draft-ietf-rap-frameworkpib-03.txt   draft-ietf-rap-frameworkpib-04.txt 
Network Working Group M. Fine Internet Draft M. Fine
Internet Draft K. McCloghrie Expires September 2001 K. McCloghrie
Expires May 2001 Cisco Systems File: draft-ietf-rap-frameworkpib-04.txt Cisco Systems
J. Seligson J. Seligson
K. Chan K. Chan
Nortel Networks Nortel Networks
S. Hahn S. Hahn
R. Sahita R. Sahita
Intel Intel
A. Smith A. Smith
Allegro Networks Allegro Networks
F. Reichmeyer F. Reichmeyer
PFN PFN
November 17, 2000 March 1, 2001
Framework Policy Information Base Framework Policy Information Base
draft-ietf-rap-frameworkpib-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are all provisions of Section 10 of RFC2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as ''work in reference material or to cite them other than as ''work in
progress''. progress''.
To view the current status of any Internet-Draft, please check the The list of current Internet-Drafts can be accessed at
''1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow http://www.ietf.org/ietf/1id-abstracts.txt
Directory, see http://www.ietf.org/shadow.html.
Framework Policy Information Base November 2000 The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Framework Policy Information Base March 2001
1. Glossary 1. Glossary
PRC Provisioning Class. A type of policy data. PRC Provisioning Class. A type of policy data.
PRI Provisioning Instance. An instance of a PRC. PRI Provisioning Instance. An instance of a PRC.
PIB Policy Information Base. The database of policy information. PIB Policy Information Base. The database of policy information.
PDP Policy Decision Point. See [RAP-FRAMEWORK]. PDP Policy Decision Point. See [RAP-FRAMEWORK].
PEP Policy Enforcement Point. See [RAP-FRAMEWORK]. PEP Policy Enforcement Point. See [RAP-FRAMEWORK].
PRID Provisioning Instance Identifier. Uniquely identifies an PRID Provisioning Instance Identifier. Uniquely identifies an
instance of a PRC. instance of a PRC.
skipping to change at page 3, line 5 skipping to change at page 3, line 5
interface of all devices in the network, policies are specified in interface of all devices in the network, policies are specified in
terms of interface functionality. terms of interface functionality.
To describe these functionalities of an interface we use the concept To describe these functionalities of an interface we use the concept
of "Roles". A Role is simply a string that is associated with an of "Roles". A Role is simply a string that is associated with an
interface. A given interface may have any number of roles interface. A given interface may have any number of roles
simultaneously. Provisioning classes have an attribute called a simultaneously. Provisioning classes have an attribute called a
"RoleCombinationö which is a lexicographically ordered set of roles. "RoleCombinationö which is a lexicographically ordered set of roles.
Instances of a given provisioning class are applied to an interface Instances of a given provisioning class are applied to an interface
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
if and only if the set of roles in the role combination matches the if and only if the set of roles in the role combination matches the
set of the roles of the interface. set of the roles of the interface.
Thus, roles provide a way to bind policy to interfaces without Thus, roles provide a way to bind policy to interfaces without
having to explicitly identify interfaces in a consistent manner having to explicitly identify interfaces in a consistent manner
across all network devices. (The SNMP experience with ifIndex has across all network devices. (The SNMP experience with ifIndex has
proved this to be a difficult task.) That is, roles provide a level proved this to be a difficult task.) That is, roles provide a level
of indirection to the application of a set of policies to specific of indirection to the application of a set of policies to specific
interfaces. Furthermore, if the same policy is being applied to interfaces. Furthermore, if the same policy is being applied to
skipping to change at page 4, line 5 skipping to change at page 4, line 5
specific roles, it also allows for other optimizations in reducing specific roles, it also allows for other optimizations in reducing
the number of role-combinations for which a policy has to be the number of role-combinations for which a policy has to be
specified. For example: specified. For example:
Suppose we have three interfaces: Suppose we have three interfaces:
Roles A, B and R1 are assigned to interface I1 Roles A, B and R1 are assigned to interface I1
Roles A, B and R2 are assigned to interface I2 Roles A, B and R2 are assigned to interface I2
Roles A, B and R3 are assigned to interface I3 Roles A, B and R3 are assigned to interface I3
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
Then, a PRI of a fictional IfDscpAssignTable that has the following Then, a PRI of a fictional IfDscpAssignTable that has the following
values for its attributes: values for its attributes:
ifDscpAssignPrid = 1 ifDscpAssignPrid = 1
ifDscpAssignRoles = "*+A+B" ifDscpAssignRoles = "*+A+B"
ifDscpAssignName = "4queues" ifDscpAssignName = "4queues"
ifDscpAssignDscpMap = 1 ifDscpAssignDscpMap = 1
will apply to all three interfaces, because "*" matches with R1, R2 will apply to all three interfaces, because "*" matches with R1, R2
skipping to change at page 5, line 5 skipping to change at page 5, line 5
IF1: "finance" IF1: "finance"
IF2: "finance" IF2: "finance"
IF3: "manager" IF3: "manager"
Suppose, I also have a PDP with two policies: Suppose, I also have a PDP with two policies:
P1: Packets from finance department (role "finance") get DSCP 5 P1: Packets from finance department (role "finance") get DSCP 5
P2: Packets from managers (role "manager") get DSCP 6 P2: Packets from managers (role "manager") get DSCP 6
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
To obtain policy, the PEP reports to the PDP that it has some To obtain policy, the PEP reports to the PDP that it has some
interfaces with role combination "finance" and some with role interfaces with role combination "finance" and some with role
combination "manager". In response, the PDP downloads policy P1 combination "manager". In response, the PDP downloads policy P1
associated with role combination "finance" and downloads a second associated with role combination "finance" and downloads a second
policy P2 associated with role combination "manager". policy P2 associated with role combination "manager".
Now suppose the finance person attached to IF2 is promoted to Now suppose the finance person attached to IF2 is promoted to
manager and so the system administrator adds the role "manager" to manager and so the system administrator adds the role "manager" to
IF2. The PEP now reports to the PDP that it has three role IF2. The PEP now reports to the PDP that it has three role
skipping to change at page 6, line 5 skipping to change at page 6, line 5
unique client handle. The creation and deletion of these PIB unique client handle. The creation and deletion of these PIB
instances is controlled by the PDP as described in [COPS-PR]. instances is controlled by the PDP as described in [COPS-PR].
Although many PIB instances may be configured on a device (the Although many PIB instances may be configured on a device (the
maximum number of these instances being determined by the device maximum number of these instances being determined by the device
itself) only one of them can be active at any given time, the active itself) only one of them can be active at any given time, the active
one being selected by the PDP. To facilitate this selection, the one being selected by the PDP. To facilitate this selection, the
Framework PIB supports an attribute to make a PIB instance the Framework PIB supports an attribute to make a PIB instance the
active one and, similarly, to report the active PIB instance to the active one and, similarly, to report the active PIB instance to the
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
PDP in a COPS request message. This attribute is in the Incarnation PDP in a COPS request message. This attribute is in the Incarnation
Table described below. Table described below.
Setting the attribute frwkPibIncarnationActive to 'true' in one PIB Setting the attribute frwkPibIncarnationActive to 'true' in one PIB
instance MUST ensure that the attribute is 'false' in all other instance MUST ensure that the attribute is 'false' in all other
contexts. contexts.
3.3. Reporting of Device Capabilities 3.3. Reporting of Device Capabilities
skipping to change at page 7, line 5 skipping to change at page 7, line 5
A PDP can avoid certain installation issues in a proactive fashion A PDP can avoid certain installation issues in a proactive fashion
by taking into account a device's limitations prior to policy by taking into account a device's limitations prior to policy
installation rather than in a reactive mode during installation. As installation rather than in a reactive mode during installation. As
with device capabilities, device limitations are communicated to the with device capabilities, device limitations are communicated to the
PDP when initial policy is requested. PDP when initial policy is requested.
Reported device limitations may be accompanied by guidance values Reported device limitations may be accompanied by guidance values
that can be used by a PDP to determine acceptable values for the that can be used by a PDP to determine acceptable values for the
identified attributes. identified attributes.
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
4. The Framework Role PIB module 4. The Framework Role PIB module
FRAMEWORK-ROLE-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-ROLE-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION FROM COPS-PR-SPPI IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION FROM COPS-PR-SPPI
SnmpAdminString FROM SNMP-FRAMEWORK-MIB; SnmpAdminString FROM SNMP-FRAMEWORK-MIB;
frwkRolePib MODULE-IDENTITY frwkRolePib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200011171500Z" LAST-UPDATED "200003010400Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO "Keith McCloghrie CONTACT-INFO "Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive, 170 West Tasman Drive,
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 526 5260 Phone: +1 408 526 5260
Email: kzm@cisco.com Email: kzm@cisco.com
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com" Email: jseligso@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"The PIB module containing the Role and "The PIB module containing the Role and
RoleCombination Textual Conventions." RoleCombination Textual Conventions and other
required TCs."
::= { tbd } ::= { tbd }
Role ::= TEXTUAL-CONVENTION Role ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A role represents a functionality characteristic or "A role represents a functionality characteristic or
capability of a resource to which policies are applied. capability of a resource to which policies are applied.
Examples of roles include Backbone_interface, Examples of roles include Backbone_interface,
Frame_Relay_interface, BGP-capable-router, web-server, Frame_Relay_interface, BGP-capable-router, web-server,
firewall, etc. firewall, etc.
skipping to change at page 7, line 59 skipping to change at page 8, line 4
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A Display string consisting of a set of roles concatenated "A Display string consisting of a set of roles concatenated
with a '+' character where the roles are in lexicographic with a '+' character where the roles are in lexicographic
order from minimum to maximum. order from minimum to maximum.
For example, a+b and b+a are NOT different For example, a+b and b+a are NOT different
role-combinations; rather, they are different formatting of role-combinations; rather, they are different formatting of
the same (one) role-combination. the same (one) role-combination.
Notice the roles within a role-combination are in Notice the roles within a role-combination are in
Lexicographic order from minimum to maximum, hence, we
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
Lexicographic order from minimum to maximum, hence, we
declare: declare:
a+b is the valid formatting of the role-combination, a+b is the valid formatting of the role-combination,
b+a is an invalid formatting of the role-combination. b+a is an invalid formatting of the role-combination.
Notice the need of zero-length role-combination as the role- Notice the need of zero-length role-combination as the role-
combination of interfaces to which no roles have been combination of interfaces to which no roles have been
assigned. This role-combination is also known as the null assigned. This role-combination is also known as the null
role-combination. (Note the deliberate use of lower case role-combination. (Note the deliberate use of lower case
letters to avoid confusion with the ASCII NULL character letters to avoid confusion with the ASCII NULL character
which has a value of zero but length of one.)" which has a value of zero but length of one.)"
SYNTAX SnmpAdminString (SIZE (0..255)) SYNTAX SnmpAdminString (SIZE (0..255))
PrcIdentifier ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies a PRC. The value MUST be an OID
assigned to a PRC's row definition. An attribute with this
syntax can have the value 0.0 to indicate that it currently
does not identify a PRC."
SYNTAX OBJECT IDENTIFIER
END END
5. Summary of the Framework PIB 5. Summary of the Framework PIB
The Framework PIB comprises of three groups: The Framework PIB comprises of three groups:
1. Base PIB classes Group 1. Base PIB classes Group
This contains PRCs intended to describe the PRCs supported This contains PRCs intended to describe the PRCs supported
by the PEP, PRC and/or attribute limitations and its current by the PEP, PRC and/or attribute limitations and its current
skipping to change at page 8, line 44 skipping to change at page 8, line 54
with new PIBs, existing PIBs to add new PRCs and existing PRCs with new PIBs, existing PIBs to add new PRCs and existing PRCs
to be augmented or extended with new attributes. Also, it is to be augmented or extended with new attributes. Also, it is
likely that some existing PRCs or individual attributes of PRCs likely that some existing PRCs or individual attributes of PRCs
will be deprecated. The PRC Support Table describes the PRCs will be deprecated. The PRC Support Table describes the PRCs
that the device supports as well as the individual attributes that the device supports as well as the individual attributes
of each PRC. Using this information the PDP can potentially of each PRC. Using this information the PDP can potentially
tailor the policy to more closely match the capabilities of the tailor the policy to more closely match the capabilities of the
device. The PRC Support Table instances are specific to the device. The PRC Support Table instances are specific to the
particular Subject Category (Client-Type). That is, the PRC particular Subject Category (Client-Type). That is, the PRC
Support Table for Subject Category 'A' will not include Support Table for Subject Category 'A' will not include
instances for classes supported by the Subject Category 'B' instances for classes supported by the Subject Category 'B'.
Note that the COPS client-type [COPS] used for Framework PIB
PRIs sent/received over COPS-PR MUST be the unique SUBJECT-
CATEGORY number assigned for the area of policy being managed
(eg. QoS, Security etc).
Framework Policy Information Base March 2001
The PEP MUST ignore the attributes that it reports as not
Supported in the decision from the PDP. The PEP SHOULD not send
duplicate PRC support instances in a COPS Request and the PDP
MUST ignore duplicate instances and MUST use the first instance
received for a supported PRC in a COPS Request.
PIB Incarnation Table PIB Incarnation Table
This table contains exactly one row (corresponding to one PRI) This table contains exactly one row (corresponding to one PRI)
per context. It identifies the PDP that was the last to per context. It identifies the PDP that was the last to
download policy into the device and also contains an identifier download policy into the device and also contains an identifier
to identify the version of the policy currently downloaded. to identify the version of the policy currently downloaded.
This identifier, both its syntax and value, is meaningful only This identifier, both its syntax and value, is meaningful only
to the PDPs. It is intended to be a mechanism whereby a PDP, to the PDPs. It is intended to be a mechanism whereby a PDP,
on connecting to a PEP, can easily identify a known incarnation on connecting to a PEP, can easily identify a known incarnation
of policy. The incarnation PRC also includes an attribute to of policy. The incarnation PRC also includes an attribute to
indicate which context is the active one at the present time. indicate which context is the active one at the present time.
The incarnation instance is specific to the particular Subject The incarnation instance is specific to the particular Subject
Category (Client-Type). Category (Client-Type).
Framework Policy Information Base November 2000
Component Limitations Table Component Limitations Table
Some devices may not be able to implement the full range of Some devices may not be able to implement the full range of
values for all attributes. In principle, each PRC supports a values for all attributes. In principle, each PRC supports a
set of errors that the PEP can report to the PDP in the event set of errors that the PEP can report to the PDP in the event
that the specified policy is not implementable. It may be that the specified policy is not implementable. It may be
preferable for the PDP to be informed of the device limitations preferable for the PDP to be informed of the device limitations
before actually attempting to install policy, and while the before actually attempting to install policy, and while the
error can indicate that a particular attribute value is error can indicate that a particular attribute value is
unacceptable to the PEP, this does not help the PDP ascertain unacceptable to the PEP, this does not help the PDP ascertain
skipping to change at page 9, line 40 skipping to change at page 10, line 4
2. Device Capabilities group 2. Device Capabilities group
This group contains the PRCs that describe the characteristics of This group contains the PRCs that describe the characteristics of
interfaces of the device and the Role Combinations assigned to interfaces of the device and the Role Combinations assigned to
them. them.
Interface Capabilities Set Table Interface Capabilities Set Table
The interfaces the PEP supports are described by rows in The interfaces the PEP supports are described by rows in
Framework Policy Information Base March 2001
this table (frwkIfCapSetTable). Each row, or instance of this this table (frwkIfCapSetTable). Each row, or instance of this
class, assigns a name to the interface and has references to class, associates a unique interface name with a set of
capabilities that the interface supports. The references can capabilities that the interface supports. The unique name is
specify instances in relevant capability tables in any PIB. The used to form a set of capabilities that the name represents.
PEP notifies the PDP of these interface names and capabilities The capability references can specify instances in relevant
and then the PDP configures the interfaces, per role capability tables in any PIB. The PEP notifies the PDP of these
combination. interface names and capabilities and then the PDP configures
the interfaces, per role combination. The unique name
(IfCapSetName) is not to be confused with the IfType object in
MIB-II [STD17].
Interface Capability and Role Combo Table Interface Capability and Role Combo Table
The Interface Capabilities Set Table describes the interfaces The Interface Capabilities Set Table (explained above)
the PEP supports by their capabilities. Configuration is done describes the interfaces the PEP supports by their
in terms of these interface capability set names (ifCapSetName) capabilities, by assigning the capability sets a unique name.
and the role combinations assigned to them; The PDP does not It is possible to tailor the behavior of interfaces by
deal with individual interfaces on the device. Each row of this assigning specific roles to the capability sets. This allows
class is a <interface capability set name, Role Combo> interfaces with the same capability sets to be assigned
two-tuple. different policies, based on the current roles assigned to
them. At the PDP, configuration is done in terms of these
Framework Policy Information Base November 2000 interface capability set names (ifCapSetName) and the role
combinations assigned to them; The PDP does not deal with
individual interfaces on the device. Thus, each row of this
class is a <interface capability set name, Role Combo> two-
tuple, that indicates the roles that have been assigned to a
particular capability set (as identified by IfCapSetName). The
ifCapSetName is the grouping attribute used to form a set of
role combinations that apply to this capability set.
3. Classifier group 3. Classifier group
This group contains the IP and IEEE 802 Classifier elements. The This group contains the IP and IEEE 802 Classifier elements. The
set of tables consist of a Base Filter table that contains the set of tables consist of a Base Filter table that contains the
Index InstanceId and the Negation flag for the filter. This Index InstanceId and the Negation flag for the filter. This
frwkBaseFilterTable is extended to form the IP Filter table and frwkBaseFilterTable is extended to form the IP Filter table and
the 802 Filter table [802]. Filters may also be defined outside the 802 Filter table [802]. Filters may also be defined outside
this document and used to extend the Base Filter table. this document and used to extend the Base Filter table.
The Extended classes do not have a separate Index value. The Extended classes do not have a separate Index value.
Instances of the extended classes have the same indices as their Instances of the extended classes have the same indices as their
base class instance. Inheritance is achieved using the EXTENDS base class instance. Inheritance is achieved using the EXTENDS
keyword as defined in [SPPI]. keyword as defined in [SPPI].
Framework Policy Information Base March 2001
6. The Framework PIB Module 6. The Framework PIB Module
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
Unsigned32, Integer32, MODULE-IDENTITY, Unsigned32, Integer32, MODULE-IDENTITY,
MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP
FROM COPS-PR-SPPI FROM COPS-PR-SPPI
InstanceId, ReferenceId, Prid, TagId InstanceId, Prid
FROM COPS-PR-SPPI-TC FROM COPS-PR-SPPI-TC
RoleCombination RoleCombination, PrcIdentifier
FROM FRAMEWORK-ROLE-PIB FROM FRAMEWORK-ROLE-PIB
InetAddress, InetAddressType InetAddress, InetAddressType
FROM INET-ADDRESS-MIB FROM INET-ADDRESS-MIB
TruthValue, PhysAddress TruthValue, PhysAddress
FROM SNMPv2-TC FROM SNMPv2-TC
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB; FROM SNMP-FRAMEWORK-MIB;
frameworkPib MODULE-IDENTITY frameworkPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200011171500Z" LAST-UPDATED "200003010400Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO " CONTACT-INFO "
Michael Fine Michael Fine
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 527 8218 Phone: +1 408 527 8218
Email: mfine@cisco.com Email: mfine@cisco.com
Keith McCloghrie Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive, 170 West Tasman Drive,
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 526 5260 Phone: +1 408 526 5260
Email: kzm@cisco.com Email: kzm@cisco.com
Framework Policy Information Base November 2000
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com" Email: jseligso@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"A PIB module containing the base set of provisioning "A PIB module containing the base set of provisioning
classes that are required for support of policies for classes that are required for support of policies for
all subject-categories." all subject-categories."
::= { tbd } ::= { tbd }
Framework Policy Information Base March 2001
-- --
-- The root OID for PRCs in the Framework PIB -- The root OID for PRCs in the Framework PIB
-- --
frwkBasePibClasses frwkBasePibClasses
OBJECT IDENTIFIER ::= { frameworkPib 1 } OBJECT IDENTIFIER ::= { frameworkPib 1 }
-- --
-- Textual Conventions -- Textual Conventions
-- --
skipping to change at page 12, line 5 skipping to change at page 12, line 41
these PRCs, the device supports. This table can also be these PRCs, the device supports. This table can also be
downloaded by a network manager when static configuration is downloaded by a network manager when static configuration is
used. used.
All install and install-notify PRCs supported by the device All install and install-notify PRCs supported by the device
must be represented in this table. Notify PRCs may be must be represented in this table. Notify PRCs may be
represented for informational purposes." represented for informational purposes."
::= { frwkBasePibClasses 1 } ::= { frwkBasePibClasses 1 }
Framework Policy Information Base November 2000
frwkPrcSupportEntry OBJECT-TYPE frwkPrcSupportEntry OBJECT-TYPE
SYNTAX FrwkPrcSupportEntry SYNTAX FrwkPrcSupportEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkPrcSupport class that identifies a "An instance of the frwkPrcSupport class that identifies a
specific PRC and associated attributes as supported specific PRC and associated attributes as supported
by the device." by the device."
PIB-INDEX { frwkPrcSupportPrid } PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc } UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 } ::= { frwkPrcSupportTable 1 }
Framework Policy Information Base March 2001
FrwkPrcSupportEntry ::= SEQUENCE { FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid InstanceId, frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc OBJECT IDENTIFIER, frwkPrcSupportSupportedPrc PrcIdentifier,
frwkPrcSupportSupportedAttrs OCTET STRING, frwkPrcSupportSupportedAttrs OCTET STRING
frwkPrcSupportMaxPris Unsigned32
} }
frwkPrcSupportPrid OBJECT-TYPE frwkPrcSupportPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkPrcSupport class." instance of the frwkPrcSupport class."
::= { frwkPrcSupportEntry 1 } ::= { frwkPrcSupportEntry 1 }
frwkPrcSupportSupportedPrc OBJECT-TYPE frwkPrcSupportSupportedPrc OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX PrcIdentifier
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The object identifier of a supported PRC. The value is the "The object identifier of a supported PRC. The value is the
OID of the table entry. There may not be more than one OID of the table entry. There may not be more than one
instance of the frwkPrcSupport class with the same value of instance of the frwkPrcSupport class with the same value of
frwkPrcSupportSupportedPrc." frwkPrcSupportSupportedPrc."
::= { frwkPrcSupportEntry 2 } ::= { frwkPrcSupportEntry 2 }
frwkPrcSupportSupportedAttrs OBJECT-TYPE frwkPrcSupportSupportedAttrs OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A bit string representing the supported attributes of the "A bit string representing the supported attributes of the
class that is identified by the frwkPrcSupportSupportedPrc class that is identified by the frwkPrcSupportSupportedPrc
object. object.
Each bit of this bit string corresponds to a class Each bit of this bit string corresponds to a class
Framework Policy Information Base November 2000
attribute, with the most significant bit of the i-th octet attribute, with the most significant bit of the i-th octet
of this octet string corresponding to the (8*i - 7)-th of this octet string corresponding to the (8*i - 7)-th
attribute, and the least significant bit of the i-th octet attribute, and the least significant bit of the i-th octet
corresponding to the (8*i)-th class attribute. Each bit corresponding to the (8*i)-th class attribute. Each bit
specifies whether or not the corresponding class attribute specifies whether or not the corresponding class attribute
is currently supported, with a '1' indicating support and a is currently supported, with a '1' indicating support and a
'0' indicating no support. If the value of this bit string '0' indicating no support. If the value of this bit string
is N bits long and there are more than N class attributes is N bits long and there are more than N class attributes
then the bit string is logically extended with 0's to the then the bit string is logically extended with 0's to the
required length." required length."
::= { frwkPrcSupportEntry 3 } ::= { frwkPrcSupportEntry 3 }
frwkPrcSupportMaxPris OBJECT-TYPE Framework Policy Information Base March 2001
SYNTAX Unsigned32
STATUS current
DESCRIPTION
"A non-negative value indicating the maximum number of
provisioning instances that can be installed in the
identified provisioning class. Note that actual number of
PRIs that can be installed in a PRC at any given time may be
less than this value based on the current operational state
(e.g.,resources currently consumed) of the device. The
device should send NULL for this attribute if it is not
specified."
::= { frwkPrcSupportEntry 4 }
-- --
-- PIB Incarnation Table -- PIB Incarnation Table
-- --
frwkPibIncarnationTable OBJECT-TYPE frwkPibIncarnationTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkPibIncarnationEntry SYNTAX SEQUENCE OF FrwkPibIncarnationEntry
PIB-ACCESS install-notify PIB-ACCESS install-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 14, line 5 skipping to change at page 14, line 27
installed context that identifies the current incarnation installed context that identifies the current incarnation
of the PIB and the PDP or network manager that installed of the PIB and the PDP or network manager that installed
this incarnation. The instance of this class is reported to this incarnation. The instance of this class is reported to
the PDP in the REQ message so that the PDP can (attempt to) the PDP in the REQ message so that the PDP can (attempt to)
ascertain the current state of the PIB and the active ascertain the current state of the PIB and the active
context. A network manager may use the instance to context. A network manager may use the instance to
determine the state of the device." determine the state of the device."
::= { frwkBasePibClasses 2 } ::= { frwkBasePibClasses 2 }
Framework Policy Information Base November 2000
frwkPibIncarnationEntry OBJECT-TYPE frwkPibIncarnationEntry OBJECT-TYPE
SYNTAX FrwkPibIncarnationEntry SYNTAX FrwkPibIncarnationEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkPibIncarnation class. Only "An instance of the frwkPibIncarnation class. Only
one instance of this provisioning class is ever one instance of this provisioning class is ever
instantiated per context" instantiated per context"
PIB-INDEX { frwkPibIncarnationPrid } PIB-INDEX { frwkPibIncarnationPrid }
UNIQUENESS { frwkPibIncarnationName } UNIQUENESS { frwkPibIncarnationName }
::= { frwkPibIncarnationTable 1 } ::= { frwkPibIncarnationTable 1 }
FrwkPibIncarnationEntry ::= SEQUENCE { FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid InstanceId, frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString, frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING, frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity Integer32, frwkPibIncarnationLongevity Unsigned32,
frwkPibIncarnationTtl Unsigned32, frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationActive TruthValue frwkPibIncarnationActive TruthValue
} }
frwkPibIncarnationPrid OBJECT-TYPE frwkPibIncarnationPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index to uniquely identify an instance of this "An index to uniquely identify an instance of this
provisioning class." provisioning class."
::= { frwkPibIncarnationEntry 1 } ::= { frwkPibIncarnationEntry 1 }
Framework Policy Information Base March 2001
frwkPibIncarnationName OBJECT-TYPE frwkPibIncarnationName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the PDP that installed the current incarnation "The name of the PDP that installed the current incarnation
of the PIB into the device. By default, it is the zero of the PIB into the device. By default, it is the zero
length string." length string."
::= { frwkPibIncarnationEntry 2 } ::= { frwkPibIncarnationEntry 2 }
skipping to change at page 15, line 5 skipping to change at page 15, line 28
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An ID to identify the current incarnation. It has meaning "An ID to identify the current incarnation. It has meaning
to the PDP/manager that installed the PIB and perhaps its to the PDP/manager that installed the PIB and perhaps its
standby PDPs/managers. By default, it is the zero-length standby PDPs/managers. By default, it is the zero-length
string." string."
::= { frwkPibIncarnationEntry 3 } ::= { frwkPibIncarnationEntry 3 }
Framework Policy Information Base November 2000
frwkPibIncarnationLongevity OBJECT-TYPE frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX Integer32 { SYNTAX Unsigned32 {
expireNever(1), expireNever(1),
expireImmediate(2), expireImmediate(2),
expireOnTimeout(3) expireOnTimeout(3)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute controls what the PEP does with the "This attribute controls what the PEP does with the
downloaded policy on a Client Close message or a loss of downloaded policy on a Client Close message or a loss of
connection to the PDP. connection to the PDP.
skipping to change at page 15, line 31 skipping to change at page 15, line 52
the PEP immediately expires the policy obtained from the PDP the PEP immediately expires the policy obtained from the PDP
and installs policy from local configuration. If set to and installs policy from local configuration. If set to
expireOnTimeout, the PEP continues to operate with the expireOnTimeout, the PEP continues to operate with the
policy installed by the PDP for a period of time specified policy installed by the PDP for a period of time specified
by frwkPibIncarnationTtl. After this time (and it has not by frwkPibIncarnationTtl. After this time (and it has not
reconnected to the original or new PDP) the PEP expires this reconnected to the original or new PDP) the PEP expires this
policy and reverts to local configuration. policy and reverts to local configuration.
For all cases, it is the responsibility of the PDP to check For all cases, it is the responsibility of the PDP to check
the incarnation and download new policy, if necessary, on a the incarnation and download new policy, if necessary, on a
reconnect. reconnect. On receiving a Remove-State [COPS-PR] for the
active context, this attribute value MUST be ignored and the
PEP should expire the policy in that active context
immediately.
Policy enforcement timing only applies to policies that have Policy enforcement timing only applies to policies that have
been installed dynamically (e.g., by a PDP via COPS)." been installed dynamically (e.g., by a PDP via COPS)."
::= { frwkPibIncarnationEntry 4 } ::= { frwkPibIncarnationEntry 4 }
Framework Policy Information Base March 2001
frwkPibIncarnationTtl OBJECT-TYPE frwkPibIncarnationTtl OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "seconds" UNITS "seconds"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of seconds after a Client Close or TCP timeout "The number of seconds after a Client Close or TCP timeout
for which the PEP continues to enforce the policy in the for which the PEP continues to enforce the policy in the
PIB. After this interval, the PIB is considered expired and PIB. After this interval, the PIB is considered expired and
the device no longer enforces the policy installed in the the device no longer enforces the policy installed in the
PIB. PIB.
This attribute is only meaningful if This attribute is only meaningful if
frwkPibIncarnationLongevity is set to expireOnTimeout." frwkPibIncarnationLongevity is set to expireOnTimeout."
::= { frwkPibIncarnationEntry 5 } ::= { frwkPibIncarnationEntry 5 }
Framework Policy Information Base November 2000
frwkPibIncarnationActive OBJECT-TYPE frwkPibIncarnationActive OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If this attribute is set to TRUE, then the PIB instance "If this attribute is set to TRUE, then the PIB instance
to which this PRI belongs becomes the active PIB instance. to which this PRI belongs becomes the active PIB instance.
The previous active instance MUST become inactive and the The previous active instance MUST become inactive and the
frwkPibIncarnationActive attribute in that PIB instance frwkPibIncarnationActive attribute in that PIB instance
MUST be set to false." MUST be set to false."
skipping to change at page 16, line 41 skipping to change at page 17, line 5
DESCRIPTION DESCRIPTION
"This class contains a single provisioning instance that "This class contains a single provisioning instance that
contains device-specific information that is used to contains device-specific information that is used to
facilitate efficient policy installation by a PDP. The facilitate efficient policy installation by a PDP. The
instance of this class is reported to the PDP in a COPS instance of this class is reported to the PDP in a COPS
request message so that the PDP can take into account request message so that the PDP can take into account
certain device characteristics during policy installation." certain device characteristics during policy installation."
::= { frwkBasePibClasses 3 } ::= { frwkBasePibClasses 3 }
Framework Policy Information Base March 2001
frwkDeviceIdEntry OBJECT-TYPE frwkDeviceIdEntry OBJECT-TYPE
SYNTAX FrwkDeviceIdEntry SYNTAX FrwkDeviceIdEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkDeviceId class. Only one instance of "An instance of the frwkDeviceId class. Only one instance of
this provisioning class is ever instantiated." this provisioning class is ever instantiated."
PIB-INDEX { frwkDeviceIdPrid } PIB-INDEX { frwkDeviceIdPrid }
UNIQUENESS { frwkDeviceIdDescr } UNIQUENESS { frwkDeviceIdDescr }
::= { frwkDeviceIdTable 1 } ::= { frwkDeviceIdTable 1 }
Framework Policy Information Base November 2000
FrwkDeviceIdEntry ::= SEQUENCE { FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid InstanceId, frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString, frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32, frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32 frwkDeviceIdMaxContexts Unsigned32
} }
frwkDeviceIdPrid OBJECT-TYPE frwkDeviceIdPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
skipping to change at page 17, line 43 skipping to change at page 18, line 4
frwkDeviceIdMaxMsg OBJECT-TYPE frwkDeviceIdMaxMsg OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "octets" UNITS "octets"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum message size, in octets, that the device "The maximum message size, in octets, that the device
is capable of processing. Received messages with a is capable of processing. Received messages with a
size in excess of this value must cause the PEP to return an size in excess of this value must cause the PEP to return an
error to the PDP containing the global error code error to the PDP containing the global error code
'maxMsgSizeExceeded'. This is an additional error-avoidance 'maxMsgSizeExceeded'. This is an additional error-avoidance
Framework Policy Information Base March 2001
mechanism to allow the administrator to have the ability to mechanism to allow the administrator to have the ability to
control the message size of messages sent to the device. The control the message size of messages sent to the device. The
device should send NULL for this attributes if it not device should send NULL for this attributes if it not
defined." defined."
::= { frwkDeviceIdEntry 3 } ::= { frwkDeviceIdEntry 3 }
frwkDeviceIdMaxContexts OBJECT-TYPE frwkDeviceIdMaxContexts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "contexts" UNITS "contexts"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum number of unique contexts supported by "The maximum number of unique contexts supported by
Framework Policy Information Base November 2000
the device. This is an additional error-avoidance mechanism the device. This is an additional error-avoidance mechanism
to allow the administrators to have the ability to control to allow the administrators to have the ability to control
the number of contexts installed on the device. The device the number of contexts installed on the device. The device
should send NULL for this attribute if it is not should send NULL for this attribute if it is not
specified." specified."
::= { frwkDeviceIdEntry 4 } ::= { frwkDeviceIdEntry 4 }
-- --
-- Component Limitations Table -- Component Limitations Table
skipping to change at page 18, line 45 skipping to change at page 18, line 58
::= { frwkBasePibClasses 4 } ::= { frwkBasePibClasses 4 }
frwkCompLimitsEntry OBJECT-TYPE frwkCompLimitsEntry OBJECT-TYPE
SYNTAX FrwkCompLimitsEntry SYNTAX FrwkCompLimitsEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkCompLimits class that identifies "An instance of the frwkCompLimits class that identifies
a PRC or PRC attribute and a limitation related to the PRC a PRC or PRC attribute and a limitation related to the PRC
or PRC attribute implementation supported by the device. or PRC attribute implementation supported by the device.
All PRIs of this class represent errors that would be [COPS-PR] lists the error codes that MUST be returned (if
returned in relation to the identified component for policy
installation requests that don't abide by the restrictions Framework Policy Information Base March 2001
indicated by the limitation type (error code) and, possibly,
a provided guidance value." applicable)for policy installation that don't abide by the
restrictions indicated by the limitations exported. [SPPI]
defines an INSTALL-ERRORS clause that allows PIB designers
to define PRC specific error codes that can be returned for
policy installation. This allows efficient debugging of PIB
implementations."
PIB-INDEX { frwkCompLimitsPrid } PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent, UNIQUENESS { frwkCompLimitsComponent,
frwkCompLimitsAttrPos, frwkCompLimitsAttrPos,
frwkCompLimitsTypeGlobal, frwkCompLimitsNegation,
frwkCompLimitsType, frwkCompLimitsType,
frwkCompLimitsSubType, frwkCompLimitsSubType,
frwkCompLimitsGuidance } frwkCompLimitsGuidance }
::= { frwkCompLimitsTable 1 } ::= { frwkCompLimitsTable 1 }
Framework Policy Information Base November 2000
FrwkCompLimitsEntry ::= SEQUENCE { FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid InstanceId, frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent OBJECT IDENTIFIER, frwkCompLimitsComponent PrcIdentifier,
frwkCompLimitsAttrPos Unsigned32, frwkCompLimitsAttrPos Unsigned32,
frwkCompLimitsTypeGlobal TruthValue, frwkCompLimitsNegation TruthValue,
frwkCompLimitsType Unsigned32, frwkCompLimitsType Unsigned32,
frwkCompLimitsSubType Integer32, frwkCompLimitsSubType Unsigned32,
frwkCompLimitsGuidance OCTET STRING frwkCompLimitsGuidance OCTET STRING
} }
frwkCompLimitsPrid OBJECT-TYPE frwkCompLimitsPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkCompLimits class." instance of the frwkCompLimits class."
::= { frwkCompLimitsEntry 1 } ::= { frwkCompLimitsEntry 1 }
frwkCompLimitsComponent OBJECT-TYPE frwkCompLimitsComponent OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX PrcIdentifier
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value is the OID of a PRC (the table entry) which is "The value is the OID of a PRC (the table entry) which is
supported in some limited fashion or contains an attribute supported in some limited fashion or contains an attribute
that is supported in some limited fashion with regard to that is supported in some limited fashion with regard to
it's definition in the associated PIB module. The same OID it's definition in the associated PIB module. The same OID
may appear in the table several times, once for each may appear in the table several times, once for each
implementation limitation acknowledged by the device." implementation limitation acknowledged by the device."
::= { frwkCompLimitsEntry 2 } ::= { frwkCompLimitsEntry 2 }
Framework Policy Information Base March 2001
frwkCompLimitsAttrPos OBJECT-TYPE frwkCompLimitsAttrPos OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The relative position of the attribute within the PRC "The relative position of the attribute within the PRC
specified by the frwkCompLimitsComponent. A value of 1 would specified by the frwkCompLimitsComponent. A value of 1 would
represent the first columnar object in the PRC and a value represent the first columnar object in the PRC and a value
of N would represent the Nth columnar object in the PRC. A of N would represent the Nth columnar object in the PRC. A
NULL value indicates that the limit applies to the PRC NULL value indicates that the limit applies to the PRC
itself and not to a specific attribute." itself and not to a specific attribute."
::= { frwkCompLimitsEntry 3 } ::= { frwkCompLimitsEntry 3 }
Framework Policy Information Base November 2000 frwkCompLimitsNegation OBJECT-TYPE
frwkCompLimitsTypeGlobal OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A boolean value that has value TRUE if the "A boolean value ,if TRUE, negates the component limit
frwkCompLimitsType value is a Global component limitation exported."
code defined in [COPS-PR], else has value FALSE which
implies the frwkCompLimitsType is a PRC specific component
limitation code defined in the INSTALL-ERRORS clause
[SPPI] of that PRC."
::= { frwkCompLimitsEntry 4 } ::= { frwkCompLimitsEntry 4 }
frwkCompLimitsType OBJECT-TYPE frwkCompLimitsType OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32 {
priSpaceLimited(1),
attrValueSupLimited(2),
attrEnumSupLimited(3),
attrLengthLimited(4),
prcLimitedNotify(5)
}
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value describing an implementation limitation for the "A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent and the frwkCompLimitsAttrPos the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
attributes in this class instance. attributes in this class instance.
Values for this object are derived from the defined
error values associated with the PRC of the identified
attribute or the PRC itself. All genericPrc and specificPrc
(defined in a PRC INSTALL-ERRORS clause) error codes
represent valid limitation type values. The enumeration
values for generic Class-Specific errors are listed in
[COPS-PR].
For example, an implementation of the frwkIpFilter class may Values for this object are one of the following:
be limited in several ways, such as address mask, protocol
and Layer 4 port options. These limitations could be
exported using this table with the following instances:
Component Type priSpaceLimited(1) - No more instances than that specified
-------------------------------------------------- by the guidance value may be installed in the given class.
'frwkIpFilterDstAddrMask' 'attrValueSupLimited' The component identified MUST be a valid PRC. The SubType
'frwkIpFilterSrcAddrMask' 'attrValueSupLimited' used MUST be valueOnly(9).
'frwkIpFilterProtocol' 'attrValueSupLimited'
'frwkIpFilterProtocol' 'attrValueSupLimited'
'frwkIpFilterDstL4PortMin' 'invalidDstL4PortData'
'frwkIpFilterDstL4PortMax' 'invalidDstL4PortData'
The above entries describe a number of limitations that attrValueSupLimited(2) - Limited values are acceptable for
may be in effect for the frwkIpFilter class on a given the identified component. The component identified MUST be a
device. The limitations include restrictions on acceptable valid PRC attribute. The guidance OCTET STRING will be
values for certain attributes and indications of the decoded according to the attribute type.
relationship between related attributes.
Also, an implementation of a PRC may be limited in the ways attrEnumSupLimited(3) - Limited enumeration values are legal
it can be accessed. For instance: for the identified component. The attribute identified MUST
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
Component Type be a valid enum type.
--------------------------------------------------
'dscpMapEntry' 'priNotifyOnly'
If the errors defined in the INSTALL-ERRORS section are not attrLengthLimited(4) - The length of the specified
generic Class-Specific errors (in the example, value for the identified component is limited. The component
'invalidDstL4PortData') then the Error code sent must be identified MUST be a valid PRC attribute of base-type OCTET
'priSpecificError'[COPS-PR] and the Sub-Error code must STRING.
contain the enumeration value from the INSTALL-ERRORS
section for the PRC (in the example, the enumeration value prcLimitedNotify (5) - The component is currently limited
for 'invalidDstL4PortData')." for use by request or report messages prohibiting decision
installation. The component identified must be a valid PRC."
::= { frwkCompLimitsEntry 5 } ::= { frwkCompLimitsEntry 5 }
frwkCompLimitsSubType OBJECT-TYPE frwkCompLimitsSubType OBJECT-TYPE
SYNTAX Integer32 { SYNTAX Unsigned32 {
none(1), none(1),
lengthMin(2), lengthMin(2),
lengthMax(3), lengthMax(3),
rangeMin(4), rangeMin(4),
rangeMax(5), rangeMax(5),
enumMin(6), enumMin(6),
enumMax(7), enumMax(7),
enumOnly(8), enumOnly(8),
valueOnly(9), valueOnly(9)
isExtendedBy(10)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates the type of guidance related "This object indicates the type of guidance related
to the noted limitation (as indicated by the to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute. in the frwkCompLimitsGuidance attribute.
A value of 'none(1)' means that no additional A value of 'none(1)' means that no additional
guidance is provided for the noted limitation type. guidance is provided for the noted limitation type.
skipping to change at page 22, line 5 skipping to change at page 21, line 56
specifying the 'lengthMax(3)' value is required specifying the 'lengthMax(3)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'lengthMax(3)' means that the guidance A value of 'lengthMax(3)' means that the guidance
attribute provides data related to the maximum attribute provides data related to the maximum
acceptable length for the value of the identified acceptable length for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'lengthMin(2)' value is required specifying the 'lengthMin(2)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
Framework Policy Information Base November 2000
A value of 'rangeMin(4)' means that the guidance A value of 'rangeMin(4)' means that the guidance
attribute provides data related to the lower bound attribute provides data related to the lower bound
of the range for the value of the identified of the range for the value of the identified
component. A corresponding class instance component. A corresponding class instance
Framework Policy Information Base March 2001
specifying the 'rangeMax(5)' value is required specifying the 'rangeMax(5)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'rangeMax(5)' means that the guidance A value of 'rangeMax(5)' means that the guidance
attribute provides data related to the upper bound attribute provides data related to the upper bound
of the range for the value of the identified of the range for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'rangeMin(4)' value is required specifying the 'rangeMin(4)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
skipping to change at page 22, line 45 skipping to change at page 22, line 41
A value of 'enumOnly(8)' means that the guidance A value of 'enumOnly(8)' means that the guidance
attribute provides data related to a single attribute provides data related to a single
enumeration acceptable for the value of the enumeration acceptable for the value of the
identified component. identified component.
A value of 'valueOnly(9)' means that the guidance A value of 'valueOnly(9)' means that the guidance
attribute provides data related to a single attribute provides data related to a single
value that is acceptable for the identified value that is acceptable for the identified
component. component.
A value of 'isExtendedBy(10)' means that the guidance For example, an implementation of the frwkIpFilter class may
attribute provides data related to a PRC that be limited in several ways, such as address mask, protocol
AUGMENTS or EXTENDS the identified provisioning class. and Layer 4 port options. These limitations could be
This may be used to inform a PDP of the presence of exported using this table with the following instances:
classes that AUGMENT or EXTEND the base class that the
PDP may not be aware of."
::= { frwkCompLimitsEntry 6 } Component Type Sub Guidance
Type
------------------------------------------------------------
frwkIpFilterDstAddrMask attrValueSupLimited valueOnly 24
frwkIpFilterSrcAddrMask attrValueSupLimited valueOnly 24
frwkIpFilterProtocol attrValueSupLimited rangeMin 10
frwkIpFilterProtocol attrValueSupLimited rangeMax 20
Framework Policy Information Base November 2000 The above entries describe a number of limitations that
may be in effect for the frwkIpFilter class on a given
device. The limitations include restrictions on acceptable
values for certain attributes.
Also, an implementation of a PRC may be limited in the ways
Framework Policy Information Base March 2001
it can be accessed. For instance, for a fictitious PRC
dscpMapEntry, which has a PIB-ACCESS of 'install-notify':
Component Type SubType Guidance
------------------------------------------------------------
dscpMapEntry prcLimitedNotify none zero-length string."
::= { frwkCompLimitsEntry 6 }
frwkCompLimitsGuidance OBJECT-TYPE frwkCompLimitsGuidance OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value used to convey additional information related "A value used to convey additional information related
to the implementation limitation. The value of this to the implementation limitation. Note that a guidance
attribute must be interpreted in the context of the value will not necessarily be provided for all exported
frwkCompLimitsType and frwkCompLimitsSubType values. Note limitations. If a guidance value is not provided, the
that a guidance value will not necessarily be provided value must be a zero-length string.
for all exported limitations. If a guidance value is not
provided, the value must be a zero-length string.
The format of the guidance value, if one is present as The format of the guidance value, if one is present as
indicated by the frwkCompLimitsSubType attribute, indicated by the frwkCompLimitsSubType attribute,
is described by the following table. Note that the is described by the following table. Note that the
type of guidance value is dictated by the type of the type of guidance value is dictated by the type of the
component whose limitation is being exported. component whose limitation is being exported, interpreted
in the context of the frwkCompLimitsType and
frwkCompLimitsSubType values.
Note that numbers are encoded in network byte order. Note that numbers are encoded in network byte order.
Base Type Value Base Type Value
--------- ----- --------- -----
INTEGER 32-bit value Unsigned32/Integer32 32-bit value.
OCTET STRING octets of data Unsigned64/Integer64 64-bit Value.
OCTET STRING octets of data.
OID 32-bit OID components." OID 32-bit OID components."
::= { frwkCompLimitsEntry 7 } ::= { frwkCompLimitsEntry 7 }
-- --
-- The device interface capabilities and role combo classes group -- The device interface capabilities and role combo classes group
-- --
frwkDeviceCapClasses frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 } OBJECT IDENTIFIER ::= { frameworkPib 2 }
-- --
-- Interface Capability Set Table -- Interface Capability Set Table
-- --
Framework Policy Information Base March 2001
frwkIfCapSetTable OBJECT-TYPE frwkIfCapSetTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfCapSetEntry SYNTAX SEQUENCE OF FrwkIfCapSetEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This class describes the interfaces that exist on the "This class describes the interfaces that exist on the
device. Associated with each interface is a set of device. Associated with each interface is a set of
capabilities. The capability set is given a unique name that capabilities. The capability set is given a unique name that
identifies the interface type. These capabilities are used identifies the interface type. These capabilities are used
by the PDP to determine policy information to be associated by the PDP to determine policy information to be associated
with interfaces of this type." with interfaces of this type."
::= { frwkDeviceCapClasses 1 } ::= { frwkDeviceCapClasses 1 }
Framework Policy Information Base November 2000
frwkIfCapSetEntry OBJECT-TYPE frwkIfCapSetEntry OBJECT-TYPE
SYNTAX FrwkIfCapSetEntry SYNTAX FrwkIfCapSetEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of this class describes the characteristics "An instance of this class describes the characteristics
of a type of an interface." of a type of an interface."
PIB-INDEX { frwkIfCapSetPrid } PIB-INDEX { frwkIfCapSetPrid }
UNIQUENESS { frwkIfCapSetName, UNIQUENESS { frwkIfCapSetName,
frwkIfCapSetCapability } frwkIfCapSetCapability }
skipping to change at page 24, line 44 skipping to change at page 25, line 5
frwkIfCapSetName OBJECT-TYPE frwkIfCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name for the capability set. The capability set name "The name for the capability set. The capability set name
is the unique identifier of an interface type." is the unique identifier of an interface type."
::= { frwkIfCapSetEntry 2 } ::= { frwkIfCapSetEntry 2 }
Framework Policy Information Base March 2001
frwkIfCapSetCapability OBJECT-TYPE frwkIfCapSetCapability OBJECT-TYPE
SYNTAX Prid SYNTAX Prid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The complete PRC OID and instance identifier specifying the "The complete PRC OID and instance identifier specifying the
capability PRC instance for the interface." capability PRC instance for the interface."
::= { frwkIfCapSetEntry 3 } ::= { frwkIfCapSetEntry 3 }
Framework Policy Information Base November 2000
-- --
-- Interface Capabilities Set Name and Role Combination Table -- Interface Capabilities Set Name and Role Combination Table
-- --
frwkIfCapSetRoleComboTable OBJECT-TYPE frwkIfCapSetRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfCapSetRoleComboEntry SYNTAX SEQUENCE OF FrwkIfCapSetRoleComboEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Policy for an interface depends not only on the "Policy for an interface depends not only on the
skipping to change at page 25, line 42 skipping to change at page 26, line 5
frwkIfCapSetRoleComboRoles } frwkIfCapSetRoleComboRoles }
::= { frwkIfCapSetRoleComboTable 1 } ::= { frwkIfCapSetRoleComboTable 1 }
FrwkIfCapSetRoleComboEntry ::= SEQUENCE { FrwkIfCapSetRoleComboEntry ::= SEQUENCE {
frwkIfCapSetRoleComboPrid InstanceId, frwkIfCapSetRoleComboPrid InstanceId,
frwkIfCapSetRoleComboName SnmpAdminString, frwkIfCapSetRoleComboName SnmpAdminString,
frwkIfCapSetRoleComboRoles RoleCombination frwkIfCapSetRoleComboRoles RoleCombination
} }
Framework Policy Information Base March 2001
frwkIfCapSetRoleComboPrid OBJECT-TYPE frwkIfCapSetRoleComboPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies a "An arbitrary integer index that uniquely identifies a
instance of the class." instance of the class."
::= { frwkIfCapSetRoleComboEntry 1 } ::= { frwkIfCapSetRoleComboEntry 1 }
Framework Policy Information Base November 2000
frwkIfCapSetRoleComboName OBJECT-TYPE frwkIfCapSetRoleComboName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the interface capability set. This name must "The name of the interface capability set. This name must
exist in frwkIfCapSetTable." exist in frwkIfCapSetTable."
::= { frwkIfCapSetRoleComboEntry 2 } ::= { frwkIfCapSetRoleComboEntry 2 }
frwkIfCapSetRoleComboRoles OBJECT-TYPE frwkIfCapSetRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination SYNTAX RoleCombination
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A role combination. The PEP requires policy for interfaces "A role combination. The PEP requires policy for interfaces
with this role combination and of capability set name with this role combination and of capability set name
specified by frwkIfCapSetRoleComboName" specified by frwkIfCapSetRoleComboName."
::= { frwkIfCapSetRoleComboEntry 3 } ::= { frwkIfCapSetRoleComboEntry 3 }
-- --
-- The Classification classes group -- The Classification classes group
-- --
frwkClassifierClasses frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 } OBJECT IDENTIFIER ::= { frameworkPib 3 }
-- --
skipping to change at page 26, line 47 skipping to change at page 27, line 5
SYNTAX SEQUENCE OF FrwkBaseFilterEntry SYNTAX SEQUENCE OF FrwkBaseFilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Base Filter class. A packet has to match all "The Base Filter class. A packet has to match all
fields in an Filter. Wildcards may be specified for those fields in an Filter. Wildcards may be specified for those
fields that are not relevant." fields that are not relevant."
::= { frwkClassifierClasses 1 } ::= { frwkClassifierClasses 1 }
Framework Policy Information Base March 2001
frwkBaseFilterEntry OBJECT-TYPE frwkBaseFilterEntry OBJECT-TYPE
SYNTAX FrwkBaseFilterEntry SYNTAX FrwkBaseFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkBaseFilter class." "An instance of the frwkBaseFilter class."
PIB-INDEX { frwkBaseFilterPrid } PIB-INDEX { frwkBaseFilterPrid }
::= { frwkBaseFilterTable 1 } ::= { frwkBaseFilterTable 1 }
Framework Policy Information Base November 2000
FrwkBaseFilterEntry ::= SEQUENCE { FrwkBaseFilterEntry ::= SEQUENCE {
frwkBaseFilterPrid InstanceId, frwkBaseFilterPrid InstanceId,
frwkBaseFilterNegation TruthValue frwkBaseFilterNegation TruthValue
} }
frwkBaseFilterPrid OBJECT-TYPE frwkBaseFilterPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An integer index to uniquely identify this Filter among all "An integer index to uniquely identify this Filter among all
skipping to change at page 27, line 47 skipping to change at page 28, line 5
frwkIpFilterTable OBJECT-TYPE frwkIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIpFilterEntry SYNTAX SEQUENCE OF FrwkIpFilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filter definitions. A packet has to match all fields in a "Filter definitions. A packet has to match all fields in a
filter. Wildcards may be specified for those fields that filter. Wildcards may be specified for those fields that
are not relevant." are not relevant."
Framework Policy Information Base March 2001
INSTALL-ERRORS { INSTALL-ERRORS {
invalidDstL4PortData(1), invalidDstL4PortData(1),
invalidSrcL4PortData(2) invalidSrcL4PortData(2)
} }
::= { frwkClassifierClasses 2 } ::= { frwkClassifierClasses 2 }
Framework Policy Information Base November 2000
frwkIpFilterEntry OBJECT-TYPE frwkIpFilterEntry OBJECT-TYPE
SYNTAX FrwkIpFilterEntry SYNTAX FrwkIpFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkIpFilter class." "An instance of the frwkIpFilter class."
EXTENDS { frwkBaseFilterEntry } EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation, UNIQUENESS { frwkBaseFilterNegation,
FrwkIpFilterDstAddrType, FrwkIpFilterDstAddrType,
frwkIpFilterDstAddr, frwkIpFilterDstAddr,
skipping to change at page 28, line 39 skipping to change at page 28, line 45
FrwkIpFilterEntry ::= SEQUENCE { FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterDstAddrType InetAddressType, frwkIpFilterDstAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress, frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstAddrMask Unsigned32, frwkIpFilterDstAddrMask Unsigned32,
frwkIpFilterSrcAddrType InetAddressType, frwkIpFilterSrcAddrType InetAddressType,
frwkIpFilterSrcAddr InetAddress, frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcAddrMask Unsigned32, frwkIpFilterSrcAddrMask Unsigned32,
frwkIpFilterDscp Integer32, frwkIpFilterDscp Integer32,
frwkIpFilterProtocol Integer32, frwkIpFilterProtocol Integer32,
frwkIpFilterDstL4PortMin Integer32, frwkIpFilterDstL4PortMin Unsigned32,
frwkIpFilterDstL4PortMax Integer32, frwkIpFilterDstL4PortMax Unsigned32,
frwkIpFilterSrcL4PortMin Integer32, frwkIpFilterSrcL4PortMin Unsigned32,
frwkIpFilterSrcL4PortMax Integer32 frwkIpFilterSrcL4PortMax Unsigned32
} }
frwkIpFilterDstAddrType OBJECT-TYPE frwkIpFilterDstAddrType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address type enumeration value [INETADDR] to specify "The address type enumeration value [INETADDR] to specify
the type of the packet's destination IP address." the type of the packet's destination IP address."
::= { frwkIpFilterEntry 1 } ::= { frwkIpFilterEntry 1 }
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
frwkIpFilterDstAddr OBJECT-TYPE frwkIpFilterDstAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address [INETADDR] to match against the packet's "The IP address [INETADDR] to match against the packet's
destination IP address." destination IP address."
::= { frwkIpFilterEntry 2 } ::= { frwkIpFilterEntry 2 }
frwkIpFilterDstAddrMask OBJECT-TYPE frwkIpFilterDstAddrMask OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32 (0..128)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of a mask for the matching of the destination "The length of a mask for the matching of the destination
IP address. Masks are constructed by setting bits in IP address. Masks are constructed by setting bits in
sequence from the most-significant bit downwards for sequence from the most-significant bit downwards for
frwkIpFilterDstAddrMask bits length. All other bits in the frwkIpFilterDstAddrMask bits length. All other bits in the
mask, up to the number needed to fill the length of the mask, up to the number needed to fill the length of the
address frwkIpFilterDstAddr are cleared to zero. A zero bit address frwkIpFilterDstAddr are cleared to zero. A zero bit
in the mask then means that the corresponding bit in the in the mask then means that the corresponding bit in the
address always matches." address always matches."
skipping to change at page 29, line 52 skipping to change at page 29, line 52
frwkIpFilterSrcAddr OBJECT-TYPE frwkIpFilterSrcAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address to match against the packet's source IP "The IP address to match against the packet's source IP
address." address."
::= { frwkIpFilterEntry 5 } ::= { frwkIpFilterEntry 5 }
frwkIpFilterSrcAddrMask OBJECT-TYPE frwkIpFilterSrcAddrMask OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32 (0..128)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of a mask for the matching of the source IP "The length of a mask for the matching of the source IP
address. Masks are constructed by setting bits in sequence
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
address. Masks are constructed by setting bits in sequence
from the most-significant bit downwards for from the most-significant bit downwards for
frwkIpFilterSrcAddrMask bits length. All other bits in the frwkIpFilterSrcAddrMask bits length. All other bits in the
mask, up to the number needed to fill the length of the mask, up to the number needed to fill the length of the
address frwkIpFilterSrcAddr are cleared to zero. A zero bit address frwkIpFilterSrcAddr are cleared to zero. A zero bit
in the mask then means that the corresponding bit in the in the mask then means that the corresponding bit in the
address always matches." address always matches."
::= { frwkIpFilterEntry 6 } ::= { frwkIpFilterEntry 6 }
frwkIpFilterDscp OBJECT-TYPE frwkIpFilterDscp OBJECT-TYPE
skipping to change at page 30, line 37 skipping to change at page 30, line 38
frwkIpFilterProtocol OBJECT-TYPE frwkIpFilterProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255) SYNTAX Integer32 (-1 | 0..255)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP protocol to match against the packet's protocol. "The IP protocol to match against the packet's protocol.
A value of -1 means match all." A value of -1 means match all."
::= { frwkIpFilterEntry 8 } ::= { frwkIpFilterEntry 8 }
frwkIpFilterDstL4PortMin OBJECT-TYPE frwkIpFilterDstL4PortMin OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 destination "The minimum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or lesser that the value specified for this be equal to or lesser that the value specified for this
filter in frwkIpFilterDstL4PortMax." filter in frwkIpFilterDstL4PortMax."
::= { frwkIpFilterEntry 9 } ::= { frwkIpFilterEntry 9 }
frwkIpFilterDstL4PortMax OBJECT-TYPE frwkIpFilterDstL4PortMax OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 destination "The maximum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or greater that the value specified for this be equal to or greater that the value specified for this
filter in frwkIpFilterDstL4PortMin." filter in frwkIpFilterDstL4PortMin."
::= { frwkIpFilterEntry 10 } Framework Policy Information Base March 2001
Framework Policy Information Base November 2000 ::= { frwkIpFilterEntry 10 }
frwkIpFilterSrcL4PortMin OBJECT-TYPE frwkIpFilterSrcL4PortMin OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 source port "The minimum value that the packet's layer 4 source port
number can have and match this filter. This value must number can have and match this filter. This value must
be equal to or lesser that the value specified for this be equal to or lesser that the value specified for this
filter in frwkIpFilterSrcL4PortMax." filter in frwkIpFilterSrcL4PortMax."
::= { frwkIpFilterEntry 11 } ::= { frwkIpFilterEntry 11 }
frwkIpFilterSrcL4PortMax OBJECT-TYPE frwkIpFilterSrcL4PortMax OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 source port "The maximum value that the packet's layer 4 source port
number can have and match this filter. This value must be number can have and match this filter. This value must be
equal to or greater that the value specified for this filter equal to or greater that the value specified for this filter
in frwkIpFilterSrcL4PortMin." in frwkIpFilterSrcL4PortMin."
::= { frwkIpFilterEntry 12 } ::= { frwkIpFilterEntry 12 }
-- --
skipping to change at page 31, line 54 skipping to change at page 32, line 4
attributes of IEEE 802 (e.g., 802.3) traffic that form attributes of IEEE 802 (e.g., 802.3) traffic that form
filters that are used to perform traffic classification." filters that are used to perform traffic classification."
::= { frwkClassifierClasses 3 } ::= { frwkClassifierClasses 3 }
frwk802FilterEntry OBJECT-TYPE frwk802FilterEntry OBJECT-TYPE
SYNTAX Frwk802FilterEntry SYNTAX Frwk802FilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"IEEE 802-based filter definitions. An entry specifies "IEEE 802-based filter definitions. An entry specifies
(potentially) several distinct matching components. Each
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
(potentially) several distinct matching components. Each
component is tested against the data in a frame component is tested against the data in a frame
individually. An overall match occurs when all of the individually. An overall match occurs when all of the
individual components match the data they are compared individual components match the data they are compared
against in the frame being processed. A failure of any against in the frame being processed. A failure of any
one test causes the overall match to fail. one test causes the overall match to fail.
Wildcards may be specified for those fields that are not Wildcards may be specified for those fields that are not
relevant." relevant."
EXTENDS { frwkBaseFilterEntry } EXTENDS { frwkBaseFilterEntry }
skipping to change at page 32, line 35 skipping to change at page 32, line 36
frwk802FilterUserPriority } frwk802FilterUserPriority }
::= { frwk802FilterTable 1 } ::= { frwk802FilterTable 1 }
Frwk802FilterEntry ::= SEQUENCE { Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress, frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress, frwk802FilterDstAddrMask PhysAddress,
frwk802FilterSrcAddr PhysAddress, frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress, frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32, frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired Integer32, frwk802FilterVlanTagRequired Unsigned32,
frwk802FilterEtherType Integer32, frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS frwk802FilterUserPriority BITS
} }
frwk802FilterDstAddr OBJECT-TYPE frwk802FilterDstAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 address against which the 802 DA of incoming "The 802 address against which the 802 DA of incoming
traffic streams will be compared. Frames whose 802 DA traffic streams will be compared. Frames whose 802 DA
matches the physical address specified by this object, matches the physical address specified by this object,
taking into account address wildcarding as specified by the taking into account address wildcarding as specified by the
frwk802FilterDstAddrMask object, are potentially subject to frwk802FilterDstAddrMask object, are potentially subject to
the processing guidelines that are associated with this the processing guidelines that are associated with this
entry through the related action class." entry through the related action class."
::= { frwk802FilterEntry 1 } ::= { frwk802FilterEntry 1 }
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
frwk802FilterDstAddrMask OBJECT-TYPE frwk802FilterDstAddrMask OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the bits in a 802 destination address "This object specifies the bits in a 802 destination address
that should be considered when performing a 802 DA that should be considered when performing a 802 DA
comparison against the address specified in the comparison against the address specified in the
frwk802FilterDstAddr object. frwk802FilterDstAddr object.
skipping to change at page 34, line 5 skipping to change at page 34, line 5
that should be considered when performing a 802 MAC SA that should be considered when performing a 802 MAC SA
comparison against the address specified in the comparison against the address specified in the
frwk802FilterSrcAddr object. frwk802FilterSrcAddr object.
The value of this object represents a mask that is logically The value of this object represents a mask that is logically
and'ed with the 802 MAC SA in received frames to derive the and'ed with the 802 MAC SA in received frames to derive the
value to be compared against the frwk802FilterSrcAddr value to be compared against the frwk802FilterSrcAddr
address. A zero bit in the mask thus means that the address. A zero bit in the mask thus means that the
corresponding bit in the address always matches. The corresponding bit in the address always matches. The
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
frwk802FilterSrcAddr value must also be masked using this frwk802FilterSrcAddr value must also be masked using this
value prior to any comparisons. value prior to any comparisons.
The length of this object in octets must equal the length in The length of this object in octets must equal the length in
octets of the frwk802FilterSrcAddr. Note that a mask with no octets of the frwk802FilterSrcAddr. Note that a mask with no
bits set (i.e., all zeroes) effectively wildcards the bits set (i.e., all zeroes) effectively wildcards the
frwk802FilterSrcAddr object." frwk802FilterSrcAddr object."
::= { frwk802FilterEntry 4 } ::= { frwk802FilterEntry 4 }
skipping to change at page 34, line 34 skipping to change at page 34, line 34
been seen by the device) at the time this entry been seen by the device) at the time this entry
is instantiated. is instantiated.
Setting the frwk802FilterVlanId object to -1 indicates that Setting the frwk802FilterVlanId object to -1 indicates that
VLAN data should not be considered during traffic VLAN data should not be considered during traffic
classification." classification."
::= { frwk802FilterEntry 5 } ::= { frwk802FilterEntry 5 }
frwk802FilterVlanTagRequired OBJECT-TYPE frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX Integer32 { SYNTAX Unsigned32 {
taggedOnly(1), taggedOnly(1),
priorityTaggedPlus(2), priorityTaggedPlus(2),
untaggedOnly(3), untaggedOnly(3),
ignoreTag(4) ignoreTag(4)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether the presence of an "This object indicates whether the presence of an
IEEE 802.1Q VLAN tag in data link layer frames must IEEE 802.1Q VLAN tag in data link layer frames must
be considered when determining if a given frame be considered when determining if a given frame
skipping to change at page 35, line 5 skipping to change at page 35, line 5
containing a VLAN tag with a non-Null VID (i.e., a containing a VLAN tag with a non-Null VID (i.e., a
VID in the range 1..4094) will be considered a match. VID in the range 1..4094) will be considered a match.
A value of 'priorityTaggedPlus(2)' means that only A value of 'priorityTaggedPlus(2)' means that only
frames containing a VLAN tag, regardless of the value frames containing a VLAN tag, regardless of the value
of the VID, will be considered a match. of the VID, will be considered a match.
A value of 'untaggedOnly(3)' indicates that only A value of 'untaggedOnly(3)' indicates that only
untagged frames will match this filter component. untagged frames will match this filter component.
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
The presence of a VLAN tag is not taken into The presence of a VLAN tag is not taken into
consideration in terms of a match if the value is consideration in terms of a match if the value is
'ignoreTag(4)'." 'ignoreTag(4)'."
::= { frwk802FilterEntry 6 } ::= { frwk802FilterEntry 6 }
frwk802FilterEtherType OBJECT-TYPE frwk802FilterEtherType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..'ffff'h) SYNTAX Integer32 (-1 | 0..'ffff'h)
STATUS current STATUS current
skipping to change at page 36, line 5 skipping to change at page 36, line 5
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The set of values, representing the potential range "The set of values, representing the potential range
of user priority values, against which the value contained of user priority values, against which the value contained
in the user priority field of a tagged 802.1 frame is in the user priority field of a tagged 802.1 frame is
compared. A test for equality is performed when determining compared. A test for equality is performed when determining
if a match exists between the data in a data link layer if a match exists between the data in a data link layer
frame and the value of this 802 filter component. Multiple frame and the value of this 802 filter component. Multiple
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
values may be set at one time such that potentially several values may be set at one time such that potentially several
different user priority values may match this 802 filter different user priority values may match this 802 filter
component. component.
Setting all of the bits that are associated with this Setting all of the bits that are associated with this
object causes all user priority values to match this object causes all user priority values to match this
attribute. This essentially makes any comparisons attribute. This essentially makes any comparisons
with regard to user priority values unnecessary. Untagged with regard to user priority values unnecessary. Untagged
frames are treated as an implicit match." frames are treated as an implicit match."
skipping to change at page 37, line 5 skipping to change at page 37, line 5
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
OBJECT frwkPibIncarnationTtl OBJECT frwkPibIncarnationTtl
PIB-MIN-ACCESS notify PIB-MIN-ACCESS notify
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
OBJECT frwkPibIncarnationActive OBJECT frwkPibIncarnationActive
PIB-MIN-ACCESS notify PIB-MIN-ACCESS notify
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
GROUP frwkBaseFilterGroup GROUP frwkBaseFilterGroup
DESCRIPTION DESCRIPTION
"The frwkBaseFilterGroup is mandatory if filtering "The frwkBaseFilterGroup is mandatory if filtering
based on traffic components is supported." based on traffic components is supported."
GROUP frwkIpFilterGroup GROUP frwkIpFilterGroup
DESCRIPTION DESCRIPTION
"The frwkIpFilterGroup is mandatory if filtering "The frwkIpFilterGroup is mandatory if filtering
based on IP traffic components is supported." based on IP traffic components is supported."
skipping to change at page 37, line 27 skipping to change at page 37, line 27
GROUP frwk802FilterGroup GROUP frwk802FilterGroup
DESCRIPTION DESCRIPTION
"The frwk802FilterGroup is mandatory if filtering "The frwk802FilterGroup is mandatory if filtering
based on 802 traffic criteria is supported." based on 802 traffic criteria is supported."
::= { frwkBasePibCompliances 1 } ::= { frwkBasePibCompliances 1 }
frwkPrcSupportGroup OBJECT-GROUP frwkPrcSupportGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkPrcSupportSupportedPrc, frwkPrcSupportSupportedPrc,
frwkPrcSupportSupportedAttrs, frwkPrcSupportSupportedAttrs }
frwkPrcSupportMaxPris }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkPrcSupportTable." "Objects from the frwkPrcSupportTable."
::= { frwkBasePibGroups 1 } ::= { frwkBasePibGroups 1 }
frwkPibIncarnationGroup OBJECT-GROUP frwkPibIncarnationGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkPibIncarnationName, frwkPibIncarnationName,
frwkPibIncarnationId, frwkPibIncarnationId,
skipping to change at page 38, line 5 skipping to change at page 38, line 5
OBJECTS { OBJECTS {
frwkDeviceIdDescr, frwkDeviceIdDescr,
frwkDeviceIdMaxMsg, frwkDeviceIdMaxMsg,
frwkDeviceIdMaxContexts } frwkDeviceIdMaxContexts }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkDeviceIdTable." "Objects from the frwkDeviceIdTable."
::= { frwkBasePibGroups 3 } ::= { frwkBasePibGroups 3 }
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
frwkCompLimitsGroup OBJECT-GROUP frwkCompLimitsGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkCompLimitsComponent, frwkCompLimitsComponent,
frwkCompLimitsAttrPos, frwkCompLimitsAttrPos,
frwkCompLimitsTypeGlobal, frwkCompLimitsNegation,
frwkCompLimitsType, frwkCompLimitsType,
frwkCompLimitsSubType, frwkCompLimitsSubType,
frwkCompLimitsGuidance } frwkCompLimitsGuidance }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkCompLimitsTable." "Objects from the frwkCompLimitsTable."
::= { frwkBasePibGroups 4 } ::= { frwkBasePibGroups 4 }
frwkIfCapSetGroup OBJECT-GROUP frwkIfCapSetGroup OBJECT-GROUP
skipping to change at page 39, line 5 skipping to change at page 38, line 50
frwkBaseFilterGroup OBJECT-GROUP frwkBaseFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkBaseFilterNegation } frwkBaseFilterNegation }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkBaseFilterTable." "Objects from the frwkBaseFilterTable."
::= { frwkBasePibGroups 7 } ::= { frwkBasePibGroups 7 }
Framework Policy Information Base November 2000
frwkIpFilterGroup OBJECT-GROUP frwkIpFilterGroup OBJECT-GROUP
Framework Policy Information Base March 2001
OBJECTS { OBJECTS {
frwkIpFilterDstAddrType, frwkIpFilterDstAddrType,
frwkIpFilterDstAddr, frwkIpFilterDstAddr,
frwkIpFilterDstAddrMask, frwkIpFilterDstAddrMask,
frwkIpFilterSrcAddrType, frwkIpFilterSrcAddrType,
frwkIpFilterSrcAddr, frwkIpFilterSrcAddr,
frwkIpFilterSrcAddrMask, frwkIpFilterSrcAddrMask,
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
skipping to change at page 40, line 4 skipping to change at page 39, line 58
potentially disastrous effect. At this writing, no security holes potentially disastrous effect. At this writing, no security holes
have been identified beyond those that the COPS base protocol have been identified beyond those that the COPS base protocol
security is itself intended to address. These relate primarily to security is itself intended to address. These relate primarily to
controlled access to sensitive information and the ability to controlled access to sensitive information and the ability to
configure a device - or which might result from operator error, configure a device - or which might result from operator error,
which is beyond the scope of any security architecture. which is beyond the scope of any security architecture.
There are a number of provisioning classes defined in this PIB that There are a number of provisioning classes defined in this PIB that
have a PIB-ACCESS clause of install (read-create). Such objects may have a PIB-ACCESS clause of install (read-create). Such objects may
be considered sensitive or vulnerable in some network environments. be considered sensitive or vulnerable in some network environments.
The support for "Install" decisions sent over [COPS-PR] in a non-
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
The support for "Install" decisions sent over [COPS-PR] in a non-
secure environment without proper protection can have a negative secure environment without proper protection can have a negative
effect on network operations. There are a number of provisioning effect on network operations. There are a number of provisioning
classes in this PIB that may contain information that may be classes in this PIB that may contain information that may be
sensitive from a business perspective, in that they may represent a sensitive from a business perspective, in that they may represent a
customer's service contract or the filters that the service provider customer's service contract or the filters that the service provider
chooses to apply to a customer's ingress or egress traffic. There chooses to apply to a customer's ingress or egress traffic. There
are no PRCs that are sensitive in their own right, such as passwords are no PRCs that are sensitive in their own right, such as passwords
or monetary amounts. It may be important to control even or monetary amounts. It may be important to control even
"Notify"(read-only) access to these PRCs and possibly to even "Notify"(read-only) access to these PRCs and possibly to even
encrypt the values of these PRIs when sending them over the network encrypt the values of these PRIs when sending them over the network
skipping to change at page 41, line 5 skipping to change at page 41, line 5
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com Email: jseligso@nortelnetworks.com
Kwok Ho Chan Kwok Ho Chan
Nortel Networks, Inc. Nortel Networks, Inc.
600 Technology Park Drive 600 Technology Park Drive
Billerica, MA 01821 USA Billerica, MA 01821 USA
Phone: +1 978 288 8175 Phone: +1 978 288 8175
Email: khchan@nortelnetworks.com Email: khchan@nortelnetworks.com
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
Scott Hahn Scott Hahn
Intel Corp. Intel Corp.
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 264 8231 Phone: +1 503 264 8231
Email: scott.hahn@intel.com Email: scott.hahn@intel.com
Ravi Sahita Ravi Sahita
Intel Corp. Intel Corp.
skipping to change at page 41, line 55 skipping to change at page 41, line 55
RFC 2748, January 2000. RFC 2748, January 2000.
[COPS-PR] [COPS-PR]
K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie, K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie,
F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage
for Policy Provisioning," draft-ietf-rap-pr-05.txt, for Policy Provisioning," draft-ietf-rap-pr-05.txt,
October 30, 2000. October 30, 2000.
[SPPI] [SPPI]
K. McCloghrie, et.al., "Structure of Policy Provisioning K. McCloghrie, et.al., "Structure of Policy Provisioning
Information," draft-ietf-rap-sppi-03.txt, November 2000. Information," draft-ietf-rap-sppi-05.txt, February 2001.
Framework Policy Information Base November 2000 Framework Policy Information Base March 2001
[RAP-FRAMEWORK] [RAP-FRAMEWORK]
R. Yavatkar, D. Pendarakis, "A Framework for Policy-based R. Yavatkar, D. Pendarakis, "A Framework for Policy-based
Admission Control", RFC 2753, January 2000. Admission Control", RFC 2753, January 2000.
[SNMP-SMI] [SNMP-SMI]
K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose
and S. Waldbusser, "Structure of Management Information and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
skipping to change at page 42, line 30 skipping to change at page 42, line 30
[802] [802]
IEEE Standards for Local and Metropolitan Area Networks: IEEE Standards for Local and Metropolitan Area Networks:
Overview and Architecture, ANSI/IEEE Std 802, 1990. Overview and Architecture, ANSI/IEEE Std 802, 1990.
[SNMPFRWK] [SNMPFRWK]
Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, for Describing SNMP Management Frameworks", RFC 2571,
May 1999 May 1999
[STD17]
K. McCloghrie, M. Rose "Management Information Base for Network
Management of TCP/IP-based internets: MIB-II" STD 17, RFC 1213,
March 1991
10. Full Copyright 10. Full Copyright
Copyright (C) The Internet Society (2000). All Rights Reserved. This Copyright (C) The Internet Society (2000). All Rights Reserved. This
document and translations of it may be copied and furnished to document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
skipping to change at page 42, line 54 skipping to change at page 43, line 4
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
Framework Policy Information Base March 2001
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Framework Policy Information Base November 2000
Table of Contents Table of Contents
Status of this Memo...............................................1 Status of this Memo...............................................1
1. Glossary.......................................................2 1. Glossary.......................................................2
2. Introduction...................................................2 2. Introduction...................................................2
3. General PIB Concepts...........................................2 3. General PIB Concepts...........................................2
3.1. Roles........................................................2 3.1. Roles........................................................2
3.1.1. An Example.................................................4 3.1.1. An Example.................................................4
3.2. Multiple PIB Instances.......................................5 3.2. Multiple PIB Instances.......................................5
3.3. Reporting of Device Capabilities.............................6 3.3. Reporting of Device Capabilities.............................6
3.4. Reporting of Device Limitations..............................6 3.4. Reporting of Device Limitations..............................6
4. The Framework Role PIB module..................................7 4. The Framework Role PIB module..................................7
5. Summary of the Framework PIB...................................8 5. Summary of the Framework PIB...................................8
6. The Framework PIB Module......................................10 6. The Framework PIB Module......................................11
7. Security Considerations.......................................39 7. Security Considerations.......................................39
8. Author Information and Acknowledgments........................40 8. Author Information and Acknowledgments........................40
9. References....................................................41 9. References....................................................41
10. Full Copyright...............................................42 10. Full Copyright...............................................42
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/