idnits 2.17.1 draft-ietf-rtfm-meter-mib-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-03-28) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1731 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 1998) is 9418 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1902 (ref. '2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '3') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '4') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1908 (ref. '5') (Obsoleted by RFC 2576) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') ** Obsolete normative reference: RFC 2063 (ref. '9') (Obsoleted by RFC 2722) ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 1884 (ref. '13') (Obsoleted by RFC 2373) Summary: 18 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Nevil Brownlee 3 INTERNET-DRAFT The University of Auckland 4 December 1997 5 Expires June 1998 7 Traffic Flow Measurement: Meter MIB 9 11 Status of this Memo 13 This document is an Internet-Draft. Internet-Drafts are working 14 documents of the Internet Engineering Task Force (IETF), its Areas, and 15 its Working Groups. Note that other groups may also distribute working 16 documents as Internet-Drafts. This Internet Draft is a product of the 17 Realtime Traffic Flow Measurement Working Group of the IETF. 19 Internet Drafts are draft documents valid for a maximum of six months. 20 Internet Drafts may be updated, replaced, or obsoleted by other 21 documents at any time. It is not appropriate to use Internet Drafts as 22 reference material or to cite them other than as a "working draft" or 23 "work in progress." 25 To view the entire list of current Internet-Drafts, please check the 26 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 27 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), 28 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 29 ftp.isi.edu (US West Coast). 31 Abstract 33 A 'Traffic Meter' collects data relating to traffic flows within a 34 network. This document defines a Management Information Base (MIB) for 35 use in controlling a traffic meter, in particular for specifying the 36 flows to be measured. It also provides an efficient mechanism for 37 retrieving flow data from the meter using SNMP. Security issues 38 concerning the operation of traffic meters are summarised. 40 Contents 42 1 Introduction 2 44 2 The Network Management Framework 2 46 3 Objects 3 47 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 4 49 4 Overview 4 50 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . 4 51 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 5 53 5 Changes Introduced Since RFC 2064 6 55 6 Definitions 7 57 7 Security Considerations 44 59 8 Acknowledgements 46 61 9 References 46 63 10 Author's Address 47 65 1 Introduction 67 This memo defines a portion of the Management Information Base (MIB) for 68 use with network management protocols in the Internet community. In 69 particular, it describes objects for managing and collecting data from 70 network Realtime Traffic Flow Meters, as described in [9]. 72 The MIB is 'basic' in the sense that it provides more than enough 73 information for everyday traffic measurment. Furthermore, it can be 74 easily extended by adding new attributes as required. The RTFM Working 75 group is actively pursuing the development of the meter in this way. 77 2 The Network Management Framework 79 The Internet-standard Network Management Framework consists of three 80 components. They are: 82 RFC 1155 defines the SMI, the mechanisms used for describing 83 and naming objects for the purpose of management. RFC 1212 84 defines a more concise description mechanism, which is wholly 85 consistent with the SMI. 87 RFC 1156 defines MIB-I, the core set of managed objects for the 88 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 89 evolution of MIB-I based on implementation experience and new 90 operational requirements. 92 RFC 1157 defines the SNMP, the protocol used for network access 93 to managed objects. 95 RFC 1902 [2] defines the SMI for version 2 of the Simple 96 Network Management Protocol. 98 RFCs 1903 and 1904 [3,4] define Textual Conventions and 99 Conformance Statements for version 2 of the Simple Network 100 Management Protocol. 102 RFC 1908 [5] describes how versions 1 and 2 of the Simple 103 Network Management Protocol should coexist. 105 The Framework permits new objects to be defined for the purpose of 106 experimentation and evaluation. 108 3 Objects 110 Managed objects are accessed via a virtual information store, termed the 111 Management Information Base or MIB. Objects in the MIB are defined using 112 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 113 SMI. In particular, each object has a name, a syntax, and an encoding. 114 The name is an object identifier, an administratively assigned name, 115 which specifies an object type. The object type together with an object 116 instance serves to uniquely identify a specific instantiation of the 117 object. For human convenience, we often use a textual string, termed 118 the OBJECT DESCRIPTOR, to also refer to the object type. 120 The syntax of an object type defines the abstract data structure 121 corresponding to that object type. The ASN.1 language is used for this 122 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 123 which may be used. These restrictions are explicitly made for 124 simplicity. 126 The encoding of an object type is simply how that object type is 127 represented using the object type's syntax. Implicitly tied to the 128 notion of an object type's syntax and encoding is how the object type is 129 represented when being transmitted on the network. 131 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 132 subject to the additional requirements imposed by the SNMP. 134 3.1 Format of Definitions 136 Section 4 contains the specification of all object types contained in 137 this MIB module. These object types are specified using the conventions 138 defined in [2] and [3]. 140 4 Overview 142 Traffic Flow Measurement seeks to provide a well-defined method for 143 gathering traffic flow information from networks and internetworks. The 144 background for this is given in "Traffic Flow Measurement: Background" 145 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 146 produced a measurement architecture to achieve this goal; this is 147 documented in "Traffic Flow Measurement: Architecture" [9]. The 148 architecture defines three entities: 150 - METERS, which observe network traffic flows and build up a table of 151 flow data records for them, 153 - METER READERS, which collect traffic flow data from meters, and 155 - MANAGERS, which oversee the operation of meters and meter readers. 157 This memo defines the SNMP management information for a Traffic Flow 158 Meter (TFM). Work in this field was begun by the Internet Accounting 159 Working Group. It has been further developed and expanded by the 160 Realtime Traffic Flow Measurement Working Group. 162 4.1 Scope of Definitions, Textual Conventions 164 All objects defined in this memo are registered in a single subtree 165 within the mib-2 namespace [1,2], and are for use in network devices 166 which may perform a PDU forwarding or monitoring function. For these 167 devices, the value of the ifSpecific variable in the MIB-II [1] has the 168 OBJECT IDENTIFIER value: 170 flowMIB OBJECT IDENTIFIER ::= mib-2 40 172 as defined below. 174 The RTFM Meter MIB was first produced and tested using SNMPv1. It was 175 converted into SNMPv2 following the guidelines in RFC 1908 [5]. 177 4.2 Usage of the MIB variables 179 The MIB is organised in four parts - control, data, rules and 180 conformance statements. 182 The rules implement the set of packet-matching actions, as described in 183 the "Traffic Flow Measurment: Architecture" document [9]. In addition 184 they provide for BASIC-style subroutines, allowing a network manager to 185 dramatically reduce the number of rules required to monitor a large 186 network. 188 Traffic flows are identified by a set of attributes for each of their 189 end-points. Attributes include network addresses for each layer of the 190 network protocol stack, and 'subscriber ids,' which may be used to 191 identify an accountable entity for the flow. 193 The conformance statements are set out as defined in [4]. They explain 194 what must be implemented in a meter which claims to conform to this MIB. 196 To retrieve flow data one could simply do a linear scan of the flow 197 table. This would certainly work, but would require a lot of protocol 198 exchanges. To reduce the overhead in retrieving flow data the flow 199 table uses a TimeFilter variable, defined as a Textual Convention in the 200 RMON2 MIB [10]. 202 As an alternative method of reading flow data, the MIB provides a view 203 of the flow table called the flowDataPackageTable. This is (logically) 204 a four-dimensional array, subscripted by package selector, ruleset, 205 activity time and starting flow number. The package selector is a 206 sequence of bytes which specifies a list of flow attributes. 208 A data package (as returned by the meter) is a sequence of values for 209 the attributes specified in its selector, encoded using the Basic 210 Encoding Rules [7]. It allows a meter reader to retrieve all the 211 attribute values it requires in a single MIB object. This, when used 212 together with SNMPv2's GetBulk request, allows a meter reader to scan 213 the flow table and upload a specified set of attribute values for flows 214 which have changed since the last reading, and which were created by a 215 specified rule set. 217 One aspect of data collection which needs emphasis is that all the MIB 218 variables are set up to allow multiple independent meter readers to work 219 properly, i.e. the flow table indexes are stateless. An alternative 220 approach would have been to 'snapshot' the flow table, which would mean 221 that the meter readers would have to be synchronized. The stateless 222 approach does mean that two meter readers will never return exactly the 223 same set of traffic counts, but over long periods (e.g. 15-minute 224 collections over a day) the discrepancies are acceptable. If one really 225 needs a snapshot, this can be achieved by switching to an identical rule 226 set with a different RuleSet number, hence asynchronous collections may 227 be regarded as a useful generalisation of synchronised ones. 229 The control variables are the minimum set required for a meter reader. 230 Their number has been whittled down as experience has been gained with 231 the MIB implementation. A few of them are 'general,' i.e. they control 232 the overall behaviour of the meter. These are set by a single 'master' 233 manager, and no other manager should attempt to change their values. 234 The decision as to which manager is the 'master' must be made by the 235 network operations personnel responsible; this MIB does not attempt to 236 define any interaction between managers. 238 There are three other groups of control variables, arranged into tables 239 in the same way as in the RMON2 MIB [10]. They are used as follows: 241 - RULE SET INFO: Before attempting to download a RuleSet, a manager 242 must create a row in the flowRuleSetInfoTable and set its 243 flowRuleInfoSize to a value large enough to hold the RuleSet. When 244 the rule set is ready the manager must set flowRuleInfoRulesReady 245 to 'true,' indicating that the rule set is ready for use (but not 246 yet 'running'). 248 - METER READER INFO: Any meter reader wishing to collect data 249 reliably for all flows from a RuleSet should first create a row in 250 the flowReaderInfoTable with flowReaderRuleSet set to that 251 RuleSet's index in the flowRuleSetInfoTable. It should write that 252 row's flowReaderLastTime object each time it starts a collection 253 pass through the flow table. The meter will not recover a flow's 254 memory until every meter reader holding a row for that flow's 255 RuleSet has collected the flow's data. 257 - MANAGER INFO: Any manager wishing to run a RuleSet in the meter 258 must create a row in the flowManagerInfo table, specifying the 259 desired RuleSet to run and its corresponding 'standby' Ruleset (if 260 one is desired). A current RuleSet is 'running' if its 261 flowManagerRunningStandby value is false(2), similarly a standby 262 RuleSet is 'running' if flowManagerRunningStandby is true(1). 264 5 Changes Introduced Since RFC 2064 266 The first version of the Meter MIB was published as RFC 2064 in January 267 1997. The most significant changes since then are summarised below. 269 - TEXTUAL CONVENTIONS: Greater use is made of textual conventions to 270 describe the various types of addresses used by the meter. 272 - PACKET MATCHING ATTRIBUTES: Computed attributes (e.g. FlowClass 273 and FlowKind) may now be tested. This allows one to use these 274 variables to store information during packet matching. 276 A new attribute, MatchingStoD, has been added. Its value is 1 277 while a packet is being matched with its adresses in 'wire' 278 (source-to-destination) order. 280 - FLOOD MODE: This is now a read-write variable. Setting it to 281 false(2) switches the meter out of flood mode and back to normal 282 operation. 284 - CONTROL TABLES: Several variables have been added to the RuleSet, 285 Reader and Manager tables to provide more effective control of the 286 meter's activities. 288 - FLOW TABLE: 64-bit counters are used for octet and PDU counts. 289 This reduces the problems caused by the wrap-around of 32-bit 290 counters in earlier versions. 292 flowDataRuleSet is now used as an index to the flow table. This 293 allows a meter reader to collect only those flow table rows created 294 by a specified RuleSet. 296 - DATA PACKAGES: This is a new table, allowing a meter reader to 297 retrieve values for a list of attributes from a flow as a single 298 object. When used with SNMP GetBulk requests it provides an 299 efficient way to recover flow data. 301 Earlier versions had a 'Column Activity Table;' using this it was 302 difficult to collect all data for a flow efficiently in a single 303 SNMP request. 305 6 Definitions 307 FLOW-METER-MIB DEFINITIONS ::= BEGIN 309 IMPORTS 310 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 311 FROM SNMPv2-SMI 312 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 313 FROM SNMPv2-TC 314 OBJECT-GROUP, MODULE-COMPLIANCE 315 FROM SNMPv2-CONF 316 mib-2, ifIndex 317 FROM RFC1213-MIB 318 OwnerString 319 FROM RMON-MIB 321 TimeFilter 322 FROM RMON2-MIB; 324 flowMIB MODULE-IDENTITY 325 LAST-UPDATED "9712230937Z" 326 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 327 CONTACT-INFO 328 "Nevil Brownlee, The University of Auckland 330 Postal: Information Technology Sytems & Services 331 The University of Auckland 332 Private Bag 92-019 333 Auckland, New Zealand 335 Phone: +64 9 373 7599 x8941 336 E-mail: n.brownlee@auckland.ac.nz" 337 DESCRIPTION 338 "MIB for the RTFM Traffic Flow Meter." 340 REVISION "9712230937Z" 341 DESCRIPTION 342 "Two further variables deprecated: 343 - flowRuleInfoRulesReady (use flowRuleInfoStatus intead) 344 - flowDataStatus (contains no useful information)" 346 REVISION "9707071715Z" 347 DESCRIPTION 348 "Significant changes since RFC 2064 include: 349 - flowDataPackageTable added 350 - flowColumnActivityTable deprecated 351 - flowManagerCounterWrap deprecated" 353 REVISION "9603080208Z" 354 DESCRIPTION 355 "Initial version of this MIB (RFC 2064)" 356 ::= { mib-2 40 } 358 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 360 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 362 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 364 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 366 -- Textual Conventions 368 MediumType ::= TEXTUAL-CONVENTION 369 STATUS current 370 DESCRIPTION 371 "Specifies the type of a MediumAddress (see below). The 372 values used for IEEE 802 media are from the 'Network 373 Management Parameters (ifType definitions)' section of the 374 Assigned Numbers RFC [11]." 375 SYNTAX INTEGER { 376 ethernet(7), 377 tokenring(9), 378 fddi(15) } 380 MediumAddress ::= TEXTUAL-CONVENTION 381 STATUS current 382 DESCRIPTION 383 "Specifies the value of a Medium Access Control (MAC) address. 384 Address format depends on the actual Medium, as follows: 386 Ethernet: ethernet(7) 387 6-octet 802.3 MAC address in 'canonical' order 389 Token Ring: tokenring(9) 390 6-octet 802.5 MAC address in 'canonical' order 392 FDDI: fddi(15) 393 FddiMACLongAddress, i.e. a 6-octet MAC address 394 in 'canonical' order (defined in the FDDI MIB [12]) 395 " 396 SYNTAX OCTET STRING (SIZE (6..20)) 398 PeerType ::= TEXTUAL-CONVENTION 399 STATUS current 400 DESCRIPTION 401 "Indicates the type of a PeerAddress (see below). The values 402 used are from the 'Address Family Numbers' section of the 403 Assigned Numbers RFC [11]." 404 SYNTAX INTEGER { 405 ipv4(1), 406 ipv6(2), 407 nsap(3), 408 ipx(11), 409 appletalk(12), 410 decnet(13) } 412 PeerAddress ::= TEXTUAL-CONVENTION 413 STATUS current 414 DESCRIPTION 415 "Specifies the value of a peer address for various network 416 protocols. Address format depends on the actual protocol, 417 as indicated below: 419 IPv4: ipv4(1) 420 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 422 IPv6: ipv6(2) 423 16-octet IpAddress (defined in the 424 IPv6 Addressing RFC [13]) 426 CLNS: nsap(3) 427 NsapAddress (defined in the SNMPv2 SMI [2]) 429 Novell: ipx(11) 430 4-octet Network number, 431 6-octet Host number (MAC address) 433 AppleTalk: appletalk(12) 434 2-octet Network number (sixteen bits), 435 1-octet Host number (eight bits) 437 DECnet: decnet(13) 438 1-octet Area number (in low-order six bits), 439 2-octet Host number (in low-order ten bits) 440 " 441 SYNTAX OCTET STRING (SIZE (3..20)) 443 AdjacentType ::= TEXTUAL-CONVENTION 444 STATUS current 445 DESCRIPTION 446 "Indicates the type of an adjacent address. 447 Is a superset of MediumType and PeerType." 448 SYNTAX INTEGER { 449 ip(1), 450 nsap(3), 451 ethernet(7), 452 tokenring(9), 453 ipx(11), 454 appletalk(12), 455 decnet(13), 456 fddi(15) } 458 AdjacentAddress ::= TEXTUAL-CONVENTION 459 STATUS current 460 DESCRIPTION 461 "Specifies the value of an adjacent address. 462 Is a superset of MediumAddress and PeerAddress." 463 SYNTAX OCTET STRING (SIZE (3..20)) 465 TransportType ::= TEXTUAL-CONVENTION 466 STATUS current 467 DESCRIPTION 468 "Indicates the type of a TransportAddress (see below). Values 469 will depend on the actual protocol; for IP they will be those 470 given in the 'Protocol Numbers' section of the Assigned Numbers 471 RFC [11], including icmp(1), tcp(6) and udp(17)." 473 SYNTAX Integer32 (1..255) 475 TransportAddress ::= TEXTUAL-CONVENTION 476 STATUS current 477 DESCRIPTION 478 "Specifies the value of a transport address for various 479 network protocols. Format as follows: 481 IP: 482 2-octet UDP or TCP port number 484 Other protocols: 485 2-octet port number 486 " 487 SYNTAX OCTET STRING (SIZE (2)) 489 RuleAddress ::= TEXTUAL-CONVENTION 490 STATUS current 491 DESCRIPTION 492 "Specifies the value of an address. Is a superset of 493 MediumAddress, PeerAddress and TransportAddress." 494 SYNTAX OCTET STRING (SIZE (2..20)) 496 FlowAttributeNumber ::= TEXTUAL-CONVENTION 497 STATUS current 498 DESCRIPTION 499 "Uniquely identifies an attribute within a flow data record." 500 SYNTAX INTEGER { 501 flowIndex(1), 502 flowStatus(2), 503 flowTimeMark(3), 505 sourceInterface(4), 506 sourceAdjacentType(5), 507 sourceAdjacentAddress(6), 508 sourceAdjacentMask(7), 509 sourcePeerType(8), 510 sourcePeerAddress(9), 511 sourcePeerMask(10), 512 sourceTransType(11), 513 sourceTransAddress(12), 514 sourceTransMask(13), 516 destInterface(14), 517 destAdjacentType(15), 518 destAdjacentAddress(16), 519 destAdjacentMask(17), 520 destPeerType(18), 521 destPeerAddress(19), 522 destPeerMask(20), 523 destTransType(21), 524 destTransAddress(22), 525 destTransMask(23), 527 pduScale(24), 528 octetScale(25), 530 ruleSet(26), 531 toOctets(27), -- Source-to-Dest 532 toPDUs(28), 533 fromOctets(29), -- Dest-to-Source 534 fromPDUs(30), 535 firstTime(31), -- Activity times 536 lastActiveTime(32), 538 sourceSubscriberID(33), -- Subscriber ID 539 destSubscriberID(34), 540 sessionID(35), 542 sourceClass(36), -- Computed attributes 543 destClass(37), 544 flowClass(38), 545 sourceKind(39), 546 destKind(40), 547 flowKind(41) } 549 RuleAttributeNumber ::= TEXTUAL-CONVENTION 550 STATUS current 551 DESCRIPTION 552 "Uniquely identifies an attribute which may be tested in 553 a rule. These include attributes whose values come directly 554 from (or are computed from) the flow's packets, and the five 555 'meter' variables used to hold an Attribute Number." 556 SYNTAX INTEGER { 557 null(0), 558 sourceInterface(4), -- Source Address 559 sourceAdjacentType(5), 560 sourceAdjacentAddress(6), 561 sourcePeerType(8), 562 sourcePeerAddress(9), 563 sourceTransType(11), 564 sourceTransAddress(12), 566 destInterface(14), -- Dest Address 567 destAdjacentType(15), 568 destAdjacentAddress(16), 569 destPeerType(18), 570 destPeerAddress(19), 571 destTransType(21), 572 destTransAddress(22), 574 sourceSubscriberID(33), -- Subscriber ID 575 destSubscriberID(34), 576 sessionID(35), 578 sourceClass(36), -- Computed attributes 579 destClass(37), 580 flowClass(38), 581 sourceKind(39), 582 destKind(40), 583 flowKind(41), 585 matchingStoD(50), -- Packet matching 587 v1(51), -- Meter variables 588 v2(52), 589 v3(53), 590 v4(54), 591 v5(55) } 593 ActionNumber ::= TEXTUAL-CONVENTION 594 STATUS current 595 DESCRIPTION 596 "Uniquely identifies the action of a rule, i.e. the Pattern 597 Matching Engine's opcode number. Details of the opcodes 598 are given in the 'Traffic Flow Measurement: Architecture' 599 document [9]." 600 SYNTAX INTEGER { 601 ignore(1), 602 noMatch(2), 603 count(3), 604 countPkt(4), 605 return(5), 606 gosub(6), 607 gosubAct(7), 608 assign(8), 609 assignAct(9), 610 goto(10), 611 gotoAct(11), 612 pushRuleTo(12), 613 pushRuleToAct(13), 614 pushPktTo(14), 615 pushPktToAct(15) } 617 -- 618 -- Control Group: Rule Set Info Table 619 -- 621 flowRuleSetInfoTable OBJECT-TYPE 622 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 623 MAX-ACCESS not-accessible 624 STATUS current 625 DESCRIPTION 626 "An array of information about the rule sets held in the 627 meter. 629 Any manager may configure a new rule set for the meter by 630 creating a row in this table with status active(1), and setting 631 values for all the objects in its rules. At this stage the new 632 rule set is available but not 'running,' i.e. it is not being 633 used by the meter to produce entries in the flow table. 635 To actually 'run' a rule set a manager must create a row in 636 the flowManagerInfoTable, set it's flowManagerStatus to 637 active(1), and set either its CurrentRuleSet or StandbyRuleSet 638 to point to the rule set to be run. 640 Once a rule set is running a manager may not change any of the 641 objects within the rule set itself. 643 Any manager may stop a rule set running by removing all 644 references to it in the flowManagerInfoTable (i.e. by setting 645 CurrentRuleSet and StandbyRuleSet values to 0). This provides a 646 way to stop rule sets left running if a manager fails." 647 ::= { flowControl 1 } 649 flowRuleSetInfoEntry OBJECT-TYPE 650 SYNTAX FlowRuleSetInfoEntry 651 MAX-ACCESS not-accessible 652 STATUS current 653 DESCRIPTION 654 "Information about a particular rule set." 655 INDEX { flowRuleInfoIndex } 656 ::= { flowRuleSetInfoTable 1 } 658 FlowRuleSetInfoEntry ::= SEQUENCE { 659 flowRuleInfoIndex Integer32, 660 flowRuleInfoSize Integer32, 661 flowRuleInfoOwner OwnerString, 662 flowRuleInfoTimeStamp TimeStamp, 663 flowRuleInfoStatus RowStatus, 664 flowRuleInfoName OCTET STRING, 665 flowRuleInfoRulesReady TruthValue, 666 flowRuleInfoFlowRecords Integer32 667 } 669 flowRuleInfoIndex OBJECT-TYPE 670 SYNTAX Integer32 (1..2147483647) 671 MAX-ACCESS not-accessible 672 STATUS current 673 DESCRIPTION 674 "An index which selects an entry in the flowRuleSetInfoTable. 675 Each such entry contains control information for a particular 676 rule set which the meter may run." 677 ::= { flowRuleSetInfoEntry 1 } 679 flowRuleInfoSize OBJECT-TYPE 680 SYNTAX Integer32 681 MAX-ACCESS read-create 682 STATUS current 683 DESCRIPTION 684 "Number of rules in this rule set. Setting this variable will 685 cause the meter to allocate space for these rules." 686 ::= { flowRuleSetInfoEntry 2 } 688 flowRuleInfoOwner OBJECT-TYPE 689 SYNTAX OwnerString 690 MAX-ACCESS read-create 691 STATUS current 692 DESCRIPTION 693 "Identifies the manager which 'owns' this rule set. A manager 694 must set this variable when creating a row in this table." 695 ::= { flowRuleSetInfoEntry 3 } 697 flowRuleInfoTimeStamp OBJECT-TYPE 698 SYNTAX TimeStamp 699 MAX-ACCESS read-only 700 STATUS current 701 DESCRIPTION 702 "Time this row's associated rule set was last changed." 703 ::= { flowRuleSetInfoEntry 4 } 705 flowRuleInfoStatus OBJECT-TYPE 706 SYNTAX RowStatus 707 MAX-ACCESS read-create 708 STATUS current 709 DESCRIPTION 710 "The status of this flowRuleSetInfoEntry. If this value is 711 not active(1) the meter must not attempt to use the row's 712 associated rule set. Once its value has been set to active(1) 713 a manager may not change any of the other variables in the 714 row, nor the contents of the associated rule set. 716 To download a rule set, a manger could: 717 - Locate an open slot in the RuleSetInfoTable. 718 - Create a RuleSetInfoEntry by setting the status for this 719 open slot to createAndWait(5). 720 - Set flowRuleInfoSize and flowRuleInfoName as required. 721 - Download the rules into the row's rule table. 722 - Set flowRuleInfoStatus to active(1). 724 The rule set would then be ready to run. The manager is not 725 allowed to change the value of flowRuleInfoStatus from 726 active(1) if the associated RuleSet is being referenced by any 727 of the entries in the flowManagerInfoTable. 729 Setting RuleInfoStatus to destroy(6) destroys the associated 730 rule set together with any flow data collected by it." 731 ::= { flowRuleSetInfoEntry 5 } 733 flowRuleInfoName OBJECT-TYPE 734 SYNTAX OCTET STRING 735 MAX-ACCESS read-create 736 STATUS current 737 DESCRIPTION 738 "An alphanumeric identifier used by managers and readers to 739 identify a rule set. For example, a manager wishing to run a 740 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 741 to see whether the WWW-FLOWS rule set is already available on 742 the meter. 744 Note that references to rule sets in the flowManagerInfoTable 745 use indexes for their flowRuleSetInfoTable entries. These may 746 be different each time the rule set is loaded into a meter." 747 ::= { flowRuleSetInfoEntry 6 } 749 flowRuleInfoRulesReady OBJECT-TYPE 750 SYNTAX TruthValue 751 MAX-ACCESS read-create 752 STATUS deprecated 753 DESCRIPTION 754 "Indicates whether the rules for this row's associated rule set 755 are ready for use. The meter will refuse to 'run' the rule set 756 unless this variable has been set to true(1). 757 While RulesReady is false(2), the manager may modify the rule 758 set, for example by downloading rules into it." 759 ::= { flowRuleSetInfoEntry 7 } 761 flowRuleInfoFlowRecords OBJECT-TYPE 762 SYNTAX Integer32 763 MAX-ACCESS read-only 764 STATUS current 765 DESCRIPTION 766 "The number of entries in the flow table for this rule set. 767 These may be current (waiting for collection by one or more 768 meter readers) or idle (waiting for the meter to recover 769 their memory)." 770 ::= { flowRuleSetInfoEntry 8 } 772 -- 773 -- Control Group: Interface Info Table 774 -- 776 flowInterfaceTable OBJECT-TYPE 777 SYNTAX SEQUENCE OF FlowInterfaceEntry 778 MAX-ACCESS not-accessible 779 STATUS current 780 DESCRIPTION 781 "An array of information specific to each meter interface." 782 ::= { flowControl 2 } 784 flowInterfaceEntry OBJECT-TYPE 785 SYNTAX FlowInterfaceEntry 786 MAX-ACCESS not-accessible 787 STATUS current 788 DESCRIPTION 789 "Information about a particular interface." 790 INDEX { ifIndex } 791 ::= { flowInterfaceTable 1 } 793 FlowInterfaceEntry ::= SEQUENCE { 794 flowInterfaceSampleRate Integer32, 795 flowInterfaceLostPackets Counter32 796 } 798 flowInterfaceSampleRate OBJECT-TYPE 799 SYNTAX Integer32 800 MAX-ACCESS read-write 801 STATUS current 802 DESCRIPTION 803 "The parameter N for statistical counting on this interface. 804 Set to N to count 1/Nth of the packets appearing at this 805 interface. A meter should choose its own algorithm to 806 introduce variance into the sampling so that exactly every Nth 807 packet is not counted. A sampling rate of 1 counts all 808 packets. A sampling rate of 0 results in the interface 809 being ignored by the meter." 810 DEFVAL { 1 } 811 ::= { flowInterfaceEntry 1 } 813 flowInterfaceLostPackets OBJECT-TYPE 814 SYNTAX Counter32 815 MAX-ACCESS read-only 816 STATUS current 817 DESCRIPTION 818 "The number of packets the meter has lost for this interface. 819 Such losses may occur because the meter has been unable to 820 keep up with the traffic volume." 821 ::= { flowInterfaceEntry 2 } 823 -- 824 -- Control Group: Meter Reader Info Table 825 -- 827 -- Any meter reader wishing to collect data reliably for flows 828 -- should first create a row in this table. It should write that 829 -- row's flowReaderLastTime object each time it starts a collection 830 -- pass through the flow table. 832 -- If a meter reader (MR) does not create a row in this table, e.g. 833 -- because it failed authentication in the meter's SNMP write 834 -- community, collection can still proceed but the meter will not be 835 -- aware of meter reader MR. This could lead the meter to recover 836 -- flows before they have been collected by MR. 838 flowReaderInfoTable OBJECT-TYPE 839 SYNTAX SEQUENCE OF FlowReaderInfoEntry 840 MAX-ACCESS not-accessible 841 STATUS current 842 DESCRIPTION 843 "An array of information about meter readers which have 844 registered their intent to collect flow data from this meter." 845 ::= { flowControl 3 } 847 flowReaderInfoEntry OBJECT-TYPE 848 SYNTAX FlowReaderInfoEntry 849 MAX-ACCESS not-accessible 850 STATUS current 851 DESCRIPTION 852 "Information about a particular meter reader." 853 INDEX { flowReaderIndex } 854 ::= { flowReaderInfoTable 1 } 856 FlowReaderInfoEntry ::= SEQUENCE { 857 flowReaderIndex Integer32, 858 flowReaderTimeout Integer32, 859 flowReaderOwner OwnerString, 860 flowReaderLastTime TimeStamp, 861 flowReaderPreviousTime TimeStamp, 862 flowReaderStatus RowStatus, 863 flowReaderRuleSet Integer32 864 } 866 flowReaderIndex OBJECT-TYPE 867 SYNTAX Integer32 (1..2147483647) 868 MAX-ACCESS not-accessible 869 STATUS current 870 DESCRIPTION 871 "An index which selects an entry in the flowReaderInfoTable." 872 ::= { flowReaderInfoEntry 1 } 874 flowReaderTimeout OBJECT-TYPE 875 SYNTAX Integer32 876 MAX-ACCESS read-create 877 STATUS current 878 DESCRIPTION 879 "Specifies the maximum time (in seconds) between flow data 880 collections for this meter reader. If this time elapses 881 without a collection, the meter should assume that this meter 882 reader has stopped collecting, and delete this row from the 883 table. A value of zero indicates that this row should not be 884 timed out." 885 ::= { flowReaderInfoEntry 2 } 887 flowReaderOwner OBJECT-TYPE 888 SYNTAX OwnerString 889 MAX-ACCESS read-create 890 STATUS current 891 DESCRIPTION 892 "Identifies the meter reader which created this row." 893 ::= { flowReaderInfoEntry 3 } 895 flowReaderLastTime OBJECT-TYPE 896 SYNTAX TimeStamp 897 MAX-ACCESS read-create 898 STATUS current 899 DESCRIPTION 900 "Time this meter reader began its most recent data collection. 902 This variable should be written by a meter reader as its first 903 step in reading flow data. The meter will set this LastTime 904 value to sysUptime and set its PreviousTime value (below) to 905 the old LastTime. This allows the meter to recover flows 906 which have been inactive since PreviousTime, for these have 907 been collected at least once. 909 If the meter reader fails to write flowLastReadTime, collection 910 may still proceed but the meter may not be able to recover 911 inactive flows until the flowReaderTimeout has been reached 912 for this entry." 913 ::= { flowReaderInfoEntry 4 } 915 flowReaderPreviousTime OBJECT-TYPE 916 SYNTAX TimeStamp 917 MAX-ACCESS read-only 918 STATUS current 919 DESCRIPTION 920 "Time this meter reader began the collection before last." 921 ::= { flowReaderInfoEntry 5 } 923 flowReaderStatus OBJECT-TYPE 924 SYNTAX RowStatus 925 MAX-ACCESS read-create 926 STATUS current 927 DESCRIPTION 928 "The status of this FlowReaderInfoEntry. A value of active(1) 929 implies that the associated reader should be collecting data 930 from the meter. Once this variable has been set to active(1) 931 a manager may only change this row's flowReaderLastTime and 932 flowReaderTimeout variables." 933 ::= { flowReaderInfoEntry 6 } 935 flowReaderRuleSet OBJECT-TYPE 936 SYNTAX Integer32 (1..2147483647) 937 MAX-ACCESS read-create 938 STATUS current 939 DESCRIPTION 940 "An index to the array of rule sets. Specifies a set of rules 941 of interest to this meter reader. The reader will attempt to 942 collect any data generated by the meter for this rule set, and 943 the meter will not recover the memory of any of the rule set's 944 flows until this collection has taken place. Note that a 945 reader may have entries in this table for several rule sets." 946 ::= { flowReaderInfoEntry 7 } 948 -- 949 -- Control Group: Manager Info Table 950 -- 952 -- Any manager wishing to run a rule set must create a row in this 953 -- table. Once it has a table row, the manager may set the control 954 -- variables in its row so as to cause the meter to run any valid 955 -- rule set held by the meter. 957 -- A single manager may run several rule sets; it must create a row 958 -- in this table for each of them. In short, each row of this table 959 -- describes (and controls) a 'task' which the meter is executing. 961 flowManagerInfoTable OBJECT-TYPE 962 SYNTAX SEQUENCE OF FlowManagerInfoEntry 963 MAX-ACCESS not-accessible 964 STATUS current 965 DESCRIPTION 966 "An array of information about managers which have 967 registered their intent to run rule sets on this meter." 968 ::= { flowControl 4 } 970 flowManagerInfoEntry OBJECT-TYPE 971 SYNTAX FlowManagerInfoEntry 972 MAX-ACCESS not-accessible 973 STATUS current 974 DESCRIPTION 975 "Information about a particular meter 'task.' By creating 976 an entry in this table and activating it, a manager requests 977 that the meter 'run' the indicated rule set. 979 The entry also specifies a HighWaterMark and a StandbyRuleSet. 980 If the meter's flow table usage exceeds this task's 981 HighWaterMark the meter will stop running the task's 982 CurrentRuleSet and switch to its StandbyRuleSet. 984 If the value of the task's StandbyRuleSet is 0 when its 985 HighWaterMark is exceeded, the meter simply stops running the 986 task's CurrentRuleSet. By careful selection of HighWaterMarks 987 for the various tasks a manager can ensure that the most 988 critical rule sets are the last to stop running as the number 989 of flows increases. 991 When a manager has determined that the demand for flow table 992 space has abated, it may cause the task to switch back to its 993 CurrentRuleSet by setting its flowManagerRunningStandby 994 variable to false(2)." 995 INDEX { flowManagerIndex } 996 ::= { flowManagerInfoTable 1 } 998 FlowManagerInfoEntry ::= SEQUENCE { 999 flowManagerIndex Integer32, 1000 flowManagerCurrentRuleSet Integer32, 1001 flowManagerStandbyRuleSet Integer32, 1002 flowManagerHighWaterMark Integer32, 1003 flowManagerCounterWrap INTEGER, 1004 flowManagerOwner OwnerString, 1005 flowManagerTimeStamp TimeStamp, 1006 flowManagerStatus RowStatus, 1007 flowManagerRunningStandby TruthValue 1008 } 1010 flowManagerIndex OBJECT-TYPE 1011 SYNTAX Integer32 (1..2147483647) 1012 MAX-ACCESS not-accessible 1013 STATUS current 1014 DESCRIPTION 1015 "An index which selects an entry in the flowManagerInfoTable." 1016 ::= { flowManagerInfoEntry 1 } 1018 flowManagerCurrentRuleSet OBJECT-TYPE 1019 SYNTAX Integer32 1020 MAX-ACCESS read-create 1021 STATUS current 1022 DESCRIPTION 1023 "Index to the array of rule sets. Specifies which set of 1024 rules is the 'current' one for this task. The meter will 1025 be 'running' the current ruleset if this row's 1026 flowManagerRunningStandby value is false(2). 1028 When the manager sets this variable the meter will stop using 1029 the task's old current rule set and start using the new one. 1030 Specifying rule set 0 (the empty set) stops flow measurement 1031 for this task." 1032 ::= { flowManagerInfoEntry 2 } 1034 flowManagerStandbyRuleSet OBJECT-TYPE 1035 SYNTAX Integer32 1036 MAX-ACCESS read-create 1037 STATUS current 1038 DESCRIPTION 1039 "Index to the array of rule sets. After reaching HighWaterMark 1040 (see below) the manager will switch to using the task's 1041 StandbyRuleSet in place of its CurrentRuleSet. For this to be 1042 effective the designated StandbyRuleSet should have a coarser 1043 reporting granularity then the CurrentRuleSet. The manager may 1044 also need to decrease the meter reading interval so that the 1045 meter can recover flows measured by this task's CurrentRuleSet." 1046 DEFVAL { 0 } -- No standby 1047 ::= { flowManagerInfoEntry 3 } 1049 flowManagerHighWaterMark OBJECT-TYPE 1050 SYNTAX Integer32 (0..100) 1051 MAX-ACCESS read-create 1052 STATUS current 1053 DESCRIPTION 1054 "A value expressed as a percentage, interpreted by the meter 1055 as an indication of how full the flow table should be before 1056 it should switch to the standby rule set (if one has been 1057 specified) for this task. Values of 0% or 100% disable the 1058 checking represented by this variable." 1059 ::= { flowManagerInfoEntry 4 } 1061 flowManagerCounterWrap OBJECT-TYPE 1062 SYNTAX INTEGER { wrap(1), scale(2) } 1063 MAX-ACCESS read-create 1064 STATUS deprecated 1065 DESCRIPTION 1066 "Specifies whether PDU and octet counters should wrap when 1067 they reach the top of their range (normal behaviour for 1068 Counter64 objects), or whether their scale factors should 1069 be used instead. The combination of counter and scale 1070 factor allows counts to be returned as binary floating 1071 point numbers, with 64-bit mantissas and 8-bit exponents." 1072 DEFVAL { wrap } 1073 ::= { flowManagerInfoEntry 5 } 1075 flowManagerOwner OBJECT-TYPE 1076 SYNTAX OwnerString 1077 MAX-ACCESS read-create 1078 STATUS current 1079 DESCRIPTION 1080 "Identifies the manager which created this row." 1081 ::= { flowManagerInfoEntry 6 } 1083 flowManagerTimeStamp OBJECT-TYPE 1084 SYNTAX TimeStamp 1085 MAX-ACCESS read-only 1086 STATUS current 1087 DESCRIPTION 1088 "Time this row was last changed by its manager." 1089 ::= { flowManagerInfoEntry 7 } 1091 flowManagerStatus OBJECT-TYPE 1092 SYNTAX RowStatus 1093 MAX-ACCESS read-create 1094 STATUS current 1095 DESCRIPTION 1096 "The status of this row in the flowManagerInfoTable. A value 1097 of active(1) implies that this task may be activated, by 1098 setting its CurrentRuleSet and StandbyRuleSet variables. 1099 Its HighWaterMark and RunningStandby variables may also be 1100 changed." 1101 ::= { flowManagerInfoEntry 8 } 1103 flowManagerRunningStandby OBJECT-TYPE 1104 SYNTAX TruthValue 1105 MAX-ACCESS read-create 1106 STATUS current 1107 DESCRIPTION 1108 "Set to true(1) by the meter to indicate that it has switched 1109 to runnning this task's StandbyRuleSet in place of its 1110 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1111 manager may simply set this variable to false(2)." 1112 DEFVAL { false } 1113 ::= { flowManagerInfoEntry 9 } 1115 -- 1116 -- Control Group: General Meter Control Variables 1117 -- 1119 flowFloodMark OBJECT-TYPE 1120 SYNTAX Integer32 (0..100) 1121 MAX-ACCESS read-write 1122 STATUS current 1123 DESCRIPTION 1124 "A value expressed as a percentage, interpreted by the meter 1125 as an indication of how full the flow table should be before 1126 it should take some action to avoid running out of resources 1127 to handle new flows. Values of 0% or 100% disable the 1128 checking represented by this variable." 1129 DEFVAL { 95 } -- Enabled by default. 1130 ::= { flowControl 5 } 1132 flowInactivityTimeout OBJECT-TYPE 1133 SYNTAX Integer32 1134 MAX-ACCESS read-write 1135 STATUS current 1136 DESCRIPTION 1137 "The time in seconds since the last packet seen, after which 1138 a flow becomes 'idle.' Note that although a flow may be 1139 idle, it will not be discarded (and its memory recovered) 1140 until after its data has been collected by all the meter 1141 readers registered for its RuleSet." 1142 DEFVAL { 600 } -- 10 minutes 1143 ::= { flowControl 6 } 1145 flowActiveFlows OBJECT-TYPE 1146 SYNTAX Integer32 1147 MAX-ACCESS read-only 1148 STATUS current 1149 DESCRIPTION 1150 "The numbers of flows which are currently in use." 1151 ::= { flowControl 7 } 1153 flowMaxFlows OBJECT-TYPE 1154 SYNTAX Integer32 1155 MAX-ACCESS read-only 1156 STATUS current 1157 DESCRIPTION 1158 "The maximum number of flows allowed in the meter's 1159 flow table. At present this is determined when the meter 1160 is first started up." 1161 ::= { flowControl 8 } 1163 flowFloodMode OBJECT-TYPE 1164 SYNTAX TruthValue 1165 MAX-ACCESS read-write 1166 STATUS current 1167 DESCRIPTION 1168 "Indicates that the meter has passed its FloodMark and is 1169 not running in its normal mode. When a manager notices this 1170 it should take action to remedy the problem which caused the 1171 flooding. Once the flood has receded, the manager may set 1172 this variable to false(2) to resume normal operaation." 1173 ::= { flowControl 9 } 1175 -- 1176 -- The Flow Table 1177 -- 1179 -- This is a table kept by a meter, with one flow data entry for every 1180 -- flow being measured. Each flow data entry stores the attribute 1181 -- values for a traffic flow. Details of flows and their attributes 1182 -- are given in the 'Traffic Flow Measurement: Architecture' 1183 -- document [9]. 1185 -- From time to time a meter reader may sweep the flow table so as 1186 -- to read counts. This is most effectively achieved by using the 1187 -- TimeMark variable together with successive GetBulk requests to 1188 -- retrieve the values of the desired flow attribute variables. 1190 -- This scheme allows multiple meter readers to independently use the 1191 -- same meter; the meter readers do not have to be synchronised and 1192 -- they may use different collection intervals. 1194 flowDataTable OBJECT-TYPE 1195 SYNTAX SEQUENCE OF FlowDataEntry 1196 MAX-ACCESS not-accessible 1197 STATUS current 1198 DESCRIPTION 1199 "The list of all flows being measured." 1200 ::= { flowData 1 } 1202 flowDataEntry OBJECT-TYPE 1203 SYNTAX FlowDataEntry 1204 MAX-ACCESS not-accessible 1205 STATUS current 1206 DESCRIPTION 1207 "The flow data record for a particular flow." 1208 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1209 ::= { flowDataTable 1 } 1211 FlowDataEntry ::= SEQUENCE { 1212 flowDataIndex Integer32, 1213 flowDataTimeMark TimeFilter, 1214 flowDataStatus INTEGER, 1216 flowDataSourceInterface Integer32, 1217 flowDataSourceAdjacentType AdjacentType, 1218 flowDataSourceAdjacentAddress AdjacentAddress, 1219 flowDataSourceAdjacentMask AdjacentAddress, 1220 flowDataSourcePeerType PeerType, 1221 flowDataSourcePeerAddress PeerAddress, 1222 flowDataSourcePeerMask PeerAddress, 1223 flowDataSourceTransType TransportType, 1224 flowDataSourceTransAddress TransportAddress, 1225 flowDataSourceTransMask TransportAddress, 1227 flowDataDestInterface Integer32, 1228 flowDataDestAdjacentType AdjacentType, 1229 flowDataDestAdjacentAddress AdjacentAddress, 1230 flowDataDestAdjacentMask AdjacentAddress, 1231 flowDataDestPeerType PeerType, 1232 flowDataDestPeerAddress PeerAddress, 1233 flowDataDestPeerMask PeerAddress, 1234 flowDataDestTransType TransportType, 1235 flowDataDestTransAddress TransportAddress, 1236 flowDataDestTransMask TransportAddress, 1238 flowDataPDUScale Integer32, 1239 flowDataOctetScale Integer32, 1241 flowDataRuleSet Integer32, 1243 flowDataToOctets Counter64, -- Source->Dest 1244 flowDataToPDUs Counter64, 1245 flowDataFromOctets Counter64, -- Dest->Source 1246 flowDataFromPDUs Counter64, 1247 flowDataFirstTime TimeStamp, -- Activity times 1248 flowDataLastActiveTime TimeStamp, 1250 flowDataSourceSubscriberID OCTET STRING, 1251 flowDataDestSubscriberID OCTET STRING, 1252 flowDataSessionID OCTET STRING, 1254 flowDataSourceClass Integer32, 1255 flowDataDestClass Integer32, 1256 flowDataClass Integer32, 1257 flowDataSourceKind Integer32, 1258 flowDataDestKind Integer32, 1259 flowDataKind Integer32 1260 } 1262 flowDataIndex OBJECT-TYPE 1263 SYNTAX Integer32 (1..2147483647) 1264 MAX-ACCESS not-accessible 1265 STATUS current 1266 DESCRIPTION 1267 "Value of this flow data record's index within the meter's 1268 flow table." 1269 ::= { flowDataEntry 1 } 1271 flowDataTimeMark OBJECT-TYPE 1272 SYNTAX TimeFilter 1273 MAX-ACCESS not-accessible 1274 STATUS current 1275 DESCRIPTION 1276 "A TimeFilter for this entry. Allows GetNext and GetBulk 1277 to find flow table rows which have changed since a specified 1278 value of sysUptime." 1279 ::= { flowDataEntry 2 } 1281 flowDataStatus OBJECT-TYPE 1282 SYNTAX INTEGER { inactive(1), current(2) } 1283 MAX-ACCESS read-only 1284 STATUS deprecated 1285 DESCRIPTION 1286 "Status of this flow data record." 1288 ::= { flowDataEntry 3 } 1290 flowDataSourceInterface OBJECT-TYPE 1291 SYNTAX Integer32 1292 MAX-ACCESS read-only 1293 STATUS current 1294 DESCRIPTION 1295 "Index of the interface associated with the source address 1296 for this flow. It's value is one of those contained in the 1297 ifIndex field of the meter's interfaces table." 1298 ::= { flowDataEntry 4 } 1300 flowDataSourceAdjacentType OBJECT-TYPE 1301 SYNTAX AdjacentType 1302 MAX-ACCESS read-only 1303 STATUS current 1304 DESCRIPTION 1305 "Adjacent address type of the source for this flow. If 1306 metering is being performed at the network level this will 1307 probably be an 802 MAC address, and the adjacent type will 1308 indicate the medium being used. If traffic is being metered 1309 inside a tunnel, its adjacent address type will be the peer 1310 type of the host at the end of the tunnel." 1311 ::= { flowDataEntry 5 } 1313 flowDataSourceAdjacentAddress OBJECT-TYPE 1314 SYNTAX AdjacentAddress 1315 MAX-ACCESS read-only 1316 STATUS current 1317 DESCRIPTION 1318 "Address of the adjacent device on the path for the source 1319 for this flow." 1320 ::= { flowDataEntry 6 } 1322 flowDataSourceAdjacentMask OBJECT-TYPE 1323 SYNTAX AdjacentAddress 1324 MAX-ACCESS read-only 1325 STATUS current 1326 DESCRIPTION 1327 "1-bits in this mask indicate which bits must match when 1328 comparing the adjacent source address for this flow." 1329 ::= { flowDataEntry 7 } 1331 flowDataSourcePeerType OBJECT-TYPE 1332 SYNTAX PeerType 1333 MAX-ACCESS read-only 1334 STATUS current 1335 DESCRIPTION 1336 "Peer address type of the source for this flow." 1337 ::= { flowDataEntry 8 } 1339 flowDataSourcePeerAddress OBJECT-TYPE 1340 SYNTAX PeerAddress 1341 MAX-ACCESS read-only 1342 STATUS current 1343 DESCRIPTION 1344 "Address of the peer device for the source of this flow." 1345 ::= { flowDataEntry 9 } 1347 flowDataSourcePeerMask OBJECT-TYPE 1348 SYNTAX PeerAddress 1349 MAX-ACCESS read-only 1350 STATUS current 1351 DESCRIPTION 1352 "1-bits in this mask indicate which bits must match when 1353 comparing the source peer address for this flow." 1354 ::= { flowDataEntry 10 } 1356 flowDataSourceTransType OBJECT-TYPE 1357 SYNTAX TransportType 1358 MAX-ACCESS read-only 1359 STATUS current 1360 DESCRIPTION 1361 "Transport address type of the source for this flow. The 1362 value of this attribute will depend on the peer address type." 1363 ::= { flowDataEntry 11 } 1365 flowDataSourceTransAddress OBJECT-TYPE 1366 SYNTAX TransportAddress 1367 MAX-ACCESS read-only 1368 STATUS current 1369 DESCRIPTION 1370 "Transport address for the source of this flow." 1371 ::= { flowDataEntry 12 } 1373 flowDataSourceTransMask OBJECT-TYPE 1374 SYNTAX TransportAddress 1375 MAX-ACCESS read-only 1376 STATUS current 1377 DESCRIPTION 1378 "1-bits in this mask indicate which bits must match when 1379 comparing the transport source address for this flow." 1380 ::= { flowDataEntry 13 } 1382 flowDataDestInterface OBJECT-TYPE 1383 SYNTAX Integer32 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "Index of the interface associated with the dest address for 1388 this flow. This value is one of the values contained in the 1389 ifIndex field of the interfaces table." 1391 ::= { flowDataEntry 14 } 1393 flowDataDestAdjacentType OBJECT-TYPE 1394 SYNTAX AdjacentType 1395 MAX-ACCESS read-only 1396 STATUS current 1397 DESCRIPTION 1398 "Adjacent address type of the destination for this flow." 1399 ::= { flowDataEntry 15 } 1401 flowDataDestAdjacentAddress OBJECT-TYPE 1402 SYNTAX AdjacentAddress 1403 MAX-ACCESS read-only 1404 STATUS current 1405 DESCRIPTION 1406 "Address of the adjacent device on the path for the 1407 destination for this flow." 1408 ::= { flowDataEntry 16 } 1410 flowDataDestAdjacentMask OBJECT-TYPE 1411 SYNTAX AdjacentAddress 1412 MAX-ACCESS read-only 1413 STATUS current 1414 DESCRIPTION 1415 "1-bits in this mask indicate which bits must match when 1416 comparing the adjacent dest address for this flow." 1417 ::= { flowDataEntry 17 } 1419 flowDataDestPeerType OBJECT-TYPE 1420 SYNTAX PeerType 1421 MAX-ACCESS read-only 1422 STATUS current 1423 DESCRIPTION 1424 "Peer address type of the destination for this flow." 1425 ::= { flowDataEntry 18 } 1427 flowDataDestPeerAddress OBJECT-TYPE 1428 SYNTAX PeerAddress 1429 MAX-ACCESS read-only 1430 STATUS current 1431 DESCRIPTION 1432 "Address of the peer device for the destination of this flow." 1433 ::= { flowDataEntry 19 } 1435 flowDataDestPeerMask OBJECT-TYPE 1436 SYNTAX PeerAddress 1437 MAX-ACCESS read-only 1438 STATUS current 1439 DESCRIPTION 1440 "1-bits in this mask indicate which bits must match when 1441 comparing the dest peer type for this flow." 1443 ::= { flowDataEntry 20 } 1445 flowDataDestTransType OBJECT-TYPE 1446 SYNTAX TransportType 1447 MAX-ACCESS read-only 1448 STATUS current 1449 DESCRIPTION 1450 "Transport address type of the destination for this flow. The 1451 value of this attribute will depend on the peer address type." 1452 ::= { flowDataEntry 21 } 1454 flowDataDestTransAddress OBJECT-TYPE 1455 SYNTAX TransportAddress 1456 MAX-ACCESS read-only 1457 STATUS current 1458 DESCRIPTION 1459 "Transport address for the destination of this flow." 1460 ::= { flowDataEntry 22 } 1462 flowDataDestTransMask OBJECT-TYPE 1463 SYNTAX TransportAddress 1464 MAX-ACCESS read-only 1465 STATUS current 1466 DESCRIPTION 1467 "1-bits in this mask indicate which bits must match when 1468 comparing the transport destination address for this flow." 1469 ::= { flowDataEntry 23 } 1471 flowDataPDUScale OBJECT-TYPE 1472 SYNTAX Integer32 (1..255) 1473 MAX-ACCESS read-only 1474 STATUS current 1475 DESCRIPTION 1476 "The scale factor applied to this particular flow. Indicates 1477 the number of bits the PDU counter values should be moved left 1478 to obtain the actual values." 1479 ::= { flowDataEntry 24 } 1481 flowDataOctetScale OBJECT-TYPE 1482 SYNTAX Integer32 (1..255) 1483 MAX-ACCESS read-only 1484 STATUS current 1485 DESCRIPTION 1486 "The scale factor applied to this particular flow. Indicates 1487 the number of bits the octet counter values should be moved 1488 left to obtain the actual values." 1489 ::= { flowDataEntry 25 } 1491 flowDataRuleSet OBJECT-TYPE 1492 SYNTAX Integer32 (1..255) 1493 MAX-ACCESS not-accessible 1494 STATUS current 1495 DESCRIPTION 1496 "The RuleSet number of the rule set which created this flow. 1497 Allows a manager to use GetNext or GetBulk requests to find 1498 flows belonging to a particular RuleSet." 1499 ::= { flowDataEntry 26 } 1501 flowDataToOctets OBJECT-TYPE 1502 SYNTAX Counter64 1503 MAX-ACCESS read-only 1504 STATUS current 1505 DESCRIPTION 1506 "The count of octets flowing from source to dest address and 1507 being delivered to the protocol level being metered. In the 1508 case of IP this would count the number of octets delivered to 1509 the IP level." 1510 ::= { flowDataEntry 27 } 1512 flowDataToPDUs OBJECT-TYPE 1513 SYNTAX Counter64 1514 MAX-ACCESS read-only 1515 STATUS current 1516 DESCRIPTION 1517 "The count of protocol packets flowing from source to dest 1518 address and being delivered to the protocol level being 1519 metered. In the case of IP, for example, this would count the 1520 IP packets delivered to the IP protocol level." 1521 ::= { flowDataEntry 28 } 1523 flowDataFromOctets OBJECT-TYPE 1524 SYNTAX Counter64 1525 MAX-ACCESS read-only 1526 STATUS current 1527 DESCRIPTION 1528 "The count of octets flowing from dest to source address and 1529 being delivered to the protocol level being metered." 1530 ::= { flowDataEntry 29 } 1532 flowDataFromPDUs OBJECT-TYPE 1533 SYNTAX Counter64 1534 MAX-ACCESS read-only 1535 STATUS current 1536 DESCRIPTION 1537 "The count of protocol packets flowing from dest to source 1538 address and being delivered to the protocol level being 1539 metered. In the case of IP, for example, this would count 1540 the IP packets delivered to the IP protocol level." 1541 ::= { flowDataEntry 30 } 1543 flowDataFirstTime OBJECT-TYPE 1544 SYNTAX TimeStamp 1545 MAX-ACCESS read-only 1546 STATUS current 1547 DESCRIPTION 1548 "The time at which this flow was first entered in the table" 1549 ::= { flowDataEntry 31 } 1551 flowDataLastActiveTime OBJECT-TYPE 1552 SYNTAX TimeStamp 1553 MAX-ACCESS read-only 1554 STATUS current 1555 DESCRIPTION 1556 "The last time this flow had activity, i.e. the time of 1557 arrival of the most recent PDU belonging to this flow." 1558 ::= { flowDataEntry 32 } 1560 flowDataSourceSubscriberID OBJECT-TYPE 1561 SYNTAX OCTET STRING (SIZE (4..20)) 1562 MAX-ACCESS read-only 1563 STATUS current 1564 DESCRIPTION 1565 "Subscriber ID associated with the source address for this 1566 flow." 1567 ::= { flowDataEntry 33 } 1569 flowDataDestSubscriberID OBJECT-TYPE 1570 SYNTAX OCTET STRING (SIZE (4..20)) 1571 MAX-ACCESS read-only 1572 STATUS current 1573 DESCRIPTION 1574 "Subscriber ID associated with the dest address for this 1575 flow." 1576 ::= { flowDataEntry 34 } 1578 flowDataSessionID OBJECT-TYPE 1579 SYNTAX OCTET STRING (SIZE (4..10)) 1580 MAX-ACCESS read-only 1581 STATUS current 1582 DESCRIPTION 1583 "Session ID for this flow. Such an ID might be allocated 1584 by a network access server to distinguish a series of sessions 1585 between the same pair of addresses, which would otherwise 1586 appear to be parts of the same accounting flow." 1587 ::= { flowDataEntry 35 } 1589 flowDataSourceClass OBJECT-TYPE 1590 SYNTAX Integer32 (1..255) 1591 MAX-ACCESS read-only 1592 STATUS current 1593 DESCRIPTION 1594 "Source class for this flow. Determined by the rules, set by 1595 a PushRule action when this flow was entered in the table." 1597 ::= { flowDataEntry 36 } 1599 flowDataDestClass OBJECT-TYPE 1600 SYNTAX Integer32 (1..255) 1601 MAX-ACCESS read-only 1602 STATUS current 1603 DESCRIPTION 1604 "Destination class for this flow. Determined by the rules, set 1605 by a PushRule action when this flow was entered in the table." 1606 ::= { flowDataEntry 37 } 1608 flowDataClass OBJECT-TYPE 1609 SYNTAX Integer32 (1..255) 1610 MAX-ACCESS read-only 1611 STATUS current 1612 DESCRIPTION 1613 "Class for this flow. Determined by the rules, set by a 1614 PushRule action when this flow was entered in the table." 1615 ::= { flowDataEntry 38 } 1617 flowDataSourceKind OBJECT-TYPE 1618 SYNTAX Integer32 (1..255) 1619 MAX-ACCESS read-only 1620 STATUS current 1621 DESCRIPTION 1622 "Source kind for this flow. Determined by the rules, set by 1623 a PushRule action when this flow was entered in the table." 1624 ::= { flowDataEntry 39 } 1626 flowDataDestKind OBJECT-TYPE 1627 SYNTAX Integer32 (1..255) 1628 MAX-ACCESS read-only 1629 STATUS current 1630 DESCRIPTION 1631 "Destination kind for this flow. Determined by the rules, set 1632 by a PushRule action when this flow was entered in the table." 1633 ::= { flowDataEntry 40 } 1635 flowDataKind OBJECT-TYPE 1636 SYNTAX Integer32 (1..255) 1637 MAX-ACCESS read-only 1638 STATUS current 1639 DESCRIPTION 1640 "Class for this flow. Determined by the rules, set by a 1641 PushRule action when this flow was entered in the table." 1642 ::= { flowDataEntry 41 } 1644 -- 1645 -- The Activity Column Table 1646 -- 1647 flowColumnActivityTable OBJECT-TYPE 1648 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1649 MAX-ACCESS not-accessible 1650 STATUS deprecated 1651 DESCRIPTION 1652 "Index into the Flow Table. Allows a meter reader to retrieve 1653 a list containing the flow table indexes of flows which were 1654 last active at or after a given time, together with the values 1655 of a specified attribute for each such flow." 1656 ::= { flowData 2 } 1658 flowColumnActivityEntry OBJECT-TYPE 1659 SYNTAX FlowColumnActivityEntry 1660 MAX-ACCESS not-accessible 1661 STATUS deprecated 1662 DESCRIPTION 1663 "The Column Activity Entry for a particular attribute, 1664 activity time and flow." 1665 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1666 flowColumnActivityIndex } 1667 ::= { flowColumnActivityTable 1 } 1669 FlowColumnActivityEntry ::= SEQUENCE { 1670 flowColumnActivityAttribute FlowAttributeNumber, 1671 flowColumnActivityTime TimeFilter, 1672 flowColumnActivityIndex Integer32, 1673 flowColumnActivityData OCTET STRING 1674 } 1676 flowColumnActivityAttribute OBJECT-TYPE 1677 SYNTAX FlowAttributeNumber 1678 MAX-ACCESS read-only 1679 STATUS deprecated 1680 DESCRIPTION 1681 "Specifies the attribute for which values are required from 1682 active flows." 1683 ::= { flowColumnActivityEntry 1 } 1685 flowColumnActivityTime OBJECT-TYPE 1686 SYNTAX TimeFilter 1687 MAX-ACCESS read-only 1688 STATUS deprecated 1689 DESCRIPTION 1690 "This variable is a copy of flowDataLastActiveTime in the 1691 flow data record identified by the flowColumnActivityIndex 1692 value of this flowColumnActivityTable entry." 1693 ::= { flowColumnActivityEntry 2 } 1695 flowColumnActivityIndex OBJECT-TYPE 1696 SYNTAX Integer32 (1..2147483647) 1697 MAX-ACCESS read-only 1698 STATUS deprecated 1699 DESCRIPTION 1700 "Index of a flow table entry which was active at or after 1701 a specified flowColumnActivityTime." 1702 ::= { flowColumnActivityEntry 3 } 1704 flowColumnActivityData OBJECT-TYPE 1705 SYNTAX OCTET STRING (SIZE (3..1000)) 1706 MAX-ACCESS read-only 1707 STATUS deprecated 1708 DESCRIPTION 1709 "Collection of attribute data for flows active after 1710 flowColumnActivityTime. Within the OCTET STRING is a 1711 sequence of { flow index, attribute value } pairs, one for 1712 each active flow. The end of the sequence is marked by a 1713 flow index value of 0, indicating that there are no more 1714 rows in this column. 1716 The format of objects inside flowColumnFlowData is as follows. 1717 All numbers are unsigned. Numbers and strings appear with 1718 their high-order bytes leading. Numbers are fixed size, as 1719 specified by their SYNTAX in the flow table (above), i.e. one 1720 octet for flowAddressType and small constants, and four octets 1721 for Counter and TimeStamp. Strings are variable-length, with 1722 the length given in a single leading octet. 1724 The following is an attempt at an ASN.1 definition of 1725 flowColumnActivityData: 1727 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1728 flowRowItemEntry ::= SEQUENCE { 1729 flowRowNumber Integer32 (1..65535), 1730 -- 0 indicates the end of this column 1731 flowDataValue flowDataType -- Choice depends on attribute 1732 } 1733 flowDataType ::= CHOICE { 1734 flowByteValue Integer32 (1..255), 1735 flowShortValue Integer32 (1..65535), 1736 flowLongValue Integer32, 1737 flowStringValue OCTET STRING -- Length (n) in first byte, 1738 -- n+1 bytes total length, trailing zeroes truncated 1739 }" 1740 ::= { flowColumnActivityEntry 4 } 1742 -- 1743 -- The Data Package Table 1744 -- 1746 flowDataPackageTable OBJECT-TYPE 1747 SYNTAX SEQUENCE OF FlowDataPackageEntry 1748 MAX-ACCESS not-accessible 1749 STATUS current 1750 DESCRIPTION 1751 "Index into the Flow Table. Allows a meter reader to retrieve 1752 a sequence containing the values of a specified set of 1753 attributes for a flow which came from a specified rule set and 1754 which was last active at or after a given time." 1755 ::= { flowData 3 } 1757 flowDataPackageEntry OBJECT-TYPE 1758 SYNTAX FlowDataPackageEntry 1759 MAX-ACCESS not-accessible 1760 STATUS current 1761 DESCRIPTION 1762 "The data package containing selected variables from 1763 active rows in the flow table." 1764 INDEX { flowPackageSelector, 1765 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1766 ::= { flowDataPackageTable 1 } 1768 FlowDataPackageEntry ::= SEQUENCE { 1769 flowPackageSelector OCTET STRING, 1770 flowPackageRuleSet Integer32, 1771 flowPackageTime TimeFilter, 1772 flowPackageIndex Integer32, 1773 flowPackageData OCTET STRING 1774 } 1776 flowPackageSelector OBJECT-TYPE 1777 SYNTAX OCTET STRING 1778 MAX-ACCESS not-accessible 1779 STATUS current 1780 DESCRIPTION 1781 "Specifies the attributes for which values are required from 1782 an active flow. These are encoded as a sequence of octets 1783 each containing a FlowAttribute number, preceded by an octet 1784 giving the length of the sequence (not including the length 1785 octet). For a flowPackageSelector to be valid, it must 1786 contain at least one attribute." 1787 ::= { flowDataPackageEntry 1 } 1789 flowPackageRuleSet OBJECT-TYPE 1790 SYNTAX Integer32 (1..255) 1791 MAX-ACCESS not-accessible 1792 STATUS current 1793 DESCRIPTION 1794 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1795 set which produced the required flow." 1796 ::= { flowDataPackageEntry 2 } 1798 flowPackageTime OBJECT-TYPE 1799 SYNTAX TimeFilter 1800 MAX-ACCESS not-accessible 1801 STATUS current 1802 DESCRIPTION 1803 "This variable is a copy of flowDataLastActiveTime in the 1804 flow data record identified by the flowPackageIndex 1805 value of this flowPackageTable entry." 1806 ::= { flowDataPackageEntry 3 } 1808 flowPackageIndex OBJECT-TYPE 1809 SYNTAX Integer32 (1..2147483647) 1810 MAX-ACCESS not-accessible 1811 STATUS current 1812 DESCRIPTION 1813 "Index of a flow table entry which was active at or after 1814 a specified flowPackageTime." 1815 ::= { flowDataPackageEntry 4 } 1817 flowPackageData OBJECT-TYPE 1818 SYNTAX OCTET STRING 1819 MAX-ACCESS read-only 1820 STATUS current 1821 DESCRIPTION 1822 "A collection of attribute values for a single flow, as 1823 specified by this row's indexes. The attribute values are 1824 contained within a BER-encoded sequence [7], in the order 1825 they appear in their flowPackageSelector. 1827 For example, to retrieve a flowPackage containing values for 1828 attributes 11, 18 and 29, for a flow in rule set 7, with flow 1829 index 3447, one would GET the package whose Object Identifier 1830 (OID) is 1831 flowPackageData . 3.11.18.29 . 7. 0 . 3447 1833 To get a package for the next such flow which had been 1834 active since time 12345 one would GETNEXT the package whose 1835 Object Identifier (OID) is 1836 flowPackageData . 3.11.18.29 . 7. 12345 . 3447" 1837 ::= { flowDataPackageEntry 5 } 1839 -- 1840 -- The Rule Table 1841 -- 1843 -- This is an array of rule sets; the 'running' ones are indicated 1844 -- by the entries in the meter's flowManagerInfoTable. Several rule 1845 -- sets can be held in a meter so that the manager can change the 1846 -- running rule sets easily, for example with time of day. Note that 1847 -- a manager may not change the rules in any rule set currently 1848 -- referenced within the flowManagerInfoTable (either as 'current' or 1849 -- 'standby')! See the 'Traffic Flow Measurement: Architecture' 1850 -- document [9] for details of rules and how they are used. 1851 -- 1852 -- Space for a rule table is allocated by setting the value of 1853 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1855 flowRuleTable OBJECT-TYPE 1856 SYNTAX SEQUENCE OF FlowRuleEntry 1857 MAX-ACCESS not-accessible 1858 STATUS current 1859 DESCRIPTION 1860 "Contains all the rule sets which may be used by the meter." 1861 ::= { flowRules 1 } 1863 flowRuleEntry OBJECT-TYPE 1864 SYNTAX FlowRuleEntry 1865 MAX-ACCESS not-accessible 1866 STATUS current 1867 DESCRIPTION 1868 "The rule record itself." 1869 INDEX { flowRuleSet, flowRuleIndex } 1870 ::= { flowRuleTable 1 } 1872 FlowRuleEntry ::= SEQUENCE { 1873 flowRuleSet Integer32, 1874 flowRuleIndex Integer32, 1875 flowRuleSelector RuleAttributeNumber, 1876 flowRuleMask RuleAddress, 1877 flowRuleMatchedValue RuleAddress, 1878 flowRuleAction ActionNumber, 1879 flowRuleParameter Integer32 1880 } 1882 flowRuleSet OBJECT-TYPE 1883 SYNTAX Integer32 (1..2147483647) 1884 MAX-ACCESS not-accessible 1885 STATUS current 1886 DESCRIPTION 1887 "Selects a rule set from the array of rule sets." 1888 ::= { flowRuleEntry 1 } 1890 flowRuleIndex OBJECT-TYPE 1891 SYNTAX Integer32 (1..65535) 1892 MAX-ACCESS not-accessible 1893 STATUS current 1894 DESCRIPTION 1895 "The index into the Rule table. N.B: These values will 1896 normally be consecutive, given the fall-through semantics 1897 of processing the table." 1898 ::= { flowRuleEntry 2 } 1900 flowRuleSelector OBJECT-TYPE 1901 SYNTAX RuleAttributeNumber 1902 MAX-ACCESS read-write 1903 STATUS current 1904 DESCRIPTION 1905 "Indicates the attribute to be matched. 1907 null(0) is a special case; null rules always succeed. 1909 matchingStoD(50) is set by the meter's Packet Matching Engine. 1910 Its value is true(1) if the PME is attempting to match the 1911 packet with its addresses in Source-to-Destination order (i.e. 1912 as they appear in the packet), and false(2) otherwise. 1913 Details of how packets are matched are given in the 'Traffic 1914 Flow Measurement: Architecture' document [9]. 1916 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1917 variables, each of which can hold the name (i.e. selector 1918 value) of an address attribute. When one of these is used 1919 as a selector, its value specifies the attribute to be 1920 tested. Variable values are set by an Assign action." 1921 ::= { flowRuleEntry 3 } 1923 flowRuleMask OBJECT-TYPE 1924 SYNTAX RuleAddress 1925 MAX-ACCESS read-write 1926 STATUS current 1927 DESCRIPTION 1928 "The initial mask used to compute the desired value. If the 1929 mask is zero the rule's test will always succeed." 1930 ::= { flowRuleEntry 4 } 1932 flowRuleMatchedValue OBJECT-TYPE 1933 SYNTAX RuleAddress 1934 MAX-ACCESS read-write 1935 STATUS current 1936 DESCRIPTION 1937 "The resulting value to be matched for equality. 1938 Specifically, if the attribute chosen by the flowRuleSelector 1939 logically ANDed with the mask specified by the flowRuleMask 1940 equals the value specified in the flowRuleMatchedValue, then 1941 continue processing the table entry based on the action 1942 specified by the flowRuleAction entry. Otherwise, proceed to 1943 the next entry in the rule table." 1944 ::= { flowRuleEntry 5 } 1946 flowRuleAction OBJECT-TYPE 1947 SYNTAX ActionNumber 1948 MAX-ACCESS read-write 1949 STATUS current 1950 DESCRIPTION 1951 "The action to be taken if this rule's test succeeds, or if 1952 the meter's 'test' flag is off. Actions are opcodes for the 1953 meter's Packet Matching Engine; details are given in the 1954 'Traffic Flow Measurement: Architecture' document [9]." 1955 ::= { flowRuleEntry 6 } 1957 flowRuleParameter OBJECT-TYPE 1958 SYNTAX Integer32 (1..65535) 1959 MAX-ACCESS read-write 1960 STATUS current 1961 DESCRIPTION 1962 "A parameter value providing extra information for the 1963 rule's action." 1964 ::= { flowRuleEntry 7 } 1966 -- 1967 -- Traffic Flow Meter conformance statement 1968 -- 1970 flowMIBCompliances 1971 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1973 flowMIBGroups 1974 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1976 flowControlGroup OBJECT-GROUP 1977 OBJECTS { 1978 flowRuleInfoSize, flowRuleInfoOwner, 1979 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1980 flowRuleInfoName, 1981 flowRuleInfoRulesReady, 1982 flowRuleInfoFlowRecords, 1983 flowInterfaceSampleRate, 1984 flowInterfaceLostPackets, 1985 flowReaderTimeout, flowReaderOwner, 1986 flowReaderLastTime, flowReaderPreviousTime, 1987 flowReaderStatus, flowReaderRuleSet, 1988 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 1989 flowManagerHighWaterMark, 1990 -- flowManagerCounterWrap, <- In DataScaleGroup 1991 flowManagerOwner, flowManagerTimeStamp, 1992 flowManagerStatus, flowManagerRunningStandby, 1993 flowFloodMark, 1994 flowInactivityTimeout, flowActiveFlows, 1995 flowMaxFlows, flowFloodMode } 1996 STATUS deprecated 1997 DESCRIPTION 1998 "The control group defines objects which are used to control 1999 an accounting meter." 2000 ::= {flowMIBGroups 1 } 2002 flowDataTableGroup OBJECT-GROUP 2003 OBJECTS { 2004 -- flowDataIndex, <- Index 2005 -- flowDataTimeMark, <- Index 2006 flowDataStatus, 2007 flowDataSourceInterface, 2008 flowDataSourceAdjacentType, 2009 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2010 flowDataSourcePeerType, 2011 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2012 flowDataSourceTransType, 2013 flowDataSourceTransAddress, flowDataSourceTransMask, 2014 flowDataDestInterface, 2015 flowDataDestAdjacentType, 2016 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2017 flowDataDestPeerType, 2018 flowDataDestPeerAddress, flowDataDestPeerMask, 2019 flowDataDestTransType, 2020 flowDataDestTransAddress, flowDataDestTransMask, 2021 -- flowDataRuleSet, <- Index 2022 flowDataToOctets, flowDataToPDUs, 2023 flowDataFromOctets, flowDataFromPDUs, 2024 flowDataFirstTime, flowDataLastActiveTime, 2025 flowDataSourceClass, flowDataDestClass, flowDataClass, 2026 flowDataSourceKind, flowDataDestKind, flowDataKind 2027 } 2028 STATUS deprecated 2029 DESCRIPTION 2030 "The flow table group defines objects which provide the 2031 structure for the flow table, including the creation time 2032 and activity time indexes into it. In addition it defines 2033 objects which provide a base set of flow attributes for the 2034 adjacent, peer and transport layers, together with a flow's 2035 counters and times. Finally it defines a flow's class and 2036 kind attributes, which are set by rule actions." 2037 ::= {flowMIBGroups 2 } 2039 flowDataScaleGroup OBJECT-GROUP 2040 OBJECTS { 2041 flowManagerCounterWrap, 2042 flowDataPDUScale, flowDataOctetScale 2043 } 2044 STATUS deprecated 2045 DESCRIPTION 2046 "The flow scale group defines objects which specify scale 2047 factors for counters." 2048 ::= {flowMIBGroups 3 } 2050 flowDataSubscriberGroup OBJECT-GROUP 2051 OBJECTS { 2052 flowDataSourceSubscriberID, flowDataDestSubscriberID, 2053 flowDataSessionID 2054 } 2055 STATUS current 2056 DESCRIPTION 2057 "The flow subscriber group defines objects which may be used 2058 to identify the end point(s) of a flow." 2059 ::= {flowMIBGroups 4 } 2061 flowDataColumnTableGroup OBJECT-GROUP 2062 OBJECTS { 2063 flowColumnActivityAttribute, 2064 flowColumnActivityIndex, 2065 flowColumnActivityTime, 2066 flowColumnActivityData 2067 } 2068 STATUS deprecated 2069 DESCRIPTION 2070 "The flow column table group defines objects which can be used 2071 to collect part of a column of attribute values from the flow 2072 table." 2073 ::= {flowMIBGroups 5 } 2075 flowDataPackageGroup OBJECT-GROUP 2076 OBJECTS { 2077 -- flowPackageSelector, <- Index 2078 -- flowPackageRuleSet, <- Index 2079 -- flowPackageIndex, <- Index 2080 flowPackageData 2081 } 2082 STATUS current 2083 DESCRIPTION 2084 "The data package group defines objects which can be used 2085 to collect a specified set of attribute values from a row of 2086 the flow table." 2087 ::= {flowMIBGroups 6 } 2089 flowRuleTableGroup OBJECT-GROUP 2090 OBJECTS { 2091 flowRuleSelector, 2092 flowRuleMask, flowRuleMatchedValue, 2093 flowRuleAction, flowRuleParameter 2094 } 2095 STATUS current 2096 DESCRIPTION 2097 "The rule table group defines objects which hold the set(s) 2098 of rules specifying which traffic flows are to be accounted 2099 for." 2100 ::= {flowMIBGroups 7 } 2102 flowDataScaleGroup2 OBJECT-GROUP 2103 OBJECTS { 2105 -- flowManagerCounterWrap, <- Deprecated 2106 flowDataPDUScale, flowDataOctetScale 2107 } 2108 STATUS current 2109 DESCRIPTION 2110 "The flow scale group defines objects which specify scale 2111 factors for counters. This group replaces the earlier 2112 version of flowDataScaleGroup above (now deprecated)." 2113 ::= {flowMIBGroups 8} 2115 flowControlGroup2 OBJECT-GROUP 2116 OBJECTS { 2117 flowRuleInfoSize, flowRuleInfoOwner, 2118 flowRuleInfoTimeStamp, flowRuleInfoStatus, 2119 flowRuleInfoName, 2120 -- flowRuleInfoRulesReady, <- Deprecated 2121 flowRuleInfoFlowRecords, 2122 flowInterfaceSampleRate, 2123 flowInterfaceLostPackets, 2124 flowReaderTimeout, flowReaderOwner, 2125 flowReaderLastTime, flowReaderPreviousTime, 2126 flowReaderStatus, flowReaderRuleSet, 2127 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 2128 flowManagerHighWaterMark, 2129 -- flowManagerCounterWrap, <- In DataScaleGroup 2130 flowManagerOwner, flowManagerTimeStamp, 2131 flowManagerStatus, flowManagerRunningStandby, 2132 flowFloodMark, 2133 flowInactivityTimeout, flowActiveFlows, 2134 flowMaxFlows, flowFloodMode } 2135 STATUS current 2136 DESCRIPTION 2137 "The control group defines objects which are used to control 2138 an accounting meter. It replaces the earlier version of 2139 flowControlGroup above (now deprecated)." 2140 ::= {flowMIBGroups 9 } 2142 flowDataTableGroup2 OBJECT-GROUP 2143 OBJECTS { 2144 -- flowDataIndex, <- Index 2145 -- flowDataTimeMark, <- Index 2146 -- flowDataStatus, <- Deprecated 2147 flowDataSourceInterface, 2148 flowDataSourceAdjacentType, 2149 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2150 flowDataSourcePeerType, 2151 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2152 flowDataSourceTransType, 2153 flowDataSourceTransAddress, flowDataSourceTransMask, 2154 flowDataDestInterface, 2155 flowDataDestAdjacentType, 2156 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2157 flowDataDestPeerType, 2158 flowDataDestPeerAddress, flowDataDestPeerMask, 2159 flowDataDestTransType, 2160 flowDataDestTransAddress, flowDataDestTransMask, 2161 -- flowDataRuleSet, <- Index 2162 flowDataToOctets, flowDataToPDUs, 2163 flowDataFromOctets, flowDataFromPDUs, 2164 flowDataFirstTime, flowDataLastActiveTime, 2165 flowDataSourceClass, flowDataDestClass, flowDataClass, 2166 flowDataSourceKind, flowDataDestKind, flowDataKind 2167 } 2168 STATUS current 2169 DESCRIPTION 2170 "This flow table group defines objects which provide the 2171 structure for the flow table. It replaces the earlier 2172 version of flowDataTableGroup above (now deprecated)." 2173 ::= {flowMIBGroups 10 } 2175 flowMIBCompliance MODULE-COMPLIANCE 2176 STATUS current 2177 DESCRIPTION 2178 "The compliance statement for a Traffic Flow Meter." 2179 MODULE 2180 MANDATORY-GROUPS { 2181 flowControlGroup2, 2182 flowDataTableGroup2, 2183 flowDataPackageGroup, 2184 flowRuleTableGroup 2185 } 2186 ::= { flowMIBCompliances 1 } 2188 END 2190 7 Security Considerations 2192 This MIB describes how an RTFM traffic meter is controlled, and provides 2193 a way for traffic flow data to be retrieved from it by a meter reader. 2194 This is essentially an application using SNMP as a method of 2195 communication between co-operating hosts; it does not - in itself - have 2196 any inherent security risks. 2198 Since, however, the traffic flow data can be extremely valuable for 2199 network management purposes it is vital that sensible precautions be 2200 taken to keep the meter and its data secure. This requires that access 2201 to the meter for control purposes (e.g. loading RuleSets and reading 2202 flow data) be restricted. Such restriction could be achieved in many 2203 ways, for example 2204 - Physical Separation. Meter(s) and meter reader(s) could be 2205 deployed so that control capabilities are kept within a separate 2206 network, access to which is carefully controlled. 2208 - Application-layer Security. A minimal level of security for SNMP 2209 is provided by using 'community' strings, which are essentially 2210 clear-text passwords. Stronger security for SNMP is being 2211 developed within the IETF; when this becomes available it should be 2212 used to protect managed network equipment. 2214 - Lower-layer Security. Access to the meter can be protected using 2215 encryption at the network layer. For example, one could run SNMP 2216 to the meter through an encrypted TCP tunnel. 2218 When implementing a meter it may be sensible to use separate network 2219 interfaces for control and for metering. If this is done the control 2220 network can be set up so that it doesn't carry any 'user' traffic, and 2221 the metering interfaces can ignore any user attempts to take control of 2222 the meter. 2224 Users should also consider how they will address attempts to circumvent 2225 a meter, i.e. to prevent it from measuring flows. Such attempts are 2226 essentially denial-of-service attacks on the metering interfaces. For 2227 example 2229 - Port Scan attacks. The attacker sends packets to each of a very 2230 large number of IP (Address : Port) pairs. Each of these packets 2231 creates a new flow in the meter; if there are enough of them the 2232 meter will recognise a 'flood' condition, and will probably stop 2233 creating new flows. As a minimum, users (and implementors) should 2234 ensure that meters can recover from flood conditions as soon as 2235 possible after they occur. 2237 - Counter Wrap attacks: The attacker sends enough packets to cause 2238 the counters in a flow to wrap several times between meter 2239 readings, thus causing the counts to be artificially low. The 2240 change to using 64-bit counters in this MIB reduces this problem 2241 significantly. 2243 Users can reduce the severity of both the above attacks by ensuring that 2244 their meters are read often enough to prevent them being flooded. The 2245 resulting flow data will contain a record of the attacking packets, 2246 which may well be useful in determining where any attack came from. 2248 8 Acknowledgements 2250 An early draft of this document was produced under the auspices of the 2251 IETF's Accounting Working Group with assistance from the SNMP Working 2252 Group and the Security Area Advisory Group. Particular thanks are due 2253 to Jim Barnes, Sig Handelman and Stephen Stibler for their support and 2254 their assistance with checking early versions of the MIB. 2256 Stephen Stibler shared the development workload of producing the MIB 2257 changes summarized in chpter 5 (above). 2259 9 References 2261 [1] McCloghrie, K., and Rose, M., Editors, "Management 2262 Information Base for Network Management of TCP/IP-based 2263 internets," RFC 1213, Performance Systems International, March 2264 1991. 2266 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 2267 "Structure of Management Information for version 2 of the 2268 Simple Network Managemenet Protocol," RFC 1902, SNMP Research 2269 Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie 2270 Mellon University, January 1996. 2272 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 2273 "Textual Conventions for version 2 of the Simple Network 2274 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2275 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2276 University, January 1996. 2278 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2279 "Conformance Statements for version 2 of the Simple Network 2280 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2281 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2282 University, January 1996. 2284 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2285 "Coexistence between version 1 and version 2 of the 2286 Internet-standard Network Management Framework," RFC 1908, SNMP 2287 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2288 Carnegie Mellon University, January 1996. 2290 [6] Information processing systems - Open Systems 2291 Interconnection - Specification of Abstract Syntax Notation One 2292 (ASN.1), International Organization for Standardization, 2293 International Standard 8824, December 1987. 2295 [7] Information processing systems - Open Systems 2296 Interconnection - Specification of Basic Encoding Rules for 2297 Abstract Notation One (ASN.1), International Organization for 2298 Standardization, International Standard 8825, December 1987. 2300 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2301 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2302 Technology Corporation, November 1991. 2304 [9] Brownlee, N., Mills, C., and G. Ruth, "Traffic Flow 2305 Measurement: Architecture", RFC 2063, The University of 2306 Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, 2307 January 1997. 2309 [10] Waldbusser, S., "Remote Network Monitoring Management 2310 Information Base Version 2 using SMIv2," RFC 2021, INS, January 2311 1997. 2313 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2314 ISI, October 1994. 2316 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2317 SNMP Research Incorporated, January 1992. 2319 [13] Hinden, R., Deering, S., "IP Version 6 Addressing 2320 Architecture," RFC 1884, Ipsilon Networks, Xerox PARC, December 2321 1995. 2323 10 Author's Address 2325 Nevil Brownlee 2326 Information Technology Systems & Services 2327 The University of Auckland 2329 Phone: +64 9 373 7599 x8941 2330 E-mail: n.brownlee@auckland.ac.nz 2332 Expires June 1998