Internet Draft
Internet Draft        MPLS Packet Classifier MIB        08 May 2000



Network Working Group                          Thomas D. Nadeau
Internet Draft                              Cisco Systems, Inc.
Expires: November 2000                                    
                                              Cheenu Srinivasan
                                         Tachion Networks, Inc.
                                                           
                                               Arun Viswanathan
                                         Force10 Networks, Inc.
                                  
                                  
   Multiprotocol Label Switching Packet Classification Management
                    Information Base Using SMIv2
                                  
         draft-nadeau-mpls-packet-classifier-mib-00.txt
                                  
                                  
                                  


Status of this Memo
   
   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.
   
   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.
   
   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-



Nadeau, et al.             Expires November 2000            [Page 1]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   Drafts as reference material or to cite them other than as "work
   in progress."
   
   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.
   
   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


Abstract
   
   This memo defines an experimental portion of the Management
   Information Base  (MIB) for use with network management protocols
   in the Internet community.  In particular, it describes managed
   objects for specifying packet classification rules and
   corresponding actions for use with Multiprotocol Label Switching
   (MPLS).


1. Introduction
   
   This memo defines an experimental portion of the Management
   Information Base (MIB) for use with network management protocols
   in the Internet community. In particular, it describes managed
   objects for specifying packet classification rules and
   corresponding actions for Multiprotocol Label Switching.
   
   This memo does not, in its draft form, specify a standard for the
   Internet community.





Nadeau, et al.             Expires November 2000            [Page 2]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



2. Terminology
   
   Define terminology here.


3. The SNMP Management Framework
   
   The SNMP Management Framework presently consists of five major
   components:
   
   -  An overall architecture, described in RFC 2271 [SNMPArch].
   
   -  Mechanisms for describing and naming objects and events for the
      purpose of management.  The first version of this Structure of
      Management Information (SMI) is called SMIv1 and described in
      RFC 1155 [SMIv1], RFC 1212 [SNMPv1MIBDef] and RFC 1215
      [SNMPv1Traps].  The second version, called SMIv2, is described
      in RFC 1902 [SMIv2], RFC 1903 [SNMPv2TC] and RFC 1904
      [SNMPv2Conf].
   
   -  Message protocols for transferring management information.  The
      first version of the SNMP message protocol is called SNMPv1
      and described in RFC 1157 [SNMPv1].  A second version of the
      SNMP message protocol, which is not an Internet standards
      track protocol, is called SNMPv2c and described in RFC 1901
      [SNMPv2c] and RFC 1906 [SNMPv2TM].  The third version of the
      message protocol is called SNMPv3 and described in RFC 1906
      [SNMPv2TM], RFC 2272 [SNMPv3MP] and RFC 2274 [SNMPv3USM].
   
   -  Protocol operations for accessing management information.  The
      first set of protocol operations and associated PDU formats is
      described in RFC 1157 [SNMPv1].  A second set of protocol



Nadeau, et al.             Expires November 2000            [Page 3]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



      operations and associated PDU formats is described in RFC 1905
      [SNMPv2PO].
   
   -  A set of fundamental applications described in RFC 2273
      [SNMPv3App] and the view-based access control mechanism
      described in RFC 2275 [SNMPv3VACM].  Managed objects are
      accessed via a virtual information store, termed the
      Management Information Base or MIB.  Objects in the MIB are
      defined using the mechanisms defined in the SMI.  This memo
      specifies a MIB module that is compliant to the SMIv2.  A MIB
      conforming to the SMIv1 can be produced through the
      appropriate translations.  The resulting translated MIB must
      be semantically equivalent, except where objects or events are
      omitted because no translation is possible (use of Counter64).
      Some machine readable information in SMIv2 will be converted
      into textual descriptions in SMIv1 during the translation
      process.  However, this loss of machine readable information
      is not considered to change the semantics of the MIB.


3.1.  Object Definitions
   
   Managed objects are accessed via a virtual information store,
   termed the Management Information Base or MIB.  Objects in the MIB
   are defined using the subset of Abstract Syntax Notation One
   (ASN.1) defined in the SMI.  In particular, each object type is
   named by an OBJECT IDENTIFIER, an administratively assigned name.
   The object type together with an object instance serves to
   uniquely identify a specific instantiation of the object.  For
   human convenience, we often use a textual string, termed the
   descriptor, to also refer to the object type.




Nadeau, et al.             Expires November 2000            [Page 4]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000




4. Motivation
   
   The primary motivation for this proposal arose from requirements
   in the MPLS area.  In MPLS, packets belonging to a forwarding
   equivalency class (FEC) are mapped to an LSP (ER-LSP) via the FEC-
   To-NHLFE (FTN) table [MPLS-Arch].  This mapping of packets to LSP
   is made at the ingress LSR of an LSP.  Conceptually, some of the
   FTN table functionality could be implemented using the Forwarding
   Information Base (FIB) to map all packets destined to a prefix to
   an LSP.  However, this mapping is coarse in nature. Likewise, an
   LSR could use its classifier rules to redirect packets into LSPs.
   With the classifier-based mapping it is possible to specify FECs
   finer in granularity and based on a richer set of criteria than is
   possible via the FIB mapping. In essence, the FTN table is a
   combination of the FIB and classifier rules.
   
   The packet classification functionality is already being used in
   other contexts, such as security filters, access filters, and for
   RSVP flow identification.  All of these require various
   combinations of matching rules based on IP header and upper-layer
   header information to identify packets for a particular treatment.
   When packets match a particular rule, a corresponding action is
   executed against those packets.  For example, two popular actions
   to take when a rule is matched are allowing the packet to be
   forwarded or to discard it. However, other actions are possible,
   such as modifying the TOS byte, or redirecting a packet to a
   particular outgoing interface.
   
   This proposal is an attempt to consolidate the various matching
   requirements and associated action options into a single
   specification which is useful for in the context of MPLS. Although



Nadeau, et al.             Expires November 2000            [Page 5]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   these various requirements and actions may exist in currently
   implementations, they may exist in separate tables (as they do in
   many implementations today) such that it satisfies existing usage
   and requirements as well as new ones such as those required by
   MPLS and Diff-Serv.


5. Outline
   
   This MIB consists of two primary tables. The
   mplsMplsPacketClassifierRuleTable defines the rule base against
   which incoming packets are matched.  The
   mplsMplsPacketClassifierActionTable defines the corresponding
   action(s) to be taken when a rule is matched. The MIB also
   contains other supporting tables. The
   mplsMplsPacketClassifierTable provides the capability to group
   rules into sets, where each such set of rules is referred to as a
   "packet classifier".  The mplsMplsPacketClassifierAppliedTable is
   used to apply these rule sets to one or more interfaces.  Finally,
   the mplsMplsPacketClassifierRulePerfTable provides performance
   counters for every rule in the database.


5.1.  mplsMplsPacketClassifierTable
   
   A packet classifier is an atomic collection of rules applied in a
   particular order to incoming packets.  This table provides a layer
   of abstraction through which rules can be grouped into sets.  It
   also contains an object to indicate if a packet classifier is
   active in on a particular interface.





Nadeau, et al.             Expires November 2000            [Page 6]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



5.2.  mplsMplsPacketClassifierRuleTable
   
   This table provides the capability to define the rules of a given
   packet classifier. It provides a standard 5-tuple matching.  It
   allows address and port ranges to be specified.  Each rule entry
   has an action index which points to an entry in
   mplsMplsPacketClassifierActionTable to specify an action when that
   rule is matched.


5.3.  mplsMplsPacketClassifierActionTable
   
   This table defines actions that may be used when a rule is
   matched.  Actions currently defined are drop, pass, and redirect.
   More actions may be defined in future.


5.4.  mplsMplsPacketClassifierAppliedTable
   
   A packet classifier can be applied to one or more interfaces using
   this table.  Packet classifiers are compared with incoming packets
   in the order in which they are applied on an interface. For this
   reason, the table provides a mechanism to 'insert' a packet
   classifier between two existing packet classifiers already applied
   on an interface.


5.5.  mplsMplsPacketClassifierRulePerfTable
   
   This table provides performance counters per rule and per
   interface that it is applied to.  Currently, the table has
   counters for packets and octets that have matched a rule.  More



Nadeau, et al.             Expires November 2000            [Page 7]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   counters may be added later.


6. Example
   
   Describe an example.


7. Packet Classifier MIB Definitions

PACKET-CLASSIFIER-MIB DEFINITIONS ::= BEGIN

IMPORTS
   MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
   Integer32, Unsigned32, Counter32, IpAddress, experimental
      FROM SNMPv2-SMI
   MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
      FROM SNMPv2-CONF
   TEXTUAL-CONVENTION, TruthValue, RowStatus
      FROM SNMPv2-TC
   InterfaceIndex, InterfaceIndexOrZero
      FROM IF-MIB;

mplsMplsPacketClassifierMIB MODULE-IDENTITY
   LAST-UPDATED "200005082030Z"  -- 08 May 2000 20:30:00 EST
   ORGANIZATION " Multiprotocol Label Switching (MPLS) Working
Group"
   CONTACT-INFO
       "        Thomas D. Nadeau
        Postal: Cisco Systems, Inc.
                250 Apollo Drive
                Chelmsford, MA 01824
        Tel:    +1-978-244-3051
        Email:  tnadeau@cisco.com"

Nadeau, et al.             Expires November 2000            [Page 8]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000

                Cheenu Srinivasan
        Postal: Tachion Networks, Inc.
                2 Meridian Road
                Eatontown, NJ 0772
        Tel:    +1 732 542 7750 x234
        Email:  cheenu@tachion.com
       
               Arun Viswanathan
        Postal: Force10 Networks
                1440 McCarthy Blvd
                Milpitas, CA 95035
        Tel:    +1-408-571-3516
        Email:  arun@force10networks.com"
       


   DESCRIPTION
       "This MIB module contains managed object definitions for
        specifying packet classification for MPLS."
       
   -- Revision history.
       
   REVISION
       "200005082030Z"  -- 08 May 2000 20:30:00 EST
   DESCRIPTION
       "Initial draft version."
       
   ::= { experimental oid } -- to be assigned


-- Textual Conventions.



Nadeau, et al.             Expires November 2000            [Page 9]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000




PortAddr ::= TEXTUAL-CONVENTION
   STATUS      current
   DESCRIPTION
       "A TCP or UDP port number. Along with an IP address
        identifies a stream of IP traffic uniquely."
   SYNTAX      INTEGER (0..65535)

Ipv6Address ::= TEXTUAL-CONVENTION
   STATUS      current
   DESCRIPTION
       "IPv6 address."
   SYNTAX      OCTET STRING (SIZE(16))



-- Top level components of the MIB.

-- tables, scalars
mplsMplsPacketClassifierObjects OBJECT IDENTIFIER
   ::= { mplsMplsPacketClassifierMIB 1 }
       
-- traps
mplsMplsPacketClassifierNotifications OBJECT IDENTIFIER
   ::= { mplsMplsPacketClassifierMIB 2 }

-- conformance
mplsMplsPacketClassifierConformance OBJECT IDENTIFIER
   ::= { mplsMplsPacketClassifierMIB 3 }


-- Packet classifier table.



Nadeau, et al.            Expires November 2000            [Page 10]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000




mplsMplsPacketClassifierTable  OBJECT-TYPE
   SYNTAX          SEQUENCE OF MplsMplsPacketClassifierEntry
   MAX-ACCESS      not-accessible
   STATUS          current
   DESCRIPTION
       "This table contains the currently defined packet
        classifiers."
   ::=  { mplsMplsPacketClassifierMIBObjects  1 }

mplsMplsPacketClassifierEntry  OBJECT-TYPE
   SYNTAX             MplsMplsPacketClassifierEntry
   MAX-ACCESS         not-accessible
   STATUS             current
   DESCRIPTION
       "Each entry represents one packet classifier which in
        turn consists of a set of rules. A unique name
        object indexes each packet classifier. The rules
        corresponding to a packet classifier are defined in
        mplsMplsPacketClassifierRuleTable."
   INDEX  {  mplsMplsPacketClassifierName  }
   ::=  { mplsMplsPacketClassifierTable 1 }

MplsMplsPacketClassifierEntry  ::=  SEQUENCE {
      mplsMplsPacketClassifierName        DisplayString,
      mplsMplsPacketClassifierDescr       DisplayString,
      mplsMplsPacketClassifierApplied     TruthValue,
      mplsMplsPacketClassifierRowStatus   RowStatus
   }

mplsMplsPacketClassifierName    OBJECT-TYPE
   SYNTAX              DisplayString



Nadeau, et al.            Expires November 2000            [Page 11]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "Unique name for the this packet classifier."
   ::=  {  mplsMplsPacketClassifierEntry  1  }

mplsMplsPacketClassifierDescr   OBJECT-TYPE
   SYNTAX              DisplayString
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "String describing this packet classifier."
   ::=  {  mplsMplsPacketClassifierEntry  2  }

mplsMplsPacketClassifierApplied OBJECT-TYPE
   SYNTAX              TruthValue
   MAX-ACCESS          read-only
   STATUS              current
   DESCRIPTION
       "Indicates whether this packet classifier has been
        applied on any interface or not. If so, its contents
        are no longer editable."
   ::=  {  mplsMplsPacketClassifierEntry  3  }

mplsMplsPacketClassifierRowStatus OBJECT-TYPE
   SYNTAX              RowStatus
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "For controlling the creation and deletion of this
        row."
   ::=  {  mplsMplsPacketClassifierEntry  4  }



Nadeau, et al.            Expires November 2000            [Page 12]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000




-- End of mplsMplsPacketClassifierTable


-- Packet classifier rule table.

mplsMplsPacketClassifierRuleTable OBJECT-TYPE
   SYNTAX              SEQUENCE OF MplsMplsPacketClassifierRuleEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "This table contains the packet classification rules
        for each packet classifier defined in
        mplsMplsPacketClassifierTable."
   ::=  { mplsMplsPacketClassifierObjects  2 }

mplsMplsPacketClassifierRuleEntry OBJECT-TYPE
   SYNTAX              MplsMplsPacketClassifierRuleEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "Each entry represents one packet classification
        rule. It is indexed by the
        mplsMplsPacketClassifierName"
   INDEX  {  mplsMplsPacketClassifierName,
mplsMplsPacketClassifierRuleIndex  }
   ::=  { mplsMplsPacketClassifierRuleTable 1 }

   MplsMplsPacketClassifierRuleEntry  ::=  SEQUENCE {
      mplsMplsPacketClassifierRuleIndex           Integer32,
      mplsMplsPacketClassifierRuleDescr           DisplayString,
      mplsMplsPacketClassifierRuleMask            BITS,



Nadeau, et al.            Expires November 2000            [Page 13]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



      mplsMplsPacketClassifierRuleSourceAddrMin   IpAddress,
      mplsMplsPacketClassifierRuleSourceAddrMax   IpAddress,
      mplsMplsPacketClassifierRuleDestAddrMin     IpAddress,
      mplsMplsPacketClassifierRuleDestAddrMax     IpAddress,
      mplsMplsPacketClassifierRuleSourcePortMin   PortAddr,
      mplsMplsPacketClassifierRuleSourcePortMax   PortAddr,
      mplsMplsPacketClassifierRuleDestPortMin     PortAddr,
      mplsMplsPacketClassifierRuleDestPortMax     PortAddr,
      mplsMplsPacketClassifierRuleProtocol        INTEGER,
      mplsMplsPacketClassifierRuleActionIndex     Unsigned32,
      mplsMplsPacketClassifierRuleRowStatus       RowStatus
   }

mplsMplsPacketClassifierRuleIndex OBJECT-TYPE
   SYNTAX              Integer32
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Unique index for this rule for the particular packet
        classifier that it belongs to."
   ::= { mplsMplsPacketClassifierRuleEntry 1 }

mplsMplsPacketClassifierRuleDescr OBJECT-TYPE
   SYNTAX              DisplayString
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Text describing this rule."
   ::= { mplsMplsPacketClassifierRuleEntry 2 }

mplsMplsPacketClassifierRuleMask OBJECT-TYPE
   SYNTAX              BITS {



Nadeau, et al.            Expires November 2000            [Page 14]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



                     sourceAddr(0),
                     destAddr(1),
                     sourcePort(2),
                     destPort(3),
                     protocol(4)
                   }
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "This bit map indicates which of the fields described
        next, namely source address range, destination
        address range, source port range, destination port
        range, and protocol is active for this rule. If a
        particular bit is inactive (set to zero) then the
        corresponding field in the packet is ignored for
        comparison purposes."
   ::= { mplsMplsPacketClassifierRuleEntry 3 }

mplsMplsPacketClassifierRuleSourceAddrMin OBJECT-TYPE
   SYNTAX              IpAddress
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Lower end of source address range."
   ::= { mplsMplsPacketClassifierRuleEntry 4 }

mplsMplsPacketClassifierRuleSourceAddrMax OBJECT-TYPE
   SYNTAX              IpAddress
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Higher end of source address range."



Nadeau, et al.            Expires November 2000            [Page 15]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   ::= { mplsMplsPacketClassifierRuleEntry 5 }

mplsMplsPacketClassifierRuleDestAddrMin OBJECT-TYPE
   SYNTAX              IpAddress
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       " Lower end of destination address range."
   ::= { mplsMplsPacketClassifierRuleEntry 6 }

mplsMplsPacketClassifierRuleDestAddrMax OBJECT-TYPE
   SYNTAX              IpAddress
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Higher end of destination address range."
   ::= { mplsMplsPacketClassifierRuleEntry 7 }

mplsMplsPacketClassifierRuleSourcePortMin OBJECT-TYPE
   SYNTAX            PortAddr
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Lower end of source port range."
   ::= { mplsMplsPacketClassifierRuleEntry 8 }

mplsMplsPacketClassifierRuleSourcePortMax OBJECT-TYPE
   SYNTAX            PortAddr
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Higher end of source port range."



Nadeau, et al.            Expires November 2000            [Page 16]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   ::= { mplsMplsPacketClassifierRuleEntry 9 }

mplsMplsPacketClassifierRuleDestPortMin OBJECT-TYPE
   SYNTAX            PortAddr
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Lower end of the destination port range."
   ::= { mplsMplsPacketClassifierRuleEntry 10 }

mplsMplsPacketClassifierRuleDestPortMax OBJECT-TYPE
   SYNTAX            PortAddr
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Higher end of the destination port range."
   ::= { mplsMplsPacketClassifierRuleEntry 11 }

mplsMplsPacketClassifierRuleProtocol OBJECT-TYPE
   SYNTAX            INTEGER (0..65535)
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Protocol."
   ::= { mplsMplsPacketClassifierRuleEntry 12 }

mplsMplsPacketClassifierRuleActionIndex OBJECT-TYPE
   SYNTAX            Unsigned32
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "Index into mplsMplsPacketClassifierActionTable to



Nadeau, et al.            Expires November 2000            [Page 17]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



        determine the action to be taken on matching
        packets."
   ::= { mplsMplsPacketClassifierRuleEntry 13 }

mplsMplsPacketClassifierRuleRowStatus OBJECT-TYPE
   SYNTAX            RowStatus
   MAX-ACCESS        read-create
   STATUS            current
   DESCRIPTION
       "For creation and deletion of this row."
   ::= { mplsMplsPacketClassifierRuleEntry 14 }


-- Packet classifier action table.

mplsMplsPacketClassifierActionTable OBJECT-TYPE
   SYNTAX              SEQUENCE  OF
MplsMplsPacketClassifierActionEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "This table contains information on actions to be
        taken on packets matching packet classifier rules.
        Entries in this table are referred to from
        mplsMplsPacketClassifierRuleTable."
   ::=  { mplsMplsPacketClassifierObjects  3 }

mplsMplsPacketClassifierActionEntry OBJECT-TYPE
   SYNTAX              MplsPacketClassifierActionEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION



Nadeau, et al.            Expires November 2000            [Page 18]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



       "Each entry represents an action to be taken on a
        matching packet."
   INDEX  { mplsMplsPacketClassifierActionIndex }
   ::=  { mplsMplsPacketClassifierActionTable 1 }

MplsMplsPacketClassifierActionEntry  ::=  SEQUENCE {
      mplsMplsPacketClassifierActionIndex         Unsigned32,
      mplsMplsPacketClassifierActionMask          BITS,
      mplsMplsPacketClassifierActionIfIndex       InterfaceIndex,
      mplsMplsPacketClassifierActionNextHopIpAddr IpAddress,
      mplsMplsXcIndex                             Integer32,
      -- ...
      mplsMplsPacketClassifierActionRowStatus     RowStatus
   }
   
mplsMplsPacketClassifierActionIndex OBJECT-TYPE
   SYNTAX        Unsigned32
   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "Index for this row. Identifies an action."
   ::= { mplsMplsPacketClassifierActionEntry 1 }

mplsMplsPacketClassifierActionMask OBJECT-TYPE
   SYNTAX          BITS {
                  drop(0),
                  pass(1),
                  redirect(2),
                  redirectLsp(3),
                  settos(4),
                  assignTSpec(5)
                }



Nadeau, et al.            Expires November 2000            [Page 19]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "This bit map indicated the type of action to be
        performed on matching packets. Note that such a bit
        map allows multiple actions to be specified for
        example to pass the packet through and set its TOS
        field to a particular value. Some combination are
        disallowed, for example drop(0) and pass(1)."
::= { mplsMplsPacketClassifierActionEntry 2 }

mplsMplsPacketClassifierActionIfIndex OBJECT-TYPE
   SYNTAX        InterfaceIndex
   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "Interface to redirect matching packet to if
        mplsMplsPacketClassifierActionMask is redirect(3)."
   ::= { mplsMplsPacketClassifierActionEntry 3 }

mplsMplsPacketClassifierActionNextHopIpAddr OBJECT-TYPE
   SYNTAX        IpAddress
   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "IPv4 address of the next hop in case
        mplsMplsPacketClassifierActionMask is redirect(3)."
   ::= { mplsMplsPacketClassifierActionEntry 4 }


mplsMplsXcIndex OBJECT-TYPE
   SYNTAX        Integer32



Nadeau, et al.            Expires November 2000            [Page 20]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "This value points at the segment's cross-connect
        entry as defined in the LSR MIB. This object is used
        when the mplsMplsPacketClassifierActionMask is set
        to redirectLsp."
    REFERENCE
      "Srinivasan, C., Viswanathan, A., and T. Nadeau, MPLS
      Label Switch Router Management Information Base Using
      SMIv2, Internet Draft , March 2000."
::= { mplsMplsPacketClassifierActionEntry 6 }

mplsMplsPacketClassifierActionRowStatus OBJECT-TYPE
   SYNTAX        IpAddress
   MAX-ACCESS    read-create
   STATUS        current
   DESCRIPTION
       "For creation and deletion of this row."
   ::= { mplsMplsPacketClassifierActionEntry 6 }

-- End of mplsMplsPacketClassifierActionTable.


-- Packet classifier applied table.

mplsMplsPacketClassifierAppliedTable OBJECT-TYPE
   SYNTAX              SEQUENCE  OF
MplsMplsPacketClassifierAppliedEntry
   MAX-ACCESS          not-accessible
   STATUS              current



Nadeau, et al.            Expires November 2000            [Page 21]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   DESCRIPTION
       "This table contains information on packet classifier
        application on different interfaces."
   ::=  { mplsMplsPacketClassifierObjects  4 }

mplsMplsPacketClassifierAppliedEntry OBJECT-TYPE
   SYNTAX              MplsMplsPacketClassifierAppliedEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "Each entry indicates the application of a particular
        packet classifier on an interface. The order of
        application of packet classifiers on an interface is
        the order in which they will be compared against
        incoming packets for a match. Each entry of this
        table is indexed by the interface index that the
        classifier is applied to, with the value 0
        representing all interfaces, the name of the
        previous packet classifier applied on the interface
        and the name of the current packet classifier. This
        linked-list structure allows classifiers to be
        inserted at arbitrary positions in the list."
   INDEX  { mplsMplsPacketClassifierAppliedIfIndex,
          mplsMplsPacketClassifierAppliedPrevName,
          mplsMplsPacketClassifierAppliedCurrName  }
   ::=  { mplsMplsPacketClassifierAppliedTable 1 }

MplsPacketClassifierAppliedEntry  ::=  SEQUENCE {
      mplsPacketClassifierAppliedIfIndex      InterfaceIndexOrZero,
      mplsPacketClassifierAppliedPrevName     DisplayString,
      mplsPacketClassifierAppliedCurrName     DisplayString,
      mplsPacketClassifierAppliedRowStatus    RowStatus



Nadeau, et al.            Expires November 2000            [Page 22]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   }

mplsPacketClassifierAppliedIfIndex OBJECT-TYPE
   SYNTAX          InterfaceIndexOrZero
   MAX-ACCESS      read-create
   STATUS          current
   DESCRIPTION
       "Interface index that this classifier is being
        applied to. Zero represents all interfaces."
   ::= { mplsPacketClassifierAppliedEntry 1 }
   
mplsPacketClassifierAppliedPrevName OBJECT-TYPE
   SYNTAX              DisplayString
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Name of the previous classifier that was applied to
        this interface. An empty string indicates that this
        is the first classifier in the list."
   ::=  {  mplsPacketClassifierAppliedEntry  2  }

mplsPacketClassifierAppliedCurrName OBJECT-TYPE
   SYNTAX              DisplayString
   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "Name of the current classifier that is being applied
        to this interface."
   ::=  {  mplsPacketClassifierAppliedEntry  3  }

mplsPacketClassifierAppliedRowStatus OBJECT-TYPE
   SYNTAX              RowStatus



Nadeau, et al.            Expires November 2000            [Page 23]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   MAX-ACCESS          read-create
   STATUS              current
   DESCRIPTION
       "For controlling the creation and deletion of this
        row."
   ::=  {  mplsPacketClassifierAppliedEntry  4  }

-- End of packetClassifierAppliedTable


-- Packet classifier rule performance table

mplsPacketClassifierRulePerfTable OBJECT-TYPE
   SYNTAX              SEQUENCE  OF
MplsPacketClassifierRulePerfEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "This table contains performance statistics on packet
        classifier rules defined in
        mplsPacketClassifierRuleTable that are currently
        active on some interface."
   ::=  { mplsPacketClassifierObjects  5 }

mplsPacketClassifierRulePerfEntry OBJECT-TYPE
   SYNTAX              MplsPacketClassifierRulePerfEntry
   MAX-ACCESS          not-accessible
   STATUS              current
   DESCRIPTION
       "Each entry represents statistics corresponding to a
        rule defined in mplsPacketClassifierRuleTable that
        has been applied to an interface."



Nadeau, et al.            Expires November 2000            [Page 24]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   INDEX  { mplsPacketClassifierAppliedIfIndex,
mplsPacketClassifierName,
                mplsPacketClassifierRuleIndex }
   ::=  { mplsPacketClassifierRulePerfTable 1 }

MplsPacketClassifierRulePerfEntry  ::=  SEQUENCE {
      mplsPacketClassifierRuleMatchedPackets  Counter32,
      mplsPacketClassifierRuleMatchedOctets  Counter32
   }

mplsPacketClassifierRuleMatchedPackets OBJECT-TYPE
   SYNTAX              Counter32
   MAX-ACCESS          read-only
   STATUS              current
   DESCRIPTION
       "Number of packets that matched this rule."
   ::=  {  mplsPacketClassifierRulePerfEntry  1  }

mplsPacketClassifierRuleMatchedOctets OBJECT-TYPE
   SYNTAX              Counter32
   MAX-ACCESS          read-only
   STATUS              current
   DESCRIPTION
       "Number of octets that matched this rule."
   ::=  {  mplsPacketClassifierRulePerfEntry  2  }

-- End of mplsPacketClassifierRulePerfTable


-- End of PACKET-CLASSIFIER-MIB
END




Nadeau, et al.            Expires November 2000            [Page 25]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000




8. Security Considerations
   
   It  is clear that this MIB is potentially useful for monitoring of
   MPLS  LSRs. This MIB can also be used for configuration of certain
   objects,  and  anything that can be configured can be  incorrectly
   configured, with potentially disastrous results.
   
   At  this  writing,  no security holes have been identified  beyond
   those that SNMP Security [SNMPArch] is itself intended to address.
   These   relate   to  primarily  controlled  access  to   sensitive
   information and the ability to configure a device - or which might
   result  from  operator error, which is beyond  the  scope  of  any
   security architecture.
   
   There are a number of management objects defined in this MIB which
   have  a  MAX-ACCESS clause of read-write and/or read-create.  Such
   objects  may be considered sensitive or vulnerable in some network
   environments.   The  support for SET operations  in  a  non-secure
   environment  without proper protection can have a negative  effect
   on  network  operations. The use of SNMP Version 3 is  recommended
   over  prior  versions, for configuration control, as its  security
   model is improved.
   
   SNMPv1 or SNMPv2 are by themselves not a secure environment.  Even
   if  the  network  itself  is secure (for example  by  using  IPSec
   [IPSEC]),  there is no control as to who on the secure network  is
   allowed  to  access  and  GET/SET (read/change/create/delete)  the
   objects  in  this  MIB.  It is recommended that  the  implementers
   consider   the  security  features  as  provided  by  the   SNMPv3
   framework. Specifically, the use of the User-based Security  Model
   [SNMPv3USM]  and  the  View-based Access Control  [SNMPv3VACM]  is



Nadeau, et al.            Expires November 2000            [Page 26]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   recommended. It is then a customer/user responsibility  to  ensure
   that  the SNMP entity giving access to an instance of this MIB  is
   properly  configured to give access to the objects only  to  those
   principals  (users) that have legitimate rights to indeed  GET  or
   SET (change/create/delete) them.
   
   There are a number of managed objects in this MIB that may contain
   information that may be sensitive from a business perspective, in
   that they represent a customer's interface to the MPLS network.
   Allowing uncontrolled access to these objects could result in
   malicious and unwanted disruptions of network traffic or incorrect
   configurations for these customers. There are no objects that are
   particularly sensitive in their own right, such as passwords or
   monetary amounts.


9. Acknowledgments
   
   We would like to acknowledge Yin Bao and Bernhard Suter for their
   comments on this draft.


10.   References
   
   [MPLSArch]    Rosen, E., Viswanathan, A., and R. Callon,
                 "Multiprotocol Label Switching Architecture",
                 Internet Draft <draft-ietf-mpls-arch-03.txt>,
                 February 1999.
   
   [MPLSFW]      Callon, R., Doolan, P., Feldman, N., Fredette, A.,
                 Swallow, G., and A. Viswanathan, "A Framework for
                 Multiprotocol Label Switching", Internet Draft



Nadeau, et al.            Expires November 2000            [Page 27]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



                 <draft-ietf-mpls-framework-02.txt>, November 1997.
   
   [LSRMIB]      Srinivasan, C., Viswanathan, A. and T. Nadeau,
                 "MPLS Label Switch Router Management Information
                 Base Using SMIv2", Internet Draft , November 2000.
   
   [TEMIB]       Srinivasan, C., Viswanathan, A. and Nadeau, T.,
                 "MPLS Traffic Engineering Management Information
                 Base Using SMIv2", Internet Draft , November 2000.
   
   [LDPMIB]      Cucchiara, J., Sjostrand, H., and J. Luciani, "
                 Definitions of Managed Objects for the
                 Multiprotocol Label Switching, Label Distribution
                 Protocol (LDP)", Internet Draft , August 1998.
   
   [LblStk]      Rosen, E., Rekhter, Y., Tappan, D., Farinacci, D.,
                 Federokow, G., Li, T., and A. Conta, "MPLS Label
                 Stack Encoding", Internet Draft , September 1998.
   
   [RSVPTun]     Awaduche, D., Berger, L., Der-Haw, G., Li, T.,
                 Swallow, G., and V. Srinivasan, "Extensions to RSVP
                 for LSP Tunnels", Internet Draft , November 1998.
   
   [CRLDP]       Andersson, L., Fredette, A., Jamoussi, B., Callon,
                 R., Doolan, P., Feldman, N., Gray, E., Halpern, J.,
                 Heinenan, J., Kilty, T., Malis, A., Girish, M.,
                 Sundell, K., Vaananen, P., T. Worster, Wu, L., and



Nadeau, et al.            Expires November 2000            [Page 28]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



                 Dantu, R., "Explicit Routing Over LDP
                 Specification", Internet Draft , November 1998.
   
   [Assigned]    Reynolds, J., and J. Postel, "Assigned Numbers",
                 RFC 1700, October 1994.
   
   [SNMPArch]    Harrington, D., Presuhn, R., and B. Wijnen, "An
                 Architecture for Describing SNMP Management
                 Frameworks", RFC 2271, January 1998.
   
   [SMIv1]       Rose, M., and K. McCloghrie, "Structure and
                 Identification of Management Information for TCP/IP-
                 based Internets", RFC 1155, May 1990.
   
   [SNMPv1MIBDef]Rose, M., and K. McCloghrie, "Concise MIB
                 Definitions", RFC 1212, March 1991.
   
   [SNMPv1Traps] M. Rose, "A Convention for Defining Traps for use
                 with the SNMP", RFC 1215, March 1991.
   
   [SMIv2]       Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Structure of Management Information
                 for Version 2 of the Simple Network Management
                 Protocol (SNMPv2)", RFC 1902, January 1996.
   
   [SNMPv2TC]    Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Textual Conventions for Version 2 of
                 the Simple Network Management Protocol (SNMPv2)",
                 RFC 1903, SNMP Research, Inc., Cisco Systems, Inc.,
                 January 1996.
   



Nadeau, et al.            Expires November 2000            [Page 29]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   [SNMPv2Conf]  Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Conformance Statements for Version 2
                 of the Simple Network Management Protocol
                 (SNMPv2)", RFC 1904, January 1996.
   
   [SNMPv1]      Case, J., Fedor, M., Schoffstall, M., and J. Davin,
                 "Simple Network Management Protocol", RFC 1157, May
                 1990.
   
   [SNMPv2c]     Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Introduction to Community-based
                 SNMPv2", RFC 1901, January 1996.
   
   [SNMPv2TM]    Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Transport Mappings for Version 2 of
                 the Simple Network Management Protocol (SNMPv2)",
                 RFC 1906, January 1996.
   
   [SNMPv3MP]    Case, J., Harrington D., Presuhn R., and B. Wijnen,
                 "Message Processing and Dispatching for the Simple
                 Network Management Protocol (SNMP)", RFC 2272,
                 January 1998.
   
   [SNMPv3USM]   Blumenthal, U., and B. Wijnen, "User-based Security
                 Model (USM) for version 3 of the Simple Network
                 Management Protocol (SNMPv3)", RFC 2274, January
                 1998.
   
   [SNMPv2PO]    Case, J., McCloghrie, K., Rose, M., and S.
                 Waldbusser, "Protocol Operations for Version 2 of
                 the Simple Network Management Protocol (SNMPv2)",
                 RFC 1905, January 1996.



Nadeau, et al.            Expires November 2000            [Page 30]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000



   
   [SNMPv3App]   Levi, D., Meyer, P., and B. Stewart, "SNMPv3
                 Applications", RFC 2273, January 1998
   
   [SNMPv3VACM]  Wijnen, B., Presuhn, R., and K. McCloghrie, "View-
                 based Access Control Model (VACM) for the Simple
                 Network Management Protocol (SNMP)", RFC 2275,
                 January 1998


11.   Authors' Addresses

  Thomas D. Nadeau
  Cisco Systems, Inc.
  300 Apollo Drive
  Chelmsford, MA 01824
  Phone: +1-978-244-3051
   Email: tnadeau@cisco.com

  Cheenu Srinivasan
  Tachion Networks, Inc.
  2 Meridian Road
  Eatontown, NJ 07724
  Phone: +1-732-542-7750 x234
  Email: cheenu@tachion.com

  Arun Viswanathan
  Force10 Networks, Inc.
  1440 McCarthy Blvd
  Milpitas, CA 95035
  Phone: +1-408-571-3516
  Email: arun@force10networks.com



Nadeau, et al.            Expires November 2000            [Page 31]

Internet Draft        MPLS Packet Classifier MIB        08 May 2000





12.   Full Copyright Statement
   
   Copyright (C) The Internet Society (2000). All Rights Reserved.
   
   This document and translations of it may be copied and furnished
   to others, and derivative works that comment on or otherwise
   explain it or assist in its implementation may be prepared,
   copied, published and distributed, in whole or in part, without
   restriction of any kind, provided that the above copyright notice
   and this paragraph are included on all such copies and derivative
   works.  However, this document itself may not be modified in any
   way, such as by removing the copyright notice or references to the
   Internet Society or other Internet organizations, except as needed
   for the purpose of developing Internet standards in which case the
   procedures for copyrights defined in the Internet Standards
   process must be followed, or as required to translate it into
   languages other than English.
   
   The limited permissions granted above are perpetual and will not
   be revoked by the Internet Society or its successors or assigns.
   This document and the information contained herein is provided on
   an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
   OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
   IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
   PURPOSE.






Nadeau, et al.            Expires November 2000            [Page 32]