last." 912 ::= { flowReaderInfoEntry 5 } 914 flowReaderStatus OBJECT-TYPE 915 SYNTAX RowStatus 916 MAX-ACCESS read-create 917 STATUS current 918 DESCRIPTION 919 "The status of this FlowReaderInfoEntry. A value of active(1) 920 implies that the associated reader should be collecting data 921 from the meter. Once this variable has been set to active(1) 922 a manager may only change this row's flowReaderLastTime and 923 flowReaderTimeout variables." 924 ::= { flowReaderInfoEntry 6 } 926 flowReaderRuleSet OBJECT-TYPE 927 SYNTAX Integer32 (1..2147483647) 928 MAX-ACCESS read-create 929 STATUS current 930 DESCRIPTION 931 "An index to the array of rule sets. Specifies a set of rules 932 of interest to this meter reader. The reader will attempt to 933 collect any data generated by the meter for this rule set, and 934 the meter will not recover the memory of any of the rule set's 935 flows until this collection has taken place. Note that a 936 reader may have entries in this table for several rule sets." 937 ::= { flowReaderInfoEntry 7 } 939 -- 940 -- Control Group: Manager Info Table 941 -- 943 -- Any manager wishing to run a rule set must create a row in this 944 -- table. Once it has a table row, the manager may set the control 945 -- variables in its row so as to cause the meter to run any valid 946 -- rule set held by the meter. 948 -- A single manager may run several rule sets; it must create a row 949 -- in this table for each of them. In short, each row of this table 950 -- describes (and controls) a 'task' which the meter is executing. 952 flowManagerInfoTable OBJECT-TYPE 953 SYNTAX SEQUENCE OF FlowManagerInfoEntry 954 MAX-ACCESS not-accessible 955 STATUS current 956 DESCRIPTION 957 "An array of information about managers which have 958 registered their intent to run rule sets on this meter." 959 ::= { flowControl 4 } 961 flowManagerInfoEntry OBJECT-TYPE 962 SYNTAX FlowManagerInfoEntry 963 MAX-ACCESS not-accessible 964 STATUS current 965 DESCRIPTION 966 "Information about a particular meter 'task.' By creating 967 an entry in this table and activating it, a manager requests 968 that the meter 'run' the indicated rule set. 970 The entry also specifies a HighWaterMark and a StandbyRuleSet. 971 If the meter's flow table usage exceeds this task's 972 HighWaterMark the meter will stop running the task's 973 CurrentRuleSet and switch to its StandbyRuleSet. 975 If the value of the task's StandbyRuleSet is 0 when its 976 HighWaterMark is exceeded, the meter simply stops running the 977 task's CurrentRuleSet. By careful selection of HighWaterMarks 978 for the various tasks a manager can ensure that the most 979 critical rule sets are the last to stop running as the number 980 of flows increases. 982 When a manager has determined that the demand for flow table 983 space has abated, it may cause the task to switch back to its 984 CurrentRuleSet by setting its flowManagerRunningStandby 985 variable to false(2)." 986 INDEX { flowManagerIndex } 987 ::= { flowManagerInfoTable 1 } 989 FlowManagerInfoEntry ::= SEQUENCE { 990 flowManagerIndex Integer32, 991 flowManagerCurrentRuleSet Integer32, 992 flowManagerStandbyRuleSet Integer32, 993 flowManagerHighWaterMark Integer32, 994 flowManagerCounterWrap INTEGER, 995 flowManagerOwner OwnerString, 996 flowManagerTimeStamp TimeStamp, 997 flowManagerStatus RowStatus, 998 flowManagerRunningStandby TruthValue 999 } 1001 flowManagerIndex OBJECT-TYPE 1002 SYNTAX Integer32 (1..2147483647) 1003 MAX-ACCESS not-accessible 1004 STATUS current 1005 DESCRIPTION 1006 "An index which selects an entry in the flowManagerInfoTable." 1007 ::= { flowManagerInfoEntry 1 } 1009 flowManagerCurrentRuleSet OBJECT-TYPE 1010 SYNTAX Integer32 1011 MAX-ACCESS read-create 1012 STATUS current 1013 DESCRIPTION 1014 "Index to the array of rule sets. Specifies which set of 1015 rules is the 'current' one for this task. The meter will 1016 be 'running' the current ruleset if this row's 1017 flowManagerRunningStandby value is false(2). 1019 When the manager sets this variable the meter will stop using 1020 the task's old current rule set and start using the new one. 1021 Specifying rule set 0 (the empty set) stops flow measurement 1022 for this task." 1023 ::= { flowManagerInfoEntry 2 } 1025 flowManagerStandbyRuleSet OBJECT-TYPE 1026 SYNTAX Integer32 1027 MAX-ACCESS read-create 1028 STATUS current 1029 DESCRIPTION 1030 "Index to the array of rule sets. After reaching HighWaterMark 1031 (see below) the manager will switch to using the task's 1032 StandbyRuleSet in place of its CurrentRuleSet. For this to be 1033 effective the designated StandbyRuleSet should have a coarser 1034 reporting granularity then the CurrentRuleSet. The manager may 1035 also need to decrease the meter reading interval so that the 1036 meter can recover flows measured by this task's CurrentRuleSet." 1037 DEFVAL { 0 } -- No standby 1038 ::= { flowManagerInfoEntry 3 } 1040 flowManagerHighWaterMark OBJECT-TYPE 1041 SYNTAX Integer32 (0..100) 1042 MAX-ACCESS read-create 1043 STATUS current 1044 DESCRIPTION 1045 "A value expressed as a percentage, interpreted by the meter 1046 as an indication of how full the flow table should be before 1047 it should switch to the standby rule set (if one has been 1048 specified) for this task. Values of 0% or 100% disable the 1049 checking represented by this variable." 1050 ::= { flowManagerInfoEntry 4 } 1052 flowManagerCounterWrap OBJECT-TYPE 1053 SYNTAX INTEGER { wrap(1), scale(2) } 1054 MAX-ACCESS read-create 1055 STATUS deprecated 1056 DESCRIPTION 1057 "Specifies whether PDU and octet counters should wrap when 1058 they reach the top of their range (normal behaviour for 1059 Counter64 objects), or whether their scale factors should 1060 be used instead. The combination of counter and scale 1061 factor allows counts to be returned as binary floating 1062 point numbers, with 64-bit mantissas and 8-bit exponents." 1063 DEFVAL { wrap } 1064 ::= { flowManagerInfoEntry 5 } 1066 flowManagerOwner OBJECT-TYPE 1067 SYNTAX OwnerString 1068 MAX-ACCESS read-create 1069 STATUS current 1070 DESCRIPTION 1071 "Identifies the manager which created this row." 1072 ::= { flowManagerInfoEntry 6 } 1074 flowManagerTimeStamp OBJECT-TYPE 1075 SYNTAX TimeStamp 1076 MAX-ACCESS read-only 1077 STATUS current 1078 DESCRIPTION 1079 "Time this row was last changed by its manager." 1080 ::= { flowManagerInfoEntry 7 } 1082 flowManagerStatus OBJECT-TYPE 1083 SYNTAX RowStatus 1084 MAX-ACCESS read-create 1085 STATUS current 1086 DESCRIPTION 1087 "The status of this row in the flowManagerInfoTable. A value 1088 of active(1) implies that this task may be activated, by 1089 setting its CurrentRuleSet and StandbyRuleSet variables. 1090 Its HighWaterMark and RunningStandby variables may also be 1091 changed." 1092 ::= { flowManagerInfoEntry 8 } 1094 flowManagerRunningStandby OBJECT-TYPE 1095 SYNTAX TruthValue 1096 MAX-ACCESS read-create 1097 STATUS current 1098 DESCRIPTION 1099 "Set to true(1) by the meter to indicate that it has switched 1100 to runnning this task's StandbyRuleSet in place of its 1101 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1102 manager may simply set this variable to false(2)." 1103 DEFVAL { false } 1104 ::= { flowManagerInfoEntry 9 } 1106 -- 1107 -- Control Group: General Meter Control Variables 1108 -- 1110 flowFloodMark OBJECT-TYPE 1111 SYNTAX Integer32 (0..100) 1112 MAX-ACCESS read-write 1113 STATUS current 1114 DESCRIPTION 1115 "A value expressed as a percentage, interpreted by the meter 1116 as an indication of how full the flow table should be before 1117 it should take some action to avoid running out of resources 1118 to handle new flows. Values of 0% or 100% disable the 1119 checking represented by this variable." 1120 DEFVAL { 95 } -- Enabled by default. 1121 ::= { flowControl 5 } 1123 flowInactivityTimeout OBJECT-TYPE 1124 SYNTAX Integer32 1125 MAX-ACCESS read-write 1126 STATUS current 1127 DESCRIPTION 1128 "The time in seconds since the last packet seen, after which 1129 a flow becomes 'idle.' Note that although a flow may be 1130 idle, it will not be discarded (and its memory recovered) 1131 until after its data has been collected by all the meter 1132 readers registered for its RuleSet." 1133 DEFVAL { 600 } -- 10 minutes 1134 ::= { flowControl 6 } 1136 flowActiveFlows OBJECT-TYPE 1137 SYNTAX Integer32 1138 MAX-ACCESS read-only 1139 STATUS current 1140 DESCRIPTION 1141 "The numbers of flows which are currently in use." 1142 ::= { flowControl 7 } 1144 flowMaxFlows OBJECT-TYPE 1145 SYNTAX Integer32 1146 MAX-ACCESS read-only 1147 STATUS current 1148 DESCRIPTION 1149 "The maximum number of flows allowed in the meter's 1150 flow table. At present this is determined when the meter 1151 is first started up." 1152 ::= { flowControl 8 } 1154 flowFloodMode OBJECT-TYPE 1155 SYNTAX TruthValue 1156 MAX-ACCESS read-write 1157 STATUS current 1158 DESCRIPTION 1159 "Indicates that the meter has passed its FloodMark and is 1160 not running in its normal mode. When a manager notices this 1161 it should take action to remedy the problem which caused the 1162 flooding. Once the flood has receded, the manager may set 1163 this variable to false(2) to resume normal operaation." 1164 ::= { flowControl 9 } 1166 -- 1167 -- The Flow Table 1168 -- 1170 -- This is a table kept by a meter, with one flow data entry for every 1171 -- flow being measured. Each flow data entry stores the attribute 1172 -- values for a traffic flow. Details of flows and their attributes 1173 -- are given in the 'Traffic Flow Measurement: Architecture' 1174 -- document [9]. 1176 -- From time to time a meter reader may sweep the flow table so as 1177 -- to read counts. This is most effectively achieved by using the 1178 -- TimeMark variable together with successive GetBulk requests to 1179 -- retrieve the values of the desired flow attribute variables. 1181 -- This scheme allows multiple meter readers to independently use the 1182 -- same meter; the meter readers do not have to be synchronised and 1183 -- they may use different collection intervals. 1185 flowDataTable OBJECT-TYPE 1186 SYNTAX SEQUENCE OF FlowDataEntry 1187 MAX-ACCESS not-accessible 1188 STATUS current 1189 DESCRIPTION 1190 "The list of all flows being measured." 1191 ::= { flowData 1 } 1193 flowDataEntry OBJECT-TYPE 1194 SYNTAX FlowDataEntry 1195 MAX-ACCESS not-accessible 1196 STATUS current 1197 DESCRIPTION 1198 "The flow data record for a particular flow." 1199 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1200 ::= { flowDataTable 1 } 1202 FlowDataEntry ::= SEQUENCE { 1203 flowDataIndex Integer32, 1204 flowDataTimeMark TimeFilter, 1205 flowDataStatus INTEGER, 1207 flowDataSourceInterface Integer32, 1208 flowDataSourceAdjacentType AdjacentType, 1209 flowDataSourceAdjacentAddress AdjacentAddress, 1210 flowDataSourceAdjacentMask AdjacentAddress, 1211 flowDataSourcePeerType PeerType, 1212 flowDataSourcePeerAddress PeerAddress, 1213 flowDataSourcePeerMask PeerAddress, 1214 flowDataSourceTransType TransportType, 1215 flowDataSourceTransAddress TransportAddress, 1216 flowDataSourceTransMask TransportAddress, 1218 flowDataDestInterface Integer32, 1219 flowDataDestAdjacentType AdjacentType, 1220 flowDataDestAdjacentAddress AdjacentAddress, 1221 flowDataDestAdjacentMask AdjacentAddress, 1222 flowDataDestPeerType PeerType, 1223 flowDataDestPeerAddress PeerAddress, 1224 flowDataDestPeerMask PeerAddress, 1225 flowDataDestTransType TransportType, 1226 flowDataDestTransAddress TransportAddress, 1227 flowDataDestTransMask TransportAddress, 1229 flowDataPDUScale Integer32, 1230 flowDataOctetScale Integer32, 1232 flowDataRuleSet Integer32, 1233 flowDataToOctets Counter64, -- Source->Dest 1234 flowDataToPDUs Counter64, 1235 flowDataFromOctets Counter64, -- Dest->Source 1236 flowDataFromPDUs Counter64, 1237 flowDataFirstTime TimeStamp, -- Activity times 1238 flowDataLastActiveTime TimeStamp, 1240 flowDataSourceSubscriberID OCTET STRING, 1241 flowDataDestSubscriberID OCTET STRING, 1242 flowDataSessionID OCTET STRING, 1244 flowDataSourceClass Integer32, 1245 flowDataDestClass Integer32, 1246 flowDataClass Integer32, 1247 flowDataSourceKind Integer32, 1248 flowDataDestKind Integer32, 1249 flowDataKind Integer32 1250 } 1252 flowDataIndex OBJECT-TYPE 1253 SYNTAX Integer32 (1..2147483647) 1254 MAX-ACCESS not-accessible 1255 STATUS current 1256 DESCRIPTION 1257 "Value of this flow data record's index within the meter's 1258 flow table." 1259 ::= { flowDataEntry 1 } 1261 flowDataTimeMark OBJECT-TYPE 1262 SYNTAX TimeFilter 1263 MAX-ACCESS not-accessible 1264 STATUS current 1265 DESCRIPTION 1266 "A TimeFilter for this entry. Allows GetNext and GetBulk 1267 to find flow table rows which have changed since a specified 1268 value of sysUptime." 1269 ::= { flowDataEntry 2 } 1271 flowDataStatus OBJECT-TYPE 1272 SYNTAX INTEGER { inactive(1), current(2) } 1273 MAX-ACCESS read-only 1274 STATUS current 1275 DESCRIPTION 1276 "Status of this flow data record." 1277 ::= { flowDataEntry 3 } 1279 flowDataSourceInterface OBJECT-TYPE 1280 SYNTAX Integer32 1281 MAX-ACCESS read-only 1282 STATUS current 1283 DESCRIPTION 1284 "Index of the interface associated with the source address 1285 for this flow. It's value is one of those contained in the 1286 ifIndex field of the meter's interfaces table." 1287 ::= { flowDataEntry 4 } 1289 flowDataSourceAdjacentType OBJECT-TYPE 1290 SYNTAX AdjacentType 1291 MAX-ACCESS read-only 1292 STATUS current 1293 DESCRIPTION 1294 "Adjacent address type of the source for this flow. If 1295 metering is being performed at the network level this will 1296 probably be an 802 MAC address, and the adjacent type will 1297 indicate the medium being used. If traffic is being metered 1298 inside a tunnel, its adjacent address type will be the peer 1299 type of the host at the end of the tunnel." 1300 ::= { flowDataEntry 5 } 1302 flowDataSourceAdjacentAddress OBJECT-TYPE 1303 SYNTAX AdjacentAddress 1304 MAX-ACCESS read-only 1305 STATUS current 1306 DESCRIPTION 1307 "Address of the adjacent device on the path for the source 1308 for this flow." 1309 ::= { flowDataEntry 6 } 1311 flowDataSourceAdjacentMask OBJECT-TYPE 1312 SYNTAX AdjacentAddress 1313 MAX-ACCESS read-only 1314 STATUS current 1315 DESCRIPTION 1316 "1-bits in this mask indicate which bits must match when 1317 comparing the adjacent source address for this flow." 1318 ::= { flowDataEntry 7 } 1320 flowDataSourcePeerType OBJECT-TYPE 1321 SYNTAX PeerType 1322 MAX-ACCESS read-only 1323 STATUS current 1324 DESCRIPTION 1325 "Peer address type of the source for this flow." 1326 ::= { flowDataEntry 8 } 1328 flowDataSourcePeerAddress OBJECT-TYPE 1329 SYNTAX PeerAddress 1330 MAX-ACCESS read-only 1331 STATUS current 1332 DESCRIPTION 1333 "Address of the peer device for the source of this flow." 1335 ::= { flowDataEntry 9 } 1337 flowDataSourcePeerMask OBJECT-TYPE 1338 SYNTAX PeerAddress 1339 MAX-ACCESS read-only 1340 STATUS current 1341 DESCRIPTION 1342 "1-bits in this mask indicate which bits must match when 1343 comparing the source peer address for this flow." 1344 ::= { flowDataEntry 10 } 1346 flowDataSourceTransType OBJECT-TYPE 1347 SYNTAX TransportType 1348 MAX-ACCESS read-only 1349 STATUS current 1350 DESCRIPTION 1351 "Transport address type of the source for this flow. The 1352 value of this attribute will depend on the peer address type." 1353 ::= { flowDataEntry 11 } 1355 flowDataSourceTransAddress OBJECT-TYPE 1356 SYNTAX TransportAddress 1357 MAX-ACCESS read-only 1358 STATUS current 1359 DESCRIPTION 1360 "Transport address for the source of this flow." 1361 ::= { flowDataEntry 12 } 1363 flowDataSourceTransMask OBJECT-TYPE 1364 SYNTAX TransportAddress 1365 MAX-ACCESS read-only 1366 STATUS current 1367 DESCRIPTION 1368 "1-bits in this mask indicate which bits must match when 1369 comparing the transport source address for this flow." 1370 ::= { flowDataEntry 13 } 1372 flowDataDestInterface OBJECT-TYPE 1373 SYNTAX Integer32 1374 MAX-ACCESS read-only 1375 STATUS current 1376 DESCRIPTION 1377 "Index of the interface associated with the dest address for 1378 this flow. This value is one of the values contained in the 1379 ifIndex field of the interfaces table." 1380 ::= { flowDataEntry 14 } 1382 flowDataDestAdjacentType OBJECT-TYPE 1383 SYNTAX AdjacentType 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "Adjacent address type of the destination for this flow." 1388 ::= { flowDataEntry 15 } 1390 flowDataDestAdjacentAddress OBJECT-TYPE 1391 SYNTAX AdjacentAddress 1392 MAX-ACCESS read-only 1393 STATUS current 1394 DESCRIPTION 1395 "Address of the adjacent device on the path for the 1396 destination for this flow." 1397 ::= { flowDataEntry 16 } 1399 flowDataDestAdjacentMask OBJECT-TYPE 1400 SYNTAX AdjacentAddress 1401 MAX-ACCESS read-only 1402 STATUS current 1403 DESCRIPTION 1404 "1-bits in this mask indicate which bits must match when 1405 comparing the adjacent dest address for this flow." 1406 ::= { flowDataEntry 17 } 1408 flowDataDestPeerType OBJECT-TYPE 1409 SYNTAX PeerType 1410 MAX-ACCESS read-only 1411 STATUS current 1412 DESCRIPTION 1413 "Peer address type of the destination for this flow." 1414 ::= { flowDataEntry 18 } 1416 flowDataDestPeerAddress OBJECT-TYPE 1417 SYNTAX PeerAddress 1418 MAX-ACCESS read-only 1419 STATUS current 1420 DESCRIPTION 1421 "Address of the peer device for the destination of this flow." 1422 ::= { flowDataEntry 19 } 1424 flowDataDestPeerMask OBJECT-TYPE 1425 SYNTAX PeerAddress 1426 MAX-ACCESS read-only 1427 STATUS current 1428 DESCRIPTION 1429 "1-bits in this mask indicate which bits must match when 1430 comparing the dest peer type for this flow." 1431 ::= { flowDataEntry 20 } 1433 flowDataDestTransType OBJECT-TYPE 1434 SYNTAX TransportType 1435 MAX-ACCESS read-only 1436 STATUS current 1437 DESCRIPTION 1438 "Transport address type of the destination for this flow. The 1439 value of this attribute will depend on the peer address type." 1440 ::= { flowDataEntry 21 } 1442 flowDataDestTransAddress OBJECT-TYPE 1443 SYNTAX TransportAddress 1444 MAX-ACCESS read-only 1445 STATUS current 1446 DESCRIPTION 1447 "Transport address for the destination of this flow." 1448 ::= { flowDataEntry 22 } 1450 flowDataDestTransMask OBJECT-TYPE 1451 SYNTAX TransportAddress 1452 MAX-ACCESS read-only 1453 STATUS current 1454 DESCRIPTION 1455 "1-bits in this mask indicate which bits must match when 1456 comparing the transport destination address for this flow." 1457 ::= { flowDataEntry 23 } 1459 flowDataPDUScale OBJECT-TYPE 1460 SYNTAX Integer32 (1..255) 1461 MAX-ACCESS read-only 1462 STATUS current 1463 DESCRIPTION 1464 "The scale factor applied to this particular flow. Indicates 1465 the number of bits the PDU counter values should be moved left 1466 to obtain the actual values." 1467 ::= { flowDataEntry 24 } 1469 flowDataOctetScale OBJECT-TYPE 1470 SYNTAX Integer32 (1..255) 1471 MAX-ACCESS read-only 1472 STATUS current 1473 DESCRIPTION 1474 "The scale factor applied to this particular flow. Indicates 1475 the number of bits the octet counter values should be moved 1476 left to obtain the actual values." 1477 ::= { flowDataEntry 25 } 1479 flowDataRuleSet OBJECT-TYPE 1480 SYNTAX Integer32 (1..255) 1481 MAX-ACCESS not-accessible 1482 STATUS current 1483 DESCRIPTION 1484 "The RuleSet number of the rule set which created this flow. 1485 Allows a manager to use GetNext or GetBulk requests to find 1486 flows belonging to a particular RuleSet." 1487 ::= { flowDataEntry 26 } 1489 flowDataToOctets OBJECT-TYPE 1490 SYNTAX Counter64 1491 MAX-ACCESS read-only 1492 STATUS current 1493 DESCRIPTION 1494 "The count of octets flowing from source to dest address and 1495 being delivered to the protocol level being metered. In the 1496 case of IP this would count the number of octets delivered to 1497 the IP level." 1498 ::= { flowDataEntry 27 } 1500 flowDataToPDUs OBJECT-TYPE 1501 SYNTAX Counter64 1502 MAX-ACCESS read-only 1503 STATUS current 1504 DESCRIPTION 1505 "The count of protocol packets flowing from source to dest 1506 address and being delivered to the protocol level being 1507 metered. In the case of IP, for example, this would count the 1508 IP packets delivered to the IP protocol level." 1509 ::= { flowDataEntry 28 } 1511 flowDataFromOctets OBJECT-TYPE 1512 SYNTAX Counter64 1513 MAX-ACCESS read-only 1514 STATUS current 1515 DESCRIPTION 1516 "The count of octets flowing from dest to source address and 1517 being delivered to the protocol level being metered." 1518 ::= { flowDataEntry 29 } 1520 flowDataFromPDUs OBJECT-TYPE 1521 SYNTAX Counter64 1522 MAX-ACCESS read-only 1523 STATUS current 1524 DESCRIPTION 1525 "The count of protocol packets flowing from dest to source 1526 address and being delivered to the protocol level being 1527 metered. In the case of IP, for example, this would count 1528 the IP packets delivered to the IP protocol level." 1529 ::= { flowDataEntry 30 } 1531 flowDataFirstTime OBJECT-TYPE 1532 SYNTAX TimeStamp 1533 MAX-ACCESS read-only 1534 STATUS current 1535 DESCRIPTION 1536 "The time at which this flow was first entered in the table" 1537 ::= { flowDataEntry 31 } 1539 flowDataLastActiveTime OBJECT-TYPE 1540 SYNTAX TimeStamp 1541 MAX-ACCESS read-only 1542 STATUS current 1543 DESCRIPTION 1544 "The last time this flow had activity, i.e. the time of 1545 arrival of the most recent PDU belonging to this flow." 1546 ::= { flowDataEntry 32 } 1548 flowDataSourceSubscriberID OBJECT-TYPE 1549 SYNTAX OCTET STRING (SIZE (4..20)) 1550 MAX-ACCESS read-only 1551 STATUS current 1552 DESCRIPTION 1553 "Subscriber ID associated with the source address for this 1554 flow." 1555 ::= { flowDataEntry 33 } 1557 flowDataDestSubscriberID OBJECT-TYPE 1558 SYNTAX OCTET STRING (SIZE (4..20)) 1559 MAX-ACCESS read-only 1560 STATUS current 1561 DESCRIPTION 1562 "Subscriber ID associated with the dest address for this 1563 flow." 1564 ::= { flowDataEntry 34 } 1566 flowDataSessionID OBJECT-TYPE 1567 SYNTAX OCTET STRING (SIZE (4..10)) 1568 MAX-ACCESS read-only 1569 STATUS current 1570 DESCRIPTION 1571 "Session ID for this flow. Such an ID might be allocated 1572 by a network access server to distinguish a series of sessions 1573 between the same pair of addresses, which would otherwise 1574 appear to be parts of the same accounting flow." 1575 ::= { flowDataEntry 35 } 1577 flowDataSourceClass OBJECT-TYPE 1578 SYNTAX Integer32 (1..255) 1579 MAX-ACCESS read-only 1580 STATUS current 1581 DESCRIPTION 1582 "Source class for this flow. Determined by the rules, set by 1583 a PushRule action when this flow was entered in the table." 1584 ::= { flowDataEntry 36 } 1586 flowDataDestClass OBJECT-TYPE 1587 SYNTAX Integer32 (1..255) 1588 MAX-ACCESS read-only 1589 STATUS current 1590 DESCRIPTION 1591 "Destination class for this flow. Determined by the rules, set 1592 by a PushRule action when this flow was entered in the table." 1593 ::= { flowDataEntry 37 } 1595 flowDataClass OBJECT-TYPE 1596 SYNTAX Integer32 (1..255) 1597 MAX-ACCESS read-only 1598 STATUS current 1599 DESCRIPTION 1600 "Class for this flow. Determined by the rules, set by a 1601 PushRule action when this flow was entered in the table." 1602 ::= { flowDataEntry 38 } 1604 flowDataSourceKind OBJECT-TYPE 1605 SYNTAX Integer32 (1..255) 1606 MAX-ACCESS read-only 1607 STATUS current 1608 DESCRIPTION 1609 "Source kind for this flow. Determined by the rules, set by 1610 a PushRule action when this flow was entered in the table." 1611 ::= { flowDataEntry 39 } 1613 flowDataDestKind OBJECT-TYPE 1614 SYNTAX Integer32 (1..255) 1615 MAX-ACCESS read-only 1616 STATUS current 1617 DESCRIPTION 1618 "Destination kind for this flow. Determined by the rules, set 1619 by a PushRule action when this flow was entered in the table." 1620 ::= { flowDataEntry 40 } 1622 flowDataKind OBJECT-TYPE 1623 SYNTAX Integer32 (1..255) 1624 MAX-ACCESS read-only 1625 STATUS current 1626 DESCRIPTION 1627 "Class for this flow. Determined by the rules, set by a 1628 PushRule action when this flow was entered in the table." 1629 ::= { flowDataEntry 41 } 1631 -- 1632 -- The Activity Column Table 1633 -- 1635 flowColumnActivityTable OBJECT-TYPE 1636 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1637 MAX-ACCESS not-accessible 1638 STATUS deprecated 1639 DESCRIPTION 1640 "Index into the Flow Table. Allows a meter reader to retrieve 1641 a list containing the flow table indexes of flows which were 1642 last active at or after a given time, together with the values 1643 of a specified attribute for each such flow." 1644 ::= { flowData 2 } 1646 flowColumnActivityEntry OBJECT-TYPE 1647 SYNTAX FlowColumnActivityEntry 1648 MAX-ACCESS not-accessible 1649 STATUS deprecated 1650 DESCRIPTION 1651 "The Column Activity Entry for a particular attribute, 1652 activity time and flow." 1653 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1654 flowColumnActivityIndex } 1655 ::= { flowColumnActivityTable 1 } 1657 FlowColumnActivityEntry ::= SEQUENCE { 1658 flowColumnActivityAttribute FlowAttributeNumber, 1659 flowColumnActivityTime TimeFilter, 1660 flowColumnActivityIndex Integer32, 1661 flowColumnActivityData OCTET STRING 1662 } 1664 flowColumnActivityAttribute OBJECT-TYPE 1665 SYNTAX FlowAttributeNumber 1666 MAX-ACCESS read-only 1667 STATUS deprecated 1668 DESCRIPTION 1669 "Specifies the attribute for which values are required from 1670 active flows." 1671 ::= { flowColumnActivityEntry 1 } 1673 flowColumnActivityTime OBJECT-TYPE 1674 SYNTAX TimeFilter 1675 MAX-ACCESS read-only 1676 STATUS deprecated 1677 DESCRIPTION 1678 "This variable is a copy of flowDataLastActiveTime in the 1679 flow data record identified by the flowColumnActivityIndex 1680 value of this flowColumnActivityTable entry." 1681 ::= { flowColumnActivityEntry 2 } 1683 flowColumnActivityIndex OBJECT-TYPE 1684 SYNTAX Integer32 (1..2147483647) 1685 MAX-ACCESS read-only 1686 STATUS deprecated 1687 DESCRIPTION 1688 "Index of a flow table entry which was active at or after 1689 a specified flowColumnActivityTime." 1690 ::= { flowColumnActivityEntry 3 } 1692 flowColumnActivityData OBJECT-TYPE 1693 SYNTAX OCTET STRING (SIZE (3..1000)) 1694 MAX-ACCESS read-only 1695 STATUS deprecated 1696 DESCRIPTION 1697 "Collection of attribute data for flows active after 1698 flowColumnActivityTime. Within the OCTET STRING is a 1699 sequence of { flow index, attribute value } pairs, one for 1700 each active flow. The end of the sequence is marked by a 1701 flow index value of 0, indicating that there are no more 1702 rows in this column. 1704 The format of objects inside flowColumnFlowData is as follows. 1705 All numbers are unsigned. Numbers and strings appear with 1706 their high-order bytes leading. Numbers are fixed size, as 1707 specified by their SYNTAX in the flow table (above), i.e. one 1708 octet for flowAddressType and small constants, and four octets 1709 for Counter and TimeStamp. Strings are variable-length, with 1710 the length given in a single leading octet. 1712 The following is an attempt at an ASN.1 definition of 1713 flowColumnActivityData: 1715 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1716 flowRowItemEntry ::= SEQUENCE { 1717 flowRowNumber Integer32 (1..65535), 1718 -- 0 indicates the end of this column 1719 flowDataValue flowDataType -- Choice depends on attribute 1720 } 1721 flowDataType ::= CHOICE { 1722 flowByteValue Integer32 (1..255), 1723 flowShortValue Integer32 (1..65535), 1724 flowLongValue Integer32, 1725 flowStringValue OCTET STRING -- Length (n) in first byte, 1726 -- n+1 bytes total length, trailing zeroes truncated 1727 }" 1728 ::= { flowColumnActivityEntry 4 } 1730 -- 1731 -- The Data Package Table 1732 -- 1734 flowDataPackageTable OBJECT-TYPE 1735 SYNTAX SEQUENCE OF FlowDataPackageEntry 1736 MAX-ACCESS not-accessible 1737 STATUS current 1738 DESCRIPTION 1739 "Index into the Flow Table. Allows a meter reader to retrieve 1740 a sequence containing the values of a specified set of 1741 attributes for a flow which came from a specified rule set and 1742 which was last active at or after a given time." 1743 ::= { flowData 3 } 1745 flowDataPackageEntry OBJECT-TYPE 1746 SYNTAX FlowDataPackageEntry 1747 MAX-ACCESS not-accessible 1748 STATUS current 1749 DESCRIPTION 1750 "The data package containing selected variables from 1751 active rows in the flow table." 1752 INDEX { flowPackageSelector, 1753 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1754 ::= { flowDataPackageTable 1 } 1756 FlowDataPackageEntry ::= SEQUENCE { 1757 flowPackageSelector OCTET STRING, 1758 flowPackageRuleSet Integer32, 1759 flowPackageTime TimeFilter, 1760 flowPackageIndex Integer32, 1761 flowPackageData OCTET STRING 1762 } 1764 flowPackageSelector OBJECT-TYPE 1765 SYNTAX OCTET STRING 1766 MAX-ACCESS not-accessible 1767 STATUS current 1768 DESCRIPTION 1769 "Specifies the attributes for which values are required from 1770 an active flow. These are encoded as a sequence of octets 1771 each containing a FlowAttribute number, preceded by an octet 1772 giving the length of the sequence (not including the length 1773 octet). For a flowPackageSelector to be valid, it must 1774 contain at least one attribute." 1775 ::= { flowDataPackageEntry 1 } 1777 flowPackageRuleSet OBJECT-TYPE 1778 SYNTAX Integer32 (1..255) 1779 MAX-ACCESS not-accessible 1780 STATUS current 1781 DESCRIPTION 1782 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1783 set which produced the required flow." 1784 ::= { flowDataPackageEntry 2 } 1786 flowPackageTime OBJECT-TYPE 1787 SYNTAX TimeFilter 1788 MAX-ACCESS not-accessible 1789 STATUS current 1790 DESCRIPTION 1791 "This variable is a copy of flowDataLastActiveTime in the 1792 flow data record identified by the flowPackageIndex 1793 value of this flowPackageTable entry." 1794 ::= { flowDataPackageEntry 3 } 1796 flowPackageIndex OBJECT-TYPE 1797 SYNTAX Integer32 (1..2147483647) 1798 MAX-ACCESS not-accessible 1799 STATUS current 1800 DESCRIPTION 1801 "Index of a flow table entry which was active at or after 1802 a specified flowPackageTime." 1803 ::= { flowDataPackageEntry 4 } 1805 flowPackageData OBJECT-TYPE 1806 SYNTAX OCTET STRING 1807 MAX-ACCESS read-only 1808 STATUS current 1809 DESCRIPTION 1810 "A collection of attribute values for a single flow, as 1811 specified by this row's indexes. The attribute values are 1812 contained within a BER-encoded sequence [7], in the order 1813 they appear in their flowPackageSelector. 1815 For example, to retrieve a flowPackage containing values for 1816 attributes 11, 18 and 29, for a flow in rule set 7, with flow 1817 index 3447, one would GET the package whose Object Identifier 1818 (OID) was 1819 flowPackageData . 3.11.18.29 . 7. 0 . 3447 1821 To retrieve a flowPackage for the next such flow, which had 1822 been active since time 12345, one would GETNEXT the package 1823 whose Object Identifier (OID) was 1824 flowPackageData . 3.11.18.29 . 7. 12345 . 3447" 1825 ::= { flowDataPackageEntry 5 } 1827 -- 1828 -- The Rule Table 1829 -- 1831 -- This is an array of rule sets; the 'running' ones are indicated 1832 -- by the entries in the meter's flowManagerInfoTable. Several rule 1833 -- sets can be held in a meter so that the manager can change the 1834 -- running rule sets easily, for example with time of day. Note that 1835 -- a manager may not change the rules in any rule set currently 1836 -- referenced within the flowManagerInfoTable (either as 'current' or 1837 -- 'standby')! See the 'Traffic Flow Measurement: Architecture' 1838 -- document [9] for details of rules and how they are used. 1839 -- 1840 -- Space for a rule table is allocated by setting the value of 1841 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1843 flowRuleTable OBJECT-TYPE 1844 SYNTAX SEQUENCE OF FlowRuleEntry 1845 MAX-ACCESS not-accessible 1846 STATUS current 1847 DESCRIPTION 1848 "Contains all the rule sets which may be used by the meter." 1849 ::= { flowRules 1 } 1851 flowRuleEntry OBJECT-TYPE 1852 SYNTAX FlowRuleEntry 1853 MAX-ACCESS not-accessible 1854 STATUS current 1855 DESCRIPTION 1856 "The rule record itself." 1857 INDEX { flowRuleSet, flowRuleIndex } 1858 ::= { flowRuleTable 1 } 1860 FlowRuleEntry ::= SEQUENCE { 1861 flowRuleSet Integer32, 1862 flowRuleIndex Integer32, 1863 flowRuleSelector RuleAttributeNumber, 1864 flowRuleMask RuleAddress, 1865 flowRuleMatchedValue RuleAddress, 1866 flowRuleAction ActionNumber, 1867 flowRuleParameter Integer32 1868 } 1870 flowRuleSet OBJECT-TYPE 1871 SYNTAX Integer32 (1..2147483647) 1872 MAX-ACCESS not-accessible 1873 STATUS current 1874 DESCRIPTION 1875 "Selects a rule set from the array of rule sets." 1876 ::= { flowRuleEntry 1 } 1878 flowRuleIndex OBJECT-TYPE 1879 SYNTAX Integer32 (1..65535) 1880 MAX-ACCESS not-accessible 1881 STATUS current 1882 DESCRIPTION 1883 "The index into the Rule table. N.B: These values will 1884 normally be consecutive, given the fall-through semantics 1885 of processing the table." 1886 ::= { flowRuleEntry 2 } 1888 flowRuleSelector OBJECT-TYPE 1889 SYNTAX RuleAttributeNumber 1890 MAX-ACCESS read-write 1891 STATUS current 1892 DESCRIPTION 1893 "Indicates the attribute to be matched. 1895 null(0) is a special case; null rules always succeed. 1897 matchingStoD(50) is set by the meter's Packet Matching Engine. 1898 Its value is true(1) if the PME is attempting to match the 1899 packet with its addresses in Source-to-Destination order (i.e. 1900 as they appear in the packet), and false(2) otherwise. 1901 Details of how packets are matched are given in the 'Traffic 1902 Flow Measurement: Architecture' document [9]. 1904 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1905 variables, each of which can hold the name (i.e. selector 1906 value) of an address attribute. When one of these is used 1907 as a selector, its value specifies the attribute to be 1908 tested. Variable values are set by an Assign action." 1909 ::= { flowRuleEntry 3 } 1911 flowRuleMask OBJECT-TYPE 1912 SYNTAX RuleAddress 1913 MAX-ACCESS read-write 1914 STATUS current 1915 DESCRIPTION 1916 "The initial mask used to compute the desired value. If the 1917 mask is zero the rule's test will always succeed." 1918 ::= { flowRuleEntry 4 } 1920 flowRuleMatchedValue OBJECT-TYPE 1921 SYNTAX RuleAddress 1922 MAX-ACCESS read-write 1923 STATUS current 1924 DESCRIPTION 1925 "The resulting value to be matched for equality. 1926 Specifically, if the attribute chosen by the flowRuleSelector 1927 logically ANDed with the mask specified by the flowRuleMask 1928 equals the value specified in the flowRuleMatchedValue, then 1929 continue processing the table entry based on the action 1930 specified by the flowRuleAction entry. Otherwise, proceed to 1931 the next entry in the rule table." 1932 ::= { flowRuleEntry 5 } 1934 flowRuleAction OBJECT-TYPE 1935 SYNTAX ActionNumber 1936 MAX-ACCESS read-write 1937 STATUS current 1938 DESCRIPTION 1939 "The action to be taken if this rule's test succeeds, or if 1940 the meter's 'test' flag is off. Actions are opcodes for the 1941 meter's Packet Matching Engine; details are given in the 1942 'Traffic Flow Measurement: Architecture' document [9]." 1943 ::= { flowRuleEntry 6 } 1945 flowRuleParameter OBJECT-TYPE 1946 SYNTAX Integer32 (1..65535) 1947 MAX-ACCESS read-write 1948 STATUS current 1949 DESCRIPTION 1950 "A parameter value providing extra information for the 1951 rule's action." 1952 ::= { flowRuleEntry 7 } 1954 -- 1955 -- Traffic Flow Meter conformance statement 1956 -- 1958 flowMIBCompliances 1959 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1961 flowMIBGroups 1962 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1964 flowControlGroup OBJECT-GROUP 1965 OBJECTS { 1966 flowRuleInfoSize, flowRuleInfoOwner, 1967 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1968 flowRuleInfoName, flowRuleInfoRulesReady, 1969 flowRuleInfoFlowRecords, 1970 flowInterfaceSampleRate, 1971 flowInterfaceLostPackets, 1972 flowReaderTimeout, flowReaderOwner, 1973 flowReaderLastTime, flowReaderPreviousTime, 1974 flowReaderStatus, flowReaderRuleSet, 1975 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 1976 flowManagerHighWaterMark, 1977 -- flowManagerCounterWrap, 1978 flowManagerOwner, flowManagerTimeStamp, 1979 flowManagerStatus, flowManagerRunningStandby, 1980 flowFloodMark, 1981 flowInactivityTimeout, flowActiveFlows, 1982 flowMaxFlows, flowFloodMode } 1983 STATUS current 1984 DESCRIPTION 1985 "The control group defines objects which are used to control 1986 an accounting meter." 1987 ::= {flowMIBGroups 1 } 1989 flowDataTableGroup OBJECT-GROUP 1990 OBJECTS { 1991 -- flowDataIndex, 1992 flowDataStatus, 1993 flowDataSourceInterface, 1994 flowDataSourceAdjacentType, 1995 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 1996 flowDataSourcePeerType, 1997 flowDataSourcePeerAddress, flowDataSourcePeerMask, 1998 flowDataSourceTransType, 1999 flowDataSourceTransAddress, flowDataSourceTransMask, 2000 flowDataDestInterface, 2001 flowDataDestAdjacentType, 2002 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2003 flowDataDestPeerType, 2004 flowDataDestPeerAddress, flowDataDestPeerMask, 2005 flowDataDestTransType, 2006 flowDataDestTransAddress, flowDataDestTransMask, 2007 -- flowDataRuleSet, 2008 flowDataToOctets, flowDataToPDUs, 2009 flowDataFromOctets, flowDataFromPDUs, 2010 flowDataFirstTime, flowDataLastActiveTime, 2011 flowDataSourceClass, flowDataDestClass, flowDataClass, 2012 flowDataSourceKind, flowDataDestKind, flowDataKind 2013 } 2014 STATUS current 2015 DESCRIPTION 2016 "The flow table group defines objects which provide the 2017 structure for the rule table, including the creation time 2018 and activity time indexes into it. In addition it defines 2019 objects which provide a base set of flow attributes for the 2020 adjacent, peer and transport layers, together with a flow's 2021 counters and times. Finally it defines a flow's class and 2022 kind attributes, which are set by rule actions." 2023 ::= {flowMIBGroups 2 } 2025 flowDataScaleGroup OBJECT-GROUP 2026 OBJECTS { 2027 flowManagerCounterWrap, 2028 flowDataPDUScale, flowDataOctetScale 2029 } 2030 STATUS deprecated 2031 DESCRIPTION 2032 "The flow scale group defines objects which specify scale 2033 factors for counters." 2034 ::= {flowMIBGroups 3 } 2036 flowDataSubscriberGroup OBJECT-GROUP 2037 OBJECTS { 2038 flowDataSourceSubscriberID, flowDataDestSubscriberID, 2039 flowDataSessionID 2040 } 2041 STATUS current 2042 DESCRIPTION 2043 "The flow subscriber group defines objects which may be used 2044 to identify the end point(s) of a flow." 2045 ::= {flowMIBGroups 4 } 2047 flowDataColumnTableGroup OBJECT-GROUP 2048 OBJECTS { 2049 flowColumnActivityAttribute, 2050 flowColumnActivityIndex, 2051 flowColumnActivityTime, 2052 flowColumnActivityData 2053 } 2054 STATUS deprecated 2055 DESCRIPTION 2056 "The flow column table group defines objects which can be used 2057 to collect part of a column of attribute values from the flow 2058 table." 2059 ::= {flowMIBGroups 5 } 2061 flowDataPackageGroup OBJECT-GROUP 2062 OBJECTS { 2063 -- flowPackageSelector, flowPackageRuleSet, flowPackageIndex, 2064 flowPackageData 2065 } 2066 STATUS current 2067 DESCRIPTION 2068 "The data package group defines objects which can be used 2069 to collect a specified set of attribute values from a row of 2070 the flow table." 2071 ::= {flowMIBGroups 6 } 2073 flowRuleTableGroup OBJECT-GROUP 2074 OBJECTS { 2075 flowRuleSelector, 2076 flowRuleMask, flowRuleMatchedValue, 2077 flowRuleAction, flowRuleParameter 2078 } 2079 STATUS current 2080 DESCRIPTION 2081 "The rule table group defines objects which hold the set(s) 2082 of rules specifying which traffic flows are to be accounted 2083 for." 2084 ::= {flowMIBGroups 7 } 2086 flowDataScaleGroup2 OBJECT-GROUP 2087 OBJECTS { 2088 -- flowManagerCounterWrap, 2089 flowDataPDUScale, flowDataOctetScale 2090 } 2091 STATUS current 2092 DESCRIPTION 2093 "The flow scale group defines objects which specify scale 2094 factors for counters. This group replaces the earlier 2095 version of flowDataScaleGroup above (now deprecated)." 2096 ::= {flowMIBGroups 8} 2098 flowMIBCompliance MODULE-COMPLIANCE 2099 STATUS current 2100 DESCRIPTION 2101 "The compliance statement for a Traffic Flow Meter." 2102 MODULE 2103 MANDATORY-GROUPS { 2104 flowControlGroup, 2105 flowDataTableGroup, 2106 flowDataPackageGroup, 2107 flowRuleTableGroup 2108 } 2109 ::= { flowMIBCompliances 1 } 2111 END 2113 7 Security Considerations 2115 This MIB describes how an RTFM traffic meter is controlled, and provides 2116 a way for traffic flow data to be retrieved from it by a meter reader. 2117 This is essentially an application using SNMP as a method of 2118 communication between co-operating hosts; it does not - in itself - have 2119 any inherent security risks. 2121 Since, however, the traffic flow data can be extremely valuable for 2122 network management purposes it is vital that sensible precautions be 2123 taken to keep the meter and its data secure. This requires that access 2124 to the meter for control purposes (e.g. loading RuleSets and reading 2125 flow data) be restricted. Such restriction could be achieved in many 2126 ways, for example 2128 - Physical Separation. Meter(s) and meter reader(s) could be 2129 deployed so that control capabilities are kept within a separate 2130 network, access to which is carefully controlled. 2132 - Application-layer Security. A minimal level of security for SNMP 2133 is provided by using 'community' strings, which are essentially 2134 clear-text passwords. Stronger security for SNMP is being 2135 developed within the IETF; when this becomes available it should be 2136 used to protect managed network equipment. 2138 - Lower-layer Security. Access to the meter can be protected using 2139 encryption at the network layer. For example, one could run SNMP 2140 to the meter through an encrypted TCP tunnel. 2142 When implementing a meter it may be sensible to use separate network 2143 interfaces for control and for metering. If this is done the control 2144 network can be set up so that it doesn't carry any 'user' traffic, and 2145 the metering interfaces can ignore any user attempts to take control of 2146 the meter. 2148 Users should also consider how they will address attempts to circumvent 2149 a meter, i.e. to prevent it from measuring flows. Such attempts are 2150 essentially denial-of-service attacks on the metering interfaces. For 2151 example 2153 - Port Scan attacks. The attacker sends packets to each of a very 2154 large number of IP (Address : Port) pairs. Each of these packets 2155 creates a new flow in the meter; if there are enough of them the 2156 meter will recognise a 'flood' condition, and will probably stop 2157 creating new flows. As a minimum, users (and implementors) should 2158 ensure that meters can recover from flood conditions as soon as 2159 possible after they occur. 2161 - Counter Wrap attacks: The attacker sends enough packets to cause 2162 the counters in a flow to wrap several times between meter 2163 readings, thus causing the counts to be artificially low. The 2164 change to using 64-bit counters in this MIB reduces this problem 2165 significantly. 2167 Users can reduce the severity of both the above attacks by ensuring that 2168 their meters are read often enough to prevent them being flooded. The 2169 resulting flow data will contain a record of the attacking packets, 2170 which may well be useful in determining where any attack came from. 2172 8 Acknowledgements 2174 An early draft of this document was produced under the auspices of the 2175 IETF's Accounting Working Group with assistance from the SNMP Working 2176 Group and the Security Area Advisory Group. Particular thanks are due 2177 to Jim Barnes, Sig Handelman and Stephen Stibler for their support and 2178 their assistance with checking early versions of the MIB. 2180 Stephen Stibler shared the development workload of producing the MIB 2181 changes summarized in chpter 5 (above). 2183 9 References 2185 [1] McCloghrie, K., and Rose, M., Editors, "Management 2186 Information Base for Network Management of TCP/IP-based 2187 internets," RFC 1213, Performance Systems International, March 2188 1991. 2190 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 2191 "Structure of Management Information for version 2 of the 2192 Simple Network Managemenet Protocol," RFC 1902, SNMP Research 2193 Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie 2194 Mellon University, January 1996. 2196 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 2197 "Textual Conventions for version 2 of the Simple Network 2198 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2199 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2200 University, January 1996. 2202 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2203 "Conformance Statements for version 2 of the Simple Network 2204 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2205 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2206 University, January 1996. 2208 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2209 "Coexistence between version 1 and version 2 of the 2210 Internet-standard Network Management Framework," RFC 1908, SNMP 2211 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2212 Carnegie Mellon University, January 1996. 2214 [6] Information processing systems - Open Systems 2215 Interconnection - Specification of Abstract Syntax Notation One 2216 (ASN.1), International Organization for Standardization, 2217 International Standard 8824, December 1987. 2219 [7] Information processing systems - Open Systems 2220 Interconnection - Specification of Basic Encoding Rules for 2221 Abstract Notation One (ASN.1), International Organization for 2222 Standardization, International Standard 8825, December 1987. 2224 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2225 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2226 Technology Corporation, November 1991. 2228 [9] Brownlee, N., Mills, C., and G. Ruth, "Traffic Flow 2229 Measurement: Architecture", RFC 2063, The University of 2230 Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, 2231 January 1997. 2233 [10] Waldbusser, S., "Remote Network Monitoring Management 2234 Information Base Version 2 using SMIv2," RFC 2021, INS, January 2235 1997. 2237 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2238 ISI, October 1994. 2240 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2241 SNMP Research Incorporated, January 1992. 2243 [13] Hinden, R., Deering, S., "IP Version 6 Addressing 2244 Architecture," RFC 1884, Ipsilon Networks, Xerox PARC, December 2245 1995. 2247 10 Author's Address 2249 Nevil Brownlee 2250 Information Technology Systems & Services 2251 The University of Auckland 2253 Phone: +64 9 373 7599 x8941 2254 E-mail: n.brownlee@auckland.ac.nz 2256 Expires March 1998