idnits 2.17.1 draft-ietf-rtfm-meter-mib-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 88 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 47 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1696 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 1999) is 9226 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1902 (ref. '2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '3') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '4') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1908 (ref. '5') (Obsoleted by RFC 2576) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') ** Obsolete normative reference: RFC 2063 (ref. '9') (Obsoleted by RFC 2722) ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 1884 (ref. '13') (Obsoleted by RFC 2373) Summary: 18 errors (**), 0 flaws (~~), 5 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force Nevil Brownlee 2 INTERNET-DRAFT The University of Auckland 3 July 1998 4 Expires January 1999 6 Traffic Flow Measurement: Meter MIB 8 10 Status of this Memo 12 This document is an Internet-Draft. Internet-Drafts are working 13 documents of the Internet Engineering Task Force (IETF), its Areas, and 14 its Working Groups. Note that other groups may also distribute working 15 documents as Internet-Drafts. This Internet Draft is a product of the 16 Realtime Traffic Flow Measurement Working Group of the IETF. 18 Internet Drafts are draft documents valid for a maximum of six months. 19 Internet Drafts may be updated, replaced, or obsoleted by other 20 documents at any time. It is not appropriate to use Internet Drafts as 21 reference material or to cite them other than as a "working draft" or 22 "work in progress." 24 To view the entire list of current Internet-Drafts, please check the 25 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 26 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), 27 ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), 28 ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 30 Abstract 32 A 'Traffic Meter' collects data relating to traffic flows within a 33 network. This document defines a Management Information Base (MIB) for 34 use in controlling a traffic meter, in particular for specifying the 35 flows to be measured. It also provides an efficient mechanism for 36 retrieving flow data from the meter using SNMP. Security issues 37 concerning the operation of traffic meters are summarised. 39 Contents 41 1 Introduction 2 43 2 The Network Management Framework 2 45 3 Objects 3 46 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . . 4 48 4 Overview 4 49 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . . 4 50 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 5 52 5 Definitions 7 54 6 Security Considerations 44 56 7 Appendix A: Changes Introduced Since RFC 2064 45 58 8 Acknowledgements 46 60 9 References 46 62 10 Author's Address 47 64 1 Introduction 66 This memo defines a portion of the Management Information Base (MIB) for 67 use with network management protocols in the Internet community. In 68 particular, it describes objects for managing and collecting data from 69 network Realtime Traffic Flow Meters, as described in [9]. 71 The MIB is 'basic' in the sense that it provides more than enough 72 information for everyday traffic measurment. Furthermore, it can be 73 easily extended by adding new attributes as required. The RTFM Working 74 group is actively pursuing the development of the meter in this way. 76 2 The Network Management Framework 78 The Internet-standard Network Management Framework consists of three 79 components. They are: 81 RFC 1155 defines the SMI, the mechanisms used for describing 82 and naming objects for the purpose of management. RFC 1212 83 defines a more concise description mechanism, which is wholly 84 consistent with the SMI. 86 RFC 1156 defines MIB-I, the core set of managed objects for the 87 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 88 evolution of MIB-I based on implementation experience and new 89 operational requirements. 91 RFC 1157 defines the SNMP, the protocol used for network access 92 to managed objects. 94 RFC 1902 [2] defines the SMI for version 2 of the Simple 95 Network Management Protocol. 97 RFCs 1903 and 1904 [3,4] define Textual Conventions and 98 Conformance Statements for version 2 of the Simple Network 99 Management Protocol. 101 RFC 1908 [5] describes how versions 1 and 2 of the Simple 102 Network Management Protocol should coexist. 104 The Framework permits new objects to be defined for the purpose of 105 experimentation and evaluation. 107 3 Objects 109 Managed objects are accessed via a virtual information store, termed the 110 Management Information Base or MIB. Objects in the MIB are defined using 111 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 112 SMI. In particular, each object has a name, a syntax, and an encoding. 113 The name is an object identifier, an administratively assigned name, 114 which specifies an object type. The object type together with an object 115 instance serves to uniquely identify a specific instantiation of the 116 object. For human convenience, we often use a textual string, termed 117 the OBJECT DESCRIPTOR, to also refer to the object type. 119 The syntax of an object type defines the abstract data structure 120 corresponding to that object type. The ASN.1 language is used for this 121 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 122 which may be used. These restrictions are explicitly made for 123 simplicity. 125 The encoding of an object type is simply how that object type is 126 represented using the object type's syntax. Implicitly tied to the 127 notion of an object type's syntax and encoding is how the object type is 128 represented when being transmitted on the network. 130 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 131 subject to the additional requirements imposed by the SNMP. 133 3.1 Format of Definitions 135 Section 4 contains the specification of all object types contained in 136 this MIB module. These object types are specified using the conventions 137 defined in [2] and [3]. 139 4 Overview 141 Traffic Flow Measurement seeks to provide a well-defined method for 142 gathering traffic flow information from networks and internetworks. The 143 background for this is given in "Traffic Flow Measurement: Background" 144 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 145 produced a measurement architecture to achieve this goal; this is 146 documented in "Traffic Flow Measurement: Architecture" [9]. The 147 architecture defines three entities: 149 - METERS, which observe network traffic flows and build up a table of 150 flow data records for them, 152 - METER READERS, which collect traffic flow data from meters, and 154 - MANAGERS, which oversee the operation of meters and meter readers. 156 This memo defines the SNMP management information for a Traffic Flow 157 Meter (TFM). Work in this field was begun by the Internet Accounting 158 Working Group. It has been further developed and expanded by the 159 Realtime Traffic Flow Measurement Working Group. 161 4.1 Scope of Definitions, Textual Conventions 163 All objects defined in this memo are registered in a single subtree 164 within the mib-2 namespace [1,2], and are for use in network devices 165 which may perform a PDU forwarding or monitoring function. For these 166 devices, the value of the ifSpecific variable in the MIB-II [1] has the 167 OBJECT IDENTIFIER value: 169 flowMIB OBJECT IDENTIFIER ::= mib-2 40 171 as defined below. 173 The RTFM Meter MIB was first produced and tested using SNMPv1. It was 174 converted into SNMPv2 following the guidelines in RFC 1908 [5]. 176 4.2 Usage of the MIB variables 178 The MIB is organised in four parts - control, data, rules and 179 conformance statements. 181 The rules implement the set of packet-matching actions, as described in 182 the "Traffic Flow Measurment: Architecture" document [9]. In addition 183 they provide for BASIC-style subroutines, allowing a network manager to 184 dramatically reduce the number of rules required to monitor a large 185 network. 187 Traffic flows are identified by a set of attributes for each of their 188 end-points. Attributes include network addresses for each layer of the 189 network protocol stack, and 'subscriber ids,' which may be used to 190 identify an accountable entity for the flow. 192 The conformance statements are set out as defined in [4]. They explain 193 what must be implemented in a meter which claims to conform to this MIB. 195 To retrieve flow data one could simply do a linear scan of the flow 196 table. This would certainly work, but would require a lot of protocol 197 exchanges. To reduce the overhead in retrieving flow data the flow 198 table uses a TimeFilter variable, defined as a Textual Convention in the 199 RMON2 MIB [10]. 201 As an alternative method of reading flow data, the MIB provides a view 202 of the flow table called the flowDataPackageTable. This is (logically) 203 a four-dimensional array, subscripted by package selector, ruleset, 204 activity time and starting flow number. The package selector is a 205 sequence of bytes which specifies a list of flow attributes. 207 A data package (as returned by the meter) is a sequence of values for 208 the attributes specified in its selector, encoded using the Basic 209 Encoding Rules [7]. It allows a meter reader to retrieve all the 210 attribute values it requires in a single MIB object. This, when used 211 together with SNMPv2's GetBulk request, allows a meter reader to scan 212 the flow table and upload a specified set of attribute values for flows 213 which have changed since the last reading, and which were created by a 214 specified rule set. 216 One aspect of data collection which needs emphasis is that all the MIB 217 variables are set up to allow multiple independent meter readers to work 218 properly, i.e. the flow table indexes are stateless. An alternative 219 approach would have been to 'snapshot' the flow table, which would mean 220 that the meter readers would have to be synchronized. The stateless 221 approach does mean that two meter readers will never return exactly the 222 same set of traffic counts, but over long periods (e.g. 15-minute 223 collections over a day) the discrepancies are acceptable. If one really 224 needs a snapshot, this can be achieved by switching to an identical rule 225 set with a different RuleSet number, hence asynchronous collections may 226 be regarded as a useful generalisation of synchronised ones. 228 The control variables are the minimum set required for a meter reader. 229 Their number has been whittled down as experience has been gained with 230 the MIB implementation. A few of them are 'general,' i.e. they control 231 the overall behaviour of the meter. These are set by a single 'master' 232 manager, and no other manager should attempt to change their values. 233 The decision as to which manager is the 'master' must be made by the 234 network operations personnel responsible; this MIB does not attempt to 235 define any interaction between managers. 237 There are three other groups of control variables, arranged into tables 238 in the same way as in the RMON2 MIB [10]. They are used as follows: 240 - RULE SET INFO: Before attempting to download a RuleSet, a manager 241 must create a row in the flowRuleSetInfoTable and set its 242 flowRuleInfoSize to a value large enough to hold the RuleSet. When 243 the rule set is ready the manager must set flowRuleInfoRulesReady 244 to 'true,' indicating that the rule set is ready for use (but not 245 yet 'running'). 247 - METER READER INFO: Any meter reader wishing to collect data 248 reliably for all flows from a RuleSet should first create a row in 249 the flowReaderInfoTable with flowReaderRuleSet set to that 250 RuleSet's index in the flowRuleSetInfoTable. It should write that 251 row's flowReaderLastTime object each time it starts a collection 252 pass through the flow table. The meter will not recover a flow's 253 memory until every meter reader holding a row for that flow's 254 RuleSet has collected the flow's data. 256 - MANAGER INFO: Any manager wishing to run a RuleSet in the meter 257 must create a row in the flowManagerInfo table, specifying the 258 desired RuleSet to run and its corresponding 'standby' Ruleset (if 259 one is desired). A current RuleSet is 'running' if its 260 flowManagerRunningStandby value is false(2), similarly a standby 261 RuleSet is 'running' if flowManagerRunningStandby is true(1). 263 Times within the meter are in terms of its Uptime, i.e. centiseconds 264 since the meter started. For meters implemented as self-contained SNMP 265 agents this will be the same as sysUptime, but this may not be true for 266 meters implemented as subagents. Managers can read the meter's Uptime 267 when neccessary (e.g. to set a TimeFilter value) by setting 268 flowReaderLastTime, then reading its new value. 270 5 Definitions 272 FLOW-METER-MIB DEFINITIONS ::= BEGIN 274 IMPORTS 275 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 276 FROM SNMPv2-SMI 277 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 278 FROM SNMPv2-TC 279 OBJECT-GROUP, MODULE-COMPLIANCE 280 FROM SNMPv2-CONF 281 mib-2, ifIndex 282 FROM RFC1213-MIB 283 OwnerString 284 FROM RMON-MIB 285 TimeFilter 286 FROM RMON2-MIB; 288 flowMIB MODULE-IDENTITY 289 LAST-UPDATED "9712230937Z" 290 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 291 CONTACT-INFO 292 "Nevil Brownlee, The University of Auckland 294 Postal: Information Technology Sytems & Services 295 The University of Auckland 296 Private Bag 92-019 297 Auckland, New Zealand 299 Phone: +64 9 373 7599 x8941 300 E-mail: n.brownlee@auckland.ac.nz" 301 DESCRIPTION 302 "MIB for the RTFM Traffic Flow Meter." 304 REVISION "9712230937Z" 305 DESCRIPTION 306 "Two further variables deprecated: 307 - flowRuleInfoRulesReady (use flowRuleInfoStatus intead) 308 - flowDataStatus (contains no useful information)" 310 REVISION "9707071715Z" 311 DESCRIPTION 312 "Significant changes since RFC 2064 include: 313 - flowDataPackageTable added 314 - flowColumnActivityTable deprecated 315 - flowManagerCounterWrap deprecated" 317 REVISION "9603080208Z" 318 DESCRIPTION 319 "Initial version of this MIB (RFC 2064)" 321 ::= { mib-2 40 } 323 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 325 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 327 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 329 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 331 -- Textual Conventions 333 MediumType ::= TEXTUAL-CONVENTION 334 STATUS current 335 DESCRIPTION 336 "Specifies the type of a MediumAddress (see below). The 337 values used for IEEE 802 media are from the 'Network 338 Management Parameters (ifType definitions)' section of the 339 Assigned Numbers RFC [11]." 340 SYNTAX INTEGER { 341 ethernet(7), 342 tokenring(9), 343 fddi(15) } 345 MediumAddress ::= TEXTUAL-CONVENTION 346 STATUS current 347 DESCRIPTION 348 "Specifies the value of a Medium Access Control (MAC) address. 349 Address format depends on the actual Medium, as follows: 351 Ethernet: ethernet(7) 352 6-octet 802.3 MAC address in 'canonical' order 354 Token Ring: tokenring(9) 355 6-octet 802.5 MAC address in 'canonical' order 357 FDDI: fddi(15) 358 FddiMACLongAddress, i.e. a 6-octet MAC address 359 in 'canonical' order (defined in the FDDI MIB [12]) 360 " 361 SYNTAX OCTET STRING (SIZE (6..20)) 363 PeerType ::= TEXTUAL-CONVENTION 364 STATUS current 365 DESCRIPTION 366 "Indicates the type of a PeerAddress (see below). The values 367 used are from the 'Address Family Numbers' section of the 368 Assigned Numbers RFC [11]." 369 SYNTAX INTEGER { 370 ipv4(1), 371 ipv6(2), 372 nsap(3), 373 ipx(11), 374 appletalk(12), 375 decnet(13) } 377 PeerAddress ::= TEXTUAL-CONVENTION 378 STATUS current 379 DESCRIPTION 380 "Specifies the value of a peer address for various network 381 protocols. Address format depends on the actual protocol, 382 as indicated below: 384 IPv4: ipv4(1) 385 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 387 IPv6: ipv6(2) 388 16-octet IpAddress (defined in the 389 IPv6 Addressing RFC [13]) 391 CLNS: nsap(3) 392 NsapAddress (defined in the SNMPv2 SMI [2]) 394 Novell: ipx(11) 395 4-octet Network number, 396 6-octet Host number (MAC address) 398 AppleTalk: appletalk(12) 399 2-octet Network number (sixteen bits), 400 1-octet Host number (eight bits) 402 DECnet: decnet(13) 403 1-octet Area number (in low-order six bits), 404 2-octet Host number (in low-order ten bits) 405 " 406 SYNTAX OCTET STRING (SIZE (3..20)) 408 AdjacentType ::= TEXTUAL-CONVENTION 409 STATUS current 410 DESCRIPTION 411 "Indicates the type of an adjacent address. 412 Is a superset of MediumType and PeerType." 413 SYNTAX INTEGER { 414 ip(1), 415 nsap(3), 416 ethernet(7), 417 tokenring(9), 418 ipx(11), 419 appletalk(12), 420 decnet(13), 421 fddi(15) } 423 AdjacentAddress ::= TEXTUAL-CONVENTION 424 STATUS current 425 DESCRIPTION 426 "Specifies the value of an adjacent address. 427 Is a superset of MediumAddress and PeerAddress." 428 SYNTAX OCTET STRING (SIZE (3..20)) 430 TransportType ::= TEXTUAL-CONVENTION 431 STATUS current 432 DESCRIPTION 433 "Indicates the type of a TransportAddress (see below). Values 434 will depend on the actual protocol; for IP they will be those 435 given in the 'Protocol Numbers' section of the Assigned Numbers 436 RFC [11], including icmp(1), tcp(6) and udp(17)." 437 SYNTAX Integer32 (1..255) 439 TransportAddress ::= TEXTUAL-CONVENTION 440 STATUS current 441 DESCRIPTION 442 "Specifies the value of a transport address for various 443 network protocols. Format as follows: 445 IP: 446 2-octet UDP or TCP port number 448 Other protocols: 449 2-octet port number 450 " 451 SYNTAX OCTET STRING (SIZE (2)) 453 RuleAddress ::= TEXTUAL-CONVENTION 454 STATUS current 455 DESCRIPTION 456 "Specifies the value of an address. Is a superset of 457 MediumAddress, PeerAddress and TransportAddress." 458 SYNTAX OCTET STRING (SIZE (2..20)) 460 FlowAttributeNumber ::= TEXTUAL-CONVENTION 461 STATUS current 462 DESCRIPTION 463 "Uniquely identifies an attribute within a flow data record." 464 SYNTAX INTEGER { 465 flowIndex(1), 466 flowStatus(2), 467 flowTimeMark(3), 469 sourceInterface(4), 470 sourceAdjacentType(5), 471 sourceAdjacentAddress(6), 472 sourceAdjacentMask(7), 473 sourcePeerType(8), 474 sourcePeerAddress(9), 475 sourcePeerMask(10), 476 sourceTransType(11), 477 sourceTransAddress(12), 478 sourceTransMask(13), 480 destInterface(14), 481 destAdjacentType(15), 482 destAdjacentAddress(16), 483 destAdjacentMask(17), 484 destPeerType(18), 485 destPeerAddress(19), 486 destPeerMask(20), 487 destTransType(21), 488 destTransAddress(22), 489 destTransMask(23), 491 pduScale(24), 492 octetScale(25), 494 ruleSet(26), 495 toOctets(27), -- Source-to-Dest 496 toPDUs(28), 497 fromOctets(29), -- Dest-to-Source 498 fromPDUs(30), 499 firstTime(31), -- Activity times 500 lastActiveTime(32), 502 sourceSubscriberID(33), -- Subscriber ID 503 destSubscriberID(34), 504 sessionID(35), 506 sourceClass(36), -- Computed attributes 507 destClass(37), 508 flowClass(38), 509 sourceKind(39), 510 destKind(40), 511 flowKind(41) } 513 RuleAttributeNumber ::= TEXTUAL-CONVENTION 514 STATUS current 515 DESCRIPTION 516 "Uniquely identifies an attribute which may be tested in 517 a rule. These include attributes whose values come directly 518 from (or are computed from) the flow's packets, and the five 519 'meter' variables used to hold an Attribute Number." 520 SYNTAX INTEGER { 521 null(0), 522 sourceInterface(4), -- Source Address 523 sourceAdjacentType(5), 524 sourceAdjacentAddress(6), 525 sourcePeerType(8), 526 sourcePeerAddress(9), 527 sourceTransType(11), 528 sourceTransAddress(12), 530 destInterface(14), -- Dest Address 531 destAdjacentType(15), 532 destAdjacentAddress(16), 533 destPeerType(18), 534 destPeerAddress(19), 535 destTransType(21), 536 destTransAddress(22), 538 sourceSubscriberID(33), -- Subscriber ID 539 destSubscriberID(34), 540 sessionID(35), 542 sourceClass(36), -- Computed attributes 543 destClass(37), 544 flowClass(38), 545 sourceKind(39), 546 destKind(40), 547 flowKind(41), 549 matchingStoD(50), -- Packet matching 551 v1(51), -- Meter variables 552 v2(52), 553 v3(53), 554 v4(54), 555 v5(55) } 557 ActionNumber ::= TEXTUAL-CONVENTION 558 STATUS current 559 DESCRIPTION 560 "Uniquely identifies the action of a rule, i.e. the Pattern 561 Matching Engine's opcode number. Details of the opcodes 562 are given in the 'Traffic Flow Measurement: Architecture' 563 document [9]." 564 SYNTAX INTEGER { 565 ignore(1), 566 noMatch(2), 567 count(3), 568 countPkt(4), 569 return(5), 570 gosub(6), 571 gosubAct(7), 572 assign(8), 573 assignAct(9), 574 goto(10), 575 gotoAct(11), 576 pushRuleTo(12), 577 pushRuleToAct(13), 578 pushPktTo(14), 579 pushPktToAct(15), 580 popTo(16), 581 popToAct(17) } 583 -- 584 -- Control Group: Rule Set Info Table 585 -- 587 flowRuleSetInfoTable OBJECT-TYPE 588 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 589 MAX-ACCESS not-accessible 590 STATUS current 591 DESCRIPTION 592 "An array of information about the rule sets held in the 593 meter. 595 Any manager may configure a new rule set for the meter by 596 creating a row in this table with status active(1), and setting 597 values for all the objects in its rules. At this stage the new 598 rule set is available but not 'running,' i.e. it is not being 599 used by the meter to produce entries in the flow table. 601 To actually 'run' a rule set a manager must create a row in 602 the flowManagerInfoTable, set it's flowManagerStatus to 603 active(1), and set either its CurrentRuleSet or StandbyRuleSet 604 to point to the rule set to be run. 606 Once a rule set is running a manager may not change any of the 607 objects within the rule set itself. 609 Any manager may stop a rule set running by removing all 610 references to it in the flowManagerInfoTable (i.e. by setting 611 CurrentRuleSet and StandbyRuleSet values to 0). This provides a 612 way to stop rule sets left running if a manager fails." 613 ::= { flowControl 1 } 615 flowRuleSetInfoEntry OBJECT-TYPE 616 SYNTAX FlowRuleSetInfoEntry 617 MAX-ACCESS not-accessible 618 STATUS current 619 DESCRIPTION 620 "Information about a particular rule set." 621 INDEX { flowRuleInfoIndex } 622 ::= { flowRuleSetInfoTable 1 } 624 FlowRuleSetInfoEntry ::= SEQUENCE { 625 flowRuleInfoIndex Integer32, 626 flowRuleInfoSize Integer32, 627 flowRuleInfoOwner OwnerString, 628 flowRuleInfoTimeStamp TimeStamp, 629 flowRuleInfoStatus RowStatus, 630 flowRuleInfoName OCTET STRING, 631 flowRuleInfoRulesReady TruthValue, 632 flowRuleInfoFlowRecords Integer32 633 } 635 flowRuleInfoIndex OBJECT-TYPE 636 SYNTAX Integer32 (1..2147483647) 637 MAX-ACCESS not-accessible 638 STATUS current 639 DESCRIPTION 640 "An index which selects an entry in the flowRuleSetInfoTable. 641 Each such entry contains control information for a particular 642 rule set which the meter may run." 643 ::= { flowRuleSetInfoEntry 1 } 645 flowRuleInfoSize OBJECT-TYPE 646 SYNTAX Integer32 647 MAX-ACCESS read-create 648 STATUS current 649 DESCRIPTION 650 "Number of rules in this rule set. Setting this variable will 651 cause the meter to allocate space for these rules." 652 ::= { flowRuleSetInfoEntry 2 } 654 flowRuleInfoOwner OBJECT-TYPE 655 SYNTAX OwnerString 656 MAX-ACCESS read-create 657 STATUS current 658 DESCRIPTION 659 "Identifies the manager which 'owns' this rule set. A manager 660 must set this variable when creating a row in this table." 661 ::= { flowRuleSetInfoEntry 3 } 663 flowRuleInfoTimeStamp OBJECT-TYPE 664 SYNTAX TimeStamp 665 MAX-ACCESS read-only 666 STATUS current 667 DESCRIPTION 668 "Time this row's associated rule set was last changed." 669 ::= { flowRuleSetInfoEntry 4 } 671 flowRuleInfoStatus OBJECT-TYPE 672 SYNTAX RowStatus 673 MAX-ACCESS read-create 674 STATUS current 675 DESCRIPTION 676 "The status of this flowRuleSetInfoEntry. If this value is 677 not active(1) the meter must not attempt to use the row's 678 associated rule set. Once its value has been set to active(1) 679 a manager may not change any of the other variables in the 680 row, nor the contents of the associated rule set. 682 To download a rule set, a manger could: 683 - Locate an open slot in the RuleSetInfoTable. 684 - Create a RuleSetInfoEntry by setting the status for this 685 open slot to createAndWait(5). 686 - Set flowRuleInfoSize and flowRuleInfoName as required. 687 - Download the rules into the row's rule table. 688 - Set flowRuleInfoStatus to active(1). 690 The rule set would then be ready to run. The manager is not 691 allowed to change the value of flowRuleInfoStatus from 692 active(1) if the associated RuleSet is being referenced by any 693 of the entries in the flowManagerInfoTable. 695 Setting RuleInfoStatus to destroy(6) destroys the associated 696 rule set together with any flow data collected by it." 697 ::= { flowRuleSetInfoEntry 5 } 699 flowRuleInfoName OBJECT-TYPE 700 SYNTAX OCTET STRING 701 MAX-ACCESS read-create 702 STATUS current 703 DESCRIPTION 704 "An alphanumeric identifier used by managers and readers to 705 identify a rule set. For example, a manager wishing to run a 706 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 707 to see whether the WWW-FLOWS rule set is already available on 708 the meter. 710 Note that references to rule sets in the flowManagerInfoTable 711 use indexes for their flowRuleSetInfoTable entries. These may 712 be different each time the rule set is loaded into a meter." 713 ::= { flowRuleSetInfoEntry 6 } 715 flowRuleInfoRulesReady OBJECT-TYPE 716 SYNTAX TruthValue 717 MAX-ACCESS read-create 718 STATUS deprecated 719 DESCRIPTION 720 "Indicates whether the rules for this row's associated rule set 721 are ready for use. The meter will refuse to 'run' the rule set 722 unless this variable has been set to true(1). 723 While RulesReady is false(2), the manager may modify the rule 724 set, for example by downloading rules into it." 725 ::= { flowRuleSetInfoEntry 7 } 727 flowRuleInfoFlowRecords OBJECT-TYPE 728 SYNTAX Integer32 729 MAX-ACCESS read-only 730 STATUS current 731 DESCRIPTION 732 "The number of entries in the flow table for this rule set. 733 These may be current (waiting for collection by one or more 734 meter readers) or idle (waiting for the meter to recover 735 their memory)." 736 ::= { flowRuleSetInfoEntry 8 } 738 -- 739 -- Control Group: Interface Info Table 740 -- 742 flowInterfaceTable OBJECT-TYPE 743 SYNTAX SEQUENCE OF FlowInterfaceEntry 744 MAX-ACCESS not-accessible 745 STATUS current 746 DESCRIPTION 747 "An array of information specific to each meter interface." 748 ::= { flowControl 2 } 750 flowInterfaceEntry OBJECT-TYPE 751 SYNTAX FlowInterfaceEntry 752 MAX-ACCESS not-accessible 753 STATUS current 754 DESCRIPTION 755 "Information about a particular interface." 756 INDEX { ifIndex } 757 ::= { flowInterfaceTable 1 } 759 FlowInterfaceEntry ::= SEQUENCE { 760 flowInterfaceSampleRate Integer32, 761 flowInterfaceLostPackets Counter32 762 } 764 flowInterfaceSampleRate OBJECT-TYPE 765 SYNTAX Integer32 766 MAX-ACCESS read-write 767 STATUS current 768 DESCRIPTION 769 "The parameter N for statistical counting on this interface. 770 Set to N to count 1/Nth of the packets appearing at this 771 interface. A meter should choose its own algorithm to 772 introduce variance into the sampling so that exactly every Nth 773 packet is not counted. A sampling rate of 1 counts all 774 packets. A sampling rate of 0 results in the interface 775 being ignored by the meter." 776 DEFVAL { 1 } 777 ::= { flowInterfaceEntry 1 } 779 flowInterfaceLostPackets OBJECT-TYPE 780 SYNTAX Counter32 781 MAX-ACCESS read-only 782 STATUS current 783 DESCRIPTION 784 "The number of packets the meter has lost for this interface. 785 Such losses may occur because the meter has been unable to 786 keep up with the traffic volume." 787 ::= { flowInterfaceEntry 2 } 789 -- 790 -- Control Group: Meter Reader Info Table 791 -- 793 -- Any meter reader wishing to collect data reliably for flows 794 -- should first create a row in this table. It should write that 795 -- row's flowReaderLastTime object each time it starts a collection 796 -- pass through the flow table. 798 -- If a meter reader (MR) does not create a row in this table, e.g. 799 -- because it failed authentication in the meter's SNMP write 800 -- community, collection can still proceed but the meter will not be 801 -- aware of meter reader MR. This could lead the meter to recover 802 -- flows before they have been collected by MR. 804 flowReaderInfoTable OBJECT-TYPE 805 SYNTAX SEQUENCE OF FlowReaderInfoEntry 806 MAX-ACCESS not-accessible 807 STATUS current 808 DESCRIPTION 809 "An array of information about meter readers which have 810 registered their intent to collect flow data from this meter." 811 ::= { flowControl 3 } 813 flowReaderInfoEntry OBJECT-TYPE 814 SYNTAX FlowReaderInfoEntry 815 MAX-ACCESS not-accessible 816 STATUS current 817 DESCRIPTION 818 "Information about a particular meter reader." 819 INDEX { flowReaderIndex } 820 ::= { flowReaderInfoTable 1 } 822 FlowReaderInfoEntry ::= SEQUENCE { 823 flowReaderIndex Integer32, 824 flowReaderTimeout Integer32, 825 flowReaderOwner OwnerString, 826 flowReaderLastTime TimeStamp, 827 flowReaderPreviousTime TimeStamp, 828 flowReaderStatus RowStatus, 829 flowReaderRuleSet Integer32 830 } 832 flowReaderIndex OBJECT-TYPE 833 SYNTAX Integer32 (1..2147483647) 834 MAX-ACCESS not-accessible 835 STATUS current 836 DESCRIPTION 837 "An index which selects an entry in the flowReaderInfoTable." 838 ::= { flowReaderInfoEntry 1 } 840 flowReaderTimeout OBJECT-TYPE 841 SYNTAX Integer32 842 MAX-ACCESS read-create 843 STATUS current 844 DESCRIPTION 845 "Specifies the maximum time (in seconds) between flow data 846 collections for this meter reader. If this time elapses 847 without a collection, the meter should assume that this meter 848 reader has stopped collecting, and delete this row from the 849 table. A value of zero indicates that this row should not be 850 timed out." 851 ::= { flowReaderInfoEntry 2 } 853 flowReaderOwner OBJECT-TYPE 854 SYNTAX OwnerString 855 MAX-ACCESS read-create 856 STATUS current 857 DESCRIPTION 858 "Identifies the meter reader which created this row." 859 ::= { flowReaderInfoEntry 3 } 861 flowReaderLastTime OBJECT-TYPE 862 SYNTAX TimeStamp 863 MAX-ACCESS read-create 864 STATUS current 865 DESCRIPTION 866 "Time this meter reader began its most recent data collection. 868 This variable should be written by a meter reader as its first 869 step in reading flow data. The meter will set this LastTime 870 value to its current Uptime, and set its PreviousTime value 871 (below) to the old LastTime. This allows the meter to 872 recover flows which have been inactive since PreviousTime, 873 for these have been collected at least once. 875 If the meter reader fails to write flowLastReadTime, collection 876 may still proceed but the meter may not be able to recover 877 inactive flows until the flowReaderTimeout has been reached 878 for this entry." 880 ::= { flowReaderInfoEntry 4 } 882 flowReaderPreviousTime OBJECT-TYPE 883 SYNTAX TimeStamp 884 MAX-ACCESS read-only 885 STATUS current 886 DESCRIPTION 887 "Time this meter reader began the collection before last." 888 ::= { flowReaderInfoEntry 5 } 890 flowReaderStatus OBJECT-TYPE 891 SYNTAX RowStatus 892 MAX-ACCESS read-create 893 STATUS current 894 DESCRIPTION 895 "The status of this FlowReaderInfoEntry. A value of active(1) 896 implies that the associated reader should be collecting data 897 from the meter. Once this variable has been set to active(1) 898 a manager may only change this row's flowReaderLastTime and 899 flowReaderTimeout variables." 900 ::= { flowReaderInfoEntry 6 } 902 flowReaderRuleSet OBJECT-TYPE 903 SYNTAX Integer32 (1..2147483647) 904 MAX-ACCESS read-create 905 STATUS current 906 DESCRIPTION 907 "An index to the array of rule sets. Specifies a set of rules 908 of interest to this meter reader. The reader will attempt to 909 collect any data generated by the meter for this rule set, and 910 the meter will not recover the memory of any of the rule set's 911 flows until this collection has taken place. Note that a 912 reader may have entries in this table for several rule sets." 913 ::= { flowReaderInfoEntry 7 } 915 -- 916 -- Control Group: Manager Info Table 917 -- 919 -- Any manager wishing to run a rule set must create a row in this 920 -- table. Once it has a table row, the manager may set the control 921 -- variables in its row so as to cause the meter to run any valid 922 -- rule set held by the meter. 924 -- A single manager may run several rule sets; it must create a row 925 -- in this table for each of them. In short, each row of this table 926 -- describes (and controls) a 'task' which the meter is executing. 928 flowManagerInfoTable OBJECT-TYPE 929 SYNTAX SEQUENCE OF FlowManagerInfoEntry 930 MAX-ACCESS not-accessible 931 STATUS current 932 DESCRIPTION 933 "An array of information about managers which have 934 registered their intent to run rule sets on this meter." 935 ::= { flowControl 4 } 937 flowManagerInfoEntry OBJECT-TYPE 938 SYNTAX FlowManagerInfoEntry 939 MAX-ACCESS not-accessible 940 STATUS current 941 DESCRIPTION 942 "Information about a particular meter 'task.' By creating 943 an entry in this table and activating it, a manager requests 944 that the meter 'run' the indicated rule set. 946 The entry also specifies a HighWaterMark and a StandbyRuleSet. 947 If the meter's flow table usage exceeds this task's 948 HighWaterMark the meter will stop running the task's 949 CurrentRuleSet and switch to its StandbyRuleSet. 951 If the value of the task's StandbyRuleSet is 0 when its 952 HighWaterMark is exceeded, the meter simply stops running the 953 task's CurrentRuleSet. By careful selection of HighWaterMarks 954 for the various tasks a manager can ensure that the most 955 critical rule sets are the last to stop running as the number 956 of flows increases. 958 When a manager has determined that the demand for flow table 959 space has abated, it may cause the task to switch back to its 960 CurrentRuleSet by setting its flowManagerRunningStandby 961 variable to false(2)." 962 INDEX { flowManagerIndex } 963 ::= { flowManagerInfoTable 1 } 965 FlowManagerInfoEntry ::= SEQUENCE { 966 flowManagerIndex Integer32, 967 flowManagerCurrentRuleSet Integer32, 968 flowManagerStandbyRuleSet Integer32, 969 flowManagerHighWaterMark Integer32, 970 flowManagerCounterWrap INTEGER, 971 flowManagerOwner OwnerString, 972 flowManagerTimeStamp TimeStamp, 973 flowManagerStatus RowStatus, 974 flowManagerRunningStandby TruthValue 975 } 977 flowManagerIndex OBJECT-TYPE 978 SYNTAX Integer32 (1..2147483647) 979 MAX-ACCESS not-accessible 980 STATUS current 981 DESCRIPTION 982 "An index which selects an entry in the flowManagerInfoTable." 983 ::= { flowManagerInfoEntry 1 } 985 flowManagerCurrentRuleSet OBJECT-TYPE 986 SYNTAX Integer32 987 MAX-ACCESS read-create 988 STATUS current 989 DESCRIPTION 990 "Index to the array of rule sets. Specifies which set of 991 rules is the 'current' one for this task. The meter will 992 be 'running' the current ruleset if this row's 993 flowManagerRunningStandby value is false(2). 995 When the manager sets this variable the meter will stop using 996 the task's old current rule set and start using the new one. 997 Specifying rule set 0 (the empty set) stops flow measurement 998 for this task." 999 ::= { flowManagerInfoEntry 2 } 1001 flowManagerStandbyRuleSet OBJECT-TYPE 1002 SYNTAX Integer32 1003 MAX-ACCESS read-create 1004 STATUS current 1005 DESCRIPTION 1006 "Index to the array of rule sets. After reaching HighWaterMark 1007 (see below) the manager will switch to using the task's 1008 StandbyRuleSet in place of its CurrentRuleSet. For this to be 1009 effective the designated StandbyRuleSet should have a coarser 1010 reporting granularity then the CurrentRuleSet. The manager may 1011 also need to decrease the meter reading interval so that the 1012 meter can recover flows measured by this task's CurrentRuleSet." 1013 DEFVAL { 0 } -- No standby 1014 ::= { flowManagerInfoEntry 3 } 1016 flowManagerHighWaterMark OBJECT-TYPE 1017 SYNTAX Integer32 (0..100) 1018 MAX-ACCESS read-create 1019 STATUS current 1020 DESCRIPTION 1021 "A value expressed as a percentage, interpreted by the meter 1022 as an indication of how full the flow table should be before 1023 it should switch to the standby rule set (if one has been 1024 specified) for this task. Values of 0% or 100% disable the 1025 checking represented by this variable." 1026 ::= { flowManagerInfoEntry 4 } 1028 flowManagerCounterWrap OBJECT-TYPE 1029 SYNTAX INTEGER { wrap(1), scale(2) } 1030 MAX-ACCESS read-create 1031 STATUS deprecated 1032 DESCRIPTION 1033 "Specifies whether PDU and octet counters should wrap when 1034 they reach the top of their range (normal behaviour for 1035 Counter64 objects), or whether their scale factors should 1036 be used instead. The combination of counter and scale 1037 factor allows counts to be returned as binary floating 1038 point numbers, with 64-bit mantissas and 8-bit exponents." 1039 DEFVAL { wrap } 1040 ::= { flowManagerInfoEntry 5 } 1042 flowManagerOwner OBJECT-TYPE 1043 SYNTAX OwnerString 1044 MAX-ACCESS read-create 1045 STATUS current 1046 DESCRIPTION 1047 "Identifies the manager which created this row." 1048 ::= { flowManagerInfoEntry 6 } 1050 flowManagerTimeStamp OBJECT-TYPE 1051 SYNTAX TimeStamp 1052 MAX-ACCESS read-only 1053 STATUS current 1054 DESCRIPTION 1055 "Time this row was last changed by its manager." 1056 ::= { flowManagerInfoEntry 7 } 1058 flowManagerStatus OBJECT-TYPE 1059 SYNTAX RowStatus 1060 MAX-ACCESS read-create 1061 STATUS current 1062 DESCRIPTION 1063 "The status of this row in the flowManagerInfoTable. A value 1064 of active(1) implies that this task may be activated, by 1065 setting its CurrentRuleSet and StandbyRuleSet variables. 1066 Its HighWaterMark and RunningStandby variables may also be 1067 changed." 1068 ::= { flowManagerInfoEntry 8 } 1070 flowManagerRunningStandby OBJECT-TYPE 1071 SYNTAX TruthValue 1072 MAX-ACCESS read-create 1073 STATUS current 1074 DESCRIPTION 1075 "Set to true(1) by the meter to indicate that it has switched 1076 to runnning this task's StandbyRuleSet in place of its 1077 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1078 manager may simply set this variable to false(2)." 1079 DEFVAL { false } 1080 ::= { flowManagerInfoEntry 9 } 1082 -- 1083 -- Control Group: General Meter Control Variables 1084 -- 1086 flowFloodMark OBJECT-TYPE 1087 SYNTAX Integer32 (0..100) 1088 MAX-ACCESS read-write 1089 STATUS current 1090 DESCRIPTION 1091 "A value expressed as a percentage, interpreted by the meter 1092 as an indication of how full the flow table should be before 1093 it should take some action to avoid running out of resources 1094 to handle new flows. Values of 0% or 100% disable the 1095 checking represented by this variable." 1096 DEFVAL { 95 } -- Enabled by default. 1097 ::= { flowControl 5 } 1099 flowInactivityTimeout OBJECT-TYPE 1100 SYNTAX Integer32 1101 MAX-ACCESS read-write 1102 STATUS current 1103 DESCRIPTION 1104 "The time in seconds since the last packet seen, after which 1105 a flow becomes 'idle.' Note that although a flow may be 1106 idle, it will not be discarded (and its memory recovered) 1107 until after its data has been collected by all the meter 1108 readers registered for its RuleSet." 1109 DEFVAL { 600 } -- 10 minutes 1110 ::= { flowControl 6 } 1112 flowActiveFlows OBJECT-TYPE 1113 SYNTAX Integer32 1114 MAX-ACCESS read-only 1115 STATUS current 1116 DESCRIPTION 1117 "The numbers of flows which are currently in use." 1118 ::= { flowControl 7 } 1120 flowMaxFlows OBJECT-TYPE 1121 SYNTAX Integer32 1122 MAX-ACCESS read-only 1123 STATUS current 1124 DESCRIPTION 1125 "The maximum number of flows allowed in the meter's 1126 flow table. At present this is determined when the meter 1127 is first started up." 1128 ::= { flowControl 8 } 1130 flowFloodMode OBJECT-TYPE 1131 SYNTAX TruthValue 1132 MAX-ACCESS read-write 1133 STATUS current 1134 DESCRIPTION 1135 "Indicates that the meter has passed its FloodMark and is 1136 not running in its normal mode. When a manager notices this 1137 it should take action to remedy the problem which caused the 1138 flooding. Once the flood has receded, the manager may set 1139 this variable to false(2) to resume normal operaation." 1140 ::= { flowControl 9 } 1142 -- 1143 -- The Flow Table 1144 -- 1146 -- This is a table kept by a meter, with one flow data entry for every 1147 -- flow being measured. Each flow data entry stores the attribute 1148 -- values for a traffic flow. Details of flows and their attributes 1149 -- are given in the 'Traffic Flow Measurement: Architecture' 1150 -- document [9]. 1152 -- From time to time a meter reader may sweep the flow table so as 1153 -- to read counts. This is most effectively achieved by using the 1154 -- TimeMark variable together with successive GetBulk requests to 1155 -- retrieve the values of the desired flow attribute variables. 1157 -- This scheme allows multiple meter readers to independently use the 1158 -- same meter; the meter readers do not have to be synchronised and 1159 -- they may use different collection intervals. 1161 flowDataTable OBJECT-TYPE 1162 SYNTAX SEQUENCE OF FlowDataEntry 1163 MAX-ACCESS not-accessible 1164 STATUS current 1165 DESCRIPTION 1166 "The list of all flows being measured." 1167 ::= { flowData 1 } 1169 flowDataEntry OBJECT-TYPE 1170 SYNTAX FlowDataEntry 1171 MAX-ACCESS not-accessible 1172 STATUS current 1173 DESCRIPTION 1174 "The flow data record for a particular flow." 1175 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1176 ::= { flowDataTable 1 } 1178 FlowDataEntry ::= SEQUENCE { 1179 flowDataIndex Integer32, 1180 flowDataTimeMark TimeFilter, 1181 flowDataStatus INTEGER, 1183 flowDataSourceInterface Integer32, 1184 flowDataSourceAdjacentType AdjacentType, 1185 flowDataSourceAdjacentAddress AdjacentAddress, 1186 flowDataSourceAdjacentMask AdjacentAddress, 1187 flowDataSourcePeerType PeerType, 1188 flowDataSourcePeerAddress PeerAddress, 1189 flowDataSourcePeerMask PeerAddress, 1190 flowDataSourceTransType TransportType, 1191 flowDataSourceTransAddress TransportAddress, 1192 flowDataSourceTransMask TransportAddress, 1194 flowDataDestInterface Integer32, 1195 flowDataDestAdjacentType AdjacentType, 1196 flowDataDestAdjacentAddress AdjacentAddress, 1197 flowDataDestAdjacentMask AdjacentAddress, 1198 flowDataDestPeerType PeerType, 1199 flowDataDestPeerAddress PeerAddress, 1200 flowDataDestPeerMask PeerAddress, 1201 flowDataDestTransType TransportType, 1202 flowDataDestTransAddress TransportAddress, 1203 flowDataDestTransMask TransportAddress, 1205 flowDataPDUScale Integer32, 1206 flowDataOctetScale Integer32, 1208 flowDataRuleSet Integer32, 1210 flowDataToOctets Counter64, -- Source->Dest 1211 flowDataToPDUs Counter64, 1212 flowDataFromOctets Counter64, -- Dest->Source 1213 flowDataFromPDUs Counter64, 1214 flowDataFirstTime TimeStamp, -- Activity times 1215 flowDataLastActiveTime TimeStamp, 1217 flowDataSourceSubscriberID OCTET STRING, 1218 flowDataDestSubscriberID OCTET STRING, 1219 flowDataSessionID OCTET STRING, 1221 flowDataSourceClass Integer32, 1222 flowDataDestClass Integer32, 1223 flowDataClass Integer32, 1224 flowDataSourceKind Integer32, 1225 flowDataDestKind Integer32, 1226 flowDataKind Integer32 1227 } 1229 flowDataIndex OBJECT-TYPE 1230 SYNTAX Integer32 (1..2147483647) 1231 MAX-ACCESS not-accessible 1232 STATUS current 1233 DESCRIPTION 1234 "Value of this flow data record's index within the meter's 1235 flow table." 1237 ::= { flowDataEntry 1 } 1239 flowDataTimeMark OBJECT-TYPE 1240 SYNTAX TimeFilter 1241 MAX-ACCESS not-accessible 1242 STATUS current 1243 DESCRIPTION 1244 "A TimeFilter for this entry. Allows GetNext and GetBulk 1245 to find flow table rows which have changed since a specified 1246 value of the meter's Uptime." 1247 ::= { flowDataEntry 2 } 1249 flowDataStatus OBJECT-TYPE 1250 SYNTAX INTEGER { inactive(1), current(2) } 1251 MAX-ACCESS read-only 1252 STATUS deprecated 1253 DESCRIPTION 1254 "Status of this flow data record." 1255 ::= { flowDataEntry 3 } 1257 flowDataSourceInterface OBJECT-TYPE 1258 SYNTAX Integer32 1259 MAX-ACCESS read-only 1260 STATUS current 1261 DESCRIPTION 1262 "Index of the interface associated with the source address 1263 for this flow. It's value is one of those contained in the 1264 ifIndex field of the meter's interfaces table." 1265 ::= { flowDataEntry 4 } 1267 flowDataSourceAdjacentType OBJECT-TYPE 1268 SYNTAX AdjacentType 1269 MAX-ACCESS read-only 1270 STATUS current 1271 DESCRIPTION 1272 "Adjacent address type of the source for this flow. If 1273 metering is being performed at the network level this will 1274 probably be an 802 MAC address, and the adjacent type will 1275 indicate the medium being used. If traffic is being metered 1276 inside a tunnel, its adjacent address type will be the peer 1277 type of the host at the end of the tunnel." 1278 ::= { flowDataEntry 5 } 1280 flowDataSourceAdjacentAddress OBJECT-TYPE 1281 SYNTAX AdjacentAddress 1282 MAX-ACCESS read-only 1283 STATUS current 1284 DESCRIPTION 1285 "Address of the adjacent device on the path for the source 1286 for this flow." 1287 ::= { flowDataEntry 6 } 1289 flowDataSourceAdjacentMask OBJECT-TYPE 1290 SYNTAX AdjacentAddress 1291 MAX-ACCESS read-only 1292 STATUS current 1293 DESCRIPTION 1294 "1-bits in this mask indicate which bits must match when 1295 comparing the adjacent source address for this flow." 1296 ::= { flowDataEntry 7 } 1298 flowDataSourcePeerType OBJECT-TYPE 1299 SYNTAX PeerType 1300 MAX-ACCESS read-only 1301 STATUS current 1302 DESCRIPTION 1303 "Peer address type of the source for this flow." 1304 ::= { flowDataEntry 8 } 1306 flowDataSourcePeerAddress OBJECT-TYPE 1307 SYNTAX PeerAddress 1308 MAX-ACCESS read-only 1309 STATUS current 1310 DESCRIPTION 1311 "Address of the peer device for the source of this flow." 1312 ::= { flowDataEntry 9 } 1314 flowDataSourcePeerMask OBJECT-TYPE 1315 SYNTAX PeerAddress 1316 MAX-ACCESS read-only 1317 STATUS current 1318 DESCRIPTION 1319 "1-bits in this mask indicate which bits must match when 1320 comparing the source peer address for this flow." 1321 ::= { flowDataEntry 10 } 1323 flowDataSourceTransType OBJECT-TYPE 1324 SYNTAX TransportType 1325 MAX-ACCESS read-only 1326 STATUS current 1327 DESCRIPTION 1328 "Transport address type of the source for this flow. The 1329 value of this attribute will depend on the peer address type." 1330 ::= { flowDataEntry 11 } 1332 flowDataSourceTransAddress OBJECT-TYPE 1333 SYNTAX TransportAddress 1334 MAX-ACCESS read-only 1335 STATUS current 1336 DESCRIPTION 1337 "Transport address for the source of this flow." 1338 ::= { flowDataEntry 12 } 1340 flowDataSourceTransMask OBJECT-TYPE 1341 SYNTAX TransportAddress 1342 MAX-ACCESS read-only 1343 STATUS current 1344 DESCRIPTION 1345 "1-bits in this mask indicate which bits must match when 1346 comparing the transport source address for this flow." 1347 ::= { flowDataEntry 13 } 1349 flowDataDestInterface OBJECT-TYPE 1350 SYNTAX Integer32 1351 MAX-ACCESS read-only 1352 STATUS current 1353 DESCRIPTION 1354 "Index of the interface associated with the dest address for 1355 this flow. This value is one of the values contained in the 1356 ifIndex field of the interfaces table." 1357 ::= { flowDataEntry 14 } 1359 flowDataDestAdjacentType OBJECT-TYPE 1360 SYNTAX AdjacentType 1361 MAX-ACCESS read-only 1362 STATUS current 1363 DESCRIPTION 1364 "Adjacent address type of the destination for this flow." 1365 ::= { flowDataEntry 15 } 1367 flowDataDestAdjacentAddress OBJECT-TYPE 1368 SYNTAX AdjacentAddress 1369 MAX-ACCESS read-only 1370 STATUS current 1371 DESCRIPTION 1372 "Address of the adjacent device on the path for the 1373 destination for this flow." 1374 ::= { flowDataEntry 16 } 1376 flowDataDestAdjacentMask OBJECT-TYPE 1377 SYNTAX AdjacentAddress 1378 MAX-ACCESS read-only 1379 STATUS current 1380 DESCRIPTION 1381 "1-bits in this mask indicate which bits must match when 1382 comparing the adjacent dest address for this flow." 1383 ::= { flowDataEntry 17 } 1385 flowDataDestPeerType OBJECT-TYPE 1386 SYNTAX PeerType 1387 MAX-ACCESS read-only 1388 STATUS current 1389 DESCRIPTION 1390 "Peer address type of the destination for this flow." 1391 ::= { flowDataEntry 18 } 1393 flowDataDestPeerAddress OBJECT-TYPE 1394 SYNTAX PeerAddress 1395 MAX-ACCESS read-only 1396 STATUS current 1397 DESCRIPTION 1398 "Address of the peer device for the destination of this flow." 1399 ::= { flowDataEntry 19 } 1401 flowDataDestPeerMask OBJECT-TYPE 1402 SYNTAX PeerAddress 1403 MAX-ACCESS read-only 1404 STATUS current 1405 DESCRIPTION 1406 "1-bits in this mask indicate which bits must match when 1407 comparing the dest peer type for this flow." 1408 ::= { flowDataEntry 20 } 1410 flowDataDestTransType OBJECT-TYPE 1411 SYNTAX TransportType 1412 MAX-ACCESS read-only 1413 STATUS current 1414 DESCRIPTION 1415 "Transport address type of the destination for this flow. The 1416 value of this attribute will depend on the peer address type." 1417 ::= { flowDataEntry 21 } 1419 flowDataDestTransAddress OBJECT-TYPE 1420 SYNTAX TransportAddress 1421 MAX-ACCESS read-only 1422 STATUS current 1423 DESCRIPTION 1424 "Transport address for the destination of this flow." 1425 ::= { flowDataEntry 22 } 1427 flowDataDestTransMask OBJECT-TYPE 1428 SYNTAX TransportAddress 1429 MAX-ACCESS read-only 1430 STATUS current 1431 DESCRIPTION 1432 "1-bits in this mask indicate which bits must match when 1433 comparing the transport destination address for this flow." 1434 ::= { flowDataEntry 23 } 1436 flowDataPDUScale OBJECT-TYPE 1437 SYNTAX Integer32 (1..255) 1438 MAX-ACCESS read-only 1439 STATUS current 1440 DESCRIPTION 1441 "The scale factor applied to this particular flow. Indicates 1442 the number of bits the PDU counter values should be moved left 1443 to obtain the actual values." 1444 ::= { flowDataEntry 24 } 1446 flowDataOctetScale OBJECT-TYPE 1447 SYNTAX Integer32 (1..255) 1448 MAX-ACCESS read-only 1449 STATUS current 1450 DESCRIPTION 1451 "The scale factor applied to this particular flow. Indicates 1452 the number of bits the octet counter values should be moved 1453 left to obtain the actual values." 1454 ::= { flowDataEntry 25 } 1456 flowDataRuleSet OBJECT-TYPE 1457 SYNTAX Integer32 (1..255) 1458 MAX-ACCESS not-accessible 1459 STATUS current 1460 DESCRIPTION 1461 "The RuleSet number of the rule set which created this flow. 1462 Allows a manager to use GetNext or GetBulk requests to find 1463 flows belonging to a particular RuleSet." 1464 ::= { flowDataEntry 26 } 1466 flowDataToOctets OBJECT-TYPE 1467 SYNTAX Counter64 1468 MAX-ACCESS read-only 1469 STATUS current 1470 DESCRIPTION 1471 "The count of octets flowing from source to dest address and 1472 being delivered to the protocol level being metered. In the 1473 case of IP this would count the number of octets delivered to 1474 the IP level." 1475 ::= { flowDataEntry 27 } 1477 flowDataToPDUs OBJECT-TYPE 1478 SYNTAX Counter64 1479 MAX-ACCESS read-only 1480 STATUS current 1481 DESCRIPTION 1482 "The count of protocol packets flowing from source to dest 1483 address and being delivered to the protocol level being 1484 metered. In the case of IP, for example, this would count the 1485 IP packets delivered to the IP protocol level." 1486 ::= { flowDataEntry 28 } 1488 flowDataFromOctets OBJECT-TYPE 1489 SYNTAX Counter64 1490 MAX-ACCESS read-only 1491 STATUS current 1492 DESCRIPTION 1493 "The count of octets flowing from dest to source address and 1494 being delivered to the protocol level being metered." 1495 ::= { flowDataEntry 29 } 1497 flowDataFromPDUs OBJECT-TYPE 1498 SYNTAX Counter64 1499 MAX-ACCESS read-only 1500 STATUS current 1501 DESCRIPTION 1502 "The count of protocol packets flowing from dest to source 1503 address and being delivered to the protocol level being 1504 metered. In the case of IP, for example, this would count 1505 the IP packets delivered to the IP protocol level." 1506 ::= { flowDataEntry 30 } 1508 flowDataFirstTime OBJECT-TYPE 1509 SYNTAX TimeStamp 1510 MAX-ACCESS read-only 1511 STATUS current 1512 DESCRIPTION 1513 "The time at which this flow was first entered in the table" 1514 ::= { flowDataEntry 31 } 1516 flowDataLastActiveTime OBJECT-TYPE 1517 SYNTAX TimeStamp 1518 MAX-ACCESS read-only 1519 STATUS current 1520 DESCRIPTION 1521 "The last time this flow had activity, i.e. the time of 1522 arrival of the most recent PDU belonging to this flow." 1523 ::= { flowDataEntry 32 } 1525 flowDataSourceSubscriberID OBJECT-TYPE 1526 SYNTAX OCTET STRING (SIZE (4..20)) 1527 MAX-ACCESS read-only 1528 STATUS current 1529 DESCRIPTION 1530 "Subscriber ID associated with the source address for this 1531 flow." 1532 ::= { flowDataEntry 33 } 1534 flowDataDestSubscriberID OBJECT-TYPE 1535 SYNTAX OCTET STRING (SIZE (4..20)) 1536 MAX-ACCESS read-only 1537 STATUS current 1538 DESCRIPTION 1539 "Subscriber ID associated with the dest address for this 1540 flow." 1541 ::= { flowDataEntry 34 } 1543 flowDataSessionID OBJECT-TYPE 1544 SYNTAX OCTET STRING (SIZE (4..10)) 1545 MAX-ACCESS read-only 1546 STATUS current 1547 DESCRIPTION 1548 "Session ID for this flow. Such an ID might be allocated 1549 by a network access server to distinguish a series of sessions 1550 between the same pair of addresses, which would otherwise 1551 appear to be parts of the same accounting flow." 1552 ::= { flowDataEntry 35 } 1554 flowDataSourceClass OBJECT-TYPE 1555 SYNTAX Integer32 (1..255) 1556 MAX-ACCESS read-only 1557 STATUS current 1558 DESCRIPTION 1559 "Source class for this flow. Determined by the rules, set by 1560 a PushRule action when this flow was entered in the table." 1561 ::= { flowDataEntry 36 } 1563 flowDataDestClass OBJECT-TYPE 1564 SYNTAX Integer32 (1..255) 1565 MAX-ACCESS read-only 1566 STATUS current 1567 DESCRIPTION 1568 "Destination class for this flow. Determined by the rules, set 1569 by a PushRule action when this flow was entered in the table." 1570 ::= { flowDataEntry 37 } 1572 flowDataClass OBJECT-TYPE 1573 SYNTAX Integer32 (1..255) 1574 MAX-ACCESS read-only 1575 STATUS current 1576 DESCRIPTION 1577 "Class for this flow. Determined by the rules, set by a 1578 PushRule action when this flow was entered in the table." 1579 ::= { flowDataEntry 38 } 1581 flowDataSourceKind OBJECT-TYPE 1582 SYNTAX Integer32 (1..255) 1583 MAX-ACCESS read-only 1584 STATUS current 1585 DESCRIPTION 1586 "Source kind for this flow. Determined by the rules, set by 1587 a PushRule action when this flow was entered in the table." 1588 ::= { flowDataEntry 39 } 1590 flowDataDestKind OBJECT-TYPE 1591 SYNTAX Integer32 (1..255) 1592 MAX-ACCESS read-only 1593 STATUS current 1594 DESCRIPTION 1595 "Destination kind for this flow. Determined by the rules, set 1596 by a PushRule action when this flow was entered in the table." 1597 ::= { flowDataEntry 40 } 1599 flowDataKind OBJECT-TYPE 1600 SYNTAX Integer32 (1..255) 1601 MAX-ACCESS read-only 1602 STATUS current 1603 DESCRIPTION 1604 "Class for this flow. Determined by the rules, set by a 1605 PushRule action when this flow was entered in the table." 1606 ::= { flowDataEntry 41 } 1608 -- 1609 -- The Activity Column Table 1610 -- 1612 flowColumnActivityTable OBJECT-TYPE 1613 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1614 MAX-ACCESS not-accessible 1615 STATUS deprecated 1616 DESCRIPTION 1617 "Index into the Flow Table. Allows a meter reader to retrieve 1618 a list containing the flow table indexes of flows which were 1619 last active at or after a given time, together with the values 1620 of a specified attribute for each such flow." 1621 ::= { flowData 2 } 1623 flowColumnActivityEntry OBJECT-TYPE 1624 SYNTAX FlowColumnActivityEntry 1625 MAX-ACCESS not-accessible 1626 STATUS deprecated 1627 DESCRIPTION 1628 "The Column Activity Entry for a particular attribute, 1629 activity time and flow." 1630 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1631 flowColumnActivityIndex } 1632 ::= { flowColumnActivityTable 1 } 1634 FlowColumnActivityEntry ::= SEQUENCE { 1635 flowColumnActivityAttribute FlowAttributeNumber, 1636 flowColumnActivityTime TimeFilter, 1637 flowColumnActivityIndex Integer32, 1638 flowColumnActivityData OCTET STRING 1639 } 1641 flowColumnActivityAttribute OBJECT-TYPE 1642 SYNTAX FlowAttributeNumber 1643 MAX-ACCESS read-only 1644 STATUS deprecated 1645 DESCRIPTION 1646 "Specifies the attribute for which values are required from 1647 active flows." 1648 ::= { flowColumnActivityEntry 1 } 1650 flowColumnActivityTime OBJECT-TYPE 1651 SYNTAX TimeFilter 1652 MAX-ACCESS read-only 1653 STATUS deprecated 1654 DESCRIPTION 1655 "This variable is a copy of flowDataLastActiveTime in the 1656 flow data record identified by the flowColumnActivityIndex 1657 value of this flowColumnActivityTable entry." 1658 ::= { flowColumnActivityEntry 2 } 1660 flowColumnActivityIndex OBJECT-TYPE 1661 SYNTAX Integer32 (1..2147483647) 1662 MAX-ACCESS read-only 1663 STATUS deprecated 1664 DESCRIPTION 1665 "Index of a flow table entry which was active at or after 1666 a specified flowColumnActivityTime." 1667 ::= { flowColumnActivityEntry 3 } 1669 flowColumnActivityData OBJECT-TYPE 1670 SYNTAX OCTET STRING (SIZE (3..1000)) 1671 MAX-ACCESS read-only 1672 STATUS deprecated 1673 DESCRIPTION 1674 "Collection of attribute data for flows active after 1675 flowColumnActivityTime. Within the OCTET STRING is a 1676 sequence of { flow index, attribute value } pairs, one for 1677 each active flow. The end of the sequence is marked by a 1678 flow index value of 0, indicating that there are no more 1679 rows in this column. 1681 The format of objects inside flowColumnFlowData is as follows. 1682 All numbers are unsigned. Numbers and strings appear with 1683 their high-order bytes leading. Numbers are fixed size, as 1684 specified by their SYNTAX in the flow table (above), i.e. one 1685 octet for flowAddressType and small constants, and four octets 1686 for Counter and TimeStamp. Strings are variable-length, with 1687 the length given in a single leading octet. 1689 The following is an attempt at an ASN.1 definition of 1690 flowColumnActivityData: 1692 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1693 flowRowItemEntry ::= SEQUENCE { 1694 flowRowNumber Integer32 (1..65535), 1695 -- 0 indicates the end of this column 1696 flowDataValue flowDataType -- Choice depends on attribute 1697 } 1698 flowDataType ::= CHOICE { 1699 flowByteValue Integer32 (1..255), 1700 flowShortValue Integer32 (1..65535), 1701 flowLongValue Integer32, 1702 flowStringValue OCTET STRING -- Length (n) in first byte, 1703 -- n+1 bytes total length, trailing zeroes truncated 1704 }" 1705 ::= { flowColumnActivityEntry 4 } 1707 -- 1708 -- The Data Package Table 1709 -- 1711 flowDataPackageTable OBJECT-TYPE 1712 SYNTAX SEQUENCE OF FlowDataPackageEntry 1713 MAX-ACCESS not-accessible 1714 STATUS current 1715 DESCRIPTION 1716 "Index into the Flow Table. Allows a meter reader to retrieve 1717 a sequence containing the values of a specified set of 1718 attributes for a flow which came from a specified rule set and 1719 which was last active at or after a given time." 1720 ::= { flowData 3 } 1722 flowDataPackageEntry OBJECT-TYPE 1723 SYNTAX FlowDataPackageEntry 1724 MAX-ACCESS not-accessible 1725 STATUS current 1726 DESCRIPTION 1727 "The data package containing selected variables from 1728 active rows in the flow table." 1729 INDEX { flowPackageSelector, 1730 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1731 ::= { flowDataPackageTable 1 } 1733 FlowDataPackageEntry ::= SEQUENCE { 1734 flowPackageSelector OCTET STRING, 1735 flowPackageRuleSet Integer32, 1736 flowPackageTime TimeFilter, 1737 flowPackageIndex Integer32, 1738 flowPackageData OCTET STRING 1739 } 1741 flowPackageSelector OBJECT-TYPE 1742 SYNTAX OCTET STRING 1743 MAX-ACCESS not-accessible 1744 STATUS current 1745 DESCRIPTION 1746 "Specifies the attributes for which values are required from 1747 an active flow. These are encoded as a sequence of octets 1748 each containing a FlowAttribute number, preceded by an octet 1749 giving the length of the sequence (not including the length 1750 octet). For a flowPackageSelector to be valid, it must 1751 contain at least one attribute." 1752 ::= { flowDataPackageEntry 1 } 1754 flowPackageRuleSet OBJECT-TYPE 1755 SYNTAX Integer32 (1..255) 1756 MAX-ACCESS not-accessible 1757 STATUS current 1758 DESCRIPTION 1759 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1760 set which produced the required flow." 1761 ::= { flowDataPackageEntry 2 } 1763 flowPackageTime OBJECT-TYPE 1764 SYNTAX TimeFilter 1765 MAX-ACCESS not-accessible 1766 STATUS current 1767 DESCRIPTION 1768 "This variable is a copy of flowDataLastActiveTime in the 1769 flow data record identified by the flowPackageIndex 1770 value of this flowPackageTable entry." 1771 ::= { flowDataPackageEntry 3 } 1773 flowPackageIndex OBJECT-TYPE 1774 SYNTAX Integer32 (1..2147483647) 1775 MAX-ACCESS not-accessible 1776 STATUS current 1777 DESCRIPTION 1778 "Index of a flow table entry which was active at or after 1779 a specified flowPackageTime." 1780 ::= { flowDataPackageEntry 4 } 1782 flowPackageData OBJECT-TYPE 1783 SYNTAX OCTET STRING 1784 MAX-ACCESS read-only 1785 STATUS current 1786 DESCRIPTION 1787 "A collection of attribute values for a single flow, as 1788 specified by this row's indexes. The attribute values are 1789 contained within a BER-encoded sequence [7], in the order 1790 they appear in their flowPackageSelector. 1792 For example, to retrieve a flowPackage containing values for 1793 attributes 11, 18 and 29, for a flow in rule set 7, with flow 1794 index 3447, one would GET the package whose Object Identifier 1795 (OID) is 1796 flowPackageData . 3.11.18.29 . 7. 0 . 3447 1798 To get a package for the next such flow which had been 1799 active since time 12345 one would GETNEXT the package whose 1800 Object Identifier (OID) is 1801 flowPackageData . 3.11.18.29 . 7. 12345 . 3447" 1802 ::= { flowDataPackageEntry 5 } 1804 -- 1805 -- The Rule Table 1806 -- 1808 -- This is an array of rule sets; the 'running' ones are indicated 1809 -- by the entries in the meter's flowManagerInfoTable. Several rule 1810 -- sets can be held in a meter so that the manager can change the 1811 -- running rule sets easily, for example with time of day. Note that 1812 -- a manager may not change the rules in any rule set currently 1813 -- referenced within the flowManagerInfoTable (either as 'current' or 1814 -- 'standby')! See the 'Traffic Flow Measurement: Architecture' 1815 -- document [9] for details of rules and how they are used. 1816 -- 1817 -- Space for a rule table is allocated by setting the value of 1818 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1820 flowRuleTable OBJECT-TYPE 1821 SYNTAX SEQUENCE OF FlowRuleEntry 1822 MAX-ACCESS not-accessible 1823 STATUS current 1824 DESCRIPTION 1825 "Contains all the rule sets which may be used by the meter." 1826 ::= { flowRules 1 } 1828 flowRuleEntry OBJECT-TYPE 1829 SYNTAX FlowRuleEntry 1830 MAX-ACCESS not-accessible 1831 STATUS current 1832 DESCRIPTION 1833 "The rule record itself." 1834 INDEX { flowRuleSet, flowRuleIndex } 1835 ::= { flowRuleTable 1 } 1837 FlowRuleEntry ::= SEQUENCE { 1838 flowRuleSet Integer32, 1839 flowRuleIndex Integer32, 1840 flowRuleSelector RuleAttributeNumber, 1841 flowRuleMask RuleAddress, 1842 flowRuleMatchedValue RuleAddress, 1843 flowRuleAction ActionNumber, 1844 flowRuleParameter Integer32 1845 } 1847 flowRuleSet OBJECT-TYPE 1848 SYNTAX Integer32 (1..2147483647) 1849 MAX-ACCESS not-accessible 1850 STATUS current 1851 DESCRIPTION 1852 "Selects a rule set from the array of rule sets." 1853 ::= { flowRuleEntry 1 } 1855 flowRuleIndex OBJECT-TYPE 1856 SYNTAX Integer32 (1..65535) 1857 MAX-ACCESS not-accessible 1858 STATUS current 1859 DESCRIPTION 1860 "The index into the Rule table. N.B: These values will 1861 normally be consecutive, given the fall-through semantics 1862 of processing the table." 1863 ::= { flowRuleEntry 2 } 1865 flowRuleSelector OBJECT-TYPE 1866 SYNTAX RuleAttributeNumber 1867 MAX-ACCESS read-write 1868 STATUS current 1869 DESCRIPTION 1870 "Indicates the attribute to be matched. 1872 null(0) is a special case; null rules always succeed. 1874 matchingStoD(50) is set by the meter's Packet Matching Engine. 1875 Its value is true(1) if the PME is attempting to match the 1876 packet with its addresses in Source-to-Destination order (i.e. 1877 as they appear in the packet), and false(2) otherwise. 1878 Details of how packets are matched are given in the 'Traffic 1879 Flow Measurement: Architecture' document [9]. 1881 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1882 variables, each of which can hold the name (i.e. selector 1883 value) of an address attribute. When one of these is used 1884 as a selector, its value specifies the attribute to be 1885 tested. Variable values are set by an Assign action." 1886 ::= { flowRuleEntry 3 } 1888 flowRuleMask OBJECT-TYPE 1889 SYNTAX RuleAddress 1890 MAX-ACCESS read-write 1891 STATUS current 1892 DESCRIPTION 1893 "The initial mask used to compute the desired value. If the 1894 mask is zero the rule's test will always succeed." 1895 ::= { flowRuleEntry 4 } 1897 flowRuleMatchedValue OBJECT-TYPE 1898 SYNTAX RuleAddress 1899 MAX-ACCESS read-write 1900 STATUS current 1901 DESCRIPTION 1902 "The resulting value to be matched for equality. 1903 Specifically, if the attribute chosen by the flowRuleSelector 1904 logically ANDed with the mask specified by the flowRuleMask 1905 equals the value specified in the flowRuleMatchedValue, then 1906 continue processing the table entry based on the action 1907 specified by the flowRuleAction entry. Otherwise, proceed to 1908 the next entry in the rule table." 1909 ::= { flowRuleEntry 5 } 1911 flowRuleAction OBJECT-TYPE 1912 SYNTAX ActionNumber 1913 MAX-ACCESS read-write 1914 STATUS current 1915 DESCRIPTION 1916 "The action to be taken if this rule's test succeeds, or if 1917 the meter's 'test' flag is off. Actions are opcodes for the 1918 meter's Packet Matching Engine; details are given in the 1919 'Traffic Flow Measurement: Architecture' document [9]." 1920 ::= { flowRuleEntry 6 } 1922 flowRuleParameter OBJECT-TYPE 1923 SYNTAX Integer32 (1..65535) 1924 MAX-ACCESS read-write 1925 STATUS current 1926 DESCRIPTION 1927 "A parameter value providing extra information for the 1928 rule's action." 1929 ::= { flowRuleEntry 7 } 1931 -- 1932 -- Traffic Flow Meter conformance statement 1933 -- 1935 flowMIBCompliances 1936 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1938 flowMIBGroups 1939 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1941 flowControlGroup OBJECT-GROUP 1942 OBJECTS { 1943 flowRuleInfoSize, flowRuleInfoOwner, 1944 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1945 flowRuleInfoName, 1946 flowRuleInfoRulesReady, 1947 flowRuleInfoFlowRecords, 1948 flowInterfaceSampleRate, 1949 flowInterfaceLostPackets, 1950 flowReaderTimeout, flowReaderOwner, 1951 flowReaderLastTime, flowReaderPreviousTime, 1952 flowReaderStatus, flowReaderRuleSet, 1953 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 1954 flowManagerHighWaterMark, 1955 -- flowManagerCounterWrap, <- In DataScaleGroup 1956 flowManagerOwner, flowManagerTimeStamp, 1957 flowManagerStatus, flowManagerRunningStandby, 1958 flowFloodMark, 1959 flowInactivityTimeout, flowActiveFlows, 1960 flowMaxFlows, flowFloodMode } 1961 STATUS deprecated 1962 DESCRIPTION 1963 "The control group defines objects which are used to control 1964 an accounting meter." 1965 ::= {flowMIBGroups 1 } 1967 flowDataTableGroup OBJECT-GROUP 1968 OBJECTS { 1969 -- flowDataIndex, <- Index 1970 -- flowDataTimeMark, <- Index 1971 flowDataStatus, 1972 flowDataSourceInterface, 1973 flowDataSourceAdjacentType, 1974 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 1975 flowDataSourcePeerType, 1976 flowDataSourcePeerAddress, flowDataSourcePeerMask, 1977 flowDataSourceTransType, 1978 flowDataSourceTransAddress, flowDataSourceTransMask, 1979 flowDataDestInterface, 1980 flowDataDestAdjacentType, 1981 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 1982 flowDataDestPeerType, 1983 flowDataDestPeerAddress, flowDataDestPeerMask, 1984 flowDataDestTransType, 1985 flowDataDestTransAddress, flowDataDestTransMask, 1986 -- flowDataRuleSet, <- Index 1987 flowDataToOctets, flowDataToPDUs, 1988 flowDataFromOctets, flowDataFromPDUs, 1989 flowDataFirstTime, flowDataLastActiveTime, 1990 flowDataSourceClass, flowDataDestClass, flowDataClass, 1991 flowDataSourceKind, flowDataDestKind, flowDataKind 1992 } 1993 STATUS deprecated 1994 DESCRIPTION 1995 "The flow table group defines objects which provide the 1996 structure for the flow table, including the creation time 1997 and activity time indexes into it. In addition it defines 1998 objects which provide a base set of flow attributes for the 1999 adjacent, peer and transport layers, together with a flow's 2000 counters and times. Finally it defines a flow's class and 2001 kind attributes, which are set by rule actions." 2002 ::= {flowMIBGroups 2 } 2004 flowDataScaleGroup OBJECT-GROUP 2005 OBJECTS { 2006 flowManagerCounterWrap, 2007 flowDataPDUScale, flowDataOctetScale 2008 } 2009 STATUS deprecated 2010 DESCRIPTION 2011 "The flow scale group defines objects which specify scale 2012 factors for counters." 2013 ::= {flowMIBGroups 3 } 2015 flowDataSubscriberGroup OBJECT-GROUP 2016 OBJECTS { 2017 flowDataSourceSubscriberID, flowDataDestSubscriberID, 2018 flowDataSessionID 2019 } 2020 STATUS current 2021 DESCRIPTION 2022 "The flow subscriber group defines objects which may be used 2023 to identify the end point(s) of a flow." 2024 ::= {flowMIBGroups 4 } 2026 flowDataColumnTableGroup OBJECT-GROUP 2027 OBJECTS { 2028 flowColumnActivityAttribute, 2029 flowColumnActivityIndex, 2030 flowColumnActivityTime, 2031 flowColumnActivityData 2032 } 2033 STATUS deprecated 2034 DESCRIPTION 2035 "The flow column table group defines objects which can be used 2036 to collect part of a column of attribute values from the flow 2037 table." 2038 ::= {flowMIBGroups 5 } 2040 flowDataPackageGroup OBJECT-GROUP 2041 OBJECTS { 2042 -- flowPackageSelector, <- Index 2043 -- flowPackageRuleSet, <- Index 2044 -- flowPackageIndex, <- Index 2045 flowPackageData 2046 } 2047 STATUS current 2048 DESCRIPTION 2049 "The data package group defines objects which can be used 2050 to collect a specified set of attribute values from a row of 2051 the flow table." 2052 ::= {flowMIBGroups 6 } 2054 flowRuleTableGroup OBJECT-GROUP 2055 OBJECTS { 2056 flowRuleSelector, 2057 flowRuleMask, flowRuleMatchedValue, 2058 flowRuleAction, flowRuleParameter 2059 } 2060 STATUS current 2061 DESCRIPTION 2062 "The rule table group defines objects which hold the set(s) 2063 of rules specifying which traffic flows are to be accounted 2064 for." 2065 ::= {flowMIBGroups 7 } 2067 flowDataScaleGroup2 OBJECT-GROUP 2068 OBJECTS { 2069 -- flowManagerCounterWrap, <- Deprecated 2070 flowDataPDUScale, flowDataOctetScale 2071 } 2072 STATUS current 2073 DESCRIPTION 2074 "The flow scale group defines objects which specify scale 2075 factors for counters. This group replaces the earlier 2076 version of flowDataScaleGroup above (now deprecated)." 2077 ::= {flowMIBGroups 8} 2079 flowControlGroup2 OBJECT-GROUP 2080 OBJECTS { 2081 flowRuleInfoSize, flowRuleInfoOwner, 2082 flowRuleInfoTimeStamp, flowRuleInfoStatus, 2083 flowRuleInfoName, 2084 -- flowRuleInfoRulesReady, <- Deprecated 2085 flowRuleInfoFlowRecords, 2086 flowInterfaceSampleRate, 2087 flowInterfaceLostPackets, 2088 flowReaderTimeout, flowReaderOwner, 2089 flowReaderLastTime, flowReaderPreviousTime, 2090 flowReaderStatus, flowReaderRuleSet, 2091 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 2092 flowManagerHighWaterMark, 2093 -- flowManagerCounterWrap, <- In DataScaleGroup 2094 flowManagerOwner, flowManagerTimeStamp, 2095 flowManagerStatus, flowManagerRunningStandby, 2096 flowFloodMark, 2097 flowInactivityTimeout, flowActiveFlows, 2098 flowMaxFlows, flowFloodMode } 2099 STATUS current 2100 DESCRIPTION 2101 "The control group defines objects which are used to control 2102 an accounting meter. It replaces the earlier version of 2103 flowControlGroup above (now deprecated)." 2104 ::= {flowMIBGroups 9 } 2106 flowDataTableGroup2 OBJECT-GROUP 2107 OBJECTS { 2108 -- flowDataIndex, <- Index 2109 -- flowDataTimeMark, <- Index 2110 -- flowDataStatus, <- Deprecated 2111 flowDataSourceInterface, 2112 flowDataSourceAdjacentType, 2113 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2114 flowDataSourcePeerType, 2115 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2116 flowDataSourceTransType, 2117 flowDataSourceTransAddress, flowDataSourceTransMask, 2118 flowDataDestInterface, 2119 flowDataDestAdjacentType, 2120 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2121 flowDataDestPeerType, 2122 flowDataDestPeerAddress, flowDataDestPeerMask, 2123 flowDataDestTransType, 2124 flowDataDestTransAddress, flowDataDestTransMask, 2125 -- flowDataRuleSet, <- Index 2126 flowDataToOctets, flowDataToPDUs, 2127 flowDataFromOctets, flowDataFromPDUs, 2128 flowDataFirstTime, flowDataLastActiveTime, 2129 flowDataSourceClass, flowDataDestClass, flowDataClass, 2130 flowDataSourceKind, flowDataDestKind, flowDataKind 2131 } 2132 STATUS current 2133 DESCRIPTION 2134 "This flow table group defines objects which provide the 2135 structure for the flow table. It replaces the earlier 2136 version of flowDataTableGroup above (now deprecated)." 2137 ::= {flowMIBGroups 10 } 2139 flowMIBCompliance MODULE-COMPLIANCE 2140 STATUS current 2141 DESCRIPTION 2142 "The compliance statement for a Traffic Flow Meter." 2143 MODULE 2144 MANDATORY-GROUPS { 2145 flowControlGroup2, 2146 flowDataTableGroup2, 2147 flowDataPackageGroup, 2148 flowRuleTableGroup 2149 } 2150 ::= { flowMIBCompliances 1 } 2152 END 2153 6 Security Considerations 2155 This MIB describes how an RTFM traffic meter is controlled, and provides 2156 a way for traffic flow data to be retrieved from it by a meter reader. 2157 This is essentially an application using SNMP as a method of 2158 communication between co-operating hosts; it does not - in itself - have 2159 any inherent security risks. 2161 Since, however, the traffic flow data can be extremely valuable for 2162 network management purposes it is vital that sensible precautions be 2163 taken to keep the meter and its data secure. This requires that access 2164 to the meter for control purposes (e.g. loading RuleSets and reading 2165 flow data) be restricted. Such restriction could be achieved in many 2166 ways, for example 2168 - Physical Separation. Meter(s) and meter reader(s) could be 2169 deployed so that control capabilities are kept within a separate 2170 network, access to which is carefully controlled. 2172 - Application-layer Security. A minimal level of security for SNMP 2173 is provided by using 'community' strings, which are essentially 2174 clear-text passwords. Stronger security for SNMP is being 2175 developed within the IETF; when this becomes available it should be 2176 used to protect managed network equipment. 2178 - Lower-layer Security. Access to the meter can be protected using 2179 encryption at the network layer. For example, one could run SNMP 2180 to the meter through an encrypted TCP tunnel. 2182 When implementing a meter it may be sensible to use separate network 2183 interfaces for control and for metering. If this is done the control 2184 network can be set up so that it doesn't carry any 'user' traffic, and 2185 the metering interfaces can ignore any user attempts to take control of 2186 the meter. 2188 Users should also consider how they will address attempts to circumvent 2189 a meter, i.e. to prevent it from measuring flows. Such attempts are 2190 essentially denial-of-service attacks on the metering interfaces. For 2191 example 2193 - Port Scan attacks. The attacker sends packets to each of a very 2194 large number of IP (Address : Port) pairs. Each of these packets 2195 creates a new flow in the meter; if there are enough of them the 2196 meter will recognise a 'flood' condition, and will probably stop 2197 creating new flows. As a minimum, users (and implementors) should 2198 ensure that meters can recover from flood conditions as soon as 2199 possible after they occur. 2201 - Counter Wrap attacks: The attacker sends enough packets to cause 2202 the counters in a flow to wrap several times between meter 2203 readings, thus causing the counts to be artificially low. The 2204 change to using 64-bit counters in this MIB reduces this problem 2205 significantly. 2207 Users can reduce the severity of both the above attacks by ensuring that 2208 their meters are read often enough to prevent them being flooded. The 2209 resulting flow data will contain a record of the attacking packets, 2210 which may well be useful in determining where any attack came from. 2212 7 Appendix A: Changes Introduced Since RFC 2064 2214 The first version of the Meter MIB was published as RFC 2064 in January 2215 1997. The most significant changes since then are summarised below. 2217 - TEXTUAL CONVENTIONS: Greater use is made of textual conventions to 2218 describe the various types of addresses used by the meter. 2220 - PACKET MATCHING ATTRIBUTES: Computed attributes (e.g. FlowClass 2221 and FlowKind) may now be tested. This allows one to use these 2222 variables to store information during packet matching. 2224 A new attribute, MatchingStoD, has been added. Its value is 1 2225 while a packet is being matched with its adresses in 'wire' 2226 (source-to-destination) order. 2228 - FLOOD MODE: This is now a read-write variable. Setting it to 2229 false(2) switches the meter out of flood mode and back to normal 2230 operation. 2232 - CONTROL TABLES: Several variables have been added to the RuleSet, 2233 Reader and Manager tables to provide more effective control of the 2234 meter's activities. 2236 - FLOW TABLE: 64-bit counters are used for octet and PDU counts. 2237 This reduces the problems caused by the wrap-around of 32-bit 2238 counters in earlier versions. 2240 flowDataRuleSet is now used as an index to the flow table. This 2241 allows a meter reader to collect only those flow table rows created 2242 by a specified RuleSet. 2244 - DATA PACKAGES: This is a new table, allowing a meter reader to 2245 retrieve values for a list of attributes from a flow as a single 2246 object. When used with SNMP GetBulk requests it provides an 2247 efficient way to recover flow data. 2249 Earlier versions had a 'Column Activity Table;' using this it was 2250 difficult to collect all data for a flow efficiently in a single 2251 SNMP request. 2253 8 Acknowledgements 2255 An early draft of this document was produced under the auspices of the 2256 IETF's Accounting Working Group with assistance from the SNMP Working 2257 Group and the Security Area Advisory Group. Particular thanks are due 2258 to Jim Barnes, Sig Handelman and Stephen Stibler for their support and 2259 their assistance with checking early versions of the MIB. 2261 Stephen Stibler shared the development workload of producing the MIB 2262 changes summarized in chpter 5 (above). 2264 9 References 2266 [1] McCloghrie, K., and Rose, M., Editors, "Management 2267 Information Base for Network Management of TCP/IP-based 2268 internets," RFC 1213, Performance Systems International, March 2269 1991. 2271 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 2272 "Structure of Management Information for version 2 of the 2273 Simple Network Managemenet Protocol," RFC 1902, SNMP Research 2274 Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie 2275 Mellon University, January 1996. 2277 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 2278 "Textual Conventions for version 2 of the Simple Network 2279 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2280 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2281 University, January 1996. 2283 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2284 "Conformance Statements for version 2 of the Simple Network 2285 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2286 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2287 University, January 1996. 2289 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2290 "Coexistence between version 1 and version 2 of the 2291 Internet-standard Network Management Framework," RFC 1908, SNMP 2292 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2293 Carnegie Mellon University, January 1996. 2295 [6] Information processing systems - Open Systems 2296 Interconnection - Specification of Abstract Syntax Notation One 2297 (ASN.1), International Organization for Standardization, 2298 International Standard 8824, December 1987. 2300 [7] Information processing systems - Open Systems 2301 Interconnection - Specification of Basic Encoding Rules for 2302 Abstract Notation One (ASN.1), International Organization for 2303 Standardization, International Standard 8825, December 1987. 2305 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2306 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2307 Technology Corporation, November 1991. 2309 [9] Brownlee, N., Mills, C., and G. Ruth, "Traffic Flow 2310 Measurement: Architecture", RFC 2063, The University of 2311 Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, 2312 January 1997. 2314 [10] Waldbusser, S., "Remote Network Monitoring Management 2315 Information Base Version 2 using SMIv2," RFC 2021, INS, January 2316 1997. 2318 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2319 ISI, October 1994. 2321 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2322 SNMP Research Incorporated, January 1992. 2324 [13] Hinden, R., Deering, S., "IP Version 6 Addressing 2325 Architecture," RFC 1884, Ipsilon Networks, Xerox PARC, December 2326 1995. 2328 10 Author's Address 2330 Nevil Brownlee 2331 Information Technology Systems & Services 2332 The University of Auckland 2334 Phone: +64 9 373 7599 x8941 2335 E-mail: n.brownlee@auckland.ac.nz 2337 Expires January 1999