idnits 2.17.1 draft-ietf-rtfm-meter-mib-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-24) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1693 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 1999) is 9172 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1902 (ref. '2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '3') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '4') (Obsoleted by RFC 2580) ** Obsolete normative reference: RFC 1908 (ref. '5') (Obsoleted by RFC 2576) -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Downref: Normative reference to an Informational RFC: RFC 1272 (ref. '8') ** Obsolete normative reference: RFC 2063 (ref. '9') (Obsoleted by RFC 2722) ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 1884 (ref. '13') (Obsoleted by RFC 2373) ** Obsolete normative reference: RFC 2274 (ref. '14') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) Summary: 20 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Nevil Brownlee 3 INTERNET-DRAFT The University of Auckland 4 September 1998 5 Expires March 1999 7 Traffic Flow Measurement: Meter MIB 9 11 Status of this Memo 13 This document is an Internet-Draft. Internet-Drafts are working 14 documents of the Internet Engineering Task Force (IETF), its Areas, and 15 its Working Groups. Note that other groups may also distribute working 16 documents as Internet-Drafts. This Internet Draft is a product of the 17 Realtime Traffic Flow Measurement Working Group of the IETF. 19 Internet Drafts are draft documents valid for a maximum of six months. 20 Internet Drafts may be updated, replaced, or obsoleted by other 21 documents at any time. It is not appropriate to use Internet Drafts as 22 reference material or to cite them other than as a "working draft" or 23 "work in progress." 25 To view the entire list of current Internet-Drafts, please check the 26 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 27 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), 28 ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), 29 ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 31 Abstract 33 A 'Traffic Meter' collects data relating to traffic flows within a 34 network. This document defines a Management Information Base (MIB) for 35 use in controlling a traffic meter, in particular for specifying the 36 flows to be measured. It also provides an efficient mechanism for 37 retrieving flow data from the meter using SNMP. Security issues 38 concerning the operation of traffic meters are summarised. 40 Contents 42 1 Introduction 2 44 2 The Network Management Framework 2 45 3 Objects 3 46 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 4 48 4 Overview 4 49 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . 4 50 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 5 52 5 Definitions 7 54 6 Security Considerations 44 55 6.1 SNMP Concerns . . . . . . . . . . . . . . . . . . . . . . . . 44 56 6.2 Traffic Meter Concerns . . . . . . . . . . . . . . . . . . . . 44 58 7 Appendix A: Changes Introduced Since RFC 2064 46 60 8 Acknowledgements 47 62 9 References 47 64 10 Author's Address 48 66 1 Introduction 68 This memo defines a portion of the Management Information Base (MIB) for 69 use with network management protocols in the Internet community. In 70 particular, it describes objects for managing and collecting data from 71 network Realtime Traffic Flow Meters, as described in [9]. 73 The MIB is 'basic' in the sense that it provides more than enough 74 information for everyday traffic measurment. Furthermore, it can be 75 easily extended by adding new attributes as required. The RTFM Working 76 group is actively pursuing the development of the meter in this way. 78 2 The Network Management Framework 80 The Internet-standard Network Management Framework consists of three 81 components. They are: 83 RFC 1155 defines the SMI, the mechanisms used for describing 84 and naming objects for the purpose of management. RFC 1212 85 defines a more concise description mechanism, which is wholly 86 consistent with the SMI. 88 RFC 1156 defines MIB-I, the core set of managed objects for the 89 Internet suite of protocols. RFC 1213 [1] defines MIB-II, an 90 evolution of MIB-I based on implementation experience and new 91 operational requirements. 93 RFC 1157 defines the SNMP, the protocol used for network access 94 to managed objects. 96 RFC 1902 [2] defines the SMI for version 2 of the Simple 97 Network Management Protocol. 99 RFCs 1903 and 1904 [3,4] define Textual Conventions and 100 Conformance Statements for version 2 of the Simple Network 101 Management Protocol. 103 RFC 1908 [5] describes how versions 1 and 2 of the Simple 104 Network Management Protocol should coexist. 106 The Framework permits new objects to be defined for the purpose of 107 experimentation and evaluation. 109 3 Objects 111 Managed objects are accessed via a virtual information store, termed the 112 Management Information Base or MIB. Objects in the MIB are defined using 113 the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the 114 SMI. In particular, each object has a name, a syntax, and an encoding. 115 The name is an object identifier, an administratively assigned name, 116 which specifies an object type. The object type together with an object 117 instance serves to uniquely identify a specific instantiation of the 118 object. For human convenience, we often use a textual string, termed 119 the OBJECT DESCRIPTOR, to also refer to the object type. 121 The syntax of an object type defines the abstract data structure 122 corresponding to that object type. The ASN.1 language is used for this 123 purpose. However, the SMI [2] purposely restricts the ASN.1 constructs 124 which may be used. These restrictions are explicitly made for 125 simplicity. 127 The encoding of an object type is simply how that object type is 128 represented using the object type's syntax. Implicitly tied to the 129 notion of an object type's syntax and encoding is how the object type is 130 represented when being transmitted on the network. 132 The SMI specifies the use of the basic encoding rules of ASN.1 [7], 133 subject to the additional requirements imposed by the SNMP. 135 3.1 Format of Definitions 137 Section 4 contains the specification of all object types contained in 138 this MIB module. These object types are specified using the conventions 139 defined in [2] and [3]. 141 4 Overview 143 Traffic Flow Measurement seeks to provide a well-defined method for 144 gathering traffic flow information from networks and internetworks. The 145 background for this is given in "Traffic Flow Measurement: Background" 146 [8]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 147 produced a measurement architecture to achieve this goal; this is 148 documented in "Traffic Flow Measurement: Architecture" [9]. The 149 architecture defines three entities: 151 - METERS, which observe network traffic flows and build up a table of 152 flow data records for them, 154 - METER READERS, which collect traffic flow data from meters, and 156 - MANAGERS, which oversee the operation of meters and meter readers. 158 This memo defines the SNMP management information for a Traffic Flow 159 Meter (TFM). Work in this field was begun by the Internet Accounting 160 Working Group. It has been further developed and expanded by the 161 Realtime Traffic Flow Measurement Working Group. 163 4.1 Scope of Definitions, Textual Conventions 165 All objects defined in this memo are registered in a single subtree 166 within the mib-2 namespace [1,2], and are for use in network devices 167 which may perform a PDU forwarding or monitoring function. For these 168 devices, the value of the ifSpecific variable in the MIB-II [1] has the 169 OBJECT IDENTIFIER value: 171 flowMIB OBJECT IDENTIFIER ::= mib-2 40 172 as defined below. 174 The RTFM Meter MIB was first produced and tested using SNMPv1. It was 175 converted into SNMPv2 following the guidelines in RFC 1908 [5]. 177 4.2 Usage of the MIB variables 179 The MIB is organised in four parts - control, data, rules and 180 conformance statements. 182 The rules implement the set of packet-matching actions, as described in 183 the "Traffic Flow Measurment: Architecture" document [9]. In addition 184 they provide for BASIC-style subroutines, allowing a network manager to 185 dramatically reduce the number of rules required to monitor a large 186 network. 188 Traffic flows are identified by a set of attributes for each of their 189 end-points. Attributes include network addresses for each layer of the 190 network protocol stack, and 'subscriber ids,' which may be used to 191 identify an accountable entity for the flow. 193 The conformance statements are set out as defined in [4]. They explain 194 what must be implemented in a meter which claims to conform to this MIB. 196 To retrieve flow data one could simply do a linear scan of the flow 197 table. This would certainly work, but would require a lot of protocol 198 exchanges. To reduce the overhead in retrieving flow data the flow 199 table uses a TimeFilter variable, defined as a Textual Convention in the 200 RMON2 MIB [10]. 202 As an alternative method of reading flow data, the MIB provides a view 203 of the flow table called the flowDataPackageTable. This is (logically) 204 a four-dimensional array, subscripted by package selector, ruleset, 205 activity time and starting flow number. The package selector is a 206 sequence of bytes which specifies a list of flow attributes. 208 A data package (as returned by the meter) is a sequence of values for 209 the attributes specified in its selector, encoded using the Basic 210 Encoding Rules [7]. It allows a meter reader to retrieve all the 211 attribute values it requires in a single MIB object. This, when used 212 together with SNMPv2's GetBulk request, allows a meter reader to scan 213 the flow table and upload a specified set of attribute values for flows 214 which have changed since the last reading, and which were created by a 215 specified rule set. 217 One aspect of data collection which needs emphasis is that all the MIB 218 variables are set up to allow multiple independent meter readers to work 219 properly, i.e. the flow table indexes are stateless. An alternative 220 approach would have been to 'snapshot' the flow table, which would mean 221 that the meter readers would have to be synchronized. The stateless 222 approach does mean that two meter readers will never return exactly the 223 same set of traffic counts, but over long periods (e.g. 15-minute 224 collections over a day) the discrepancies are acceptable. If one really 225 needs a snapshot, this can be achieved by switching to an identical rule 226 set with a different RuleSet number, hence asynchronous collections may 227 be regarded as a useful generalisation of synchronised ones. 229 The control variables are the minimum set required for a meter reader. 230 Their number has been whittled down as experience has been gained with 231 the MIB implementation. A few of them are 'general,' i.e. they control 232 the overall behaviour of the meter. These are set by a single 'master' 233 manager, and no other manager should attempt to change their values. 234 The decision as to which manager is the 'master' must be made by the 235 network operations personnel responsible; this MIB does not attempt to 236 define any interaction between managers. 238 There are three other groups of control variables, arranged into tables 239 in the same way as in the RMON2 MIB [10]. They are used as follows: 241 - RULE SET INFO: Before attempting to download a RuleSet, a manager 242 must create a row in the flowRuleSetInfoTable and set its 243 flowRuleInfoSize to a value large enough to hold the RuleSet. When 244 the rule set is ready the manager must set flowRuleInfoRulesReady 245 to 'true,' indicating that the rule set is ready for use (but not 246 yet 'running'). 248 - METER READER INFO: Any meter reader wishing to collect data 249 reliably for all flows from a RuleSet should first create a row in 250 the flowReaderInfoTable with flowReaderRuleSet set to that 251 RuleSet's index in the flowRuleSetInfoTable. It should write that 252 row's flowReaderLastTime object each time it starts a collection 253 pass through the flow table. The meter will not recover a flow's 254 memory until every meter reader holding a row for that flow's 255 RuleSet has collected the flow's data. 257 - MANAGER INFO: Any manager wishing to run a RuleSet in the meter 258 must create a row in the flowManagerInfo table, specifying the 259 desired RuleSet to run and its corresponding 'standby' Ruleset (if 260 one is desired). A current RuleSet is 'running' if its 261 flowManagerRunningStandby value is false(2), similarly a standby 262 RuleSet is 'running' if flowManagerRunningStandby is true(1). 264 Times within the meter are in terms of its Uptime, i.e. centiseconds 265 since the meter started. For meters implemented as self-contained SNMP 266 agents this will be the same as sysUptime, but this may not be true for 267 meters implemented as subagents. Managers can read the meter's Uptime 268 when neccessary (e.g. to set a TimeFilter value) by setting 269 flowReaderLastTime, then reading its new value. 271 5 Definitions 273 FLOW-METER-MIB DEFINITIONS ::= BEGIN 275 IMPORTS 276 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 277 FROM SNMPv2-SMI 278 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 279 FROM SNMPv2-TC 280 OBJECT-GROUP, MODULE-COMPLIANCE 281 FROM SNMPv2-CONF 282 mib-2, ifIndex 283 FROM RFC1213-MIB 284 OwnerString 285 FROM RMON-MIB 286 TimeFilter 287 FROM RMON2-MIB; 289 flowMIB MODULE-IDENTITY 290 LAST-UPDATED "9712230937Z" 291 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 292 CONTACT-INFO 293 "Nevil Brownlee, The University of Auckland 295 Postal: Information Technology Sytems & Services 296 The University of Auckland 297 Private Bag 92-019 298 Auckland, New Zealand 300 Phone: +64 9 373 7599 x8941 301 E-mail: n.brownlee@auckland.ac.nz" 302 DESCRIPTION 303 "MIB for the RTFM Traffic Flow Meter." 305 REVISION "9712230937Z" 306 DESCRIPTION 307 "Two further variables deprecated: 308 - flowRuleInfoRulesReady (use flowRuleInfoStatus intead) 309 - flowDataStatus (contains no useful information)" 311 REVISION "9707071715Z" 312 DESCRIPTION 313 "Significant changes since RFC 2064 include: 314 - flowDataPackageTable added 315 - flowColumnActivityTable deprecated 316 - flowManagerCounterWrap deprecated" 318 REVISION "9603080208Z" 319 DESCRIPTION 320 "Initial version of this MIB (RFC 2064)" 321 ::= { mib-2 40 } 323 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 325 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 327 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 329 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 331 -- Textual Conventions 333 MediumType ::= TEXTUAL-CONVENTION 334 STATUS current 335 DESCRIPTION 336 "Specifies the type of a MediumAddress (see below). The 337 values used for IEEE 802 media are from the 'Network 338 Management Parameters (ifType definitions)' section of the 339 Assigned Numbers RFC [11]." 340 SYNTAX INTEGER { 341 ethernet(7), 342 tokenring(9), 343 fddi(15) } 345 MediumAddress ::= TEXTUAL-CONVENTION 346 STATUS current 347 DESCRIPTION 348 "Specifies the value of a Medium Access Control (MAC) address. 349 Address format depends on the actual Medium, as follows: 351 Ethernet: ethernet(7) 352 6-octet 802.3 MAC address in 'canonical' order 354 Token Ring: tokenring(9) 355 6-octet 802.5 MAC address in 'canonical' order 357 FDDI: fddi(15) 358 FddiMACLongAddress, i.e. a 6-octet MAC address 359 in 'canonical' order (defined in the FDDI MIB [12]) 360 " 361 SYNTAX OCTET STRING (SIZE (6..20)) 363 PeerType ::= TEXTUAL-CONVENTION 364 STATUS current 365 DESCRIPTION 366 "Indicates the type of a PeerAddress (see below). The values 367 used are from the 'Address Family Numbers' section of the 368 Assigned Numbers RFC [11]." 369 SYNTAX INTEGER { 370 ipv4(1), 371 ipv6(2), 372 nsap(3), 373 ipx(11), 374 appletalk(12), 375 decnet(13) } 377 PeerAddress ::= TEXTUAL-CONVENTION 378 STATUS current 379 DESCRIPTION 380 "Specifies the value of a peer address for various network 381 protocols. Address format depends on the actual protocol, 382 as indicated below: 384 IPv4: ipv4(1) 385 4-octet IpAddress (defined in the SNMPv2 SMI [2]) 387 IPv6: ipv6(2) 388 16-octet IpAddress (defined in the 389 IPv6 Addressing RFC [13]) 391 CLNS: nsap(3) 392 NsapAddress (defined in the SNMPv2 SMI [2]) 394 Novell: ipx(11) 395 4-octet Network number, 396 6-octet Host number (MAC address) 398 AppleTalk: appletalk(12) 399 2-octet Network number (sixteen bits), 400 1-octet Host number (eight bits) 402 DECnet: decnet(13) 403 1-octet Area number (in low-order six bits), 404 2-octet Host number (in low-order ten bits) 405 " 406 SYNTAX OCTET STRING (SIZE (3..20)) 408 AdjacentType ::= TEXTUAL-CONVENTION 409 STATUS current 410 DESCRIPTION 411 "Indicates the type of an adjacent address. 412 Is a superset of MediumType and PeerType." 413 SYNTAX INTEGER { 414 ip(1), 415 nsap(3), 416 ethernet(7), 417 tokenring(9), 418 ipx(11), 419 appletalk(12), 420 decnet(13), 421 fddi(15) } 423 AdjacentAddress ::= TEXTUAL-CONVENTION 424 STATUS current 425 DESCRIPTION 426 "Specifies the value of an adjacent address. 427 Is a superset of MediumAddress and PeerAddress." 428 SYNTAX OCTET STRING (SIZE (3..20)) 430 TransportType ::= TEXTUAL-CONVENTION 431 STATUS current 432 DESCRIPTION 433 "Indicates the type of a TransportAddress (see below). Values 434 will depend on the actual protocol; for IP they will be those 435 given in the 'Protocol Numbers' section of the Assigned Numbers 436 RFC [11], including icmp(1), tcp(6) and udp(17)." 437 SYNTAX Integer32 (1..255) 439 TransportAddress ::= TEXTUAL-CONVENTION 440 STATUS current 441 DESCRIPTION 442 "Specifies the value of a transport address for various 443 network protocols. Format as follows: 445 IP: 446 2-octet UDP or TCP port number 448 Other protocols: 449 2-octet port number 450 " 451 SYNTAX OCTET STRING (SIZE (2)) 453 RuleAddress ::= TEXTUAL-CONVENTION 454 STATUS current 455 DESCRIPTION 456 "Specifies the value of an address. Is a superset of 457 MediumAddress, PeerAddress and TransportAddress." 458 SYNTAX OCTET STRING (SIZE (2..20)) 460 FlowAttributeNumber ::= TEXTUAL-CONVENTION 461 STATUS current 462 DESCRIPTION 463 "Uniquely identifies an attribute within a flow data record." 464 SYNTAX INTEGER { 465 flowIndex(1), 466 flowStatus(2), 467 flowTimeMark(3), 468 sourceInterface(4), 469 sourceAdjacentType(5), 470 sourceAdjacentAddress(6), 471 sourceAdjacentMask(7), 472 sourcePeerType(8), 473 sourcePeerAddress(9), 474 sourcePeerMask(10), 475 sourceTransType(11), 476 sourceTransAddress(12), 477 sourceTransMask(13), 479 destInterface(14), 480 destAdjacentType(15), 481 destAdjacentAddress(16), 482 destAdjacentMask(17), 483 destPeerType(18), 484 destPeerAddress(19), 485 destPeerMask(20), 486 destTransType(21), 487 destTransAddress(22), 488 destTransMask(23), 490 pduScale(24), 491 octetScale(25), 493 ruleSet(26), 494 toOctets(27), -- Source-to-Dest 495 toPDUs(28), 496 fromOctets(29), -- Dest-to-Source 497 fromPDUs(30), 498 firstTime(31), -- Activity times 499 lastActiveTime(32), 501 sourceSubscriberID(33), -- Subscriber ID 502 destSubscriberID(34), 503 sessionID(35), 505 sourceClass(36), -- Computed attributes 506 destClass(37), 507 flowClass(38), 508 sourceKind(39), 509 destKind(40), 510 flowKind(41) } 512 RuleAttributeNumber ::= TEXTUAL-CONVENTION 513 STATUS current 514 DESCRIPTION 515 "Uniquely identifies an attribute which may be tested in 516 a rule. These include attributes whose values come directly 517 from (or are computed from) the flow's packets, and the five 518 'meter' variables used to hold an Attribute Number." 519 SYNTAX INTEGER { 520 null(0), 521 sourceInterface(4), -- Source Address 522 sourceAdjacentType(5), 523 sourceAdjacentAddress(6), 524 sourcePeerType(8), 525 sourcePeerAddress(9), 526 sourceTransType(11), 527 sourceTransAddress(12), 529 destInterface(14), -- Dest Address 530 destAdjacentType(15), 531 destAdjacentAddress(16), 532 destPeerType(18), 533 destPeerAddress(19), 534 destTransType(21), 535 destTransAddress(22), 537 sourceSubscriberID(33), -- Subscriber ID 538 destSubscriberID(34), 539 sessionID(35), 541 sourceClass(36), -- Computed attributes 542 destClass(37), 543 flowClass(38), 544 sourceKind(39), 545 destKind(40), 546 flowKind(41), 548 matchingStoD(50), -- Packet matching 550 v1(51), -- Meter variables 551 v2(52), 552 v3(53), 553 v4(54), 554 v5(55) } 556 ActionNumber ::= TEXTUAL-CONVENTION 557 STATUS current 558 DESCRIPTION 559 "Uniquely identifies the action of a rule, i.e. the Pattern 560 Matching Engine's opcode number. Details of the opcodes 561 are given in the 'Traffic Flow Measurement: Architecture' 562 document [9]." 563 SYNTAX INTEGER { 564 ignore(1), 565 noMatch(2), 566 count(3), 567 countPkt(4), 568 return(5), 569 gosub(6), 570 gosubAct(7), 571 assign(8), 572 assignAct(9), 573 goto(10), 574 gotoAct(11), 575 pushRuleTo(12), 576 pushRuleToAct(13), 577 pushPktTo(14), 578 pushPktToAct(15), 579 popTo(16), 580 popToAct(17) } 582 -- 583 -- Control Group: Rule Set Info Table 584 -- 586 flowRuleSetInfoTable OBJECT-TYPE 587 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 588 MAX-ACCESS not-accessible 589 STATUS current 590 DESCRIPTION 591 "An array of information about the rule sets held in the 592 meter. 594 Any manager may configure a new rule set for the meter by 595 creating a row in this table with status active(1), and setting 596 values for all the objects in its rules. At this stage the new 597 rule set is available but not 'running,' i.e. it is not being 598 used by the meter to produce entries in the flow table. 600 To actually 'run' a rule set a manager must create a row in 601 the flowManagerInfoTable, set it's flowManagerStatus to 602 active(1), and set either its CurrentRuleSet or StandbyRuleSet 603 to point to the rule set to be run. 605 Once a rule set is running a manager may not change any of the 606 objects within the rule set itself. 608 Any manager may stop a rule set running by removing all 609 references to it in the flowManagerInfoTable (i.e. by setting 610 CurrentRuleSet and StandbyRuleSet values to 0). This provides a 611 way to stop rule sets left running if a manager fails." 612 ::= { flowControl 1 } 614 flowRuleSetInfoEntry OBJECT-TYPE 615 SYNTAX FlowRuleSetInfoEntry 616 MAX-ACCESS not-accessible 617 STATUS current 618 DESCRIPTION 619 "Information about a particular rule set." 620 INDEX { flowRuleInfoIndex } 621 ::= { flowRuleSetInfoTable 1 } 623 FlowRuleSetInfoEntry ::= SEQUENCE { 624 flowRuleInfoIndex Integer32, 625 flowRuleInfoSize Integer32, 626 flowRuleInfoOwner OwnerString, 627 flowRuleInfoTimeStamp TimeStamp, 628 flowRuleInfoStatus RowStatus, 629 flowRuleInfoName OCTET STRING, 630 flowRuleInfoRulesReady TruthValue, 631 flowRuleInfoFlowRecords Integer32 632 } 634 flowRuleInfoIndex OBJECT-TYPE 635 SYNTAX Integer32 (1..2147483647) 636 MAX-ACCESS not-accessible 637 STATUS current 638 DESCRIPTION 639 "An index which selects an entry in the flowRuleSetInfoTable. 640 Each such entry contains control information for a particular 641 rule set which the meter may run." 642 ::= { flowRuleSetInfoEntry 1 } 644 flowRuleInfoSize OBJECT-TYPE 645 SYNTAX Integer32 646 MAX-ACCESS read-create 647 STATUS current 648 DESCRIPTION 649 "Number of rules in this rule set. Setting this variable will 650 cause the meter to allocate space for these rules." 651 ::= { flowRuleSetInfoEntry 2 } 653 flowRuleInfoOwner OBJECT-TYPE 654 SYNTAX OwnerString 655 MAX-ACCESS read-create 656 STATUS current 657 DESCRIPTION 658 "Identifies the manager which 'owns' this rule set. A manager 659 must set this variable when creating a row in this table." 660 ::= { flowRuleSetInfoEntry 3 } 662 flowRuleInfoTimeStamp OBJECT-TYPE 663 SYNTAX TimeStamp 664 MAX-ACCESS read-only 665 STATUS current 666 DESCRIPTION 667 "Time this row's associated rule set was last changed." 668 ::= { flowRuleSetInfoEntry 4 } 670 flowRuleInfoStatus OBJECT-TYPE 671 SYNTAX RowStatus 672 MAX-ACCESS read-create 673 STATUS current 674 DESCRIPTION 675 "The status of this flowRuleSetInfoEntry. If this value is 676 not active(1) the meter must not attempt to use the row's 677 associated rule set. Once its value has been set to active(1) 678 a manager may not change any of the other variables in the 679 row, nor the contents of the associated rule set. 681 To download a rule set, a manger could: 682 - Locate an open slot in the RuleSetInfoTable. 683 - Create a RuleSetInfoEntry by setting the status for this 684 open slot to createAndWait(5). 685 - Set flowRuleInfoSize and flowRuleInfoName as required. 686 - Download the rules into the row's rule table. 687 - Set flowRuleInfoStatus to active(1). 689 The rule set would then be ready to run. The manager is not 690 allowed to change the value of flowRuleInfoStatus from 691 active(1) if the associated RuleSet is being referenced by any 692 of the entries in the flowManagerInfoTable. 694 Setting RuleInfoStatus to destroy(6) destroys the associated 695 rule set together with any flow data collected by it." 696 ::= { flowRuleSetInfoEntry 5 } 698 flowRuleInfoName OBJECT-TYPE 699 SYNTAX OCTET STRING 700 MAX-ACCESS read-create 701 STATUS current 702 DESCRIPTION 703 "An alphanumeric identifier used by managers and readers to 704 identify a rule set. For example, a manager wishing to run a 705 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 706 to see whether the WWW-FLOWS rule set is already available on 707 the meter. 709 Note that references to rule sets in the flowManagerInfoTable 710 use indexes for their flowRuleSetInfoTable entries. These may 711 be different each time the rule set is loaded into a meter." 712 ::= { flowRuleSetInfoEntry 6 } 714 flowRuleInfoRulesReady OBJECT-TYPE 715 SYNTAX TruthValue 716 MAX-ACCESS read-create 717 STATUS deprecated 718 DESCRIPTION 719 "Indicates whether the rules for this row's associated rule set 720 are ready for use. The meter will refuse to 'run' the rule set 721 unless this variable has been set to true(1). 722 While RulesReady is false(2), the manager may modify the rule 723 set, for example by downloading rules into it." 724 ::= { flowRuleSetInfoEntry 7 } 726 flowRuleInfoFlowRecords OBJECT-TYPE 727 SYNTAX Integer32 728 MAX-ACCESS read-only 729 STATUS current 730 DESCRIPTION 731 "The number of entries in the flow table for this rule set. 732 These may be current (waiting for collection by one or more 733 meter readers) or idle (waiting for the meter to recover 734 their memory)." 735 ::= { flowRuleSetInfoEntry 8 } 737 -- 738 -- Control Group: Interface Info Table 739 -- 741 flowInterfaceTable OBJECT-TYPE 742 SYNTAX SEQUENCE OF FlowInterfaceEntry 743 MAX-ACCESS not-accessible 744 STATUS current 745 DESCRIPTION 746 "An array of information specific to each meter interface." 747 ::= { flowControl 2 } 749 flowInterfaceEntry OBJECT-TYPE 750 SYNTAX FlowInterfaceEntry 751 MAX-ACCESS not-accessible 752 STATUS current 753 DESCRIPTION 754 "Information about a particular interface." 755 INDEX { ifIndex } 756 ::= { flowInterfaceTable 1 } 758 FlowInterfaceEntry ::= SEQUENCE { 759 flowInterfaceSampleRate Integer32, 760 flowInterfaceLostPackets Counter32 761 } 763 flowInterfaceSampleRate OBJECT-TYPE 764 SYNTAX Integer32 765 MAX-ACCESS read-write 766 STATUS current 767 DESCRIPTION 768 "The parameter N for statistical counting on this interface. 769 Set to N to count 1/Nth of the packets appearing at this 770 interface. A meter should choose its own algorithm to 771 introduce variance into the sampling so that exactly every Nth 772 packet is not counted. A sampling rate of 1 counts all 773 packets. A sampling rate of 0 results in the interface 774 being ignored by the meter." 775 DEFVAL { 1 } 776 ::= { flowInterfaceEntry 1 } 778 flowInterfaceLostPackets OBJECT-TYPE 779 SYNTAX Counter32 780 MAX-ACCESS read-only 781 STATUS current 782 DESCRIPTION 783 "The number of packets the meter has lost for this interface. 784 Such losses may occur because the meter has been unable to 785 keep up with the traffic volume." 786 ::= { flowInterfaceEntry 2 } 788 -- 789 -- Control Group: Meter Reader Info Table 790 -- 792 -- Any meter reader wishing to collect data reliably for flows 793 -- should first create a row in this table. It should write that 794 -- row's flowReaderLastTime object each time it starts a collection 795 -- pass through the flow table. 797 -- If a meter reader (MR) does not create a row in this table, e.g. 798 -- because it failed authentication in the meter's SNMP write 799 -- community, collection can still proceed but the meter will not be 800 -- aware of meter reader MR. This could lead the meter to recover 801 -- flows before they have been collected by MR. 803 flowReaderInfoTable OBJECT-TYPE 804 SYNTAX SEQUENCE OF FlowReaderInfoEntry 805 MAX-ACCESS not-accessible 806 STATUS current 807 DESCRIPTION 808 "An array of information about meter readers which have 809 registered their intent to collect flow data from this meter." 810 ::= { flowControl 3 } 812 flowReaderInfoEntry OBJECT-TYPE 813 SYNTAX FlowReaderInfoEntry 814 MAX-ACCESS not-accessible 815 STATUS current 816 DESCRIPTION 817 "Information about a particular meter reader." 818 INDEX { flowReaderIndex } 819 ::= { flowReaderInfoTable 1 } 821 FlowReaderInfoEntry ::= SEQUENCE { 822 flowReaderIndex Integer32, 823 flowReaderTimeout Integer32, 824 flowReaderOwner OwnerString, 825 flowReaderLastTime TimeStamp, 826 flowReaderPreviousTime TimeStamp, 827 flowReaderStatus RowStatus, 828 flowReaderRuleSet Integer32 829 } 831 flowReaderIndex OBJECT-TYPE 832 SYNTAX Integer32 (1..2147483647) 833 MAX-ACCESS not-accessible 834 STATUS current 835 DESCRIPTION 836 "An index which selects an entry in the flowReaderInfoTable." 837 ::= { flowReaderInfoEntry 1 } 839 flowReaderTimeout OBJECT-TYPE 840 SYNTAX Integer32 841 MAX-ACCESS read-create 842 STATUS current 843 DESCRIPTION 844 "Specifies the maximum time (in seconds) between flow data 845 collections for this meter reader. If this time elapses 846 without a collection, the meter should assume that this meter 847 reader has stopped collecting, and delete this row from the 848 table. A value of zero indicates that this row should not be 849 timed out." 850 ::= { flowReaderInfoEntry 2 } 852 flowReaderOwner OBJECT-TYPE 853 SYNTAX OwnerString 854 MAX-ACCESS read-create 855 STATUS current 856 DESCRIPTION 857 "Identifies the meter reader which created this row." 858 ::= { flowReaderInfoEntry 3 } 860 flowReaderLastTime OBJECT-TYPE 861 SYNTAX TimeStamp 862 MAX-ACCESS read-create 863 STATUS current 864 DESCRIPTION 865 "Time this meter reader began its most recent data collection. 867 This variable should be written by a meter reader as its first 868 step in reading flow data. The meter will set this LastTime 869 value to its current Uptime, and set its PreviousTime value 870 (below) to the old LastTime. This allows the meter to 871 recover flows which have been inactive since PreviousTime, 872 for these have been collected at least once. 874 If the meter reader fails to write flowLastReadTime, collection 875 may still proceed but the meter may not be able to recover 876 inactive flows until the flowReaderTimeout has been reached 877 for this entry." 878 ::= { flowReaderInfoEntry 4 } 880 flowReaderPreviousTime OBJECT-TYPE 881 SYNTAX TimeStamp 882 MAX-ACCESS read-only 883 STATUS current 884 DESCRIPTION 885 "Time this meter reader began the collection before last." 886 ::= { flowReaderInfoEntry 5 } 888 flowReaderStatus OBJECT-TYPE 889 SYNTAX RowStatus 890 MAX-ACCESS read-create 891 STATUS current 892 DESCRIPTION 893 "The status of this FlowReaderInfoEntry. A value of active(1) 894 implies that the associated reader should be collecting data 895 from the meter. Once this variable has been set to active(1) 896 a manager may only change this row's flowReaderLastTime and 897 flowReaderTimeout variables." 898 ::= { flowReaderInfoEntry 6 } 900 flowReaderRuleSet OBJECT-TYPE 901 SYNTAX Integer32 (1..2147483647) 902 MAX-ACCESS read-create 903 STATUS current 904 DESCRIPTION 905 "An index to the array of rule sets. Specifies a set of rules 906 of interest to this meter reader. The reader will attempt to 907 collect any data generated by the meter for this rule set, and 908 the meter will not recover the memory of any of the rule set's 909 flows until this collection has taken place. Note that a 910 reader may have entries in this table for several rule sets." 911 ::= { flowReaderInfoEntry 7 } 913 -- 914 -- Control Group: Manager Info Table 915 -- 917 -- Any manager wishing to run a rule set must create a row in this 918 -- table. Once it has a table row, the manager may set the control 919 -- variables in its row so as to cause the meter to run any valid 920 -- rule set held by the meter. 922 -- A single manager may run several rule sets; it must create a row 923 -- in this table for each of them. In short, each row of this table 924 -- describes (and controls) a 'task' which the meter is executing. 926 flowManagerInfoTable OBJECT-TYPE 927 SYNTAX SEQUENCE OF FlowManagerInfoEntry 928 MAX-ACCESS not-accessible 929 STATUS current 930 DESCRIPTION 931 "An array of information about managers which have 932 registered their intent to run rule sets on this meter." 933 ::= { flowControl 4 } 935 flowManagerInfoEntry OBJECT-TYPE 936 SYNTAX FlowManagerInfoEntry 937 MAX-ACCESS not-accessible 938 STATUS current 939 DESCRIPTION 940 "Information about a particular meter 'task.' By creating 941 an entry in this table and activating it, a manager requests 942 that the meter 'run' the indicated rule set. 944 The entry also specifies a HighWaterMark and a StandbyRuleSet. 945 If the meter's flow table usage exceeds this task's 946 HighWaterMark the meter will stop running the task's 947 CurrentRuleSet and switch to its StandbyRuleSet. 949 If the value of the task's StandbyRuleSet is 0 when its 950 HighWaterMark is exceeded, the meter simply stops running the 951 task's CurrentRuleSet. By careful selection of HighWaterMarks 952 for the various tasks a manager can ensure that the most 953 critical rule sets are the last to stop running as the number 954 of flows increases. 956 When a manager has determined that the demand for flow table 957 space has abated, it may cause the task to switch back to its 958 CurrentRuleSet by setting its flowManagerRunningStandby 959 variable to false(2)." 960 INDEX { flowManagerIndex } 961 ::= { flowManagerInfoTable 1 } 963 FlowManagerInfoEntry ::= SEQUENCE { 964 flowManagerIndex Integer32, 965 flowManagerCurrentRuleSet Integer32, 966 flowManagerStandbyRuleSet Integer32, 967 flowManagerHighWaterMark Integer32, 968 flowManagerCounterWrap INTEGER, 969 flowManagerOwner OwnerString, 970 flowManagerTimeStamp TimeStamp, 971 flowManagerStatus RowStatus, 972 flowManagerRunningStandby TruthValue 973 } 975 flowManagerIndex OBJECT-TYPE 976 SYNTAX Integer32 (1..2147483647) 977 MAX-ACCESS not-accessible 978 STATUS current 979 DESCRIPTION 980 "An index which selects an entry in the flowManagerInfoTable." 981 ::= { flowManagerInfoEntry 1 } 983 flowManagerCurrentRuleSet OBJECT-TYPE 984 SYNTAX Integer32 985 MAX-ACCESS read-create 986 STATUS current 987 DESCRIPTION 988 "Index to the array of rule sets. Specifies which set of 989 rules is the 'current' one for this task. The meter will 990 be 'running' the current ruleset if this row's 991 flowManagerRunningStandby value is false(2). 993 When the manager sets this variable the meter will stop using 994 the task's old current rule set and start using the new one. 995 Specifying rule set 0 (the empty set) stops flow measurement 996 for this task." 997 ::= { flowManagerInfoEntry 2 } 999 flowManagerStandbyRuleSet OBJECT-TYPE 1000 SYNTAX Integer32 1001 MAX-ACCESS read-create 1002 STATUS current 1003 DESCRIPTION 1004 "Index to the array of rule sets. After reaching HighWaterMark 1005 (see below) the manager will switch to using the task's 1006 StandbyRuleSet in place of its CurrentRuleSet. For this to be 1007 effective the designated StandbyRuleSet should have a coarser 1008 reporting granularity then the CurrentRuleSet. The manager may 1009 also need to decrease the meter reading interval so that the 1010 meter can recover flows measured by this task's CurrentRuleSet." 1011 DEFVAL { 0 } -- No standby 1012 ::= { flowManagerInfoEntry 3 } 1014 flowManagerHighWaterMark OBJECT-TYPE 1015 SYNTAX Integer32 (0..100) 1016 MAX-ACCESS read-create 1017 STATUS current 1018 DESCRIPTION 1019 "A value expressed as a percentage, interpreted by the meter 1020 as an indication of how full the flow table should be before 1021 it should switch to the standby rule set (if one has been 1022 specified) for this task. Values of 0% or 100% disable the 1023 checking represented by this variable." 1024 ::= { flowManagerInfoEntry 4 } 1026 flowManagerCounterWrap OBJECT-TYPE 1027 SYNTAX INTEGER { wrap(1), scale(2) } 1028 MAX-ACCESS read-create 1029 STATUS deprecated 1030 DESCRIPTION 1031 "Specifies whether PDU and octet counters should wrap when 1032 they reach the top of their range (normal behaviour for 1033 Counter64 objects), or whether their scale factors should 1034 be used instead. The combination of counter and scale 1035 factor allows counts to be returned as binary floating 1036 point numbers, with 64-bit mantissas and 8-bit exponents." 1037 DEFVAL { wrap } 1038 ::= { flowManagerInfoEntry 5 } 1040 flowManagerOwner OBJECT-TYPE 1041 SYNTAX OwnerString 1042 MAX-ACCESS read-create 1043 STATUS current 1044 DESCRIPTION 1045 "Identifies the manager which created this row." 1046 ::= { flowManagerInfoEntry 6 } 1048 flowManagerTimeStamp OBJECT-TYPE 1049 SYNTAX TimeStamp 1050 MAX-ACCESS read-only 1051 STATUS current 1052 DESCRIPTION 1053 "Time this row was last changed by its manager." 1054 ::= { flowManagerInfoEntry 7 } 1056 flowManagerStatus OBJECT-TYPE 1057 SYNTAX RowStatus 1058 MAX-ACCESS read-create 1059 STATUS current 1060 DESCRIPTION 1061 "The status of this row in the flowManagerInfoTable. A value 1062 of active(1) implies that this task may be activated, by 1063 setting its CurrentRuleSet and StandbyRuleSet variables. 1064 Its HighWaterMark and RunningStandby variables may also be 1065 changed." 1066 ::= { flowManagerInfoEntry 8 } 1068 flowManagerRunningStandby OBJECT-TYPE 1069 SYNTAX TruthValue 1070 MAX-ACCESS read-create 1071 STATUS current 1072 DESCRIPTION 1073 "Set to true(1) by the meter to indicate that it has switched 1074 to runnning this task's StandbyRuleSet in place of its 1075 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1076 manager may simply set this variable to false(2)." 1077 DEFVAL { false } 1078 ::= { flowManagerInfoEntry 9 } 1080 -- 1081 -- Control Group: General Meter Control Variables 1082 -- 1084 flowFloodMark OBJECT-TYPE 1085 SYNTAX Integer32 (0..100) 1086 MAX-ACCESS read-write 1087 STATUS current 1088 DESCRIPTION 1089 "A value expressed as a percentage, interpreted by the meter 1090 as an indication of how full the flow table should be before 1091 it should take some action to avoid running out of resources 1092 to handle new flows. Values of 0% or 100% disable the 1093 checking represented by this variable." 1094 DEFVAL { 95 } -- Enabled by default. 1095 ::= { flowControl 5 } 1097 flowInactivityTimeout OBJECT-TYPE 1098 SYNTAX Integer32 1099 MAX-ACCESS read-write 1100 STATUS current 1101 DESCRIPTION 1102 "The time in seconds since the last packet seen, after which 1103 a flow becomes 'idle.' Note that although a flow may be 1104 idle, it will not be discarded (and its memory recovered) 1105 until after its data has been collected by all the meter 1106 readers registered for its RuleSet." 1107 DEFVAL { 600 } -- 10 minutes 1108 ::= { flowControl 6 } 1110 flowActiveFlows OBJECT-TYPE 1111 SYNTAX Integer32 1112 MAX-ACCESS read-only 1113 STATUS current 1114 DESCRIPTION 1115 "The numbers of flows which are currently in use." 1116 ::= { flowControl 7 } 1118 flowMaxFlows OBJECT-TYPE 1119 SYNTAX Integer32 1120 MAX-ACCESS read-only 1121 STATUS current 1122 DESCRIPTION 1123 "The maximum number of flows allowed in the meter's 1124 flow table. At present this is determined when the meter 1125 is first started up." 1126 ::= { flowControl 8 } 1128 flowFloodMode OBJECT-TYPE 1129 SYNTAX TruthValue 1130 MAX-ACCESS read-write 1131 STATUS current 1132 DESCRIPTION 1133 "Indicates that the meter has passed its FloodMark and is 1134 not running in its normal mode. When a manager notices this 1135 it should take action to remedy the problem which caused the 1136 flooding. Once the flood has receded, the manager may set 1137 this variable to false(2) to resume normal operaation." 1138 ::= { flowControl 9 } 1140 -- 1141 -- The Flow Table 1142 -- 1144 -- This is a table kept by a meter, with one flow data entry for every 1145 -- flow being measured. Each flow data entry stores the attribute 1146 -- values for a traffic flow. Details of flows and their attributes 1147 -- are given in the 'Traffic Flow Measurement: Architecture' 1148 -- document [9]. 1150 -- From time to time a meter reader may sweep the flow table so as 1151 -- to read counts. This is most effectively achieved by using the 1152 -- TimeMark variable together with successive GetBulk requests to 1153 -- retrieve the values of the desired flow attribute variables. 1155 -- This scheme allows multiple meter readers to independently use the 1156 -- same meter; the meter readers do not have to be synchronised and 1157 -- they may use different collection intervals. 1159 flowDataTable OBJECT-TYPE 1160 SYNTAX SEQUENCE OF FlowDataEntry 1161 MAX-ACCESS not-accessible 1162 STATUS current 1163 DESCRIPTION 1164 "The list of all flows being measured." 1165 ::= { flowData 1 } 1167 flowDataEntry OBJECT-TYPE 1168 SYNTAX FlowDataEntry 1169 MAX-ACCESS not-accessible 1170 STATUS current 1171 DESCRIPTION 1172 "The flow data record for a particular flow." 1173 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1174 ::= { flowDataTable 1 } 1176 FlowDataEntry ::= SEQUENCE { 1177 flowDataIndex Integer32, 1178 flowDataTimeMark TimeFilter, 1179 flowDataStatus INTEGER, 1181 flowDataSourceInterface Integer32, 1182 flowDataSourceAdjacentType AdjacentType, 1183 flowDataSourceAdjacentAddress AdjacentAddress, 1184 flowDataSourceAdjacentMask AdjacentAddress, 1185 flowDataSourcePeerType PeerType, 1186 flowDataSourcePeerAddress PeerAddress, 1187 flowDataSourcePeerMask PeerAddress, 1188 flowDataSourceTransType TransportType, 1189 flowDataSourceTransAddress TransportAddress, 1190 flowDataSourceTransMask TransportAddress, 1192 flowDataDestInterface Integer32, 1193 flowDataDestAdjacentType AdjacentType, 1194 flowDataDestAdjacentAddress AdjacentAddress, 1195 flowDataDestAdjacentMask AdjacentAddress, 1196 flowDataDestPeerType PeerType, 1197 flowDataDestPeerAddress PeerAddress, 1198 flowDataDestPeerMask PeerAddress, 1199 flowDataDestTransType TransportType, 1200 flowDataDestTransAddress TransportAddress, 1201 flowDataDestTransMask TransportAddress, 1203 flowDataPDUScale Integer32, 1204 flowDataOctetScale Integer32, 1206 flowDataRuleSet Integer32, 1208 flowDataToOctets Counter64, -- Source->Dest 1209 flowDataToPDUs Counter64, 1210 flowDataFromOctets Counter64, -- Dest->Source 1211 flowDataFromPDUs Counter64, 1212 flowDataFirstTime TimeStamp, -- Activity times 1213 flowDataLastActiveTime TimeStamp, 1215 flowDataSourceSubscriberID OCTET STRING, 1216 flowDataDestSubscriberID OCTET STRING, 1217 flowDataSessionID OCTET STRING, 1219 flowDataSourceClass Integer32, 1220 flowDataDestClass Integer32, 1221 flowDataClass Integer32, 1222 flowDataSourceKind Integer32, 1223 flowDataDestKind Integer32, 1224 flowDataKind Integer32 1225 } 1227 flowDataIndex OBJECT-TYPE 1228 SYNTAX Integer32 (1..2147483647) 1229 MAX-ACCESS not-accessible 1230 STATUS current 1231 DESCRIPTION 1232 "Value of this flow data record's index within the meter's 1233 flow table." 1234 ::= { flowDataEntry 1 } 1236 flowDataTimeMark OBJECT-TYPE 1237 SYNTAX TimeFilter 1238 MAX-ACCESS not-accessible 1239 STATUS current 1240 DESCRIPTION 1241 "A TimeFilter for this entry. Allows GetNext and GetBulk 1242 to find flow table rows which have changed since a specified 1243 value of the meter's Uptime." 1244 ::= { flowDataEntry 2 } 1246 flowDataStatus OBJECT-TYPE 1247 SYNTAX INTEGER { inactive(1), current(2) } 1248 MAX-ACCESS read-only 1249 STATUS deprecated 1250 DESCRIPTION 1251 "Status of this flow data record." 1252 ::= { flowDataEntry 3 } 1254 flowDataSourceInterface OBJECT-TYPE 1255 SYNTAX Integer32 1256 MAX-ACCESS read-only 1257 STATUS current 1258 DESCRIPTION 1259 "Index of the interface associated with the source address 1260 for this flow. It's value is one of those contained in the 1261 ifIndex field of the meter's interfaces table." 1262 ::= { flowDataEntry 4 } 1264 flowDataSourceAdjacentType OBJECT-TYPE 1265 SYNTAX AdjacentType 1266 MAX-ACCESS read-only 1267 STATUS current 1268 DESCRIPTION 1269 "Adjacent address type of the source for this flow. If 1270 metering is being performed at the network level this will 1271 probably be an 802 MAC address, and the adjacent type will 1272 indicate the medium being used. If traffic is being metered 1273 inside a tunnel, its adjacent address type will be the peer 1274 type of the host at the end of the tunnel." 1275 ::= { flowDataEntry 5 } 1277 flowDataSourceAdjacentAddress OBJECT-TYPE 1278 SYNTAX AdjacentAddress 1279 MAX-ACCESS read-only 1280 STATUS current 1281 DESCRIPTION 1282 "Address of the adjacent device on the path for the source 1283 for this flow." 1284 ::= { flowDataEntry 6 } 1286 flowDataSourceAdjacentMask OBJECT-TYPE 1287 SYNTAX AdjacentAddress 1288 MAX-ACCESS read-only 1289 STATUS current 1290 DESCRIPTION 1291 "1-bits in this mask indicate which bits must match when 1292 comparing the adjacent source address for this flow." 1293 ::= { flowDataEntry 7 } 1295 flowDataSourcePeerType OBJECT-TYPE 1296 SYNTAX PeerType 1297 MAX-ACCESS read-only 1298 STATUS current 1299 DESCRIPTION 1300 "Peer address type of the source for this flow." 1301 ::= { flowDataEntry 8 } 1303 flowDataSourcePeerAddress OBJECT-TYPE 1304 SYNTAX PeerAddress 1305 MAX-ACCESS read-only 1306 STATUS current 1307 DESCRIPTION 1308 "Address of the peer device for the source of this flow." 1309 ::= { flowDataEntry 9 } 1311 flowDataSourcePeerMask OBJECT-TYPE 1312 SYNTAX PeerAddress 1313 MAX-ACCESS read-only 1314 STATUS current 1315 DESCRIPTION 1316 "1-bits in this mask indicate which bits must match when 1317 comparing the source peer address for this flow." 1318 ::= { flowDataEntry 10 } 1320 flowDataSourceTransType OBJECT-TYPE 1321 SYNTAX TransportType 1322 MAX-ACCESS read-only 1323 STATUS current 1324 DESCRIPTION 1325 "Transport address type of the source for this flow. The 1326 value of this attribute will depend on the peer address type." 1327 ::= { flowDataEntry 11 } 1329 flowDataSourceTransAddress OBJECT-TYPE 1330 SYNTAX TransportAddress 1331 MAX-ACCESS read-only 1332 STATUS current 1333 DESCRIPTION 1334 "Transport address for the source of this flow." 1335 ::= { flowDataEntry 12 } 1337 flowDataSourceTransMask OBJECT-TYPE 1338 SYNTAX TransportAddress 1339 MAX-ACCESS read-only 1340 STATUS current 1341 DESCRIPTION 1342 "1-bits in this mask indicate which bits must match when 1343 comparing the transport source address for this flow." 1344 ::= { flowDataEntry 13 } 1346 flowDataDestInterface OBJECT-TYPE 1347 SYNTAX Integer32 1348 MAX-ACCESS read-only 1349 STATUS current 1350 DESCRIPTION 1351 "Index of the interface associated with the dest address for 1352 this flow. This value is one of the values contained in the 1353 ifIndex field of the interfaces table." 1354 ::= { flowDataEntry 14 } 1356 flowDataDestAdjacentType OBJECT-TYPE 1357 SYNTAX AdjacentType 1358 MAX-ACCESS read-only 1359 STATUS current 1360 DESCRIPTION 1361 "Adjacent address type of the destination for this flow." 1362 ::= { flowDataEntry 15 } 1364 flowDataDestAdjacentAddress OBJECT-TYPE 1365 SYNTAX AdjacentAddress 1366 MAX-ACCESS read-only 1367 STATUS current 1368 DESCRIPTION 1369 "Address of the adjacent device on the path for the 1370 destination for this flow." 1371 ::= { flowDataEntry 16 } 1373 flowDataDestAdjacentMask OBJECT-TYPE 1374 SYNTAX AdjacentAddress 1375 MAX-ACCESS read-only 1376 STATUS current 1377 DESCRIPTION 1378 "1-bits in this mask indicate which bits must match when 1379 comparing the adjacent dest address for this flow." 1380 ::= { flowDataEntry 17 } 1382 flowDataDestPeerType OBJECT-TYPE 1383 SYNTAX PeerType 1384 MAX-ACCESS read-only 1385 STATUS current 1386 DESCRIPTION 1387 "Peer address type of the destination for this flow." 1388 ::= { flowDataEntry 18 } 1390 flowDataDestPeerAddress OBJECT-TYPE 1391 SYNTAX PeerAddress 1392 MAX-ACCESS read-only 1393 STATUS current 1394 DESCRIPTION 1395 "Address of the peer device for the destination of this flow." 1396 ::= { flowDataEntry 19 } 1398 flowDataDestPeerMask OBJECT-TYPE 1399 SYNTAX PeerAddress 1400 MAX-ACCESS read-only 1401 STATUS current 1402 DESCRIPTION 1403 "1-bits in this mask indicate which bits must match when 1404 comparing the dest peer type for this flow." 1405 ::= { flowDataEntry 20 } 1407 flowDataDestTransType OBJECT-TYPE 1408 SYNTAX TransportType 1409 MAX-ACCESS read-only 1410 STATUS current 1411 DESCRIPTION 1412 "Transport address type of the destination for this flow. The 1413 value of this attribute will depend on the peer address type." 1414 ::= { flowDataEntry 21 } 1416 flowDataDestTransAddress OBJECT-TYPE 1417 SYNTAX TransportAddress 1418 MAX-ACCESS read-only 1419 STATUS current 1420 DESCRIPTION 1421 "Transport address for the destination of this flow." 1422 ::= { flowDataEntry 22 } 1424 flowDataDestTransMask OBJECT-TYPE 1425 SYNTAX TransportAddress 1426 MAX-ACCESS read-only 1427 STATUS current 1428 DESCRIPTION 1429 "1-bits in this mask indicate which bits must match when 1430 comparing the transport destination address for this flow." 1431 ::= { flowDataEntry 23 } 1433 flowDataPDUScale OBJECT-TYPE 1434 SYNTAX Integer32 (1..255) 1435 MAX-ACCESS read-only 1436 STATUS current 1437 DESCRIPTION 1438 "The scale factor applied to this particular flow. Indicates 1439 the number of bits the PDU counter values should be moved left 1440 to obtain the actual values." 1441 ::= { flowDataEntry 24 } 1443 flowDataOctetScale OBJECT-TYPE 1444 SYNTAX Integer32 (1..255) 1445 MAX-ACCESS read-only 1446 STATUS current 1447 DESCRIPTION 1448 "The scale factor applied to this particular flow. Indicates 1449 the number of bits the octet counter values should be moved 1450 left to obtain the actual values." 1451 ::= { flowDataEntry 25 } 1453 flowDataRuleSet OBJECT-TYPE 1454 SYNTAX Integer32 (1..255) 1455 MAX-ACCESS not-accessible 1456 STATUS current 1457 DESCRIPTION 1458 "The RuleSet number of the rule set which created this flow. 1459 Allows a manager to use GetNext or GetBulk requests to find 1460 flows belonging to a particular RuleSet." 1461 ::= { flowDataEntry 26 } 1463 flowDataToOctets OBJECT-TYPE 1464 SYNTAX Counter64 1465 MAX-ACCESS read-only 1466 STATUS current 1467 DESCRIPTION 1468 "The count of octets flowing from source to dest address and 1469 being delivered to the protocol level being metered. In the 1470 case of IP this would count the number of octets delivered to 1471 the IP level." 1472 ::= { flowDataEntry 27 } 1474 flowDataToPDUs OBJECT-TYPE 1475 SYNTAX Counter64 1476 MAX-ACCESS read-only 1477 STATUS current 1478 DESCRIPTION 1479 "The count of protocol packets flowing from source to dest 1480 address and being delivered to the protocol level being 1481 metered. In the case of IP, for example, this would count the 1482 IP packets delivered to the IP protocol level." 1483 ::= { flowDataEntry 28 } 1485 flowDataFromOctets OBJECT-TYPE 1486 SYNTAX Counter64 1487 MAX-ACCESS read-only 1488 STATUS current 1489 DESCRIPTION 1490 "The count of octets flowing from dest to source address and 1491 being delivered to the protocol level being metered." 1492 ::= { flowDataEntry 29 } 1494 flowDataFromPDUs OBJECT-TYPE 1495 SYNTAX Counter64 1496 MAX-ACCESS read-only 1497 STATUS current 1498 DESCRIPTION 1499 "The count of protocol packets flowing from dest to source 1500 address and being delivered to the protocol level being 1501 metered. In the case of IP, for example, this would count 1502 the IP packets delivered to the IP protocol level." 1503 ::= { flowDataEntry 30 } 1505 flowDataFirstTime OBJECT-TYPE 1506 SYNTAX TimeStamp 1507 MAX-ACCESS read-only 1508 STATUS current 1509 DESCRIPTION 1510 "The time at which this flow was first entered in the table" 1511 ::= { flowDataEntry 31 } 1513 flowDataLastActiveTime OBJECT-TYPE 1514 SYNTAX TimeStamp 1515 MAX-ACCESS read-only 1516 STATUS current 1517 DESCRIPTION 1518 "The last time this flow had activity, i.e. the time of 1519 arrival of the most recent PDU belonging to this flow." 1520 ::= { flowDataEntry 32 } 1522 flowDataSourceSubscriberID OBJECT-TYPE 1523 SYNTAX OCTET STRING (SIZE (4..20)) 1524 MAX-ACCESS read-only 1525 STATUS current 1526 DESCRIPTION 1527 "Subscriber ID associated with the source address for this 1528 flow." 1529 ::= { flowDataEntry 33 } 1531 flowDataDestSubscriberID OBJECT-TYPE 1532 SYNTAX OCTET STRING (SIZE (4..20)) 1533 MAX-ACCESS read-only 1534 STATUS current 1535 DESCRIPTION 1536 "Subscriber ID associated with the dest address for this 1537 flow." 1538 ::= { flowDataEntry 34 } 1540 flowDataSessionID OBJECT-TYPE 1541 SYNTAX OCTET STRING (SIZE (4..10)) 1542 MAX-ACCESS read-only 1543 STATUS current 1544 DESCRIPTION 1545 "Session ID for this flow. Such an ID might be allocated 1546 by a network access server to distinguish a series of sessions 1547 between the same pair of addresses, which would otherwise 1548 appear to be parts of the same accounting flow." 1549 ::= { flowDataEntry 35 } 1551 flowDataSourceClass OBJECT-TYPE 1552 SYNTAX Integer32 (1..255) 1553 MAX-ACCESS read-only 1554 STATUS current 1555 DESCRIPTION 1556 "Source class for this flow. Determined by the rules, set by 1557 a PushRule action when this flow was entered in the table." 1558 ::= { flowDataEntry 36 } 1560 flowDataDestClass OBJECT-TYPE 1561 SYNTAX Integer32 (1..255) 1562 MAX-ACCESS read-only 1563 STATUS current 1564 DESCRIPTION 1565 "Destination class for this flow. Determined by the rules, set 1566 by a PushRule action when this flow was entered in the table." 1567 ::= { flowDataEntry 37 } 1569 flowDataClass OBJECT-TYPE 1570 SYNTAX Integer32 (1..255) 1571 MAX-ACCESS read-only 1572 STATUS current 1573 DESCRIPTION 1574 "Class for this flow. Determined by the rules, set by a 1575 PushRule action when this flow was entered in the table." 1576 ::= { flowDataEntry 38 } 1578 flowDataSourceKind OBJECT-TYPE 1579 SYNTAX Integer32 (1..255) 1580 MAX-ACCESS read-only 1581 STATUS current 1582 DESCRIPTION 1583 "Source kind for this flow. Determined by the rules, set by 1584 a PushRule action when this flow was entered in the table." 1585 ::= { flowDataEntry 39 } 1587 flowDataDestKind OBJECT-TYPE 1588 SYNTAX Integer32 (1..255) 1589 MAX-ACCESS read-only 1590 STATUS current 1591 DESCRIPTION 1592 "Destination kind for this flow. Determined by the rules, set 1593 by a PushRule action when this flow was entered in the table." 1594 ::= { flowDataEntry 40 } 1596 flowDataKind OBJECT-TYPE 1597 SYNTAX Integer32 (1..255) 1598 MAX-ACCESS read-only 1599 STATUS current 1600 DESCRIPTION 1601 "Class for this flow. Determined by the rules, set by a 1602 PushRule action when this flow was entered in the table." 1603 ::= { flowDataEntry 41 } 1605 -- 1606 -- The Activity Column Table 1607 -- 1609 flowColumnActivityTable OBJECT-TYPE 1610 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1611 MAX-ACCESS not-accessible 1612 STATUS deprecated 1613 DESCRIPTION 1614 "Index into the Flow Table. Allows a meter reader to retrieve 1615 a list containing the flow table indexes of flows which were 1616 last active at or after a given time, together with the values 1617 of a specified attribute for each such flow." 1618 ::= { flowData 2 } 1620 flowColumnActivityEntry OBJECT-TYPE 1621 SYNTAX FlowColumnActivityEntry 1622 MAX-ACCESS not-accessible 1623 STATUS deprecated 1624 DESCRIPTION 1625 "The Column Activity Entry for a particular attribute, 1626 activity time and flow." 1627 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1628 flowColumnActivityIndex } 1629 ::= { flowColumnActivityTable 1 } 1631 FlowColumnActivityEntry ::= SEQUENCE { 1632 flowColumnActivityAttribute FlowAttributeNumber, 1633 flowColumnActivityTime TimeFilter, 1634 flowColumnActivityIndex Integer32, 1635 flowColumnActivityData OCTET STRING 1636 } 1638 flowColumnActivityAttribute OBJECT-TYPE 1639 SYNTAX FlowAttributeNumber 1640 MAX-ACCESS read-only 1641 STATUS deprecated 1642 DESCRIPTION 1643 "Specifies the attribute for which values are required from 1644 active flows." 1645 ::= { flowColumnActivityEntry 1 } 1647 flowColumnActivityTime OBJECT-TYPE 1648 SYNTAX TimeFilter 1649 MAX-ACCESS read-only 1650 STATUS deprecated 1651 DESCRIPTION 1652 "This variable is a copy of flowDataLastActiveTime in the 1653 flow data record identified by the flowColumnActivityIndex 1654 value of this flowColumnActivityTable entry." 1655 ::= { flowColumnActivityEntry 2 } 1657 flowColumnActivityIndex OBJECT-TYPE 1658 SYNTAX Integer32 (1..2147483647) 1659 MAX-ACCESS read-only 1660 STATUS deprecated 1661 DESCRIPTION 1662 "Index of a flow table entry which was active at or after 1663 a specified flowColumnActivityTime." 1664 ::= { flowColumnActivityEntry 3 } 1666 flowColumnActivityData OBJECT-TYPE 1667 SYNTAX OCTET STRING (SIZE (3..1000)) 1668 MAX-ACCESS read-only 1669 STATUS deprecated 1670 DESCRIPTION 1671 "Collection of attribute data for flows active after 1672 flowColumnActivityTime. Within the OCTET STRING is a 1673 sequence of { flow index, attribute value } pairs, one for 1674 each active flow. The end of the sequence is marked by a 1675 flow index value of 0, indicating that there are no more 1676 rows in this column. 1678 The format of objects inside flowColumnFlowData is as follows. 1679 All numbers are unsigned. Numbers and strings appear with 1680 their high-order bytes leading. Numbers are fixed size, as 1681 specified by their SYNTAX in the flow table (above), i.e. one 1682 octet for flowAddressType and small constants, and four octets 1683 for Counter and TimeStamp. Strings are variable-length, with 1684 the length given in a single leading octet. 1686 The following is an attempt at an ASN.1 definition of 1687 flowColumnActivityData: 1689 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1690 flowRowItemEntry ::= SEQUENCE { 1691 flowRowNumber Integer32 (1..65535), 1692 -- 0 indicates the end of this column 1693 flowDataValue flowDataType -- Choice depends on attribute 1694 } 1695 flowDataType ::= CHOICE { 1696 flowByteValue Integer32 (1..255), 1697 flowShortValue Integer32 (1..65535), 1698 flowLongValue Integer32, 1699 flowStringValue OCTET STRING -- Length (n) in first byte, 1700 -- n+1 bytes total length, trailing zeroes truncated 1701 }" 1702 ::= { flowColumnActivityEntry 4 } 1704 -- 1705 -- The Data Package Table 1706 -- 1708 flowDataPackageTable OBJECT-TYPE 1709 SYNTAX SEQUENCE OF FlowDataPackageEntry 1710 MAX-ACCESS not-accessible 1711 STATUS current 1712 DESCRIPTION 1713 "Index into the Flow Table. Allows a meter reader to retrieve 1714 a sequence containing the values of a specified set of 1715 attributes for a flow which came from a specified rule set and 1716 which was last active at or after a given time." 1717 ::= { flowData 3 } 1719 flowDataPackageEntry OBJECT-TYPE 1720 SYNTAX FlowDataPackageEntry 1721 MAX-ACCESS not-accessible 1722 STATUS current 1723 DESCRIPTION 1724 "The data package containing selected variables from 1725 active rows in the flow table." 1726 INDEX { flowPackageSelector, 1727 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1728 ::= { flowDataPackageTable 1 } 1730 FlowDataPackageEntry ::= SEQUENCE { 1731 flowPackageSelector OCTET STRING, 1732 flowPackageRuleSet Integer32, 1733 flowPackageTime TimeFilter, 1734 flowPackageIndex Integer32, 1735 flowPackageData OCTET STRING 1736 } 1738 flowPackageSelector OBJECT-TYPE 1739 SYNTAX OCTET STRING 1740 MAX-ACCESS not-accessible 1741 STATUS current 1742 DESCRIPTION 1743 "Specifies the attributes for which values are required from 1744 an active flow. These are encoded as a sequence of octets 1745 each containing a FlowAttribute number, preceded by an octet 1746 giving the length of the sequence (not including the length 1747 octet). For a flowPackageSelector to be valid, it must 1748 contain at least one attribute." 1749 ::= { flowDataPackageEntry 1 } 1751 flowPackageRuleSet OBJECT-TYPE 1752 SYNTAX Integer32 (1..255) 1753 MAX-ACCESS not-accessible 1754 STATUS current 1755 DESCRIPTION 1756 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1757 set which produced the required flow." 1758 ::= { flowDataPackageEntry 2 } 1760 flowPackageTime OBJECT-TYPE 1761 SYNTAX TimeFilter 1762 MAX-ACCESS not-accessible 1763 STATUS current 1764 DESCRIPTION 1765 "This variable is a copy of flowDataLastActiveTime in the 1766 flow data record identified by the flowPackageIndex 1767 value of this flowPackageTable entry." 1768 ::= { flowDataPackageEntry 3 } 1770 flowPackageIndex OBJECT-TYPE 1771 SYNTAX Integer32 (1..2147483647) 1772 MAX-ACCESS not-accessible 1773 STATUS current 1774 DESCRIPTION 1775 "Index of a flow table entry which was active at or after 1776 a specified flowPackageTime." 1777 ::= { flowDataPackageEntry 4 } 1779 flowPackageData OBJECT-TYPE 1780 SYNTAX OCTET STRING 1781 MAX-ACCESS read-only 1782 STATUS current 1783 DESCRIPTION 1784 "A collection of attribute values for a single flow, as 1785 specified by this row's indexes. The attribute values are 1786 contained within a BER-encoded sequence [7], in the order 1787 they appear in their flowPackageSelector. 1789 For example, to retrieve a flowPackage containing values for 1790 attributes 11, 18 and 29, for a flow in rule set 7, with flow 1791 index 3447, one would GET the package whose Object Identifier 1792 (OID) is 1793 flowPackageData . 3.11.18.29 . 7. 0 . 3447 1795 To get a package for the next such flow which had been 1796 active since time 12345 one would GETNEXT the package whose 1797 Object Identifier (OID) is 1798 flowPackageData . 3.11.18.29 . 7. 12345 . 3447" 1799 ::= { flowDataPackageEntry 5 } 1801 -- 1802 -- The Rule Table 1803 -- 1805 -- This is an array of rule sets; the 'running' ones are indicated 1806 -- by the entries in the meter's flowManagerInfoTable. Several rule 1807 -- sets can be held in a meter so that the manager can change the 1808 -- running rule sets easily, for example with time of day. Note that 1809 -- a manager may not change the rules in any rule set currently 1810 -- referenced within the flowManagerInfoTable (either as 'current' or 1811 -- 'standby')! See the 'Traffic Flow Measurement: Architecture' 1812 -- document [9] for details of rules and how they are used. 1813 -- 1814 -- Space for a rule table is allocated by setting the value of 1815 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1817 flowRuleTable OBJECT-TYPE 1818 SYNTAX SEQUENCE OF FlowRuleEntry 1819 MAX-ACCESS not-accessible 1820 STATUS current 1821 DESCRIPTION 1822 "Contains all the rule sets which may be used by the meter." 1823 ::= { flowRules 1 } 1825 flowRuleEntry OBJECT-TYPE 1826 SYNTAX FlowRuleEntry 1827 MAX-ACCESS not-accessible 1828 STATUS current 1829 DESCRIPTION 1830 "The rule record itself." 1831 INDEX { flowRuleSet, flowRuleIndex } 1832 ::= { flowRuleTable 1 } 1834 FlowRuleEntry ::= SEQUENCE { 1835 flowRuleSet Integer32, 1836 flowRuleIndex Integer32, 1837 flowRuleSelector RuleAttributeNumber, 1838 flowRuleMask RuleAddress, 1839 flowRuleMatchedValue RuleAddress, 1840 flowRuleAction ActionNumber, 1841 flowRuleParameter Integer32 1842 } 1844 flowRuleSet OBJECT-TYPE 1845 SYNTAX Integer32 (1..2147483647) 1846 MAX-ACCESS not-accessible 1847 STATUS current 1848 DESCRIPTION 1849 "Selects a rule set from the array of rule sets." 1850 ::= { flowRuleEntry 1 } 1852 flowRuleIndex OBJECT-TYPE 1853 SYNTAX Integer32 (1..65535) 1854 MAX-ACCESS not-accessible 1855 STATUS current 1856 DESCRIPTION 1857 "The index into the Rule table. N.B: These values will 1858 normally be consecutive, given the fall-through semantics 1859 of processing the table." 1860 ::= { flowRuleEntry 2 } 1862 flowRuleSelector OBJECT-TYPE 1863 SYNTAX RuleAttributeNumber 1864 MAX-ACCESS read-write 1865 STATUS current 1866 DESCRIPTION 1867 "Indicates the attribute to be matched. 1869 null(0) is a special case; null rules always succeed. 1871 matchingStoD(50) is set by the meter's Packet Matching Engine. 1872 Its value is true(1) if the PME is attempting to match the 1873 packet with its addresses in Source-to-Destination order (i.e. 1874 as they appear in the packet), and false(2) otherwise. 1875 Details of how packets are matched are given in the 'Traffic 1876 Flow Measurement: Architecture' document [9]. 1878 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1879 variables, each of which can hold the name (i.e. selector 1880 value) of an address attribute. When one of these is used 1881 as a selector, its value specifies the attribute to be 1882 tested. Variable values are set by an Assign action." 1883 ::= { flowRuleEntry 3 } 1885 flowRuleMask OBJECT-TYPE 1886 SYNTAX RuleAddress 1887 MAX-ACCESS read-write 1888 STATUS current 1889 DESCRIPTION 1890 "The initial mask used to compute the desired value. If the 1891 mask is zero the rule's test will always succeed." 1893 ::= { flowRuleEntry 4 } 1895 flowRuleMatchedValue OBJECT-TYPE 1896 SYNTAX RuleAddress 1897 MAX-ACCESS read-write 1898 STATUS current 1899 DESCRIPTION 1900 "The resulting value to be matched for equality. 1901 Specifically, if the attribute chosen by the flowRuleSelector 1902 logically ANDed with the mask specified by the flowRuleMask 1903 equals the value specified in the flowRuleMatchedValue, then 1904 continue processing the table entry based on the action 1905 specified by the flowRuleAction entry. Otherwise, proceed to 1906 the next entry in the rule table." 1907 ::= { flowRuleEntry 5 } 1909 flowRuleAction OBJECT-TYPE 1910 SYNTAX ActionNumber 1911 MAX-ACCESS read-write 1912 STATUS current 1913 DESCRIPTION 1914 "The action to be taken if this rule's test succeeds, or if 1915 the meter's 'test' flag is off. Actions are opcodes for the 1916 meter's Packet Matching Engine; details are given in the 1917 'Traffic Flow Measurement: Architecture' document [9]." 1918 ::= { flowRuleEntry 6 } 1920 flowRuleParameter OBJECT-TYPE 1921 SYNTAX Integer32 (1..65535) 1922 MAX-ACCESS read-write 1923 STATUS current 1924 DESCRIPTION 1925 "A parameter value providing extra information for the 1926 rule's action." 1927 ::= { flowRuleEntry 7 } 1929 -- 1930 -- Traffic Flow Meter conformance statement 1931 -- 1933 flowMIBCompliances 1934 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1936 flowMIBGroups 1937 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1939 flowControlGroup OBJECT-GROUP 1940 OBJECTS { 1941 flowRuleInfoSize, flowRuleInfoOwner, 1942 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1943 flowRuleInfoName, 1944 flowRuleInfoRulesReady, 1945 flowRuleInfoFlowRecords, 1946 flowInterfaceSampleRate, 1947 flowInterfaceLostPackets, 1948 flowReaderTimeout, flowReaderOwner, 1949 flowReaderLastTime, flowReaderPreviousTime, 1950 flowReaderStatus, flowReaderRuleSet, 1951 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 1952 flowManagerHighWaterMark, 1953 -- flowManagerCounterWrap, <- In DataScaleGroup 1954 flowManagerOwner, flowManagerTimeStamp, 1955 flowManagerStatus, flowManagerRunningStandby, 1956 flowFloodMark, 1957 flowInactivityTimeout, flowActiveFlows, 1958 flowMaxFlows, flowFloodMode } 1959 STATUS deprecated 1960 DESCRIPTION 1961 "The control group defines objects which are used to control 1962 an accounting meter." 1963 ::= {flowMIBGroups 1 } 1965 flowDataTableGroup OBJECT-GROUP 1966 OBJECTS { 1967 -- flowDataIndex, <- Index 1968 -- flowDataTimeMark, <- Index 1969 flowDataStatus, 1970 flowDataSourceInterface, 1971 flowDataSourceAdjacentType, 1972 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 1973 flowDataSourcePeerType, 1974 flowDataSourcePeerAddress, flowDataSourcePeerMask, 1975 flowDataSourceTransType, 1976 flowDataSourceTransAddress, flowDataSourceTransMask, 1977 flowDataDestInterface, 1978 flowDataDestAdjacentType, 1979 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 1980 flowDataDestPeerType, 1981 flowDataDestPeerAddress, flowDataDestPeerMask, 1982 flowDataDestTransType, 1983 flowDataDestTransAddress, flowDataDestTransMask, 1984 -- flowDataRuleSet, <- Index 1985 flowDataToOctets, flowDataToPDUs, 1986 flowDataFromOctets, flowDataFromPDUs, 1987 flowDataFirstTime, flowDataLastActiveTime, 1988 flowDataSourceClass, flowDataDestClass, flowDataClass, 1989 flowDataSourceKind, flowDataDestKind, flowDataKind 1990 } 1991 STATUS deprecated 1992 DESCRIPTION 1993 "The flow table group defines objects which provide the 1994 structure for the flow table, including the creation time 1995 and activity time indexes into it. In addition it defines 1996 objects which provide a base set of flow attributes for the 1997 adjacent, peer and transport layers, together with a flow's 1998 counters and times. Finally it defines a flow's class and 1999 kind attributes, which are set by rule actions." 2000 ::= {flowMIBGroups 2 } 2002 flowDataScaleGroup OBJECT-GROUP 2003 OBJECTS { 2004 flowManagerCounterWrap, 2005 flowDataPDUScale, flowDataOctetScale 2006 } 2007 STATUS deprecated 2008 DESCRIPTION 2009 "The flow scale group defines objects which specify scale 2010 factors for counters." 2011 ::= {flowMIBGroups 3 } 2013 flowDataSubscriberGroup OBJECT-GROUP 2014 OBJECTS { 2015 flowDataSourceSubscriberID, flowDataDestSubscriberID, 2016 flowDataSessionID 2017 } 2018 STATUS current 2019 DESCRIPTION 2020 "The flow subscriber group defines objects which may be used 2021 to identify the end point(s) of a flow." 2022 ::= {flowMIBGroups 4 } 2024 flowDataColumnTableGroup OBJECT-GROUP 2025 OBJECTS { 2026 flowColumnActivityAttribute, 2027 flowColumnActivityIndex, 2028 flowColumnActivityTime, 2029 flowColumnActivityData 2030 } 2031 STATUS deprecated 2032 DESCRIPTION 2033 "The flow column table group defines objects which can be used 2034 to collect part of a column of attribute values from the flow 2035 table." 2036 ::= {flowMIBGroups 5 } 2038 flowDataPackageGroup OBJECT-GROUP 2039 OBJECTS { 2040 -- flowPackageSelector, <- Index 2041 -- flowPackageRuleSet, <- Index 2042 -- flowPackageIndex, <- Index 2043 flowPackageData 2044 } 2046 STATUS current 2047 DESCRIPTION 2048 "The data package group defines objects which can be used 2049 to collect a specified set of attribute values from a row of 2050 the flow table." 2051 ::= {flowMIBGroups 6 } 2053 flowRuleTableGroup OBJECT-GROUP 2054 OBJECTS { 2055 flowRuleSelector, 2056 flowRuleMask, flowRuleMatchedValue, 2057 flowRuleAction, flowRuleParameter 2058 } 2059 STATUS current 2060 DESCRIPTION 2061 "The rule table group defines objects which hold the set(s) 2062 of rules specifying which traffic flows are to be accounted 2063 for." 2064 ::= {flowMIBGroups 7 } 2066 flowDataScaleGroup2 OBJECT-GROUP 2067 OBJECTS { 2068 -- flowManagerCounterWrap, <- Deprecated 2069 flowDataPDUScale, flowDataOctetScale 2070 } 2071 STATUS current 2072 DESCRIPTION 2073 "The flow scale group defines objects which specify scale 2074 factors for counters. This group replaces the earlier 2075 version of flowDataScaleGroup above (now deprecated)." 2076 ::= {flowMIBGroups 8} 2078 flowControlGroup2 OBJECT-GROUP 2079 OBJECTS { 2080 flowRuleInfoSize, flowRuleInfoOwner, 2081 flowRuleInfoTimeStamp, flowRuleInfoStatus, 2082 flowRuleInfoName, 2083 -- flowRuleInfoRulesReady, <- Deprecated 2084 flowRuleInfoFlowRecords, 2085 flowInterfaceSampleRate, 2086 flowInterfaceLostPackets, 2087 flowReaderTimeout, flowReaderOwner, 2088 flowReaderLastTime, flowReaderPreviousTime, 2089 flowReaderStatus, flowReaderRuleSet, 2090 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 2091 flowManagerHighWaterMark, 2092 -- flowManagerCounterWrap, <- In DataScaleGroup 2093 flowManagerOwner, flowManagerTimeStamp, 2094 flowManagerStatus, flowManagerRunningStandby, 2095 flowFloodMark, 2096 flowInactivityTimeout, flowActiveFlows, 2097 flowMaxFlows, flowFloodMode } 2098 STATUS current 2099 DESCRIPTION 2100 "The control group defines objects which are used to control 2101 an accounting meter. It replaces the earlier version of 2102 flowControlGroup above (now deprecated)." 2103 ::= {flowMIBGroups 9 } 2105 flowDataTableGroup2 OBJECT-GROUP 2106 OBJECTS { 2107 -- flowDataIndex, <- Index 2108 -- flowDataTimeMark, <- Index 2109 -- flowDataStatus, <- Deprecated 2110 flowDataSourceInterface, 2111 flowDataSourceAdjacentType, 2112 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2113 flowDataSourcePeerType, 2114 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2115 flowDataSourceTransType, 2116 flowDataSourceTransAddress, flowDataSourceTransMask, 2117 flowDataDestInterface, 2118 flowDataDestAdjacentType, 2119 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2120 flowDataDestPeerType, 2121 flowDataDestPeerAddress, flowDataDestPeerMask, 2122 flowDataDestTransType, 2123 flowDataDestTransAddress, flowDataDestTransMask, 2124 -- flowDataRuleSet, <- Index 2125 flowDataToOctets, flowDataToPDUs, 2126 flowDataFromOctets, flowDataFromPDUs, 2127 flowDataFirstTime, flowDataLastActiveTime, 2128 flowDataSourceClass, flowDataDestClass, flowDataClass, 2129 flowDataSourceKind, flowDataDestKind, flowDataKind 2130 } 2131 STATUS current 2132 DESCRIPTION 2133 "This flow table group defines objects which provide the 2134 structure for the flow table. It replaces the earlier 2135 version of flowDataTableGroup above (now deprecated)." 2136 ::= {flowMIBGroups 10 } 2138 flowMIBCompliance MODULE-COMPLIANCE 2139 STATUS current 2140 DESCRIPTION 2141 "The compliance statement for a Traffic Flow Meter." 2142 MODULE 2143 MANDATORY-GROUPS { 2144 flowControlGroup2, 2145 flowDataTableGroup2, 2146 flowDataPackageGroup, 2147 flowRuleTableGroup 2148 } 2149 ::= { flowMIBCompliances 1 } 2151 END 2153 6 Security Considerations 2155 6.1 SNMP Concerns 2157 There are a number of management objects defined in this MIB that have a 2158 MAX-ACCESS clause of read-write and/or read-create. Such objects may be 2159 considered sensitive or vulnerable in some network environments. The 2160 support for SET operations in a non-secure environment without proper 2161 protection can have a negative effect on network operations. 2163 There are a number of managed objects in this MIB that may contain 2164 sensitive information. These include all the objects in the Control 2165 Group (since they control access to meter resources by Managers and 2166 Meter Readers) and those in the Flow Table (since they hold the 2167 collected traffic flow data). 2169 It is thus important to control even GET access to these objects and 2170 possibly to even encrypt the values of these object when sending them 2171 over the network via SNMP. Not all versions of SNMP provide features for 2172 such a secure environment. 2174 SNMPv1 by itself is not a secure environment. Even if the network 2175 itself is secure (for example by using IPSec), even then, there is no 2176 control as to who on the secure network is allowed to access and GET/SET 2177 (read/change/create/delete) the objects in this MIB. 2179 It is recommended that the implementers consider the security features 2180 as provided by the SNMPv3 framework. Specifically, the use of the 2181 User-based Security Model [14] and the View-based Access Control Model 2182 [15] is recommended. 2184 It is then a customer/user responsibility to ensure that the SNMP entity 2185 giving access to an instance of this MIB is properly configured to give 2186 access to the objects only to those principals (users) that have 2187 legitimate rights to indeed GET or SET (change/create/delete) them. 2189 6.2 Traffic Meter Concerns 2191 This MIB describes how an RTFM traffic meter is controlled, and provides 2192 a way for traffic flow data to be retrieved from it by a meter reader. 2193 This is essentially an application using SNMP as a method of 2194 communication between co-operating hosts; it does not - in itself - have 2195 any inherent security risks. 2197 Since, however, the traffic flow data can be extremely valuable for 2198 network management purposes it is vital that sensible precautions be 2199 taken to keep the meter and its data secure. This requires that access 2200 to the meter for control purposes (e.g. loading RuleSets and reading 2201 flow data) be restricted. Such restriction could be achieved in many 2202 ways, for example 2204 - Physical Separation. Meter(s) and meter reader(s) could be 2205 deployed so that control capabilities are kept within a separate 2206 network, access to which is carefully controlled. 2208 - Application-layer Security. A minimal level of security for SNMP 2209 is provided by using 'community' strings, which are essentially 2210 clear-text passwords. Stronger security for SNMP is being 2211 developed within the IETF (see above); when this becomes available 2212 it should be used to protect managed network equipment. 2214 - Lower-layer Security. Access to the meter can be protected using 2215 encryption at the network layer. For example, one could run SNMP 2216 to the meter through an encrypted TCP tunnel. 2218 When implementing a meter it may be sensible to use separate network 2219 interfaces for control and for metering. If this is done the control 2220 network can be set up so that it doesn't carry any 'user' traffic, and 2221 the metering interfaces can ignore any user attempts to take control of 2222 the meter. 2224 Users should also consider how they will address attempts to circumvent 2225 a meter, i.e. to prevent it from measuring flows. Such attempts are 2226 essentially denial-of-service attacks on the metering interfaces. For 2227 example 2229 - Port Scan attacks. The attacker sends packets to each of a very 2230 large number of IP (Address : Port) pairs. Each of these packets 2231 creates a new flow in the meter; if there are enough of them the 2232 meter will recognise a 'flood' condition, and will probably stop 2233 creating new flows. As a minimum, users (and implementors) should 2234 ensure that meters can recover from flood conditions as soon as 2235 possible after they occur. 2237 - Counter Wrap attacks: The attacker sends enough packets to cause 2238 the counters in a flow to wrap several times between meter 2239 readings, thus causing the counts to be artificially low. The 2240 change to using 64-bit counters in this MIB reduces this problem 2241 significantly. 2243 Users can reduce the severity of both the above attacks by ensuring that 2244 their meters are read often enough to prevent them being flooded. The 2245 resulting flow data will contain a record of the attacking packets, 2246 which may well be useful in determining where any attack came from. 2248 7 Appendix A: Changes Introduced Since RFC 2064 2250 The first version of the Meter MIB was published as RFC 2064 in January 2251 1997. The most significant changes since then are summarised below. 2253 - TEXTUAL CONVENTIONS: Greater use is made of textual conventions to 2254 describe the various types of addresses used by the meter. 2256 - PACKET MATCHING ATTRIBUTES: Computed attributes (e.g. FlowClass 2257 and FlowKind) may now be tested. This allows one to use these 2258 variables to store information during packet matching. 2260 A new attribute, MatchingStoD, has been added. Its value is 1 2261 while a packet is being matched with its adresses in 'wire' 2262 (source-to-destination) order. 2264 - FLOOD MODE: This is now a read-write variable. Setting it to 2265 false(2) switches the meter out of flood mode and back to normal 2266 operation. 2268 - CONTROL TABLES: Several variables have been added to the RuleSet, 2269 Reader and Manager tables to provide more effective control of the 2270 meter's activities. 2272 - FLOW TABLE: 64-bit counters are used for octet and PDU counts. 2273 This reduces the problems caused by the wrap-around of 32-bit 2274 counters in earlier versions. 2276 flowDataRuleSet is now used as an index to the flow table. This 2277 allows a meter reader to collect only those flow table rows created 2278 by a specified RuleSet. 2280 - DATA PACKAGES: This is a new table, allowing a meter reader to 2281 retrieve values for a list of attributes from a flow as a single 2282 object. When used with SNMP GetBulk requests it provides an 2283 efficient way to recover flow data. 2285 Earlier versions had a 'Column Activity Table;' using this it was 2286 difficult to collect all data for a flow efficiently in a single 2287 SNMP request. 2289 8 Acknowledgements 2291 An early draft of this document was produced under the auspices of the 2292 IETF's Accounting Working Group with assistance from the SNMP Working 2293 Group and the Security Area Advisory Group. Particular thanks are due 2294 to Jim Barnes, Sig Handelman and Stephen Stibler for their support and 2295 their assistance with checking early versions of the MIB. 2297 Stephen Stibler shared the development workload of producing the MIB 2298 changes summarized in chpter 5 (above). 2300 9 References 2302 [1] McCloghrie, K., and Rose, M., Editors, "Management 2303 Information Base for Network Management of TCP/IP-based 2304 internets," RFC 1213, Performance Systems International, 2305 March 1991. 2307 [2] Case J., McCloghrie K., Rose M., and Waldbusser S., 2308 "Structure of Management Information for version 2 of the 2309 Simple Network Managemenet Protocol," RFC 1902, SNMP 2310 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2311 Carnegie Mellon University, January 1996. 2313 [3] Case J., McCloghrie, K., Rose, M., and Waldbusser, S., 2314 "Textual Conventions for version 2 of the Simple Network 2315 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2316 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2317 University, January 1996. 2319 [4] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2320 "Conformance Statements for version 2 of the Simple Network 2321 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2322 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2323 University, January 1996. 2325 [5] Case, J., McCloghrie, K., Rose, M., and Waldbusser, S., 2326 "Coexistence between version 1 and version 2 of the 2327 Internet-standard Network Management Framework," RFC 1908, SNMP 2328 Research Inc., Hughes LAN Systems, Dover Beach Consulting, 2329 Carnegie Mellon University, January 1996. 2331 [6] Information processing systems - Open Systems 2332 Interconnection - Specification of Abstract Syntax Notation One 2333 (ASN.1), International Organization for Standardization, 2334 International Standard 8824, December 1987. 2336 [7] Information processing systems - Open Systems 2337 Interconnection - Specification of Basic Encoding Rules for 2338 Abstract Notation One (ASN.1), International Organization for 2339 Standardization, International Standard 8825, December 1987. 2341 [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2342 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2343 Technology Corporation, November 1991. 2345 [9] Brownlee, N., Mills, C., and G. Ruth, "Traffic Flow 2346 Measurement: Architecture", RFC 2063, The University of 2347 Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, 2348 January 1997. 2350 [10] Waldbusser, S., "Remote Network Monitoring Management 2351 Information Base Version 2 using SMIv2," RFC 2021, INS, 2352 January 1997. 2354 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2355 ISI, October 1994. 2357 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2358 SNMP Research Incorporated, January 1992. 2360 [13] Hinden, R., Deering, S., "IP Version 6 Addressing 2361 Architecture," RFC 1884, Ipsilon Networks, Xerox PARC, 2362 December 1995. 2364 [14] Blumenthal, U., and B. Wijnen, "User-based Security Model 2365 (USM) for version 3 of the Simple Network Management 2366 Protocol (SNMPv3)", RFC 2274, January 1998. 2368 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 2369 Access Control Model for the Simple Network Management 2370 Protocol (SNMP)", RFC 2275, January 1998. 2372 10 Author's Address 2374 Nevil Brownlee 2375 Information Technology Systems & Services 2376 The University of Auckland 2378 Phone: +64 9 373 7599 x8941 2379 E-mail: n.brownlee@auckland.ac.nz 2381 Expires March 1999