Internet Engineering Task Force Nevil Brownlee INTERNET-DRAFT The University of Auckland November 1994 Expires in six months Accounting Meter Services MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. This Internet Draft is a product of the Internet Accounting Working Group of the IETF. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." Please check the I-D abstract listing contained in the internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com or munnari.oz.au to learn the current status of this or any other Internet Draft. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, this memo defines managed objects used for obtaining accounting information from network devices (meters). Contents 1 The Network Management Framework 1 2 Objects 2 2.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . . 3 3 Overview 3 3.1 Scope of Definitions, Textual Conventions . . . . . . . . . . . 4 3.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 4 INTERNET-DRAFT Accounting Meter Services MIB November 1994 4 Definitions 5 5 Acknowledgements 38 6 References 38 7 Security Considerations 39 8 Author's Address 39 1 The Network Management Framework The Internet-standard Network Management Framework consists of three components. They are: RFC 1155 defines the SMI, the mechanisms used for describing and naming objects for the purpose of management. RFC 1212 defines a more concise description mechanism, which is wholly consistent with the SMI. RFC 1156 defines MIB-I, the core set of managed objects for the Internet suite of protocols. RFC 1213 [1] defines MIB-II, an evolution of MIB-I based on implementation experience and new operational requirements. RFC 1157 defines the SNMP, the protocol used for network access to managed objects. RFC 1442 [2] defines the SMI for version 2 of the Simple Network Management Protocol. RFCs 1443 and 1444 [3,4] define Textual Conventions and Conformance Statements for version 2 of the Simple Network Management Protocol. RFC 1452 [5] describes how versions 1 and 2 of the Simple Network Management Protocol should coexist. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. Nevil Brownlee [Page 2] INTERNET-DRAFT Accounting Meter Services MIB November 1994 2 Objects Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the SMI. In particular, each object has a name, a syntax, and an encoding. The name is an object identifier, an administratively assigned name, which specifies an object type. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the OBJECT DESCRIPTOR, to also refer to the object type. The syntax of an object type defines the abstract data structure corresponding to that object type. The ASN.1 language is used for this purpose. However, the SMI [2] purposely restricts the ASN.1 constructs which may be used. These restrictions are explicitly made for simplicity. The encoding of an object type is simply how that object type is represented using the object type's syntax. Implicitly tied to the notion of an object type's syntax and encoding is how the object type is represented when being transmitted on the network. The SMI specifies the use of the basic encoding rules of ASN.1 [7], subject to the additional requirements imposed by the SNMP. 2.1 Format of Definitions Section 4 contains contains the specification of all object types contained in this MIB module. These object types are defined using the conventions defined in [2] and [3]. 3 Overview Internet Accounting seeks to provide a well-defined method for collecting traffic flow information from internetworks. The background for this is given in RFC 1272 [8]. The Working Group has produced an Accounting Architecture to achieve it, which is documented in an Internet Draft [9]. The architecture defines three entities: - METERS, which observe network traffic flows and build up a table of information about them Nevil Brownlee [Page 3] INTERNET-DRAFT Accounting Meter Services MIB November 1994 - COLLECTORS, which collect traffic flow data from meters, and - MANAGERS, which oversee the operation of meters and collectors. This memo defines the internet-accounting object, which is an SNMP realisation of an accounting meter. The internet-accounting object contains control, counter and state information related to the performance of the accounting function. In particular, the meter is assumed to be one which forwards PDUs, like a router, (counting PDUs as they enter or leave the device), or monitors the passage of PDUs, like a LAN monitor. The results are contain in FlowEntrys which are contained in the internet-accounting object. A managed system will have exactly (zero or) one internet-accounting object. 3.1 Scope of Definitions, Textual Conventions All objects defined in this memo are registered in a single subtree within the experimental namespace [2], and are for use in network devices which may perform a PDU forwarding or monitoring function. For these devices, the value of the ifSpecific variable in the MIB-II [1] has the OBJECT IDENTIFIER value: internet-accounting OBJECT IDENTIFIER ::= experimental 99 as defined below. At the time work was begun on this MIB the above OID was used purely as a placeholder. Later implementations have used it in the (mistaken) belief that it had been asigned by IANA. An application has since been made to IANA for a 'proper' OID. The Accounting MIB was first produced and tested using SNMPv1. It has been converted into SNMPv2 following the guidelines in RFC 1452 [5]. 3.2 Usage of the MIB variables The MIB breaks into four parts - control, flows, rules and actions. The rules implement the minumum set of actions, as set out in the Accounting Architecture document [8]. In addition they provide for BASIC-style subroutines, allowing a network manager to dramatically reduce the number of rules required to monitor a big network. Nevil Brownlee [Page 4] INTERNET-DRAFT Accounting Meter Services MIB November 1994 Actions provide prototypes for traffic flows. When a packet is matched by the rules for the first time, an action is used to create the flow's entry in the flow table. Actions therefore have the same basic format as flows. Traffic flows are identified by a set of attributes for each of its end-points. Attributes include network addresses for each layer of the network protocol stack, and 'subscriber ids,' which may be used to identify an accountable entity for the flow. To retrieve flow data one could simply do a linear scan of the flow table. This would certainly work, but would require a lot of protocol exchanges. To reduce the overhead in retrieving flow data, there are three 'windows' into the flow table. The 'creation' window makes it easy to find those flows created after a given time, the 'activity' window finds flows active since a given time; these two allow retrieval of flow data without using an opaque object. The third window is the AcctActivityColumnEntry, which uses three indexes to retrieve (in an opaque object) values for many flows for any combination of attribute, activity time and starting flow number. This allows a collector to retrieve data for a column of the flow table with a minimum of SNMP overhead. An attempt has been made to include a full asn.1 definition of the AcctActivityColumnEntry object. One aspect of data collection which needs emphasis is that all the MIB variables are set up to allow multiple independent colletors to work properly, i.e. the flow table windows are stateless. An alternative approach would have been to 'snapshot' the flow table, which would mean that the collectors would have to be synchronised. The stateless approach does mean that two collectors will never return exactly the same set of traffic counts, but over long periods (e.g. 15-minute collections over a day) the discrepancies are acceptable. If one really needs a snapshot, this can be achieved by switching to an identical rule table with a different ruleset number, hence asynchronous collections may be regarded as a useful generalisation of synchronised ones. The control variables are the minimum set required for a collector. Their number has been whittled down as experience has been gained with the MIB implementation. 4 Definitions -- Internet Accounting MIB -- SNMPv2 version 18 Nov 94 -- Current-Author: nbrownlee Nevil Brownlee [Page 5] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- Original-Author: cbrooks -- Internet Accounting Management Information Base -- This following text defines an initial SNMP MIB for Internet -- Accounting. For additional details, see RFC 1272, "Internet -- Accounting: Background", C. Mills, D. Hirsch, and G. Ruth. -- A new version of the Internet Draft "Internet Accounting -- Architecture" is now available. ACCOUNTING-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, experimental, Counter32, Integer32, TimeTicks, IpAddress FROM SNMPv2-SMI; internetAccountingMib MODULE-IDENTITY LAST-UPDATED "9411180000Z" ORGANIZATION "IETF Internet Accounting Working Group" CONTACT-INFO "Nevil Brownlee" DESCRIPTION "The accounting MIB for the Internet Accounting Architecture." ::= { experimental 99 } -- internetAccounting OBJECT IDENTIFIER ::= { experimental 99 } acctControl OBJECT IDENTIFIER ::= { internetAccountingMib 1 } acctFlowdata OBJECT IDENTIFIER ::= { internetAccountingMib 2 } acctRuledata OBJECT IDENTIFIER ::= { internetAccountingMib 3 } acctActiondata OBJECT IDENTIFIER ::= { internetAccountingMib 4 } acctTraps OBJECT IDENTIFIER ::= { internetAccountingMib 5 } -- The AddressTuple construct: -- In future might have any address for any layer in the protocol stack -- (session, presentation, transport, application). The intent here is -- to represent the fact that the address tuple field can contain many -- attributes. -- AddressTuple ::= SEQUENCE { -- interface [ 0] INTEGER OPTIONAL, -- adjacent`type [ 1] AddressType OPTIONAL, -- adjacent`address [ 2] NetWorkAddress OPTIONAL, Nevil Brownlee [Page 6] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- adjacent`mask [ 3] NetWorkAddress OPTIONAL, -- peer`type [ 4] AddressType OPTIONAL, -- peer`address [ 5] NetWorkAddress OPTIONAL, -- peer`mask [ 6] NetWorkAddress OPTIONAL, -- transport`type [ 7] AddressType OPTIONAL, -- transport`address [ 8] NetWorkAddress OPTIONAL, -- transport`mask [ 9] NetWorkAddress OPTIONAL, -- subscriber`id [10] OCTET STRING OPTIONAL, -- subscriber`mask [11] OCTET STRING OPTIONAL -- } -- Within an address tuple the mask attributes are used to specify -- which parts of the addresses must match exactly when address tuples -- are compared. For example peer type = ipaddress, peer address = -- 130.216.0.0, peer mask = 255.255.0.0 would match any peer address -- representing an IP interface within network 130.216. -- As an example of types and values, here is an address tuple for a -- flow carrying a stream of SMTP data over an ethernet: -- adjacent type = ethernet, adjacent address = 02-07-01-04-ED-4A -- peer type = IP, peer address = 130.216.240.7 -- transport type = TCP, transport address = 25 (port number) -- The Network Address construct: -- The intent here is that this address type represent a choice of N-1 -- layer addresses based on the protocol layer at which accounting is -- done. For example, if accounting is being performed at the -- presentation level, then this address might be a session layer -- address; if done at the network level it might be an IP address. -- The level at which accounting is done is the "peer" level, N. -- In the following, "adjacent" means the level below the current level -- and "transport" means the level above it. For IP, the adjacent -- layer address might be the ethernet or 802 MAC layer address. A -- better encoding convention may be needed so that addresses at any -- layer can be specified unambiguously. -- NetWorkAddress ::= CHOICE { -- adjacentLayerAddress [1] IMPLICIT OCTET STRING, -- ipAddress [2] IMPLICIT IpAddress, -- nsapAddress [3] IMPLICIT OCTET STRING, -- idprAddress [4] IMPLICIT OCTET STRING, -- decnetAddress [5] IMPLICIT OCTET STRING, -- ipxnetAddress [6] IMPLICIT OCTET STRING, -- ethertalkAddress [7] IMPLICIT OCTET STRING, -- transportAddress [8] IMPLICIT OCTET STRING Nevil Brownlee [Page 7] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- } -- The AddressType type: -- The intent of this type is to indicate the type of address -- that is being recorded. This would probably be encoded as a -- tag in the above NetworkAddress type if using full ASN.1. Instead -- we explicitly call it out as a separate value, and instantiate it -- as a separate field. AddressType ::= INTEGER { adjacentlayer(1), ipaddress(2), nsapaddress(3), idpraddress(4), decnetaddress(5), ipxnetaddress(6), ethertalkaddress(7), transportaddress(8) } -- -- The Control Group -- acctHighWaterMark OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "A value expressed as a percent, interpreted by the meter as an indication of when to send a trap indicating that the management station should increase the polling frequency. Values of 0% or 100% disable the checking represented by this variable." ::= { acctControl 1 } acctFloodMark OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "A value expressed as a percent, interpreted by the meter as an indication of how full the flow record table should send a declareFlood trap, and switch to the emergency rule set (if one has been specified). 0% or 100% disables the checking represented by this variable." ::= { acctControl 2 } acctInactivityTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The time in seconds since the last packet seen (and the Nevil Brownlee [Page 8] INTERNET-DRAFT Accounting Meter Services MIB November 1994 last report) after which the flow may be terminated." DEFVAL { 600 } -- 10 minutes ::= { acctControl 3 } acctFlowSamplingTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctFlowSamplingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of the sampling rate for each interface." ::= { acctControl 4 } acctFlowSamplingEntry OBJECT-TYPE SYNTAX AcctFlowSamplingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the sampling rate for a particular interface." INDEX { acctFlowSamplingIndex } ::= { acctFlowSamplingTable 1 } AcctFlowSamplingEntry ::= SEQUENCE { acctFlowSamplingIndex Integer32, acctFlowSamplingRate Integer32 } acctFlowSamplingIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identifies the interface for this sampling rate." ::= { acctFlowSamplingEntry 1 } acctFlowSamplingRate OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "One for each interface. The parameter N for statistical counting. Set to N to count 1/Nth of the packets from this interface. A meter should choose its own algorithm to introduce variance into the sampling so that exactly every Nth packet is not counted. A sampling rate of 1 yields a normal counter. A sampling rate of 0 results in the interface being ignored by the meter." DEFVAL { 1 } -- Count every packet, ::= { acctFlowSamplingEntry 2 } acctCollectorInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctCollectorInfoEntry Nevil Brownlee [Page 9] INTERNET-DRAFT Accounting Meter Services MIB November 1994 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about snmp peers which have collected flow data from this meter." ::= { acctControl 5 } acctCollectorInfoEntry OBJECT-TYPE SYNTAX AcctCollectorInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular collector." INDEX { acctCollectorIndex } ::= { acctCollectorInfoTable 1 } AcctCollectorInfoEntry ::= SEQUENCE { acctCollectorIndex INTEGER (1..255), acctCollectorPeerAddress IpAddress, acctCollectorLastTime TimeTicks, acctCollectorPreviousTime TimeTicks } acctCollectorIndex OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects an entry from the array of collector info entries." ::= { acctCollectorInfoEntry 1 } acctCollectorPeerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Peer address of this collector." ::= { acctCollectorInfoEntry 2 } acctCollectorLastTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Time this collector last began a collection." ::= { acctCollectorInfoEntry 3 } acctCollectorPreviousTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current Nevil Brownlee [Page 10] INTERNET-DRAFT Accounting Meter Services MIB November 1994 DESCRIPTION "Time this collector began the collection before last." ::= { acctCollectorInfoEntry 4 } acctLastCollectTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-write STATUS current DESCRIPTION "Time last collection of meter data began. This variable will be written by a collector as the first step in making a collection. The meter will set its LastTime value to uptime and set its PreviousTime value to the old LastTime. This allows the meter to recover flows which have been inactive since PreviousTime, for these have been collected at least once. If the meter fails to write acctLastCollectTime, e.g. by failing authentication in the meter SNMP write community, collection may still proceed but the meter may not be able to recover inactive flows." ::= { acctControl 6 } acctRuleSetInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctRuleSetInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Array of information about the rule sets held in the meter, i.e. about each rule table and its accompanying action table. Rule set 1 is the meter default, used when the meter starts up. It may not be overwritten." ::= { acctControl 7 } acctRuleSetInfoEntry OBJECT-TYPE SYNTAX AcctRuleSetInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular rule set." INDEX { acctRuleInfoIndex } ::= { acctRuleSetInfoTable 1 } AcctRuleSetInfoEntry ::= SEQUENCE { acctRuleInfoIndex INTEGER (1..65535), acctRuleInfoRuleSize Integer32, acctRuleInfoActionSize Integer32 } acctRuleInfoIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current Nevil Brownlee [Page 11] INTERNET-DRAFT Accounting Meter Services MIB November 1994 DESCRIPTION "Selects an entry from the array of rule set info entries." ::= { acctRuleSetInfoEntry 1 } acctRuleInfoRuleSize OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Number of rules in this table. Setting this variable will cause the meter to allocate space for these rules." ::= { acctRuleSetInfoEntry 2 } acctRuleInfoActionSize OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Number of actions in this table. Setting this variable will cause the meter to allocate space for these actions, and will set the values of all variables in them to zero." ::= { acctRuleSetInfoEntry 3 } acctCurrentRuleSet OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Index to the arrays of rule and action tables. Specifies which set of rules and actions is currently being used for accounting by the meter. When the manager sets this variable the meter will close its current rule set and start using the new one. Flows created by the old rule set remain in memory, orphaned until their data has been collected." ::= { acctControl 8 } acctEmergencyRuleSet OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Index to the arrays of rule and action tables. After a declareFlood trap the meter may switch to using the emergency rule set. For this to be effective the manager must have downloaded an emergency rule set which uses a coarser collecting granularity. The manager will also need to decrease the collecting interval so that the meter can recover flows from its normal rule set." ::= { acctControl 9 } Nevil Brownlee [Page 12] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- -- The Flow Table -- -- This is a table kept by a meter, with one entry for every flow -- currently being accounted for. -- The variables kept for each flow comprise: -- Housekeeping information for the flow. -- The flow's "counters", i.e. its octet and PDU counts for each -- direction and its first and last packet times. -- The flow's "keys", i.e. the information used to distinguish -- packets for this particular flow. -- Each flow has at least one key, but "aggregate" flows may have more -- than one key. Every key is associated with a single flow, and every -- PDU matching a key is counted in its associated flow's counters. -- Each packet which arrives at a meter is examined, and values for all -- the "key" variables are extracted and assembled into a "packet key". -- The set of current keys is searched to see whether this flow has -- already been seen. If it has, the packet is simply counted; -- if not, the rules are consulted to create a new flow in which this -- packet may be counted. Once a flow has been created in this way a -- collector will have to read the flow's key data just once. After -- that the collector needs only to read the flow's counts from time to -- time. -- Each key has two AddressTuples, one for each of its end points. -- Flows are bidirectional and have two sets of counters, one for each -- of the two possible directions. Since we may be accounting for -- packets observed in transit along a network segment the choice of -- "to" and "from" direction is arbitrary; "source" and "destination" -- (abbreviated to "dest" elsewhere in this MIB) are specified for each -- flow by the rules in the current rule set. In the special case -- where the address tuples are identical all packets are counted in -- the "to" direction's counters. -- From time to time a collector may sweep the flow table so as collect -- counts. To reduce the number of SNMP requests required to do this, -- two further tables provide alternative windows into the flow table. -- The Creation Table allows a collector to find the first entry created -- after a specified time, then make successive getnext requests to find -- all other entries created since that time. Similarly, the Activity -- Table allows a collector to find all the entries last counted after -- a specified time. Note that it is not sensible for the meter to -- keep the Activity Table in LastTime order, since that would result -- in very active flows being counted many times during the same -- collection. -- This scheme allows multiple collectors to independently use the same Nevil Brownlee [Page 13] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- meter; the collectors do not have to be synchronised and they may -- use different collection intervals. -- A meter may reclaim the memory space used by flows (or keys) for -- which no packets have been seen since lastCollectTime, or for an -- interval longer than the inactivityTimeout, whichever is the longer. -- The meter may reuse flow indexes for flows thus reclaimed. acctFlowTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctFlowEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of all flows being kept for accounting purposes on this system." ::= { acctFlowdata 1 } acctFlowEntry OBJECT-TYPE SYNTAX AcctFlowEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The flow record for a particular flow." INDEX { acctFlowIndex } ::= { acctFlowTable 1 } AcctFlowEntry ::= SEQUENCE { acctFlowIndex INTEGER (1..65535), acctFlowStatus INTEGER, -- Source attributes acctFlowSourceInterface Integer32, acctFlowSourceAdjacentType AddressType, acctFlowSourceAdjacentAddress OCTET STRING (SIZE (6)), acctFlowSourceAdjacentMask OCTET STRING (SIZE (6)), acctFlowSourcePeerType AddressType, acctFlowSourcePeerTypeMask AddressType, acctFlowSourcePeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowSourcePeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowSourceTransType AddressType, acctFlowSourceTransTypeMask AddressType, acctFlowSourceTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowSourceTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowSourceSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctFlowSourceSubscriberMask [3] IMPLICIT OCTET STRING Nevil Brownlee [Page 14] INTERNET-DRAFT Accounting Meter Services MIB November 1994 (SIZE (4..20)), -- Destination attributes acctFlowDestInterface Integer32, acctFlowDestAdjacentType AddressType, acctFlowDestAdjacentAddress OCTET STRING (SIZE (6)), acctFlowDestAdjacentMask OCTET STRING (SIZE (6)), acctFlowDestPeerType AddressType, acctFlowDestPeerTypeMask AddressType, acctFlowDestPeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowDestPeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowDestTransType AddressType, acctFlowDestTransTypeMask AddressType, acctFlowDestTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowDestTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowDestSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctFlowDestSubscriberMask [3] IMPLICIT OCTET STRING (SIZE (4..20)), -- Session attributes acctFlowSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctFlowSessionID [4] IMPLICIT OCTET STRING (SIZE (4..10)), -- Rule Set attributes acctFlowPDUScale INTEGER, acctFlowOctetScale INTEGER, acctFlowRuleSet Integer32, acctFlowType INTEGER, acctFlowToOctets Counter32, -- Source-Dest counters acctFlowToPDUs Counter32, acctFlowFromOctets Counter32, -- Dest--Source counters acctFlowFromPDUs Counter32, acctFlowFirstTime TimeTicks, -- Activity times acctFlowLastTime TimeTicks } acctFlowIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current Nevil Brownlee [Page 15] INTERNET-DRAFT Accounting Meter Services MIB November 1994 DESCRIPTION "The bucket number for this flow. The different values for this variable need not be consecutive. Flow 1 is never used by the meter for a real flow. Instead it is used as an initial value for SNMP getnext requests when scanning the flow table." ::= { acctFlowEntry 1 } acctFlowStatus OBJECT-TYPE SYNTAX INTEGER { valid(1), invalid(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of this flow. Allows all table rows to be collected via a simple table sweep, whilst throwing out all flows that are invalid." ::= { acctFlowEntry 2 } acctFlowSourceInterface OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the interface associated with the source address for this flow. This value is one of the values contained in the ifIndex field of the interfaces table." ::= { acctFlowEntry 3 } acctFlowSourceAdjacentType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Adjacent address type of the source for this flow." ::= { acctFlowEntry 4 } acctFlowSourceAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "The 802.3 MAC address of the adjacent device on the path for the source for this flow." ::= { acctFlowEntry 5 } acctFlowSourceAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent source address for this flow." Nevil Brownlee [Page 16] INTERNET-DRAFT Accounting Meter Services MIB November 1994 ::= { acctFlowEntry 6 } acctFlowSourcePeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Peer address type of the source for this flow." ::= { acctFlowEntry 7 } acctFlowSourcePeerTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the source peer type for this flow." ::= { acctFlowEntry 8 } acctFlowSourcePeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the peer device for the source of this flow. The network address may range from three octets (Appletalk and DECnet) up to 20 octets (NSAPs)." ::= { acctFlowEntry 9 } acctFlowSourcePeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the source peer address for this flow." ::= { acctFlowEntry 10 } acctFlowSourceTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address type of the source for this flow." ::= { acctFlowEntry 11 } acctFlowSourceTransTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION Nevil Brownlee [Page 17] INTERNET-DRAFT Accounting Meter Services MIB November 1994 "1-bits in this mask indicate which bits must match when comparing the source transport type for this flow." ::= { acctFlowEntry 12 } acctFlowSourceTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the transport device for the source of this flow. This is the IP, AppleTalk or IPX port number." ::= { acctFlowEntry 13 } acctFlowSourceTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the transport source address for this flow." ::= { acctFlowEntry 14 } acctFlowSourceSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Subscriber ID associated with the source address for this flow." ::= { acctFlowEntry 15 } acctFlowSourceSubscriberMask OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the source Subsccriber ID for this flow." ::= { acctFlowEntry 16 } acctFlowDestInterface OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the interface associated with the dest address for this flow. This value is one of the values contained in the ifIndex field of the interfaces table." ::= { acctFlowEntry 17 } acctFlowDestAdjacentType OBJECT-TYPE Nevil Brownlee [Page 18] INTERNET-DRAFT Accounting Meter Services MIB November 1994 SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Adjacent address type of the destination for this flow." ::= { acctFlowEntry 18 } acctFlowDestAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "The 802.3 MAC address of the adjacent device on the path for the destination for this flow." ::= { acctFlowEntry 19 } acctFlowDestAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent dest address for this flow." ::= { acctFlowEntry 20 } acctFlowDestPeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Peer address type of the destination for this flow." ::= { acctFlowEntry 21 } acctFlowDestPeerTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the dest peer address for this flow." ::= { acctFlowEntry 22 } acctFlowDestPeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the peer device for the destination of this flow. The network address may range from three octets (Appletalk and DECnet) up to 20 octets (NSAPs)." ::= { acctFlowEntry 23 } Nevil Brownlee [Page 19] INTERNET-DRAFT Accounting Meter Services MIB November 1994 acctFlowDestPeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the dest peer type for this flow." ::= { acctFlowEntry 24 } acctFlowDestTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address type for the destination of this flow." ::= { acctFlowEntry 25 } acctFlowDestTransTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the dest transport type for this flow." ::= { acctFlowEntry 26 } acctFlowDestTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the transport device for the destination of this flow. This is the IP, AppleTalk or IPX port number." ::= { acctFlowEntry 27 } acctFlowDestTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the transport destination address for this flow." ::= { acctFlowEntry 28 } acctFlowDestSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION Nevil Brownlee [Page 20] INTERNET-DRAFT Accounting Meter Services MIB November 1994 "Subscriber ID associated with the dest address for this flow." ::= { acctFlowEntry 29 } acctFlowDestSubscriberMask OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the dest Subsccriber ID for this flow." ::= { acctFlowEntry 30 } acctFlowSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Subscriber ID for this flow, not associated with flow direction." ::= { acctFlowEntry 31 } acctFlowSessionID OBJECT-TYPE SYNTAX [4] IMPLICIT OCTET STRING (SIZE (4..10)) MAX-ACCESS read-only STATUS current DESCRIPTION "Session ID for this flow. Such an ID might be allocated by a network access server to distinguish a series of sessions between the same pair of addresses, which would otherwise appear to be parts of the same accounting flow" ::= { acctFlowEntry 32 } acctFlowPDUScale OBJECT-TYPE SYNTAX INTEGER (1..127) MAX-ACCESS read-only STATUS current DESCRIPTION "The scale factor applied to this particular flow. Indicates the number of bits the PDU counter values should be moved left to obtain the actual values." ::= { acctFlowEntry 33 } acctFlowOctetScale OBJECT-TYPE SYNTAX INTEGER (1..127) MAX-ACCESS read-only STATUS current DESCRIPTION "The scale factor applied to this particular flow. Indicates the number of bits the octet counter values should be moved left to obtain the actual values." Nevil Brownlee [Page 21] INTERNET-DRAFT Accounting Meter Services MIB November 1994 ::= { acctFlowEntry 34 } acctFlowRuleSet OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The rule set which created this flow." ::= { acctFlowEntry 35 } acctFlowType OBJECT-TYPE SYNTAX INTEGER { count(1), tally(2), aggregate(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Type of flow. Details are given for acctRuleAction (below)." ::= { acctFlowEntry 36 } acctFlowToOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of octets flowing from source to dest address and being delivered to the protocol level being metered. In the case of IP this would count the number of octets delivered to the IP level." ::= { acctFlowEntry 37 } acctFlowToPDUs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of protocol packets flowing from source to dest address and being delivered to the protocol level being metered. In the case of IP, for example, this would count the IP packets delivered to the IP protocol level." ::= { acctFlowEntry 38 } acctFlowFromOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of octets flowing from dest to source address and being delivered to the protocol level being metered." ::= { acctFlowEntry 39 } acctFlowFromPDUs OBJECT-TYPE Nevil Brownlee [Page 22] INTERNET-DRAFT Accounting Meter Services MIB November 1994 SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of protocol packets flowing from dest to source address and being delivered to the protocol level being metered. In the case of IP, for example, this would count the IP packets delivered to the IP protocol level." ::= { acctFlowEntry 40 } acctFlowFirstTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The time at which this flow was first entered in the table" ::= { acctFlowEntry 41 } acctFlowLastTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The last time this flow had activity, i.e. the time of arrival of the last PDU belonging to this flow." ::= { acctFlowEntry 42 } -- -- The Creation Table -- acctCreationTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctCreationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were created after a given time." ::= { acctFlowdata 2 } acctCreationEntry OBJECT-TYPE SYNTAX AcctCreationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Creation Entry for a particular flow." INDEX { acctCreationTime, acctCreationIndex } ::= { acctCreationTable 1 } AcctCreationEntry ::= SEQUENCE { Nevil Brownlee [Page 23] INTERNET-DRAFT Accounting Meter Services MIB November 1994 acctCreationTime TimeTicks, acctCreationIndex INTEGER (1..65535) } acctCreationTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Earliest time after which a required flow could have been created." ::= { acctCreationEntry 1 } acctCreationIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index of next entry in flow table created after Creation Time." ::= { acctCreationEntry 2 } -- -- The Activity Table -- acctActivityTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctActivityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were last used after a given time." ::= { acctFlowdata 3 } acctActivityEntry OBJECT-TYPE SYNTAX AcctActivityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Activity Entry for a particular flow." INDEX { acctActivityTime, acctActivityIndex } ::= { acctActivityTable 1 } AcctActivityEntry ::= SEQUENCE { acctActivityTime TimeTicks, acctActivityIndex INTEGER (1..65535) } acctActivityTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only Nevil Brownlee [Page 24] INTERNET-DRAFT Accounting Meter Services MIB November 1994 STATUS current DESCRIPTION "Earliest time after which a required flow could have been active." ::= { acctActivityEntry 1 } acctActivityIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index of next entry in flow table active after Active Time." ::= { acctActivityEntry 2 } -- -- The Activity Column Table -- acctActivityColumnTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctActivityColumnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were last used after a given time, and to retrieve data values for a specified attribute of each active flow." ::= { acctFlowdata 4 } acctActivityColumnEntry OBJECT-TYPE SYNTAX AcctActivityColumnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Activity Column Entry for a particular flow." INDEX { acctActivityColumnAttribute, acctActivityColumnTime, acctActivityColumnIndex } ::= { acctActivityColumnTable 1 } AcctActivityColumnEntry ::= SEQUENCE { acctActivityColumnAttribute INTEGER (1..42), acctActivityColumnTime TimeTicks, acctActivityColumnIndex INTEGER (1..65535), acctActivityColumnFlowData [5] IMPLICIT OCTET STRING (SIZE (5..1000)), } acctActivityColumnAttribute OBJECT-TYPE SYNTAX INTEGER (1..42) MAX-ACCESS not-accessible STATUS current DESCRIPTION Nevil Brownlee [Page 25] INTERNET-DRAFT Accounting Meter Services MIB November 1994 "Attribute for which values are required from active flows. Each attribute is identified by an attribute number, which is its offset within acctFlowEntry (above). For example, SourceAdjacentAddress is attribute number 5." ::= { acctActivityColumnEntry 1 } acctActivityColumnTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS not-accessible STATUS current DESCRIPTION "Earliest time after which a required flow could have been active." ::= { acctActivityColumnEntry 2 } acctActivityColumnIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index of next entry in flow table active after acctColumnTime." ::= { acctActivityColumnEntry 3 } acctActivityColumnFlowData OBJECT-TYPE SYNTAX [5] IMPLICIT OCTET STRING (SIZE (5..1000)) MAX-ACCESS read-only STATUS current DESCRIPTION "Collection of attribute data for flows active after acctColumnTime. Within the Opaque object is a sequence of {flow index, attribute value} pairs, one for each active flow. The end of the sequence is marked by a flow index value of 0 if there are no more rows in this column, and 1 otherwise. The format of objects inside acctColumnFlowData is as follows. All numbers are unsigned. Numbers and strings appear with their high-order bytes leading. flow-1 is a two-byte number; other numbers are fixed size, as specified by their SYNTAX in the flow table (above), i.e. one byte for acctAddressType and small constants, and four bytes for Counter32 and TimeTicks. Octet Strings are variable-length, with the length given in a single leading byte. The following is an attempt at an ASN.1 definition of acctColumnFlowData: acctActivityColumnFlowData ::= SEQUENCE { RowItems AcctRowItemList, EndMarker INTEGER (0..1) -- 0 = No more rows } AcctRowItemList ::= SEQUENCE OF AcctRowItemEntry Nevil Brownlee [Page 26] INTERNET-DRAFT Accounting Meter Services MIB November 1994 AcctRowItemEntry ::= SEQUENCE { acctRowNumber INTEGER (1..65535), acctDataValue AcctDataType -- Choice depends on attribute } AcctDataType ::= CHOICE { acctByteValue INTEGER (1..255), acctShortValue INTEGER (1..65535), acctLongValue INTEGER (1..4294967295), acctStringValue OCTET STRING -- Length (n) in first byte, -- n+1 bytes total length, trailing zeroes truncated }" ::= { acctActivityColumnEntry 4 } -- -- The Rule Table -- -- This is an array of rule tables; the one in use is selected by -- CurrentRuleSet. To change the rule set the manager chooses a set -- number which is not in use, downloads the new rule set there, then -- writes the new set number into CurrentRuleSet. Several rule sets -- can be held in a meter so that the manager can change the rules -- easily, for example with time of day. Note that the manager may -- not change rules in the current rule set! acctRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of rules used to determine the granularity of accounting data." ::= { acctRuledata 1 } acctRuleEntry OBJECT-TYPE SYNTAX AcctRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule record itself." INDEX { acctRuleSet, acctRuleIndex } ::= { acctRuleTable 1 } AcctRuleEntry ::= SEQUENCE { acctRuleSet Integer32, acctRuleIndex INTEGER (1..65535), acctRuleSelector Integer32, -- select attribute acctRuleMask [3] IMPLICIT OCTET STRING (SIZE (4..20)), Nevil Brownlee [Page 27] INTERNET-DRAFT Accounting Meter Services MIB November 1994 acctRuleMatchedValue [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctRuleAction INTEGER, -- action to take acctRuleJumpIndex Integer32 -- where to go } acctRuleSet OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects a table from the array of rule tables." ::= { acctRuleEntry 1 } acctRuleIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index into the Rule table. N.B: These values will often be consecutive, given the fall-through semantics of processing the table." ::= { acctRuleEntry 2 } acctRuleSelector OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Defines the source of the value to match. Allowable selector values are described below. Null(0) is a special case; null rules always succeed. The following flow attributes may be selected (using their attribute numbers): SourceInterface(3), SourceAdjacentType(4), SourceAdjacentAddress(5), SourcePeerType(7), SourcePeerAddress(9), SourceTransType(11), SourceTransAddress(13), SourceSubscriberID(15), DestInterface(17), DestAdjacentType(18), DestAdjacentAddress(19), DestPeerType(21), DestPeerAddress(23), DestTransType(25), DestTransAddress(27), Nevil Brownlee [Page 28] INTERNET-DRAFT Accounting Meter Services MIB November 1994 DestSubscriberID(29), SubscriberID(31), SessionID(32) Var(51), Var2(52), Var3(53), Var4(54) and Var5(55) select meter variables, each of which can hold the name (i.e. selector value) of an address attribute. When one of these is used as a selector, its value specifies the attribute to be tested. Variable values are set by an assign action." ::= { acctRuleEntry 3 } acctRuleMask OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The initial mask used to compute the desired value, encoded as an OCTET STRING. If the mask is zero the rule will always succeed. This is required for assign actions, which might otherwise fail." ::= { acctRuleEntry 4 } acctRuleMatchedValue OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The resulting value to be matched for equality. Specifically, if the attribute chosen by the acctRuleSelector logically ANDed with the mask specified by the acctRuleMask equals the value specified in the acctRuleMatchedValue, then continue processing the table entry based on the action specified by the acctRuleAction entry. Otherwise, proceed to the next entry in the rule table." ::= { acctRuleEntry 5 } acctRuleAction OBJECT-TYPE SYNTAX INTEGER { count(1), tally(2), aggregate(3), succeed(4), fail(5), pushto(6), popto(7), goto(8), gosub(9), return(10), assign(11) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action to be taken if there is a match between this rule and the PDU being considered. The meter maintains a pattern stack (i.e. a stack ofindexes for rules which have been successfully matched), and a return stack (i.e. a stack of return addresses for rule-matching subroutines). Count(1) adds the PDU into a count based on the ActionEntry acctAction[acctRuleJumpIndex]. Each flow in a count is a Nevil Brownlee [Page 29] INTERNET-DRAFT Accounting Meter Services MIB November 1994 copy of its ActionEntry with values and masks overwritten by those from the stack of matched rules. The user must ensure that every flow in the count uses the same set of masks. Tally(2) adds the PDU into a tally based on the ActionEntry acctAction[acctRuleJumpIndex]. Each flow in a Tally is a copy of its ActionEntry with values taken from the PDU for attributes having non-zero masks in the ActionEntry. ActionEntry. Aggregate(3) adds the PDU into an aggregate based on the ActionEntry acctAction[acctRuleJumpIndex]. There is only one flow in an aggregate; it is a copy of its ActionEntry. Succeed(4) has two effects, depending on the RuleJumpIndex value. If this is zero, rule matching stops and a successful match is reported. The PDU will not be counted, and the meter will not try to match it again. If the RuleJumpIndex is not zero, it specifies a target rule. The action for the target rule is executed immediately, as though that rule had just succeeded. Fail(5) terminates rule matching and indicates that the PDU was not matched. The meter may try to match it again, for example with the source and dest keys interchanged. Pushto(6) tells the meter to use RuleJumpIndex as the index of the next rule to match. It also pushes the current rule index onto the pattern stack. Popto(7) tells the meter to use RuleJumpIndex as the index of the next rule to match. It also deletes the top entry from the pattern stack. Goto(8) tells the meter to use RuleJumpIndex as the index of the next rule to match. The pattern stack is not changed. GoSub(9) calls a rule-matching subroutine. RuleJumpIndex is used as the index of the next rule to match, and the meter pushes the current rule index+1 onto the return stack. Return(10) returns from a rule-matching subroutine. The return rule index is popped from the return stack and added to RuleJumpIndex to select a target rule. The action for the target rule is executed immediately, allowing rule-matching subroutines to return a result. Assign(11) sets the value of a meter variable. The variable is specified by acctRuleSelector, and its value is set to RuleJumpIndex." ::= { acctRuleEntry 6 } acctRuleJumpIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION Nevil Brownlee [Page 30] INTERNET-DRAFT Accounting Meter Services MIB November 1994 "An index into the Rule table. Where to restart the search. Must take on one of the values allowed for acctRuleIndex." ::= { acctRuleEntry 7 } -- -- The Action Table -- acctActionTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of values used to create flowEntries for flows matching entries in the rule table (above)." ::= { acctActiondata 1 } acctActionEntry OBJECT-TYPE SYNTAX AcctActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule action record." INDEX { acctActionSet, acctActionIndex } ::= { acctActionTable 1 } AcctActionEntry ::= SEQUENCE { acctActionIndex INTEGER (1..65535), acctActionStatus Integer32, -- Source attributes acctActionSourceInterface Integer32, acctActionSourceAdjacentType AddressType, acctActionSourceAdjacentAddress OCTET STRING (SIZE (6)), acctActionSourceAdjacentMask OCTET STRING (SIZE (6)), acctActionSourcePeerType AddressType, acctActionSourcePeerTypeMask AddressType, acctActionSourcePeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctActionSourcePeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctActionSourceTransType AddressType, acctActionSourceTransTypeMask AddressType, acctActionSourceTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctActionSourceTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctActionSourceSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctActionSourceSubscriberMask [3] IMPLICIT OCTET STRING (SIZE (4..20)), Nevil Brownlee [Page 31] INTERNET-DRAFT Accounting Meter Services MIB November 1994 -- Destination attributes acctActionDestInterface Integer32, acctActionDestAdjacentType AddressType, acctActionDestAdjacentAddress OCTET STRING (SIZE (6)), acctActionDestAdjacentMask OCTET STRING (SIZE (6)), acctActionDestPeerType AddressType, acctActionDestPeerTypeMask AddressType, acctActionDestPeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctActionDestPeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctActionDestTransType AddressType, acctActionDestTransTypeMask AddressType, acctActionDestTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctActionDestTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctActionDestSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctActionDestSubscriberMask [3] IMPLICIT OCTET STRING (SIZE (4..20)), -- Session attributes acctActionSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctActionSessionID [4] IMPLICIT OCTET STRING (SIZE (4..10)), -- Rule set attributes acctActionPDUScale INTEGER (1..127), acctActionOctetScale INTEGER (1..127), acctActionSet Integer32 } -- Most of the variables in acctActionEntry provide values for the -- corresponding variables in acctFlowEntry. For their descriptions -- please refer to their definitions in acctFlowEntry. acctActionIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index into the Action table." ::= { acctActionEntry 1 } acctActionStatus OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 2 } Nevil Brownlee [Page 32] INTERNET-DRAFT Accounting Meter Services MIB November 1994 acctActionSourceInterface OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 3 } acctActionSourceAdjacentType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 4 } acctActionSourceAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-create STATUS current DESCRIPTION "The 802.3 MAC address of the adjacent device on the path for the source for this action." ::= { acctActionEntry 5 } acctActionSourceAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-create STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent source address for this action." ::= { acctActionEntry 6 } acctActionSourcePeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 7 } acctActionSourcePeerTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 8 } acctActionSourcePeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-create STATUS current DESCRIPTION " Nevil Brownlee [Page 33] INTERNET-DRAFT Accounting Meter Services MIB November 1994 The network address may range from three octets (Appletalk and DECnet) up to 20 octets (NSAPs)." ::= { acctActionEntry 9 } acctActionSourcePeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 10 } acctActionSourceTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 11 } acctActionSourceTransTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 12 } acctActionSourceTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-create STATUS current DESCRIPTION " This is the IP, AppleTalk or IPX port number." ::= { acctActionEntry 13 } acctActionSourceTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 14 } acctActionSourceSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 15 } acctActionSourceSubscriberMask OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current Nevil Brownlee [Page 34] INTERNET-DRAFT Accounting Meter Services MIB November 1994 DESCRIPTION "" ::= { acctActionEntry 16 } acctActionDestInterface OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 17 } acctActionDestAdjacentType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 18 } acctActionDestAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-create STATUS current DESCRIPTION "The 802.3 MAC address of the adjacent device on the path for the destination for this action." ::= { acctActionEntry 19 } acctActionDestAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-create STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent destination address for this action." ::= { acctActionEntry 20 } acctActionDestPeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 21 } acctActionDestPeerTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 22 } acctActionDestPeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) Nevil Brownlee [Page 35] INTERNET-DRAFT Accounting Meter Services MIB November 1994 MAX-ACCESS read-create STATUS current DESCRIPTION " The network address may range from three octets (Appletalk and DECnet) up to 20 octets (NSAPs)." ::= { acctActionEntry 23 } acctActionDestPeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 24 } acctActionDestTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 25 } acctActionDestTransTypeMask OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 26 } acctActionDestTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-create STATUS current DESCRIPTION " This is the IP, AppleTalk or IPX port number." ::= { acctActionEntry 27 } acctActionDestTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 28 } acctActionDestSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 29 } acctActionDestSubscriberMask OBJECT-TYPE Nevil Brownlee [Page 36] INTERNET-DRAFT Accounting Meter Services MIB November 1994 SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 30 } acctActionSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 31 } acctActionSessionID OBJECT-TYPE SYNTAX [4] IMPLICIT OCTET STRING (SIZE (4..10)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 32 } acctActionPDUScale OBJECT-TYPE SYNTAX INTEGER (1..127) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 33 } acctActionOctetScale OBJECT-TYPE SYNTAX INTEGER (1..127) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { acctActionEntry 34 } acctActionSet OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects a table from the array of action tables." ::= { acctActionEntry 35 } -- -- Internet Accounting Traps -- declareHighWater NOTIFICATION-TYPE OBJECTS { acctHighWaterMark } STATUS current DESCRIPTION Nevil Brownlee [Page 37] INTERNET-DRAFT Accounting Meter Services MIB November 1994 "Sent by the meter to the management host to indicate that the high water mark has been exceeded. This should be interpreted by the management host as a request to increase the polling frequency. N.B: this trap is optional. Meters are not required to implement this trap; management hosts are not required to increase their polling frequency." ::= { acctTraps 1 } declareFlood NOTIFICATION-TYPE STATUS current DESCRIPTION "Sent by the meter to the management host to indicate that the flow record table has reached the acctFloodMark level. At this point the meter will have switched to using the emergency rule set, if one was specified." ::= { acctTraps 2 } END 5 Acknowledgements This document was produced under the auspices of the IETF's Accounting Working Group with assistance from SNMP and SAAG working groups. 6 References [1] McCloghrie K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets," RFC 1213, Performance Systems International, March 1991. [2] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Structure of Management Information for version 2 of the Simple Network Managemenet Protocol," RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [3] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Textual Conventions for version 2 of the Simple Network Managemenet Protocol SNMPv2", RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. Nevil Brownlee [Page 38] INTERNET-DRAFT Accounting Meter Services MIB November 1994 [4] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Conformance Statements for version 2 of the Simple Network Managemenet Protocol (SNMPv2)," RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [5] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Coexistence between version 1 and version 2 of the Internet-standard Network Management Framework," RFC 1452, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [6] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization, International Standard 8824, December 1987. [7] Information processing systems - Open Systems Interconnection - Specification of Basic Encoding Rules for Abstract Notation One (ASN.1), International Organization for Standardization, International Standard 8825, December 1987. [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian Technology Corporation, November 1991. [9] Brownlee, N., Mills, C., and Ruth, G., "Internet Accounting Architecture," Internet Draft, The University of Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, November 1994. 7 Security Considerations Security issues are not discussed in this document. 8 Author's Address Nevil Brownlee Computer Centre The University of Auckland Phone: 64 9 373 7599 x8941 EMail: n.brownlee @auckland.ac.nz Cyndi Mills Nevil Brownlee [Page 39] INTERNET-DRAFT Accounting Meter Services MIB November 1994 BBN Systems and Technologies Phone: 1 617 873 4143 Email: cmills@bbn.com Nevil Brownlee [Page 40]