Internet Draft
Internet Draft MPLS Packet Classifier MIB 08 May 2000
Network Working Group Thomas D. Nadeau
Internet Draft Cisco Systems, Inc.
Expires: November 2000
Cheenu Srinivasan
Tachion Networks, Inc.
Arun Viswanathan
Force10 Networks, Inc.
Multiprotocol Label Switching Packet Classification Management
Information Base Using SMIv2
draft-nadeau-mpls-packet-classifier-mib-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Nadeau, et al. Expires November 2000 [Page 1]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
Drafts as reference material or to cite them other than as "work
in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This memo defines an experimental portion of the Management
Information Base (MIB) for use with network management protocols
in the Internet community. In particular, it describes managed
objects for specifying packet classification rules and
corresponding actions for use with Multiprotocol Label Switching
(MPLS).
1. Introduction
This memo defines an experimental portion of the Management
Information Base (MIB) for use with network management protocols
in the Internet community. In particular, it describes managed
objects for specifying packet classification rules and
corresponding actions for Multiprotocol Label Switching.
This memo does not, in its draft form, specify a standard for the
Internet community.
Nadeau, et al. Expires November 2000 [Page 2]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
2. Terminology
Define terminology here.
3. The SNMP Management Framework
The SNMP Management Framework presently consists of five major
components:
- An overall architecture, described in RFC 2271 [SNMPArch].
- Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in
RFC 1155 [SMIv1], RFC 1212 [SNMPv1MIBDef] and RFC 1215
[SNMPv1Traps]. The second version, called SMIv2, is described
in RFC 1902 [SMIv2], RFC 1903 [SNMPv2TC] and RFC 1904
[SNMPv2Conf].
- Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1
and described in RFC 1157 [SNMPv1]. A second version of the
SNMP message protocol, which is not an Internet standards
track protocol, is called SNMPv2c and described in RFC 1901
[SNMPv2c] and RFC 1906 [SNMPv2TM]. The third version of the
message protocol is called SNMPv3 and described in RFC 1906
[SNMPv2TM], RFC 2272 [SNMPv3MP] and RFC 2274 [SNMPv3USM].
- Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in RFC 1157 [SNMPv1]. A second set of protocol
Nadeau, et al. Expires November 2000 [Page 3]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
operations and associated PDU formats is described in RFC 1905
[SNMPv2PO].
- A set of fundamental applications described in RFC 2273
[SNMPv3App] and the view-based access control mechanism
described in RFC 2275 [SNMPv3VACM]. Managed objects are
accessed via a virtual information store, termed the
Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI. This memo
specifies a MIB module that is compliant to the SMIv2. A MIB
conforming to the SMIv1 can be produced through the
appropriate translations. The resulting translated MIB must
be semantically equivalent, except where objects or events are
omitted because no translation is possible (use of Counter64).
Some machine readable information in SMIv2 will be converted
into textual descriptions in SMIv1 during the translation
process. However, this loss of machine readable information
is not considered to change the semantics of the MIB.
3.1. Object Definitions
Managed objects are accessed via a virtual information store,
termed the Management Information Base or MIB. Objects in the MIB
are defined using the subset of Abstract Syntax Notation One
(ASN.1) defined in the SMI. In particular, each object type is
named by an OBJECT IDENTIFIER, an administratively assigned name.
The object type together with an object instance serves to
uniquely identify a specific instantiation of the object. For
human convenience, we often use a textual string, termed the
descriptor, to also refer to the object type.
Nadeau, et al. Expires November 2000 [Page 4]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
4. Motivation
The primary motivation for this proposal arose from requirements
in the MPLS area. In MPLS, packets belonging to a forwarding
equivalency class (FEC) are mapped to an LSP (ER-LSP) via the FEC-
To-NHLFE (FTN) table [MPLS-Arch]. This mapping of packets to LSP
is made at the ingress LSR of an LSP. Conceptually, some of the
FTN table functionality could be implemented using the Forwarding
Information Base (FIB) to map all packets destined to a prefix to
an LSP. However, this mapping is coarse in nature. Likewise, an
LSR could use its classifier rules to redirect packets into LSPs.
With the classifier-based mapping it is possible to specify FECs
finer in granularity and based on a richer set of criteria than is
possible via the FIB mapping. In essence, the FTN table is a
combination of the FIB and classifier rules.
The packet classification functionality is already being used in
other contexts, such as security filters, access filters, and for
RSVP flow identification. All of these require various
combinations of matching rules based on IP header and upper-layer
header information to identify packets for a particular treatment.
When packets match a particular rule, a corresponding action is
executed against those packets. For example, two popular actions
to take when a rule is matched are allowing the packet to be
forwarded or to discard it. However, other actions are possible,
such as modifying the TOS byte, or redirecting a packet to a
particular outgoing interface.
This proposal is an attempt to consolidate the various matching
requirements and associated action options into a single
specification which is useful for in the context of MPLS. Although
Nadeau, et al. Expires November 2000 [Page 5]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
these various requirements and actions may exist in currently
implementations, they may exist in separate tables (as they do in
many implementations today) such that it satisfies existing usage
and requirements as well as new ones such as those required by
MPLS and Diff-Serv.
5. Outline
This MIB consists of two primary tables. The
mplsMplsPacketClassifierRuleTable defines the rule base against
which incoming packets are matched. The
mplsMplsPacketClassifierActionTable defines the corresponding
action(s) to be taken when a rule is matched. The MIB also
contains other supporting tables. The
mplsMplsPacketClassifierTable provides the capability to group
rules into sets, where each such set of rules is referred to as a
"packet classifier". The mplsMplsPacketClassifierAppliedTable is
used to apply these rule sets to one or more interfaces. Finally,
the mplsMplsPacketClassifierRulePerfTable provides performance
counters for every rule in the database.
5.1. mplsMplsPacketClassifierTable
A packet classifier is an atomic collection of rules applied in a
particular order to incoming packets. This table provides a layer
of abstraction through which rules can be grouped into sets. It
also contains an object to indicate if a packet classifier is
active in on a particular interface.
Nadeau, et al. Expires November 2000 [Page 6]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
5.2. mplsMplsPacketClassifierRuleTable
This table provides the capability to define the rules of a given
packet classifier. It provides a standard 5-tuple matching. It
allows address and port ranges to be specified. Each rule entry
has an action index which points to an entry in
mplsMplsPacketClassifierActionTable to specify an action when that
rule is matched.
5.3. mplsMplsPacketClassifierActionTable
This table defines actions that may be used when a rule is
matched. Actions currently defined are drop, pass, and redirect.
More actions may be defined in future.
5.4. mplsMplsPacketClassifierAppliedTable
A packet classifier can be applied to one or more interfaces using
this table. Packet classifiers are compared with incoming packets
in the order in which they are applied on an interface. For this
reason, the table provides a mechanism to 'insert' a packet
classifier between two existing packet classifiers already applied
on an interface.
5.5. mplsMplsPacketClassifierRulePerfTable
This table provides performance counters per rule and per
interface that it is applied to. Currently, the table has
counters for packets and octets that have matched a rule. More
Nadeau, et al. Expires November 2000 [Page 7]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
counters may be added later.
6. Example
Describe an example.
7. Packet Classifier MIB Definitions
PACKET-CLASSIFIER-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
Integer32, Unsigned32, Counter32, IpAddress, experimental
FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
TEXTUAL-CONVENTION, TruthValue, RowStatus
FROM SNMPv2-TC
InterfaceIndex, InterfaceIndexOrZero
FROM IF-MIB;
mplsMplsPacketClassifierMIB MODULE-IDENTITY
LAST-UPDATED "200005082030Z" -- 08 May 2000 20:30:00 EST
ORGANIZATION " Multiprotocol Label Switching (MPLS) Working
Group"
CONTACT-INFO
" Thomas D. Nadeau
Postal: Cisco Systems, Inc.
250 Apollo Drive
Chelmsford, MA 01824
Tel: +1-978-244-3051
Email: tnadeau@cisco.com"
Nadeau, et al. Expires November 2000 [Page 8]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
Cheenu Srinivasan
Postal: Tachion Networks, Inc.
2 Meridian Road
Eatontown, NJ 0772
Tel: +1 732 542 7750 x234
Email: cheenu@tachion.com
Arun Viswanathan
Postal: Force10 Networks
1440 McCarthy Blvd
Milpitas, CA 95035
Tel: +1-408-571-3516
Email: arun@force10networks.com"
DESCRIPTION
"This MIB module contains managed object definitions for
specifying packet classification for MPLS."
-- Revision history.
REVISION
"200005082030Z" -- 08 May 2000 20:30:00 EST
DESCRIPTION
"Initial draft version."
::= { experimental oid } -- to be assigned
-- Textual Conventions.
Nadeau, et al. Expires November 2000 [Page 9]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
PortAddr ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A TCP or UDP port number. Along with an IP address
identifies a stream of IP traffic uniquely."
SYNTAX INTEGER (0..65535)
Ipv6Address ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"IPv6 address."
SYNTAX OCTET STRING (SIZE(16))
-- Top level components of the MIB.
-- tables, scalars
mplsMplsPacketClassifierObjects OBJECT IDENTIFIER
::= { mplsMplsPacketClassifierMIB 1 }
-- traps
mplsMplsPacketClassifierNotifications OBJECT IDENTIFIER
::= { mplsMplsPacketClassifierMIB 2 }
-- conformance
mplsMplsPacketClassifierConformance OBJECT IDENTIFIER
::= { mplsMplsPacketClassifierMIB 3 }
-- Packet classifier table.
Nadeau, et al. Expires November 2000 [Page 10]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
mplsMplsPacketClassifierTable OBJECT-TYPE
SYNTAX SEQUENCE OF MplsMplsPacketClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the currently defined packet
classifiers."
::= { mplsMplsPacketClassifierMIBObjects 1 }
mplsMplsPacketClassifierEntry OBJECT-TYPE
SYNTAX MplsMplsPacketClassifierEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents one packet classifier which in
turn consists of a set of rules. A unique name
object indexes each packet classifier. The rules
corresponding to a packet classifier are defined in
mplsMplsPacketClassifierRuleTable."
INDEX { mplsMplsPacketClassifierName }
::= { mplsMplsPacketClassifierTable 1 }
MplsMplsPacketClassifierEntry ::= SEQUENCE {
mplsMplsPacketClassifierName DisplayString,
mplsMplsPacketClassifierDescr DisplayString,
mplsMplsPacketClassifierApplied TruthValue,
mplsMplsPacketClassifierRowStatus RowStatus
}
mplsMplsPacketClassifierName OBJECT-TYPE
SYNTAX DisplayString
Nadeau, et al. Expires November 2000 [Page 11]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Unique name for the this packet classifier."
::= { mplsMplsPacketClassifierEntry 1 }
mplsMplsPacketClassifierDescr OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"String describing this packet classifier."
::= { mplsMplsPacketClassifierEntry 2 }
mplsMplsPacketClassifierApplied OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether this packet classifier has been
applied on any interface or not. If so, its contents
are no longer editable."
::= { mplsMplsPacketClassifierEntry 3 }
mplsMplsPacketClassifierRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"For controlling the creation and deletion of this
row."
::= { mplsMplsPacketClassifierEntry 4 }
Nadeau, et al. Expires November 2000 [Page 12]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
-- End of mplsMplsPacketClassifierTable
-- Packet classifier rule table.
mplsMplsPacketClassifierRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF MplsMplsPacketClassifierRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the packet classification rules
for each packet classifier defined in
mplsMplsPacketClassifierTable."
::= { mplsMplsPacketClassifierObjects 2 }
mplsMplsPacketClassifierRuleEntry OBJECT-TYPE
SYNTAX MplsMplsPacketClassifierRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents one packet classification
rule. It is indexed by the
mplsMplsPacketClassifierName"
INDEX { mplsMplsPacketClassifierName,
mplsMplsPacketClassifierRuleIndex }
::= { mplsMplsPacketClassifierRuleTable 1 }
MplsMplsPacketClassifierRuleEntry ::= SEQUENCE {
mplsMplsPacketClassifierRuleIndex Integer32,
mplsMplsPacketClassifierRuleDescr DisplayString,
mplsMplsPacketClassifierRuleMask BITS,
Nadeau, et al. Expires November 2000 [Page 13]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
mplsMplsPacketClassifierRuleSourceAddrMin IpAddress,
mplsMplsPacketClassifierRuleSourceAddrMax IpAddress,
mplsMplsPacketClassifierRuleDestAddrMin IpAddress,
mplsMplsPacketClassifierRuleDestAddrMax IpAddress,
mplsMplsPacketClassifierRuleSourcePortMin PortAddr,
mplsMplsPacketClassifierRuleSourcePortMax PortAddr,
mplsMplsPacketClassifierRuleDestPortMin PortAddr,
mplsMplsPacketClassifierRuleDestPortMax PortAddr,
mplsMplsPacketClassifierRuleProtocol INTEGER,
mplsMplsPacketClassifierRuleActionIndex Unsigned32,
mplsMplsPacketClassifierRuleRowStatus RowStatus
}
mplsMplsPacketClassifierRuleIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Unique index for this rule for the particular packet
classifier that it belongs to."
::= { mplsMplsPacketClassifierRuleEntry 1 }
mplsMplsPacketClassifierRuleDescr OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Text describing this rule."
::= { mplsMplsPacketClassifierRuleEntry 2 }
mplsMplsPacketClassifierRuleMask OBJECT-TYPE
SYNTAX BITS {
Nadeau, et al. Expires November 2000 [Page 14]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
sourceAddr(0),
destAddr(1),
sourcePort(2),
destPort(3),
protocol(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This bit map indicates which of the fields described
next, namely source address range, destination
address range, source port range, destination port
range, and protocol is active for this rule. If a
particular bit is inactive (set to zero) then the
corresponding field in the packet is ignored for
comparison purposes."
::= { mplsMplsPacketClassifierRuleEntry 3 }
mplsMplsPacketClassifierRuleSourceAddrMin OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Lower end of source address range."
::= { mplsMplsPacketClassifierRuleEntry 4 }
mplsMplsPacketClassifierRuleSourceAddrMax OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Higher end of source address range."
Nadeau, et al. Expires November 2000 [Page 15]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
::= { mplsMplsPacketClassifierRuleEntry 5 }
mplsMplsPacketClassifierRuleDestAddrMin OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" Lower end of destination address range."
::= { mplsMplsPacketClassifierRuleEntry 6 }
mplsMplsPacketClassifierRuleDestAddrMax OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Higher end of destination address range."
::= { mplsMplsPacketClassifierRuleEntry 7 }
mplsMplsPacketClassifierRuleSourcePortMin OBJECT-TYPE
SYNTAX PortAddr
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Lower end of source port range."
::= { mplsMplsPacketClassifierRuleEntry 8 }
mplsMplsPacketClassifierRuleSourcePortMax OBJECT-TYPE
SYNTAX PortAddr
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Higher end of source port range."
Nadeau, et al. Expires November 2000 [Page 16]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
::= { mplsMplsPacketClassifierRuleEntry 9 }
mplsMplsPacketClassifierRuleDestPortMin OBJECT-TYPE
SYNTAX PortAddr
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Lower end of the destination port range."
::= { mplsMplsPacketClassifierRuleEntry 10 }
mplsMplsPacketClassifierRuleDestPortMax OBJECT-TYPE
SYNTAX PortAddr
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Higher end of the destination port range."
::= { mplsMplsPacketClassifierRuleEntry 11 }
mplsMplsPacketClassifierRuleProtocol OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Protocol."
::= { mplsMplsPacketClassifierRuleEntry 12 }
mplsMplsPacketClassifierRuleActionIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Index into mplsMplsPacketClassifierActionTable to
Nadeau, et al. Expires November 2000 [Page 17]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
determine the action to be taken on matching
packets."
::= { mplsMplsPacketClassifierRuleEntry 13 }
mplsMplsPacketClassifierRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"For creation and deletion of this row."
::= { mplsMplsPacketClassifierRuleEntry 14 }
-- Packet classifier action table.
mplsMplsPacketClassifierActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF
MplsMplsPacketClassifierActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains information on actions to be
taken on packets matching packet classifier rules.
Entries in this table are referred to from
mplsMplsPacketClassifierRuleTable."
::= { mplsMplsPacketClassifierObjects 3 }
mplsMplsPacketClassifierActionEntry OBJECT-TYPE
SYNTAX MplsPacketClassifierActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Nadeau, et al. Expires November 2000 [Page 18]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
"Each entry represents an action to be taken on a
matching packet."
INDEX { mplsMplsPacketClassifierActionIndex }
::= { mplsMplsPacketClassifierActionTable 1 }
MplsMplsPacketClassifierActionEntry ::= SEQUENCE {
mplsMplsPacketClassifierActionIndex Unsigned32,
mplsMplsPacketClassifierActionMask BITS,
mplsMplsPacketClassifierActionIfIndex InterfaceIndex,
mplsMplsPacketClassifierActionNextHopIpAddr IpAddress,
mplsMplsXcIndex Integer32,
-- ...
mplsMplsPacketClassifierActionRowStatus RowStatus
}
mplsMplsPacketClassifierActionIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Index for this row. Identifies an action."
::= { mplsMplsPacketClassifierActionEntry 1 }
mplsMplsPacketClassifierActionMask OBJECT-TYPE
SYNTAX BITS {
drop(0),
pass(1),
redirect(2),
redirectLsp(3),
settos(4),
assignTSpec(5)
}
Nadeau, et al. Expires November 2000 [Page 19]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This bit map indicated the type of action to be
performed on matching packets. Note that such a bit
map allows multiple actions to be specified for
example to pass the packet through and set its TOS
field to a particular value. Some combination are
disallowed, for example drop(0) and pass(1)."
::= { mplsMplsPacketClassifierActionEntry 2 }
mplsMplsPacketClassifierActionIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Interface to redirect matching packet to if
mplsMplsPacketClassifierActionMask is redirect(3)."
::= { mplsMplsPacketClassifierActionEntry 3 }
mplsMplsPacketClassifierActionNextHopIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"IPv4 address of the next hop in case
mplsMplsPacketClassifierActionMask is redirect(3)."
::= { mplsMplsPacketClassifierActionEntry 4 }
mplsMplsXcIndex OBJECT-TYPE
SYNTAX Integer32
Nadeau, et al. Expires November 2000 [Page 20]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This value points at the segment's cross-connect
entry as defined in the LSR MIB. This object is used
when the mplsMplsPacketClassifierActionMask is set
to redirectLsp."
REFERENCE
"Srinivasan, C., Viswanathan, A., and T. Nadeau, MPLS
Label Switch Router Management Information Base Using
SMIv2, Internet Draft , March 2000."
::= { mplsMplsPacketClassifierActionEntry 6 }
mplsMplsPacketClassifierActionRowStatus OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"For creation and deletion of this row."
::= { mplsMplsPacketClassifierActionEntry 6 }
-- End of mplsMplsPacketClassifierActionTable.
-- Packet classifier applied table.
mplsMplsPacketClassifierAppliedTable OBJECT-TYPE
SYNTAX SEQUENCE OF
MplsMplsPacketClassifierAppliedEntry
MAX-ACCESS not-accessible
STATUS current
Nadeau, et al. Expires November 2000 [Page 21]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
DESCRIPTION
"This table contains information on packet classifier
application on different interfaces."
::= { mplsMplsPacketClassifierObjects 4 }
mplsMplsPacketClassifierAppliedEntry OBJECT-TYPE
SYNTAX MplsMplsPacketClassifierAppliedEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry indicates the application of a particular
packet classifier on an interface. The order of
application of packet classifiers on an interface is
the order in which they will be compared against
incoming packets for a match. Each entry of this
table is indexed by the interface index that the
classifier is applied to, with the value 0
representing all interfaces, the name of the
previous packet classifier applied on the interface
and the name of the current packet classifier. This
linked-list structure allows classifiers to be
inserted at arbitrary positions in the list."
INDEX { mplsMplsPacketClassifierAppliedIfIndex,
mplsMplsPacketClassifierAppliedPrevName,
mplsMplsPacketClassifierAppliedCurrName }
::= { mplsMplsPacketClassifierAppliedTable 1 }
MplsPacketClassifierAppliedEntry ::= SEQUENCE {
mplsPacketClassifierAppliedIfIndex InterfaceIndexOrZero,
mplsPacketClassifierAppliedPrevName DisplayString,
mplsPacketClassifierAppliedCurrName DisplayString,
mplsPacketClassifierAppliedRowStatus RowStatus
Nadeau, et al. Expires November 2000 [Page 22]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
}
mplsPacketClassifierAppliedIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Interface index that this classifier is being
applied to. Zero represents all interfaces."
::= { mplsPacketClassifierAppliedEntry 1 }
mplsPacketClassifierAppliedPrevName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Name of the previous classifier that was applied to
this interface. An empty string indicates that this
is the first classifier in the list."
::= { mplsPacketClassifierAppliedEntry 2 }
mplsPacketClassifierAppliedCurrName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Name of the current classifier that is being applied
to this interface."
::= { mplsPacketClassifierAppliedEntry 3 }
mplsPacketClassifierAppliedRowStatus OBJECT-TYPE
SYNTAX RowStatus
Nadeau, et al. Expires November 2000 [Page 23]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"For controlling the creation and deletion of this
row."
::= { mplsPacketClassifierAppliedEntry 4 }
-- End of packetClassifierAppliedTable
-- Packet classifier rule performance table
mplsPacketClassifierRulePerfTable OBJECT-TYPE
SYNTAX SEQUENCE OF
MplsPacketClassifierRulePerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains performance statistics on packet
classifier rules defined in
mplsPacketClassifierRuleTable that are currently
active on some interface."
::= { mplsPacketClassifierObjects 5 }
mplsPacketClassifierRulePerfEntry OBJECT-TYPE
SYNTAX MplsPacketClassifierRulePerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents statistics corresponding to a
rule defined in mplsPacketClassifierRuleTable that
has been applied to an interface."
Nadeau, et al. Expires November 2000 [Page 24]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
INDEX { mplsPacketClassifierAppliedIfIndex,
mplsPacketClassifierName,
mplsPacketClassifierRuleIndex }
::= { mplsPacketClassifierRulePerfTable 1 }
MplsPacketClassifierRulePerfEntry ::= SEQUENCE {
mplsPacketClassifierRuleMatchedPackets Counter32,
mplsPacketClassifierRuleMatchedOctets Counter32
}
mplsPacketClassifierRuleMatchedPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets that matched this rule."
::= { mplsPacketClassifierRulePerfEntry 1 }
mplsPacketClassifierRuleMatchedOctets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of octets that matched this rule."
::= { mplsPacketClassifierRulePerfEntry 2 }
-- End of mplsPacketClassifierRulePerfTable
-- End of PACKET-CLASSIFIER-MIB
END
Nadeau, et al. Expires November 2000 [Page 25]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
8. Security Considerations
It is clear that this MIB is potentially useful for monitoring of
MPLS LSRs. This MIB can also be used for configuration of certain
objects, and anything that can be configured can be incorrectly
configured, with potentially disastrous results.
At this writing, no security holes have been identified beyond
those that SNMP Security [SNMPArch] is itself intended to address.
These relate to primarily controlled access to sensitive
information and the ability to configure a device - or which might
result from operator error, which is beyond the scope of any
security architecture.
There are a number of management objects defined in this MIB which
have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect
on network operations. The use of SNMP Version 3 is recommended
over prior versions, for configuration control, as its security
model is improved.
SNMPv1 or SNMPv2 are by themselves not a secure environment. Even
if the network itself is secure (for example by using IPSec
[IPSEC]), there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the
objects in this MIB. It is recommended that the implementers
consider the security features as provided by the SNMPv3
framework. Specifically, the use of the User-based Security Model
[SNMPv3USM] and the View-based Access Control [SNMPv3VACM] is
Nadeau, et al. Expires November 2000 [Page 26]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
recommended. It is then a customer/user responsibility to ensure
that the SNMP entity giving access to an instance of this MIB is
properly configured to give access to the objects only to those
principals (users) that have legitimate rights to indeed GET or
SET (change/create/delete) them.
There are a number of managed objects in this MIB that may contain
information that may be sensitive from a business perspective, in
that they represent a customer's interface to the MPLS network.
Allowing uncontrolled access to these objects could result in
malicious and unwanted disruptions of network traffic or incorrect
configurations for these customers. There are no objects that are
particularly sensitive in their own right, such as passwords or
monetary amounts.
9. Acknowledgments
We would like to acknowledge Yin Bao and Bernhard Suter for their
comments on this draft.
10. References
[MPLSArch] Rosen, E., Viswanathan, A., and R. Callon,
"Multiprotocol Label Switching Architecture",
Internet Draft <draft-ietf-mpls-arch-03.txt>,
February 1999.
[MPLSFW] Callon, R., Doolan, P., Feldman, N., Fredette, A.,
Swallow, G., and A. Viswanathan, "A Framework for
Multiprotocol Label Switching", Internet Draft
Nadeau, et al. Expires November 2000 [Page 27]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
<draft-ietf-mpls-framework-02.txt>, November 1997.
[LSRMIB] Srinivasan, C., Viswanathan, A. and T. Nadeau,
"MPLS Label Switch Router Management Information
Base Using SMIv2", Internet Draft , November 2000.
[TEMIB] Srinivasan, C., Viswanathan, A. and Nadeau, T.,
"MPLS Traffic Engineering Management Information
Base Using SMIv2", Internet Draft , November 2000.
[LDPMIB] Cucchiara, J., Sjostrand, H., and J. Luciani, "
Definitions of Managed Objects for the
Multiprotocol Label Switching, Label Distribution
Protocol (LDP)", Internet Draft , August 1998.
[LblStk] Rosen, E., Rekhter, Y., Tappan, D., Farinacci, D.,
Federokow, G., Li, T., and A. Conta, "MPLS Label
Stack Encoding", Internet Draft , September 1998.
[RSVPTun] Awaduche, D., Berger, L., Der-Haw, G., Li, T.,
Swallow, G., and V. Srinivasan, "Extensions to RSVP
for LSP Tunnels", Internet Draft , November 1998.
[CRLDP] Andersson, L., Fredette, A., Jamoussi, B., Callon,
R., Doolan, P., Feldman, N., Gray, E., Halpern, J.,
Heinenan, J., Kilty, T., Malis, A., Girish, M.,
Sundell, K., Vaananen, P., T. Worster, Wu, L., and
Nadeau, et al. Expires November 2000 [Page 28]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
Dantu, R., "Explicit Routing Over LDP
Specification", Internet Draft , November 1998.
[Assigned] Reynolds, J., and J. Postel, "Assigned Numbers",
RFC 1700, October 1994.
[SNMPArch] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing SNMP Management
Frameworks", RFC 2271, January 1998.
[SMIv1] Rose, M., and K. McCloghrie, "Structure and
Identification of Management Information for TCP/IP-
based Internets", RFC 1155, May 1990.
[SNMPv1MIBDef]Rose, M., and K. McCloghrie, "Concise MIB
Definitions", RFC 1212, March 1991.
[SNMPv1Traps] M. Rose, "A Convention for Defining Traps for use
with the SNMP", RFC 1215, March 1991.
[SMIv2] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Structure of Management Information
for Version 2 of the Simple Network Management
Protocol (SNMPv2)", RFC 1902, January 1996.
[SNMPv2TC] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Textual Conventions for Version 2 of
the Simple Network Management Protocol (SNMPv2)",
RFC 1903, SNMP Research, Inc., Cisco Systems, Inc.,
January 1996.
Nadeau, et al. Expires November 2000 [Page 29]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
[SNMPv2Conf] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Conformance Statements for Version 2
of the Simple Network Management Protocol
(SNMPv2)", RFC 1904, January 1996.
[SNMPv1] Case, J., Fedor, M., Schoffstall, M., and J. Davin,
"Simple Network Management Protocol", RFC 1157, May
1990.
[SNMPv2c] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Introduction to Community-based
SNMPv2", RFC 1901, January 1996.
[SNMPv2TM] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Transport Mappings for Version 2 of
the Simple Network Management Protocol (SNMPv2)",
RFC 1906, January 1996.
[SNMPv3MP] Case, J., Harrington D., Presuhn R., and B. Wijnen,
"Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)", RFC 2272,
January 1998.
[SNMPv3USM] Blumenthal, U., and B. Wijnen, "User-based Security
Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)", RFC 2274, January
1998.
[SNMPv2PO] Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Protocol Operations for Version 2 of
the Simple Network Management Protocol (SNMPv2)",
RFC 1905, January 1996.
Nadeau, et al. Expires November 2000 [Page 30]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
[SNMPv3App] Levi, D., Meyer, P., and B. Stewart, "SNMPv3
Applications", RFC 2273, January 1998
[SNMPv3VACM] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-
based Access Control Model (VACM) for the Simple
Network Management Protocol (SNMP)", RFC 2275,
January 1998
11. Authors' Addresses
Thomas D. Nadeau
Cisco Systems, Inc.
300 Apollo Drive
Chelmsford, MA 01824
Phone: +1-978-244-3051
Email: tnadeau@cisco.com
Cheenu Srinivasan
Tachion Networks, Inc.
2 Meridian Road
Eatontown, NJ 07724
Phone: +1-732-542-7750 x234
Email: cheenu@tachion.com
Arun Viswanathan
Force10 Networks, Inc.
1440 McCarthy Blvd
Milpitas, CA 95035
Phone: +1-408-571-3516
Email: arun@force10networks.com
Nadeau, et al. Expires November 2000 [Page 31]
�
Internet Draft MPLS Packet Classifier MIB 08 May 2000
12. Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise
explain it or assist in its implementation may be prepared,
copied, published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to the
Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
Nadeau, et al. Expires November 2000 [Page 32]