Internet Engineering Task Force Nevil Brownlee INTERNET-DRAFT The University of Auckland March 1995 Accounting Meter Services MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. This Internet Draft is a product of the Internet Accounting Working Group of the IETF. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." Please check the I-D abstract listing contained in the internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com or munnari.oz.au to learn the current status of this or any other Internet Draft. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, this memo defines managed objects used for obtaining accounting information from network devices (meters). Contents 1 The Network Management Framework 1 2 Objects 2 2.1 Format of Definitions . . . . . . . . . . . . . . . . . . . . . 3 3 Overview 3 3.1 Scope of Definitions, Textual Conventions . . . . . . . . . . . 4 3.2 Usage of the MIB variables . . . . . . . . . . . . . . . . . . 4 INTERNET-DRAFT Accounting Meter Services MIB March 1995 4 Definitions 5 5 Acknowledgements 30 6 References 31 7 Security Considerations 32 8 Author's Address 32 1 The Network Management Framework The Internet-standard Network Management Framework consists of three components. They are: RFC 1155 defines the SMI, the mechanisms used for describing and naming objects for the purpose of management. RFC 1212 defines a more concise description mechanism, which is wholly consistent with the SMI. RFC 1156 defines MIB-I, the core set of managed objects for the Internet suite of protocols. RFC 1213 [1] defines MIB-II, an evolution of MIB-I based on implementation experience and new operational requirements. RFC 1157 defines the SNMP, the protocol used for network access to managed objects. RFC 1442 [2] defines the SMI for version 2 of the Simple Network Management Protocol. RFCs 1443 and 1444 [3,4] define Textual Conventions and Conformance Statements for version 2 of the Simple Network Management Protocol. RFC 1452 [5] describes how versions 1 and 2 of the Simple Network Management Protocol should coexist. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. Nevil Brownlee [Page 2] INTERNET-DRAFT Accounting Meter Services MIB March 1995 2 Objects Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) [6] defined in the SMI. In particular, each object has a name, a syntax, and an encoding. The name is an object identifier, an administratively assigned name, which specifies an object type. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the OBJECT DESCRIPTOR, to also refer to the object type. The syntax of an object type defines the abstract data structure corresponding to that object type. The ASN.1 language is used for this purpose. However, the SMI [2] purposely restricts the ASN.1 constructs which may be used. These restrictions are explicitly made for simplicity. The encoding of an object type is simply how that object type is represented using the object type's syntax. Implicitly tied to the notion of an object type's syntax and encoding is how the object type is represented when being transmitted on the network. The SMI specifies the use of the basic encoding rules of ASN.1 [7], subject to the additional requirements imposed by the SNMP. 2.1 Format of Definitions Section 4 contains contains the specification of all object types contained in this MIB module. These object types are defined using the conventions defined in [2] and [3]. 3 Overview Internet Accounting seeks to provide a well-defined method for collecting traffic flow information from internetworks. The background for this is given in RFC 1272 [8]. The Working Group has produced an Accounting Architecture to achieve it, which is documented in an Internet Draft [9]. The architecture defines three entities: - METERS, which observe network traffic flows and build up a table of information about them Nevil Brownlee [Page 3] INTERNET-DRAFT Accounting Meter Services MIB March 1995 - COLLECTORS, which collect traffic flow data from meters, and - MANAGERS, which oversee the operation of meters and collectors. This memo defines the internet-accounting object, which is an SNMP realisation of an accounting meter. The internet-accounting object contains control, counter and state information related to the performance of the accounting function. In particular, the meter is assumed to be one which forwards PDUs, like a router, (counting PDUs as they enter or leave the device), or monitors the passage of PDUs, like a LAN monitor. The results are contain in FlowEntrys which are contained in the internet-accounting object. A managed system will have exactly (zero or) one internet-accounting object. 3.1 Scope of Definitions, Textual Conventions All objects defined in this memo are registered in a single subtree within the experimental namespace [2], and are for use in network devices which may perform a PDU forwarding or monitoring function. For these devices, the value of the ifSpecific variable in the MIB-II [1] has the OBJECT IDENTIFIER value: internet-accounting OBJECT IDENTIFIER ::= experimental 99 as defined below. At the time work was begun on this MIB the above OID was used purely as a placeholder. Later implementations have used it in the (mistaken) belief that it had been asigned by IANA. An application has since been made to IANA for a 'proper' OID. The Accounting MIB was first produced and tested using SNMPv1. It has been converted into SNMPv2 following the guidelines in RFC 1452 [5]. 3.2 Usage of the MIB variables The MIB breaks into four parts - control, flows, rules and actions. The rules implement the minumum set of actions, as set out in the Accounting Architecture document [8]. In addition they provide for BASIC-style subroutines, allowing a network manager to dramatically reduce the number of rules required to monitor a big network. Nevil Brownlee [Page 4] INTERNET-DRAFT Accounting Meter Services MIB March 1995 Actions provide prototypes for traffic flows. When a packet is matched by the rules for the first time, an action is used to create the flow's entry in the flow table. Actions therefore have the same basic format as flows. Traffic flows are identified by a set of attributes for each of its end-points. Attributes include network addresses for each layer of the network protocol stack, and 'subscriber ids,' which may be used to identify an accountable entity for the flow. To retrieve flow data one could simply do a linear scan of the flow table. This would certainly work, but would require a lot of protocol exchanges. To reduce the overhead in retrieving flow data, there are three 'windows' into the flow table. The 'creation' window makes it easy to find those flows created after a given time, the 'activity' window finds flows active since a given time; these two allow retrieval of flow data without using an opaque object. The third window is the AcctActivityColumnEntry, which uses three indexes to retrieve (in an opaque object) values for many flows for any combination of attribute, activity time and starting flow number. This allows a collector to retrieve data for a column of the flow table with a minimum of SNMP overhead. An attempt has been made to include a full asn.1 definition of the AcctActivityColumnEntry object. One aspect of data collection which needs emphasis is that all the MIB variables are set up to allow multiple independent colletors to work properly, i.e. the flow table windows are stateless. An alternative approach would have been to 'snapshot' the flow table, which would mean that the collectors would have to be synchronised. The stateless approach does mean that two collectors will never return exactly the same set of traffic counts, but over long periods (e.g. 15-minute collections over a day) the discrepancies are acceptable. If one really needs a snapshot, this can be achieved by switching to an identical rule table with a different ruleset number, hence asynchronous collections may be regarded as a useful generalisation of synchronised ones. The control variables are the minimum set required for a collector. Their number has been whittled down as experience has been gained with the MIB implementation. 4 Definitions -- Internet Accounting Meter MIB -- SNMPv2 version 6 Mar 95 -- Current-Author: nbrownlee Nevil Brownlee [Page 5] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- Original-Author: cbrooks -- Internet Accounting Management Information Base -- This following text defines an initial SNMP MIB for Internet -- Accounting. For additional details, see RFC 1272, "Internet -- Accounting: Background", C. Mills, D. Hirsch, and G. Ruth. -- A new version of the Internet Draft "Internet Accounting -- Architecture" is now available. ACCOUNTING-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, experimental, Counter32, Integer32, TimeTicks, IpAddress FROM SNMPv2-SMI; acctMIB MODULE-IDENTITY LAST-UPDATED "9503060000Z" ORGANIZATION "IETF Internet Accounting Working Group" CONTACT-INFO "Nevil Brownlee" DESCRIPTION "The accounting MIB for the Internet Accounting Meter." ::= { mib-2 40 } -- Earlier versions of this MIB used { experimental 99 } -- as a placeholder acctControl OBJECT IDENTIFIER ::= { acctMIB 1 } acctFlowdata OBJECT IDENTIFIER ::= { acctMIB 2 } acctRuledata OBJECT IDENTIFIER ::= { acctMIB 3 } -- The AddressTuple construct: -- In future might have any address for any layer in the protocol stack -- (session, presentation, transport, application). The intent here is -- to represent the fact that the address tuple field can contain many -- attributes. -- AddressTuple ::= SEQUENCE { -- interface [ 0] INTEGER OPTIONAL, -- adjacent_type [ 1] AddressType OPTIONAL, -- adjacent_address [ 2] NetWorkAddress OPTIONAL, -- adjacent_mask [ 3] NetWorkAddress OPTIONAL, Nevil Brownlee [Page 6] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- peer_type [ 4] AddressType OPTIONAL, -- peer_address [ 5] NetWorkAddress OPTIONAL, -- peer_mask [ 6] NetWorkAddress OPTIONAL, -- transport_type [ 7] AddressType OPTIONAL, -- transpoprt_address [ 8] NetWorkAddress OPTIONAL, -- transport_mask [ 9] NetWorkAddress OPTIONAL, -- } -- Within an address tuple the mask attributes are used to specify -- which parts of the addresses must match exactly when address tuples -- are compared. For example peer type = ipaddress, peer address = -- 130.216.0.0, peer mask = 255.255.0.0 would match any peer address -- representing an IP interface within network 130.216. -- As an example of types and values, here is an address tuple for a -- flow carrying a stream of SMTP data over an ethernet: -- adjacent type = ethernet, adjacent address = 02-07-01-04-ED-4A -- peer type = IP, peer address = 130.216.240.7 -- transport type = TCP, transport address = 25 (port number) -- The Network Address construct: -- The intent here is that this address type represent a choice of N-1 -- layer addresses based on the protocol layer at which accounting is -- done. For example, if accounting is being performed at the -- presentation level, then this address might be a session layer -- address; if done at the network level it might be an IP address. -- The level at which accounting is done is the "peer" level, N. -- In the following, "adjacent" means the level below the current level -- and "transport" means the level above it. For IP the adjacent layer -- address might be the ethernet or 802 MAC layer address and the -- transport address might be the IP port number. A better encoding -- convention may be needed so that addresses at any layer can be -- specified unambiguously. -- NetWorkAddress ::= CHOICE { -- adjacentLayerAddress [1] IMPLICIT OCTET STRING, -- ipAddress [2] IMPLICIT IpAddress, -- nsapAddress [3] IMPLICIT OCTET STRING, -- idprAddress [4] IMPLICIT OCTET STRING, -- decnetAddress [5] IMPLICIT OCTET STRING, -- ipxnetAddress [6] IMPLICIT OCTET STRING, -- ethertalkAddress [7] IMPLICIT OCTET STRING, -- transportAddress [8] IMPLICIT OCTET STRING -- } -- The AddressType type: Nevil Brownlee [Page 7] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- The intent of this type is to indicate the type of address -- that is being recorded. This would probably be encoded as a -- tag in the above NetworkAddress type if using full ASN.1. Instead -- we explicitly call it out as a separate value, and instantiate it -- as a separate field. AddressType ::= INTEGER { adjacentlayer(1), ipaddress(2), nsapaddress(3), idpraddress(4), decnetaddress(5), ipxnetaddress(6), ethertalkaddress(7), transportaddress(8) } -- -- The Control Group -- acctRuleSetInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctRuleSetInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Array of information about the rule sets held in the meter. Rule set 1 is the meter default, used when the meter starts up. It may not be overwritten." ::= { acctControl 1 } acctRuleSetInfoEntry OBJECT-TYPE SYNTAX AcctRuleSetInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular rule set." INDEX { acctRuleInfoIndex } ::= { acctRuleSetInfoTable 1 } AcctRuleSetInfoEntry ::= SEQUENCE { acctRuleInfoIndex INTEGER (1..65535), acctRuleInfoRuleSize INTEGER (1..65535), acctRuleInfoActionSize INTEGER (1..65535) } acctRuleInfoIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects an entry from the array of rule set info entries." ::= { acctRuleSetInfoEntry 1 } Nevil Brownlee [Page 8] INTERNET-DRAFT Accounting Meter Services MIB March 1995 acctRuleInfoRuleSize OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Number of rules in this table. Setting this variable will cause the meter to allocate space for these rules." ::= { acctRuleSetInfoEntry 2 } acctRuleInfoActionSize OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Number of actions in this table. Setting this variable will cause the meter to allocate space for these actions, and will set the values of all variables in them to zero." ::= { acctRuleSetInfoEntry 3 } acctFlowSamplingTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctFlowSamplingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of sampling rates for each interface." ::= { acctControl 2 } acctFlowSamplingEntry OBJECT-TYPE SYNTAX AcctFlowSamplingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the sampling rate for a particular interface." INDEX { acctFlowSamplingIndex } ::= { acctFlowSamplingTable 1 } AcctFlowSamplingEntry ::= SEQUENCE { acctFlowSamplingIndex INTEGER (1..255), acctFlowSamplingRate INTEGER (1..65535) } acctFlowSamplingIndex OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identifies the interface for this sampling rate." ::= { acctFlowSamplingEntry 1 } acctFlowSamplingRate OBJECT-TYPE SYNTAX INTEGER (1..65535) Nevil Brownlee [Page 9] INTERNET-DRAFT Accounting Meter Services MIB March 1995 MAX-ACCESS read-write STATUS current DESCRIPTION "One for each interface. The parameter N for statistical counting. Set to N to count 1/Nth of the packets from this interface. A meter should choose its own algorithm to introduce variance into the sampling so that exactly every Nth packet is not counted. A sampling rate of 1 yields a normal counter. A sampling rate of 0 results in the interface being ignored by the meter." DEFVAL { 1 } -- Count every packet, ::= { acctFlowSamplingEntry 2 } acctCurrentRuleSet OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Index to the arrays of rule and action tables. Specifies which set of rules and actions is currently being used for accounting by the meter. When the manager sets this variable the meter will close its current rule set and start using the new one. Flows created by the old rule set remain in memory, orphaned until their data has been collected." ::= { acctControl 3 } acctEmergencyRuleSet OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Index to the arrays of rule and action tables. After reaching HighWaterMark (see below) the meter may switch to using it's emergency rule set. For this to be effective the manager should have downloaded an emergency rule set which uses a coarser collecting granularity. The manager may also need to decrease the collecting interval so that the meter can recover flows from its normal rule set." ::= { acctControl 4 } acctHighWaterMark OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "A value expressed as a percentage, interpreted by the meter as an indication of how full the flow table should be before it should switch to the emergency rule set (if one has been specified). Values of 0% or 100% disable the checking represented by this variable." ::= { acctControl 5 } Nevil Brownlee [Page 10] INTERNET-DRAFT Accounting Meter Services MIB March 1995 acctFloodMark OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "A value expressed as a percentage, interpreted by the meter as an indication of how full the flow table should be before it should take some action to avoid running out of resources to handle new flows. Values of 0% or 100% disable the checking represented by this variable." ::= { acctControl 6 } acctCollectorInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctCollectorInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about snmp peers which have collected flow data from this meter." ::= { acctControl 7 } acctCollectorInfoEntry OBJECT-TYPE SYNTAX AcctCollectorInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular collector." INDEX { acctCollectorIndex } ::= { acctCollectorInfoTable 1 } AcctCollectorInfoEntry ::= SEQUENCE { acctCollectorIndex INTEGER (1..255), acctCollectorPeerAddress IpAddress, acctCollectorLastTime TimeTicks, acctCollectorPreviousTime TimeTicks } acctCollectorIndex OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects an entry from the array of collector info entries." ::= { acctCollectorInfoEntry 1 } acctCollectorPeerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION Nevil Brownlee [Page 11] INTERNET-DRAFT Accounting Meter Services MIB March 1995 "Peer address of this collector." ::= { acctCollectorInfoEntry 2 } acctCollectorLastTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Time this collector last began a collection." ::= { acctCollectorInfoEntry 3 } acctCollectorPreviousTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Time this collector began the collection before last." ::= { acctCollectorInfoEntry 4 } acctLastCollectTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-write STATUS current DESCRIPTION "Time last collection of meter data began. This variable will be written by a collector as the first step in making a collection. The meter will set its LastTime value to uptime and set its PreviousTime value to the old LastTime. This allows the meter to recover flows which have been inactive since PreviousTime, for these have been collected at least once. If the meter fails to write acctLastCollectTime, e.g. by failing authentication in the meter SNMP write community, collection may still proceed but the meter may not be able to recover inactive flows." ::= { acctControl 8 } acctInactivityTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The time in seconds since the last packet seen, after which the flow may be terminated. Note that although a flow may have been terminated, its data must be collected before its memory can be recovered." DEFVAL { 600 } -- 10 minutes ::= { acctControl 9 } acctActiveFlows OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only Nevil Brownlee [Page 12] INTERNET-DRAFT Accounting Meter Services MIB March 1995 STATUS current DESCRIPTION "The numbers of flows which are currently active, i.e. have been active since the last collection." ::= { acctControl 10 } acctMaxFlows OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of flows allowed in the meter's flow table." ::= { acctControl 11 } -- -- The Flow Table -- -- This is a table kept by a meter, with one entry for every flow -- currently being accounted for. -- The variables kept for each flow comprise: -- Housekeeping information for the flow. -- The flow's "counters", i.e. its octet and PDU counts for each -- direction and its first and last packet times. -- The flow's "keys", i.e. the information used to distinguish -- packets for this particular flow. -- Each flow has at least one key, but "aggregate" flows may have more -- than one key. Every key is associated with a single flow, and every -- PDU matching a key is counted in its associated flow's counters. -- Each packet which arrives at a meter is examined, and values for all -- the "key" variables are extracted and assembled into a "packet key". -- The set of current keys is searched to see whether this flow has -- already been seen. If it has, the packet is simply counted; -- if not, the rules are consulted to create a new flow in which this -- packet may be counted. Once a flow has been created in this way a -- collector will have to read the flow's key data just once. After -- that the collector needs only to read the flow's counts from time to -- time. -- Each key has two AddressTuples, one for each of its end points. -- Flows are bidirectional and have two sets of counters, one for each -- of the two possible directions. Since we may be accounting for -- packets observed in transit along a network segment the choice of -- "to" and "from" direction is arbitrary; "source" and "destination" -- (abbreviated to "dest" elsewhere in this MIB) are specified for each -- flow by the rules in the current rule set. In the special case Nevil Brownlee [Page 13] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- where the address tuples are identical all packets are counted in -- the "to" direction's counters. -- From time to time a collector may sweep the flow table so as collect -- counts. To reduce the number of SNMP requests required to do this, -- two further tables provide alternative windows into the flow table. -- The Creation Table allows a collector to find the first entry created -- after a specified time, then make successive getnext requests to find -- all other entries created since that time. Similarly, the Activity -- Table allows a collector to find all the entries last counted after -- a specified time. Note that it is not sensible for the meter to -- keep the Activity Table in LastTime order, since that would result -- in very active flows being counted many times during the same -- collection. -- This scheme allows multiple collectors to independently use the same -- meter; the collectors do not have to be synchronised and they may -- use different collection intervals. -- A meter may reclaim the memory space used by flows (or keys) for -- which no packets have been seen since lastCollectTime, or for an -- interval longer than the inactivityTimeout, whichever is the longer. -- The meter may reuse flow indexes for flows thus reclaimed. acctFlowTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctFlowEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of all flows being kept for accounting purposes on this system." ::= { acctFlowdata 1 } acctFlowEntry OBJECT-TYPE SYNTAX AcctFlowEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The flow record for a particular flow." INDEX { acctFlowIndex } ::= { acctFlowTable 1 } AcctFlowEntry ::= SEQUENCE { acctFlowIndex INTEGER (1..65535), acctFlowStatus Integer32, acctFlowSourceInterface INTEGER (1..255), -- Source Address acctFlowSourceAdjacentType AddressType, acctFlowSourceAdjacentAddress OCTET STRING (SIZE (6)), acctFlowSourceAdjacentMask OCTET STRING (SIZE (6)), acctFlowSourcePeerType AddressType, Nevil Brownlee [Page 14] INTERNET-DRAFT Accounting Meter Services MIB March 1995 acctFlowSourcePeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowSourcePeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowSourceTransType AddressType, acctFlowSourceTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowSourceTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowDestInterface INTEGER (1..255), -- Dest Address acctFlowDestAdjacentType AddressType, acctFlowDestAdjacentAddress OCTET STRING (SIZE (6)), acctFlowDestAdjacentMask OCTET STRING (SIZE (6)), acctFlowDestPeerType AddressType, acctFlowDestPeerAddress [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowDestPeerMask [1] IMPLICIT OCTET STRING (SIZE (3..20)), acctFlowDestTransType AddressType, acctFlowDestTransAddress [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowDestTransMask [2] IMPLICIT OCTET STRING (SIZE (1..2)), acctFlowPDUScale INTEGER (1..255), -- Rule Set attrs acctFlowOctetScale INTEGER (1..255), acctFlowRuleSet INTEGER (1..255), acctFlowToOctets Counter32, -- Source-to-Dest acctFlowToPDUs Counter32, acctFlowFromOctets Counter32, -- Dest-to-Source acctFlowFromPDUs Counter32, acctFlowFirstTime TimeTicks, -- Activity times acctFlowLastTime TimeTicks, acctFlowSourceSubscriberID [3] IMPLICIT OCTET STRING -- Session (SIZE (4..20)), acctFlowDestSubscriberID [3] IMPLICIT OCTET STRING (SIZE (4..20)), acctFlowSessionID [4] IMPLICIT OCTET STRING (SIZE (4..10)), acctFlowSourceClass INTEGER (1..255), acctFlowDestClass INTEGER (1..255), acctFlowClass INTEGER (1..255), acctFlowSourceKind INTEGER (1..255), acctFlowDestKind INTEGER (1..255), acctFlowKind INTEGER (1..255) } Nevil Brownlee [Page 15] INTERNET-DRAFT Accounting Meter Services MIB March 1995 acctFlowIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The bucket number for this flow. The different values for this variable need not be consecutive. Flow 1 is never used by the meter for a real flow. Instead it is used as an initial value for SNMP getnext requests when scanning the flow table." ::= { acctFlowEntry 1 } acctFlowStatus OBJECT-TYPE SYNTAX INTEGER { valid(1), invalid(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of this flow. Allows all table rows to be collected via a simple table sweep, whilst throwing out all flows that are invalid." ::= { acctFlowEntry 2 } acctFlowSourceInterface OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the interface associated with the source address for this flow. This value is one of the values contained in the ifIndex field of the interfaces table." ::= { acctFlowEntry 3 } acctFlowSourceAdjacentType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Adjacent address type of the source for this flow." ::= { acctFlowEntry 4 } acctFlowSourceAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the adjacent device on the path for the source for this flow." ::= { acctFlowEntry 5 } acctFlowSourceAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only Nevil Brownlee [Page 16] INTERNET-DRAFT Accounting Meter Services MIB March 1995 STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent source address for this flow." ::= { acctFlowEntry 6 } acctFlowSourcePeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Peer address type of the source for this flow." ::= { acctFlowEntry 7 } acctFlowSourcePeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the peer device for the source of this flow." ::= { acctFlowEntry 8 } acctFlowSourcePeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the source peer address for this flow." ::= { acctFlowEntry 9 } acctFlowSourceTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address type of the source for this flow." ::= { acctFlowEntry 10 } acctFlowSourceTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address for the source of this flow." ::= { acctFlowEntry 11 } acctFlowSourceTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current Nevil Brownlee [Page 17] INTERNET-DRAFT Accounting Meter Services MIB March 1995 DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the transport source address for this flow." ::= { acctFlowEntry 12 } acctFlowDestInterface OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the interface associated with the dest address for this flow. This value is one of the values contained in the ifIndex field of the interfaces table." ::= { acctFlowEntry 13 } acctFlowDestAdjacentType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Adjacent address type of the destination for this flow." ::= { acctFlowEntry 14 } acctFlowDestAdjacentAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the adjacent device on the path for the destination for this flow." ::= { acctFlowEntry 15 } acctFlowDestAdjacentMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (6)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the adjacent dest address for this flow." ::= { acctFlowEntry 16 } acctFlowDestPeerType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Peer address type of the destination for this flow." ::= { acctFlowEntry 17 } acctFlowDestPeerAddress OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) Nevil Brownlee [Page 18] INTERNET-DRAFT Accounting Meter Services MIB March 1995 MAX-ACCESS read-only STATUS current DESCRIPTION "Address of the peer device for the destination of this flow." ::= { acctFlowEntry 18 } acctFlowDestPeerMask OBJECT-TYPE SYNTAX [1] IMPLICIT OCTET STRING (SIZE (3..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the dest peer type for this flow." ::= { acctFlowEntry 19 } acctFlowDestTransType OBJECT-TYPE SYNTAX AddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address type for the destination of this flow." ::= { acctFlowEntry 20 } acctFlowDestTransAddress OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "Transport address for the destination of this flow." ::= { acctFlowEntry 21 } acctFlowDestTransMask OBJECT-TYPE SYNTAX [2] IMPLICIT OCTET STRING (SIZE (1..2)) MAX-ACCESS read-only STATUS current DESCRIPTION "1-bits in this mask indicate which bits must match when comparing the transport destination address for this flow." ::= { acctFlowEntry 22 } acctFlowPDUScale OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The scale factor applied to this particular flow. Indicates the number of bits the PDU counter values should be moved left to obtain the actual values." ::= { acctFlowEntry 23 } acctFlowOctetScale OBJECT-TYPE Nevil Brownlee [Page 19] INTERNET-DRAFT Accounting Meter Services MIB March 1995 SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The scale factor applied to this particular flow. Indicates the number of bits the octet counter values should be moved left to obtain the actual values." ::= { acctFlowEntry 24 } acctFlowRuleSet OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The RuleSet number of the rule set which created this flow." ::= { acctFlowEntry 25 } acctFlowToOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of octets flowing from source to dest address and being delivered to the protocol level being metered. In the case of IP this would count the number of octets delivered to the IP level." ::= { acctFlowEntry 26 } acctFlowToPDUs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of protocol packets flowing from source to dest address and being delivered to the protocol level being metered. In the case of IP, for example, this would count the IP packets delivered to the IP protocol level." ::= { acctFlowEntry 27 } acctFlowFromOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of octets flowing from dest to source address and being delivered to the protocol level being metered." ::= { acctFlowEntry 28 } acctFlowFromPDUs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Nevil Brownlee [Page 20] INTERNET-DRAFT Accounting Meter Services MIB March 1995 STATUS current DESCRIPTION "The count of protocol packets flowing from dest to source address and being delivered to the protocol level being metered. In the case of IP, for example, this would count the IP packets delivered to the IP protocol level." ::= { acctFlowEntry 29 } acctFlowFirstTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The time at which this flow was first entered in the table" ::= { acctFlowEntry 30 } acctFlowLastTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The last time this flow had activity, i.e. the time of arrival of the last PDU belonging to this flow." ::= { acctFlowEntry 31 } acctFlowSourceSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Subscriber ID associated with the source address for this flow." ::= { acctFlowEntry 32 } acctFlowDestSubscriberID OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Subscriber ID associated with the dest address for this flow." ::= { acctFlowEntry 33 } acctFlowSessionID OBJECT-TYPE SYNTAX [4] IMPLICIT OCTET STRING (SIZE (4..10)) MAX-ACCESS read-only STATUS current DESCRIPTION "Session ID for this flow. Such an ID might be allocated by a network access server to distinguish a series of sessions between the same pair of addresses, which would otherwise Nevil Brownlee [Page 21] INTERNET-DRAFT Accounting Meter Services MIB March 1995 appear to be parts of the same accounting flow." ::= { acctFlowEntry 34 } acctFlowSourceClass OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Source class for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 35 } acctFlowDestClass OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination class for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 36 } acctFlowClass OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Class for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 37 } acctFlowSourceKind OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Source kind for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 38 } acctFlowDestKind OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination kind for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 39 } acctFlowKind OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only Nevil Brownlee [Page 22] INTERNET-DRAFT Accounting Meter Services MIB March 1995 STATUS current DESCRIPTION "Class for this flow. Determined by the rules, set by a PushRule action when this flow was entered in the table." ::= { acctFlowEntry 40 } -- -- The Creation Table -- acctCreationTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctCreationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were created after a given time." ::= { acctFlowdata 2 } acctCreationEntry OBJECT-TYPE SYNTAX AcctCreationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Creation Entry for a particular flow." INDEX { acctCreationTime, acctCreationIndex } ::= { acctCreationTable 1 } AcctCreationEntry ::= SEQUENCE { acctCreationTime TimeTicks, acctCreationIndex INTEGER (1..65535) } acctCreationTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Earliest time after which a required flow could have been created." ::= { acctCreationEntry 1 } acctCreationIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of next entry in flow table created after Creation Time." ::= { acctCreationEntry 2 } Nevil Brownlee [Page 23] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- -- The Activity Table -- acctActivityTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctActivityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were last used after a given time." ::= { acctFlowdata 3 } acctActivityEntry OBJECT-TYPE SYNTAX AcctActivityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Activity Entry for a particular flow." INDEX { acctActivityTime, acctActivityIndex } ::= { acctActivityTable 1 } AcctActivityEntry ::= SEQUENCE { acctActivityTime TimeTicks, acctActivityIndex INTEGER (1..65535) } acctActivityTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Earliest time after which a required flow could have been active." ::= { acctActivityEntry 1 } acctActivityIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of next entry in flow table active after Active Time." ::= { acctActivityEntry 2 } -- -- The Activity Column Table -- acctActivityColumnTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctActivityColumnEntry Nevil Brownlee [Page 24] INTERNET-DRAFT Accounting Meter Services MIB March 1995 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Window into the Flow Table. Allows a collector to find all flows wich were last used after a given time, and to retrieve data values for a specified attribute of each active flow." ::= { acctFlowdata 4 } acctActivityColumnEntry OBJECT-TYPE SYNTAX AcctActivityColumnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Activity Column Entry for a particular flow." INDEX { acctActivityColumnAttribute, acctActivityColumnTime, acctActivityColumnIndex } ::= { acctActivityColumnTable 1 } AcctActivityColumnEntry ::= SEQUENCE { acctActivityColumnAttribute INTEGER (1..40), acctActivityColumnTime TimeTicks, acctActivityColumnIndex INTEGER (1..65535), acctActivityColumnFlowData [5] IMPLICIT OCTET STRING (SIZE (5..1000)) } acctActivityColumnAttribute OBJECT-TYPE SYNTAX INTEGER (1..40) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Attribute for which values are required from active flows. Each attribute is identified by an attribute number, which is its offset within acctFlowEntry (above). For example, SourceAdjacentAddress is attribute number 5." ::= { acctActivityColumnEntry 1 } acctActivityColumnTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS not-accessible STATUS current DESCRIPTION "Earliest time after which a required flow could have been active." ::= { acctActivityColumnEntry 2 } acctActivityColumnIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION Nevil Brownlee [Page 25] INTERNET-DRAFT Accounting Meter Services MIB March 1995 "Index of next entry in flow table active after acctColumnTime." ::= { acctActivityColumnEntry 3 } acctActivityColumnFlowData OBJECT-TYPE SYNTAX [5] IMPLICIT OCTET STRING (SIZE (5..1000)) MAX-ACCESS read-only STATUS current DESCRIPTION "Collection of attribute data for flows active after acctColumnTime. Within the Opaque object is a sequence of { flow index, attribute value } pairs, one for each active flow. The end of the sequence is marked by a flow index value of 0 if there are no more rows in this column, and 1 otherwise. The format of objects inside acctColumnFlowData is as follows. All numbers are unsigned. Numbers and strings appear with their high-order bytes leading. flow-1 is a two-byte number; other numbers are fixed size, as specified by their SYNTAX in the flow table (above), i.e. one byte for acctAddressType and small constants, and four bytes for Counter and Timeticks. Octet Strings are variable-length, with the length given in a single leading byte. The following is an attempt at an ASN.1 definition of acctColumnFlowData: acctActivityColumnFlowData ::= SEQUENCE { RowItems AcctRowItemList, EndMarker INTEGER (0..1) -- 0 = No more rows } AcctRowItemList ::= SEQUENCE OF AcctRowItemEntry AcctRowItemEntry ::= SEQUENCE { acctRowNumber INTEGER (1..65535), acctDataValue AcctDataType -- Choice depends on attribute } AcctDataType ::= CHOICE { acctByteValue INTEGER (1..255), acctShortValue INTEGER (1..65535), acctLongValue INTEGER (1..4294967295), acctStringValue OCTET STRING -- Length (n) in first byte, -- n+1 bytes total length, trailing zeroes truncated }" ::= { acctActivityColumnEntry 4 } -- -- The Rule Table -- Nevil Brownlee [Page 26] INTERNET-DRAFT Accounting Meter Services MIB March 1995 -- This is an array of rule tables; the one in use is selected by -- CurrentRuleSet. To change the rule set the manager chooses a set -- number which is not in use, downloads the new rule set there, then -- writes the new set number into CurrentRuleSet. Rule set 1 is the -- default rule set, used by the meter on start-up. Several rule sets -- can be held in a meter so that the manager can change the rules -- easily, for example with time of day. Note that the manager may -- not change the default rule set, nor the rules in the current rule -- set! acctRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The list of rules used to determine the granularity of accounting data." ::= { acctRuledata 1 } acctRuleEntry OBJECT-TYPE SYNTAX AcctRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule record itself." INDEX { acctRuleSet, acctRuleIndex } ::= { acctRuleTable 1 } AcctRuleEntry ::= SEQUENCE { acctRuleSet INTEGER (1..255), acctRuleIndex INTEGER (1..65535), acctRuleSelector INTEGER (1..255), -- attribute acctRuleMask [3] IMPLICIT OCTET STRING (SIZE (4..20)), -- mask acctRuleMatchedValue [3] IMPLICIT OCTET STRING (SIZE (4..20)), -- value acctRuleAction INTEGER, -- action to take acctRuleJumpIndex INTEGER (1..65535) -- where to go } acctRuleSet OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Selects a table from the array of rule tables." ::= { acctRuleEntry 1 } acctRuleIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS not-accessible Nevil Brownlee [Page 27] INTERNET-DRAFT Accounting Meter Services MIB March 1995 STATUS current DESCRIPTION "The index into the Rule table. N.B: These values will often be consecutive, given the fall-through semantics of processing the table." ::= { acctRuleEntry 2 } acctRuleSelector OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Defines the source of the value to match. Allowable selector values are described below. Null(0) is a special case; null rules always succeed. The following flow attributes may be selected (using their attribute numbers): SourceInterface(3), SourceAdjacentType(4), SourceAdjacentAddress(5), SourcePeerType(7), SourcePeerAddress(8), SourceTransType(10), SourceTransAddress(11), DestInterface(13), DestAdjacentType(14), DestAdjacentAddress(15), DestPeerType(17), DestPeerAddress(18), DestTransType(20), DestTransAddress(21), SourceSubscriberID(32), DestSubscriberID(33), SessionID(34) Var1(51), Var2(52), Var3(53), Var4(54) and Var5(55) select meter variables, each of which can hold the name (i.e. selector value) of an address attribute. When one of these is used as a selector, its value specifies the attribute to be tested. Variable values are set by an Assign action." ::= { acctRuleEntry 3 } acctRuleMask OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The initial mask used to compute the desired value, encoded as an OCTET STRING. If the mask is zero the rule's test will Nevil Brownlee [Page 28] INTERNET-DRAFT Accounting Meter Services MIB March 1995 always succeed." ::= { acctRuleEntry 4 } acctRuleMatchedValue OBJECT-TYPE SYNTAX [3] IMPLICIT OCTET STRING (SIZE (4..20)) MAX-ACCESS read-create STATUS current DESCRIPTION "The resulting value to be matched for equality. Specifically, if the attribute chosen by the acctRuleSelector logically ANDed with the mask specified by the acctRuleMask equals the value specified in the acctRuleMatchedValue, then continue processing the table entry based on the action specified by the acctRuleAction entry. Otherwise, proceed to the next entry in the rule table." ::= { acctRuleEntry 5 } acctRuleAction OBJECT-TYPE SYNTAX INTEGER { ignore(1), retry(2), count(3), countpkt(4), return(5), gosub(6), gosubact(7), assign(8), assignact(9), goto(10), gotoact(11), pushrule(12), pushruleact(13), pushpkt(14), pushpktact(15) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action to be taken if there is a match between this rule and the PDU being considered, or if this rule is executed as the result of a return, gosubact, assignact, gotoact, pushruleact or pushpktact action in the last rule executed. The meter maintains a pattern stack (i.e. a stack of attribute information saved by rules which have executed pushrule or pushpkt actions), and a return stack (i.e. a stack of return addresses for rule-matching subroutines). Ignore(1) stops rule matching for the PDU. It will not be counted. Retry(2) terminates rule matching and indicates that the PDU was not matched. The meter may try to match it again, for example with the source and dest keys interchanged. Count(3) counts this PDU in a flow which is part of the count table specified by acctRuleJumpIndex. Count tables are tables of flows maintained internally by the meter; they are not visible via the MIB. Attribute values for flows in a count table are taken from the pattern stack, in the same order as they were pushed during rule processing. The user should ensure that every flow in a count table has the same set of masks for its attribute values, i.e. was created by the same sequence of PushRule and/or PushPkt RuleActions. Nevil Brownlee [Page 29] INTERNET-DRAFT Accounting Meter Services MIB March 1995 CountPkt(4) executes a PushPkt(14) action (see below), then a Count(3) action (see above). Return(5) returns from a rule-matching subroutine. The return rule index is popped from the return stack and added to RuleJumpIndex to select a target rule. The action for the target rule is executed immediately, allowing rule-matching subroutines to return a result. GoSub(6) calls a rule-matching subroutine. RuleJumpIndex is used as the index of the next rule to match, and the meter pushes the current rule index+1 onto the return stack. GoSubAct(7) is the same as GoSub(6) except that execution of the subroutine's first rule starts with its action, not it's test. Assign(8) sets the value of a meter variable. The variable is specified by acctRuleSelector and its value is set to RuleMatchedValue. Assign(8) and AssignAct(9) rules should never perform a test; this means they should always be executed as the result of a return, gosubact, assignact, gotoact, pushruleact or pushpktact action. AssignAct(9) is the same as Assign(8) except that execution of the next rule starts with its action, not it's test. Goto(10) tells the meter to use RuleJumpIndex as the index of the next rule to match. The pattern stack is not changed. GotoAct(11) is the same as Goto(10) except that execution of the target rule starts with its action, not it's test. PushRule(12) tells the meter to use RuleJumpIndex as the index of the next rule to match. It also pushes the attribute name, mask and value from this rule onto the pattern stack. PushRuleAct(13) is the same as PushRule(10) except that execution of the target rule starts with its action, not it's test. PushPkt(14) tells the meter to use RuleJumpIndex as the index of the next rule to match. It also pushes the attribute name and mask from this rule, together with the masked attribuute value from the PDU, onto the pattern stack. RuleMatchedValue is not used by PushPkt(14), so PushPkt(14) and PushPktAct(15) rules should always be executed as the result of a return, gosubact, assignact, gotoact, pushruleact or pushpktact action. PushPktAct(15) is the same as PushPkt(14) except that execution of the target rule starts with its action, not its test." ::= { acctRuleEntry 6 } acctRuleJumpIndex OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION Nevil Brownlee [Page 30] INTERNET-DRAFT Accounting Meter Services MIB March 1995 "An index into the Rule table. Where to restart the search. Must take on one of the values allowed for acctRuleIndex." ::= { acctRuleEntry 7 } END 5 Acknowledgements This document was produced under the auspices of the IETF's Accounting Working Group with assistance from SNMP and SAAG working groups. 6 References [1] McCloghrie K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets," RFC 1213, Performance Systems International, March 1991. [2] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Structure of Management Information for version 2 of the Simple Network Managemenet Protocol," RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [3] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Textual Conventions for version 2 of the Simple Network Managemenet Protocol SNMPv2", RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [4] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Conformance Statements for version 2 of the Simple Network Managemenet Protocol (SNMPv2)," RFC 1442, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [5] J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Coexistence between version 1 and version 2 of the Internet-standard Network Management Framework," RFC 1452, SNMP Research Inc., Hughes LAN Systems, Dover Beach Consulting, Carnegie Mellon University, April 1993. [6] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One Nevil Brownlee [Page 31] INTERNET-DRAFT Accounting Meter Services MIB March 1995 (ASN.1), International Organization for Standardization, International Standard 8824, December 1987. [7] Information processing systems - Open Systems Interconnection - Specification of Basic Encoding Rules for Abstract Notation One (ASN.1), International Organization for Standardization, International Standard 8825, December 1987. [8] Mills, C., Hirsch, G. and Ruth, G., "Internet Accounting Background," RFC 1272, Bolt Beranek and Newman Inc., Meridian Technology Corporation, November 1991. [9] Brownlee, N., Mills, C., and Ruth, G., "Internet Accounting Architecture," Internet Draft, The University of Auckland, Bolt Beranek and Newman Inc., GTE Laboratories, Inc, November 1994. 7 Security Considerations Security issues are not discussed in this document. 8 Author's Address Nevil Brownlee Computer Centre The University of Auckland Nevil Brownlee [Page 32]