draft-ietf-policy-pcim-ext-06.txt   draft-ietf-policy-pcim-ext-07.txt 
skipping to change at page 1, line 18 skipping to change at page 1, line 18
A. Westerinen A. Westerinen
Cisco Systems Cisco Systems
R. Chadha R. Chadha
Telcordia Technologies Telcordia Technologies
M. Brunner M. Brunner
NEC NEC
R. Cohen R. Cohen
Ntear LLC Ntear LLC
J. Strassner J. Strassner
INTELLLIDEN, Inc. INTELLLIDEN, Inc.
November 2001 February, 2002
Policy Core Information Model Extensions Policy Core Information Model Extensions
<draft-ietf-policy-pcim-ext-06.txt> <draft-ietf-policy-pcim-ext-07.txt>
Thursday, November 08, 2001, 3:23 PM Wednesday, February 27, 2002, 8:58 AM
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 47 skipping to change at page 1, line 47
cite them other than as "work in progress." cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
This document proposes a number of changes to the Policy Core Information This document proposes a number of changes to the Policy Core Information
Model (PCIM, RFC 3060). These changes include both extensions of PCIM Model (PCIM, RFC 3060). These changes include both extensions of PCIM
into areas that it did not previously cover, and changes to the existing into areas that it did not previously cover, and changes to the existing
PCIM classes and associations. Both sets of changes are done in a way PCIM classes and associations. Both sets of changes are done in a way
that, to the extent possible, preserves interoperability with that, to the extent possible, preserves interoperability with
implementations of the original PCIM model. implementations of the original PCIM model.
skipping to change at page 3, line 37 skipping to change at page 3, line 37
5.12.9. The Class "PolicyIPToSVariable"..........................50 5.12.9. The Class "PolicyIPToSVariable"..........................50
5.12.10. The Class "PolicyDSCPVariable"..........................50 5.12.10. The Class "PolicyDSCPVariable"..........................50
5.12.11. The Class "PolicyFlowIdVariable"........................51 5.12.11. The Class "PolicyFlowIdVariable"........................51
5.12.12. The Class "PolicySourceMACVariable".....................51 5.12.12. The Class "PolicySourceMACVariable".....................51
5.12.13. The Class "PolicyDestinationMACVariable"................51 5.12.13. The Class "PolicyDestinationMACVariable"................51
5.12.14. The Class "PolicyVLANVariable"..........................51 5.12.14. The Class "PolicyVLANVariable"..........................51
5.12.15. The Class "PolicyCoSVariable"...........................52 5.12.15. The Class "PolicyCoSVariable"...........................52
5.12.16. The Class "PolicyEthertypeVariable".....................52 5.12.16. The Class "PolicyEthertypeVariable".....................52
5.12.17. The Class "PolicySourceSAPVariable".....................52 5.12.17. The Class "PolicySourceSAPVariable".....................52
5.12.18. The Class "PolicyDestinationSAPVariable"................52 5.12.18. The Class "PolicyDestinationSAPVariable"................52
5.12.19. The Class "PolicySNAPVariable"..........................53 5.12.19. The Class "PolicySNAPOUIVariable".......................53
5.12.20. The Class "PolicyFlowDirectionVariable".................53 5.12.20. The Class "PolicySNAPTypeVariable"......................53
5.13. The Abstract Class "PolicyValue"...........................53 5.12.21. The Class "PolicyFlowDirectionVariable".................54
5.13. The Abstract Class "PolicyValue"...........................54
5.14. Subclasses of "PolicyValue" Specified in PCIMe.............54 5.14. Subclasses of "PolicyValue" Specified in PCIMe.............54
5.14.1. The Class "PolicyIPv4AddrValue"..........................54 5.14.1. The Class "PolicyIPv4AddrValue"..........................54
5.14.2. The Class "PolicyIPv6AddrValue...........................55 5.14.2. The Class "PolicyIPv6AddrValue...........................55
5.14.3. The Class "PolicyMACAddrValue"...........................56 5.14.3. The Class "PolicyMACAddrValue"...........................56
5.14.4. The Class "PolicyStringValue"............................56 5.14.4. The Class "PolicyStringValue"............................57
5.14.5. The Class "PolicyBitStringValue".........................57 5.14.5. The Class "PolicyBitStringValue".........................57
5.14.6. The Class "PolicyIntegerValue"...........................58 5.14.6. The Class "PolicyIntegerValue"...........................58
5.14.7. The Class "PolicyBooleanValue"...........................59 5.14.7. The Class "PolicyBooleanValue"...........................59
5.15. The Class "PolicyRoleCollection"...........................59 5.15. The Class "PolicyRoleCollection"...........................59
5.15.1. The Single-Valued Property "PolicyRole"..................59 5.15.1. The Single-Valued Property "PolicyRole"..................60
5.16. The Class "ReusablePolicyContainer"........................59 5.16. The Class "ReusablePolicyContainer"........................60
5.17. Deprecate PCIM's Class "PolicyRepository"..................60 5.17. Deprecate PCIM's Class "PolicyRepository"..................60
5.18. The Abstract Class "FilterEntryBase".......................60 5.18. The Abstract Class "FilterEntryBase".......................61
5.19. The Class "IpHeadersFilter"................................60 5.19. The Class "IpHeadersFilter"................................61
5.19.1. The Property HdrIpVersion................................61 5.19.1. The Property HdrIpVersion................................61
5.19.2. The Property HdrSrcAddress...............................61 5.19.2. The Property HdrSrcAddress...............................62
5.19.3. The Property HdrSrcMask..................................61 5.19.3. The Property HdrSrcAddressEndOfRange.....................62
5.19.4. The Property HdrDestAddress..............................62 5.19.4. The Property HdrSrcMask..................................62
5.19.5. The Property HdrDestMask.................................62 5.19.5. The Property HdrDestAddress..............................63
5.19.6. The Property HdrProtocolID...............................62 5.19.6. The Property HdrDestAddressEndOfRange....................63
5.19.7. The Property HdrSrcPortStart.............................62 5.19.7. The Property HdrDestMask.................................63
5.19.8. The Property HdrSrcPortEnd...............................63 5.19.8. The Property HdrProtocolID...............................63
5.19.9. The Property HdrDestPortStart............................63 5.19.9. The Property HdrSrcPortStart.............................64
5.19.10. The Property HdrDestPortEnd.............................63 5.19.10. The Property HdrSrcPortEnd..............................64
5.19.11. The Property HdrDSCP....................................64 5.19.11. The Property HdrDestPortStart...........................64
5.19.12. The Property HdrFlowLabel...............................64 5.19.12. The Property HdrDestPortEnd.............................65
5.20. The Class "8021Filter".....................................64 5.19.13. The Property HdrDSCP....................................65
5.20.1. The Property 8021HdrSrcMACAddr...........................65 5.19.14. The Property HdrFlowLabel...............................65
5.20.2. The Property 8021HdrSrcMACMask...........................65 5.20. The Class "8021Filter".....................................65
5.20.3. The Property 8021HdrDestMACAddr..........................65 5.20.1. The Property 8021HdrSrcMACAddr...........................66
5.20.4. The Property 8021HdrDestMACMask..........................65 5.20.2. The Property 8021HdrSrcMACMask...........................66
5.20.5. The Property 8021HdrProtocolID...........................65 5.20.3. The Property 8021HdrDestMACAddr..........................66
5.20.6. The Property 8021HdrPriorityValue........................66 5.20.4. The Property 8021HdrDestMACMask..........................66
5.20.7. The Property 8021HdrVLANID...............................66 5.20.5. The Property 8021HdrProtocolID...........................67
5.21. The Class FilterList.......................................66 5.20.6. The Property 8021HdrPriorityValue........................67
5.21.1. The Property Direction...................................67 5.20.7. The Property 8021HdrVLANID...............................67
6. Association and Aggregation Definitions..........................67 5.21. The Class FilterList.......................................67
6.1. The Aggregation "PolicySetComponent"........................67 5.21.1. The Property Direction...................................68
6.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup".....68 6. Association and Aggregation Definitions..........................68
6.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"......68 6.1. The Aggregation "PolicySetComponent"........................68
6.4. The Abstract Association "PolicySetInSystem"................68 6.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup".....69
6.5. Update PCIM's Weak Association "PolicyGroupInSystem"........69 6.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"......69
6.6. Update PCIM's Weak Association "PolicyRuleInSystem".........70 6.4. The Abstract Association "PolicySetInSystem"................70
6.7. The Abstract Aggregation "PolicyConditionStructure".........70 6.5. Update PCIM's Weak Association "PolicyGroupInSystem"........70
6.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule".....70 6.6. Update PCIM's Weak Association "PolicyRuleInSystem".........71
6.9. The Aggregation "PolicyConditionInPolicyCondition"..........71 6.7. The Abstract Aggregation "PolicyConditionStructure".........71
6.10. The Abstract Aggregation "PolicyActionStructure"...........71 6.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule".....72
6.11. Update PCIM's Aggregation "PolicyActionInPolicyRule".......71 6.9. The Aggregation "PolicyConditionInPolicyCondition"..........72
6.12. The Aggregation "PolicyActionInPolicyAction"...............71 6.10. The Abstract Aggregation "PolicyActionStructure"...........72
6.13. The Aggregation "PolicyVariableInSimplePolicyCondition"....72 6.11. Update PCIM's Aggregation "PolicyActionInPolicyRule".......72
6.14. The Aggregation "PolicyValueInSimplePolicyCondition".......72 6.12. The Aggregation "PolicyActionInPolicyAction"...............73
6.15. The Aggregation "PolicyVariableInSimplePolicyAction".......73 6.13. The Aggregation "PolicyVariableInSimplePolicyCondition"....73
6.16. The Aggregation "PolicyValueInSimplePolicyAction"..........74 6.14. The Aggregation "PolicyValueInSimplePolicyCondition".......74
6.17. The Association "ReusablePolicy"...........................74 6.15. The Aggregation "PolicyVariableInSimplePolicyAction".......74
6.18. Deprecate PCIM's "PolicyConditionInPolicyRepository".......75 6.16. The Aggregation "PolicyValueInSimplePolicyAction"..........75
6.19. Deprecate PCIM's "PolicyActionInPolicyRepository"..........75 6.17. The Association "ReusablePolicy"...........................76
6.20. The Association ExpectedPolicyValuesForVariable............75 6.18. Deprecate PCIM's "PolicyConditionInPolicyRepository".......76
6.21. The Aggregation "ContainedDomain"..........................76 6.19. Deprecate PCIM's "PolicyActionInPolicyRepository"..........76
6.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"......76 6.20. The Association ExpectedPolicyValuesForVariable............76
6.23. The Aggregation "EntriesInFilterList"......................76 6.21. The Aggregation "ContainedDomain"..........................77
6.23.1. The Reference GroupComponent.............................77 6.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"......77
6.23.2. The Reference PartComponent..............................77 6.23. The Aggregation "EntriesInFilterList"......................78
6.23.3. The Property EntrySequence...............................77 6.23.1. The Reference GroupComponent.............................78
6.24. The Aggregation "ElementInPolicyRoleCollection"............77 6.23.2. The Reference PartComponent..............................78
6.25. The Weak Association "PolicyRoleCollectionInSystem"........78 6.23.3. The Property EntrySequence...............................79
7. Intellectual Property............................................79 6.24. The Aggregation "ElementInPolicyRoleCollection"............79
8. Acknowledgements.................................................79 6.25. The Weak Association "PolicyRoleCollectionInSystem"........79
9. Security Considerations..........................................79 7. Intellectual Property............................................80
10. References......................................................79 8. Acknowledgements.................................................80
11. Authors' Addresses..............................................80 9. Security Considerations..........................................80
12. Full Copyright Statement........................................82 10. References......................................................81
13. Appendix A: Closed Issues.......................................82 11. Authors' Addresses..............................................82
12. Full Copyright Statement........................................83
13. Appendix A: Closed Issues.......................................84
1. Introduction 1. Introduction
This document (PCIM Extensions, abbreviated here to PCIMe) proposes a This document (PCIM Extensions, abbreviated here to PCIMe) proposes a
number of changes to the Policy Core Information Model (PCIM, RFC 3060 number of changes to the Policy Core Information Model (PCIM, RFC 3060
[3]). These changes include both extensions of PCIM into areas that it [3]). These changes include both extensions of PCIM into areas that it
did not previously cover, and changes to the existing PCIM classes and did not previously cover, and changes to the existing PCIM classes and
associations. Both sets of changes are done in a way that, to the extent associations. Both sets of changes are done in a way that, to the extent
possible, preserves interoperability with implementations of the original possible, preserves interoperability with implementations of the original
PCIM model. PCIM model.
skipping to change at page 30, line 38 skipping to change at page 30, line 38
+-----------------------+ +-----------------------+
| SimplePolicyCondition | | SimplePolicyCondition |
+-----------------------+ +-----------------------+
* @ * @
* @ * @
* @ * @
+-----------------------------------+ +--------------------------+ +-----------------------------------+ +--------------------------+
| Name=SmallSourcePorts | | Name=Port300 | | Name=SmallSourcePorts | | Name=Port300 |
| Class=PolicySourcePortVariable | | Class=PolicyIntegerValue | | Class=PolicySourcePortVariable | | Class=PolicyIntegerValue |
| ValueTypes=[PolicyIntegerVariable]| | IntegerList = [300] | | ValueTypes=[PolicyIntegerValue] | | IntegerList = [300] |
+-----------------------------------+ +--------------------------+ +-----------------------------------+ +--------------------------+
# #
# #
# #
+-------------------------+ +-------------------------+
|Name=SmallPortsValues | |Name=SmallPortsValues |
|Class=PolicyIntegerValue | |Class=PolicyIntegerValue |
|IntegerList=[1..200] | |IntegerList=[1..200] |
+-------------------------+ +-------------------------+
skipping to change at page 50, line 10 skipping to change at page 50, line 10
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.7. The Class "PolicyIPProtocolVariable" 5.12.7. The Class "PolicyIPProtocolVariable"
NAME PolicyIPProtocolVariable NAME PolicyIPProtocolVariable
DESCRIPTION The IP protocol number. DESCRIPTION The IP protocol number.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..255)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.8. The Class "PolicyIPVersionVariable" 5.12.8. The Class "PolicyIPVersionVariable"
NAME PolicyIPVersionVariable NAME PolicyIPVersionVariable
DESCRIPTION The IP version number. The well-known values are 4 DESCRIPTION The IP version number. The well-known values are 4
and 6. and 6.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..15)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.9. The Class "PolicyIPToSVariable" 5.12.9. The Class "PolicyIPToSVariable"
NAME PolicyIPToSVariable NAME PolicyIPToSVariable
DESCRIPTION The IP TOS octet. DESCRIPTION The IP TOS octet.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue (0..255) - PolicyIntegerValue (0..255)
- PolicyBitStringValue - PolicyBitStringValue (8 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.10. The Class "PolicyDSCPVariable" 5.12.10. The Class "PolicyDSCPVariable"
NAME PolicyDSCPVariable NAME PolicyDSCPVariable
DESCRIPTION The 6 bit Differentiated Service Code Point. DESCRIPTION The 6 bit Differentiated Service Code Point.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue (0..63) - PolicyIntegerValue (0..63)
- PolicyBitStringValue - PolicyBitStringValue (6 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.11. The Class "PolicyFlowIdVariable" 5.12.11. The Class "PolicyFlowIdVariable"
NAME PolicyFlowIdVariable NAME PolicyFlowIdVariable
DESCRIPTION The flow identifer of the outermost IPv6 packet DESCRIPTION The flow identifer of the outermost IPv6 packet
header. "Outermost" here refers to the IP packet as header. "Outermost" here refers to the IP packet as
it flows on the wire, before any headers have been it flows on the wire, before any headers have been
stripped from it. stripped from it.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..1048575
- PolicyBitStringValue - PolicyBitStringValue (20 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.12. The Class "PolicySourceMACVariable" 5.12.12. The Class "PolicySourceMACVariable"
NAME PolicySourceMACVariable NAME PolicySourceMACVariable
DESCRIPTION The source MAC address. DESCRIPTION The source MAC address.
skipping to change at page 51, line 51 skipping to change at page 51, line 51
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.14. The Class "PolicyVLANVariable" 5.12.14. The Class "PolicyVLANVariable"
NAME PolicyVLANVariable NAME PolicyVLANVariable
DESCRIPTION The virtual Bridged Local Area Network Identifier, a DESCRIPTION The virtual Bridged Local Area Network Identifier, a
12-bit field as defined in the IEEE 802.1q standard. 12-bit field as defined in the IEEE 802.1q standard.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..4095)
- PolicyBitStringValue - PolicyBitStringValue (12 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.15. The Class "PolicyCoSVariable" 5.12.15. The Class "PolicyCoSVariable"
NAME PolicyCoSVariable NAME PolicyCoSVariable
DESCRIPTION Class of Service, a 3-bit field, used in the layer 2 DESCRIPTION Class of Service, a 3-bit field, used in the layer 2
header to select the forwarding treatment. Bound to header to select the forwarding treatment. Bound to
the IEEE 802.1q user-priority field. the IEEE 802.1q user-priority field.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..7)
- PolicyBitStringValue - PolicyBitStringValue (3 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.16. The Class "PolicyEthertypeVariable" 5.12.16. The Class "PolicyEthertypeVariable"
NAME PolicyEthertypeVariable NAME PolicyEthertypeVariable
DESCRIPTION The Ethertype protocol number of Ethernet frames. DESCRIPTION The Ethertype protocol number of Ethernet frames.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..65535)
- PolicyBitStringValue - PolicyBitStringValue (16 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.17. The Class "PolicySourceSAPVariable" 5.12.17. The Class "PolicySourceSAPVariable"
NAME PolicySourceSAPVariable NAME PolicySourceSAPVariable
DESCRIPTION The Source Service Access Point (SAP) number of the DESCRIPTION The Source Service Access Point (SAP) number of the
IEEE 802.2 LLC header. IEEE 802.2 LLC header.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..255)
- PolicyBitStringValue - PolicyBitStringValue (8 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.18. The Class "PolicyDestinationSAPVariable" 5.12.18. The Class "PolicyDestinationSAPVariable"
NAME PolicyDestinationSAPVariable NAME PolicyDestinationSAPVariable
DESCRIPTION The Destination Service Access Point (SAP) number of DESCRIPTION The Destination Service Access Point (SAP) number of
the IEEE 802.2 LLC header. the IEEE 802.2 LLC header.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..255)
- PolicyBitStringValue - PolicyBitStringValue (8 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.19. The Class "PolicySNAPVariable" 5.12.19. The Class "PolicySNAPOUIVariable"
NAME PolicySNAPVariable NAME PolicySNAPOUIVariable
DESCRIPTION The protocol number over a Sub-Network Access Protocol DESCRIPTION The value of the first three octets of the Sub-Network
(SNAP) SAP encapsulation. Access Protocol (SNAP) Protocol Identifier field for
802.2 SNAP encapsulation, containing an
Organizationally Unique Identifier (OUI). The value
00-00-00 indicates the encapsulation of Ethernet
frames (RFC 1042). OUI value 00-00-F8 indicates the
special encapsulation of Ethernet frames by certain
types of bridges (IEEE 802.1H). Other values are
supported, but are not further defined here. These
OUI. values are to be interpreted according to the
endian-notation conventions of IEEE 802. For either
of the two Ethernet encapsulations, the remainder of
the Protocol Identifier field is represented by the
PolicySNAPTypeVariable.
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyIntegerValue - PolicyIntegerValue (0..16777215)
- PolicyBitStringValue - PolicyBitStringValue (24 bits)
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
5.12.20. The Class "PolicyFlowDirectionVariable" 5.12.20. The Class "PolicySNAPTypeVariable"
NAME PolicySNAPTypeVariable
DESCRIPTION The value of the 4th and 5th octets of the Sub-Network
Access Protocol (SNAP) Protocol Identifier field for
IEEE 802 SNAP encapsulation when the
PolicySNAPOUIVariable indicates one of the two
Encapsulated Ethernet frame formats. This value is
undefined for other values of PolicySNAPOUIVariable.
ALLOWED VALUE TYPES:
- PolicyIntegerValue (0..65535)
- PolicyBitStringValue (16 bits)
DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE
PROPERTIES (none)
5.12.21. The Class "PolicyFlowDirectionVariable"
NAME PolicyFlowDirectionVariable NAME PolicyFlowDirectionVariable
DESCRIPTION The direction of a flow relative to a network element. DESCRIPTION The direction of a flow relative to a network element.
Direction may be "IN" and/or "OUT". Direction may be "IN" and/or "OUT".
ALLOWED VALUE TYPES: ALLOWED VALUE TYPES:
- PolicyStringValue - PolicyStringValue ('IN", "OUT")
DERIVED FROM PolicyImplicitVariable DERIVED FROM PolicyImplicitVariable
ABSTRACT FALSE ABSTRACT FALSE
PROPERTIES (none) PROPERTIES (none)
To match on both inbound and outbound flows, the associated To match on both inbound and outbound flows, the associated
PolicyStringValue object has two entries in its StringList property: "IN" PolicyStringValue object has two entries in its StringList property: "IN"
and "OUT". and "OUT".
5.13. The Abstract Class "PolicyValue" 5.13. The Abstract Class "PolicyValue"
skipping to change at page 61, line 14 skipping to change at page 61, line 43
addresses come from the same packet header, they will always be of the addresses come from the same packet header, they will always be of the
same type. same type.
The class definition is as follows: The class definition is as follows:
NAME IpHeadersFilter NAME IpHeadersFilter
DESCRIPTION A class representing an entire IP DESCRIPTION A class representing an entire IP
header filter, or any subset of one. header filter, or any subset of one.
DERIVED FROM FilterEntryBase DERIVED FROM FilterEntryBase
TYPE Concrete TYPE Concrete
PROPERTIES HdrIpVersion, HdrSrcAddress, HdrSrcMask, PROPERTIES HdrIpVersion, HdrSrcAddress,
HdrDestAddress, HdrDestMask, HdrProtocolID, HdrSrcAddressEndOfRange, HdrSrcMask,
HdrDestAddress, HdrDestAddressEndOfRange,
HdrDestMask, HdrProtocolID,
HdrSrcPortStart, HdrSrcPortEnd, HdrSrcPortStart, HdrSrcPortEnd,
HdrDestPortStart, HdrDestPortEnd, HdrDSCP, HdrDestPortStart, HdrDestPortEnd, HdrDSCP[ ],
HdrFlowLabel HdrFlowLabel
5.19.1. The Property HdrIpVersion 5.19.1. The Property HdrIpVersion
This property is an 8-bit unsigned integer, identifying the version of This property is an 8-bit unsigned integer, identifying the version of
the IP addresses to be filtered on. IP versions are identified as they the IP addresses to be filtered on. IP versions are identified as they
are in the Version field of the IP packet header - IPv4 = 4, IPv6 = 6. are in the Version field of the IP packet header - IPv4 = 4, IPv6 = 6.
These two values are the only ones defined for this property. These two values are the only ones defined for this property.
The value of this property determines the sizes of the OctetStrings in The value of this property determines the sizes of the OctetStrings in
the four properties HdrSrcAddress, HdrSrcMask, HdrDestAddress, and the six properties HdrSrcAddress, HdrSrcAddressEndOfRange, HdrSrcMask,
HdrDestMask, as follows: HdrDestAddress, HdrDestAddressEndOfRange, and HdrDestMask, as follows:
o IPv4: OctetString(SIZE (4)) o IPv4: OctetString(SIZE (4))
o IPv6: OctetString(SIZE (16|20)), depending on whether a scope o IPv6: OctetString(SIZE (16|20)), depending on whether a scope
identifier is present identifier is present
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider IP version in selecting matching packets, i.e., IP version consider IP version in selecting matching packets, i.e., IP version
matches for all values. In this case, the HdrSrcAddress, HdrSrcMask, matches for all values. In this case, the HdrSrcAddress,
HdrDestAddress, and HdrDestMask must also not be present. HdrSrcAddressEndOfRange, HdrSrcMask, HdrDestAddress,
HdrDestAddressEndOfRange, and HdrDestMask must also not be present.
5.19.2. The Property HdrSrcAddress 5.19.2. The Property HdrSrcAddress
This property is an OctetString, of a size determined by the value of the This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing a source IP address. This value is HdrIpVersion property, representing a source IP address. When there is
compared to the source address in the IP header, subject to the mask no HdrSrcAddressEndOfRange value, this value is compared to the source
represented in the HdrSrcMask property. address in the IP header, subject to the mask represented in the
HdrSrcMask property. (Note that the mask is ANDed with the address.)
When there is a HdrSrcAddressEndOfRange value, this value is the start of
the specified range (i.e., the HdrSrcAddress is lower than the
HdrSrcAddressEndOfRange) that is compared to the source address in the IP
header and matches on any value in the range.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrSrcAddress in selecting matching packets, i.e., HdrSrcAddress consider HdrSrcAddress in selecting matching packets, i.e., HdrSrcAddress
matches for all values. matches for all values.
5.19.3. The Property HdrSrcMask 5.19.3. The Property HdrSrcAddressEndOfRange
This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing the end of a range of source IP
addresses (inclusive), where the start of the range is the HdrSrcAddress
property value.
If a value for HdrSrcAddress is not provided, then this property also
MUST NOT be provided. If a value for this property is provided, then
HdrSrcMask MUST NOT be provided.
5.19.4. The Property HdrSrcMask
This property is an OctetString, of a size determined by the value of the This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing a mask to be used in comparing the HdrIpVersion property, representing a mask to be used in comparing the
source address in the IP header with the value represented in the source address in the IP header with the value represented in the
HdrSrcAddress property. HdrSrcAddress property.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrSrcMask in selecting matching packets, i.e., the value of consider HdrSrcMask in selecting matching packets, i.e., the value of
HdrSrcAddress must match the source address in the packet exactly. HdrSrcAddress or the source address range must match the source address
in the packet exactly. If a value for this property is provided, then
HdrSrcAddressEndOfRange MUST NOT be provided.
5.19.4. The Property HdrDestAddress 5.19.5. The Property HdrDestAddress
This property is an OctetString, of a size determined by the value of the This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing a destination IP address. This value HdrIpVersion property, representing a destination IP address. When there
is compared to the destination address in the IP header, subject to the is no HdrDestAddressEndOfRange value, this value is compared to the
mask represented in the HdrDestMask property. destination address in the IP header, subject to the mask represented in
the HdrDestMask property. (Note that the mask is ANDed with the
address.) When there is a HdrDestAddressEndOfRange value, this value is
the start of the specified range (i.e., the HdrDestAddress is lower than
the HdrDestAddressEndOfRange) that is compared to the destination address
in the IP header and matches on any value in the range.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrDestAddress in selecting matching packets, i.e., consider HdrDestAddress in selecting matching packets, i.e.,
HdrDestAddress matches for all values. HdrDestAddress matches for all values.
5.19.5. The Property HdrDestMask 5.19.6. The Property HdrDestAddressEndOfRange
This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing the end of a range of destination IP
addresses (inclusive), where the start of the range is the HdrDestAddress
property value.
If a value for HdrDestAddress is not provided, then this property also
MUST NOT be provided. If a value for this property is provided, then
HdrDestMask MUST NOT be provided.
5.19.7. The Property HdrDestMask
This property is an OctetString, of a size determined by the value of the This property is an OctetString, of a size determined by the value of the
HdrIpVersion property, representing a mask to be used in comparing the HdrIpVersion property, representing a mask to be used in comparing the
destination address in the IP header with the value represented in the destination address in the IP header with the value represented in the
HdrDestAddress property. HdrDestAddress property.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrDestMask in selecting matching packets, i.e., the value of consider HdrDestMask in selecting matching packets, i.e., the value of
HdrDestAddress must match the destination address in the packet exactly. HdrDestAddress or the destination address range must match the
destination address in the packet exactly. If a value for this property
is provided, then HdrDestAddressEndOfRange MUST NOT be provided.
5.19.6. The Property HdrProtocolID 5.19.8. The Property HdrProtocolID
This property is an 8-bit unsigned integer, representing an IP protocol This property is an 8-bit unsigned integer, representing an IP protocol
type. This value is compared to the Protocol field in the IP header. type. This value is compared to the Protocol field in the IP header.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrProtocolID in selecting matching packets, i.e., HdrProtocolID consider HdrProtocolID in selecting matching packets, i.e., HdrProtocolID
matches for all values. matches for all values.
5.19.7. The Property HdrSrcPortStart 5.19.9. The Property HdrSrcPortStart
This property is a 16-bit unsigned integer, representing the lower end of This property is a 16-bit unsigned integer, representing the lower end of
a range of UDP or TCP source ports. The upper end of the range is a range of UDP or TCP source ports. The upper end of the range is
represented by the HdrSrcPortEnd property. The value of HdrSrcPortStart represented by the HdrSrcPortEnd property. The value of HdrSrcPortStart
MUST be no greater than the value of HdrSrcPortEnd. A single port is MUST be no greater than the value of HdrSrcPortEnd. A single port is
indicated by equal values for HdrSrcPortStart and HdrSrcPortEnd. indicated by equal values for HdrSrcPortStart and HdrSrcPortEnd.
A source port filter is evaluated by testing whether the source port A source port filter is evaluated by testing whether the source port
identified in the IP header falls within the range of values between identified in the IP header falls within the range of values between
HdrSrcPortStart and HdrSrcPortEnd, including these two end points. HdrSrcPortStart and HdrSrcPortEnd, including these two end points.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrSrcPortStart in selecting matching packets, i.e., there is no consider HdrSrcPortStart in selecting matching packets, i.e., there is no
lower bound in matching source port values. lower bound in matching source port values.
5.19.8. The Property HdrSrcPortEnd 5.19.10. The Property HdrSrcPortEnd
This property is a 16-bit unsigned integer, representing the upper end of This property is a 16-bit unsigned integer, representing the upper end of
a range of UDP or TCP source ports. The lower end of the range is a range of UDP or TCP source ports. The lower end of the range is
represented by the HdrSrcPortStart property. The value of HdrSrcPortEnd represented by the HdrSrcPortStart property. The value of HdrSrcPortEnd
MUST be no less than the value of HdrSrcPortStart. A single port is MUST be no less than the value of HdrSrcPortStart. A single port is
indicated by equal values for HdrSrcPortStart and HdrSrcPortEnd. indicated by equal values for HdrSrcPortStart and HdrSrcPortEnd.
A source port filter is evaluated by testing whether the source port A source port filter is evaluated by testing whether the source port
identified in the IP header falls within the range of values between identified in the IP header falls within the range of values between
HdrSrcPortStart and HdrSrcPortEnd, including these two end points. HdrSrcPortStart and HdrSrcPortEnd, including these two end points.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrSrcPortEnd in selecting matching packets, i.e., there is no consider HdrSrcPortEnd in selecting matching packets, i.e., there is no
upper bound in matching source port values. upper bound in matching source port values.
5.19.9. The Property HdrDestPortStart 5.19.11. The Property HdrDestPortStart
This property is a 16-bit unsigned integer, representing the lower end of This property is a 16-bit unsigned integer, representing the lower end of
a range of UDP or TCP destination ports. The upper end of the range is a range of UDP or TCP destination ports. The upper end of the range is
represented by the HdrDestPortEnd property. The value of represented by the HdrDestPortEnd property. The value of
HdrDestPortStart MUST be no greater than the value of HdrDestPortEnd. A HdrDestPortStart MUST be no greater than the value of HdrDestPortEnd. A
single port is indicated by equal values for HdrDestPortStart and single port is indicated by equal values for HdrDestPortStart and
HdrDestPortEnd. HdrDestPortEnd.
A destination port filter is evaluated by testing whether the destination A destination port filter is evaluated by testing whether the destination
port identified in the IP header falls within the range of values between port identified in the IP header falls within the range of values between
HdrDestPortStart and HdrDestPortEnd, including these two end points. HdrDestPortStart and HdrDestPortEnd, including these two end points.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrDestPortStart in selecting matching packets, i.e., there is consider HdrDestPortStart in selecting matching packets, i.e., there is
no lower bound in matching destination port values. no lower bound in matching destination port values.
5.19.10. The Property HdrDestPortEnd 5.19.12. The Property HdrDestPortEnd
This property is a 16-bit unsigned integer, representing the upper end of This property is a 16-bit unsigned integer, representing the upper end of
a range of UDP or TCP destination ports. The lower end of the range is a range of UDP or TCP destination ports. The lower end of the range is
represented by the HdrDestPortStart property. The value of represented by the HdrDestPortStart property. The value of
HdrDestPortEnd MUST be no less than the value of HdrDestPortStart. A HdrDestPortEnd MUST be no less than the value of HdrDestPortStart. A
single port is indicated by equal values for HdrDestPortStart and single port is indicated by equal values for HdrDestPortStart and
HdrDestPortEnd. HdrDestPortEnd.
A destination port filter is evaluated by testing whether the destination A destination port filter is evaluated by testing whether the destination
port identified in the IP header falls within the range of values between port identified in the IP header falls within the range of values between
HdrDestPortStart and HdrDestPortEnd, including these two end points. HdrDestPortStart and HdrDestPortEnd, including these two end points.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrDestPortEnd in selecting matching packets, i.e., there is no consider HdrDestPortEnd in selecting matching packets, i.e., there is no
upper bound in matching destination port values. upper bound in matching destination port values.
5.19.11. The Property HdrDSCP 5.19.13. The Property HdrDSCP
The property HdrDSCP is defined as a uint8, restricted to the range The property HdrDSCP is defined as an array of uint8's, restricted to the
0..63. Since DSCPs are defined as discrete code points, with no inherent range 0..63. Since DSCPs are defined as discrete code points, with no
structure, there is no semantically significant relationship between inherent structure, there is no semantically significant relationship
different DSCPs. Consequently, there is no provision for specifying a between different DSCPs. Consequently, there is no provision for
range of DSCPs in this property. specifying a range of DSCPs in this property. However, a list of
individual DSCPs, which are ORed together to form a filter, is supported
by the array syntax.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrDSCP in selecting matching packets, i.e., HdrDSCP matches for consider HdrDSCP in selecting matching packets, i.e., HdrDSCP matches for
all values. all values.
5.19.12. The Property HdrFlowLabel 5.19.14. The Property HdrFlowLabel
The 20-bit Flow Label field in the IPv6 header may be used by a source to The 20-bit Flow Label field in the IPv6 header may be used by a source to
label sequences of packets for which it requests special handling by IPv6 label sequences of packets for which it requests special handling by IPv6
devices, such as non-default quality of service or 'real-time' service. devices, such as non-default quality of service or 'real-time' service.
This property is an octet string of size 3 (that is, 24 bits), in which This property is an octet string of size 3 (that is, 24 bits), in which
the 20-bit Flow Label appears in the rightmost 20 bits, padded on the the 20-bit Flow Label appears in the rightmost 20 bits, padded on the
left with b'0000'. left with b'0000'.
If a value for this property is not provided, then the filter does not If a value for this property is not provided, then the filter does not
consider HdrFlowLabel in selecting matching packets, i.e., HdrFlowLabel consider HdrFlowLabel in selecting matching packets, i.e., HdrFlowLabel
skipping to change at page 80, line 11 skipping to change at page 81, line 23
[3] Strassner, J., and E. Ellesson, B. Moore, A. Westerinen, "Policy Core [3] Strassner, J., and E. Ellesson, B. Moore, A. Westerinen, "Policy Core
Information Model -- Version 1 Specification", RFC 3060, February Information Model -- Version 1 Specification", RFC 3060, February
2001. 2001.
[4] Distributed Management Task Force, Inc., "DMTF Technologies: CIM [4] Distributed Management Task Force, Inc., "DMTF Technologies: CIM
Standards CIM Schema: Version 2.5", available at Standards CIM Schema: Version 2.5", available at
http://www.dmtf.org/standards/cim_schema_v25.php. http://www.dmtf.org/standards/cim_schema_v25.php.
[5] Snir, Y., and Y. Ramberg, J. Strassner, R. Cohen, "Policy QoS [5] Snir, Y., and Y. Ramberg, J. Strassner, R. Cohen, "Policy QoS
Information Model", work in progress, draft-ietf-policy-qos-info- Information Model", work in progress, draft-ietf-policy-qos-info-
model-04.txt, July 2001. model-04.txt, November 2001.
[6] Jason, J., and L. Rafalow, E. Vyncke, "IPsec Configuration Policy [6] Jason, J., and L. Rafalow, E. Vyncke, "IPsec Configuration Policy
Model", work in progress, draft-ietf-ipsp-config-policy-model-03.txt, Model", work in progress, draft-ietf-ipsp-config-policy-model-04.txt,
July 2001. November 2001.
[7] Chadha, R., and M. Brunner, M. Yoshida, J. Quittek, G. Mykoniatis, A. [7] Chadha, R., and M. Brunner, M. Yoshida, J. Quittek, G. Mykoniatis, A.
Poylisher, R. Vaidyanathan, A. Kind, F. Reichmeyer, "Policy Framework Poylisher, R. Vaidyanathan, A. Kind, F. Reichmeyer, "Policy Framework
MPLS Information Model for QoS and TE", work in progress, draft- MPLS Information Model for QoS and TE", work in progress, draft-
chadha-policy-mpls-te-01.txt, December 2000. chadha-policy-mpls-te-01.txt, December 2000.
[8] Crocker, D., and P. Overell, "Augmented BNF for Syntax Specifications: [8] Crocker, D., and P. Overell, "Augmented BNF for Syntax Specifications:
ABNF", RFC 2234, November 1997. ABNF", RFC 2234, November 1997.
[9] P. Mockapetris, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION", RFC [9] P. Mockapetris, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION", RFC
1035, November 1987. 1035, November 1987.
[10] R. Hinden, S. Deering, "IP Version 6 Addressing Architecture", RFC [10] R. Hinden, S. Deering, "IP Version 6 Addressing Architecture", RFC
2373, July 1998. 2373, July 1998.
[11] M. Wahl, A. Coulbeck, "Lightweight Directory Access Protocol (v3): [11] M. Wahl, A. Coulbeck, "Lightweight Directory Access Protocol (v3):
Attribute Syntax Definitions", RFC 2252. Attribute Syntax Definitions", RFC 2252, December 1997.
[12] A. Westerinen, et al., "Terminology for Policy-Based Management", [12] A. Westerinen, et al., "Terminology for Policy-Based Management", RFC
<draft-ietf-policy-terminology-04.txt>, July 2001. 3198, November 2001.
[13] S. Waldbusser, and J. Saperia, T. Hongal, "Policy Based Management [13] S. Waldbusser, and J. Saperia, T. Hongal, "Policy Based Management
MIB", <draft-ietf-snmpconf-pm-06.txt>, June 2001. MIB", work in progress, <draft-ietf-snmpconf-pm-09.txt>, November
2001.
[14] B. Moore, and D. Durham, J. Halpern, J. Strassner, A. Westerinen, W. [14] B. Moore, and D. Durham, J. Halpern, J. Strassner, A. Westerinen, W.
Weiss, "Information Model for Describing Network Device QoS Datapath Weiss, "Information Model for Describing Network Device QoS Datapath
Mechanisms", <draft-ietf-policy-qos-device-info-model-05.txt>, July Mechanisms", work in progress, <draft-ietf-policy-qos-device-info-
2001. model-07.txt>, March 2002.
11. Authors' Addresses 11. Authors' Addresses
Bob Moore Bob Moore
IBM Corporation, BRQA/502 IBM Corporation, BRQA/501
4205 S. Miami Blvd. 4205 S. Miami Blvd.
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
Phone: +1 919-254-4436 Phone: +1 919-254-4436
Fax: +1 919-254-6243 Fax: +1 919-254-6243
E-mail: remoore@us.ibm.com E-mail: remoore@us.ibm.com
Lee Rafalow Lee Rafalow
IBM Corporation, BRQA/502 IBM Corporation, BRQA/501
4205 S. Miami Blvd. 4205 S. Miami Blvd.
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
Phone: +1 919-254-4455 Phone: +1 919-254-4455
Fax: +1 919-254-6243 Fax: +1 919-254-6243
E-mail: rafalow@us.ibm.com E-mail: rafalow@us.ibm.com
Yoram Ramberg Yoram Ramberg
Cisco Systems Cisco Systems
4 Maskit Street 4 Maskit Street
Herzliya Pituach, Israel 46766 Herzliya Pituach, Israel 46766
skipping to change at page 82, line 17 skipping to change at page 83, line 28
John Strassner John Strassner
INTELLIDEN, Inc. INTELLIDEN, Inc.
90 South Cascade Avenue 90 South Cascade Avenue
Colorado Springs, CO 80903 Colorado Springs, CO 80903
Phone: +1-719-785-0648 Phone: +1-719-785-0648
E-mail: john.strassner@intelliden.com E-mail: john.strassner@intelliden.com
12. Full Copyright Statement 12. Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind, distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included provided that the above copyright notice and this paragraph are included
on all such copies and derivative works. However, this document itself on all such copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the copyright notice may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations, or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in except as needed for the purpose of developing Internet standards in
 End of changes. 52 change blocks. 
136 lines changed or deleted 210 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/