draft-ietf-rap-frameworkpib-06.txt   draft-ietf-rap-frameworkpib-07.txt 
Internet Draft M. Fine Internet Draft M. Fine
Expires May 2002 K. McCloghrie Expires July 2002 K. McCloghrie
File: draft-ietf-rap-frameworkpib-06.txt Cisco Systems File: draft-ietf-rap-frameworkpib-07.txt Cisco Systems
J. Seligson J. Seligson
K. Chan K. Chan
Nortel Networks Nortel Networks
S. Hahn S. Hahn
R. Sahita R. Sahita
Intel Intel
A. Smith A. Smith
Allegro Networks Allegro Networks
F. Reichmeyer F. Reichmeyer
PFN PFN
November 13, 2001 January 28, 2002
Framework Policy Information Base Framework Policy Information Base
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are all provisions of Section 10 of RFC2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as ''work in reference material or to cite them other than as ''work in
progress''. progress''.
To view the current status of any Internet-Draft, please check the The list of current Internet-Drafts can be accessed at
''1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow http://www.ietf.org/1id-abstracts.html
Directory, see http://www.ietf.org/shadow.html.
Framework Policy Information Base November 2001 The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Framework Policy Information Base January 2002
Abstract Abstract
[SPPI] describes a structure for specifying policy information that [SPPI] describes a structure for specifying policy information that
can then be transmitted to a network device for the purpose of can then be transmitted to a network device for the purpose of
configuring policy at that device. The model underlying this configuring policy at that device. The model underlying this
structure is one of well-defined provisioning classes and instances structure is one of well-defined provisioning classes and instances
of these classes residing in a virtual information store called the of these classes residing in a virtual information store called the
Policy Information Base (PIB). Policy Information Base (PIB).
skipping to change at page 2, line 44 skipping to change at page 2, line 44
PDP Policy Decision Point. See [RAP-FRAMEWORK]. PDP Policy Decision Point. See [RAP-FRAMEWORK].
PEP Policy Enforcement Point. See [RAP-FRAMEWORK]. PEP Policy Enforcement Point. See [RAP-FRAMEWORK].
PRID Provisioning Instance Identifier. Uniquely identifies an PRID Provisioning Instance Identifier. Uniquely identifies an
instance of a PRC. instance of a PRC.
2. General PIB Concepts 2. General PIB Concepts
2.1. Roles 2.1. Roles
The policy to apply to an interface may depend on many factors such The policy to apply to an interface may depend on many factors such
as immutable characteristics of the interface (e.g., ethernet or as immutable characteristics of the interface (e.g., Ethernet or
frame relay), the status of the interface (e.g., half or full frame relay), the status of the interface (e.g., half or full
duplex), or user configuration (e.g., branch office or headquarters duplex), or user configuration (e.g., branch office or headquarters
interface). Rather than specifying policies explicitly for each interface). Rather than specifying policies explicitly for each
interface of all devices in the network, policies are specified in interface of all devices in the network, policies are specified in
terms of interface functionality. terms of interface functionality.
To describe these functionalities of an interface we use the concept To describe these functionalities of an interface we use the concept
of "Roles". A Role is simply a string that is associated with an of "Roles". A Role is simply a string that is associated with an
interface. A given interface may have any number of roles interface. A given interface may have any number of roles
simultaneously. Provisioning classes have an attribute called a simultaneously. Provisioning classes have an attribute called a
"RoleCombinationö which is a lexicographically ordered set of roles. "RoleCombinationö which is a lexicographically ordered set of roles.
Instances of a given provisioning class are applied to an interface Instances of a given provisioning class are applied to an interface
if and only if the set of roles in the role combination matches the if and only if the set of roles in the role combination matches the
set of the roles of the interface. set of the roles of the interface.
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
Thus, roles provide a way to bind policy to interfaces without Thus, roles provide a way to bind policy to interfaces without
having to explicitly identify interfaces in a consistent manner having to explicitly identify interfaces in a consistent manner
across all network devices. (The SNMP experience with ifIndex has across all network devices. (The SNMP experience with ifIndex has
proved this to be a difficult task.) That is, roles provide a level proved this to be a difficult task.) That is, roles provide a level
of indirection to the application of a set of policies to specific of indirection to the application of a set of policies to specific
interfaces. Furthermore, if the same policy is being applied to interfaces. Furthermore, if the same policy is being applied to
several interfaces, that policy need be pushed to the device only several interfaces, that policy need be pushed to the device only
once, rather than once per interface, as long as the interfaces are once, rather than once per interface, as long as the interfaces are
configured with the same role combination. configured with the same role combination.
skipping to change at page 4, line 5 skipping to change at page 4, line 5
combination "*" can be used. In addition to providing for interface- combination "*" can be used. In addition to providing for interface-
specific roles, it also allows for other optimizations in reducing specific roles, it also allows for other optimizations in reducing
the number of role-combinations for which a policy has to be the number of role-combinations for which a policy has to be
specified. For example: specified. For example:
Suppose we have three interfaces: Suppose we have three interfaces:
Roles A, B and R1 are assigned to interface I1 Roles A, B and R1 are assigned to interface I1
Roles A, B and R2 are assigned to interface I2 Roles A, B and R2 are assigned to interface I2
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
Roles A, B and R3 are assigned to interface I3 Roles A, B and R3 are assigned to interface I3
Then, a PRI of a fictional IfDscpAssignTable that has the following Then, a PRI of a fictional IfDscpAssignTable that has the following
values for its attributes: values for its attributes:
ifDscpAssignPrid = 1 ifDscpAssignPrid = 1
ifDscpAssignRoles = "*+A+B" ifDscpAssignRoles = "*+A+B"
ifDscpAssignName = "4queues" ifDscpAssignName = "4queues"
ifDscpAssignDscpMap = 1 ifDscpAssignDscpMap = 1
skipping to change at page 5, line 5 skipping to change at page 5, line 5
IF1: "finance" IF1: "finance"
IF2: "finance" IF2: "finance"
IF3: "manager" IF3: "manager"
Suppose, I also have a PDP with two policies: Suppose, I also have a PDP with two policies:
P1: Packets from finance department (role "finance") get DSCP 5 P1: Packets from finance department (role "finance") get DSCP 5
P2: Packets from managers (role "manager") get DSCP 6 P2: Packets from managers (role "manager") get DSCP 6
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
To obtain policy, the PEP reports to the PDP that it has some To obtain policy, the PEP reports to the PDP that it has some
interfaces with role combination "finance" and some with role interfaces with role combination "finance" and some with role
combination "manager". In response, the PDP downloads policy P1 combination "manager". In response, the PDP downloads policy P1
associated with role combination "finance" and downloads a second associated with role combination "finance" and downloads a second
policy P2 associated with role combination "manager". policy P2 associated with role combination "manager".
Now suppose the finance person attached to IF2 is promoted to Now suppose the finance person attached to IF2 is promoted to
manager and so the system administrator adds the role "manager" to manager and so the system administrator adds the role "manager" to
IF2. The PEP now reports to the PDP that it has three role IF2. The PEP now reports to the PDP that it has three role
skipping to change at page 5, line 43 skipping to change at page 5, line 43
applies to this new role combination and to download a third policy applies to this new role combination and to download a third policy
to the PEP for the role combination "finance+manager" even if that to the PEP for the role combination "finance+manager" even if that
policy is the same as one already downloaded. The PEP is not policy is the same as one already downloaded. The PEP is not
required (or allowed) to construct policy for new role combinations required (or allowed) to construct policy for new role combinations
from existing policy. from existing policy.
2.2. Management of Role-Combinations from the PDP 2.2. Management of Role-Combinations from the PDP
The PEP notifies the PDP of the Role-Combination assigned to each The PEP notifies the PDP of the Role-Combination assigned to each
interface and ifCapSetName in a COPS configuration request interface and ifCapSetName in a COPS configuration request
(instances of the frwkIfRoleComboTable). (instances of the frwkIfRoleComboTable). The first request sent to
the PDP must be a ĉfull stateĈ request. A ĉfull stateĈ request for a
PEP includes all the notify and install-notify table PRIs for the
PEP.
Default ('null') Role-Combinations must be sent to the PDP for all All existing frwkIfRoleCombo instances must be sent to the PDP in
ifIndices active on the PEP in the first configuration request sent the first configuration request for a request handle. If the Role-
for a request handle and updates must be sent every time the Combinations are not assigned specific values, default ('null')
IfIndices are updated. The PEP may notify the PDP of the Interface Role-Combinations must be sent to the PDP for all ifIndices active
Capability sets (if any) via the frwkIfCapSetTable. If the PEP does on the PEP and updates must be sent every time the IfIndices are
not need to notify the PDP of capability sets, it must set the updated. The PEP may notify the PDP of the Interface Capability sets
ifCapSetName in the frwkIfRoleComboTable instances to a zero length (if any) via the frwkIfCapSetTable. If the PEP does not need to
string. notify the PDP of capability sets, it must set the ifCapSetName in
the frwkIfRoleComboTable instances to a zero length string.
In response to this configuration request, if applicable, the PDP In response to this configuration request, if applicable, the PDP
may send policies for the PEP in a solicited decision or must send a may send policies for the PEP in a solicited decision or must send a
Framework Policy Information Base January 2002
null decision. The PEP must then send a solicited report message for null decision. The PEP must then send a solicited report message for
the decision. the decision.
At any later time, the PDP can update the Role-Combinations assigned At any later time, the PDP can update the Role-Combinations assigned
Framework Policy Information Base November 2001
to a specific interface, identified by IfIndex, or for an aggregate, to a specific interface, identified by IfIndex, or for an aggregate,
identified by IfCapSetName, via an unsolicited decision to the PEP identified by IfCapSetName, via an unsolicited decision to the PEP
on any open request handle. The PDP does this by sending updated on any open request handle. The PDP does this by sending updated
PRIs for the frwkIfRoleComboTable. PRIs for the frwkIfRoleComboTable.
When the Interface Role Combination associations are updated by the When the Interface Role Combination associations are updated by the
PDP, the PEP is responsible to send updated requests for all open PDP, the PEP SHOULD send updated ĉfull stateĈ requests for all open
contexts (request handles). This is true even if the PEP's request contexts (request handles). This is true even if the PEP's request
state changes due to an internal event or if the state is changed by state changes due to an internal event or if the state is changed by
the PDP. If the role-combination updates were sent by the PDP, the the PDP. If the role-combination updates were sent by the PDP, the
PEP must send these updated requests only if it can process the PEP SHOULD send these updated requests only if it can process the
unsolicited decision containing the frwkIfRoleCombo PRIs unsolicited decision containing the frwkIfRoleCombo PRIs
successfully and it must do so after sending the success report for successfully and it MUST do so after sending the success report for
the unsolicited decision. If the PEP failed to process the decision the unsolicited decision. If the PEP failed to process the decision
(i.e., the frwkIfRoleCombo PRIs) it must only send a failure report (i.e., the frwkIfRoleCombo PRIs) it MUST only send a failure report
to the PDP. to the PDP.
On the other hand, the PDP must not expect to receive the updated On the other hand, the PDP must not expect to receive the updated
requests with the revised role-combination information until after requests with the revised role-combination information until after
it receives a success report for these updates from the PEP. it receives a success report for these updates from the PEP. If the
PDP does not receive updated requests on some request handles, the
PEP must not be sent decision updates for that frwkIfRoleCombo
updates, i.e., the PDP must have the previous request state that it
maintained for that request handle.
Note that, any unsolicited decisions received by the PEP in the time Note that, any unsolicited decisions received by the PEP in the time
period after it receives updates to its Role-Combination period after it receives updates to its Role-Combination
associations and before receiving solicited decisions for the associations and before receiving solicited decisions for the
updated requests it sent for all context handles, must be ignored updated requests it sent for all context handles, must be ignored
since they would contain outdated decisions sent by the PDP for the since they would contain outdated decisions sent by the PDP for the
old request information. old request information.
The PDP must respond to the updated requests by solicited decisions, The PDP must respond to the updated requests by solicited decisions,
sending policies if applicable or null decisions. The PEP must sending policies if applicable or null decisions. The PEP must
skipping to change at page 6, line 52 skipping to change at page 7, line 5
This section describes the messages exchanged between the PEP and This section describes the messages exchanged between the PEP and
PDP when the PEP is updating a previously sent request for a PDP when the PEP is updating a previously sent request for a
particular COPS handle. Note that a PEP can incrementally update a particular COPS handle. Note that a PEP can incrementally update a
request only if the frwkPibIncarnationFullState attribute is shown request only if the frwkPibIncarnationFullState attribute is shown
to be supported via the supported PRC table. If this attribute is to be supported via the supported PRC table. If this attribute is
not supported the PDP must treat all PEP requests as the full not supported the PDP must treat all PEP requests as the full
request state. request state.
2.3.1 Full Request State 2.3.1 Full Request State
Framework Policy Information Base January 2002
When the PEP wants to send the entire request state to the PDP (for When the PEP wants to send the entire request state to the PDP (for
example, in response to a Synchronize State Request from the PDP), example, in response to a Synchronize State Request from the PDP),
the PEP MUST send the incarnation instance with the the PEP MUST send the incarnation instance with the
frwkPibIncarnationFullState attribute set to TRUE. frwkPibIncarnationFullState attribute set to TRUE.
A PDP that receives an incarnation instance in the request message A PDP that receives an incarnation instance in the request message
with this attribute set to TRUE, must clear the request information with this attribute set to TRUE, must clear the request information
Framework Policy Information Base November 2001
it maintains for this request handle and re-install the information it maintains for this request handle and re-install the information
received. received.
If this attribute is set to FALSE or if the incarnation instance is If this attribute is set to FALSE or if the incarnation instance is
missing in the request message, the request must be interpreted as missing in the request message, the request must be interpreted as
an incremental update to the previous request message. an incremental update to the previous request message.
2.3.2 Installing PRIs in a Request 2.3.2 Installing PRIs in a Request
If the PEP wants to install additional PRIs for a request handle, If the PEP wants to install additional PRIs for a request handle,
skipping to change at page 7, line 52 skipping to change at page 8, line 5
2.3.4 Removing PRIs from a Request 2.3.4 Removing PRIs from a Request
If the PEP wants to remove previously installed PRIs for a request If the PEP wants to remove previously installed PRIs for a request
handle, the PEP MUST ensure that frwkPibIncarnationFullState handle, the PEP MUST ensure that frwkPibIncarnationFullState
attribute is set to FALSE and MUST send the PRI bindings with the attribute is set to FALSE and MUST send the PRI bindings with the
PRID set to the InstanceId of the PRI to be removed and the length PRID set to the InstanceId of the PRI to be removed and the length
field in the EPD object header set to the header length only, field in the EPD object header set to the header length only,
effectively setting the data length to zero. effectively setting the data length to zero.
Framework Policy Information Base January 2002
Note that the PEP must send the same InstanceIds for the PRIs being Note that the PEP must send the same InstanceIds for the PRIs being
removed. If the PEP sends new InstanceIds and the length field in removed. If the PEP sends new InstanceIds and the length field in
the EPD object header is set to the header length only (implying the the EPD object header is set to the header length only (implying the
data length is zero), the PEP is attempting to remove an data length is zero), the PEP is attempting to remove an
unknown/non-existent PRI. This SHOULD result in the PDP sending unknown/non-existent PRI. This SHOULD result in the PDP sending
error PRIs in the solicited decision (see section 2.3.6 for a error PRIs in the solicited decision (see section 2.3.6 for a
description of the frwkErrorTable). description of the frwkErrorTable).
Framework Policy Information Base November 2001
If the PEP sends new InstanceIds and the length field in the EPD If the PEP sends new InstanceIds and the length field in the EPD
object header is greater than the header length only (implying the object header is greater than the header length only (implying the
EPD object has some attributes encoded in it), the PDP will EPD object has some attributes encoded in it), the PDP will
interpret this as an install of the PRI if it can decode the EPD interpret this as an install of the PRI if it can decode the EPD
successfully. successfully.
When a PDP receives a request with instances having InstanceIds that When a PDP receives a request with instances having InstanceIds that
exist in its state for that handle with the exist in its state for that handle with the
frwkPibIncarnationFullState in the incarnation instance set to FALSE frwkPibIncarnationFullState in the incarnation instance set to FALSE
or if the request has no incarnation information, and the length or if the request has no incarnation information, and the length
skipping to change at page 8, line 38 skipping to change at page 8, line 46
2.3.6 Error Handling in Request updates 2.3.6 Error Handling in Request updates
If the PDP cannot process all the request installs/updates/removes If the PDP cannot process all the request installs/updates/removes
in the COPS request message successfully, it MUST rollback to its in the COPS request message successfully, it MUST rollback to its
previous request state and it MUST send a solicited decision to the previous request state and it MUST send a solicited decision to the
PEP that contains frwkErrorTable instances. These instances contain PEP that contains frwkErrorTable instances. These instances contain
an error code and a sub-code as defined in the [COPS-PR] CPERR an error code and a sub-code as defined in the [COPS-PR] CPERR
object. For example if the PEP tries to remove an instance that does object. For example if the PEP tries to remove an instance that does
not exist, the 'priInstanceInvalid' error code must be sent to the not exist, the 'priInstanceInvalid' error code must be sent to the
PEP in a frwkError PRI. The frwkError PRIs also contain the PRC and PEP in a frwkError PRI. The frwkError PRIs also contain the PRC and
the instanceId of the error-causing PRI. The PEP may then examine the InstanceId of the error-causing PRI. The PEP may then examine
these error PRIs and resend the modified request. Note that, until these error PRIs and resend the modified request. Note that, until
the PEP resends the request updates/removes it will have the PEP resends the request updates/removes it will have
configuration information for the last successful request state it configuration information for the last successful request state it
sent to the PDP. sent to the PDP.
2.4. Multiple PIB Instances 2.4. Multiple PIB Instances
[COPS-PR] supports multiple, disjoint, independent instances of the [COPS-PR] supports multiple, disjoint, independent instances of the
PIB to represent multiple instances of configured policy. The PIB to represent multiple instances of configured policy. The
intent is to allow for the pre-provisioning of policy that can then intent is to allow for the pre-provisioning of policy that can then
be made active by a single, short decision from the PDP. be made active by a single, short decision from the PDP.
Framework Policy Information Base January 2002
A COPS context can be defined as an independent COPS request state A COPS context can be defined as an independent COPS request state
for a particular subject category (client-type). for a particular subject category (client-type).
With the COPS-PR protocol, each of these states is identified by a With the COPS-PR protocol, each of these states is identified by a
unique client handle. The creation and deletion of these PIB unique client handle. The creation and deletion of these PIB
instances can be controlled by the PDP as described in [COPS-PR] or instances can be controlled by the PDP as described in [COPS-PR] or
can be triggered by an event by the PEP. A PEP must open at least can be triggered by an event by the PEP. A PEP must open at least
one "request-state" for configuration for a given subject-category one "request-state" for configuration for a given subject-category
Framework Policy Information Base November 2001
(client type). Additional "request-states" at the PEP may be (client type). Additional "request-states" at the PEP may be
initiated by the PDP or asynchronously generated by the PEP for initiated by the PDP or asynchronously generated by the PEP for
outsourcing due to local events, which will be fully specified by outsourcing due to local events, which will be fully specified by
the PRID/EPD data carried in the request. the PRID/EPD data carried in the request.
The frwkPibIncarnationInCtxtSet flag defines a set of contexts out The frwkPibIncarnationInCtxtSet flag defines a set of contexts out
of which only one context can be active at any given time. This set of which only one context can be active at any given time. This set
is called the 'configuration contexts' set. At the most one context is called the 'configuration contexts' set. At the most one context
may be active from this 'configuration context' set at any given may be active from this 'configuration context' set at any given
time. Contexts that have the frwkPibIncarnationInCtxtSet attribute time. Contexts that have the frwkPibIncarnationInCtxtSet attribute
skipping to change at page 9, line 52 skipping to change at page 10, line 4
set can be active at any given time, the active one being selected set can be active at any given time, the active one being selected
by the PDP. The Framework PIB supports the attribute by the PDP. The Framework PIB supports the attribute
frwkPibIncarnationActive in the frwkPibIncarnationTable to allow the frwkPibIncarnationActive in the frwkPibIncarnationTable to allow the
PDP to denote the PIB instance as being active in a COPS decision PDP to denote the PIB instance as being active in a COPS decision
message, and similarly, to report the active state (active or not) message, and similarly, to report the active state (active or not)
of the PIB instance to the PDP in a COPS request message. of the PIB instance to the PDP in a COPS request message.
When the PEP installs an attribute frwkPibIncarnationActive that is When the PEP installs an attribute frwkPibIncarnationActive that is
'true' in one PIB instance which belongs to the 'configuration 'true' in one PIB instance which belongs to the 'configuration
contexts' set, the PEP must ensure, re-setting the attribute if contexts' set, the PEP must ensure, re-setting the attribute if
Framework Policy Information Base January 2002
necessary, that the frwkPibIncarnationActive attribute is 'false' necessary, that the frwkPibIncarnationActive attribute is 'false'
in all other installed contexts that belong to this set. To switch in all other installed contexts that belong to this set. To switch
contexts, the PDP should set the frwkPibIncarnationActive attribute contexts, the PDP should set the frwkPibIncarnationActive attribute
to 'true' in the context it wants to make the active context. The to 'true' in the context it wants to make the active context. The
PDP should set this attribute in a context to 'false' only if it PDP should set this attribute in a context to 'false' only if it
wants to send an inactive context to the PEP or deactivate the wants to send an inactive context to the PEP or deactivate the
active context on the PEP. If an active context is made inactive active context on the PEP. If an active context is made inactive
Framework Policy Information Base November 2001
without activating another context, the PEP must not have any without activating another context, the PEP must not have any
policies enforced from any configuration contexts installed. policies enforced from any configuration contexts installed.
2.5. Reporting and Configuring of Device Capabilities 2.5. Reporting and Configuring of Device Capabilities
Each network device providing policy-based services has its own Each network device providing policy-based services has its own
inherent capabilities. These capabilities can be hardware specific, inherent capabilities. These capabilities can be hardware specific,
e.g., an ethernet interface supporting input classification, or can e.g., an Ethernet interface supporting input classification, or can
be statically configured, e.g., supported queuing disciplines. be statically configured, e.g., supported queuing disciplines.
These capabilities are organized into Interface Capability Sets, These capabilities are organized into Interface Capability Sets,
with each Capability Set given a unique name (ifCapSetName) and with each Capability Set given a unique name (ifCapSetName) and
associated with a set of Role Combinations. Each Role Combination associated with a set of Role Combinations. Each Role Combination
may in that way be associated with a set of interfaces. . These may in that way be associated with a set of interfaces. . These
capabilities are communicated to the PDP when policy is requested by capabilities are communicated to the PDP when policy is requested by
the PEP. Knowing device capabilities, the PDP can send the the PEP. Knowing device capabilities, the PDP can send the
provisioning instances (PRIs) relevant to the specific device, provisioning instances (PRIs) relevant to the specific device,
rather than sending the entire PIB. rather than sending the entire PIB.
skipping to change at page 10, line 54 skipping to change at page 11, line 5
limitations, such as supporting a restricted set of enumerations or limitations, such as supporting a restricted set of enumerations or
requiring related attributes to have certain values, detail requiring related attributes to have certain values, detail
implementation limitations at a fine level of granularity. implementation limitations at a fine level of granularity.
A PDP can avoid certain installation issues in a proactive fashion A PDP can avoid certain installation issues in a proactive fashion
by taking into account a device's limitations prior to policy by taking into account a device's limitations prior to policy
installation rather than in a reactive mode during installation. As installation rather than in a reactive mode during installation. As
with device capabilities, device limitations are communicated to the with device capabilities, device limitations are communicated to the
PDP when policy is requested. PDP when policy is requested.
Framework Policy Information Base January 2002
Reported device limitations may be accompanied by guidance values Reported device limitations may be accompanied by guidance values
that can be used by a PDP to determine acceptable values for the that can be used by a PDP to determine acceptable values for the
identified attributes. identified attributes.
Framework Policy Information Base November 2001
3. The Framework TC PIB module 3. The Framework TC PIB module
FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION, pib FROM COPS-PR-SPPI IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION, pib FROM COPS-PR-SPPI;
SnmpAdminString FROM SNMP-FRAMEWORK-MIB;
frwkTcPib MODULE-IDENTITY frwkTcPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200111130400Z" LAST-UPDATED "200111130400Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO "Keith McCloghrie CONTACT-INFO "Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive, 170 West Tasman Drive,
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 526 5260 Phone: +1 408 526 5260
skipping to change at page 11, line 43 skipping to change at page 11, line 46
RoleCombination Textual Conventions and other RoleCombination Textual Conventions and other
generic TCs." generic TCs."
::= { pib tbd } -- tbd to be assigned by IANA ::= { pib tbd } -- tbd to be assigned by IANA
Role ::= TEXTUAL-CONVENTION Role ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A role represents a functionality characteristic or "A role represents a functionality characteristic or
capability of a resource to which policies are applied. capability of a resource to which policies are applied.
Examples of roles include Backbone_interface, Examples of roles include Backbone interface,
Frame_Relay_interface, BGP-capable-router, web-server, Frame_Relay_interface, BGP-capable-router, web-server,
firewall, etc. firewall, etc.
Valid characters are a-z, A-Z, 0-9, period, hyphen and Valid characters are a-z, A-Z, 0-9, period, hyphen and
underscore. A role must not start with an underscore." underscore. A role must not start with an underscore."
SYNTAX SnmpAdminString (SIZE (1..31)) SYNTAX OCTET STRING (SIZE (1..31))
RoleCombination ::= TEXTUAL-CONVENTION RoleCombination ::= TEXTUAL-CONVENTION
Framework Policy Information Base January 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A Display string consisting of a set of roles concatenated "A Display string consisting of a set of roles concatenated
with a '+' character where the roles are in lexicographic with a '+' character where the roles are in lexicographic
order from minimum to maximum. order from minimum to maximum.
For example, a+b and b+a are NOT different For example, a+b and b+a are NOT different
role-combinations; rather, they are different formatting of role-combinations; rather, they are different formatting of
the same (one) role-combination. the same (one) role-combination.
Framework Policy Information Base November 2001
Notice the roles within a role-combination are in Notice the roles within a role-combination are in
Lexicographic order from minimum to maximum, hence, we Lexicographic order from minimum to maximum, hence, we
declare: declare:
a+b is the valid formatting of the role-combination, a+b is the valid formatting of the role-combination,
b+a is an invalid formatting of the role-combination. b+a is an invalid formatting of the role-combination.
Notice the need of zero-length role-combination as the role- Notice the need of zero-length role-combination as the role-
combination of interfaces to which no roles have been combination of interfaces to which no roles have been
assigned. This role-combination is also known as the null assigned. This role-combination is also known as the null
role-combination. (Note the deliberate use of lower case role-combination. (Note the deliberate use of lower case
letters to avoid confusion with the ASCII NULL character letters to avoid confusion with the ASCII NULL character
which has a value of zero but length of one.)" which has a value of zero but length of one.)"
SYNTAX SnmpAdminString (SIZE (0..255)) SYNTAX OCTET STRING (SIZE (0..255))
PrcIdentifier ::= TEXTUAL-CONVENTION PrcIdentifier ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An OID that identifies a PRC. The value MUST be an OID "An OID that identifies a PRC. The value MUST be an OID
assigned to a PRC's row definition. An attribute with this assigned to a PRC's row definition. An attribute with this
syntax can have the value 0.0 (zeroDotZero) to indicate that syntax can have the value 0.0 (zeroDotZero) to indicate that
it currently does not identify a PRC." it currently does not identify a PRC."
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
skipping to change at page 12, line 51 skipping to change at page 13, line 4
An attribute with this syntax can have the value 0 to An attribute with this syntax can have the value 0 to
indicate that it currently does not identify a PRC indicate that it currently does not identify a PRC
attribute." attribute."
SYNTAX Unsigned32 SYNTAX Unsigned32
AttrIdentifierOid ::= TEXTUAL-CONVENTION AttrIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An OID that identifies an attribute in a PRC. The value "An OID that identifies an attribute in a PRC. The value
MUST be an OID assigned to a PRC's attribute definition. The MUST be an OID assigned to a PRC's attribute definition. The
Framework Policy Information Base January 2002
last sub-id is the position of the attribute as it is last sub-id is the position of the attribute as it is
defined in the PRC entry definition. The prefix OID (after defined in the PRC entry definition. The prefix OID (after
dropping the last sub-id) is the OID assigned to a defined dropping the last sub-id) is the OID assigned to a defined
PRC. An attribute with this syntax can have the value 0.0 PRC. An attribute with this syntax can have the value 0.0
(zeroDotZero) to indicate that it currently does not (zeroDotZero) to indicate that it currently does not
identify a PRC's attribute." identify a PRC's attribute."
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
Framework Policy Information Base November 2001
ClientType ::= TEXTUAL-CONVENTION ClientType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An Unsigned32 value that identifies a COPS Client-type "An Unsigned32 value that identifies a COPS Client-type
[COPS]. An attribute with this syntax must be set to zero if [COPS]. An attribute with this syntax must be set to zero if
it does not specify a COPS client-type." it does not specify a COPS client-type."
SYNTAX Unsigned32 (0..65535) SYNTAX Unsigned32 (0..65535)
ClientHandle ::= TEXTUAL-CONVENTION ClientHandle ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string that identifies a COPS Client handle "An octet string that identifies a COPS Client handle
[COPS]." [COPS]."
SYNTAX OCTET STRING (SIZE(0..65535)) SYNTAX OCTET STRING (SIZE(0..65535))
END END
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
4. Summary of the Framework PIB 4. Summary of the Framework PIB
The Framework PIB comprises of three groups: The Framework PIB comprises of three groups:
4.1. Base PIB classes Group 4.1. Base PIB classes Group
This contains PRCs intended to describe the PRCs supported This contains PRCs intended to describe the PRCs supported
by the PEP, PRC and/or attribute limitations and its current by the PEP, PRC and/or attribute limitations and its current
configuration. configuration.
skipping to change at page 15, line 5 skipping to change at page 15, line 5
on connecting to a PEP, can easily identify a known incarnation on connecting to a PEP, can easily identify a known incarnation
of policy. This PRC defines a flag via which the installed of policy. This PRC defines a flag via which the installed
contexts are divided into a set of contexts out of which only contexts are divided into a set of contexts out of which only
one context is active ('configuration contexts') and a set of one context is active ('configuration contexts') and a set of
'outsourcing contexts'. The incarnation PRC also 'outsourcing contexts'. The incarnation PRC also
defines an attribute to indicate which context is the defines an attribute to indicate which context is the
active one at the present time in the 'configuration contexts' active one at the present time in the 'configuration contexts'
set. The incarnation instance is specific to the particular set. The incarnation instance is specific to the particular
Subject Category (Client-Type). Subject Category (Client-Type).
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
Component Limitations Table Component Limitations Table
Some devices may not be able to implement the full range of Some devices may not be able to implement the full range of
values for all attributes. In principle, each PRC supports a values for all attributes. In principle, each PRC supports a
set of errors that the PEP can report to the PDP in the event set of errors that the PEP can report to the PDP in the event
that the specified policy is not implementable. It may be that the specified policy is not implementable. It may be
preferable for the PDP to be informed of the device limitations preferable for the PDP to be informed of the device limitations
before actually attempting to install policy, and while the before actually attempting to install policy, and while the
error can indicate that a particular attribute value is error can indicate that a particular attribute value is
skipping to change at page 16, line 5 skipping to change at page 16, line 5
Interface and Role Combination Table Interface and Role Combination Table
The Interface Capabilities Set Table (explained above) The Interface Capabilities Set Table (explained above)
describes the interfaces the PEP supports by their describes the interfaces the PEP supports by their
capabilities, by assigning the capability sets a unique name capabilities, by assigning the capability sets a unique name
(ifCapSetName). It is possible to tailor the behavior of (ifCapSetName). It is possible to tailor the behavior of
interfaces by assigning specific role-combinations to the interfaces by assigning specific role-combinations to the
capability sets. This allows interfaces with the same capability sets. This allows interfaces with the same
capability sets to be assigned different policies, based on the capability sets to be assigned different policies, based on the
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
current roles assigned to them. At the PDP, configuration is current roles assigned to them. At the PDP, configuration is
done in terms of these interface capability set names and the done in terms of these interface capability set names and the
role-combinations assigned to them. Thus, each row of this role-combinations assigned to them. Thus, each row of this
class is a <Interface Index, interface capability set name, class is a <Interface Index, interface capability set name,
Role Combo> tuple, that indicates the roles that have been Role Combo> tuple, that indicates the roles that have been
assigned to a particular capability set (as identified by assigned to a particular capability set (as identified by
IfCapSetName) and to a particular ifCapSetName. Note that the IfCapSetName) and to a particular ifCapSetName. Note that the
uniqueness criteria for this table has all the attributes, thus uniqueness criteria for this table has all the attributes, thus
a ifCapSetName may have multiple role-combinations that it is a ifCapSetName may have multiple role-combinations that it is
skipping to change at page 17, line 5 skipping to change at page 17, line 5
This group contains the 802 marker and internal label marker This group contains the 802 marker and internal label marker
PRCs. The 802 marker may be applied to mark 802 packets with the PRCs. The 802 marker may be applied to mark 802 packets with the
required VLAN Id and/or priority value. The Internal Label marker required VLAN Id and/or priority value. The Internal Label marker
is applied to traffic in order to label it with a network device is applied to traffic in order to label it with a network device
specific label. Such a label is used to assist the specific label. Such a label is used to assist the
differentiation of an input flow after it has been aggregated differentiation of an input flow after it has been aggregated
with other flows. The label is implementation specific and may with other flows. The label is implementation specific and may
be used for other policy related functions like flow accounting be used for other policy related functions like flow accounting
purposes and/or other data path treatments. purposes and/or other data path treatments.
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
5. The Framework PIB Module 5. The Framework PIB Module
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
Unsigned32, Integer32, MODULE-IDENTITY, Unsigned32, Integer32, MODULE-IDENTITY,
MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib
FROM COPS-PR-SPPI FROM COPS-PR-SPPI
InstanceId, Prid InstanceId, Prid
skipping to change at page 17, line 34 skipping to change at page 17, line 34
FROM IF-MIB FROM IF-MIB
DscpOrAny DscpOrAny
FROM DIFFSERV-DSCP-TC FROM DIFFSERV-DSCP-TC
TruthValue, PhysAddress TruthValue, PhysAddress
FROM SNMPv2-TC FROM SNMPv2-TC
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB; FROM SNMP-FRAMEWORK-MIB;
frameworkPib MODULE-IDENTITY frameworkPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200011130400Z" LAST-UPDATED "200201280400Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO " CONTACT-INFO "
Michael Fine Michael Fine
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 527 8218 Phone: +1 408 527 8218
Email: mfine@cisco.com Email: mfine@cisco.com
Keith McCloghrie Keith McCloghrie
skipping to change at page 18, line 5 skipping to change at page 18, line 5
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com" Email: jseligso@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"A PIB module containing the base set of provisioning "A PIB module containing the base set of provisioning
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
classes that are required for support of policies for classes that are required for support of policies for
all subject-categories." all subject-categories."
::= { pib tbd } -- tbd to be assigned by IANA ::= { pib tbd } -- tbd to be assigned by IANA
-- --
-- The root OID for PRCs in the Framework PIB -- The root OID for PRCs in the Framework PIB
-- --
skipping to change at page 19, line 5 skipping to change at page 19, line 5
DESCRIPTION DESCRIPTION
"An instance of the frwkPrcSupport class that identifies a "An instance of the frwkPrcSupport class that identifies a
specific PRC and associated attributes as supported specific PRC and associated attributes as supported
by the device." by the device."
PIB-INDEX { frwkPrcSupportPrid } PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc } UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 } ::= { frwkPrcSupportTable 1 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
FrwkPrcSupportEntry ::= SEQUENCE { FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid InstanceId, frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc PrcIdentifier, frwkPrcSupportSupportedPrc PrcIdentifier,
frwkPrcSupportSupportedAttrs OCTET STRING frwkPrcSupportSupportedAttrs OCTET STRING
} }
frwkPrcSupportPrid OBJECT-TYPE frwkPrcSupportPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
skipping to change at page 20, line 5 skipping to change at page 20, line 5
corresponding to the (8*i)-th class attribute. Each bit corresponding to the (8*i)-th class attribute. Each bit
specifies whether or not the corresponding class attribute specifies whether or not the corresponding class attribute
is currently supported, with a '1' indicating support and a is currently supported, with a '1' indicating support and a
'0' indicating no support. If the value of this bit string '0' indicating no support. If the value of this bit string
is N bits long and there are more than N class attributes is N bits long and there are more than N class attributes
then the bit string is logically extended with 0's to the then the bit string is logically extended with 0's to the
required length." required length."
::= { frwkPrcSupportEntry 3 } ::= { frwkPrcSupportEntry 3 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
-- --
-- PIB Incarnation Table -- PIB Incarnation Table
-- --
frwkPibIncarnationTable OBJECT-TYPE frwkPibIncarnationTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkPibIncarnationEntry SYNTAX SEQUENCE OF FrwkPibIncarnationEntry
PIB-ACCESS install-notify PIB-ACCESS install-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 21, line 5 skipping to change at page 21, line 5
frwkPibIncarnationPrid OBJECT-TYPE frwkPibIncarnationPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index to uniquely identify an instance of this "An index to uniquely identify an instance of this
provisioning class." provisioning class."
::= { frwkPibIncarnationEntry 1 } ::= { frwkPibIncarnationEntry 1 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkPibIncarnationName OBJECT-TYPE frwkPibIncarnationName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the PDP that installed the current incarnation "The name of the PDP that installed the current incarnation
of the PIB into the device. By default, it is the zero of the PIB into the device. By default, it is the zero
length string." length string."
::= { frwkPibIncarnationEntry 2 } ::= { frwkPibIncarnationEntry 2 }
skipping to change at page 22, line 5 skipping to change at page 22, line 5
the incarnation and download new policy, if necessary, on a the incarnation and download new policy, if necessary, on a
reconnect. On receiving a Remove-State [COPS-PR] for the reconnect. On receiving a Remove-State [COPS-PR] for the
active context, this attribute value MUST be ignored and the active context, this attribute value MUST be ignored and the
PEP should expire the policy in that active context PEP should expire the policy in that active context
immediately. immediately.
Policy enforcement timing only applies to policies that have Policy enforcement timing only applies to policies that have
been installed dynamically (e.g., by a PDP via COPS)." been installed dynamically (e.g., by a PDP via COPS)."
::= { frwkPibIncarnationEntry 4 } ::= { frwkPibIncarnationEntry 4 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkPibIncarnationTtl OBJECT-TYPE frwkPibIncarnationTtl OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "seconds" UNITS "seconds"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of seconds after a Client Close or TCP timeout "The number of seconds after a Client Close or TCP timeout
for which the PEP continues to enforce the policy in the for which the PEP continues to enforce the policy in the
PIB. After this interval, the PIB is considered expired and PIB. After this interval, the PIB is considered expired and
the device no longer enforces the policy installed in the the device no longer enforces the policy installed in the
skipping to change at page 23, line 5 skipping to change at page 23, line 5
When the PDP installs an attribute frwkPibIncarnationActive When the PDP installs an attribute frwkPibIncarnationActive
on the PEP that is 'true' in one PIB instance and if the on the PEP that is 'true' in one PIB instance and if the
context belongs to the 'configuration contexts' set, the PEP context belongs to the 'configuration contexts' set, the PEP
must ensure, re-setting the attribute if necessary, that the must ensure, re-setting the attribute if necessary, that the
frwkPibIncarnationActive attribute is 'false' in all other frwkPibIncarnationActive attribute is 'false' in all other
contexts which belong to the 'configuration contexts' set." contexts which belong to the 'configuration contexts' set."
::= { frwkPibIncarnationEntry 7 } ::= { frwkPibIncarnationEntry 7 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkPibIncarnationFullState OBJECT-TYPE frwkPibIncarnationFullState OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute is interpreted only when sent in a COPS "This attribute is interpreted only when sent in a COPS
request message from the PEP to the PDP. It does not have request message from the PEP to the PDP. It does not have
any meaning when sent from the PDP to the PDP. any meaning when sent from the PDP to the PDP.
If this attribute is set to TRUE by the PEP, then the If this attribute is set to TRUE by the PEP, then the
skipping to change at page 24, line 5 skipping to change at page 24, line 5
SYNTAX FrwkDeviceIdEntry SYNTAX FrwkDeviceIdEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkDeviceId class. Only one instance of "An instance of the frwkDeviceId class. Only one instance of
this provisioning class is ever instantiated." this provisioning class is ever instantiated."
PIB-INDEX { frwkDeviceIdPrid } PIB-INDEX { frwkDeviceIdPrid }
::= { frwkDeviceIdTable 1 } ::= { frwkDeviceIdTable 1 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
FrwkDeviceIdEntry ::= SEQUENCE { FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid InstanceId, frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString, frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32, frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32 frwkDeviceIdMaxContexts Unsigned32
} }
frwkDeviceIdPrid OBJECT-TYPE frwkDeviceIdPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
skipping to change at page 25, line 5 skipping to change at page 25, line 5
this attribute if it not defined." this attribute if it not defined."
::= { frwkDeviceIdEntry 3 } ::= { frwkDeviceIdEntry 3 }
frwkDeviceIdMaxContexts OBJECT-TYPE frwkDeviceIdMaxContexts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "contexts" UNITS "contexts"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
"The maximum number of unique contexts supported by "The maximum number of unique contexts supported by
the device. This is an additional error-avoidance mechanism the device. This is an additional error-avoidance mechanism
to allow the administrators to have the ability to control to allow the administrators to have the ability to control
the number of contexts installed on the device. The device the number of contexts installed on the device. The
should send NULL for this attribute if it is not device should send the MAX value for Unsigned32 for
specified." this attribute if it not defined."
::= { frwkDeviceIdEntry 4 } ::= { frwkDeviceIdEntry 4 }
-- --
-- Component Limitations Table -- Component Limitations Table
-- --
-- This table supports the ability to export information -- This table supports the ability to export information
-- detailing provisioning class/attribute implementation limitations -- detailing provisioning class/attribute implementation limitations
-- to the policy management system. Instances of this PRC apply only -- to the policy management system. Instances of this PRC apply only
skipping to change at page 26, line 5 skipping to change at page 26, line 5
to define PRC specific error codes that can be returned for to define PRC specific error codes that can be returned for
policy installation. This allows efficient debugging of PIB policy installation. This allows efficient debugging of PIB
implementations." implementations."
PIB-INDEX { frwkCompLimitsPrid } PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent, UNIQUENESS { frwkCompLimitsComponent,
frwkCompLimitsAttrPos, frwkCompLimitsAttrPos,
frwkCompLimitsNegation, frwkCompLimitsNegation,
frwkCompLimitsType, frwkCompLimitsType,
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkCompLimitsSubType, frwkCompLimitsSubType,
frwkCompLimitsGuidance } frwkCompLimitsGuidance }
::= { frwkCompLimitsTable 1 } ::= { frwkCompLimitsTable 1 }
FrwkCompLimitsEntry ::= SEQUENCE { FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid InstanceId, frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent PrcIdentifier, frwkCompLimitsComponent PrcIdentifier,
frwkCompLimitsAttrPos AttrIdentifier, frwkCompLimitsAttrPos AttrIdentifier,
skipping to change at page 27, line 5 skipping to change at page 27, line 5
DESCRIPTION DESCRIPTION
"The relative position of the attribute within the PRC "The relative position of the attribute within the PRC
specified by the frwkCompLimitsComponent. A value of 1 would specified by the frwkCompLimitsComponent. A value of 1 would
represent the first columnar object in the PRC and a value represent the first columnar object in the PRC and a value
of N would represent the Nth columnar object in the PRC. A of N would represent the Nth columnar object in the PRC. A
NULL value indicates that the limit applies to the PRC NULL value indicates that the limit applies to the PRC
itself and not to a specific attribute." itself and not to a specific attribute."
::= { frwkCompLimitsEntry 3 } ::= { frwkCompLimitsEntry 3 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkCompLimitsNegation OBJECT-TYPE frwkCompLimitsNegation OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A boolean value ,if TRUE, negates the component limit "A boolean value ,if TRUE, negates the component limit
exported." exported."
::= { frwkCompLimitsEntry 4 } ::= { frwkCompLimitsEntry 4 }
skipping to change at page 28, line 5 skipping to change at page 28, line 5
value for the identified component is limited. The component value for the identified component is limited. The component
identified MUST be a valid PRC attribute of base-type OCTET identified MUST be a valid PRC attribute of base-type OCTET
STRING. STRING.
prcLimitedNotify (5) - The component is currently limited prcLimitedNotify (5) - The component is currently limited
for use by request or report messages prohibiting decision for use by request or report messages prohibiting decision
installation. The component identified must be a valid PRC." installation. The component identified must be a valid PRC."
::= { frwkCompLimitsEntry 5 } ::= { frwkCompLimitsEntry 5 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkCompLimitsSubType OBJECT-TYPE frwkCompLimitsSubType OBJECT-TYPE
SYNTAX Unsigned32 { SYNTAX Unsigned32 {
none(1), none(1),
lengthMin(2), lengthMin(2),
lengthMax(3), lengthMax(3),
rangeMin(4), rangeMin(4),
rangeMax(5), rangeMax(5),
enumMin(6), enumMin(6),
enumMax(7), enumMax(7),
skipping to change at page 29, line 5 skipping to change at page 29, line 5
A value of 'rangeMax(5)' means that the guidance A value of 'rangeMax(5)' means that the guidance
attribute provides data related to the upper bound attribute provides data related to the upper bound
of the range for the value of the identified of the range for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'rangeMin(4)' value is required specifying the 'rangeMin(4)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'enumMin(6)' means that the guidance A value of 'enumMin(6)' means that the guidance
attribute provides data related to the lowest attribute provides data related to the lowest
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
enumeration acceptable for the value of the enumeration acceptable for the value of the
identified component. A corresponding identified component. A corresponding
class instance specifying the 'enumMax(7)' class instance specifying the 'enumMax(7)'
value is required in conjunction with this sub-type. value is required in conjunction with this sub-type.
A value of 'enumMax(7)' means that the guidance A value of 'enumMax(7)' means that the guidance
attribute provides data related to the largest attribute provides data related to the largest
enumeration acceptable for the value of the enumeration acceptable for the value of the
identified component. A corresponding identified component. A corresponding
skipping to change at page 30, line 5 skipping to change at page 30, line 5
values for certain attributes. values for certain attributes.
Also, an implementation of a PRC may be limited in the ways Also, an implementation of a PRC may be limited in the ways
it can be accessed. For instance, for a fictitious PRC it can be accessed. For instance, for a fictitious PRC
dscpMapEntry, which has a PIB-ACCESS of 'install-notify': dscpMapEntry, which has a PIB-ACCESS of 'install-notify':
Component Type SubType Guidance Component Type SubType Guidance
------------------------------------------------------------ ------------------------------------------------------------
dscpMapEntry prcLimitedNotify none zero-length string." dscpMapEntry prcLimitedNotify none zero-length string."
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
::= { frwkCompLimitsEntry 6 } ::= { frwkCompLimitsEntry 6 }
frwkCompLimitsGuidance OBJECT-TYPE frwkCompLimitsGuidance OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value used to convey additional information related "A value used to convey additional information related
to the implementation limitation. Note that a guidance to the implementation limitation. Note that a guidance
value will not necessarily be provided for all exported value will not necessarily be provided for all exported
skipping to change at page 31, line 5 skipping to change at page 31, line 5
SYNTAX SEQUENCE OF FrwkReferenceEntry SYNTAX SEQUENCE OF FrwkReferenceEntry
PIB-ACCESS install-notify PIB-ACCESS install-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each instance of this class specifies a reference to a PRI "Each instance of this class specifies a reference to a PRI
in a specific PIB context (handle) for a specific client- in a specific PIB context (handle) for a specific client-
type." type."
::= { frwkBasePibClasses 5 } ::= { frwkBasePibClasses 5 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkReferenceEntry OBJECT-TYPE frwkReferenceEntry OBJECT-TYPE
SYNTAX FrwkReferenceEntry SYNTAX FrwkReferenceEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Entry specification for the frwkReferenceTable." "Entry specification for the frwkReferenceTable."
PIB-INDEX { frwkReferencePrid } PIB-INDEX { frwkReferencePrid }
UNIQUENESS { } UNIQUENESS { }
skipping to change at page 32, line 5 skipping to change at page 32, line 5
frwkReferenceClientHandle OBJECT-TYPE frwkReferenceClientHandle OBJECT-TYPE
SYNTAX ClientHandle SYNTAX ClientHandle
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Must be set to specify a valid client-handle in the scope "Must be set to specify a valid client-handle in the scope
of the client-type specified." of the client-type specified."
::= { frwkReferenceEntry 3 } ::= { frwkReferenceEntry 3 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkReferenceInstance OBJECT-TYPE frwkReferenceInstance OBJECT-TYPE
SYNTAX Prid SYNTAX Prid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"References a PRI in the context identified by "References a PRI in the context identified by
frwkReferenceClientHandle for client-type identified by frwkReferenceClientHandle for client-type identified by
frwkReferenceClientType." frwkReferenceClientType."
::= { frwkReferenceEntry 4 } ::= { frwkReferenceEntry 4 }
skipping to change at page 33, line 5 skipping to change at page 33, line 5
frwkErrorPrid OBJECT-TYPE frwkErrorPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkError class." instance of the frwkError class."
::= { frwkErrorEntry 1 } ::= { frwkErrorEntry 1 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
frwkErrorCode OBJECT-TYPE frwkErrorCode OBJECT-TYPE
SYNTAX Unsigned32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Error code defined in [COPS-PR] CPERR object." "Error code defined in [COPS-PR] CPERR object."
::= { frwkErrorEntry 2 } ::= { frwkErrorEntry 2 }
frwkErrorSubCode OBJECT-TYPE frwkErrorSubCode OBJECT-TYPE
skipping to change at page 34, line 5 skipping to change at page 34, line 5
::= { frwkErrorEntry 5 } ::= { frwkErrorEntry 5 }
-- --
-- The device interface capabilities and role combo classes group -- The device interface capabilities and role combo classes group
-- --
frwkDeviceCapClasses frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 } OBJECT IDENTIFIER ::= { frameworkPib 2 }
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
-- --
-- Interface Capability Set Table -- Interface Capability Set Table
-- --
frwkIfCapSetTable OBJECT-TYPE frwkIfCapSetTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfCapSetEntry SYNTAX SEQUENCE OF FrwkIfCapSetEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 35, line 5 skipping to change at page 35, line 5
"An arbitrary integer index that uniquely identifies a "An arbitrary integer index that uniquely identifies a
instance of the class." instance of the class."
::= { frwkIfCapSetEntry 1 } ::= { frwkIfCapSetEntry 1 }
frwkIfCapSetName OBJECT-TYPE frwkIfCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
"The name for the capability set. The capability set name "The name for the capability set. The capability set name
is the unique identifier of an interface type." is the unique identifier of an interface type."
::= { frwkIfCapSetEntry 2 } ::= { frwkIfCapSetEntry 2 }
frwkIfCapSetCapability OBJECT-TYPE frwkIfCapSetCapability OBJECT-TYPE
SYNTAX Prid SYNTAX Prid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The complete PRC OID and instance identifier specifying the "The complete PRC OID and instance identifier specifying the
capability PRC instance for the interface." capability PRC instance for the interface."
::= { frwkIfCapSetEntry 3 } ::= { frwkIfCapSetEntry 3 }
-- --
-- Interface and Role Combination Table -- Interface and Role Combination Tables
--
frwkRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkRoleComboEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"This is an abstract PRC that may be extended or referenced
to enumerate the role combinations, capability set names
assigned to any interface on a PEP. The identification of
the interface is to be defined by its extensions or
referencing PRCs."
::= { frwkDeviceCapClasses 2 }
frwkRoleComboEntry OBJECT-TYPE
SYNTAX FrwkRoleComboEntry
STATUS current
DESCRIPTION
"An instance of this class describes one association of an
interface to a role-combination and capability set name .
Note that an interface can have multiple associations. This
constraint is controlled by the extending or referencing
PRC's uniqueness clause."
PIB-INDEX { frwkRoleComboPrid }
UNIQUENESS { }
::= { frwkRoleComboTable 1 }
FrwkRoleComboEntry ::= SEQUENCE {
frwkRoleComboPrid InstanceId,
Framework Policy Information Base January 2002
frwkRoleComboRoles RoleCombination,
frwkRoleComboCapSetName SnmpAdminString
}
frwkRoleComboPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the class."
::= { frwkRoleComboEntry 1 }
frwkRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination
STATUS current
DESCRIPTION
"The role combination assigned to a specific interface."
::= { frwkRoleComboEntry 2 }
frwkRoleComboCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString
STATUS current
DESCRIPTION
"The name of the interface capability set associated with
the Role Combination specified in frwkRoleComboRoles.
This name must exist in frwkIfCapSetTable."
::= { frwkRoleComboEntry 3 }
--
-- Interface, Role Combinatrion association via IfIndex
-- --
frwkIfRoleComboTable OBJECT-TYPE frwkIfRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfRoleComboEntry SYNTAX SEQUENCE OF FrwkIfRoleComboEntry
PIB-ACCESS install-notify PIB-ACCESS install-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This table enumerates the interface to role combination and "This table enumerates the interface to role combination and
IfCapSetName mapping for all policy managed interfaces of a IfCapSetName mapping for all policy managed interfaces of a
device. Policy for an interface depends not only on the device. Policy for an interface depends not only on the
capability set of an interface but also on its roles. This capability set of an interface but also on its roles. This
table specifies all the <interface index, interface table specifies all the <interface index, interface
capability set name, role combination> tuples currently on capability set name, role combination> tuples currently on
the device" the device"
::= { frwkDeviceCapClasses 2 } ::= { frwkDeviceCapClasses 3 }
Framework Policy Information Base January 2002
frwkIfRoleComboEntry OBJECT-TYPE frwkIfRoleComboEntry OBJECT-TYPE
SYNTAX FrwkIfRoleComboEntry SYNTAX FrwkIfRoleComboEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of this class describes the association of "An instance of this class describes the association of
a interface to an IfCapSetName and a role combination. a interface to an IfCapSetName and a role combination.
Note that a IfCapSetName can have multiple role combinations Note that a IfCapSetName can have multiple role combinations
assigned to it, but an IfIndex can have only one role assigned to it, but an IfIndex can have only one role
combination associated." combination associated."
PIB-INDEX { frwkIfRoleComboPrid } EXTENDS { frwkRoleComboEntry }
UNIQUENESS { frwkIfRoleComboIfIndex } UNIQUENESS { frwkIfRoleComboIfIndex,
frwkRoleComboCapSetName }
::= { frwkIfRoleComboTable 1 } ::= { frwkIfRoleComboTable 1 }
Framework Policy Information Base November 2001
FrwkIfRoleComboEntry ::= SEQUENCE { FrwkIfRoleComboEntry ::= SEQUENCE {
frwkIfRoleComboPrid InstanceId, frwkIfRoleComboIfIndex InterfaceIndex
frwkIfRoleComboIfIndex InterfaceIndex,
frwkIfRoleComboRoles RoleCombination,
frwkIfRoleComboCapSetName SnmpAdminString
} }
frwkIfRoleComboPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the class."
::= { frwkIfRoleComboEntry 1 }
frwkIfRoleComboIfIndex OBJECT-TYPE frwkIfRoleComboIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex SYNTAX InterfaceIndex
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The ifIndex value for which this conceptual row provides "The ifIndex value for which this conceptual row provides
policy information via the use of role combination." policy information via the use of role combination."
::= { frwkIfRoleComboEntry 2 } ::= { frwkIfRoleComboEntry 1 }
frwkIfRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination
STATUS current
DESCRIPTION
"The role combination of a specific interface. "
::= { frwkIfRoleComboEntry 3 }
frwkIfRoleComboCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString
STATUS current
DESCRIPTION
"The name of the interface capability set associated with
the Role Combination specified in frwkIfRoleComboRoles.
This name must exist in frwkIfCapSetTable."
::= { frwkIfRoleComboEntry 4 }
Framework Policy Information Base November 2001
-- --
-- The Classification classes group -- The Classification classes group
-- --
frwkClassifierClasses frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 } OBJECT IDENTIFIER ::= { frameworkPib 3 }
-- --
-- The Base Filter Table -- The Base Filter Table
-- --
frwkBaseFilterTable OBJECT-TYPE frwkBaseFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkBaseFilterEntry SYNTAX SEQUENCE OF FrwkBaseFilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base January 2002
"The Base Filter class. A packet has to match all "The Base Filter class. A packet has to match all
fields in an Filter. Wildcards may be specified for those fields in an Filter. Wildcards may be specified for those
fields that are not relevant." fields that are not relevant."
::= { frwkClassifierClasses 1 } ::= { frwkClassifierClasses 1 }
frwkBaseFilterEntry OBJECT-TYPE frwkBaseFilterEntry OBJECT-TYPE
SYNTAX FrwkBaseFilterEntry SYNTAX FrwkBaseFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 38, line 4 skipping to change at page 38, line 42
"An integer index to uniquely identify this Filter among all "An integer index to uniquely identify this Filter among all
the Filters." the Filters."
::= { frwkBaseFilterEntry 1 } ::= { frwkBaseFilterEntry 1 }
frwkBaseFilterNegation OBJECT-TYPE frwkBaseFilterNegation OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute behaves like a logical NOT for the filter. "This attribute behaves like a logical NOT for the filter.
Framework Policy Information Base November 2001
If the packet matches this filter and the value of this If the packet matches this filter and the value of this
attribute is true, the action associated with this filter attribute is true, the action associated with this filter
is not applied to the packet. If the value of this is not applied to the packet. If the value of this
attribute is false, then the action is applied to the attribute is false, then the action is applied to the
packet." packet."
::= { frwkBaseFilterEntry 2 } ::= { frwkBaseFilterEntry 2 }
-- --
-- The IP Filter Table -- The IP Filter Table
-- --
frwkIpFilterTable OBJECT-TYPE frwkIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIpFilterEntry SYNTAX SEQUENCE OF FrwkIpFilterEntry
Framework Policy Information Base January 2002
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filter definitions. A packet has to match all fields in a "Filter definitions. A packet has to match all fields in a
filter. Wildcards may be specified for those fields that filter. Wildcards may be specified for those fields that
are not relevant." are not relevant."
INSTALL-ERRORS { INSTALL-ERRORS {
invalidDstL4PortData(1), invalidDstL4PortData(1),
invalidSrcL4PortData(2) invalidSrcL4PortData(2)
skipping to change at page 39, line 5 skipping to change at page 39, line 43
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterFlowId, frwkIpFilterFlowId,
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax, frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin, frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax } frwkIpFilterSrcL4PortMax }
::= { frwkIpFilterTable 1 } ::= { frwkIpFilterTable 1 }
Framework Policy Information Base November 2001
FrwkIpFilterEntry ::= SEQUENCE { FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterAddrType InetAddressType, frwkIpFilterAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress, frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstPrefixLength InetAddressPrefixLength, frwkIpFilterDstPrefixLength InetAddressPrefixLength,
frwkIpFilterSrcAddr InetAddress, frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcPrefixLength InetAddressPrefixLength, frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
frwkIpFilterDscp DscpOrAny, frwkIpFilterDscp DscpOrAny,
frwkIpFilterFlowId Unsigned32, frwkIpFilterFlowId Unsigned32,
frwkIpFilterProtocol Integer32, frwkIpFilterProtocol Integer32,
frwkIpFilterDstL4PortMin InetPortNumber, frwkIpFilterDstL4PortMin InetPortNumber,
frwkIpFilterDstL4PortMax InetPortNumber, frwkIpFilterDstL4PortMax InetPortNumber,
frwkIpFilterSrcL4PortMin InetPortNumber, frwkIpFilterSrcL4PortMin InetPortNumber,
frwkIpFilterSrcL4PortMax InetPortNumber frwkIpFilterSrcL4PortMax InetPortNumber
} }
Framework Policy Information Base January 2002
frwkIpFilterAddrType OBJECT-TYPE frwkIpFilterAddrType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address type enumeration value [INETADDR] to specify "The address type enumeration value [INETADDR] to specify
the type of the packet's IP address." the type of the packet's IP address."
::= { frwkIpFilterEntry 1 } ::= { frwkIpFilterEntry 1 }
skipping to change at page 40, line 5 skipping to change at page 40, line 43
IP address. Masks are constructed by setting bits in IP address. Masks are constructed by setting bits in
sequence from the most-significant bit downwards for sequence from the most-significant bit downwards for
frwkIpFilterDstPrefixLength bits length. All other bits in frwkIpFilterDstPrefixLength bits length. All other bits in
the mask, up to the number needed to fill the length of the mask, up to the number needed to fill the length of
the address frwkIpFilterDstAddr are cleared to zero. A zero the address frwkIpFilterDstAddr are cleared to zero. A zero
bit in the mask then means that the corresponding bit in bit in the mask then means that the corresponding bit in
the address always matches." the address always matches."
::= { frwkIpFilterEntry 3 } ::= { frwkIpFilterEntry 3 }
Framework Policy Information Base November 2001
frwkIpFilterSrcAddr OBJECT-TYPE frwkIpFilterSrcAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address to match against the packet's source IP "The IP address to match against the packet's source IP
address. frwkIpFilterSrcPrefixLength indicates the address. frwkIpFilterSrcPrefixLength indicates the
number of bits that are relevant. " number of bits that are relevant. "
::= { frwkIpFilterEntry 4 } ::= { frwkIpFilterEntry 4 }
frwkIpFilterSrcPrefixLength OBJECT-TYPE frwkIpFilterSrcPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressPrefixLength
UNITS "bits" UNITS "bits"
STATUS current STATUS current
Framework Policy Information Base January 2002
DESCRIPTION DESCRIPTION
"The length of a mask for the matching of the source IP "The length of a mask for the matching of the source IP
address. Masks are constructed by setting bits in sequence address. Masks are constructed by setting bits in sequence
from the most-significant bit downwards for from the most-significant bit downwards for
frwkIpFilterSrcPrefixLength bits length. All other bits in frwkIpFilterSrcPrefixLength bits length. All other bits in
the mask, up to the number needed to fill the length of the mask, up to the number needed to fill the length of
the address frwkIpFilterSrcAddr are cleared to zero. A the address frwkIpFilterSrcAddr are cleared to zero. A
zero bit in the mask then means that the corresponding bit zero bit in the mask then means that the corresponding bit
in the address always matches." in the address always matches."
skipping to change at page 41, line 5 skipping to change at page 41, line 46
frwkIpFilterProtocol OBJECT-TYPE frwkIpFilterProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255) SYNTAX Integer32 (-1 | 0..255)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP protocol to match against the packet's protocol. "The IP protocol to match against the packet's protocol.
A value of -1 means match all." A value of -1 means match all."
::= { frwkIpFilterEntry 8 } ::= { frwkIpFilterEntry 8 }
Framework Policy Information Base November 2001
frwkIpFilterDstL4PortMin OBJECT-TYPE frwkIpFilterDstL4PortMin OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 destination "The minimum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or lesser that the value specified for this be equal to or lesser that the value specified for this
filter in frwkIpFilterDstL4PortMax." filter in frwkIpFilterDstL4PortMax."
::= { frwkIpFilterEntry 9 } ::= { frwkIpFilterEntry 9 }
frwkIpFilterDstL4PortMax OBJECT-TYPE frwkIpFilterDstL4PortMax OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
Framework Policy Information Base January 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 destination "The maximum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or greater that the value specified for this be equal to or greater that the value specified for this
filter in frwkIpFilterDstL4PortMin." filter in frwkIpFilterDstL4PortMin."
::= { frwkIpFilterEntry 10 } ::= { frwkIpFilterEntry 10 }
frwkIpFilterSrcL4PortMin OBJECT-TYPE frwkIpFilterSrcL4PortMin OBJECT-TYPE
skipping to change at page 42, line 5 skipping to change at page 42, line 38
SYNTAX InetPortNumber SYNTAX InetPortNumber
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 source port "The maximum value that the packet's layer 4 source port
number can have and match this filter. This value must be number can have and match this filter. This value must be
equal to or greater that the value specified for this filter equal to or greater that the value specified for this filter
in frwkIpFilterSrcL4PortMin." in frwkIpFilterSrcL4PortMin."
::= { frwkIpFilterEntry 12 } ::= { frwkIpFilterEntry 12 }
Framework Policy Information Base November 2001
-- --
-- The IEEE 802 Filter Table -- The IEEE 802 Filter Table
-- --
-- The IEEE 802 Filter Table supports the specification of IEEE -- The IEEE 802 Filter Table supports the specification of IEEE
-- 802-based [802] (e.g., 802.3) information that is used to perform -- 802-based [802] (e.g., 802.3) information that is used to perform
-- traffic classification. -- traffic classification.
-- --
frwk802FilterTable OBJECT-TYPE frwk802FilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF Frwk802FilterEntry SYNTAX SEQUENCE OF Frwk802FilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"IEEE 802-based filter definitions. A class that contains "IEEE 802-based filter definitions. A class that contains
attributes of IEEE 802 (e.g., 802.3) traffic that form attributes of IEEE 802 (e.g., 802.3) traffic that form
filters that are used to perform traffic classification." filters that are used to perform traffic classification."
Framework Policy Information Base January 2002
::= { frwkClassifierClasses 3 } ::= { frwkClassifierClasses 3 }
frwk802FilterEntry OBJECT-TYPE frwk802FilterEntry OBJECT-TYPE
SYNTAX Frwk802FilterEntry SYNTAX Frwk802FilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"IEEE 802-based filter definitions. An entry specifies "IEEE 802-based filter definitions. An entry specifies
(potentially) several distinct matching components. Each (potentially) several distinct matching components. Each
component is tested against the data in a frame component is tested against the data in a frame
individually. An overall match occurs when all of the individually. An overall match occurs when all of the
skipping to change at page 43, line 5 skipping to change at page 43, line 37
frwk802FilterDstAddrMask, frwk802FilterDstAddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask, frwk802FilterSrcAddrMask,
frwk802FilterVlanId, frwk802FilterVlanId,
frwk802FilterVlanTagRequired, frwk802FilterVlanTagRequired,
frwk802FilterEtherType, frwk802FilterEtherType,
frwk802FilterUserPriority } frwk802FilterUserPriority }
::= { frwk802FilterTable 1 } ::= { frwk802FilterTable 1 }
Framework Policy Information Base November 2001
Frwk802FilterEntry ::= SEQUENCE { Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress, frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress, frwk802FilterDstAddrMask PhysAddress,
frwk802FilterSrcAddr PhysAddress, frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress, frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32, frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired Unsigned32, frwk802FilterVlanTagRequired Unsigned32,
frwk802FilterEtherType Integer32, frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS frwk802FilterUserPriority BITS
} }
frwk802FilterDstAddr OBJECT-TYPE frwk802FilterDstAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 address against which the 802 DA of incoming "The 802 address against which the 802 DA of incoming
traffic streams will be compared. Frames whose 802 DA traffic streams will be compared. Frames whose 802 DA
matches the physical address specified by this object, matches the physical address specified by this object,
taking into account address wildcarding as specified by the taking into account address wildcarding as specified by the
Framework Policy Information Base January 2002
frwk802FilterDstAddrMask object, are potentially subject to frwk802FilterDstAddrMask object, are potentially subject to
the processing guidelines that are associated with this the processing guidelines that are associated with this
entry through the related action class." entry through the related action class."
::= { frwk802FilterEntry 1 } ::= { frwk802FilterEntry 1 }
frwk802FilterDstAddrMask OBJECT-TYPE frwk802FilterDstAddrMask OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 44, line 5 skipping to change at page 44, line 37
frwk802FilterDstAddr value must also be masked using this frwk802FilterDstAddr value must also be masked using this
value prior to any comparisons. value prior to any comparisons.
The length of this object in octets must equal the length in The length of this object in octets must equal the length in
octets of the frwk802FilterDstAddr. Note that a mask with no octets of the frwk802FilterDstAddr. Note that a mask with no
bits set (i.e., all zeroes) effectively wildcards the bits set (i.e., all zeroes) effectively wildcards the
frwk802FilterDstAddr object." frwk802FilterDstAddr object."
::= { frwk802FilterEntry 2 } ::= { frwk802FilterEntry 2 }
Framework Policy Information Base November 2001
frwk802FilterSrcAddr OBJECT-TYPE frwk802FilterSrcAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 MAC address against which the 802 MAC SA of "The 802 MAC address against which the 802 MAC SA of
incoming traffic streams will be compared. Frames whose 802 incoming traffic streams will be compared. Frames whose 802
MAC SA matches the physical address specified by this MAC SA matches the physical address specified by this
object, taking into account address wildcarding as specified object, taking into account address wildcarding as specified
by the frwk802FilterSrcAddrMask object, are potentially by the frwk802FilterSrcAddrMask object, are potentially
subject to the processing guidelines that are associated subject to the processing guidelines that are associated
skipping to change at page 44, line 28 skipping to change at page 45, line 4
::= { frwk802FilterEntry 3 } ::= { frwk802FilterEntry 3 }
frwk802FilterSrcAddrMask OBJECT-TYPE frwk802FilterSrcAddrMask OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object specifies the bits in a 802 MAC source address "This object specifies the bits in a 802 MAC source address
that should be considered when performing a 802 MAC SA that should be considered when performing a 802 MAC SA
comparison against the address specified in the comparison against the address specified in the
Framework Policy Information Base January 2002
frwk802FilterSrcAddr object. frwk802FilterSrcAddr object.
The value of this object represents a mask that is logically The value of this object represents a mask that is logically
and'ed with the 802 MAC SA in received frames to derive the and'ed with the 802 MAC SA in received frames to derive the
value to be compared against the frwk802FilterSrcAddr value to be compared against the frwk802FilterSrcAddr
address. A zero bit in the mask thus means that the address. A zero bit in the mask thus means that the
corresponding bit in the address always matches. The corresponding bit in the address always matches. The
frwk802FilterSrcAddr value must also be masked using this frwk802FilterSrcAddr value must also be masked using this
value prior to any comparisons. value prior to any comparisons.
skipping to change at page 45, line 5 skipping to change at page 45, line 40
(i.e., traffic associated with this VID has not yet (i.e., traffic associated with this VID has not yet
been seen by the device) at the time this entry been seen by the device) at the time this entry
is instantiated. is instantiated.
Setting the frwk802FilterVlanId object to -1 indicates that Setting the frwk802FilterVlanId object to -1 indicates that
VLAN data should not be considered during traffic VLAN data should not be considered during traffic
classification." classification."
::= { frwk802FilterEntry 5 } ::= { frwk802FilterEntry 5 }
Framework Policy Information Base November 2001
frwk802FilterVlanTagRequired OBJECT-TYPE frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX Unsigned32 { SYNTAX Unsigned32 {
taggedOnly(1), taggedOnly(1),
priorityTaggedPlus(2), priorityTaggedPlus(2),
untaggedOnly(3), untaggedOnly(3),
ignoreTag(4) ignoreTag(4)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether the presence of an "This object indicates whether the presence of an
IEEE 802.1Q VLAN tag in data link layer frames must IEEE 802.1Q VLAN tag in data link layer frames must
be considered when determining if a given frame be considered when determining if a given frame
matches this 802 filter entry. matches this 802 filter entry.
A value of 'taggedOnly(1)' means that only frames A value of 'taggedOnly(1)' means that only frames
containing a VLAN tag with a non-Null VID (i.e., a containing a VLAN tag with a non-Null VID (i.e., a
VID in the range 1..4094) will be considered a match. VID in the range 1..4094) will be considered a match.
A value of 'priorityTaggedPlus(2)' means that only A value of 'priorityTaggedPlus(2)' means that only
frames containing a VLAN tag, regardless of the value frames containing a VLAN tag, regardless of the value
Framework Policy Information Base January 2002
of the VID, will be considered a match. of the VID, will be considered a match.
A value of 'untaggedOnly(3)' indicates that only A value of 'untaggedOnly(3)' indicates that only
untagged frames will match this filter component. untagged frames will match this filter component.
The presence of a VLAN tag is not taken into The presence of a VLAN tag is not taken into
consideration in terms of a match if the value is consideration in terms of a match if the value is
'ignoreTag(4)'." 'ignoreTag(4)'."
::= { frwk802FilterEntry 6 } ::= { frwk802FilterEntry 6 }
skipping to change at page 46, line 4 skipping to change at page 46, line 38
that EtherType data should not be considered during traffic that EtherType data should not be considered during traffic
classification. classification.
Note that the position of the EtherType field depends on Note that the position of the EtherType field depends on
the underlying frame format. For Ethernet-II encapsulation, the underlying frame format. For Ethernet-II encapsulation,
the EtherType field follows the 802 MAC source address. For the EtherType field follows the 802 MAC source address. For
802.2 LLC/SNAP encapsulation, the EtherType value follows 802.2 LLC/SNAP encapsulation, the EtherType value follows
the Organization Code field in the 802.2 SNAP header. The the Organization Code field in the 802.2 SNAP header. The
value that is tested with regard to this filter component value that is tested with regard to this filter component
therefore depends on the data link layer frame format being therefore depends on the data link layer frame format being
Framework Policy Information Base November 2001
used. If this 802 filter component is active when there is used. If this 802 filter component is active when there is
no EtherType field in a frame (e.g., 802.2 LLC), a match is no EtherType field in a frame (e.g., 802.2 LLC), a match is
implied." implied."
::= { frwk802FilterEntry 7 } ::= { frwk802FilterEntry 7 }
frwk802FilterUserPriority OBJECT-TYPE frwk802FilterUserPriority OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
matchPriority0(0), matchPriority0(0),
matchPriority1(1), matchPriority1(1),
matchPriority2(2), matchPriority2(2),
matchPriority3(3), matchPriority3(3),
matchPriority4(4), matchPriority4(4),
matchPriority5(5), matchPriority5(5),
matchPriority6(6), matchPriority6(6),
matchPriority7(7) matchPriority7(7)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The set of values, representing the potential range "The set of values, representing the potential range
Framework Policy Information Base January 2002
of user priority values, against which the value contained of user priority values, against which the value contained
in the user priority field of a tagged 802.1 frame is in the user priority field of a tagged 802.1 frame is
compared. A test for equality is performed when determining compared. A test for equality is performed when determining
if a match exists between the data in a data link layer if a match exists between the data in a data link layer
frame and the value of this 802 filter component. Multiple frame and the value of this 802 filter component. Multiple
values may be set at one time such that potentially several values may be set at one time such that potentially several
different user priority values may match this 802 filter different user priority values may match this 802 filter
component. component.
Setting all of the bits that are associated with this Setting all of the bits that are associated with this
skipping to change at page 47, line 5 skipping to change at page 47, line 40
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal label filter Table. This PRC is used to achieve "Internal label filter Table. This PRC is used to achieve
classification based on the internal flow label set by the classification based on the internal flow label set by the
PEP possibly after ingress classification to avoid PEP possibly after ingress classification to avoid
re-classification at the egress interface on the same PEP." re-classification at the egress interface on the same PEP."
::= { frwkClassifierClasses 4 } ::= { frwkClassifierClasses 4 }
Framework Policy Information Base November 2001
frwkILabelFilterEntry OBJECT-TYPE frwkILabelFilterEntry OBJECT-TYPE
SYNTAX FrwkILabelFilterEntry SYNTAX FrwkILabelFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal label filter entry definition." "Internal label filter entry definition."
EXTENDS { frwkBaseFilterEntry } EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation, UNIQUENESS { frwkBaseFilterNegation,
frwkILabelFilterILabel } frwkILabelFilterILabel }
::= { frwkILabelFilterTable 1 } ::= { frwkILabelFilterTable 1 }
FrwkILabelFilterEntry ::= SEQUENCE { FrwkILabelFilterEntry ::= SEQUENCE {
frwkILabelFilterILabel OCTET STRING frwkILabelFilterILabel OCTET STRING
} }
frwkILabelFilterILabel OBJECT-TYPE frwkILabelFilterILabel OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
Framework Policy Information Base January 2002
DESCRIPTION DESCRIPTION
"The Label that this flow uses for differentiating traffic "The Label that this flow uses for differentiating traffic
flows. The flow labeling is meant for network device flows. The flow labeling is meant for network device
internal usage. A value of zero length string matches all internal usage. A value of zero length string matches all
internal labels." internal labels."
::= { frwkILabelFilterEntry 1 } ::= { frwkILabelFilterEntry 1 }
-- --
-- The Marker classes group -- The Marker classes group
-- --
skipping to change at page 48, line 5 skipping to change at page 48, line 34
frwk802MarkerTable OBJECT-TYPE frwk802MarkerTable OBJECT-TYPE
SYNTAX SEQUENCE OF Frwk802MarkerEntry SYNTAX SEQUENCE OF Frwk802MarkerEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 Marker class. An 802 packet can be marked with the "The 802 Marker class. An 802 packet can be marked with the
specified VLAN id, priority level." specified VLAN id, priority level."
::= { frwkMarkerClasses 1 } ::= { frwkMarkerClasses 1 }
Framework Policy Information Base November 2001
frwk802MarkerEntry OBJECT-TYPE frwk802MarkerEntry OBJECT-TYPE
SYNTAX Frwk802MarkerEntry SYNTAX Frwk802MarkerEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"frwk802Marker entry definition." "frwk802Marker entry definition."
PIB-INDEX { frwk802MarkerPrid } PIB-INDEX { frwk802MarkerPrid }
UNIQUENESS { frwk802MarkerVlanId, UNIQUENESS { frwk802MarkerVlanId,
frwk802MarkerPriority } frwk802MarkerPriority }
::= { frwk802MarkerTable 1 } ::= { frwk802MarkerTable 1 }
Frwk802MarkerEntry::= SEQUENCE { Frwk802MarkerEntry::= SEQUENCE {
frwk802MarkerPrid InstanceId, frwk802MarkerPrid InstanceId,
frwk802MarkerVlanId Unsigned32, frwk802MarkerVlanId Unsigned32,
frwk802MarkerPriority Unsigned32 frwk802MarkerPriority Unsigned32
} }
frwk802MarkerPrid OBJECT-TYPE frwk802MarkerPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
Framework Policy Information Base January 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An integer index to uniquely identify this 802 Marker." "An integer index to uniquely identify this 802 Marker."
::= { frwk802MarkerEntry 1 } ::= { frwk802MarkerEntry 1 }
frwk802MarkerVlanId OBJECT-TYPE frwk802MarkerVlanId OBJECT-TYPE
SYNTAX Unsigned32 (1..4094) SYNTAX Unsigned32 (1..4094)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 49, line 5 skipping to change at page 49, line 30
::= { frwk802MarkerEntry 2 } ::= { frwk802MarkerEntry 2 }
frwk802MarkerPriority OBJECT-TYPE frwk802MarkerPriority OBJECT-TYPE
SYNTAX Unsigned32 (0..7) SYNTAX Unsigned32 (0..7)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The user priority field of a tagged 802.1 frame." "The user priority field of a tagged 802.1 frame."
::= { frwk802MarkerEntry 3 } ::= { frwk802MarkerEntry 3 }
Framework Policy Information Base November 2001
-- --
-- The Internal Label Marker Table -- The Internal Label Marker Table
-- --
frwkILabelMarkerTable OBJECT-TYPE frwkILabelMarkerTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkILabelMarkerEntry SYNTAX SEQUENCE OF FrwkILabelMarkerEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Internal Label Marker class. A flow in a PEP can be "The Internal Label Marker class. A flow in a PEP can be
skipping to change at page 49, line 33 skipping to change at page 50, line 4
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"frwkILabelkMarker entry definition." "frwkILabelkMarker entry definition."
PIB-INDEX { frwkILabelMarkerPrid } PIB-INDEX { frwkILabelMarkerPrid }
UNIQUENESS { frwkILabelMarkerILabel } UNIQUENESS { frwkILabelMarkerILabel }
::= { frwkILabelMarkerEntry 1 } ::= { frwkILabelMarkerEntry 1 }
FrwkILabelMarkerEntry::= SEQUENCE { FrwkILabelMarkerEntry::= SEQUENCE {
Framework Policy Information Base January 2002
frwkILabelMarkerPrid InstanceId, frwkILabelMarkerPrid InstanceId,
frwkILabelMarkerILabel OCTET STRING frwkILabelMarkerILabel OCTET STRING
} }
frwkILabelMarkerPrid OBJECT-TYPE frwkILabelMarkerPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An integer index to uniquely identify this Label Marker." "An integer index to uniquely identify this Label Marker."
skipping to change at page 50, line 5 skipping to change at page 50, line 29
frwkILabelMarkerILabel OBJECT-TYPE frwkILabelMarkerILabel OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This internal label is implementation specific and may be "This internal label is implementation specific and may be
used for other policy related functions like flow used for other policy related functions like flow
accounting purposes and/or other data path treatments." accounting purposes and/or other data path treatments."
::= { frwkILabelMarkerEntry 2 } ::= { frwkILabelMarkerEntry 2 }
Framework Policy Information Base November 2001
-- --
-- Conformance Section -- Conformance Section
-- --
frwkBasePibConformance frwkBasePibConformance
OBJECT IDENTIFIER ::= { frameworkPib 4 } OBJECT IDENTIFIER ::= { frameworkPib 4 }
frwkBasePibCompliances frwkBasePibCompliances
OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 } OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
skipping to change at page 50, line 32 skipping to change at page 50, line 54
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the "Describes the requirements for conformance to the
Framework PIB." Framework PIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { frwkPrcSupportGroup, MANDATORY-GROUPS { frwkPrcSupportGroup,
frwkPibIncarnationGroup, frwkPibIncarnationGroup,
frwkDeviceIdGroup, frwkDeviceIdGroup,
frwkCompLimitsGroup, frwkCompLimitsGroup,
frwkIfCapSetGroup, frwkIfCapSetGroup,
frwkRoleComboGroup,
Framework Policy Information Base January 2002
frwkIfRoleComboGroup } frwkIfRoleComboGroup }
OBJECT frwkPibIncarnationLongevity OBJECT frwkPibIncarnationLongevity
PIB-MIN-ACCESS notify PIB-MIN-ACCESS notify
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
OBJECT frwkPibIncarnationTtl OBJECT frwkPibIncarnationTtl
PIB-MIN-ACCESS notify PIB-MIN-ACCESS notify
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
skipping to change at page 51, line 4 skipping to change at page 51, line 32
PIB-MIN-ACCESS notify PIB-MIN-ACCESS notify
DESCRIPTION "Install support is not required." DESCRIPTION "Install support is not required."
GROUP frwkReferenceGroup GROUP frwkReferenceGroup
DESCRIPTION DESCRIPTION
"The frwkReferenceGroup is mandatory if referencing "The frwkReferenceGroup is mandatory if referencing
across PIB contexts for specific client-types is across PIB contexts for specific client-types is
supported." supported."
GROUP frwkErrorGroup GROUP frwkErrorGroup
Framework Policy Information Base November 2001
DESCRIPTION DESCRIPTION
"The frwkErrorGroup is mandatory sending errors in "The frwkErrorGroup is mandatory sending errors in
decisions is required." decisions is required."
GROUP frwkBaseFilterGroup GROUP frwkBaseFilterGroup
DESCRIPTION DESCRIPTION
"The frwkBaseFilterGroup is mandatory if filtering "The frwkBaseFilterGroup is mandatory if filtering
based on traffic components is supported." based on traffic components is supported."
GROUP frwkIpFilterGroup GROUP frwkIpFilterGroup
skipping to change at page 51, line 34 skipping to change at page 52, line 4
based on 802 traffic criteria is supported." based on 802 traffic criteria is supported."
GROUP frwkILabelFilterGroup GROUP frwkILabelFilterGroup
DESCRIPTION DESCRIPTION
"The frwkILabelFilterGroup is mandatory if filtering "The frwkILabelFilterGroup is mandatory if filtering
based on PEP internal label is supported." based on PEP internal label is supported."
GROUP frwk802MarkerGroup GROUP frwk802MarkerGroup
DESCRIPTION DESCRIPTION
"The frwk802MarkerGroup is mandatory if marking a packet "The frwk802MarkerGroup is mandatory if marking a packet
Framework Policy Information Base January 2002
with 802 traffic criteria is supported." with 802 traffic criteria is supported."
GROUP frwkILabelMarkerGroup GROUP frwkILabelMarkerGroup
DESCRIPTION DESCRIPTION
"The frwkILabelMarkerGroup is mandatory if marking a "The frwkILabelMarkerGroup is mandatory if marking a
flow with internal labels is supported." flow with internal labels is supported."
::= { frwkBasePibCompliances 1 } ::= { frwkBasePibCompliances 1 }
frwkPrcSupportGroup OBJECT-GROUP frwkPrcSupportGroup OBJECT-GROUP
skipping to change at page 52, line 4 skipping to change at page 52, line 32
"Objects from the frwkPrcSupportTable." "Objects from the frwkPrcSupportTable."
::= { frwkBasePibGroups 1 } ::= { frwkBasePibGroups 1 }
frwkPibIncarnationGroup OBJECT-GROUP frwkPibIncarnationGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkPibIncarnationName, frwkPibIncarnationName,
frwkPibIncarnationId, frwkPibIncarnationId,
frwkPibIncarnationLongevity, frwkPibIncarnationLongevity,
frwkPibIncarnationTtl, frwkPibIncarnationTtl,
Framework Policy Information Base November 2001
frwkPibIncarnationActive, frwkPibIncarnationActive,
frwkPibIncarnationFullState frwkPibIncarnationFullState
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkDevicePibIncarnationTable." "Objects from the frwkDevicePibIncarnationTable."
::= { frwkBasePibGroups 2 } ::= { frwkBasePibGroups 2 }
frwkDeviceIdGroup OBJECT-GROUP frwkDeviceIdGroup OBJECT-GROUP
skipping to change at page 52, line 34 skipping to change at page 53, line 4
::= { frwkBasePibGroups 3 } ::= { frwkBasePibGroups 3 }
frwkCompLimitsGroup OBJECT-GROUP frwkCompLimitsGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkCompLimitsComponent, frwkCompLimitsComponent,
frwkCompLimitsAttrPos, frwkCompLimitsAttrPos,
frwkCompLimitsNegation, frwkCompLimitsNegation,
frwkCompLimitsType, frwkCompLimitsType,
frwkCompLimitsSubType, frwkCompLimitsSubType,
Framework Policy Information Base January 2002
frwkCompLimitsGuidance } frwkCompLimitsGuidance }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkCompLimitsTable." "Objects from the frwkCompLimitsTable."
::= { frwkBasePibGroups 4 } ::= { frwkBasePibGroups 4 }
frwkReferenceGroup OBJECT-GROUP frwkReferenceGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkReferenceClientType, frwkReferenceClientType,
skipping to change at page 53, line 4 skipping to change at page 53, line 33
::= { frwkBasePibGroups 5 } ::= { frwkBasePibGroups 5 }
frwkErrorGroup OBJECT-GROUP frwkErrorGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkErrorCode, frwkErrorCode,
frwkErrorSubCode, frwkErrorSubCode,
frwkErrorPrc, frwkErrorPrc,
frwkErrorInstance } frwkErrorInstance }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base November 2001
"Objects from the frwkErrorTable." "Objects from the frwkErrorTable."
::= { frwkBasePibGroups 6 } ::= { frwkBasePibGroups 6 }
frwkIfCapSetGroup OBJECT-GROUP frwkIfCapSetGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkIfCapSetName, frwkIfCapSetName,
frwkIfCapSetCapability } frwkIfCapSetCapability }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkIfCapSetTable." "Objects from the frwkIfCapSetTable."
::= { frwkBasePibGroups 7 } ::= { frwkBasePibGroups 7 }
frwkRoleComboGroup OBJECT-GROUP
OBJECTS {
frwkRoleComboRoles,
frwkRoleComboCapSetName }
STATUS current
DESCRIPTION
"Objects from the frwkRoleComboTable."
::= { frwkBasePibGroups 8 }
Framework Policy Information Base January 2002
frwkIfRoleComboGroup OBJECT-GROUP frwkIfRoleComboGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkIfRoleComboIfIndex, frwkIfRoleComboIfIndex }
frwkIfRoleComboRoles,
frwkIfRoleComboCapSetName }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkIfRoleComboTable." "Objects from the frwkIfRoleComboTable."
::= { frwkBasePibGroups 8 } ::= { frwkBasePibGroups 9 }
frwkBaseFilterGroup OBJECT-GROUP frwkBaseFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkBaseFilterNegation } frwkBaseFilterNegation }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkBaseFilterTable." "Objects from the frwkBaseFilterTable."
::= { frwkBasePibGroups 9 } ::= { frwkBasePibGroups 10 }
frwkIpFilterGroup OBJECT-GROUP frwkIpFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkIpFilterAddrType, frwkIpFilterAddrType,
frwkIpFilterDstAddr, frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength, frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr, frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength, frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterFlowId frwkIpFilterFlowId
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax, frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin, frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax } frwkIpFilterSrcL4PortMax }
STATUS current STATUS current
Framework Policy Information Base November 2001
DESCRIPTION DESCRIPTION
"Objects from the frwkIpFilterTable." "Objects from the frwkIpFilterTable."
::= { frwkBasePibGroups 10 } ::= { frwkBasePibGroups 11 }
frwk802FilterGroup OBJECT-GROUP frwk802FilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwk802FilterDstAddr, frwk802FilterDstAddr,
frwk802FilterDstAddrMask, frwk802FilterDstAddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask, frwk802FilterSrcAddrMask,
frwk802FilterVlanId, frwk802FilterVlanId,
frwk802FilterVlanTagRequired, frwk802FilterVlanTagRequired,
frwk802FilterEtherType, frwk802FilterEtherType,
frwk802FilterUserPriority } frwk802FilterUserPriority }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwk802FilterTable." "Objects from the frwk802FilterTable."
::= { frwkBasePibGroups 11 } Framework Policy Information Base January 2002
::= { frwkBasePibGroups 12 }
frwkILabelFilterGroup OBJECT-GROUP frwkILabelFilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
FrwkILabelFilterILabel } FrwkILabelFilterILabel }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkILabelFilterTable." "Objects from the frwkILabelFilterTable."
::= { frwkBasePibGroups 12 } ::= { frwkBasePibGroups 13 }
frwk802MarkerGroup OBJECT-GROUP frwk802MarkerGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwk802MarkerVlanId, frwk802MarkerVlanId,
frwk802MarkerPriority } frwk802MarkerPriority }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwk802MarkerTable." "Objects from the frwk802MarkerTable."
::= { frwkBasePibGroups 13 } ::= { frwkBasePibGroups 14 }
frwkILabelMarkerGroup OBJECT-GROUP frwkILabelMarkerGroup OBJECT-GROUP
OBJECTS { OBJECTS {
FrwkILabelMarkerILabel } FrwkILabelMarkerILabel }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkILabelMarkerTable." "Objects from the frwkILabelMarkerTable."
::= { frwkBasePibGroups 14 } ::= { frwkBasePibGroups 15 }
END END
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
6. Security Considerations 6. Security Considerations
It is clear that this PIB is used for configuration using [COPS-PR], It is clear that this PIB is used for configuration using [COPS-PR],
and anything that can be configured can be misconfigured, with and anything that can be configured can be misconfigured, with
potentially disastrous effect. At this writing, no security holes potentially disastrous effect. At this writing, no security holes
have been identified beyond those that the COPS base protocol have been identified beyond those that the COPS base protocol
security is itself intended to address. These relate primarily to security is itself intended to address. These relate primarily to
controlled access to sensitive information and the ability to controlled access to sensitive information and the ability to
configure a device - or which might result from operator error, configure a device - or which might result from operator error,
skipping to change at page 56, line 5 skipping to change at page 57, line 5
stage. This document references it as an Internet Draft. Please use stage. This document references it as an Internet Draft. Please use
the corresponding RFC number prior to publishing of this document as the corresponding RFC number prior to publishing of this document as
a RFC. a RFC.
8. IANA Considerations 8. IANA Considerations
This document describes the frameworkPib and frwkTcPib Policy This document describes the frameworkPib and frwkTcPib Policy
Information Base (PIB) modules for standardization. An IANA assigned Information Base (PIB) modules for standardization. An IANA assigned
PIB number is requested for both [SPPI]. PIB number is requested for both [SPPI].
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
9. Author Information and Acknowledgments 9. Author Information and Acknowledgments
Michael Fine Michael Fine
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 527 8218 Phone: +1 408 527 8218
Email: mfine@cisco.com Email: mfine@cisco.com
skipping to change at page 57, line 5 skipping to change at page 58, line 5
Email: ravi.sahita@intel.com Email: ravi.sahita@intel.com
Andrew Smith Andrew Smith
Allegro Networks Allegro Networks
6399 San Ignacio Ave. 6399 San Ignacio Ave.
San Jose San Jose
CA 95119 CA 95119
FAX: 415 345 1827 FAX: 415 345 1827
Email: andrew@allegronetworks.com Email: andrew@allegronetworks.com
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
Francis Reichmeyer Francis Reichmeyer
PFN, Inc. PFN, Inc.
University Park at MIT University Park at MIT
26 Landsdowne Street 26 Landsdowne Street
Cambridge, MA 02139 Cambridge, MA 02139
Phone: +1 617 494 9980 Phone: +1 617 494 9980
Email: franr@pfn.com Email: franr@pfn.com
Special thanks to Carol Bell and David Durham for their many Special thanks to Carol Bell and David Durham for their many
skipping to change at page 57, line 45 skipping to change at page 58, line 45
[RAP-FRAMEWORK] [RAP-FRAMEWORK]
R. Yavatkar, D. Pendarakis, "A Framework for Policy-based R. Yavatkar, D. Pendarakis, "A Framework for Policy-based
Admission Control", RFC 2753, January 2000. Admission Control", RFC 2753, January 2000.
[SNMP-SMI] [SNMP-SMI]
K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose
and S. Waldbusser, "Structure of Management Information and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[INETADDR] [INETADDR]
M. Daniele, B. Haberman, S. Routhier and J. Schoenwaelder " M. Daniele, B. Haberman, S. Routhier and J. Schoenwaelder
Textual Conventions for Internet Network Addresses" "Textual Conventions for Internet Network Addresses"
draft-ietf-ops-rfc2851-update-05.txt, October 31, 2001 draft-ietf-ops-rfc2851-update-06.txt, December 17, 2001
[IFMIB] [IFMIB]
K. McCloghrie, F. Kastenholz, "The Interface Group MIB using K. McCloghrie, F. Kastenholz, "The Interface Group MIB using
SMIv2" RFC 2233, November 1977. SMIv2" RFC 2233, November 1977.
[802] [802]
IEEE Standards for Local and Metropolitan Area Networks: IEEE Standards for Local and Metropolitan Area Networks:
Overview and Architecture, ANSI/IEEE Std 802, 1990. Overview and Architecture, ANSI/IEEE Std 802, 1990.
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
[SNMPFRWK] [SNMPFRWK]
Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, for Describing SNMP Management Frameworks", RFC 2571,
May 1999 May 1999
[STD17] [STD17]
K. McCloghrie, M. Rose "Management Information Base for Network K. McCloghrie, M. Rose "Management Information Base for Network
Management of TCP/IP-based internets: MIB-II" STD 17, RFC 1213, Management of TCP/IP-based internets: MIB-II" STD 17, RFC 1213,
March 1991 March 1991
skipping to change at page 59, line 5 skipping to change at page 60, line 5
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Framework Policy Information Base November 2001 Framework Policy Information Base January 2002
Table of Contents Table of Contents
Status of this Memo...............................................1 Status of this Memo...............................................1
Abstract..........................................................2 Abstract..........................................................2
1. Glossary.......................................................2 1. Glossary.......................................................2
2. General PIB Concepts...........................................2 2. General PIB Concepts...........................................2
2.1. Roles........................................................2 2.1. Roles........................................................2
2.1.1. An Example.................................................4 2.1.1. An Example.................................................4
2.2. Management of Role-Combinations from the PDP.................5 2.2. Management of Role-Combinations from the PDP.................5
skipping to change at page 59, line 33 skipping to change at page 60, line 33
2.4. Multiple PIB Instances.......................................8 2.4. Multiple PIB Instances.......................................8
2.5. Reporting and Configuring of Device Capabilities............10 2.5. Reporting and Configuring of Device Capabilities............10
2.6. Reporting of Device Limitations.............................10 2.6. Reporting of Device Limitations.............................10
3. The Framework TC PIB module...................................11 3. The Framework TC PIB module...................................11
4. Summary of the Framework PIB..................................14 4. Summary of the Framework PIB..................................14
4.1. Base PIB classes Group......................................14 4.1. Base PIB classes Group......................................14
4.2. Device Capabilities group...................................15 4.2. Device Capabilities group...................................15
4.3. Classifier group............................................16 4.3. Classifier group............................................16
4.4. Marker group................................................16 4.4. Marker group................................................16
5. The Framework PIB Module......................................17 5. The Framework PIB Module......................................17
6. Security Considerations.......................................55 6. Security Considerations.......................................56
7. RFC Editor Considerations.....................................55 7. RFC Editor Considerations.....................................56
8. IANA Considerations...........................................55 8. IANA Considerations...........................................56
9. Author Information and Acknowledgments........................56 9. Author Information and Acknowledgments........................57
10. References...................................................57 10. References...................................................58
11. Full Copyright...............................................58 11. Full Copyright...............................................59
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/