idnits 2.17.1 draft-ietf-rtfm-meter-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1736 has weird spacing: '...taValue flow...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 1999) is 8958 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '1' is mentioned on line 2318, but not defined == Missing Reference: '2' is mentioned on line 173, but not defined == Missing Reference: '3' is mentioned on line 402, but not defined == Missing Reference: '4' is mentioned on line 144, but not defined == Missing Reference: '5' is mentioned on line 199, but not defined == Missing Reference: '6' is mentioned on line 181, but not defined == Missing Reference: '7' is mentioned on line 118, but not defined == Missing Reference: '8' is mentioned on line 1829, but not defined == Missing Reference: '9' is mentioned on line 151, but not defined ** Obsolete normative reference: RFC 2021 (ref. '10') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1700 (ref. '11') (Obsoleted by RFC 3232) ** Downref: Normative reference to an Historic RFC: RFC 1285 (ref. '12') ** Obsolete normative reference: RFC 2373 (ref. '13') (Obsoleted by RFC 3513) ** Obsolete normative reference: RFC 2274 (ref. '14') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) ** Downref: Normative reference to an Informational RFC: RFC 2330 (ref. '16') Summary: 10 errors (**), 0 flaws (~~), 12 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force Nevil Brownlee 2 INTERNET-DRAFT The University of Auckland 3 April 1999 4 Expires October 1999 6 Traffic Flow Measurement: Meter MIB 8 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with all 13 provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering Task 16 Force (IETF), its areas, and its working groups. Note that other groups 17 may also distribute working documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference material 22 or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet Draft is a product of the Realtime Traffic Flow 31 Measurement Working Group of the IETF. 33 Abstract 35 A 'Traffic Meter' collects data relating to traffic flows within a 36 network. This document defines a Management Information Base (MIB) for 37 use in controlling a traffic meter, in particular for specifying the 38 flows to be measured. It also provides an efficient mechanism for 39 retrieving flow data from the meter using SNMP. Security issues 40 concerning the operation of traffic meters are summarised. 42 Contents 44 1 Introduction 2 46 2 The Network Management Framework 3 48 3 Objects 3 49 3.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . 4 51 4 Overview 4 52 4.1 Scope of Definitions, Textual Conventions . . . . . . . . . . 5 53 4.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 5 55 5 Definitions 7 57 6 Security Considerations 45 58 6.1 SNMP Concerns . . . . . . . . . . . . . . . . . . . . . . . . 45 59 6.2 Traffic Meter Concerns . . . . . . . . . . . . . . . . . . . . 45 61 7 IANA Considerations 47 63 8 Appendix A: Changes Introduced Since RFC 2064 47 65 9 Acknowledgements 48 67 10 References 49 69 11 Author's Address 50 71 1 Introduction 73 This memo defines a portion of the Management Information Base (MIB) for 74 use with network management protocols in the Internet community. In 75 particular, it describes objects for managing and collecting data from 76 network Realtime Traffic Flow Meters, as described in [1]. 78 The MIB is 'basic' in the sense that it provides more than enough 79 information for everyday traffic measurment. Furthermore, it can be 80 easily extended by adding new attributes as required. The RTFM Working 81 group is actively pursuing the development of the meter in this way. 83 2 The Network Management Framework 85 The Internet-standard Network Management Framework consists of three 86 components. They are: 88 RFC 1155 defines the SMI, the mechanisms used for describing 89 and naming objects for the purpose of management. RFC 1212 90 defines a more concise description mechanism, which is wholly 91 consistent with the SMI. 93 RFC 1156 defines MIB-I, the core set of managed objects for the 94 Internet suite of protocols. RFC 1213 [2] defines MIB-II, an 95 evolution of MIB-I based on implementation experience and new 96 operational requirements. 98 RFC 1157 defines the SNMP, the protocol used for network access 99 to managed objects. 101 RFC 1902 [3] defines the SMI for version 2 of the Simple 102 Network Management Protocol. 104 RFCs 1903 and 1904 [4,5] define Textual Conventions and 105 Conformance Statements for version 2 of the Simple Network 106 Management Protocol. 108 RFC 1908 [6] describes how versions 1 and 2 of the Simple 109 Network Management Protocol should coexist. 111 The Framework permits new objects to be defined for the purpose of 112 experimentation and evaluation. 114 3 Objects 116 Managed objects are accessed via a virtual information store, termed the 117 Management Information Base or MIB. Objects in the MIB are defined using 118 the subset of Abstract Syntax Notation One (ASN.1) [7] defined in the 119 SMI. In particular, each object has a name, a syntax, and an encoding. 120 The name is an object identifier, an administratively assigned name, 121 which specifies an object type. The object type together with an object 122 instance serves to uniquely identify a specific instantiation of the 123 object. For human convenience, we often use a textual string, termed 124 the OBJECT DESCRIPTOR, to also refer to the object type. 126 The syntax of an object type defines the abstract data structure 127 corresponding to that object type. The ASN.1 language is used for this 128 purpose. However, the SMI [3] purposely restricts the ASN.1 constructs 129 which may be used. These restrictions are explicitly made for 130 simplicity. 132 The encoding of an object type is simply how that object type is 133 represented using the object type's syntax. Implicitly tied to the 134 notion of an object type's syntax and encoding is how the object type is 135 represented when being transmitted on the network. 137 The SMI specifies the use of the basic encoding rules of ASN.1 [8], 138 subject to the additional requirements imposed by the SNMP. 140 3.1 Format of Definitions 142 Section 4 contains the specification of all object types contained in 143 this MIB module. These object types are specified using the conventions 144 defined in [3] and [4]. 146 4 Overview 148 Traffic Flow Measurement seeks to provide a well-defined method for 149 gathering traffic flow information from networks and internetworks. The 150 background for this is given in "Traffic Flow Measurement: Background" 151 [9]. The Realtime Traffic Flow Measurement (rtfm) Working Group has 152 produced a measurement architecture to achieve this goal; this is 153 documented in "Traffic Flow Measurement: Architecture" [1]. The 154 architecture defines three entities: 156 - METERS, which observe network traffic flows and build up a table of 157 flow data records for them, 159 - METER READERS, which collect traffic flow data from meters, and 161 - MANAGERS, which oversee the operation of meters and meter readers. 163 This memo defines the SNMP management information for a Traffic Flow 164 Meter (TFM). Work in this field was begun by the Internet Accounting 165 Working Group. It has been further developed and expanded by the 166 Realtime Traffic Flow Measurement Working Group. 168 4.1 Scope of Definitions, Textual Conventions 170 All objects defined in this memo are registered in a single subtree 171 within the mib-2 namespace [2,3], and are for use in network devices 172 which may perform a PDU forwarding or monitoring function. For these 173 devices, the value of the ifSpecific variable in the MIB-II [2] has the 174 OBJECT IDENTIFIER value: 176 flowMIB OBJECT IDENTIFIER ::= mib-2 40 178 as defined below. 180 The RTFM Meter MIB was first produced and tested using SNMPv1. It was 181 converted into SNMPv2 following the guidelines in RFC 1908 [6]. 183 4.2 Usage of the MIB variables 185 The MIB is organised in four parts - control, data, rules and 186 conformance statements. 188 The rules implement the set of packet-matching actions, as described in 189 the "Traffic Flow Measurment: Architecture" document [1]. In addition 190 they provide for BASIC-style subroutines, allowing a network manager to 191 dramatically reduce the number of rules required to monitor a large 192 network. 194 Traffic flows are identified by a set of attributes for each of their 195 end-points. Attributes include network addresses for each layer of the 196 network protocol stack, and 'subscriber ids,' which may be used to 197 identify an accountable entity for the flow. 199 The conformance statements are set out as defined in [5]. They explain 200 what must be implemented in a meter which claims to conform to this MIB. 202 To retrieve flow data one could simply do a linear scan of the flow 203 table. This would certainly work, but would require a lot of protocol 204 exchanges. To reduce the overhead in retrieving flow data the flow 205 table uses a TimeFilter variable, defined as a Textual Convention in the 206 RMON2 MIB [10]. 208 As an alternative method of reading flow data, the MIB provides a view 209 of the flow table called the flowDataPackageTable. This is (logically) 210 a four-dimensional array, subscripted by package selector, ruleset, 211 activity time and starting flow number. The package selector is a 212 sequence of bytes which specifies a list of flow attributes. 214 A data package (as returned by the meter) is a sequence of values for 215 the attributes specified in its selector, encoded using the Basic 216 Encoding Rules [8]. It allows a meter reader to retrieve all the 217 attribute values it requires in a single MIB object. This, when used 218 together with SNMPv2's GetBulk request, allows a meter reader to scan 219 the flow table and upload a specified set of attribute values for flows 220 which have changed since the last reading, and which were created by a 221 specified rule set. 223 One aspect of data collection which needs emphasis is that all the MIB 224 variables are set up to allow multiple independent meter readers to work 225 properly, i.e. the flow table indexes are stateless. An alternative 226 approach would have been to 'snapshot' the flow table, which would mean 227 that the meter readers would have to be synchronized. The stateless 228 approach does mean that two meter readers will never return exactly the 229 same set of traffic counts, but over long periods (e.g. 15-minute 230 collections over a day) the discrepancies are acceptable. If one really 231 needs a snapshot, this can be achieved by switching to an identical rule 232 set with a different RuleSet number, hence asynchronous collections may 233 be regarded as a useful generalisation of synchronised ones. 235 The control variables are the minimum set required for a meter reader. 236 Their number has been whittled down as experience has been gained with 237 the MIB implementation. A few of them are 'general,' i.e. they control 238 the overall behaviour of the meter. These are set by a single 'master' 239 manager, and no other manager should attempt to change their values. 240 The decision as to which manager is the 'master' must be made by the 241 network operations personnel responsible; this MIB does not attempt to 242 define any interaction between managers. 244 There are three other groups of control variables, arranged into tables 245 in the same way as in the RMON2 MIB [10]. They are used as follows: 247 - RULE SET INFO: Before attempting to download a RuleSet, a manager 248 must create a row in the flowRuleSetInfoTable and set its 249 flowRuleInfoSize to a value large enough to hold the RuleSet. When 250 the rule set is ready the manager must set flowRuleInfoRulesReady 251 to 'true,' indicating that the rule set is ready for use (but not 252 yet 'running'). 254 - METER READER INFO: Any meter reader wishing to collect data 255 reliably for all flows from a RuleSet should first create a row in 256 the flowReaderInfoTable with flowReaderRuleSet set to that 257 RuleSet's index in the flowRuleSetInfoTable. It should write that 258 row's flowReaderLastTime object each time it starts a collection 259 pass through the flow table. The meter will not recover a flow's 260 memory until every meter reader holding a row for that flow's 261 RuleSet has collected the flow's data. 263 - MANAGER INFO: Any manager wishing to run a RuleSet in the meter 264 must create a row in the flowManagerInfo table, specifying the 265 desired RuleSet to run and its corresponding 'standby' Ruleset (if 266 one is desired). A current RuleSet is 'running' if its 267 flowManagerRunningStandby value is false(2), similarly a standby 268 RuleSet is 'running' if flowManagerRunningStandby is true(1). 270 Times within the meter are in terms of its Uptime, i.e. centiseconds 271 since the meter started. For meters implemented as self-contained SNMP 272 agents this will be the same as sysUptime, but this may not be true for 273 meters implemented as subagents. Managers can read the meter's Uptime 274 when neccessary (e.g. to set a TimeFilter value) by setting 275 flowReaderLastTime, then reading its new value. 277 5 Definitions 279 FLOW-METER-MIB DEFINITIONS ::= BEGIN 281 IMPORTS 282 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, Integer32 283 FROM SNMPv2-SMI 284 TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue 285 FROM SNMPv2-TC 286 OBJECT-GROUP, MODULE-COMPLIANCE 287 FROM SNMPv2-CONF 288 mib-2, ifIndex 289 FROM RFC1213-MIB 290 OwnerString 291 FROM RMON-MIB 292 TimeFilter 293 FROM RMON2-MIB; 295 flowMIB MODULE-IDENTITY 296 LAST-UPDATED "9904061529Z" 297 ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group" 298 CONTACT-INFO 299 "Nevil Brownlee, The University of Auckland 301 Postal: Information Technology Sytems & Services 302 The University of Auckland 303 Private Bag 92-019 304 Auckland, New Zealand 306 Phone: +64 9 373 7599 x8941 307 E-mail: n.brownlee@auckland.ac.nz" 308 DESCRIPTION 309 "MIB for the RTFM Traffic Flow Meter." 311 REVISION "9712230937Z" 312 DESCRIPTION 313 "Two further variables deprecated: 314 - flowRuleInfoRulesReady (use flowRuleInfoStatus intead) 315 - flowDataStatus (contains no useful information)" 317 REVISION "9707071715Z" 318 DESCRIPTION 319 "Significant changes since RFC 2064 include: 320 - flowDataPackageTable added 321 - flowColumnActivityTable deprecated 322 - flowManagerCounterWrap deprecated" 324 REVISION "9603080208Z" 325 DESCRIPTION 326 "Initial version of this MIB (RFC 2064)" 327 ::= { mib-2 40 } 329 flowControl OBJECT IDENTIFIER ::= { flowMIB 1 } 331 flowData OBJECT IDENTIFIER ::= { flowMIB 2 } 333 flowRules OBJECT IDENTIFIER ::= { flowMIB 3 } 335 flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 } 337 -- Textual Conventions 339 MediumType ::= TEXTUAL-CONVENTION 340 STATUS current 341 DESCRIPTION 342 "Specifies the type of a MediumAddress (see below). The 343 values used for IEEE 802 media are from the 'Network 344 Management Parameters (ifType definitions)' section of the 345 Assigned Numbers RFC [11]. Other medium types may also 346 be used, provided only that they are identified by their 347 assigned numbers." 348 SYNTAX INTEGER { 349 ethernet(7), 350 tokenring(9), 351 fddi(15) } 353 MediumAddress ::= TEXTUAL-CONVENTION 354 STATUS current 355 DESCRIPTION 356 "Specifies the value of a Medium Access Control (MAC) address. 357 Address format depends on the actual Medium, as follows: 359 Ethernet: ethernet(7) 360 6-octet 802.3 MAC address in 'canonical' order 362 Token Ring: tokenring(9) 363 6-octet 802.5 MAC address in 'canonical' order 365 FDDI: fddi(15) 366 FddiMACLongAddress, i.e. a 6-octet MAC address 367 in 'canonical' order (defined in the FDDI MIB [12]) 368 " 369 SYNTAX OCTET STRING (SIZE (6..20)) 371 PeerType ::= TEXTUAL-CONVENTION 372 STATUS current 373 DESCRIPTION 374 "Indicates the type of a PeerAddress (see below). The values 375 used are from the 'Address Family Numbers' section of the 376 Assigned Numbers RFC [11]. Peer types from other address 377 types may also be used, provided only that they are identified 378 by their assigned numbers." 379 SYNTAX INTEGER { 380 ipv4(1), 381 ipv6(2), 382 nsap(3), 383 ipx(11), 384 appletalk(12), 385 decnet(13) } 387 PeerAddress ::= TEXTUAL-CONVENTION 388 STATUS current 389 DESCRIPTION 390 "Specifies the value of a peer address for various network 391 protocols. Address format depends on the actual protocol, 392 as indicated below: 394 IPv4: ipv4(1) 395 4-octet IpAddress (defined in the SNMPv2 SMI [3]) 397 IPv6: ipv6(2) 398 16-octet IpAddress (defined in the 399 IPv6 Addressing RFC [13]) 401 CLNS: nsap(3) 402 NsapAddress (defined in the SNMPv2 SMI [3]) 404 Novell: ipx(11) 405 4-octet Network number, 406 6-octet Host number (MAC address) 408 AppleTalk: appletalk(12) 409 2-octet Network number (sixteen bits), 410 1-octet Host number (eight bits) 412 DECnet: decnet(13) 413 1-octet Area number (in low-order six bits), 414 2-octet Host number (in low-order ten bits) 415 " 416 SYNTAX OCTET STRING (SIZE (3..20)) 418 AdjacentType ::= TEXTUAL-CONVENTION 419 STATUS current 420 DESCRIPTION 421 "Indicates the type of an adjacent address. 422 Is a superset of MediumType and PeerType." 423 SYNTAX INTEGER { 424 ip(1), 425 nsap(3), 426 ethernet(7), 427 tokenring(9), 428 ipx(11), 429 appletalk(12), 430 decnet(13), 431 fddi(15) } 433 AdjacentAddress ::= TEXTUAL-CONVENTION 434 STATUS current 435 DESCRIPTION 436 "Specifies the value of an adjacent address. 437 Is a superset of MediumAddress and PeerAddress." 438 SYNTAX OCTET STRING (SIZE (3..20)) 440 TransportType ::= TEXTUAL-CONVENTION 441 STATUS current 442 DESCRIPTION 443 "Indicates the type of a TransportAddress (see below). Values 444 will depend on the actual protocol; for IP they will be those 445 given in the 'Protocol Numbers' section of the Assigned Numbers 446 RFC [11], including icmp(1), tcp(6) and udp(17)." 447 SYNTAX Integer32 (1..255) 449 TransportAddress ::= TEXTUAL-CONVENTION 450 STATUS current 451 DESCRIPTION 452 "Specifies the value of a transport address for various 453 network protocols. Format as follows: 455 IP: 456 2-octet UDP or TCP port number 458 Other protocols: 459 2-octet port number 460 " 461 SYNTAX OCTET STRING (SIZE (2)) 463 RuleAddress ::= TEXTUAL-CONVENTION 464 STATUS current 465 DESCRIPTION 466 "Specifies the value of an address. Is a superset of 467 MediumAddress, PeerAddress and TransportAddress." 468 SYNTAX OCTET STRING (SIZE (2..20)) 470 FlowAttributeNumber ::= TEXTUAL-CONVENTION 471 STATUS current 472 DESCRIPTION 473 "Uniquely identifies an attribute within a flow data record." 474 SYNTAX INTEGER { 475 flowIndex(1), 476 flowStatus(2), 477 flowTimeMark(3), 479 sourceInterface(4), 480 sourceAdjacentType(5), 481 sourceAdjacentAddress(6), 482 sourceAdjacentMask(7), 483 sourcePeerType(8), 484 sourcePeerAddress(9), 485 sourcePeerMask(10), 486 sourceTransType(11), 487 sourceTransAddress(12), 488 sourceTransMask(13), 490 destInterface(14), 491 destAdjacentType(15), 492 destAdjacentAddress(16), 493 destAdjacentMask(17), 494 destPeerType(18), 495 destPeerAddress(19), 496 destPeerMask(20), 497 destTransType(21), 498 destTransAddress(22), 499 destTransMask(23), 501 pduScale(24), 502 octetScale(25), 504 ruleSet(26), 505 toOctets(27), -- Source-to-Dest 506 toPDUs(28), 507 fromOctets(29), -- Dest-to-Source 508 fromPDUs(30), 509 firstTime(31), -- Activity times 510 lastActiveTime(32), 512 sourceSubscriberID(33), -- Subscriber ID 513 destSubscriberID(34), 514 sessionID(35), 516 sourceClass(36), -- Computed attributes 517 destClass(37), 518 flowClass(38), 519 sourceKind(39), 520 destKind(40), 521 flowKind(41) } 523 RuleAttributeNumber ::= TEXTUAL-CONVENTION 524 STATUS current 525 DESCRIPTION 526 "Uniquely identifies an attribute which may be tested in 527 a rule. These include attributes whose values come directly 528 from (or are computed from) the flow's packets, and the five 529 'meter' variables used to hold an Attribute Number." 530 SYNTAX INTEGER { 531 null(0), 532 sourceInterface(4), -- Source Address 533 sourceAdjacentType(5), 534 sourceAdjacentAddress(6), 535 sourcePeerType(8), 536 sourcePeerAddress(9), 537 sourceTransType(11), 538 sourceTransAddress(12), 540 destInterface(14), -- Dest Address 541 destAdjacentType(15), 542 destAdjacentAddress(16), 543 destPeerType(18), 544 destPeerAddress(19), 545 destTransType(21), 546 destTransAddress(22), 548 sourceSubscriberID(33), -- Subscriber ID 549 destSubscriberID(34), 550 sessionID(35), 552 sourceClass(36), -- Computed attributes 553 destClass(37), 554 flowClass(38), 555 sourceKind(39), 556 destKind(40), 557 flowKind(41), 559 matchingStoD(50), -- Packet matching 561 v1(51), -- Meter variables 562 v2(52), 563 v3(53), 564 v4(54), 565 v5(55) } 567 ActionNumber ::= TEXTUAL-CONVENTION 568 STATUS current 569 DESCRIPTION 570 "Uniquely identifies the action of a rule, i.e. the Pattern 571 Matching Engine's opcode number. Details of the opcodes 572 are given in the 'Traffic Flow Measurement: Architecture' 573 document [1]." 574 SYNTAX INTEGER { 575 ignore(1), 576 noMatch(2), 577 count(3), 578 countPkt(4), 579 return(5), 580 gosub(6), 581 gosubAct(7), 582 assign(8), 583 assignAct(9), 584 goto(10), 585 gotoAct(11), 586 pushRuleTo(12), 587 pushRuleToAct(13), 588 pushPktTo(14), 589 pushPktToAct(15), 590 popTo(16), 591 popToAct(17) } 593 -- 594 -- Control Group: Rule Set Info Table 595 -- 597 flowRuleSetInfoTable OBJECT-TYPE 598 SYNTAX SEQUENCE OF FlowRuleSetInfoEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "An array of information about the rule sets held in the 603 meter. 605 Any manager may configure a new rule set for the meter by 606 creating a row in this table with status active(1), and setting 607 values for all the objects in its rules. At this stage the new 608 rule set is available but not 'running,' i.e. it is not being 609 used by the meter to produce entries in the flow table. 611 To actually 'run' a rule set a manager must create a row in 612 the flowManagerInfoTable, set it's flowManagerStatus to 613 active(1), and set either its CurrentRuleSet or StandbyRuleSet 614 to point to the rule set to be run. 616 Once a rule set is running a manager may not change any of the 617 objects within the rule set itself. Any attempt to do so should 618 result in a notWritable(17) SNMP error-status for such objects. 620 A manager may stop a rule set running by removing all 621 references to it in the flowManagerInfoTable (i.e. by setting 622 CurrentRuleSet and StandbyRuleSet values to 0). This provides 623 a way to stop rule sets left running if a manager fails. 624 For example, when a manager is started, it could search the 625 meter's flowManager table and stop all rule sets having a 626 specified value of flowRuleInfoOwner. 628 To prevent a manager from interfering with variables belonging 629 to another manager, the meter should use SNMP views so as to 630 limit each manager's access to the meter's variables, 631 effectively dividing the single meter into several virtual 632 meters, one for each independent manager." 633 ::= { flowControl 1 } 635 flowRuleSetInfoEntry OBJECT-TYPE 636 SYNTAX FlowRuleSetInfoEntry 637 MAX-ACCESS not-accessible 638 STATUS current 639 DESCRIPTION 640 "Information about a particular rule set." 641 INDEX { flowRuleInfoIndex } 642 ::= { flowRuleSetInfoTable 1 } 644 FlowRuleSetInfoEntry ::= SEQUENCE { 645 flowRuleInfoIndex Integer32, 646 flowRuleInfoSize Integer32, 647 flowRuleInfoOwner OwnerString, 648 flowRuleInfoTimeStamp TimeStamp, 649 flowRuleInfoStatus RowStatus, 650 flowRuleInfoName OCTET STRING, 651 flowRuleInfoRulesReady TruthValue, 652 flowRuleInfoFlowRecords Integer32 653 } 655 flowRuleInfoIndex OBJECT-TYPE 656 SYNTAX Integer32 (1..2147483647) 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "An index which selects an entry in the flowRuleSetInfoTable. 661 Each such entry contains control information for a particular 662 rule set which the meter may run." 663 ::= { flowRuleSetInfoEntry 1 } 665 flowRuleInfoSize OBJECT-TYPE 666 SYNTAX Integer32 667 MAX-ACCESS read-create 668 STATUS current 669 DESCRIPTION 670 "Number of rules in this rule set. Setting this variable will 671 cause the meter to allocate space for these rules." 672 ::= { flowRuleSetInfoEntry 2 } 674 flowRuleInfoOwner OBJECT-TYPE 675 SYNTAX OwnerString 676 MAX-ACCESS read-create 677 STATUS current 678 DESCRIPTION 679 "Identifies the manager which 'owns' this rule set. A manager 680 must set this variable when creating a row in this table." 681 ::= { flowRuleSetInfoEntry 3 } 683 flowRuleInfoTimeStamp OBJECT-TYPE 684 SYNTAX TimeStamp 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "Time this row's associated rule set was last changed." 689 ::= { flowRuleSetInfoEntry 4 } 691 flowRuleInfoStatus OBJECT-TYPE 692 SYNTAX RowStatus 693 MAX-ACCESS read-create 694 STATUS current 695 DESCRIPTION 696 "The status of this flowRuleSetInfoEntry. If this value is 697 not active(1) the meter must not attempt to use the row's 698 associated rule set. Once its value has been set to active(1) 699 a manager may not change any of the other variables in the 700 row, nor the contents of the associated rule set. Any attempt 701 to do so should result in a notWritable(17) SNMP error-status 702 for such variables or objects. 704 To download a rule set, a manger could: 705 - Locate an open slot in the RuleSetInfoTable. 706 - Create a RuleSetInfoEntry by setting the status for this 707 open slot to createAndWait(5). 708 - Set flowRuleInfoSize and flowRuleInfoName as required. 709 - Download the rules into the row's rule table. 710 - Set flowRuleInfoStatus to active(1). 712 The rule set would then be ready to run. The manager is not 713 allowed to change the value of flowRuleInfoStatus from 714 active(1) if the associated RuleSet is being referenced by any 715 of the entries in the flowManagerInfoTable. 717 Setting RuleInfoStatus to destroy(6) destroys the associated 718 rule set together with any flow data collected by it." 719 ::= { flowRuleSetInfoEntry 5 } 721 flowRuleInfoName OBJECT-TYPE 722 SYNTAX OCTET STRING 723 MAX-ACCESS read-create 724 STATUS current 725 DESCRIPTION 726 "An alphanumeric identifier used by managers and readers to 727 identify a rule set. For example, a manager wishing to run a 728 rule set named WWW-FLOWS could search the flowRuleSetInfoTable 729 to see whether the WWW-FLOWS rule set is already available on 730 the meter. 732 Note that references to rule sets in the flowManagerInfoTable 733 use indexes for their flowRuleSetInfoTable entries. These may 734 be different each time the rule set is loaded into a meter." 735 ::= { flowRuleSetInfoEntry 6 } 737 flowRuleInfoRulesReady OBJECT-TYPE 738 SYNTAX TruthValue 739 MAX-ACCESS read-create 740 STATUS deprecated 741 DESCRIPTION 742 "Indicates whether the rules for this row's associated rule set 743 are ready for use. The meter will refuse to 'run' the rule set 744 unless this variable has been set to true(1). 745 While RulesReady is false(2), the manager may modify the rule 746 set, for example by downloading rules into it." 747 ::= { flowRuleSetInfoEntry 7 } 749 flowRuleInfoFlowRecords OBJECT-TYPE 750 SYNTAX Integer32 751 MAX-ACCESS read-only 752 STATUS current 753 DESCRIPTION 754 "The number of entries in the flow table for this rule set. 755 These may be current (waiting for collection by one or more 756 meter readers) or idle (waiting for the meter to recover 757 their memory)." 758 ::= { flowRuleSetInfoEntry 8 } 760 -- 761 -- Control Group: Interface Info Table 762 -- 764 flowInterfaceTable OBJECT-TYPE 765 SYNTAX SEQUENCE OF FlowInterfaceEntry 766 MAX-ACCESS not-accessible 767 STATUS current 768 DESCRIPTION 769 "An array of information specific to each meter interface." 770 ::= { flowControl 2 } 772 flowInterfaceEntry OBJECT-TYPE 773 SYNTAX FlowInterfaceEntry 774 MAX-ACCESS not-accessible 775 STATUS current 776 DESCRIPTION 777 "Information about a particular interface." 778 INDEX { ifIndex } 779 ::= { flowInterfaceTable 1 } 781 FlowInterfaceEntry ::= SEQUENCE { 782 flowInterfaceSampleRate Integer32, 783 flowInterfaceLostPackets Counter32 784 } 786 flowInterfaceSampleRate OBJECT-TYPE 787 SYNTAX Integer32 788 MAX-ACCESS read-write 789 STATUS current 790 DESCRIPTION 791 "The parameter N for statistical counting on this interface. 792 Set to N to count 1/Nth of the packets appearing at this 793 interface. A sampling rate of 1 counts all packets. 794 A sampling rate of 0 results in the interface being ignored 795 by the meter. 797 A meter should choose its own algorithm to introduce variance 798 into the sampling so that exactly every Nth packet is not 799 counted. The IPPM Working Group's RFC 'Framework for IP 800 Performance Metrics' [16] explains why this should be done, 801 and sets out an algorithm for doing it." 802 DEFVAL { 1 } 803 ::= { flowInterfaceEntry 1 } 805 flowInterfaceLostPackets OBJECT-TYPE 806 SYNTAX Counter32 807 MAX-ACCESS read-only 808 STATUS current 809 DESCRIPTION 810 "The number of packets the meter has lost for this interface. 811 Such losses may occur because the meter has been unable to 812 keep up with the traffic volume." 813 ::= { flowInterfaceEntry 2 } 815 -- 816 -- Control Group: Meter Reader Info Table 817 -- 818 -- Any meter reader wishing to collect data reliably for flows 819 -- should first create a row in this table. It should write that 820 -- row's flowReaderLastTime object each time it starts a collection 821 -- pass through the flow table. 823 -- If a meter reader (MR) does not create a row in this table, e.g. 824 -- because it failed authentication in the meter's SNMP write 825 -- community, collection can still proceed but the meter will not be 826 -- aware of meter reader MR. This could lead the meter to recover 827 -- flows before they have been collected by MR. 829 flowReaderInfoTable OBJECT-TYPE 830 SYNTAX SEQUENCE OF FlowReaderInfoEntry 831 MAX-ACCESS not-accessible 832 STATUS current 833 DESCRIPTION 834 "An array of information about meter readers which have 835 registered their intent to collect flow data from this meter." 836 ::= { flowControl 3 } 838 flowReaderInfoEntry OBJECT-TYPE 839 SYNTAX FlowReaderInfoEntry 840 MAX-ACCESS not-accessible 841 STATUS current 842 DESCRIPTION 843 "Information about a particular meter reader." 844 INDEX { flowReaderIndex } 845 ::= { flowReaderInfoTable 1 } 847 FlowReaderInfoEntry ::= SEQUENCE { 848 flowReaderIndex Integer32, 849 flowReaderTimeout Integer32, 850 flowReaderOwner OwnerString, 851 flowReaderLastTime TimeStamp, 852 flowReaderPreviousTime TimeStamp, 853 flowReaderStatus RowStatus, 854 flowReaderRuleSet Integer32 855 } 857 flowReaderIndex OBJECT-TYPE 858 SYNTAX Integer32 (1..2147483647) 859 MAX-ACCESS not-accessible 860 STATUS current 861 DESCRIPTION 862 "An index which selects an entry in the flowReaderInfoTable." 863 ::= { flowReaderInfoEntry 1 } 865 flowReaderTimeout OBJECT-TYPE 866 SYNTAX Integer32 867 MAX-ACCESS read-create 868 STATUS current 869 DESCRIPTION 870 "Specifies the maximum time (in seconds) between flow data 871 collections for this meter reader. If this time elapses 872 without a collection, the meter should assume that this meter 873 reader has stopped collecting, and delete this row from the 874 table. A value of zero indicates that this row should not be 875 timed out." 876 ::= { flowReaderInfoEntry 2 } 878 flowReaderOwner OBJECT-TYPE 879 SYNTAX OwnerString 880 MAX-ACCESS read-create 881 STATUS current 882 DESCRIPTION 883 "Identifies the meter reader which created this row." 884 ::= { flowReaderInfoEntry 3 } 886 flowReaderLastTime OBJECT-TYPE 887 SYNTAX TimeStamp 888 MAX-ACCESS read-create 889 STATUS current 890 DESCRIPTION 891 "Time this meter reader began its most recent data collection. 893 This variable should be written by a meter reader as its first 894 step in reading flow data. The meter will set this LastTime 895 value to its current Uptime, and set its PreviousTime value 896 (below) to the old LastTime. This allows the meter to 897 recover flows which have been inactive since PreviousTime, 898 for these have been collected at least once. 900 If the meter reader fails to write flowLastReadTime, collection 901 may still proceed but the meter may not be able to recover 902 inactive flows until the flowReaderTimeout has been reached 903 for this entry." 904 ::= { flowReaderInfoEntry 4 } 906 flowReaderPreviousTime OBJECT-TYPE 907 SYNTAX TimeStamp 908 MAX-ACCESS read-only 909 STATUS current 910 DESCRIPTION 911 "Time this meter reader began the collection before last." 912 ::= { flowReaderInfoEntry 5 } 914 flowReaderStatus OBJECT-TYPE 915 SYNTAX RowStatus 916 MAX-ACCESS read-create 917 STATUS current 918 DESCRIPTION 919 "The status of this FlowReaderInfoEntry. A value of active(1) 920 implies that the associated reader should be collecting data 921 from the meter. Once this variable has been set to active(1) 922 a manager may only change this row's flowReaderLastTime and 923 flowReaderTimeout variables." 924 ::= { flowReaderInfoEntry 6 } 926 flowReaderRuleSet OBJECT-TYPE 927 SYNTAX Integer32 (1..2147483647) 928 MAX-ACCESS read-create 929 STATUS current 930 DESCRIPTION 931 "An index to the array of rule sets. Specifies a set of rules 932 of interest to this meter reader. The reader will attempt to 933 collect any data generated by the meter for this rule set, and 934 the meter will not recover the memory of any of the rule set's 935 flows until this collection has taken place. Note that a 936 reader may have entries in this table for several rule sets." 937 ::= { flowReaderInfoEntry 7 } 939 -- 940 -- Control Group: Manager Info Table 941 -- 943 -- Any manager wishing to run a rule set must create a row in this 944 -- table. Once it has a table row, the manager may set the control 945 -- variables in its row so as to cause the meter to run any valid 946 -- rule set held by the meter. 948 -- A single manager may run several rule sets; it must create a row 949 -- in this table for each of them. In short, each row of this table 950 -- describes (and controls) a 'task' which the meter is executing. 952 flowManagerInfoTable OBJECT-TYPE 953 SYNTAX SEQUENCE OF FlowManagerInfoEntry 954 MAX-ACCESS not-accessible 955 STATUS current 956 DESCRIPTION 957 "An array of information about managers which have 958 registered their intent to run rule sets on this meter." 959 ::= { flowControl 4 } 961 flowManagerInfoEntry OBJECT-TYPE 962 SYNTAX FlowManagerInfoEntry 963 MAX-ACCESS not-accessible 964 STATUS current 965 DESCRIPTION 966 "Information about a particular meter 'task.' By creating 967 an entry in this table and activating it, a manager requests 968 that the meter 'run' the indicated rule set. 970 The entry also specifies a HighWaterMark and a StandbyRuleSet. 972 If the meter's flow table usage exceeds this task's 973 HighWaterMark the meter will stop running the task's 974 CurrentRuleSet and switch to its StandbyRuleSet. 976 If the value of the task's StandbyRuleSet is 0 when its 977 HighWaterMark is exceeded, the meter simply stops running the 978 task's CurrentRuleSet. By careful selection of HighWaterMarks 979 for the various tasks a manager can ensure that the most 980 critical rule sets are the last to stop running as the number 981 of flows increases. 983 When a manager has determined that the demand for flow table 984 space has abated, it may cause the task to switch back to its 985 CurrentRuleSet by setting its flowManagerRunningStandby 986 variable to false(2)." 987 INDEX { flowManagerIndex } 988 ::= { flowManagerInfoTable 1 } 990 FlowManagerInfoEntry ::= SEQUENCE { 991 flowManagerIndex Integer32, 992 flowManagerCurrentRuleSet Integer32, 993 flowManagerStandbyRuleSet Integer32, 994 flowManagerHighWaterMark Integer32, 995 flowManagerCounterWrap INTEGER, 996 flowManagerOwner OwnerString, 997 flowManagerTimeStamp TimeStamp, 998 flowManagerStatus RowStatus, 999 flowManagerRunningStandby TruthValue 1000 } 1002 flowManagerIndex OBJECT-TYPE 1003 SYNTAX Integer32 (1..2147483647) 1004 MAX-ACCESS not-accessible 1005 STATUS current 1006 DESCRIPTION 1007 "An index which selects an entry in the flowManagerInfoTable." 1008 ::= { flowManagerInfoEntry 1 } 1010 flowManagerCurrentRuleSet OBJECT-TYPE 1011 SYNTAX Integer32 1012 MAX-ACCESS read-create 1013 STATUS current 1014 DESCRIPTION 1015 "Index to the array of rule sets. Specifies which set of 1016 rules is the 'current' one for this task. The meter will 1017 be 'running' the current ruleset if this row's 1018 flowManagerRunningStandby value is false(2). 1020 When the manager sets this variable the meter will stop using 1021 the task's old current rule set and start using the new one. 1022 Specifying rule set 0 (the empty set) stops flow measurement 1023 for this task." 1024 ::= { flowManagerInfoEntry 2 } 1026 flowManagerStandbyRuleSet OBJECT-TYPE 1027 SYNTAX Integer32 1028 MAX-ACCESS read-create 1029 STATUS current 1030 DESCRIPTION 1031 "Index to the array of rule sets. After reaching HighWaterMark 1032 (see below) the manager will switch to using the task's 1033 StandbyRuleSet in place of its CurrentRuleSet. For this to be 1034 effective the designated StandbyRuleSet should have a coarser 1035 reporting granularity then the CurrentRuleSet. The manager may 1036 also need to decrease the meter reading interval so that the 1037 meter can recover flows measured by this task's CurrentRuleSet." 1038 DEFVAL { 0 } -- No standby 1039 ::= { flowManagerInfoEntry 3 } 1041 flowManagerHighWaterMark OBJECT-TYPE 1042 SYNTAX Integer32 (0..100) 1043 MAX-ACCESS read-create 1044 STATUS current 1045 DESCRIPTION 1046 "A value expressed as a percentage, interpreted by the meter 1047 as an indication of how full the flow table should be before 1048 it should switch to the standby rule set (if one has been 1049 specified) for this task. Values of 0% or 100% disable the 1050 checking represented by this variable." 1051 ::= { flowManagerInfoEntry 4 } 1053 flowManagerCounterWrap OBJECT-TYPE 1054 SYNTAX INTEGER { wrap(1), scale(2) } 1055 MAX-ACCESS read-create 1056 STATUS deprecated 1057 DESCRIPTION 1058 "Specifies whether PDU and octet counters should wrap when 1059 they reach the top of their range (normal behaviour for 1060 Counter64 objects), or whether their scale factors should 1061 be used instead. The combination of counter and scale 1062 factor allows counts to be returned as non-negative binary 1063 floating point numbers, with 64-bit mantissas and 8-bit 1064 exponents." 1065 DEFVAL { wrap } 1066 ::= { flowManagerInfoEntry 5 } 1068 flowManagerOwner OBJECT-TYPE 1069 SYNTAX OwnerString 1070 MAX-ACCESS read-create 1071 STATUS current 1072 DESCRIPTION 1073 "Identifies the manager which created this row." 1075 ::= { flowManagerInfoEntry 6 } 1077 flowManagerTimeStamp OBJECT-TYPE 1078 SYNTAX TimeStamp 1079 MAX-ACCESS read-only 1080 STATUS current 1081 DESCRIPTION 1082 "Time this row was last changed by its manager." 1083 ::= { flowManagerInfoEntry 7 } 1085 flowManagerStatus OBJECT-TYPE 1086 SYNTAX RowStatus 1087 MAX-ACCESS read-create 1088 STATUS current 1089 DESCRIPTION 1090 "The status of this row in the flowManagerInfoTable. A value 1091 of active(1) implies that this task may be activated, by 1092 setting its CurrentRuleSet and StandbyRuleSet variables. 1093 Its HighWaterMark and RunningStandby variables may also be 1094 changed." 1095 ::= { flowManagerInfoEntry 8 } 1097 flowManagerRunningStandby OBJECT-TYPE 1098 SYNTAX TruthValue 1099 MAX-ACCESS read-create 1100 STATUS current 1101 DESCRIPTION 1102 "Set to true(1) by the meter to indicate that it has switched 1103 to runnning this task's StandbyRuleSet in place of its 1104 CurrentRuleSet. To switch back to the CurrentRuleSet, the 1105 manager may simply set this variable to false(2)." 1106 DEFVAL { false } 1107 ::= { flowManagerInfoEntry 9 } 1109 -- 1110 -- Control Group: General Meter Control Variables 1111 -- 1113 flowFloodMark OBJECT-TYPE 1114 SYNTAX Integer32 (0..100) 1115 MAX-ACCESS read-write 1116 STATUS current 1117 DESCRIPTION 1118 "A value expressed as a percentage, interpreted by the meter 1119 as an indication of how full the flow table should be before 1120 it should take some action to avoid running out of resources 1121 to handle new flows, as discussed in section 4.6 (Handling 1122 Increasing Traffic Levels) of the RTFM Architecture RFC [1]. 1124 Values of 0% or 100% disable the checking represented by 1125 this variable." 1127 DEFVAL { 95 } -- Enabled by default. 1128 ::= { flowControl 5 } 1130 flowInactivityTimeout OBJECT-TYPE 1131 SYNTAX Integer32 1132 MAX-ACCESS read-write 1133 STATUS current 1134 DESCRIPTION 1135 "The time in seconds since the last packet seen, after which 1136 a flow becomes 'idle.' Note that although a flow may be 1137 idle, it will not be discarded (and its memory recovered) 1138 until after its data has been collected by all the meter 1139 readers registered for its RuleSet." 1140 DEFVAL { 600 } -- 10 minutes 1141 ::= { flowControl 6 } 1143 flowActiveFlows OBJECT-TYPE 1144 SYNTAX Integer32 1145 MAX-ACCESS read-only 1146 STATUS current 1147 DESCRIPTION 1148 "The number of flows which are currently in use." 1149 ::= { flowControl 7 } 1151 flowMaxFlows OBJECT-TYPE 1152 SYNTAX Integer32 1153 MAX-ACCESS read-only 1154 STATUS current 1155 DESCRIPTION 1156 "The maximum number of flows allowed in the meter's 1157 flow table. At present this is determined when the meter 1158 is first started up." 1159 ::= { flowControl 8 } 1161 flowFloodMode OBJECT-TYPE 1162 SYNTAX TruthValue 1163 MAX-ACCESS read-write 1164 STATUS current 1165 DESCRIPTION 1166 "Indicates that the meter has passed its FloodMark and is 1167 not running in its normal mode. 1169 When the manager notices this it should take action to remedy 1170 the problem which caused the flooding. It should them monitor 1171 flowActiveFlows so as to determine when the flood has receded. 1172 At that point the manager may set flowFloodMode to false(2) to 1173 resume normal operation." 1174 ::= { flowControl 9 } 1176 -- 1177 -- The Flow Table 1178 -- 1180 -- This is a table kept by a meter, with one flow data entry for every 1181 -- flow being measured. Each flow data entry stores the attribute 1182 -- values for a traffic flow. Details of flows and their attributes 1183 -- are given in the 'Traffic Flow Measurement: Architecture' 1184 -- document [1]. 1186 -- From time to time a meter reader may sweep the flow table so as 1187 -- to read counts. This is most effectively achieved by using the 1188 -- TimeMark variable together with successive GetBulk requests to 1189 -- retrieve the values of the desired flow attribute variables. 1191 -- This scheme allows multiple meter readers to independently use the 1192 -- same meter; the meter readers do not have to be synchronised and 1193 -- they may use different collection intervals. 1195 -- If identical sets of counts are requires from a meter, a manager 1196 -- could achieve this using two identical copies of a ruleset in that 1197 -- meter and switching back and forth between them. This is discussed 1198 -- further in the RTFM Architecture document [1]. 1200 flowDataTable OBJECT-TYPE 1201 SYNTAX SEQUENCE OF FlowDataEntry 1202 MAX-ACCESS not-accessible 1203 STATUS current 1204 DESCRIPTION 1205 "The list of all flows being measured." 1206 ::= { flowData 1 } 1208 flowDataEntry OBJECT-TYPE 1209 SYNTAX FlowDataEntry 1210 MAX-ACCESS not-accessible 1211 STATUS current 1212 DESCRIPTION 1213 "The flow data record for a particular flow." 1214 INDEX { flowDataRuleSet, flowDataTimeMark, flowDataIndex } 1215 ::= { flowDataTable 1 } 1217 FlowDataEntry ::= SEQUENCE { 1218 flowDataIndex Integer32, 1219 flowDataTimeMark TimeFilter, 1220 flowDataStatus INTEGER, 1222 flowDataSourceInterface Integer32, 1223 flowDataSourceAdjacentType AdjacentType, 1224 flowDataSourceAdjacentAddress AdjacentAddress, 1225 flowDataSourceAdjacentMask AdjacentAddress, 1226 flowDataSourcePeerType PeerType, 1227 flowDataSourcePeerAddress PeerAddress, 1228 flowDataSourcePeerMask PeerAddress, 1229 flowDataSourceTransType TransportType, 1230 flowDataSourceTransAddress TransportAddress, 1231 flowDataSourceTransMask TransportAddress, 1233 flowDataDestInterface Integer32, 1234 flowDataDestAdjacentType AdjacentType, 1235 flowDataDestAdjacentAddress AdjacentAddress, 1236 flowDataDestAdjacentMask AdjacentAddress, 1237 flowDataDestPeerType PeerType, 1238 flowDataDestPeerAddress PeerAddress, 1239 flowDataDestPeerMask PeerAddress, 1240 flowDataDestTransType TransportType, 1241 flowDataDestTransAddress TransportAddress, 1242 flowDataDestTransMask TransportAddress, 1244 flowDataPDUScale Integer32, 1245 flowDataOctetScale Integer32, 1247 flowDataRuleSet Integer32, 1249 flowDataToOctets Counter64, -- Source->Dest 1250 flowDataToPDUs Counter64, 1251 flowDataFromOctets Counter64, -- Dest->Source 1252 flowDataFromPDUs Counter64, 1253 flowDataFirstTime TimeStamp, -- Activity times 1254 flowDataLastActiveTime TimeStamp, 1256 flowDataSourceSubscriberID OCTET STRING, 1257 flowDataDestSubscriberID OCTET STRING, 1258 flowDataSessionID OCTET STRING, 1260 flowDataSourceClass Integer32, 1261 flowDataDestClass Integer32, 1262 flowDataClass Integer32, 1263 flowDataSourceKind Integer32, 1264 flowDataDestKind Integer32, 1265 flowDataKind Integer32 1266 } 1268 flowDataIndex OBJECT-TYPE 1269 SYNTAX Integer32 (1..2147483647) 1270 MAX-ACCESS not-accessible 1271 STATUS current 1272 DESCRIPTION 1273 "Value of this flow data record's index within the meter's 1274 flow table." 1275 ::= { flowDataEntry 1 } 1277 flowDataTimeMark OBJECT-TYPE 1278 SYNTAX TimeFilter 1279 MAX-ACCESS not-accessible 1280 STATUS current 1281 DESCRIPTION 1282 "A TimeFilter for this entry. Allows GetNext and GetBulk 1283 to find flow table rows which have changed since a specified 1284 value of the meter's Uptime." 1285 ::= { flowDataEntry 2 } 1287 flowDataStatus OBJECT-TYPE 1288 SYNTAX INTEGER { inactive(1), current(2) } 1289 MAX-ACCESS read-only 1290 STATUS deprecated 1291 DESCRIPTION 1292 "Status of this flow data record." 1293 ::= { flowDataEntry 3 } 1295 flowDataSourceInterface OBJECT-TYPE 1296 SYNTAX Integer32 1297 MAX-ACCESS read-only 1298 STATUS current 1299 DESCRIPTION 1300 "Index of the interface associated with the source address 1301 for this flow. It's value is one of those contained in the 1302 ifIndex field of the meter's interfaces table." 1303 ::= { flowDataEntry 4 } 1305 flowDataSourceAdjacentType OBJECT-TYPE 1306 SYNTAX AdjacentType 1307 MAX-ACCESS read-only 1308 STATUS current 1309 DESCRIPTION 1310 "Adjacent address type of the source for this flow. If 1311 metering is being performed at the network level this will 1312 probably be an 802 MAC address, and the adjacent type will 1313 indicate the medium being used. If traffic is being metered 1314 inside a tunnel, its adjacent address type will be the peer 1315 type of the host at the end of the tunnel." 1316 ::= { flowDataEntry 5 } 1318 flowDataSourceAdjacentAddress OBJECT-TYPE 1319 SYNTAX AdjacentAddress 1320 MAX-ACCESS read-only 1321 STATUS current 1322 DESCRIPTION 1323 "Address of the adjacent device on the path for the source 1324 for this flow." 1325 ::= { flowDataEntry 6 } 1327 flowDataSourceAdjacentMask OBJECT-TYPE 1328 SYNTAX AdjacentAddress 1329 MAX-ACCESS read-only 1330 STATUS current 1331 DESCRIPTION 1332 "1-bits in this mask indicate which bits must match when 1333 comparing the adjacent source address for this flow." 1334 ::= { flowDataEntry 7 } 1336 flowDataSourcePeerType OBJECT-TYPE 1337 SYNTAX PeerType 1338 MAX-ACCESS read-only 1339 STATUS current 1340 DESCRIPTION 1341 "Peer address type of the source for this flow." 1342 ::= { flowDataEntry 8 } 1344 flowDataSourcePeerAddress OBJECT-TYPE 1345 SYNTAX PeerAddress 1346 MAX-ACCESS read-only 1347 STATUS current 1348 DESCRIPTION 1349 "Address of the peer device for the source of this flow." 1350 ::= { flowDataEntry 9 } 1352 flowDataSourcePeerMask OBJECT-TYPE 1353 SYNTAX PeerAddress 1354 MAX-ACCESS read-only 1355 STATUS current 1356 DESCRIPTION 1357 "1-bits in this mask indicate which bits must match when 1358 comparing the source peer address for this flow." 1359 ::= { flowDataEntry 10 } 1361 flowDataSourceTransType OBJECT-TYPE 1362 SYNTAX TransportType 1363 MAX-ACCESS read-only 1364 STATUS current 1365 DESCRIPTION 1366 "Transport address type of the source for this flow. The 1367 value of this attribute will depend on the peer address type." 1368 ::= { flowDataEntry 11 } 1370 flowDataSourceTransAddress OBJECT-TYPE 1371 SYNTAX TransportAddress 1372 MAX-ACCESS read-only 1373 STATUS current 1374 DESCRIPTION 1375 "Transport address for the source of this flow." 1376 ::= { flowDataEntry 12 } 1378 flowDataSourceTransMask OBJECT-TYPE 1379 SYNTAX TransportAddress 1380 MAX-ACCESS read-only 1381 STATUS current 1382 DESCRIPTION 1383 "1-bits in this mask indicate which bits must match when 1384 comparing the transport source address for this flow." 1385 ::= { flowDataEntry 13 } 1387 flowDataDestInterface OBJECT-TYPE 1388 SYNTAX Integer32 1389 MAX-ACCESS read-only 1390 STATUS current 1391 DESCRIPTION 1392 "Index of the interface associated with the dest address for 1393 this flow. This value is one of the values contained in the 1394 ifIndex field of the interfaces table." 1395 ::= { flowDataEntry 14 } 1397 flowDataDestAdjacentType OBJECT-TYPE 1398 SYNTAX AdjacentType 1399 MAX-ACCESS read-only 1400 STATUS current 1401 DESCRIPTION 1402 "Adjacent address type of the destination for this flow." 1403 ::= { flowDataEntry 15 } 1405 flowDataDestAdjacentAddress OBJECT-TYPE 1406 SYNTAX AdjacentAddress 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "Address of the adjacent device on the path for the 1411 destination for this flow." 1412 ::= { flowDataEntry 16 } 1414 flowDataDestAdjacentMask OBJECT-TYPE 1415 SYNTAX AdjacentAddress 1416 MAX-ACCESS read-only 1417 STATUS current 1418 DESCRIPTION 1419 "1-bits in this mask indicate which bits must match when 1420 comparing the adjacent dest address for this flow." 1421 ::= { flowDataEntry 17 } 1423 flowDataDestPeerType OBJECT-TYPE 1424 SYNTAX PeerType 1425 MAX-ACCESS read-only 1426 STATUS current 1427 DESCRIPTION 1428 "Peer address type of the destination for this flow." 1429 ::= { flowDataEntry 18 } 1431 flowDataDestPeerAddress OBJECT-TYPE 1432 SYNTAX PeerAddress 1433 MAX-ACCESS read-only 1434 STATUS current 1435 DESCRIPTION 1436 "Address of the peer device for the destination of this flow." 1437 ::= { flowDataEntry 19 } 1439 flowDataDestPeerMask OBJECT-TYPE 1440 SYNTAX PeerAddress 1441 MAX-ACCESS read-only 1442 STATUS current 1443 DESCRIPTION 1444 "1-bits in this mask indicate which bits must match when 1445 comparing the dest peer type for this flow." 1446 ::= { flowDataEntry 20 } 1448 flowDataDestTransType OBJECT-TYPE 1449 SYNTAX TransportType 1450 MAX-ACCESS read-only 1451 STATUS current 1452 DESCRIPTION 1453 "Transport address type of the destination for this flow. The 1454 value of this attribute will depend on the peer address type." 1455 ::= { flowDataEntry 21 } 1457 flowDataDestTransAddress OBJECT-TYPE 1458 SYNTAX TransportAddress 1459 MAX-ACCESS read-only 1460 STATUS current 1461 DESCRIPTION 1462 "Transport address for the destination of this flow." 1463 ::= { flowDataEntry 22 } 1465 flowDataDestTransMask OBJECT-TYPE 1466 SYNTAX TransportAddress 1467 MAX-ACCESS read-only 1468 STATUS current 1469 DESCRIPTION 1470 "1-bits in this mask indicate which bits must match when 1471 comparing the transport destination address for this flow." 1472 ::= { flowDataEntry 23 } 1474 flowDataPDUScale OBJECT-TYPE 1475 SYNTAX Integer32 (0..255) 1476 MAX-ACCESS read-only 1477 STATUS current 1478 DESCRIPTION 1479 "The scale factor applied to this particular flow. Indicates 1480 the number of bits the PDU counter values should be moved left 1481 to obtain the actual values." 1482 ::= { flowDataEntry 24 } 1484 flowDataOctetScale OBJECT-TYPE 1485 SYNTAX Integer32 (0..255) 1486 MAX-ACCESS read-only 1487 STATUS current 1488 DESCRIPTION 1489 "The scale factor applied to this particular flow. Indicates 1490 the number of bits the octet counter values should be moved 1491 left to obtain the actual values." 1492 ::= { flowDataEntry 25 } 1494 flowDataRuleSet OBJECT-TYPE 1495 SYNTAX Integer32 (1..255) 1496 MAX-ACCESS not-accessible 1497 STATUS current 1498 DESCRIPTION 1499 "The RuleSet number of the rule set which created this flow. 1500 Allows a manager to use GetNext or GetBulk requests to find 1501 flows belonging to a particular RuleSet." 1502 ::= { flowDataEntry 26 } 1504 flowDataToOctets OBJECT-TYPE 1505 SYNTAX Counter64 1506 MAX-ACCESS read-only 1507 STATUS current 1508 DESCRIPTION 1509 "The count of octets flowing from source to destination 1510 for this flow." 1511 ::= { flowDataEntry 27 } 1513 flowDataToPDUs OBJECT-TYPE 1514 SYNTAX Counter64 1515 MAX-ACCESS read-only 1516 STATUS current 1517 DESCRIPTION 1518 "The count of packets flowing from source to destination 1519 for this flow." 1520 ::= { flowDataEntry 28 } 1522 flowDataFromOctets OBJECT-TYPE 1523 SYNTAX Counter64 1524 MAX-ACCESS read-only 1525 STATUS current 1526 DESCRIPTION 1527 "The count of octets flowing from destination to source 1528 for this flow." 1529 ::= { flowDataEntry 29 } 1531 flowDataFromPDUs OBJECT-TYPE 1532 SYNTAX Counter64 1533 MAX-ACCESS read-only 1534 STATUS current 1535 DESCRIPTION 1536 "The count of packets flowing from destination to source 1537 for this flow." 1538 ::= { flowDataEntry 30 } 1540 flowDataFirstTime OBJECT-TYPE 1541 SYNTAX TimeStamp 1542 MAX-ACCESS read-only 1543 STATUS current 1544 DESCRIPTION 1545 "The time at which this flow was first entered in the table" 1546 ::= { flowDataEntry 31 } 1548 flowDataLastActiveTime OBJECT-TYPE 1549 SYNTAX TimeStamp 1550 MAX-ACCESS read-only 1551 STATUS current 1552 DESCRIPTION 1553 "The last time this flow had activity, i.e. the time of 1554 arrival of the most recent PDU belonging to this flow." 1555 ::= { flowDataEntry 32 } 1557 flowDataSourceSubscriberID OBJECT-TYPE 1558 SYNTAX OCTET STRING (SIZE (4..20)) 1559 MAX-ACCESS read-only 1560 STATUS current 1561 DESCRIPTION 1562 "Subscriber ID associated with the source address for this 1563 flow. A Subscriber ID is an unspecified text string, used 1565 to ascribe traffic flows to individual users. At this time 1566 the means by which a Subscriber ID may be associated with a 1567 flow is unspecified." 1568 ::= { flowDataEntry 33 } 1570 flowDataDestSubscriberID OBJECT-TYPE 1571 SYNTAX OCTET STRING (SIZE (4..20)) 1572 MAX-ACCESS read-only 1573 STATUS current 1574 DESCRIPTION 1575 "Subscriber ID associated with the destination address for 1576 this flow. A Subscriber ID is an unspecified text string, 1577 used to ascribe traffic flows to individual users. At this 1578 time the means by which a Subscriber ID may be associated 1579 with a flow is unspecified." 1580 ::= { flowDataEntry 34 } 1582 flowDataSessionID OBJECT-TYPE 1583 SYNTAX OCTET STRING (SIZE (4..10)) 1584 MAX-ACCESS read-only 1585 STATUS current 1586 DESCRIPTION 1587 "Session ID for this flow. Such an ID might be allocated 1588 by a network access server to distinguish a series of sessions 1589 between the same pair of addresses, which would otherwise 1590 appear to be parts of the same accounting flow." 1591 ::= { flowDataEntry 35 } 1593 flowDataSourceClass OBJECT-TYPE 1594 SYNTAX Integer32 (1..255) 1595 MAX-ACCESS read-only 1596 STATUS current 1597 DESCRIPTION 1598 "Source class for this flow. Determined by the rules, set by 1599 a PushRule action when this flow was entered in the table." 1600 ::= { flowDataEntry 36 } 1602 flowDataDestClass OBJECT-TYPE 1603 SYNTAX Integer32 (1..255) 1604 MAX-ACCESS read-only 1605 STATUS current 1606 DESCRIPTION 1607 "Destination class for this flow. Determined by the rules, set 1608 by a PushRule action when this flow was entered in the table." 1609 ::= { flowDataEntry 37 } 1611 flowDataClass OBJECT-TYPE 1612 SYNTAX Integer32 (1..255) 1613 MAX-ACCESS read-only 1614 STATUS current 1615 DESCRIPTION 1616 "Class for this flow. Determined by the rules, set by a 1617 PushRule action when this flow was entered in the table." 1618 ::= { flowDataEntry 38 } 1620 flowDataSourceKind OBJECT-TYPE 1621 SYNTAX Integer32 (1..255) 1622 MAX-ACCESS read-only 1623 STATUS current 1624 DESCRIPTION 1625 "Source kind for this flow. Determined by the rules, set by 1626 a PushRule action when this flow was entered in the table." 1627 ::= { flowDataEntry 39 } 1629 flowDataDestKind OBJECT-TYPE 1630 SYNTAX Integer32 (1..255) 1631 MAX-ACCESS read-only 1632 STATUS current 1633 DESCRIPTION 1634 "Destination kind for this flow. Determined by the rules, set 1635 by a PushRule action when this flow was entered in the table." 1636 ::= { flowDataEntry 40 } 1638 flowDataKind OBJECT-TYPE 1639 SYNTAX Integer32 (1..255) 1640 MAX-ACCESS read-only 1641 STATUS current 1642 DESCRIPTION 1643 "Class for this flow. Determined by the rules, set by a 1644 PushRule action when this flow was entered in the table." 1645 ::= { flowDataEntry 41 } 1647 -- 1648 -- The Activity Column Table 1649 -- 1651 flowColumnActivityTable OBJECT-TYPE 1652 SYNTAX SEQUENCE OF FlowColumnActivityEntry 1653 MAX-ACCESS not-accessible 1654 STATUS deprecated 1655 DESCRIPTION 1656 "Index into the Flow Table. Allows a meter reader to retrieve 1657 a list containing the flow table indexes of flows which were 1658 last active at or after a given time, together with the values 1659 of a specified attribute for each such flow." 1660 ::= { flowData 2 } 1662 flowColumnActivityEntry OBJECT-TYPE 1663 SYNTAX FlowColumnActivityEntry 1664 MAX-ACCESS not-accessible 1665 STATUS deprecated 1666 DESCRIPTION 1667 "The Column Activity Entry for a particular attribute, 1668 activity time and flow." 1669 INDEX { flowColumnActivityAttribute, flowColumnActivityTime, 1670 flowColumnActivityIndex } 1671 ::= { flowColumnActivityTable 1 } 1673 FlowColumnActivityEntry ::= SEQUENCE { 1674 flowColumnActivityAttribute FlowAttributeNumber, 1675 flowColumnActivityTime TimeFilter, 1676 flowColumnActivityIndex Integer32, 1677 flowColumnActivityData OCTET STRING 1678 } 1680 flowColumnActivityAttribute OBJECT-TYPE 1681 SYNTAX FlowAttributeNumber 1682 MAX-ACCESS read-only 1683 STATUS deprecated 1684 DESCRIPTION 1685 "Specifies the attribute for which values are required from 1686 active flows." 1688 ::= { flowColumnActivityEntry 1 } 1690 flowColumnActivityTime OBJECT-TYPE 1691 SYNTAX TimeFilter 1692 MAX-ACCESS read-only 1693 STATUS deprecated 1694 DESCRIPTION 1695 "This variable is a copy of flowDataLastActiveTime in the 1696 flow data record identified by the flowColumnActivityIndex 1697 value of this flowColumnActivityTable entry." 1698 ::= { flowColumnActivityEntry 2 } 1700 flowColumnActivityIndex OBJECT-TYPE 1701 SYNTAX Integer32 (1..2147483647) 1702 MAX-ACCESS read-only 1703 STATUS deprecated 1704 DESCRIPTION 1705 "Index of a flow table entry which was active at or after 1706 a specified flowColumnActivityTime." 1707 ::= { flowColumnActivityEntry 3 } 1709 flowColumnActivityData OBJECT-TYPE 1710 SYNTAX OCTET STRING (SIZE (3..1000)) 1711 MAX-ACCESS read-only 1712 STATUS deprecated 1713 DESCRIPTION 1714 "Collection of attribute data for flows active after 1715 flowColumnActivityTime. Within the OCTET STRING is a 1716 sequence of { flow index, attribute value } pairs, one for 1717 each active flow. The end of the sequence is marked by a 1718 flow index value of 0, indicating that there are no more 1719 rows in this column. 1721 The format of objects inside flowColumnFlowData is as follows. 1722 All numbers are unsigned. Numbers and strings appear with 1723 their high-order bytes leading. Numbers are fixed size, as 1724 specified by their SYNTAX in the flow table (above), i.e. one 1725 octet for flowAddressType and small constants, and four octets 1726 for Counter and TimeStamp. Strings are variable-length, with 1727 the length given in a single leading octet. 1729 The following is an attempt at an ASN.1 definition of 1730 flowColumnActivityData: 1732 flowColumnActivityData ::= SEQUENCE flowRowItemEntry 1733 flowRowItemEntry ::= SEQUENCE { 1734 flowRowNumber Integer32 (1..65535), 1735 -- 0 indicates the end of this column 1736 flowDataValue flowDataType -- Choice depends on attribute 1737 } 1738 flowDataType ::= CHOICE { 1739 flowByteValue Integer32 (1..255), 1740 flowShortValue Integer32 (1..65535), 1741 flowLongValue Integer32, 1742 flowStringValue OCTET STRING -- Length (n) in first byte, 1743 -- n+1 bytes total length, trailing zeroes truncated 1744 }" 1745 ::= { flowColumnActivityEntry 4 } 1747 -- 1748 -- The Data Package Table 1749 -- 1751 flowDataPackageTable OBJECT-TYPE 1752 SYNTAX SEQUENCE OF FlowDataPackageEntry 1753 MAX-ACCESS not-accessible 1754 STATUS current 1755 DESCRIPTION 1756 "Index into the Flow Table. Allows a meter reader to retrieve 1757 a sequence containing the values of a specified set of 1758 attributes for a flow which came from a specified rule set and 1759 which was last active at or after a given time." 1760 ::= { flowData 3 } 1762 flowDataPackageEntry OBJECT-TYPE 1763 SYNTAX FlowDataPackageEntry 1764 MAX-ACCESS not-accessible 1765 STATUS current 1766 DESCRIPTION 1767 "The data package containing selected variables from 1768 active rows in the flow table." 1769 INDEX { flowPackageSelector, 1770 flowPackageRuleSet, flowPackageTime, flowPackageIndex } 1771 ::= { flowDataPackageTable 1 } 1773 FlowDataPackageEntry ::= SEQUENCE { 1774 flowPackageSelector OCTET STRING, 1775 flowPackageRuleSet Integer32, 1776 flowPackageTime TimeFilter, 1777 flowPackageIndex Integer32, 1778 flowPackageData OCTET STRING 1779 } 1781 flowPackageSelector OBJECT-TYPE 1782 SYNTAX OCTET STRING 1783 MAX-ACCESS not-accessible 1784 STATUS current 1785 DESCRIPTION 1786 "Specifies the attributes for which values are required from 1787 an active flow. These are encoded as a sequence of octets 1788 each containing a FlowAttribute number, preceded by an octet 1789 giving the length of the sequence (not including the length 1790 octet). For a flowPackageSelector to be valid, it must 1791 contain at least one attribute." 1792 ::= { flowDataPackageEntry 1 } 1794 flowPackageRuleSet OBJECT-TYPE 1795 SYNTAX Integer32 (1..255) 1796 MAX-ACCESS not-accessible 1797 STATUS current 1798 DESCRIPTION 1799 "Specifies the index (in the flowRuleSetInfoTable) of the rule 1800 set which produced the required flow." 1801 ::= { flowDataPackageEntry 2 } 1803 flowPackageTime OBJECT-TYPE 1804 SYNTAX TimeFilter 1805 MAX-ACCESS not-accessible 1806 STATUS current 1807 DESCRIPTION 1808 "This variable is a copy of flowDataLastActiveTime in the 1809 flow data record identified by the flowPackageIndex 1810 value of this flowPackageTable entry." 1811 ::= { flowDataPackageEntry 3 } 1813 flowPackageIndex OBJECT-TYPE 1814 SYNTAX Integer32 (1..2147483647) 1815 MAX-ACCESS not-accessible 1816 STATUS current 1817 DESCRIPTION 1818 "Index of a flow table entry which was active at or after 1819 a specified flowPackageTime." 1820 ::= { flowDataPackageEntry 4 } 1822 flowPackageData OBJECT-TYPE 1823 SYNTAX OCTET STRING 1824 MAX-ACCESS read-only 1825 STATUS current 1826 DESCRIPTION 1827 "A collection of attribute values for a single flow, as 1828 specified by this row's indexes. The attribute values are 1829 contained within a BER-encoded sequence [8], in the order 1830 they appear in their flowPackageSelector. 1832 For example, to retrieve a flowPackage containing values for 1833 attributes 11, 18 and 29, for a flow in rule set 7, with flow 1834 index 3447, one would GET the package whose Object Identifier 1835 (OID) is 1836 flowPackageData . 3.11.18.29 . 7. 0 . 3447 1838 To get a package for the next such flow which had been 1839 active since time 12345 one would GETNEXT the package whose 1840 Object Identifier (OID) is 1841 flowPackageData . 3.11.18.29 . 7. 12345 . 3447" 1842 ::= { flowDataPackageEntry 5 } 1844 -- 1845 -- The Rule Table 1846 -- 1848 -- This is an array of rule sets; the 'running' ones are indicated 1849 -- by the entries in the meter's flowManagerInfoTable. Several rule 1850 -- sets can be held in a meter so that the manager can change the 1851 -- running rule sets easily, for example with time of day. Note that 1852 -- a manager may not change the rules in any rule set currently 1853 -- referenced within the flowManagerInfoTable (either as 'current' or 1854 -- 'standby')! See the 'Traffic Flow Measurement: Architecture' 1855 -- document [1] for details of rules and how they are used. 1857 -- Space for a rule set is allocated by setting the value of 1858 -- flowRuleInfoSize in the rule table's flowRuleSetInfoTable row. 1859 -- Values for each row in the rule set (Selector, Mask, MatchedValue, 1860 -- Action and Parameter) can then be set by the meter. 1862 -- Although an individual rule within a rule set could be modified, 1863 -- it is much safer to simply download a complete new rule set. 1865 flowRuleTable OBJECT-TYPE 1866 SYNTAX SEQUENCE OF FlowRuleEntry 1867 MAX-ACCESS not-accessible 1868 STATUS current 1869 DESCRIPTION 1870 "Contains all the rule sets which may be used by the meter." 1871 ::= { flowRules 1 } 1873 flowRuleEntry OBJECT-TYPE 1874 SYNTAX FlowRuleEntry 1875 MAX-ACCESS not-accessible 1876 STATUS current 1877 DESCRIPTION 1878 "The rule record itself." 1879 INDEX { flowRuleSet, flowRuleIndex } 1880 ::= { flowRuleTable 1 } 1882 FlowRuleEntry ::= SEQUENCE { 1883 flowRuleSet Integer32, 1884 flowRuleIndex Integer32, 1885 flowRuleSelector RuleAttributeNumber, 1886 flowRuleMask RuleAddress, 1887 flowRuleMatchedValue RuleAddress, 1888 flowRuleAction ActionNumber, 1889 flowRuleParameter Integer32 1890 } 1892 flowRuleSet OBJECT-TYPE 1893 SYNTAX Integer32 (1..2147483647) 1894 MAX-ACCESS not-accessible 1895 STATUS current 1896 DESCRIPTION 1897 "Selects a rule set from the array of rule sets." 1898 ::= { flowRuleEntry 1 } 1900 flowRuleIndex OBJECT-TYPE 1901 SYNTAX Integer32 (1..65535) 1902 MAX-ACCESS not-accessible 1903 STATUS current 1904 DESCRIPTION 1905 "The index into the Rule table. N.B: These values will 1906 normally be consecutive, given the fall-through semantics 1907 of processing the table." 1908 ::= { flowRuleEntry 2 } 1910 flowRuleSelector OBJECT-TYPE 1911 SYNTAX RuleAttributeNumber 1912 MAX-ACCESS read-write 1913 STATUS current 1914 DESCRIPTION 1915 "Indicates the attribute to be matched. 1917 null(0) is a special case; null rules always succeed. 1919 matchingStoD(50) is set by the meter's Packet Matching Engine. 1920 Its value is true(1) if the PME is attempting to match the 1921 packet with its addresses in Source-to-Destination order (i.e. 1922 as they appear in the packet), and false(2) otherwise. 1923 Details of how packets are matched are given in the 'Traffic 1924 Flow Measurement: Architecture' document [1]. 1926 v1(51), v2(52), v3(53), v4(54) and v5(55) select meter 1927 variables, each of which can hold the name (i.e. selector 1928 value) of an address attribute. When one of these is used 1929 as a selector, its value specifies the attribute to be 1930 tested. Variable values are set by an Assign action." 1931 ::= { flowRuleEntry 3 } 1933 flowRuleMask OBJECT-TYPE 1934 SYNTAX RuleAddress 1935 MAX-ACCESS read-write 1936 STATUS current 1937 DESCRIPTION 1938 "The initial mask used to compute the desired value. If the 1939 mask is zero the rule's test will always succeed." 1940 ::= { flowRuleEntry 4 } 1942 flowRuleMatchedValue OBJECT-TYPE 1943 SYNTAX RuleAddress 1944 MAX-ACCESS read-write 1945 STATUS current 1946 DESCRIPTION 1947 "The resulting value to be matched for equality. 1948 Specifically, if the attribute chosen by the flowRuleSelector 1949 logically ANDed with the mask specified by the flowRuleMask 1950 equals the value specified in the flowRuleMatchedValue, then 1951 continue processing the table entry based on the action 1952 specified by the flowRuleAction entry. Otherwise, proceed to 1953 the next entry in the rule table." 1954 ::= { flowRuleEntry 5 } 1956 flowRuleAction OBJECT-TYPE 1957 SYNTAX ActionNumber 1958 MAX-ACCESS read-write 1959 STATUS current 1960 DESCRIPTION 1961 "The action to be taken if this rule's test succeeds, or if 1962 the meter's 'test' flag is off. Actions are opcodes for the 1963 meter's Packet Matching Engine; details are given in the 1964 'Traffic Flow Measurement: Architecture' document [1]." 1965 ::= { flowRuleEntry 6 } 1967 flowRuleParameter OBJECT-TYPE 1968 SYNTAX Integer32 (1..65535) 1969 MAX-ACCESS read-write 1970 STATUS current 1971 DESCRIPTION 1972 "A parameter value providing extra information for the 1973 rule's action." 1974 ::= { flowRuleEntry 7 } 1976 -- 1977 -- Traffic Flow Meter conformance statement 1978 -- 1980 flowMIBCompliances 1981 OBJECT IDENTIFIER ::= { flowMIBConformance 1 } 1983 flowMIBGroups 1984 OBJECT IDENTIFIER ::= { flowMIBConformance 2 } 1986 flowControlGroup OBJECT-GROUP 1987 OBJECTS { 1988 flowRuleInfoSize, flowRuleInfoOwner, 1989 flowRuleInfoTimeStamp, flowRuleInfoStatus, 1990 flowRuleInfoName, 1991 flowRuleInfoRulesReady, 1992 flowRuleInfoFlowRecords, 1994 flowInterfaceSampleRate, 1995 flowInterfaceLostPackets, 1996 flowReaderTimeout, flowReaderOwner, 1997 flowReaderLastTime, flowReaderPreviousTime, 1998 flowReaderStatus, flowReaderRuleSet, 1999 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 2000 flowManagerHighWaterMark, 2001 -- flowManagerCounterWrap, <- In DataScaleGroup 2002 flowManagerOwner, flowManagerTimeStamp, 2003 flowManagerStatus, flowManagerRunningStandby, 2004 flowFloodMark, 2005 flowInactivityTimeout, flowActiveFlows, 2006 flowMaxFlows, flowFloodMode } 2007 STATUS deprecated 2008 DESCRIPTION 2009 "The control group defines objects which are used to control 2010 an accounting meter." 2011 ::= {flowMIBGroups 1 } 2013 flowDataTableGroup OBJECT-GROUP 2014 OBJECTS { 2015 -- flowDataIndex, <- Index 2016 -- flowDataTimeMark, <- Index 2017 flowDataStatus, 2018 flowDataSourceInterface, 2019 flowDataSourceAdjacentType, 2020 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2021 flowDataSourcePeerType, 2022 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2023 flowDataSourceTransType, 2024 flowDataSourceTransAddress, flowDataSourceTransMask, 2025 flowDataDestInterface, 2026 flowDataDestAdjacentType, 2027 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2028 flowDataDestPeerType, 2029 flowDataDestPeerAddress, flowDataDestPeerMask, 2030 flowDataDestTransType, 2031 flowDataDestTransAddress, flowDataDestTransMask, 2032 -- flowDataRuleSet, <- Index 2033 flowDataToOctets, flowDataToPDUs, 2034 flowDataFromOctets, flowDataFromPDUs, 2035 flowDataFirstTime, flowDataLastActiveTime, 2036 flowDataSourceClass, flowDataDestClass, flowDataClass, 2037 flowDataSourceKind, flowDataDestKind, flowDataKind 2038 } 2039 STATUS deprecated 2040 DESCRIPTION 2041 "The flow table group defines objects which provide the 2042 structure for the flow table, including the creation time 2043 and activity time indexes into it. In addition it defines 2044 objects which provide a base set of flow attributes for the 2045 adjacent, peer and transport layers, together with a flow's 2046 counters and times. Finally it defines a flow's class and 2047 kind attributes, which are set by rule actions." 2048 ::= {flowMIBGroups 2 } 2050 flowDataScaleGroup OBJECT-GROUP 2051 OBJECTS { 2052 flowManagerCounterWrap, 2053 flowDataPDUScale, flowDataOctetScale 2054 } 2055 STATUS deprecated 2056 DESCRIPTION 2057 "The flow scale group defines objects which specify scale 2058 factors for counters." 2059 ::= {flowMIBGroups 3 } 2061 flowDataSubscriberGroup OBJECT-GROUP 2062 OBJECTS { 2063 flowDataSourceSubscriberID, flowDataDestSubscriberID, 2064 flowDataSessionID 2065 } 2066 STATUS current 2067 DESCRIPTION 2068 "The flow subscriber group defines objects which may be used 2069 to identify the end point(s) of a flow." 2070 ::= {flowMIBGroups 4 } 2072 flowDataColumnTableGroup OBJECT-GROUP 2073 OBJECTS { 2074 flowColumnActivityAttribute, 2075 flowColumnActivityIndex, 2076 flowColumnActivityTime, 2077 flowColumnActivityData 2078 } 2079 STATUS deprecated 2080 DESCRIPTION 2081 "The flow column table group defines objects which can be used 2082 to collect part of a column of attribute values from the flow 2083 table." 2084 ::= {flowMIBGroups 5 } 2086 flowDataPackageGroup OBJECT-GROUP 2087 OBJECTS { 2088 -- flowPackageSelector, <- Index 2089 -- flowPackageRuleSet, <- Index 2090 -- flowPackageIndex, <- Index 2091 flowPackageData 2092 } 2093 STATUS current 2094 DESCRIPTION 2095 "The data package group defines objects which can be used 2096 to collect a specified set of attribute values from a row of 2097 the flow table." 2098 ::= {flowMIBGroups 6 } 2100 flowRuleTableGroup OBJECT-GROUP 2101 OBJECTS { 2102 flowRuleSelector, 2103 flowRuleMask, flowRuleMatchedValue, 2104 flowRuleAction, flowRuleParameter 2105 } 2106 STATUS current 2107 DESCRIPTION 2108 "The rule table group defines objects which hold the set(s) 2109 of rules specifying which traffic flows are to be accounted 2110 for." 2111 ::= {flowMIBGroups 7 } 2113 flowDataScaleGroup2 OBJECT-GROUP 2114 OBJECTS { 2115 -- flowManagerCounterWrap, <- Deprecated 2116 flowDataPDUScale, flowDataOctetScale 2117 } 2118 STATUS current 2119 DESCRIPTION 2120 "The flow scale group defines objects which specify scale 2121 factors for counters. This group replaces the earlier 2122 version of flowDataScaleGroup above (now deprecated)." 2123 ::= {flowMIBGroups 8} 2125 flowControlGroup2 OBJECT-GROUP 2126 OBJECTS { 2127 flowRuleInfoSize, flowRuleInfoOwner, 2128 flowRuleInfoTimeStamp, flowRuleInfoStatus, 2129 flowRuleInfoName, 2130 -- flowRuleInfoRulesReady, <- Deprecated 2131 flowRuleInfoFlowRecords, 2132 flowInterfaceSampleRate, 2133 flowInterfaceLostPackets, 2134 flowReaderTimeout, flowReaderOwner, 2135 flowReaderLastTime, flowReaderPreviousTime, 2136 flowReaderStatus, flowReaderRuleSet, 2137 flowManagerCurrentRuleSet, flowManagerStandbyRuleSet, 2138 flowManagerHighWaterMark, 2139 -- flowManagerCounterWrap, <- In DataScaleGroup 2140 flowManagerOwner, flowManagerTimeStamp, 2141 flowManagerStatus, flowManagerRunningStandby, 2142 flowFloodMark, 2143 flowInactivityTimeout, flowActiveFlows, 2144 flowMaxFlows, flowFloodMode } 2145 STATUS current 2146 DESCRIPTION 2147 "The control group defines objects which are used to control 2148 an accounting meter. It replaces the earlier version of 2149 flowControlGroup above (now deprecated)." 2150 ::= {flowMIBGroups 9 } 2152 flowDataTableGroup2 OBJECT-GROUP 2153 OBJECTS { 2154 -- flowDataIndex, <- Index 2155 -- flowDataTimeMark, <- Index 2156 -- flowDataStatus, <- Deprecated 2157 flowDataSourceInterface, 2158 flowDataSourceAdjacentType, 2159 flowDataSourceAdjacentAddress, flowDataSourceAdjacentMask, 2160 flowDataSourcePeerType, 2161 flowDataSourcePeerAddress, flowDataSourcePeerMask, 2162 flowDataSourceTransType, 2163 flowDataSourceTransAddress, flowDataSourceTransMask, 2164 flowDataDestInterface, 2165 flowDataDestAdjacentType, 2166 flowDataDestAdjacentAddress, flowDataDestAdjacentMask, 2167 flowDataDestPeerType, 2168 flowDataDestPeerAddress, flowDataDestPeerMask, 2169 flowDataDestTransType, 2170 flowDataDestTransAddress, flowDataDestTransMask, 2171 -- flowDataRuleSet, <- Index 2172 flowDataToOctets, flowDataToPDUs, 2173 flowDataFromOctets, flowDataFromPDUs, 2174 flowDataFirstTime, flowDataLastActiveTime, 2175 flowDataSourceClass, flowDataDestClass, flowDataClass, 2176 flowDataSourceKind, flowDataDestKind, flowDataKind 2177 } 2178 STATUS current 2179 DESCRIPTION 2180 "This flow table group defines objects which provide the 2181 structure for the flow table. It replaces the earlier 2182 version of flowDataTableGroup above (now deprecated)." 2183 ::= {flowMIBGroups 10 } 2185 flowMIBCompliance MODULE-COMPLIANCE 2186 STATUS current 2187 DESCRIPTION 2188 "The compliance statement for a Traffic Flow Meter." 2189 MODULE 2190 MANDATORY-GROUPS { 2191 flowControlGroup2, 2192 flowDataTableGroup2, 2193 flowDataPackageGroup, 2194 flowRuleTableGroup 2195 } 2196 ::= { flowMIBCompliances 1 } 2198 END 2200 6 Security Considerations 2202 6.1 SNMP Concerns 2204 There are a number of management objects defined in this MIB that have a 2205 MAX-ACCESS clause of read-write and/or read-create. Such objects may be 2206 considered sensitive or vulnerable in some network environments. The 2207 support for SET operations in a non-secure environment without proper 2208 protection can have a negative effect on network operations. 2210 There are a number of managed objects in this MIB that may contain 2211 sensitive information. These include all the objects in the Control 2212 Group (since they control access to meter resources by Managers and 2213 Meter Readers) and those in the Flow Table (since they hold the 2214 collected traffic flow data). 2216 It is thus important to control even GET access to these objects and 2217 possibly to even encrypt the values of these object when sending them 2218 over the network via SNMP. Not all versions of SNMP provide features for 2219 such a secure environment. 2221 SNMPv1 by itself is not a secure environment. Even if the network 2222 itself is secure (for example by using IPSec), even then, there is no 2223 control as to who on the secure network is allowed to access and GET/SET 2224 (read/change/create/delete) the objects in this MIB. 2226 It is recommended that the implementers consider the security features 2227 as provided by the SNMPv3 framework. Specifically, the use of the 2228 User-based Security Model [14] and the View-based Access Control Model 2229 [15] is recommended. 2231 It is then a customer/user responsibility to ensure that the SNMP entity 2232 giving access to an instance of this MIB is properly configured to give 2233 access to the objects only to those principals (users) that have 2234 legitimate rights to indeed GET or SET (change/create/delete) them. 2236 6.2 Traffic Meter Concerns 2238 This MIB describes how an RTFM traffic meter is controlled, and provides 2239 a way for traffic flow data to be retrieved from it by a meter reader. 2240 This is essentially an application using SNMP as a method of 2241 communication between co-operating hosts; it does not - in itself - have 2242 any inherent security risks. 2244 Since, however, the traffic flow data can be extremely valuable for 2245 network management purposes it is vital that sensible precautions be 2246 taken to keep the meter and its data secure. In particular, an attacker 2247 must not be permitted to write any of the meter's variables! This 2248 requires that access to the meter for control purposes (e.g. loading 2249 RuleSets and reading flow data) be restricted. Such restriction could 2250 be achieved in many ways, for example: 2252 - Physical Separation. Meter(s) and meter reader(s) could be 2253 deployed so that control capabilities are kept within a separate 2254 network, access to which is carefully controlled. 2256 - Application-layer Security. A minimal level of security for SNMP 2257 is provided by using 'community' strings, which are essentially 2258 clear-text passwords. Stronger security for SNMP is being 2259 developed within the IETF (see above); when this becomes available 2260 it should be used to protect managed network equipment. 2262 - Lower-layer Security. Access to the meter can be protected using 2263 encryption at the network layer. For example, one could run SNMP 2264 to the meter through an encrypted TCP tunnel. 2266 When implementing a meter it may be sensible to use separate network 2267 interfaces for control and for metering. If this is done the control 2268 network can be set up so that it doesn't carry any 'user' traffic, and 2269 the metering interfaces can ignore any user attempts to take control of 2270 the meter. 2272 Users should also consider how they will address attempts to circumvent 2273 a meter, i.e. to prevent it from measuring flows. Such attempts are 2274 essentially denial-of-service attacks on the metering interfaces. For 2275 example 2277 - Port Scan attacks. The attacker sends packets to each of a very 2278 large number of IP (Address : Port) pairs. Each of these packets 2279 creates a new flow in the meter; if there are enough of them the 2280 meter will recognise a 'flood' condition, and will probably stop 2281 creating new flows. As a minimum, users (and implementors) should 2282 ensure that meters can recover from flood conditions as soon as 2283 possible after they occur. 2285 - Counter Wrap attacks: The attacker sends enough packets to cause 2286 the counters in a flow to wrap several times between meter 2287 readings, thus causing the counts to be artificially low. The 2288 change to using 64-bit counters in this MIB reduces this problem 2289 significantly. 2291 Users can reduce the severity of both the above attacks by ensuring that 2292 their meters are read often enough to prevent them being flooded. The 2293 resulting flow data will contain a record of the attacking packets, 2294 which may well be useful in determining where any attack came from. 2296 7 IANA Considerations 2298 The RTFM Architecture document [1], has two sets of assigned numbers: 2299 Opcodes for the PME (Pattern Matching Engine) and RTFM Attribute 2300 numbers. All the assigned numbers used in the Meter MIB appear in 2301 Textual Conventions. The numbers they use are derived as follows: 2303 The MIB's 'Type' textual conventions use names and numbers from the 2304 Assigned Numbers RFC [11]: 2306 MediumType Uses ifType Definitions 2307 PeerType Uses Address Family Numbers 2308 TransportType Uses Protocol Numbers 2310 The MIB's 'AttributeNumber' textual conventions use RTFM Attribute names 2311 and numbers from the RTFM Architecture document [1], or other numbers 2312 allocated according to that document's IANA Considerations section: 2314 FlowAttributeNumber Have values stored in a flow table row 2315 RuleAttributeNumber May be tested in a rule 2317 The MIB's ActionNumber textual convention uses RTFM PME Opcode names and 2318 numbers from the RTFM Architecture document [1], or other numbers 2319 allocated according to that document's IANA Considerations section. 2321 8 Appendix A: Changes Introduced Since RFC 2064 2323 The first version of the Meter MIB was published as RFC 2064 in January 2324 1997. The most significant changes since then are summarised below. 2326 - TEXTUAL CONVENTIONS: Greater use is made of textual conventions to 2327 describe the various types of addresses used by the meter. 2329 - PACKET MATCHING ATTRIBUTES: Computed attributes (e.g. FlowClass 2330 and FlowKind) may now be tested. This allows one to use these 2331 variables to store information during packet matching. 2333 A new attribute, MatchingStoD, has been added. Its value is 1 2334 while a packet is being matched with its adresses in 'wire' 2335 (source-to-destination) order. 2337 - FLOOD MODE: This is now a read-write variable. Setting it to 2338 false(2) switches the meter out of flood mode and back to normal 2339 operation. 2341 - CONTROL TABLES: Several variables have been added to the RuleSet, 2342 Reader and Manager tables to provide more effective control of the 2343 meter's activities. 2345 - FLOW TABLE: 64-bit counters are used for octet and PDU counts. 2346 This reduces the problems caused by the wrap-around of 32-bit 2347 counters in earlier versions. 2349 flowDataRuleSet is now used as an index to the flow table. This 2350 allows a meter reader to collect only those flow table rows created 2351 by a specified RuleSet. 2353 - DATA PACKAGES: This is a new table, allowing a meter reader to 2354 retrieve values for a list of attributes from a flow as a single 2355 object. When used with SNMP GetBulk requests it provides an 2356 efficient way to recover flow data. 2358 Earlier versions had a 'Column Activity Table;' using this it was 2359 difficult to collect all data for a flow efficiently in a single 2360 SNMP request. 2362 9 Acknowledgements 2364 An early draft of this document was produced under the auspices of the 2365 IETF's Accounting Working Group with assistance from the SNMP Working 2366 Group and the Security Area Advisory Group. Particular thanks are due 2367 to Jim Barnes, Sig Handelman and Stephen Stibler for their support and 2368 their assistance with checking early versions of the MIB. 2370 Stephen Stibler shared the development workload of producing the MIB 2371 changes summarized in chapter 5 (above). 2373 10 References 2375 [ 1] Brownlee, N., Mills, C. and G. Ruth, "Traffic Flow 2376 Measurement: Architecture", RFC 2063, The University of 2377 Auckland, GTE Laboratories, Inc, January 1997. 2379 [ 2] McCloghrie, K. and Rose, M., Editors, "Management 2380 Information Base for Network Management of TCP/IP-based 2381 internets," RFC 1213, Performance Systems International, 2382 March 1991. 2384 [ 3] Case J., McCloghrie K., Rose M. and Waldbusser S., 2385 "Structure of Management Information for version 2 of the 2386 Simple Network Managemenet Protocol," RFC 1902, 2387 SNMP Research Inc., Hughes LAN Systems, Dover Beach 2388 Consulting, Carnegie Mellon University, January 1996. 2390 [ 4] Case J., McCloghrie, K., Rose, M. and Waldbusser, S., 2391 "Textual Conventions for version 2 of the Simple Network 2392 Managemenet Protocol SNMPv2", RFC 1903, SNMP Research Inc., 2393 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2394 University, January 1996. 2396 [ 5] Case, J., McCloghrie, K., Rose, M. and Waldbusser, S., 2397 "Conformance Statements for version 2 of the Simple Network 2398 Managemenet Protocol (SNMPv2)," RFC 1904, SNMP Research Inc., 2399 Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon 2400 University, January 1996. 2402 [ 6] Case, J., McCloghrie, K., Rose, M. and Waldbusser, S., 2403 "Coexistence between version 1 and version 2 of the 2404 Internet-standard Network Management Framework," RFC 1908, 2405 SNMP Research Inc., Hughes LAN Systems, Dover Beach 2406 Consulting, Carnegie Mellon University, January 1996. 2408 [ 7] Information processing systems - Open Systems 2409 Interconnection - Specification of Abstract Syntax Notation 2410 One (ASN.1), International Organization for Standardization, 2411 International Standard 8824, December 1987. 2413 [ 8] Information processing systems - Open Systems 2414 Interconnection - Specification of Basic Encoding Rules for 2415 Abstract Notation One (ASN.1), International Organization for 2416 Standardization, International Standard 8825, December 1987. 2418 [ 9] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting 2419 Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian 2420 Technology Corporation, November 1991. 2422 [10] Waldbusser, S., "Remote Network Monitoring Management 2423 Information Base Version 2 using SMIv2," RFC 2021, INS, 2424 January 1997. 2426 [11] Reynolds, J., Postel, J., "Assigned Numbers," RFC 1700, 2427 ISI, October 1994. 2429 [12] Case, J., "FDDI Management Information Base," RFC 1285, 2430 SNMP Research Incorporated, January 1992. 2432 [13] Hinden, R.and Deering, S., "IP Version 6 Addressing 2433 Architecture," RFC 2373, Nokia, XCisco Systems, July 1998. 2435 [14] Blumenthal, U, and B. Wijnen, "User-based Security Model 2436 (USM) for version 3 of the Simple Network Management 2437 Protocol (SNMPv3)", RFC 2274, January 1998. 2439 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based 2440 Access Control Model for the Simple Network Management 2441 Protocol (SNMP)", RFC 2275, January 1998. 2443 [16] Paxson, V., Almes, G., Mahdavi, J. and Mathis, M., 2444 "Framework for IP Performance Metrics," RFC 2330, May 1998. 2446 11 Author's Address 2448 Nevil Brownlee 2449 Information Technology Systems & Services 2450 The University of Auckland 2452 Phone: +64 9 373 7599 x8941 2453 E-mail: n.brownlee@auckland.ac.nz 2455 Expires October 1999