idnits 2.17.1 draft-nadeau-mpls-packet-classifier-mib-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 192: '...assifier to. This object SHOULD point...' RFC 2119 keyword, line 307: '... MUST return a value of ...' RFC 2119 keyword, line 424: '...entry of type InetAddressIpv6 MUST be...' RFC 2119 keyword, line 427: '...InetAddressIpv4 MUST be ignored by ...' RFC 2119 keyword, line 561: '...assifierActionType this object MUST be...' (2 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 303 has weird spacing: '... "This objec...' == Line 304 has weird spacing: '... used for ...' == Line 305 has weird spacing: '...entries in t...' == Line 306 has weird spacing: '... number of un...' == Line 307 has weird spacing: '... return a ...' == (17 more instances...) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 2000) is 8683 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SNMPv1MIBDef' is mentioned on line 71, but not defined == Missing Reference: 'MPLS-Arch' is mentioned on line 122, but not defined == Missing Reference: 'IPSEC' is mentioned on line 871, but not defined == Unused Reference: 'MPLSArch' is defined on line 895, but no explicit reference was found in the text == Unused Reference: 'MPLSFW' is defined on line 899, but no explicit reference was found in the text == Unused Reference: 'LSRMIB' is defined on line 904, but no explicit reference was found in the text == Unused Reference: 'TEMIB' is defined on line 909, but no explicit reference was found in the text == Unused Reference: 'LDPMIB' is defined on line 914, but no explicit reference was found in the text == Unused Reference: 'LblStk' is defined on line 920, but no explicit reference was found in the text == Unused Reference: 'RSVPTun' is defined on line 925, but no explicit reference was found in the text == Unused Reference: 'CRLDP' is defined on line 930, but no explicit reference was found in the text == Unused Reference: 'Assigned' is defined on line 938, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'MPLSArch' -- Possible downref: Non-RFC (?) normative reference: ref. 'MPLSFW' -- Possible downref: Non-RFC (?) normative reference: ref. 'LSRMIB' -- Possible downref: Non-RFC (?) normative reference: ref. 'TEMIB' -- Possible downref: Non-RFC (?) normative reference: ref. 'LDPMIB' -- Possible downref: Non-RFC (?) normative reference: ref. 'LblStk' -- Possible downref: Non-RFC (?) normative reference: ref. 'RSVPTun' -- Possible downref: Non-RFC (?) normative reference: ref. 'CRLDP' ** Obsolete normative reference: RFC 1700 (ref. 'Assigned') (Obsoleted by RFC 3232) ** Obsolete normative reference: RFC 2271 (ref. 'SNMPArch') (Obsoleted by RFC 2571) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. 'SNMPv1Traps') ** Obsolete normative reference: RFC 1902 (ref. 'SMIv2') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. 'SNMPv2TC') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. 'SNMPv2Conf') (Obsoleted by RFC 2580) ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. 'SNMPv1') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. 'SNMPv2c') ** Obsolete normative reference: RFC 1906 (ref. 'SNMPv2TM') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2272 (ref. 'SNMPv3MP') (Obsoleted by RFC 2572) ** Obsolete normative reference: RFC 2274 (ref. 'SNMPv3USM') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 1905 (ref. 'SNMPv2PO') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2273 (ref. 'SNMPv3App') (Obsoleted by RFC 2573) ** Obsolete normative reference: RFC 2275 (ref. 'SNMPv3VACM') (Obsoleted by RFC 2575) Summary: 20 errors (**), 0 flaws (~~), 19 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Thomas D. Nadeau 2 Internet Draft Cisco Systems, Inc. 3 Expires: January 2001 4 Cheenu Srinivasan 5 Tachion Networks, Inc. 7 Arun Viswanathan 8 Force10 Networks, Inc. 10 July 2000 12 Multiprotocol Label Switching (MPLS) Packet Classifier Management 13 Information Base Using SMIv2 15 draft-nadeau-mpls-packet-classifier-mib-01.txt 17 Status of this Memo 19 This document is an Internet-Draft and is in full conformance with 20 all provisions of Section 10 of RFC2026. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as Internet- 25 Drafts. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet- Drafts as reference 30 material or to cite them other than as "work in progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt. 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 Abstract 40 This memo defines an experimental portion of the Management 41 Information Base (MIB) for use with network management protocols in 42 the Internet community. In particular, it describes managed objects 43 for specifying packet classification and corresponding actions for 44 use with Multiprotocol Label Switching (MPLS). 46 1. Introduction 48 This memo defines an experimental portion of the Management 49 Information Base (MIB) for use with network management protocols in 50 the Internet community. In particular, it describes managed objects 51 for specifying packet classification s and corresponding actions for 52 Multiprotocol Label Switching. 54 This memo does not, in its draft form, specify a standard for the 55 Internet community. 57 2. Terminology 59 TBD. 61 3. The SNMP Management Framework 63 The SNMP Management Framework presently consists of five major 64 components: 66 - An overall architecture, described in RFC 2271 [SNMPArch]. 68 - Mechanisms for describing and naming objects and events for the 69 purpose of management. The first version of this Structure of 70 Management Information (SMI) is called SMIv1 and described in RFC 71 1155 [SMIv1], RFC 1212 [SNMPv1MIBDef] and RFC 1215 [SNMPv1Traps]. 72 The second version, called SMIv2, is described in RFC 1902 73 [SMIv2], RFC 1903 [SNMPv2TC] and RFC 1904 [SNMPv2Conf]. 75 - Message protocols for transferring management information. The 76 first version of the SNMP message protocol is called SNMPv1 and 77 described in RFC 1157 [SNMPv1]. A second version of the SNMP 78 message protocol, which is not an Internet standards track 79 protocol, is called SNMPv2c and described in RFC 1901 [SNMPv2c] 80 and RFC 1906 [SNMPv2TM]. The third version of the message 81 protocol is called SNMPv3 and described in RFC 1906 [SNMPv2TM], 82 RFC 2272 [SNMPv3MP] and RFC 2274 [SNMPv3USM]. 84 - Protocol operations for accessing management information. The 85 first set of protocol operations and associated PDU formats is 86 described in RFC 1157 [SNMPv1]. A second set of protocol 87 operations and associated PDU formats is described in RFC 1905 88 [SNMPv2PO]. 90 - A set of fundamental applications described in RFC 2273 91 [SNMPv3App] and the view-based access control mechanism described 92 in RFC 2275 [SNMPv3VACM]. Managed objects are accessed via a 93 virtual information store, termed the Management Information Base 94 or MIB. Objects in the MIB are defined using the mechanisms 95 defined in the SMI. This memo specifies a MIB module that is 96 compliant to the SMIv2. A MIB conforming to the SMIv1 can be 97 produced through the appropriate translations. The resulting 98 translated MIB must be semantically equivalent, except where 99 objects or events are omitted because no translation is possible 100 (use of Counter64). Some machine-readable information in SMIv2 101 will be converted into textual descriptions in SMIv1 during the 102 translation process. However, this loss of machine-readable 103 information is not considered to change the semantics of the MIB. 105 3.1. Object Definitions 107 Managed objects are accessed via a virtual information store, termed 108 the Management Information Base or MIB. Objects in the MIB are 109 defined using the subset of Abstract Syntax Notation One (ASN.1) 110 defined in the SMI. In particular, each object type is named by an 111 OBJECT IDENTIFIER, an administratively assigned name. The object 112 type together with an object instance serves to uniquely identify a 113 specific instantiation of the object. For human convenience, we 114 often use a textual string, termed the descriptor, to also refer to 115 the object type. 117 4. Motivation 119 The primary motivation for this proposal arose from requirements in 120 the MPLS area. In MPLS, packets belonging to a forwarding 121 equivalency class (FEC) are associated with an LSP (ER-LSP) via the 122 FEC-To-NHLFE (FTN) mapping [MPLS-Arch]. This mapping of packets to 123 an LSP is made at the ingress LSR of an LSP or a Traffic Engineered 124 (TE) Tunnel. Conceptually, some of the FTN table functionality could 125 be implemented using the Forwarding Information Base (FIB) to map all 126 packets destined for a prefix to an LSP. However, this mapping is 127 coarse in nature. Likewise, an LSR could use its classifier to 128 redirect packets into LSPs or TE Tunnels. With the classifier-based 129 mapping it is possible to specify FECs finer in granularity and based 130 on a richer set of criteria than is possible via the FIB mapping. In 131 essence, the FTN table is a combination of the FIB and classifier. 133 The packet classification functionality is already being used in 134 other contexts, such as security filters, access filters, and for 135 RSVP flow identification. All of these require various combinations 136 of matching based on IP header and upper-layer header information to 137 identify packets for a particular treatment. When packets match a 138 particular rule, a corresponding action is executed against those 139 packets. For example, two popular actions to take when a successful 140 match is detected are allowing the packet to be forwarded or to 141 discard it. However, other actions are possible, such as modifying 142 the TOS byte, or redirecting a packet to a particular outgoing 143 interface. 145 This proposal is an attempt to consolidate the various matching 146 requirements and associated action options into a single 147 specification, such that they satisfy existing usage and requirements 148 as well as new ones such as those required by MPLS. 150 5. Outline 152 This MIB consists of three tables. mplsPacketClassifierTable defines 153 the rule base against which incoming packets are matched and actions 154 taken on matching packets. mplsPacketClassifierMapTable defines the 155 application of these to specific interfaces. Finally, the 156 mplsPacketClassifierPerfTable provides performance counters for every 157 that is active, on a per-interface basis. 159 5.1. mplsPacketClassifierTable 161 This table allows packet classifiers to be specified. A packet 162 classifier defines a rule to be applied to incoming packets on 163 interfaces that the packet classifier is activated on and an action 164 to be taken on matching packets. mplsPacketClassifierTable provides a 165 standard 5-tuple matching and allows address and port ranges to be 166 specified. 168 5.2. mplsPacketClassifierMapTable 170 This table provides the capability to activate or map packet 171 classifiers defined in mplsPacketClassiferTable to specific 172 interfaces in the system. Packet classifiers are compared with 173 incoming packets in the order in which they are applied on an 174 interface. For this reason, this table provides a mechanism to 175 'insert' a packet classifier between two existing packet classifiers 176 already applied on an interface. 178 5.3. mplsPacketClassifierPerfTable 180 This table provides performance counters for each that is active on a 181 per-interface basis. High capacity counters are provided. 183 6. Example 185 TBD. 187 7. The Use of RowPointer 188 RowPointer is a textual convention used to identify a conceptual row 189 in an SNMP Table by pointing to one of its objects. In this MIB, in 190 mplsPacketClassifierTable, the RowPointer object 191 mplsPacketClassifierActionPointer indicates the LSP or tunnel to 192 redirect packets matching a classifier to. This object SHOULD point 193 to the first column of the appropriate conceptual row. 195 8. MPLS Packet Classifier MIB Definitions 197 MPLS-PACKET-CLASSIFIER-MIB DEFINITIONS ::= BEGIN 199 IMPORTS 200 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 201 Integer32, Unsigned32, Counter32, experimental 202 FROM SNMPv2-SMI 203 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 204 FROM SNMPv2-CONF 205 TEXTUAL-CONVENTION, TruthValue, RowStatus, 206 StorageType, DisplayString 207 FROM SNMPv2-TC 208 InterfaceIndexOrZero 209 FROM IF-MIB 210 MplsTunnelIndex 211 FROM MPLS-TE-MIB 212 InetAddressIPv4, InetAddressIPv6, InetAddressType 213 FROM INET-ADDRESS-MIB; 215 mplsPacketClassifierMIB MODULE-IDENTITY 216 LAST-UPDATED "200007141200Z" -- 14 July 2000 12:00:00 EST 217 ORGANIZATION "Multiprotocol Label Switching (MPLS) Working Group" 218 CONTACT-INFO 219 " Thomas D. Nadeau 220 Postal: Cisco Systems, Inc. 221 250 Apollo Drive 222 Chelmsford, MA 01824 223 Tel: +1-978-244-3051 224 Email: tnadeau@cisco.com 226 Cheenu Srinivasan 227 Postal: Tachion Networks, Inc. 228 Monmouth Park Corporate Center I 229 Building C, 185 Monmouth Park Highway 230 West Long Branch, NJ 07764 231 Tel: +1-732-542-7750 x1234 232 Email: cheenu@tachion.com 234 Arun Viswanathan 235 Postal: Force10 Networks, Inc. 236 1440 McCarthy Blvd 237 Milpitas, CA 95035 238 Tel: +1-408-571-3516 239 Email: arun@force10networks.com" 241 DESCRIPTION 242 "This MIB module contains managed object definitions for 243 specifying packet classification for MPLS." 245 -- Revision history. 247 REVISION 248 "200007141200Z" -- 14 July 2000 12:00:00 EST 249 DESCRIPTION 250 "Initial draft version." 251 REVISION 252 "200003032030Z" -- 03 March 2000 20:30:00 EST 253 DESCRIPTION 254 "Initial draft version." 256 ::= { experimental oid } -- to be assigned 258 -- Textual Conventions. 260 MplsPortAddr ::= TEXTUAL-CONVENTION 261 STATUS current 262 DESCRIPTION 263 "A TCP or UDP port number. Along with an IP address 264 identifies a stream of IP traffic uniquely." 265 SYNTAX INTEGER (0..65535) 267 MplsPacketClassifierIndex ::= TEXTUAL-CONVENTION 268 STATUS current 269 DESCRIPTION 270 "Index for a packet classifier." 271 SYNTAX Integer32(1..2147483647) 273 MplsPacketClassifierIndexOrZero ::= TEXTUAL-CONVENTION 274 STATUS current 275 DESCRIPTION 276 "Index for a packet classifier or zero." 277 SYNTAX Integer32(0..2147483647) 279 -- Top level components of the MIB. 281 -- tables, scalars 282 mplsPacketClassifierObjects OBJECT IDENTIFIER 283 ::= { mplsPacketClassifierMIB 1 } 285 -- traps 286 mplsPacketClassifierNotifications OBJECT IDENTIFIER 287 ::= { mplsPacketClassifierMIB 2 } 288 -- notification prefix 289 mplsPacketClassifierNotifPrefix OBJECT IDENTIFIER 290 ::= { mplsPacketClassifierNotifications 0 } 292 -- conformance 293 mplsPacketClassifierConformance OBJECT IDENTIFIER 294 ::= { mplsPacketClassifierMIB 3 } 296 -- Packet classifier table. 298 mplsPacketClassifierIndexNext OBJECT-TYPE 299 SYNTAX MplsPacketClassifierIndexOrZero 300 MAX-ACCESS read-only 301 STATUS current 302 DESCRIPTION 303 "This object contains the next appropriate value to be 304 used for mplsPacketClassifierIndex when creating 305 entries in the mplsPacketClassifierTable. If the 306 number of unassigned entries is exhausted, this object 307 MUST return a value of 0. To obtain the 308 mplsPacketClassifierIndex value for a new entry, the 309 manager must first issue a management protocol 310 retrieval operation to obtain the current value of this 311 object. The agent should modify the value to reflect 312 the next unassigned index after each retrieval 313 operation. After a manager retrieves a value the agent 314 will determine through its local policy when this index 315 value will be made available for reuse." 316 ::= { mplsPacketClassifierObjects 1 } 318 mplsPacketClassifierTable OBJECT-TYPE 319 SYNTAX SEQUENCE OF MplsPacketClassifierEntry 320 MAX-ACCESS not-accessible 321 STATUS current 322 DESCRIPTION 323 "This table contains the currently defined packet 324 classifiers." 325 ::= { mplsPacketClassifierObjects 2 } 327 mplsPacketClassifierEntry OBJECT-TYPE 328 SYNTAX MplsPacketClassifierEntry 329 MAX-ACCESS not-accessible 330 STATUS current 331 DESCRIPTION 332 "Each entry represents one packet classifier which 333 defines a rule to compare against incoming packets and 334 an action to be taken on matching packets." 335 INDEX { mplsPacketClassifierIndex } 336 ::= { mplsPacketClassifierTable 1 } 338 MplsPacketClassifierEntry ::= SEQUENCE { 339 mplsPacketClassifierIndex 340 MplsPacketClassifierIndex, 341 mplsPacketClassifierRowStatus RowStatus, 342 mplsPacketClassifierDescr DisplayString, 343 mplsPacketClassifierApplied TruthValue, 344 mplsPacketClassifierMask BITS, 345 mplsPacketClassifierAddrType InetAddressType, 346 mplsPacketClassifierSourceIpv4AddrMin InetAddressIPv4, 347 mplsPacketClassifierSourceIpv6AddrMin InetAddressIPv6, 348 mplsPacketClassifierSourceIpv4AddrMax InetAddressIPv4, 349 mplsPacketClassifierSourceIpv6AddrMax InetAddressIPv6, 350 mplsPacketClassifierDestIpv4AddrMin InetAddressIPv4, 351 mplsPacketClassifierDestIpv6AddrMin InetAddressIPv6, 352 mplsPacketClassifierDestIpv4AddrMax InetAddressIPv4, 353 mplsPacketClassifierDestIpv6AddrMax InetAddressIPv6, 354 mplsPacketClassifierSourcePortMin MplsPortAddr, 355 mplsPacketClassifierSourcePortMax MplsPortAddr, 356 mplsPacketClassifierDestPortMin MplsPortAddr, 357 mplsPacketClassifierDestPortMax MplsPortAddr, 358 mplsPacketClassifierProtocol INTEGER, 359 mplsPacketClassifierActionType INTEGER, 360 mplsPacketClassifierActionPointer RowPointer, 361 mplsPacketClassifierStorageType StorageType 362 } 364 mplsPacketClassifierIndex OBJECT-TYPE 365 SYNTAX MplsPacketClassifierIndex 366 MAX-ACCESS not-accessible 367 STATUS current 368 DESCRIPTION 369 "Unique index for the this packet classifier entry." 370 ::= { mplsPacketClassifierEntry 1 } 372 mplsPacketClassifierRowStatus OBJECT-TYPE 373 SYNTAX RowStatus 374 MAX-ACCESS read-create 375 STATUS current 376 DESCRIPTION 377 "For controlling the creation and deletion of this row." 378 ::= { mplsPacketClassifierEntry 2 } 380 mplsPacketClassifierDescr OBJECT-TYPE 381 SYNTAX DisplayString 382 MAX-ACCESS read-create 383 STATUS current 384 DESCRIPTION 385 "Description of this packet classifier." 386 ::= { mplsPacketClassifierEntry 3 } 388 mplsPacketClassifierApplied OBJECT-TYPE 389 SYNTAX TruthValue 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "Indicates whether this packet classifier has been 394 applied on any interface or not." 395 ::= { mplsPacketClassifierEntry 4 } 397 mplsPacketClassifierMask OBJECT-TYPE 398 SYNTAX BITS { 399 sourceAddr(0), 400 destAddr(1), 401 sourcePort(2), 402 destPort(3), 403 protocol(4) 404 } 405 MAX-ACCESS read-create 406 STATUS current 407 DESCRIPTION 408 "This bit map indicates which of the fields described 409 next, namely source address range, destination address 410 range, source port range, destination port range, and 411 protocol is active for this . If a particular bit is 412 inactive (i.e., set to zero) then the corresponding 413 field in the packet is ignored for comparison 414 purposes." 415 ::= { mplsPacketClassifierEntry 5 } 417 mplsPacketClassifierAddrType OBJECT-TYPE 418 SYNTAX InetAddressType 419 MAX-ACCESS read-create 420 STATUS current 421 DESCRIPTION 422 "Type of IP packet that this classifier will match 423 against. If this object has the value ipv4(1) then the 424 objects in this entry of type InetAddressIpv6 MUST be 425 ignored by management applications. If this object has 426 the value ipv6(1) then the objects in this entry of 427 type InetAddressIpv4 MUST be ignored by management 428 applications." 429 DEFVAL { ipv4 } 430 ::= { mplsPacketClassifierEntry 6 } 432 mplsPacketClassifierSourceIpv4AddrMin OBJECT-TYPE 433 SYNTAX InetAddressIPv4 434 MAX-ACCESS read-create 435 STATUS current 436 DESCRIPTION 437 "Lower end of source address range - IPv4 version." 438 ::= { mplsPacketClassifierEntry 7 } 440 mplsPacketClassifierSourceIpv6AddrMin OBJECT-TYPE 441 SYNTAX InetAddressIPv6 442 MAX-ACCESS read-create 443 STATUS current 444 DESCRIPTION 445 " Lower end of source address range - IPv6 version." 446 ::= { mplsPacketClassifierEntry 8 } 448 mplsPacketClassifierSourceIpv4AddrMax OBJECT-TYPE 449 SYNTAX InetAddressIPv4 450 MAX-ACCESS read-create 451 STATUS current 452 DESCRIPTION 453 "Upper end of source address range - IPv4 version." 454 ::= { mplsPacketClassifierEntry 9 } 456 mplsPacketClassifierSourceIpv6AddrMax OBJECT-TYPE 457 SYNTAX InetAddressIPv6 458 MAX-ACCESS read-create 459 STATUS current 460 DESCRIPTION 461 "Upper end of source address range - IPv4 version." 462 ::= { mplsPacketClassifierEntry 10 } 464 mplsPacketClassifierDestIpv4AddrMin OBJECT-TYPE 465 SYNTAX InetAddressIPv4 466 MAX-ACCESS read-create 467 STATUS current 468 DESCRIPTION 469 "Lower end of destination address range - IPv4 version." 470 ::= { mplsPacketClassifierEntry 11 } 472 mplsPacketClassifierDestIpv6AddrMin OBJECT-TYPE 473 SYNTAX InetAddressIPv6 474 MAX-ACCESS read-create 475 STATUS current 476 DESCRIPTION 477 "Lower end of destination address range - IPv6 version." 478 ::= { mplsPacketClassifierEntry 12 } 480 mplsPacketClassifierDestIpv4AddrMax OBJECT-TYPE 481 SYNTAX InetAddressIPv4 482 MAX-ACCESS read-create 483 STATUS current 484 DESCRIPTION 485 "Upper end of destination address range - IPv4 version " 486 ::= { mplsPacketClassifierEntry 13 } 488 mplsPacketClassifierDestIpv6AddrMax OBJECT-TYPE 489 SYNTAX InetAddressIPv6 490 MAX-ACCESS read-create 491 STATUS current 492 DESCRIPTION 493 "Upper end of destination address range - IPv6 version " 494 ::= { mplsPacketClassifierEntry 14 } 496 mplsPacketClassifierSourcePortMin OBJECT-TYPE 497 SYNTAX MplsPortAddr 498 MAX-ACCESS read-create 499 STATUS current 500 DESCRIPTION 501 "Lower end of source port range." 502 ::= { mplsPacketClassifierEntry 15 } 504 mplsPacketClassifierSourcePortMax OBJECT-TYPE 505 SYNTAX MplsPortAddr 506 MAX-ACCESS read-create 507 STATUS current 508 DESCRIPTION 509 "Higher end of source port range " 510 ::= { mplsPacketClassifierEntry 16 } 512 mplsPacketClassifierDestPortMin OBJECT-TYPE 513 SYNTAX MplsPortAddr 514 MAX-ACCESS read-create 515 STATUS current 516 DESCRIPTION 517 "Lower end of the destination port range." 518 ::= { mplsPacketClassifierEntry 17 } 520 mplsPacketClassifierDestPortMax OBJECT-TYPE 521 SYNTAX MplsPortAddr 522 MAX-ACCESS read-create 523 STATUS current 524 DESCRIPTION 525 "Higher end of the destination port range." 526 ::= { mplsPacketClassifierEntry 18 } 528 mplsPacketClassifierProtocol OBJECT-TYPE 529 SYNTAX INTEGER (0..65535) 530 MAX-ACCESS read-create 531 STATUS current 532 DESCRIPTION 533 "Protocol." 534 ::= { mplsPacketClassifierEntry 19 } 536 mplsPacketClassifierActionType OBJECT-TYPE 537 SYNTAX INTEGER { 538 drop(1), -- discard this packet 539 redirectLsp(2), -- redirect into specified LSP 540 redirectTunnel(3) -- redirect into specified tunnel 541 } 542 MAX-ACCESS read-create 543 STATUS current 544 DESCRIPTION 545 "The type of action to be taken on packets matching this 546 filter." 547 ::= { mplsPacketClassifierEntry 20 } 549 mplsPacketClassifierActionPointer OBJECT-TYPE 550 SYNTAX RowPointer 551 MAX-ACCESS read-create 552 STATUS current 553 DESCRIPTION 554 "If mplsPacketClassifierActionType is redirectLsp(2), 555 then this object indicates the instance of mplsXCEntry 556 for the LSP to redirect matching packets to. If 557 mplsPacketClassifierActionType is redirectTunnel(3), 558 then this object indicates the instance of 559 mplsTunnelEntry for the MPLS tunnel to redirect 560 matching packets to. For other values of 561 mplsPacketClassifierActionType this object MUST be 562 ignored by management applications. Agents SHOULD 563 return 0 as the value of this object." 564 ::= { mplsPacketClassifierEntry 21 } 566 mplsPacketClassifierStorageType OBJECT-TYPE 567 SYNTAX StorageType 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "The storage type for this entry." 572 ::= { mplsPacketClassifierEntry 22 } 574 -- End of mplsPacketClassifierTable. 576 -- Packet classifier mapping table. 578 mplsPacketClassifierMapTable OBJECT-TYPE 579 SYNTAX SEQUENCE OF MplsPacketClassifierMapEntry 580 MAX-ACCESS not-accessible 581 STATUS current 582 DESCRIPTION 583 "This table contains objects for mapping previously 584 defined packet classifiers to interfaces." 585 ::= { mplsPacketClassifierObjects 3 } 587 mplsPacketClassifierMapEntry OBJECT-TYPE 588 SYNTAX MplsPacketClassifierMapEntry 589 MAX-ACCESS not-accessible 590 STATUS current 591 DESCRIPTION 592 "Each entry indicates the application of a particular 593 packet classifier on an interface. The order of 594 application of packet classifiers on an interface is 595 the order in which they will be compared against 596 incoming packets for a match. Each entry of this table 597 is indexed by the interface index that the classifier 598 is applied to, with the value 0 representing all 599 interfaces, the index of the previous packet classifier 600 applied on the interface and the index of the current 601 packet classifier. This linked-list structure allows 602 classifiers to be inserted at arbitrary positions in 603 the list. Agents MUST NOT allow the same classifiers to 604 be applied multiple times to the same interface." 605 INDEX { 606 mplsPacketClassifierMapIfIndex, 607 mplsPacketClassifierMapPrevIndex, 608 mplsPacketClassifierMapCurrIndex 609 } 610 ::= { mplsPacketClassifierMapTable 1 } 612 MplsPacketClassifierMapEntry ::= SEQUENCE { 613 mplsPacketClassifierMapIfIndex InterfaceIndexOrZero, 614 mplsPacketClassifierMapPrevIndex MplsPacketClassifierIndexOrZero, 615 mplsPacketClassifierMapCurrIndex MplsPacketClassifierIndex, 616 mplsPacketClassifierMapRowStatus RowStatus, 617 mplsPacketClassifierMapStorageType 618 StorageType 619 } 621 mplsPacketClassifierMapIfIndex OBJECT-TYPE 622 SYNTAX InterfaceIndexOrZero 623 MAX-ACCESS read-create 624 STATUS current 625 DESCRIPTION 626 "Interface index that this classifier is being applied 627 to. Zero represents all interfaces." 628 ::= { mplsPacketClassifierMapEntry 1 } 630 mplsPacketClassifierMapPrevIndex OBJECT-TYPE 631 SYNTAX MplsPacketClassifierIndexOrZero 632 MAX-ACCESS read-create 633 STATUS current 634 DESCRIPTION 635 "Index of the previous classifier that was applied to 636 this interface. Zero indicates that this should be the 637 first classifier in the list." 638 ::= { mplsPacketClassifierMapEntry 2 } 640 mplsPacketClassifierMapCurrIndex OBJECT-TYPE 641 SYNTAX MplsPacketClassifierIndex 642 MAX-ACCESS read-create 643 STATUS current 644 DESCRIPTION 645 "Index of the current classifier that is being applied 646 to this interface." 647 ::= { mplsPacketClassifierMapEntry 3 } 649 mplsPacketClassifierMapRowStatus OBJECT-TYPE 650 SYNTAX RowStatus 651 MAX-ACCESS read-create 652 STATUS current 653 DESCRIPTION 654 "For controlling the creation and deletion of this row." 655 ::= { mplsPacketClassifierMapEntry 4 } 657 mplsPacketClassifierMapStorageType OBJECT-TYPE 658 SYNTAX StorageType 659 MAX-ACCESS read-create 660 STATUS current 661 DESCRIPTION 662 "The storage type for this entry." 663 ::= { mplsPacketClassifierMapEntry 5 } 665 -- End of packetClassifierMapTable 667 -- Packet classifier performance table 669 mplsPacketClassifierPerfTable OBJECT-TYPE 670 SYNTAX SEQUENCE OF MplsPacketClassifierPerfEntry 671 MAX-ACCESS not-accessible 672 STATUS current 673 DESCRIPTION 674 "This table contains performance statistics on packet 675 classifiers on a per-interface basis." 676 ::= { mplsPacketClassifierObjects 4 } 678 mplsPacketClassifierPerfEntry OBJECT-TYPE 679 SYNTAX MplsPacketClassifierPerfEntry 680 MAX-ACCESS not-accessible 681 STATUS current 682 DESCRIPTION 683 "Each entry contains performance information for the 684 specified interface and packet classifier 685 activated/mapped to this interface." 687 INDEX { mplsPacketClassifierMapIfIndex, 688 mplsPacketClassifierMapCurrIndex } 689 ::= { mplsPacketClassifierPerfTable 1 } 691 MplsPacketClassifierPerfEntry ::= SEQUENCE { 692 mplsPacketClassifierMatchedPackets Counter32, 693 mplsPacketClassifierMatchedOctets Counter32, 694 mplsPacketClassifierMatchedHCPackets Counter64, 695 mplsPacketClassifierMatchedHCOctets Counter64 696 } 698 mplsPacketClassifierMatchedPackets OBJECT-TYPE 699 SYNTAX Counter32 700 MAX-ACCESS read-only 701 STATUS current 702 DESCRIPTION 703 "Number of packets that matched the specified packet 704 classifier if it is applied/mapped to the specified 705 interface." 706 ::= { mplsPacketClassifierPerfEntry 1 } 708 mplsPacketClassifierMatchedOctets OBJECT-TYPE 709 SYNTAX Counter32 710 MAX-ACCESS read-only 711 STATUS current 712 DESCRIPTION 713 "Number of octets that matched the specified packet 714 classifier if it is applied/mapped to the specified 715 interface." 716 ::= { mplsPacketClassifierPerfEntry 2 } 718 mplsPacketClassifierMatchedHCPackets OBJECT-TYPE 719 SYNTAX Counter64 720 MAX-ACCESS read-only 721 STATUS current 722 DESCRIPTION 723 "High-capacity counter for the number of packets that 724 matched the specified packet classifier if it is 725 applied/mapped to the specified interface." 726 ::= { mplsPacketClassifierPerfEntry 3 } 728 mplsPacketClassifierMatchedHCOctets OBJECT-TYPE 729 SYNTAX Counter64 730 MAX-ACCESS read-only 731 STATUS current 732 DESCRIPTION 733 "High-capacity counter for the number of octets that 734 matched the specified packet classifier if it is 735 applied/mapped to the specified interface." 736 ::= { mplsPacketClassifierPerfEntry 4 } 738 -- End of mplsPacketClassifierPerfTable 740 -- Module compliance. 742 mplsPacketClassifierGroups 743 OBJECT IDENTIFIER ::= { mplsPacketClassifierConformance 1 } 745 mplsPacketClassifierCompliances 746 OBJECT IDENTIFIER ::= { mplsPacketClassifierConformance 2 } 748 mplsPacketClassifierModuleCompliance MODULE-COMPLIANCE 749 STATUS current 750 DESCRIPTION 751 "Compliance statement for agents that support the MPLS 752 Packet Classifier MIB." 754 MODULE -- this module 756 -- The mandatory groups have to be implemented 757 -- by all LSRs. However, they may all be supported 758 -- as read-only objects in the case where manual 759 -- configuration is unsupported. 761 MANDATORY-GROUPS { 762 mplsPacketClassifierRuleGroup, 763 mplsPacketClassifierMapGroup 764 } 766 GROUP mplsPacketClassifierHCPerfGroup 767 DESCRIPTION 768 "This group is mandatory for those perf entries for 769 which the object mplsPacketClassifierMatchedHCOctets 770 and mplsPacketClassifierMatchedHCPackets wrap around 771 too quickly." 773 ::= { mplsPacketClassifierCompliances 1 } 775 -- Units of conformance. 776 mplsPacketClassifierRuleGroup OBJECT-GROUP 777 OBJECTS { 778 mplsPacketClassifierIndexNext, 779 mplsPacketClassifierRowStatus, 780 mplsPacketClassifierDescr, 781 mplsPacketClassifierApplied, 782 mplsPacketClassifierMask, 783 mplsPacketClassifierAddrType, 784 mplsPacketClassifierSourceIpv4AddrMin, 785 mplsPacketClassifierSourceIpv6AddrMin, 786 mplsPacketClassifierSourceIpv4AddrMax, 787 mplsPacketClassifierSourceIpv6AddrMax, 788 mplsPacketClassifierDestIpv4AddrMin, 789 mplsPacketClassifierDestIpv6AddrMin, 790 mplsPacketClassifierDestIpv4AddrMax, 791 mplsPacketClassifierDestIpv6AddrMax, 792 mplsPacketClassifierSourcePortMin, 793 mplsPacketClassifierSourcePortMax, 794 mplsPacketClassifierDestPortMin, 795 mplsPacketClassifierDestPortMax, 796 mplsPacketClassifierProtocol, 797 mplsPacketClassifierActionType, 798 mplsPacketClassifierActionPointer, 799 mplsPacketClassifierStorageType 800 } 801 STATUS current 802 DESCRIPTION 803 "Collection of objects needed for MPLS classifier 804 configuration and monitoring." 805 ::= { mplsPacketClassifierGroups 1 } 807 mplsPacketClassifierMapGroup OBJECT-GROUP 808 OBJECTS { 809 mplsPacketClassifierMapIfIndex, 810 mplsPacketClassifierMapPrevIndex, 811 mplsPacketClassifierMapCurrIndex, 812 mplsPacketClassifierMapRowStatus, 813 mplsPacketClassifierMapStorageType 814 } 815 STATUS current 816 DESCRIPTION 817 "Collection of objects needed for MPLS classifier 818 configuration and monitoring." 819 ::= { mplsPacketClassifierGroups 2 } 821 mplsPacketClassifierPerfGroup OBJECT-GROUP 822 OBJECTS { 823 mplsPacketClassifierMatchedPackets, 824 mplsPacketClassifierMatchedOctets 825 } 826 STATUS current 827 DESCRIPTION 828 "Collection of objects needed for MPLS packet classifier 829 performance monitoring." 830 ::= { mplsPacketClassifierGroups 3 } 832 mplsPacketClassifierHCPerfGroup OBJECT-GROUP 833 OBJECTS { 834 mplsPacketClassifierMatchedHCPackets, 835 mplsPacketClassifierMatchedHCOctets 836 } 837 STATUS current 838 DESCRIPTION 839 "Collection of objects needed for MPLS packet classifier 840 performance monitoring when using high-capacity 841 counters." 842 ::= { mplsPacketClassifierGroups 4 } 844 -- End of MPLS-PACKET-CLASSIFIER-MIB 846 END 848 9. Security Considerations 850 It is clear that this MIB can be used for configuration of certain 851 objects, and anything that can be configured can be incorrectly 852 configured, with potentially disastrous results. 854 At this writing, no security holes have been identified beyond those 855 that SNMP Security [SNMPArch] is itself intended to address. These 856 relate to primarily controlled access to sensitive information and 857 the ability to configure a device - or which might result from 858 operator error, which is beyond the scope of any security 859 architecture. 861 There are a number of management objects defined in this MIB which 862 have a MAX-ACCESS clause of read-write and/or read-create. Such 863 objects may be considered sensitive or vulnerable in some network 864 environments. The support for SET operations in a non-secure 865 environment without proper protection can have a negative effect on 866 network operations. The use of SNMP Version 3 is recommended over 867 prior versions, for configuration control, as its security model is 868 improved. 870 SNMPv1 or SNMPv2 are by themselves not a secure environment. Even if 871 the network itself is secure (for example by using IPSec [IPSEC]), 872 there is no control as to who on the secure network is allowed to 873 access and GET/SET (read/change/create/delete) the objects in this 874 MIB. It is recommended that the implementers consider the security 875 features as provided by the SNMPv3 framework. Specifically, the use 876 of the User-based Security Model [SNMPv3USM] and the View-based 877 Access Control [SNMPv3VACM] is recommended. It is then a 878 customer/user responsibility to ensure that the SNMP entity giving 879 access to an instance of this MIB is properly configured to give 880 access to the objects only to those principals (users) that have 881 legitimate rights to indeed GET or SET (change/create/delete) them. 883 There are a number of managed objects in this MIB that may contain 884 information that may be sensitive from a business perspective, in 885 that they represent a customer's interface to the MPLS network. 887 Allowing uncontrolled access to these objects could result in 888 malicious and unwanted disruptions of network traffic or incorrect 889 configurations for these customers. There are no objects that are 890 particularly sensitive in their own right, such as passwords or 891 monetary amounts. 893 10. References 895 [MPLSArch] Rosen, E., Viswanathan, A., and R. Callon, 896 "Multiprotocol Label Switching Architecture", Internet 897 Draft , February 1999. 899 [MPLSFW] Callon, R., Doolan, P., Feldman, N., Fredette, A., 900 Swallow, G., and A. Viswanathan, "A Framework for 901 Multiprotocol Label Switching", Internet Draft , November 1997. 904 [LSRMIB] Srinivasan, C., Viswanathan, A. and T. Nadeau, "MPLS 905 Label Switch Router Management Information Base Using 906 SMIv2", Internet Draft , September 2000. 909 [TEMIB] Srinivasan, C., Viswanathan, A. and Nadeau, T., "MPLS 910 Traffic Engineering Management Information Base Using 911 SMIv2", Internet Draft , September 2000. 914 [LDPMIB] Cucchiara, J., Sjostrand, H., and J. Luciani, " 915 Definitions of Managed Objects for the Multiprotocol 916 Label Switching, Label Distribution Protocol (LDP)", 917 Internet Draft , 918 August 1998. 920 [LblStk] Rosen, E., Rekhter, Y., Tappan, D., Farinacci, D., 921 Federokow, G., Li, T., and A. Conta, "MPLS Label Stack 922 Encoding", Internet Draft , September 1998. 925 [RSVPTun] Awaduche, D., Berger, L., Der-Haw, G., Li, T., 926 Swallow, G., and V. Srinivasan, "Extensions to RSVP 927 for LSP Tunnels", Internet Draft , November 1998. 930 [CRLDP] Andersson, L., Fredette, A., Jamoussi, B., Callon, R., 931 Doolan, P., Feldman, N., Gray, E., Halpern, J., 932 Heinenan, J., Kilty, T., Malis, A., Girish, M., 933 Sundell, K., Vaananen, P., T. Worster, Wu, L., and 934 Dantu, R., "Explicit Routing Over LDP Specification", 935 Internet Draft , 936 November 1998. 938 [Assigned] Reynolds, J., and J. Postel, "Assigned Numbers", RFC 939 1700, October 1994. 941 [SNMPArch] Harrington, D., Presuhn, R., and B. Wijnen, "An 942 Architecture for Describing SNMP Management 943 Frameworks", RFC 2271, January 1998. 945 [SMIv1] Rose, M., and K. McCloghrie, "Structure and 946 Identification of Management Information for TCP/IP- 947 based Internets", RFC 1155, May 1990. 949 [SNMPv1MIBDef]Rose, M., and K. McCloghrie, "Concise MIB 950 Definitions", RFC 1212, March 1991. 952 [SNMPv1Traps] M. Rose, "A Convention for Defining Traps for use with 953 the SNMP", RFC 1215, March 1991. 955 [SMIv2] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 956 "Structure of Management Information for Version 2 of 957 the Simple Network Management Protocol (SNMPv2)", RFC 958 1902, January 1996. 960 [SNMPv2TC] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 961 "Textual Conventions for Version 2 of the Simple 962 Network Management Protocol (SNMPv2)", RFC 1903, SNMP 963 Research, Inc., Cisco Systems, Inc., January 1996. 965 [SNMPv2Conf] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 966 "Conformance Statements for Version 2 of the Simple 967 Network Management Protocol (SNMPv2)", RFC 1904, 968 January 1996. 970 [SNMPv1] Case, J., Fedor, M., Schoffstall, M., and J. Davin, 971 "Simple Network Management Protocol", RFC 1157, May 972 1990. 974 [SNMPv2c] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 975 "Introduction to Community-based SNMPv2", RFC 1901, 976 January 1996. 978 [SNMPv2TM] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 979 "Transport Mappings for Version 2 of the Simple 980 Network Management Protocol (SNMPv2)", RFC 1906, 981 January 1996. 983 [SNMPv3MP] Case, J., Harrington D., Presuhn R., and B. Wijnen, 984 "Message Processing and Dispatching for the Simple 985 Network Management Protocol (SNMP)", RFC 2272, January 986 1998. 988 [SNMPv3USM] Blumenthal, U., and B. Wijnen, "User-based Security 989 Model (USM) for version 3 of the Simple Network 990 Management Protocol (SNMPv3)", RFC 2274, January 1998. 992 [SNMPv2PO] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 993 "Protocol Operations for Version 2 of the Simple 994 Network Management Protocol (SNMPv2)", RFC 1905, 995 January 1996. 997 [SNMPv3App] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 998 Applications", RFC 2273, January 1998 1000 [SNMPv3VACM] Wijnen, B., Presuhn, R., and K. McCloghrie, "View- 1001 based Access Control Model (VACM) for the Simple 1002 Network Management Protocol (SNMP)", RFC 2275, January 1003 1998 1005 11. Authors' Addresses 1007 Thomas D. Nadeau 1008 Cisco Systems, Inc. 1009 300 Apollo Drive 1010 Chelmsford, MA 01824 1011 Phone: +1-978-244-3051 1012 Email: tnadeau@cisco.com 1014 Cheenu Srinivasan 1015 Tachion Networks, Inc. 1016 185 Monmouth Park Highway 1017 West Long Branch, NJ 07764 1018 Phone: +1-732-542-7750 x1234 1019 Email: cheenu@tachion.com 1021 Arun Viswanathan 1022 Force10 Networks, Inc. 1023 1440 McCarthy Blvd 1024 Milpitas, CA 95035 1025 Phone: +1-408-571-3516 1026 Email: arun@force10networks.com 1028 12. Full Copyright Statement 1030 Copyright (C) The Internet Society (2000). All Rights Reserved. 1032 This document and translations of it may be copied and furnished to 1033 others, and derivative works that comment on or otherwise explain it 1034 or assist in its implementation may be prepared, copied, published 1035 and distributed, in whole or in part, without restriction of any 1036 kind, provided that the above copyright notice and this paragraph are 1037 included on all such copies and derivative works. However, this 1038 document itself may not be modified in any way, such as by removing 1039 the copyright notice or references to the Internet Society or other 1040 Internet organizations, except as needed for the purpose of 1041 developing Internet standards in which case the procedures for 1042 copyrights defined in the Internet Standards process must be 1043 followed, or as required to translate it into languages other than 1044 English. 1046 The limited permissions granted above are perpetual and will not be 1047 revoked by the Internet Society or its successors or assigns. This 1048 document and the information contained herein is provided on an "AS 1049 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1050 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1051 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN 1052 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1053 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.