draft-ietf-rap-frameworkpib-08.txt   draft-ietf-rap-frameworkpib-09.txt 
Internet Draft M. Fine Internet Draft M. Fine
Expires November 30, 2002 Atheros Comm. Expires December 2002 Atheros Comm.
File: draft-ietf-rap-frameworkpib-08.txt K. McCloghrie File: draft-ietf-rap-frameworkpib-09.txt K. McCloghrie
Cisco Systems Cisco Systems
J. Seligson J. Seligson
K. Chan K. Chan
Nortel Networks Nortel Networks
R. Sahita, Ed. R. Sahita, Ed.
S. Hahn S. Hahn
Intel Labs Intel Labs
A. Smith A. Smith
Allegro Networks Harbour Networks
F. Reichmeyer F. Reichmeyer
PFN PFN
May 30, 2002 June 7, 2002
Framework Policy Information Base Framework Policy Information Base
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are all provisions of Section 10 of RFC2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as ''work in reference material or to cite them other than as ''work in
progress''. progress''.
The list of current Internet-Drafts can be accessed at To view the current status of any Internet-Draft, please check the
http://www.ietf.org/1id-abstracts.html ''1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow
Directory, see http://www.ietf.org/shadow.html.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
Abstract Abstract
Structure of Policy Provisioning Information (SPPI) describes a Structure of Policy Provisioning Information (SPPI) describes a
structure for specifying policy information that can then be structure for specifying policy information that can then be
transmitted to a network device for the purpose of configuring transmitted to a network device for the purpose of configuring
policy at that device. The model underlying this structure is one policy at that device. The model underlying this structure is one
of well-defined PRovisioning Classes (PRCs) and instances of these of well-defined PRovisioning Classes (PRCs) and instances of these
classes (PRIs) residing in a virtual information store called the classes (PRIs) residing in a virtual information store called the
Policy Information Base (PIB). Policy Information Base (PIB).
skipping to change at page 2, line 31 skipping to change at page 2, line 31
networks, or security. networks, or security.
As described in COPS usage for Policy Provisioning (COPS-PR), each As described in COPS usage for Policy Provisioning (COPS-PR), each
client supports a non-overlapping and independent set of PIB client supports a non-overlapping and independent set of PIB
modules. However, some PRovisioning Classes are common to all modules. However, some PRovisioning Classes are common to all
subject-categories (client-types) and need to be present in each. subject-categories (client-types) and need to be present in each.
This document defines a set of PRCs and textual conventions that are This document defines a set of PRCs and textual conventions that are
common to all clients that provision policy using COPS for common to all clients that provision policy using COPS for
Provisioning. Provisioning.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC-2119].
1. Glossary 1. Glossary
PRC PRovisioning Class. A type of policy data. See [POLTERM]. PRC PRovisioning Class. A type of policy data. See [POLTERM].
PRI PRovisioning Instance. An instance of a PRC. See [POLTERM]. PRI PRovisioning Instance. An instance of a PRC. See [POLTERM].
PIB Policy Information Base. The database of policy information. PIB Policy Information Base. The database of policy information.
See [POLTERM] See [POLTERM]
PDP Policy Decision Point. See [RAP-FRAMEWORK]. PDP Policy Decision Point. See [RAP-FRAMEWORK].
PEP Policy Enforcement Point. See [RAP-FRAMEWORK]. PEP Policy Enforcement Point. See [RAP-FRAMEWORK].
2. General PIB Concepts 2. General PIB Concepts
skipping to change at page 2, line 55 skipping to change at page 3, line 4
as immutable characteristics of the interface (e.g., Ethernet or as immutable characteristics of the interface (e.g., Ethernet or
frame relay), the status of the interface (e.g., half or full frame relay), the status of the interface (e.g., half or full
duplex), or user configuration (e.g., branch office or headquarters duplex), or user configuration (e.g., branch office or headquarters
interface). Rather than specifying policies explicitly for each interface). Rather than specifying policies explicitly for each
interface of all devices in the network, policies are specified in interface of all devices in the network, policies are specified in
terms of interface functionality. terms of interface functionality.
To describe these functionalities of an interface we use the concept To describe these functionalities of an interface we use the concept
of "Roles". A Role is simply a string that is associated with an of "Roles". A Role is simply a string that is associated with an
interface. A given interface may have any number of roles interface. A given interface may have any number of roles
Framework Policy Information Base June 7, 2002
simultaneously. Provisioning classes have an attribute called a simultaneously. Provisioning classes have an attribute called a
"RoleCombination" which is a lexicographically ordered set of roles. "RoleCombination" which is a lexicographically ordered set of roles.
Instances of a given PRovisioning Class are applied to an interface Instances of a given PRovisioning Class are applied to an interface
if and only if the set of roles in the role combination matches the if and only if the set of roles in the role combination matches the
set of the roles of the interface. set of the roles of the interface.
Framework Policy Information Base May 30, 2002
Thus, roles provide a way to bind policy to interfaces without Thus, roles provide a way to bind policy to interfaces without
having to explicitly identify interfaces in a consistent manner having to explicitly identify interfaces in a consistent manner
across all network devices. That is, roles provide a level of across all network devices. That is, roles provide a level of
indirection to the application of a set of policies to specific indirection to the application of a set of policies to specific
interfaces. This separates the policy definition from device interfaces. This separates the policy definition from device
implementation specific interface identification. Furthermore, if implementation specific interface identification. Furthermore, if
the same policy is being applied to several interfaces, that policy the same policy is being applied to several interfaces, that policy
need be pushed to the device only once, rather than once per need be pushed to the device only once, rather than once per
interface, as long as the interfaces are configured with the same interface, as long as the interfaces are configured with the same
role combination. role combination.
skipping to change at page 3, line 55 skipping to change at page 4, line 5
deliberate use of lower-case letters for "null" so that it avoids deliberate use of lower-case letters for "null" so that it avoids
confusion with the ASCII NULL character that has a value of zero but confusion with the ASCII NULL character that has a value of zero but
a length of one.) a length of one.)
In an "install" or an "install-notify" class, the wildcard role- In an "install" or an "install-notify" class, the wildcard role-
combination "*" can be used. In addition to providing for interface- combination "*" can be used. In addition to providing for interface-
specific roles, it also allows for other optimizations in reducing specific roles, it also allows for other optimizations in reducing
the number of role-combinations for which a policy has to be the number of role-combinations for which a policy has to be
specified. For example: specified. For example:
Framework Policy Information Base June 7, 2002
Suppose we have three interfaces: Suppose we have three interfaces:
Roles A, B and R1 are assigned to interface I1 Roles A, B and R1 are assigned to interface I1
Roles A, B and R2 are assigned to interface I2 Roles A, B and R2 are assigned to interface I2
Framework Policy Information Base May 30, 2002
Roles A, B and R3 are assigned to interface I3 Roles A, B and R3 are assigned to interface I3
Then, a PRI of a fictional IfDscpAssignTable that has the following Then, a PRI of a fictional IfDscpAssignTable that has the following
values for its attributes: values for its attributes:
ifDscpAssignPrid = 1 ifDscpAssignPrid = 1
ifDscpAssignRoles = "*+A+B" ifDscpAssignRoles = "*+A+B"
ifDscpAssignName = "4queues" ifDscpAssignName = "4queues"
ifDscpAssignDscpMap = 1 ifDscpAssignDscpMap = 1
skipping to change at page 4, line 56 skipping to change at page 5, line 5
2.1.1. An Example 2.1.1. An Example
The functioning of roles might be best understood by an example. The functioning of roles might be best understood by an example.
Suppose I have a device with three interfaces, with roles as Suppose I have a device with three interfaces, with roles as
follows: follows:
IF1: "finance" IF1: "finance"
IF2: "finance" IF2: "finance"
IF3: "manager" IF3: "manager"
Framework Policy Information Base June 7, 2002
Suppose, I also have a PDP with two policies: Suppose, I also have a PDP with two policies:
P1: Packets from finance department (role "finance") get DSCP 5 P1: Packets from finance department (role "finance") get DSCP 5
P2: Packets from managers (role "manager") get DSCP 6 P2: Packets from managers (role "manager") get DSCP 6
Framework Policy Information Base May 30, 2002
To obtain policy, the PEP reports to the PDP that it has some To obtain policy, the PEP reports to the PDP that it has some
interfaces with role combination "finance" and some with role interfaces with role combination "finance" and some with role
combination "manager". In response, the PDP downloads policy P1 combination "manager". In response, the PDP downloads policy P1
associated with role combination "finance" and downloads a second associated with role combination "finance" and downloads a second
policy P2 associated with role combination "manager". policy P2 associated with role combination "manager".
Now suppose the finance person attached to IF2 is promoted to Now suppose the finance person attached to IF2 is promoted to
manager and so the system administrator adds the role "manager" to manager and so the system administrator adds the role "manager" to
IF2. The PEP now reports to the PDP that it has three role IF2. The PEP now reports to the PDP that it has three role
combinations: some interfaces with role combination "finance", some combinations: some interfaces with role combination "finance", some
skipping to change at page 5, line 57 skipping to change at page 6, line 4
interpreted as updates to any previous set of PRIs sent in a interpreted as updates to any previous set of PRIs sent in a
previous message. Any previous PRIs from the PEP should be discarded previous message. Any previous PRIs from the PEP should be discarded
when a 'full state' request is received for the particular request when a 'full state' request is received for the particular request
handle. A request is specified as a 'full state' request by setting handle. A request is specified as a 'full state' request by setting
the frwkPibIncarnationFullState attribute in the frwkPibIncarnation the frwkPibIncarnationFullState attribute in the frwkPibIncarnation
PRI sent in the request. PRI sent in the request.
All existing frwkIfRoleCombo instances must be sent to the PDP in All existing frwkIfRoleCombo instances must be sent to the PDP in
the first configuration request for a request handle. If the Role- the first configuration request for a request handle. If the Role-
Combinations are not assigned specific values, default ('null') Combinations are not assigned specific values, default ('null')
Framework Policy Information Base June 7, 2002
Role-Combinations must be sent to the PDP for all ifIndices active Role-Combinations must be sent to the PDP for all ifIndices active
on the PEP and updates must be sent every time the IfIndices are on the PEP and updates must be sent every time the IfIndices are
updated. The PEP may notify the PDP of the Capability sets (if any) updated. The PEP may notify the PDP of the Capability sets (if any)
via the frwkCapabilitySetTable. If the PEP does not need to notify via the frwkCapabilitySetTable. If the PEP does not need to notify
Framework Policy Information Base May 30, 2002
the PDP of capability sets, it must set the capability set name in the PDP of capability sets, it must set the capability set name in
the frwkIfRoleComboTable instances to a zero length string. the frwkIfRoleComboTable instances to a zero length string.
In response to this configuration request, if applicable, the PDP In response to this configuration request, if applicable, the PDP
may send policies for the PEP in a solicited decision or must send a may send policies for the PEP in a solicited decision or must send a
null decision. The PEP must then send a solicited report message for null decision. The PEP must then send a solicited report message for
the decision. the decision.
At any later time, the PDP can update the Role-Combinations assigned At any later time, the PDP can update the Role-Combinations assigned
to a specific interface, identified by IfIndex, or for an aggregate, to a specific interface, identified by IfIndex, or for an aggregate,
skipping to change at page 6, line 56 skipping to change at page 7, line 5
since they would contain outdated decisions sent by the PDP for the since they would contain outdated decisions sent by the PDP for the
old request information. old request information.
The PDP must respond to the updated requests by solicited decisions, The PDP must respond to the updated requests by solicited decisions,
sending policies if applicable or null decisions. The PEP must sending policies if applicable or null decisions. The PEP must
respond to these solicited decisions with solicited reports to respond to these solicited decisions with solicited reports to
complete the transaction. complete the transaction.
2.3. Updating a Request State 2.3. Updating a Request State
Framework Policy Information Base June 7, 2002
This section describes the messages exchanged between the PEP and This section describes the messages exchanged between the PEP and
PDP when the PEP is updating a previously sent request for a PDP when the PEP is updating a previously sent request for a
particular COPS handle. Note that a PEP can incrementally update a particular COPS handle. Note that a PEP can incrementally update a
request only if the frwkPibIncarnationFullState attribute is shown request only if the frwkPibIncarnationFullState attribute is shown
Framework Policy Information Base May 30, 2002
to be supported via the supported PRC table. If this attribute is to be supported via the supported PRC table. If this attribute is
not supported the PDP must treat all PEP requests as the full not supported the PDP must treat all PEP requests as the full
request state. request state.
2.3.1 Full Request State 2.3.1 Full Request State
When the PEP wants to send the entire request state to the PDP (for When the PEP wants to send the entire request state to the PDP (for
example, in response to a Synchronize State Request from the PDP), example, in response to a Synchronize State Request from the PDP),
the PEP MUST send the incarnation instance with the the PEP MUST send the incarnation instance with the
frwkPibIncarnationFullState attribute set to 'true'. frwkPibIncarnationFullState attribute set to 'true'.
skipping to change at page 7, line 58 skipping to change at page 8, line 5
When a PDP receives a request with instances having InstanceIds that When a PDP receives a request with instances having InstanceIds that
exist in its state for that handle with the exist in its state for that handle with the
frwkPibIncarnationFullState in the incarnation instance set to frwkPibIncarnationFullState in the incarnation instance set to
'false' or if the request has no incarnation information, it must 'false' or if the request has no incarnation information, it must
interpret these PRIs as an update to the PRIs in the request state interpret these PRIs as an update to the PRIs in the request state
it maintains for this handle. it maintains for this handle.
2.3.4 Removing PRIs from a Request 2.3.4 Removing PRIs from a Request
Framework Policy Information Base June 7, 2002
If the PEP wants to remove previously installed PRIs for a request If the PEP wants to remove previously installed PRIs for a request
handle, the PEP MUST ensure that frwkPibIncarnationFullState handle, the PEP MUST ensure that frwkPibIncarnationFullState
attribute is set to 'false' and MUST send the PRI bindings with the attribute is set to 'false' and MUST send the PRI bindings with the
Framework Policy Information Base May 30, 2002
PRID set to the InstanceId of the PRI to be removed and the length PRID set to the InstanceId of the PRI to be removed and the length
field in the EPD object header set to the header length only, field in the EPD object header set to the header length only,
effectively setting the data length to zero. effectively setting the data length to zero.
Note that the PEP must send the same InstanceIds for the PRIs being Note that the PEP must send the same InstanceIds for the PRIs being
removed. If the PEP sends new InstanceIds and the length field in removed. If the PEP sends new InstanceIds and the length field in
the EPD object header is set to the header length only (implying the the EPD object header is set to the header length only (implying the
data length is zero), the PEP is attempting to remove an data length is zero), the PEP is attempting to remove an
unknown/non-existent PRI. This SHOULD result in the PDP sending unknown/non-existent PRI. This SHOULD result in the PDP sending
error PRIs in the solicited decision (see section 2.3.6 for a error PRIs in the solicited decision (see section 2.3.6 for a
skipping to change at page 8, line 56 skipping to change at page 9, line 5
an error code and a sub-code as defined in the [COPS-PR] CPERR an error code and a sub-code as defined in the [COPS-PR] CPERR
object. For example if the PEP tries to remove an instance that does object. For example if the PEP tries to remove an instance that does
not exist, the 'priInstanceInvalid' error code must be sent to the not exist, the 'priInstanceInvalid' error code must be sent to the
PEP in a frwkError PRI. The frwkError PRIs also contain the PRC and PEP in a frwkError PRI. The frwkError PRIs also contain the PRC and
the InstanceId of the error-causing PRI. The PEP may then examine the InstanceId of the error-causing PRI. The PEP may then examine
these error PRIs and resend the modified request. Note that, until these error PRIs and resend the modified request. Note that, until
the PEP resends the request updates/removes it will have the PEP resends the request updates/removes it will have
configuration information for the last successful request state it configuration information for the last successful request state it
sent to the PDP. sent to the PDP.
Framework Policy Information Base June 7, 2002
2.4. Multiple PIB Instances 2.4. Multiple PIB Instances
[COPS-PR] supports multiple, disjoint, independent instances of the [COPS-PR] supports multiple, disjoint, independent instances of the
PIB to represent multiple instances of configured policy. The PIB to represent multiple instances of configured policy. The
Framework Policy Information Base May 30, 2002
intent is to allow for the pre-provisioning of policy that can then intent is to allow for the pre-provisioning of policy that can then
be made active by a single, short decision from the PDP. be made active by a single, short decision from the PDP.
A COPS context can be defined as an independent COPS request state A COPS context can be defined as an independent COPS request state
for a particular subject category (client-type). A context may be an for a particular subject category (client-type). A context may be an
outsourcing context or a configuration context. A configuration outsourcing context or a configuration context. A configuration
context is an instance of the PIB triggered and controlled by the context is an instance of the PIB triggered and controlled by the
PDP, which contains device setup information. This device PDP, which contains device setup information. This device
configuration information dictates the device behavior as specified configuration information dictates the device behavior as specified
by the PDP. An outsourcing context on the other hand is a PIB by the PDP. An outsourcing context on the other hand is a PIB
skipping to change at page 9, line 57 skipping to change at page 10, line 4
at any given time. at any given time.
Note that in the event that a PEP has an capability change such as a Note that in the event that a PEP has an capability change such as a
card hot swap or any other change in its notify information that may card hot swap or any other change in its notify information that may
warrant a policy refresh, a subsequent complete or incremental warrant a policy refresh, a subsequent complete or incremental
request must be issued to the PDP containing the new/updated request must be issued to the PDP containing the new/updated
capabilities for all the configuration contexts. A request for re- capabilities for all the configuration contexts. A request for re-
configuration is issued for all request state configuration configuration is issued for all request state configuration
contexts, both for the active configuration context as well as any contexts, both for the active configuration context as well as any
inactive configuration contexts. This is to ensure that when an inactive configuration contexts. This is to ensure that when an
Framework Policy Information Base June 7, 2002
inactive configuration context is activated, it has been pre- inactive configuration context is activated, it has been pre-
configured with policies compatible with the PEP's current configured with policies compatible with the PEP's current
capabilities. capabilities.
Framework Policy Information Base May 30, 2002
Although many PIB instances may be configured on a device (the Although many PIB instances may be configured on a device (the
maximum number of these instances being determined by the device maximum number of these instances being determined by the device
itself) only one of the contexts from the 'configuration contexts' itself) only one of the contexts from the 'configuration contexts'
set can be active at any given time, the active one being selected set can be active at any given time, the active one being selected
by the PDP. The Framework PIB supports the attribute by the PDP. The Framework PIB supports the attribute
frwkPibIncarnationActive in the frwkPibIncarnationTable to allow the frwkPibIncarnationActive in the frwkPibIncarnationTable to allow the
PDP to denote the PIB instance as being active in a COPS decision PDP to denote the PIB instance as being active in a COPS decision
message, and similarly, to report the active state (active or not) message, and similarly, to report the active state (active or not)
of the PIB instance to the PDP in a COPS request message. of the PIB instance to the PDP in a COPS request message.
skipping to change at page 10, line 58 skipping to change at page 11, line 5
means of the 'notify' PIB-ACCESS clause as described in [SPPI]. If a means of the 'notify' PIB-ACCESS clause as described in [SPPI]. If a
PIB does not have any capabilities to communicate to the PDP, it PIB does not have any capabilities to communicate to the PDP, it
must not send any instances for the frwkCapabilitySetTable. If in must not send any instances for the frwkCapabilitySetTable. If in
this case the frwkIfRoleCombo table is used to communicate role this case the frwkIfRoleCombo table is used to communicate role
combinations assigned to interfaces (via IfIndex), the combinations assigned to interfaces (via IfIndex), the
frwkRoleComboCapSetName attribute in the frwkIfRoleComboTable frwkRoleComboCapSetName attribute in the frwkIfRoleComboTable
instances must be set to a zero length string. instances must be set to a zero length string.
2.6. Reporting of Device Limitations 2.6. Reporting of Device Limitations
Framework Policy Information Base June 7, 2002
To facilitate efficient policy installation, it is important to To facilitate efficient policy installation, it is important to
understand a device's limitations in relation to the advertised understand a device's limitations in relation to the advertised
device capabilities. Limitations may be class-based, e.g., an device capabilities. Limitations may be class-based, e.g., an
Framework Policy Information Base May 30, 2002
"install" class is supported as a "notify" or only a limited number "install" class is supported as a "notify" or only a limited number
of class instances may be created, or attribute-based. Attribute of class instances may be created, or attribute-based. Attribute
limitations, such as supporting a restricted set of enumerations or limitations, such as supporting a restricted set of enumerations or
requiring related attributes to have certain values, detail requiring related attributes to have certain values, detail
implementation limitations at a fine level of granularity. implementation limitations at a fine level of granularity.
A PDP can avoid certain installation issues in a proactive fashion A PDP can avoid certain installation issues in a proactive fashion
by taking into account a device's limitations prior to policy by taking into account a device's limitations prior to policy
installation rather than in a reactive mode during installation. As installation rather than in a reactive mode during installation. As
with device capabilities, device limitations are communicated to the with device capabilities, device limitations are communicated to the
PDP when policy is requested. PDP when policy is requested.
Reported device limitations may be accompanied by guidance values Reported device limitations may be accompanied by guidance values
that can be used by a PDP to determine acceptable values for the that can be used by a PDP to determine acceptable values for the
identified attributes. identified attributes.
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
3. The Framework TC PIB module 3. The Framework TC PIB module
FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION, pib FROM COPS-PR-SPPI; IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION, pib FROM COPS-PR-SPPI;
frwkTcPib MODULE-IDENTITY frwkTcPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200205300000Z" LAST-UPDATED "200206070000Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO "Keith McCloghrie CONTACT-INFO "Keith McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive, 170 West Tasman Drive,
San Jose, CA 95134-1706 USA San Jose, CA 95134-1706 USA
Phone: +1 408 526 5260 Phone: +1 408 526 5260
Email: kzm@cisco.com Email: kzm@cisco.com
John Seligson John Seligson
Nortel Networks, Inc. Nortel Networks, Inc.
skipping to change at page 12, line 42 skipping to change at page 12, line 42
Intel Labs. Intel Labs.
2111 NE 25th Ave. 2111 NE 25th Ave.
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 712 1554 Phone: +1 503 712 1554
Email: ravi.sahita@intel.com Email: ravi.sahita@intel.com
RAP WG Mailing list: rap@ops.ietf.org " RAP WG Mailing list: rap@ops.ietf.org "
DESCRIPTION DESCRIPTION
"The PIB module containing the Role and RoleCombination "The PIB module containing the Role and RoleCombination
Textual Conventions and other generic TCs." Textual Conventions and other generic TCs."
REVISION "200205300000Z" REVISION "200206070000Z"
DESCRIPTION DESCRIPTION
"Initial version, published in RFC xxxx." "Initial version, published in RFC xxxx."
-- xxxx to be assigned by IANA -- xxxx to be assigned by IANA
::= { pib tbd } -- tbd to be assigned by IANA ::= { pib tbd } -- tbd to be assigned by IANA
Role ::= TEXTUAL-CONVENTION Role ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A role represents a functionality characteristic or "A role represents a functionality characteristic or
capability of a resource to which policies are applied. capability of a resource to which policies are applied.
Examples of roles include Backbone_interface, Examples of roles include Backbone_interface,
Frame_Relay_interface, BGP-capable-router, web-server, Frame_Relay_interface, BGP-capable-router, web-server,
firewall, etc. firewall, etc.
The only valid character set is US-ASCII. Valid characters The only valid character set is US-ASCII. Valid characters
are a-z, A-Z, 0-9, period, hyphen and underscore. A role are a-z, A-Z, 0-9, period, hyphen and underscore. A role
must always start with a letter (a-z or A-Z). A role must must always start with a letter (a-z or A-Z). A role must
not contain the US-ASCII characters '*' or '+' since they not contain the US-ASCII characters '*' or '+' since they
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
have special meaning associated with them, explained in the have special meaning associated with them, explained in the
RoleCombination TEXTUAL CONVENTION." RoleCombination TEXTUAL CONVENTION."
SYNTAX OCTET STRING (SIZE (1..31)) SYNTAX OCTET STRING (SIZE (1..31))
RoleCombination ::= TEXTUAL-CONVENTION RoleCombination ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string containing concatenated Roles. For the "An octet string containing concatenated Roles. For the
format specification of roles, refer to the 'Role' TEXTUAL- format specification of roles, refer to the 'Role' TEXTUAL-
skipping to change at page 14, line 5 skipping to change at page 14, line 5
of a PRC has an OID value XxxTable.1 where XxxTable is the of a PRC has an OID value XxxTable.1 where XxxTable is the
OID assigned to the PRC table object. OID assigned to the PRC table object.
An attribute with this syntax MUST specify a PRC, which is An attribute with this syntax MUST specify a PRC, which is
defined in the PIB module(s) registered in the context of defined in the PIB module(s) registered in the context of
the client-type used. the client-type used.
An attribute with this syntax cannot have the value 0.0 An attribute with this syntax cannot have the value 0.0
(zeroDotZero). If the attribute using this syntax can be set (zeroDotZero). If the attribute using this syntax can be set
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
to 0.0 use the PrcIdentifierOidOrZero TEXTUAL-CONVENTION to 0.0 use the PrcIdentifierOidOrZero TEXTUAL-CONVENTION
which makes such use explicit." which makes such use explicit."
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
PrcIdentifierOidOrZero ::= TEXTUAL-CONVENTION PrcIdentifierOidOrZero ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An OID that identifies a PRC or zeroDotZero (0.0). The "An OID that identifies a PRC or zeroDotZero (0.0). The
value MUST be an OID assigned to a PRC's entry definition or value MUST be an OID assigned to a PRC's entry definition or
skipping to change at page 15, line 5 skipping to change at page 15, line 5
makes that explicit." makes that explicit."
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
AttrIdentifierOrZero ::= TEXTUAL-CONVENTION AttrIdentifierOrZero ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A Unsigned32 value that identifies an attribute in a PRC by "A Unsigned32 value that identifies an attribute in a PRC by
its sub-id or has the value 0 (zero). The sub-id if non- its sub-id or has the value 0 (zero). The sub-id if non-
zero, is the OID assigned to this attribute in the PRC zero, is the OID assigned to this attribute in the PRC
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
definition. definition.
An AttrIdentifierOrZero value is always interpreted within An AttrIdentifierOrZero value is always interpreted within
the context of an attribute of type PrcIdentifierOid or the context of an attribute of type PrcIdentifierOid or
PrcIdentifierOidOrZero. The PrcIdentifierOid (or PrcIdentifierOidOrZero. The PrcIdentifierOid (or
PrcIdentifierOidOrZero) object that defines the context must PrcIdentifierOidOrZero) object that defines the context must
be registered immediately before the object which uses the be registered immediately before the object which uses the
AttrIdentifierOrZero textual convention. If the context AttrIdentifierOrZero textual convention. If the context
defining attribute is of type PrcIdentifierOidOrZero and has defining attribute is of type PrcIdentifierOidOrZero and has
skipping to change at page 15, line 35 skipping to change at page 15, line 35
SYNTAX Unsigned32 SYNTAX Unsigned32
AttrIdentifierOid ::= TEXTUAL-CONVENTION AttrIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An OID that identifies an attribute in a PRC. The value "An OID that identifies an attribute in a PRC. The value
MUST be an OID assigned to a PRC's attribute definition. The MUST be an OID assigned to a PRC's attribute definition. The
last sub-id is the sub-id of the attribute as it is last sub-id is the sub-id of the attribute as it is
defined in the PRC entry definition. The prefix OID (after defined in the PRC entry definition. The prefix OID (after
dropping the last sub-id) is the OID assigned to the Entry dropping the last sub-id) is the OID assigned to the Entry
1.0 object of a defined PRC. The Entry definition object of a defined PRC. The Entry definition of a PRC has
of a PRC has
an OID value XxxTable.1 where XxxTable is the OID assigned an OID value XxxTable.1 where XxxTable is the OID assigned
to the PRC Table object. to the PRC Table object.
An attribute with this syntax MUST not have the value 0.0 An attribute with this syntax MUST not have the value 0.0
(zeroDotZero). If 0.0 is a valid value, the TEXTUAL (zeroDotZero). If 0.0 is a valid value, the TEXTUAL
CONVENTION AttrIdentifierOidOrZero must be used which makes CONVENTION AttrIdentifierOidOrZero must be used which makes
such use explicit." such use explicit."
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
AttrIdentifierOidOrZero ::= TEXTUAL-CONVENTION AttrIdentifierOidOrZero ::= TEXTUAL-CONVENTION
skipping to change at page 16, line 5 skipping to change at page 16, line 5
PRC's attribute definition or the value 0.0. PRC's attribute definition or the value 0.0.
If not 0.0, the last sub-id MUST be the sub-id of the If not 0.0, the last sub-id MUST be the sub-id of the
attribute as it is defined in the PRC Entry object attribute as it is defined in the PRC Entry object
definition. The prefix OID (after dropping the last sub-id) definition. The prefix OID (after dropping the last sub-id)
is the OID assigned to the Entry object of a defined PRC. is the OID assigned to the Entry object of a defined PRC.
The Entry definition of a PRC has an OID value XxxTable.1 The Entry definition of a PRC has an OID value XxxTable.1
Where, XxxTable is the OID assigned to the PRC Table Where, XxxTable is the OID assigned to the PRC Table
object. object.
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
An attribute with this syntax can have the value 0.0 An attribute with this syntax can have the value 0.0
(zeroDotZero) to indicate that it currently does not (zeroDotZero) to indicate that it currently does not
identify a PRC's attribute." identify a PRC's attribute."
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
ClientType ::= TEXTUAL-CONVENTION ClientType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An Unsigned32 value that identifies a COPS Client-type. An "An Unsigned32 value that identifies a COPS Client-type. An
skipping to change at page 17, line 5 skipping to change at page 17, line 5
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An octet string that identifies a COPS Client handle. A "An octet string that identifies a COPS Client handle. A
zero length value implies the attribute does not specify a zero length value implies the attribute does not specify a
valid client handle." valid client handle."
REFERENCE "[COPS]." REFERENCE "[COPS]."
SYNTAX OCTET STRING (SIZE(0..65535)) SYNTAX OCTET STRING (SIZE(0..65535))
END END
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
4. Summary of the Framework PIB 4. Summary of the Framework PIB
The Framework PIB defines four groups of PRCs: The Framework PIB defines four groups of PRCs:
4.1. Base PIB classes Group 4.1. Base PIB classes Group
This contains PRCs intended to describe the PRCs supported This contains PRCs intended to describe the PRCs supported
by the PEP, PRC and/or attribute limitations and its current by the PEP, PRC and/or attribute limitations and its current
configuration. configuration.
skipping to change at page 18, line 5 skipping to change at page 17, line 60
known incarnation of policy. This PRC defines a flag via which known incarnation of policy. This PRC defines a flag via which
the installed contexts are divided into a set of contexts the installed contexts are divided into a set of contexts
('configuration contexts') out of which only one context is ('configuration contexts') out of which only one context is
active and a the remaining contexts form a set of 'outsourcing active and a the remaining contexts form a set of 'outsourcing
contexts' which are all active. The incarnation PRC also contexts' which are all active. The incarnation PRC also
defines an attribute to indicate which configuration context is defines an attribute to indicate which configuration context is
the active one at the present time in the 'configuration the active one at the present time in the 'configuration
contexts' set. The incarnation instance is specific to the contexts' set. The incarnation instance is specific to the
particular Subject Category (Client-Type). particular Subject Category (Client-Type).
Framework Policy Information Base May 30, 2002
Component Limitations Table Component Limitations Table
Framework Policy Information Base June 7, 2002
Some devices may not be able to implement the full range of Some devices may not be able to implement the full range of
values for all attributes. In principle, each PRC supports a values for all attributes. In principle, each PRC supports a
set of errors that the PEP can report to the PDP in the event set of errors that the PEP can report to the PDP in the event
that the specified policy is not implementable. It may be that the specified policy is not implementable. It may be
preferable for the PDP to be informed of the device limitations preferable for the PDP to be informed of the device limitations
before actually attempting to install policy, and while the before actually attempting to install policy, and while the
error can indicate that a particular attribute value is error can indicate that a particular attribute value is
unacceptable to the PEP, this does not help the PDP ascertain unacceptable to the PEP, this does not help the PDP ascertain
which values would be acceptable. To alleviate these which values would be acceptable. To alleviate these
limitations, the PEP can report some limitations of attribute limitations, the PEP can report some limitations of attribute
skipping to change at page 19, line 4 skipping to change at page 18, line 59
Interface and Role Combination Table Interface and Role Combination Table
The Capabilities Set Table (explained above) describes the The Capabilities Set Table (explained above) describes the
entities on the PEP (for example, interfaces) by their entities on the PEP (for example, interfaces) by their
capabilities, by assigning the capability sets a unique name capabilities, by assigning the capability sets a unique name
(frwkCapabilitySetName). It is possible to tailor the behavior (frwkCapabilitySetName). It is possible to tailor the behavior
of interfaces by assigning specific role-combinations to the of interfaces by assigning specific role-combinations to the
capability sets. This allows interfaces with the same capability sets. This allows interfaces with the same
capability sets to be assigned different policies, based on the capability sets to be assigned different policies, based on the
current roles assigned to them. At the PDP, configuration is current roles assigned to them. At the PDP, configuration is
done in terms of these interface capability set names and the
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
done in terms of these interface capability set names and the
role-combinations assigned to them. Thus, each row of this role-combinations assigned to them. Thus, each row of this
class is a <Interface Index, interface capability set name, class is a <Interface Index, interface capability set name,
Role Combo> tuple, that indicates the roles that have been Role Combo> tuple, that indicates the roles that have been
assigned to a particular capability set (as identified by assigned to a particular capability set (as identified by
frwkRoleComboCapSetName) and to a particular interface. Note frwkRoleComboCapSetName) and to a particular interface. Note
that the uniqueness criteria for this PRC has all the that the uniqueness criteria for this PRC has all the
attributes, thus a frwkRoleComboCapSetName may have attributes, thus a frwkRoleComboCapSetName may have
multiple role-combinations that it is associated with. Via the multiple role-combinations that it is associated with. Via the
IfIndex, this PRC answers the questions of 'which interfaces IfIndex, this PRC answers the questions of 'which interfaces
have a specific role combination?' and 'what role combination a have a specific role combination?' and 'what role combination a
skipping to change at page 20, line 5 skipping to change at page 20, line 5
This group contains the 802 marker and internal label marker This group contains the 802 marker and internal label marker
PRCs. The 802 marker may be applied to mark 802 packets with the PRCs. The 802 marker may be applied to mark 802 packets with the
required VLAN Id and/or priority value. The Internal Label marker required VLAN Id and/or priority value. The Internal Label marker
is applied to traffic in order to label it with a network device is applied to traffic in order to label it with a network device
specific label. Such a label is used to assist the specific label. Such a label is used to assist the
differentiation of an input flow after it has been aggregated differentiation of an input flow after it has been aggregated
with other flows. The label is implementation specific and may with other flows. The label is implementation specific and may
be used for other policy related functions like flow accounting be used for other policy related functions like flow accounting
purposes and/or other data path treatments. purposes and/or other data path treatments.
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
5. The Framework PIB Module 5. The Framework PIB Module
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
Unsigned32, Integer32, MODULE-IDENTITY, Unsigned32, Integer32, MODULE-IDENTITY,
MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib
FROM COPS-PR-SPPI FROM COPS-PR-SPPI
InstanceId, Prid InstanceId, Prid
skipping to change at page 20, line 34 skipping to change at page 20, line 34
FROM IF-MIB FROM IF-MIB
DscpOrAny DscpOrAny
FROM DIFFSERV-DSCP-TC FROM DIFFSERV-DSCP-TC
TruthValue, PhysAddress TruthValue, PhysAddress
FROM SNMPv2-TC FROM SNMPv2-TC
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB; FROM SNMP-FRAMEWORK-MIB;
frameworkPib MODULE-IDENTITY frameworkPib MODULE-IDENTITY
SUBJECT-CATEGORIES { all } SUBJECT-CATEGORIES { all }
LAST-UPDATED "200205300000Z" LAST-UPDATED "200206070000Z"
ORGANIZATION "IETF RAP WG" ORGANIZATION "IETF RAP WG"
CONTACT-INFO " CONTACT-INFO "
Michael Fine Michael Fine
Atheros Communications Atheros Communications
529 Almanor Ave 529 Almanor Ave
Sunnyvale, CA 94085 USA Sunnyvale, CA 94085 USA
Phone: +1 408 773 5324 Phone: +1 408 773 5324
Email: mfine@atheros.com Email: mfine@atheros.com
Keith McCloghrie Keith McCloghrie
skipping to change at page 21, line 5 skipping to change at page 21, line 5
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com Email: jseligso@nortelnetworks.com
Ravi Sahita Ravi Sahita
Intel Labs. Intel Labs.
2111 NE 25th Ave. 2111 NE 25th Ave.
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 712 1554 Phone: +1 503 712 1554
Email: ravi.sahita@intel.com Email: ravi.sahita@intel.com
RAP WG Mailing list: rap@ops.ietf.org" RAP WG Mailing list: rap@ops.ietf.org"
DESCRIPTION DESCRIPTION
"A PIB module containing the base set of PRCs that "A PIB module containing the base set of PRCs that
provide support for management of multiple PIB contexts, provide support for management of multiple PIB contexts,
association of roles to device capabilities and other association of roles to device capabilities and other
reusable PRCs. PEPs are required for to implement this reusable PRCs. PEPs are required for to implement this
PIB if the above features are desired. This PIB defines PIB if the above features are desired. This PIB defines
PRCs applicable to 'all' subject-categories." PRCs applicable to 'all' subject-categories."
REVISION "200205300000Z" REVISION "200206070000Z"
DESCRIPTION DESCRIPTION
"Initial version, published in RFC xxxx." "Initial version, published in RFC xxxx."
-- xxxx to be assigned by IANA -- xxxx to be assigned by IANA
::= { pib tbd } -- tbd to be assigned by IANA ::= { pib tbd } -- tbd to be assigned by IANA
-- --
-- The root OID for PRCs in the Framework PIB -- The root OID for PRCs in the Framework PIB
-- --
skipping to change at page 22, line 5 skipping to change at page 22, line 5
All install and install-notify PRCs supported by the device All install and install-notify PRCs supported by the device
must be represented in this PRC. Notify PRCs may be must be represented in this PRC. Notify PRCs may be
represented for informational purposes." represented for informational purposes."
::= { frwkBasePibClasses 1 } ::= { frwkBasePibClasses 1 }
frwkPrcSupportEntry OBJECT-TYPE frwkPrcSupportEntry OBJECT-TYPE
SYNTAX FrwkPrcSupportEntry SYNTAX FrwkPrcSupportEntry
STATUS current STATUS current
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
DESCRIPTION DESCRIPTION
"An instance of the frwkPrcSupport class that identifies a "An instance of the frwkPrcSupport class that identifies a
specific PRC and associated attributes as supported specific PRC and associated attributes as supported
by the device." by the device."
PIB-INDEX { frwkPrcSupportPrid } PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc } UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 } ::= { frwkPrcSupportTable 1 }
skipping to change at page 23, line 5 skipping to change at page 23, line 5
DESCRIPTION DESCRIPTION
"A bit string representing the supported attributes of the "A bit string representing the supported attributes of the
class that is identified by the frwkPrcSupportSupportedPrc class that is identified by the frwkPrcSupportSupportedPrc
object. object.
Each bit of this bit string corresponds to a class Each bit of this bit string corresponds to a class
attribute, with the most significant bit of the i-th octet attribute, with the most significant bit of the i-th octet
of this octet string corresponding to the (8*i - 7)-th of this octet string corresponding to the (8*i - 7)-th
attribute, and the least significant bit of the i-th octet attribute, and the least significant bit of the i-th octet
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
corresponding to the (8*i)-th class attribute. Each bit corresponding to the (8*i)-th class attribute. Each bit
specifies whether or not the corresponding class attribute specifies whether or not the corresponding class attribute
is currently supported, with a '1' indicating support and a is currently supported, with a '1' indicating support and a
'0' indicating no support. '0' indicating no support.
If the value of this bit string is N bits long and there are If the value of this bit string is N bits long and there are
more than N class attributes then the bit string is more than N class attributes then the bit string is
logically extended with 0's to the required length. logically extended with 0's to the required length.
On the other hand, If the PDP receives a bit string of On the other hand, If the PDP receives a bit string of
skipping to change at page 24, line 5 skipping to change at page 24, line 5
PIB-INDEX { frwkPibIncarnationPrid } PIB-INDEX { frwkPibIncarnationPrid }
::= { frwkPibIncarnationTable 1 } ::= { frwkPibIncarnationTable 1 }
FrwkPibIncarnationEntry ::= SEQUENCE { FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid InstanceId, frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString, frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING, frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity INTEGER, frwkPibIncarnationLongevity INTEGER,
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
frwkPibIncarnationTtl Unsigned32, frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationInCtxtSet TruthValue, frwkPibIncarnationInCtxtSet TruthValue,
frwkPibIncarnationActive TruthValue, frwkPibIncarnationActive TruthValue,
frwkPibIncarnationFullState TruthValue frwkPibIncarnationFullState TruthValue
} }
frwkPibIncarnationPrid OBJECT-TYPE frwkPibIncarnationPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An index to uniquely identify an instance of this PRC." "An index to uniquely identify an instance of this PRC."
::= { frwkPibIncarnationEntry 1 } ::= { frwkPibIncarnationEntry 1 }
frwkPibIncarnationName OBJECT-TYPE frwkPibIncarnationName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..255)) SYNTAX SnmpAdminString (SIZE (0..255))
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The name of the PDP that installed the current incarnation "The name of the PDP that installed the current incarnation
of the PIB into the device. By default, it is the zero of the PIB into the device. A zero-length string value for
length string." this type implies the PDP has not assigned this type any
value. By default, it is the zero length string."
::= { frwkPibIncarnationEntry 2 } ::= { frwkPibIncarnationEntry 2 }
frwkPibIncarnationId OBJECT-TYPE frwkPibIncarnationId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255)) SYNTAX OCTET STRING (SIZE (0..255))
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An ID to identify the current incarnation. It has meaning "An ID to identify the current incarnation. It has meaning
to the PDP/manager that installed the PIB and perhaps its to the PDP/manager that installed the PIB and perhaps its
standby PDPs/managers. By default, it is the zero-length standby PDPs/managers. A zero-length string value for
string." this type implies the PDP has not assigned this type any
value. By default, it is the zero-length string."
::= { frwkPibIncarnationEntry 3 } ::= { frwkPibIncarnationEntry 3 }
frwkPibIncarnationLongevity OBJECT-TYPE frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
expireNever(1), expireNever(1),
expireImmediate(2), expireImmediate(2),
expireOnTimeout(3) expireOnTimeout(3)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This attribute controls what the PEP does with the "This attribute controls what the PEP does with the
downloaded policy on a Client Close message or a loss of downloaded policy on a Client Close message or a loss of
connection to the PDP. connection to the PDP.
If set to expireNever, the PEP continues to operate with the If set to expireNever, the PEP continues to operate with the
installed policy indefinitely. If set to expireImmediate, installed policy indefinitely. If set to expireImmediate,
the PEP immediately expires the policy obtained from the PDP the PEP immediately expires the policy obtained from the PDP
and installs policy from local configuration. If set to and installs policy from local configuration. If set to
expireOnTimeout, the PEP continues to operate with the
policy installed by the PDP for a period of time specified
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
expireOnTimeout, the PEP continues to operate with the
policy installed by the PDP for a period of time specified
by frwkPibIncarnationTtl. After this time (and it has not by frwkPibIncarnationTtl. After this time (and it has not
reconnected to the original or new PDP) the PEP expires this reconnected to the original or new PDP) the PEP expires this
policy and reverts to local configuration. policy and reverts to local configuration.
For all cases, it is the responsibility of the PDP to check For all cases, it is the responsibility of the PDP to check
the incarnation and download new policy, if necessary, on a the incarnation and download new policy, if necessary, on a
reconnect. On receiving a Remove-State for the active reconnect. On receiving a Remove-State for the active
context, this attribute value MUST be ignored and the PEP context, this attribute value MUST be ignored and the PEP
should expire the policy in that active context immediately. should expire the policy in that active context immediately.
Policy enforcement timing only applies to policies that have Policy enforcement timing only applies to policies that have
skipping to change at page 25, line 47 skipping to change at page 25, line 49
::= { frwkPibIncarnationEntry 5 } ::= { frwkPibIncarnationEntry 5 }
frwkPibIncarnationInCtxtSet OBJECT-TYPE frwkPibIncarnationInCtxtSet OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the PDP installs a PRI with this flag set to 'true' it "When the PDP installs a PRI with this flag set to 'true' it
implies this context belongs to the set of contexts out of implies this context belongs to the set of contexts out of
which at the most one context can be active at a given time. which at the most one context can be active at a given time.
If this attribute is set to 'false' this context is one of If this attribute is set to 'false' this context is one of
the outsourcing (simultaneous active) contexts on the PEP. the outsourcing (simultaneous active) contexts on the
PEP.
This attribute is 'true' for all contexts belong to the set This attribute is 'true' for all contexts belong to the set
of configuration contexts. Within the configuration context of configuration contexts. Within the configuration context
set, one context can be active identified by the set, one context can be active identified by the
frwkPibIncarnationActive attribute." frwkPibIncarnationActive attribute."
REFERENCE REFERENCE
"TruthValue TC [SNMPv2TC]." "TruthValue TC [SNMPv2TC]."
::= { frwkPibIncarnationEntry 6 } ::= { frwkPibIncarnationEntry 6 }
Framework Policy Information Base June 7, 2002
frwkPibIncarnationActive OBJECT-TYPE frwkPibIncarnationActive OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
Framework Policy Information Base May 30, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"When the PDP installs a PRI on the PEP with this attribute "When the PDP installs a PRI on the PEP with this attribute
set to 'true' and if this context belongs to the set to 'true' and if this context belongs to the
'configuration contexts' set, i.e., the 'configuration contexts' set, i.e., the
frwkPibIncarnationInCtxtSet is set to 'true', then the PIB frwkPibIncarnationInCtxtSet is set to 'true', then the PIB
instance to which this PRI belongs must become the active instance to which this PRI belongs must become the active
PIB instance. In this case, the previous active instance PIB instance. In this case, the previous active instance
from this set MUST become inactive and the from this set MUST become inactive and the
frwkPibIncarnationActive attribute in that PIB instance MUST frwkPibIncarnationActive attribute in that PIB instance MUST
skipping to change at page 26, line 56 skipping to change at page 27, line 4
REFERENCE REFERENCE
"RFC xxxx Section 2.3" "RFC xxxx Section 2.3"
::= { frwkPibIncarnationEntry 8 } ::= { frwkPibIncarnationEntry 8 }
-- --
-- Device Identification Table -- Device Identification Table
-- --
frwkDeviceIdTable OBJECT-TYPE frwkDeviceIdTable OBJECT-TYPE
Framework Policy Information Base June 7, 2002
SYNTAX SEQUENCE OF FrwkDeviceIdEntry SYNTAX SEQUENCE OF FrwkDeviceIdEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
Framework Policy Information Base May 30, 2002
DESCRIPTION DESCRIPTION
"This PRC contains a single PRovisioning Instance that "This PRC contains a single PRovisioning Instance that
contains general purpose device-specific information that is contains general purpose device-specific information that is
used to facilitate efficient policy communication by a PDP. used to facilitate efficient policy communication by a PDP.
The instance of this PRC is reported to the PDP in a COPS The instance of this PRC is reported to the PDP in a COPS
request message so that the PDP can take into account request message so that the PDP can take into account
certain device characteristics during policy installation." certain device characteristics during policy installation."
::= { frwkBasePibClasses 3 } ::= { frwkBasePibClasses 3 }
skipping to change at page 27, line 53 skipping to change at page 28, line 5
frwkDeviceIdDescr OBJECT-TYPE frwkDeviceIdDescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (1..255)) SYNTAX SnmpAdminString (SIZE (1..255))
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A textual description of the PEP. This value should include "A textual description of the PEP. This value should include
the name and version identification of the PEP's hardware the name and version identification of the PEP's hardware
and software." and software."
::= { frwkDeviceIdEntry 2 } ::= { frwkDeviceIdEntry 2 }
Framework Policy Information Base June 7, 2002
frwkDeviceIdMaxMsg OBJECT-TYPE frwkDeviceIdMaxMsg OBJECT-TYPE
SYNTAX Unsigned32 (64..4294967295) SYNTAX Unsigned32 (64..4294967295)
UNITS "octets" UNITS "octets"
Framework Policy Information Base May 30, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum COPS-PR message size, in octets, that the "The maximum COPS-PR message size, in octets, that the
device is capable of processing. Received messages with a device is capable of processing. Received messages with a
size in excess of this value must cause the PEP to return an size in excess of this value must cause the PEP to return an
error to the PDP containing the global error code error to the PDP containing the global error code
'maxMsgSizeExceeded'. This is an additional error-avoidance 'maxMsgSizeExceeded'. This is an additional error-avoidance
mechanism to allow the administrator to know the maximum mechanism to allow the administrator to know the maximum
message size supported so that they have the ability to message size supported so that they have the ability to
control the message size of messages sent to the device. control the message size of messages sent to the device.
skipping to change at page 28, line 56 skipping to change at page 29, line 4
SYNTAX SEQUENCE OF FrwkCompLimitsEntry SYNTAX SEQUENCE OF FrwkCompLimitsEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This PRC supports the ability to export information "This PRC supports the ability to export information
detailing PRC/attribute implementation limitations to the detailing PRC/attribute implementation limitations to the
policy management system. Instances of this PRC apply only policy management system. Instances of this PRC apply only
for PRCs with access type 'install' or 'install-notify'. for PRCs with access type 'install' or 'install-notify'.
Each instance of this PRC identifies a PRovisioning Class Each instance of this PRC identifies a PRovisioning Class
Framework Policy Information Base June 7, 2002
or attribute and a limitation related to the implementation or attribute and a limitation related to the implementation
of the class/attribute in the device. Additional information of the class/attribute in the device. Additional information
providing guidance related to the limitation may also be providing guidance related to the limitation may also be
Framework Policy Information Base May 30, 2002
present. These PRIs are sent to the PDP to indicate which present. These PRIs are sent to the PDP to indicate which
PRCs or PRC attributes the device supports in a restricted PRCs or PRC attributes the device supports in a restricted
manner." manner."
::= { frwkBasePibClasses 4 } ::= { frwkBasePibClasses 4 }
frwkCompLimitsEntry OBJECT-TYPE frwkCompLimitsEntry OBJECT-TYPE
SYNTAX FrwkCompLimitsEntry SYNTAX FrwkCompLimitsEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 29, line 59 skipping to change at page 30, line 5
frwkCompLimitsPrid OBJECT-TYPE frwkCompLimitsPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkCompLimits class." instance of the frwkCompLimits class."
::= { frwkCompLimitsEntry 1 } ::= { frwkCompLimitsEntry 1 }
frwkCompLimitsComponent OBJECT-TYPE Framework Policy Information Base June 7, 2002
Framework Policy Information Base May 30, 2002
frwkCompLimitsComponent OBJECT-TYPE
SYNTAX PrcIdentifierOid SYNTAX PrcIdentifierOid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value is the OID of a PRC (the table entry) which is "The value is the OID of a PRC (the table entry) which is
supported in some limited fashion or contains an attribute supported in some limited fashion or contains an attribute
that is supported in some limited fashion with regard to that is supported in some limited fashion with regard to
it's definition in the associated PIB module. The same OID it's definition in the associated PIB module. The same OID
may appear in the table several times, once for each may appear in the table several times, once for each
implementation limitation acknowledged by the device." implementation limitation acknowledged by the device."
skipping to change at page 30, line 56 skipping to change at page 31, line 5
attrLengthLimited(4), attrLengthLimited(4),
prcLimitedNotify(5) prcLimitedNotify(5)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A value describing an implementation limitation for the "A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent and the frwkCompLimitsAttrPos the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
attributes. attributes.
Values for this object are one of the following: Framework Policy Information Base June 7, 2002
Framework Policy Information Base May 30, 2002 Values for this object are one of the following:
priSpaceLimited(1) - No more instances than that specified priSpaceLimited(1) - No more instances than that specified
by the guidance value may be installed in the given class. by the guidance value may be installed in the given class.
The component identified MUST be a valid PRC. The SubType The component identified MUST be a valid PRC. The SubType
used MUST be valueOnly(9). used MUST be valueOnly(9).
attrValueSupLimited(2) - Limited values are acceptable for attrValueSupLimited(2) - Limited values are acceptable for
the identified component. The component identified MUST be a the identified component. The component identified MUST be a
valid PRC attribute. The guidance OCTET STRING will be valid PRC attribute. The guidance OCTET STRING will be
decoded according to the attribute type. decoded according to the attribute type.
skipping to change at page 31, line 57 skipping to change at page 32, line 4
"This object indicates the type of guidance related "This object indicates the type of guidance related
to the noted limitation (as indicated by the to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute. in the frwkCompLimitsGuidance attribute.
A value of 'none(1)' means that no additional A value of 'none(1)' means that no additional
guidance is provided for the noted limitation type. guidance is provided for the noted limitation type.
A value of 'lengthMin(2)' means that the guidance A value of 'lengthMin(2)' means that the guidance
attribute provides data related to the minimum attribute provides data related to the minimum
Framework Policy Information Base June 7, 2002
acceptable length for the value of the identified acceptable length for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'lengthMax(3)' value is required specifying the 'lengthMax(3)' value is required
Framework Policy Information Base May 30, 2002
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'lengthMax(3)' means that the guidance A value of 'lengthMax(3)' means that the guidance
attribute provides data related to the maximum attribute provides data related to the maximum
acceptable length for the value of the identified acceptable length for the value of the identified
component. A corresponding class instance component. A corresponding class instance
specifying the 'lengthMin(2)' value is required specifying the 'lengthMin(2)' value is required
in conjunction with this sub-type. in conjunction with this sub-type.
A value of 'rangeMin(4)' means that the guidance A value of 'rangeMin(4)' means that the guidance
skipping to change at page 32, line 58 skipping to change at page 33, line 4
A value of 'valueOnly(9)' means that the guidance A value of 'valueOnly(9)' means that the guidance
attribute provides data related to a single attribute provides data related to a single
value that is acceptable for the identified value that is acceptable for the identified
component. component.
A value of 'bitMask(10)' means that the guidance A value of 'bitMask(10)' means that the guidance
attribute is a bit mask such that all the combinations of attribute is a bit mask such that all the combinations of
bits set in the bitmask are acceptable values for the bits set in the bitmask are acceptable values for the
identified component which should be an attribute of type identified component which should be an attribute of type
'BITS'.
For example, an implementation of the frwkIpFilter class may Framework Policy Information Base June 7, 2002
Framework Policy Information Base May 30, 2002 'BITS'.
For example, an implementation of the frwkIpFilter class may
be limited in several ways, such as address mask, protocol be limited in several ways, such as address mask, protocol
and Layer 4 port options. These limitations could be and Layer 4 port options. These limitations could be
exported using this PRC with the following instances: exported using this PRC with the following instances:
Component Type Sub-Type Guidance Component Type Sub-Type Guidance
------------------------------------------------------------ ------------------------------------------------------------
DstPrefixLength attrValueSupLimited valueOnly 24 DstPrefixLength attrValueSupLimited valueOnly 24
SrcPrefixLength attrValueSupLimited valueOnly 24 SrcPrefixLength attrValueSupLimited valueOnly 24
Protocol attrValueSupLimited rangeMin 10 Protocol attrValueSupLimited rangeMin 10
Protocol attrValueSupLimited rangeMax 20 Protocol attrValueSupLimited rangeMax 20
skipping to change at page 33, line 58 skipping to change at page 34, line 4
interpreted in the context of the frwkCompLimitsType and interpreted in the context of the frwkCompLimitsType and
frwkCompLimitsSubType values. Any other restrictions frwkCompLimitsSubType values. Any other restrictions
(such as size/range/enumerated value) on the guidance (such as size/range/enumerated value) on the guidance
value MUST be complied with according to the definition value MUST be complied with according to the definition
of the component for which guidance is being specified. of the component for which guidance is being specified.
Note that numbers are encoded in network byte order. Note that numbers are encoded in network byte order.
Base Type Value Base Type Value
--------- ----- --------- -----
Framework Policy Information Base June 7, 2002
Unsigned32/Integer32/INTEGER 32-bit value. Unsigned32/Integer32/INTEGER 32-bit value.
Unsigned64/Integer64 64-bit Value. Unsigned64/Integer64 64-bit Value.
OCTET STRING octets of data. OCTET STRING octets of data.
Framework Policy Information Base May 30, 2002
OID 32-bit OID components. OID 32-bit OID components.
BITS Binary octets of length BITS Binary octets of length
same as Component specified." same as Component specified."
::= { frwkCompLimitsEntry 7 } ::= { frwkCompLimitsEntry 7 }
-- --
-- Complete Reference specification table -- Complete Reference specification table
-- --
skipping to change at page 34, line 52 skipping to change at page 35, line 5
::= { frwkReferenceTable 1 } ::= { frwkReferenceTable 1 }
FrwkReferenceEntry ::= SEQUENCE { FrwkReferenceEntry ::= SEQUENCE {
frwkReferencePrid InstanceId, frwkReferencePrid InstanceId,
frwkReferenceClientType ClientType, frwkReferenceClientType ClientType,
frwkReferenceClientHandle ClientHandle, frwkReferenceClientHandle ClientHandle,
frwkReferenceInstance Prid frwkReferenceInstance Prid
} }
Framework Policy Information Base June 7, 2002
frwkReferencePrid OBJECT-TYPE frwkReferencePrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
Framework Policy Information Base May 30, 2002
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the frwkReference class." instance of the frwkReference class."
::= { frwkReferenceEntry 1 } ::= { frwkReferenceEntry 1 }
frwkReferenceClientType OBJECT-TYPE frwkReferenceClientType OBJECT-TYPE
SYNTAX ClientType SYNTAX ClientType
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 35, line 53 skipping to change at page 36, line 4
-- --
-- Error specification table -- Error specification table
-- --
frwkErrorTable OBJECT-TYPE frwkErrorTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkErrorEntry SYNTAX SEQUENCE OF FrwkErrorEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each instance of this PRC specifies a class specific "Each instance of this PRC specifies a class specific
Framework Policy Information Base June 7, 2002
error object. Instances of this PRC are transient, i.e., error object. Instances of this PRC are transient, i.e.,
instances received in a COPS decision message must not to be instances received in a COPS decision message must not to be
maintained by the PEP in its copy of the PIB instances. This maintained by the PEP in its copy of the PIB instances. This
Framework Policy Information Base May 30, 2002
PRC allows a PDP to send error information to the PEP if the PRC allows a PDP to send error information to the PEP if the
PDP cannot process updates to a Request successfully." PDP cannot process updates to a Request successfully."
::= { frwkBasePibClasses 6 } ::= { frwkBasePibClasses 6 }
frwkErrorEntry OBJECT-TYPE frwkErrorEntry OBJECT-TYPE
SYNTAX FrwkErrorEntry SYNTAX FrwkErrorEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Entry specification for the frwkErrorTable." "Entry specification for the frwkErrorTable."
skipping to change at page 36, line 55 skipping to change at page 37, line 5
frwkErrorCode OBJECT-TYPE frwkErrorCode OBJECT-TYPE
SYNTAX Unsigned32 (0..65535) SYNTAX Unsigned32 (0..65535)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Error code defined in COPS-PR CPERR object." "Error code defined in COPS-PR CPERR object."
REFERENCE REFERENCE
"COPS Usage for Policy Provisioning. [COPS-PR]." "COPS Usage for Policy Provisioning. [COPS-PR]."
::= { frwkErrorEntry 2 } ::= { frwkErrorEntry 2 }
Framework Policy Information Base June 7, 2002
frwkErrorSubCode OBJECT-TYPE frwkErrorSubCode OBJECT-TYPE
SYNTAX Unsigned32 (0..65535) SYNTAX Unsigned32 (0..65535)
Framework Policy Information Base May 30, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The class-specific error object is used to communicate "The class-specific error object is used to communicate
errors relating to specific PRCs." errors relating to specific PRCs."
::= { frwkErrorEntry 3 } ::= { frwkErrorEntry 3 }
frwkErrorPrc OBJECT-TYPE frwkErrorPrc OBJECT-TYPE
SYNTAX PrcIdentifierOid SYNTAX PrcIdentifierOid
STATUS current STATUS current
skipping to change at page 37, line 49 skipping to change at page 38, line 4
-- --
-- Capability Set Table -- Capability Set Table
-- --
frwkCapabilitySetTable OBJECT-TYPE frwkCapabilitySetTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkCapabilitySetEntry SYNTAX SEQUENCE OF FrwkCapabilitySetEntry
PIB-ACCESS notify PIB-ACCESS notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base June 7, 2002
"This PRC describes the capability sets that exist on the "This PRC describes the capability sets that exist on the
interfaces on the device. The capability set is given a interfaces on the device. The capability set is given a
unique name that identifies a set. These capability set unique name that identifies a set. These capability set
names are used by the PDP to determine policy information to names are used by the PDP to determine policy information to
Framework Policy Information Base May 30, 2002
be associated with interfaces that possess similar sets of be associated with interfaces that possess similar sets of
capabilities." capabilities."
::= { frwkDeviceCapClasses 1 } ::= { frwkDeviceCapClasses 1 }
frwkCapabilitySetEntry OBJECT-TYPE frwkCapabilitySetEntry OBJECT-TYPE
SYNTAX FrwkCapabilitySetEntry SYNTAX FrwkCapabilitySetEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of this PRC describes a particular set of "An instance of this PRC describes a particular set of
skipping to change at page 38, line 54 skipping to change at page 39, line 4
"The name for the capability set. This name is the unique "The name for the capability set. This name is the unique
identifier of a set of capabilities. This attribute must not identifier of a set of capabilities. This attribute must not
be assigned a zero-length string." be assigned a zero-length string."
::= { frwkCapabilitySetEntry 2 } ::= { frwkCapabilitySetEntry 2 }
frwkCapabilitySetCapability OBJECT-TYPE frwkCapabilitySetCapability OBJECT-TYPE
SYNTAX Prid SYNTAX Prid
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base June 7, 2002
"The complete PRC OID and instance identifier specifying the "The complete PRC OID and instance identifier specifying the
capability PRC instance for the interface. This attribute capability PRC instance for the interface. This attribute
references a specific instance of a capability table. The references a specific instance of a capability table. The
capability table whose instance is referenced must be capability table whose instance is referenced must be
Framework Policy Information Base May 30, 2002
defined in the client type specific PIB that this PIB is defined in the client type specific PIB that this PIB is
used with. The referenced capability instance becomes a part used with. The referenced capability instance becomes a part
of the set of capabilities associated with the specified of the set of capabilities associated with the specified
frwkCapabilitySetName." frwkCapabilitySetName."
::= { frwkCapabilitySetEntry 3 } ::= { frwkCapabilitySetEntry 3 }
-- --
-- Interface and Role Combination Tables -- Interface and Role Combination Tables
-- --
skipping to change at page 39, line 52 skipping to change at page 40, line 5
UNIQUENESS { } UNIQUENESS { }
::= { frwkRoleComboTable 1 } ::= { frwkRoleComboTable 1 }
FrwkRoleComboEntry ::= SEQUENCE { FrwkRoleComboEntry ::= SEQUENCE {
frwkRoleComboPrid InstanceId, frwkRoleComboPrid InstanceId,
frwkRoleComboRoles RoleCombination, frwkRoleComboRoles RoleCombination,
frwkRoleComboCapSetName SnmpAdminString frwkRoleComboCapSetName SnmpAdminString
} }
Framework Policy Information Base June 7, 2002
frwkRoleComboPrid OBJECT-TYPE frwkRoleComboPrid OBJECT-TYPE
SYNTAX InstanceId SYNTAX InstanceId
STATUS current STATUS current
Framework Policy Information Base May 30, 2002
DESCRIPTION DESCRIPTION
"An arbitrary integer index that uniquely identifies an "An arbitrary integer index that uniquely identifies an
instance of the class." instance of the class."
::= { frwkRoleComboEntry 1 } ::= { frwkRoleComboEntry 1 }
frwkRoleComboRoles OBJECT-TYPE frwkRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination SYNTAX RoleCombination
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 40, line 55 skipping to change at page 41, line 5
"This PRC enumerates the interface to role combination and "This PRC enumerates the interface to role combination and
frwkRoleComboCapSetName mapping for all policy managed frwkRoleComboCapSetName mapping for all policy managed
interfaces of a device. Policy for an interface depends not interfaces of a device. Policy for an interface depends not
only on the capability set of an interface but also on its only on the capability set of an interface but also on its
roles. This table specifies all the <interface index, roles. This table specifies all the <interface index,
interface capability set name, role combination> tuples interface capability set name, role combination> tuples
currently on the device" currently on the device"
::= { frwkDeviceCapClasses 3 } ::= { frwkDeviceCapClasses 3 }
Framework Policy Information Base June 7, 2002
frwkIfRoleComboEntry OBJECT-TYPE frwkIfRoleComboEntry OBJECT-TYPE
SYNTAX FrwkIfRoleComboEntry SYNTAX FrwkIfRoleComboEntry
STATUS current STATUS current
Framework Policy Information Base May 30, 2002
DESCRIPTION DESCRIPTION
"An instance of this PRC describes the association of "An instance of this PRC describes the association of
a interface to an capability set name and a role a interface to an capability set name and a role
combination. combination.
Note that a capability set name can have multiple role Note that a capability set name can have multiple role
combinations assigned to it, but an IfIndex can have only combinations assigned to it, but an IfIndex can have only
one role combination associated." one role combination associated."
EXTENDS { frwkRoleComboEntry } EXTENDS { frwkRoleComboEntry }
UNIQUENESS { frwkIfRoleComboIfIndex, UNIQUENESS { frwkIfRoleComboIfIndex,
skipping to change at page 41, line 49 skipping to change at page 42, line 4
frwkClassifierClasses frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 } OBJECT IDENTIFIER ::= { frameworkPib 3 }
-- --
-- The Base Filter Table -- The Base Filter Table
-- --
frwkBaseFilterTable OBJECT-TYPE frwkBaseFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkBaseFilterEntry SYNTAX SEQUENCE OF FrwkBaseFilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
Framework Policy Information Base June 7, 2002
DESCRIPTION DESCRIPTION
"The Base Filter class. A packet has to match all "The Base Filter class. A packet has to match all
fields in an Filter. Wildcards may be specified for those fields in an Filter. Wildcards may be specified for those
fields that are not relevant." fields that are not relevant."
Framework Policy Information Base May 30, 2002
::= { frwkClassifierClasses 1 } ::= { frwkClassifierClasses 1 }
frwkBaseFilterEntry OBJECT-TYPE frwkBaseFilterEntry OBJECT-TYPE
SYNTAX FrwkBaseFilterEntry SYNTAX FrwkBaseFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An instance of the frwkBaseFilter class." "An instance of the frwkBaseFilter class."
PIB-INDEX { frwkBaseFilterPrid } PIB-INDEX { frwkBaseFilterPrid }
skipping to change at page 42, line 52 skipping to change at page 43, line 4
packet." packet."
::= { frwkBaseFilterEntry 2 } ::= { frwkBaseFilterEntry 2 }
-- --
-- The IP Filter Table -- The IP Filter Table
-- --
frwkIpFilterTable OBJECT-TYPE frwkIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIpFilterEntry SYNTAX SEQUENCE OF FrwkIpFilterEntry
Framework Policy Information Base June 7, 2002
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filter definitions. A packet has to match all fields in a "Filter definitions. A packet has to match all fields in a
Framework Policy Information Base May 30, 2002
filter. Wildcards may be specified for those fields that filter. Wildcards may be specified for those fields that
are not relevant." are not relevant."
INSTALL-ERRORS { INSTALL-ERRORS {
invalidDstL4PortData(1), invalidDstL4PortData(1),
invalidSrcL4PortData(2) invalidSrcL4PortData(2)
} }
::= { frwkClassifierClasses 2 } ::= { frwkClassifierClasses 2 }
frwkIpFilterEntry OBJECT-TYPE frwkIpFilterEntry OBJECT-TYPE
skipping to change at page 43, line 47 skipping to change at page 43, line 51
::= { frwkIpFilterTable 1 } ::= { frwkIpFilterTable 1 }
FrwkIpFilterEntry ::= SEQUENCE { FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterAddrType InetAddressType, frwkIpFilterAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress, frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstPrefixLength InetAddressPrefixLength, frwkIpFilterDstPrefixLength InetAddressPrefixLength,
frwkIpFilterSrcAddr InetAddress, frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcPrefixLength InetAddressPrefixLength, frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
frwkIpFilterDscp DscpOrAny, frwkIpFilterDscp DscpOrAny,
frwkIpFilterFlowId Unsigned32, frwkIpFilterFlowId Unsigned32,
frwkIpFilterProtocol Integer32, frwkIpFilterProtocol Unsigned32,
frwkIpFilterDstL4PortMin InetPortNumber, frwkIpFilterDstL4PortMin InetPortNumber,
frwkIpFilterDstL4PortMax InetPortNumber, frwkIpFilterDstL4PortMax InetPortNumber,
frwkIpFilterSrcL4PortMin InetPortNumber, frwkIpFilterSrcL4PortMin InetPortNumber,
frwkIpFilterSrcL4PortMax InetPortNumber frwkIpFilterSrcL4PortMax InetPortNumber
} }
frwkIpFilterAddrType OBJECT-TYPE frwkIpFilterAddrType OBJECT-TYPE
Framework Policy Information Base June 7, 2002
SYNTAX InetAddressType SYNTAX InetAddressType
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base May 30, 2002
"The address type enumeration value to specify the type of "The address type enumeration value to specify the type of
the packet's IP address. the packet's IP address.
While other types of addresses are defined in the While other types of addresses are defined in the
InetAddressType textual convention, an IP filter can only InetAddressType textual convention, an IP filter can only
use IPv4 and IPv6 addresses directly to classify traffic. use IPv4 and IPv6 addresses directly to classify traffic.
All other InetAddressTypes require mapping to the All other InetAddressTypes require mapping to the
corresponding Ipv4 or IPv6 address before being used to corresponding Ipv4 or IPv6 address before being used to
classify traffic. Therefore, this object as such is not classify traffic. Therefore, this object as such is not
limited to IPv4 and IPv6 addresses, i.e., it can be assigned limited to IPv4 and IPv6 addresses, i.e., it can be assigned
any of the valid values defined in the InetAddressType TC, any of the valid values defined in the InetAddressType TC,
but the mapping of the address values to IPv4 or IPv6 but the mapping of the address values to IPv4 or IPv6
addresses for the address attributes (frwkIpFilterDstAddr addresses for the address attributes (frwkIpFilterDstAddr
and frwkIpFilterSrcAddr) must be done by the PEP." and frwkIpFilterSrcAddr) must be done by the PEP. For
example when dns (16) is used, the PEP must resolve
the address to IPv4 or IPv6 at install time."
REFERENCE REFERENCE
"Textual Conventions for Internet Network Addresses. "Textual Conventions for Internet Network Addresses.
[INETADDR]" [INETADDR]"
::= { frwkIpFilterEntry 1 } ::= { frwkIpFilterEntry 1 }
frwkIpFilterDstAddr OBJECT-TYPE frwkIpFilterDstAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
STATUS current STATUS current
skipping to change at page 44, line 54 skipping to change at page 45, line 4
SYNTAX InetAddressPrefixLength SYNTAX InetAddressPrefixLength
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of a mask for the matching of the destination "The length of a mask for the matching of the destination
IP address. This attribute is interpreted only if the IP address. This attribute is interpreted only if the
InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'. InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'.
Masks are constructed by setting bits in sequence from the Masks are constructed by setting bits in sequence from the
most-significant bit downwards for most-significant bit downwards for
frwkIpFilterDstPrefixLength bits length. All other bits in frwkIpFilterDstPrefixLength bits length. All other bits in
the mask, up to the number needed to fill the length of the mask, up to the number needed to fill the length of
Framework Policy Information Base June 7, 2002
the address frwkIpFilterDstAddr are cleared to zero. A zero the address frwkIpFilterDstAddr are cleared to zero. A zero
bit in the mask then means that the corresponding bit in bit in the mask then means that the corresponding bit in
the address always matches. the address always matches.
In IPv4 addresses, a length of 0 indicates a match of any In IPv4 addresses, a length of 0 indicates a match of any
address; a length of 32 indicates a match of a single host address; a length of 32 indicates a match of a single host
Framework Policy Information Base May 30, 2002
address, and a length between 0 and 32 indicates the use of address, and a length between 0 and 32 indicates the use of
a CIDR Prefix. IPv6 is similar, except that prefix lengths a CIDR Prefix. IPv6 is similar, except that prefix lengths
range from 0..128." range from 0..128."
REFERENCE REFERENCE
"Textual Conventions for Internet Network Addresses. "Textual Conventions for Internet Network Addresses.
[INETADDR]" [INETADDR]"
DEFVAL { 0 } DEFVAL { 0 }
::= { frwkIpFilterEntry 3 } ::= { frwkIpFilterEntry 3 }
skipping to change at page 45, line 53 skipping to change at page 46, line 4
the address frwkIpFilterSrcAddr are cleared to zero. A the address frwkIpFilterSrcAddr are cleared to zero. A
zero bit in the mask then means that the corresponding bit zero bit in the mask then means that the corresponding bit
in the address always matches. in the address always matches.
In IPv4 addresses, a length of 0 indicates a match of any In IPv4 addresses, a length of 0 indicates a match of any
address; a length of 32 indicates a match of a single host address; a length of 32 indicates a match of a single host
address, and a length between 0 and 32 indicates the use of address, and a length between 0 and 32 indicates the use of
a CIDR Prefix. IPv6 is similar, except that prefix lengths a CIDR Prefix. IPv6 is similar, except that prefix lengths
range from 0..128." range from 0..128."
REFERENCE REFERENCE
Framework Policy Information Base June 7, 2002
"Textual Conventions for Internet Network Addresses. "Textual Conventions for Internet Network Addresses.
[INETADDR]" [INETADDR]"
DEFVAL { 0 } DEFVAL { 0 }
::= { frwkIpFilterEntry 5 } ::= { frwkIpFilterEntry 5 }
Framework Policy Information Base May 30, 2002
frwkIpFilterDscp OBJECT-TYPE frwkIpFilterDscp OBJECT-TYPE
SYNTAX DscpOrAny SYNTAX DscpOrAny
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value that the DSCP in the packet can have and "The value that the DSCP in the packet can have and
match this filter. A value of -1 indicates that a specific match this filter. A value of -1 indicates that a specific
DSCP value has not been defined and thus all DSCP values DSCP value has not been defined and thus all DSCP values
are considered a match." are considered a match."
REFERENCE REFERENCE
"[DS-MIB]." "[DS-MIB]."
skipping to change at page 46, line 29 skipping to change at page 46, line 35
::= { frwkIpFilterEntry 6 } ::= { frwkIpFilterEntry 6 }
frwkIpFilterFlowId OBJECT-TYPE frwkIpFilterFlowId OBJECT-TYPE
SYNTAX Unsigned32 (0..1048575) SYNTAX Unsigned32 (0..1048575)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The flow identifier in an IPv6 header." "The flow identifier in an IPv6 header."
::= { frwkIpFilterEntry 7 } ::= { frwkIpFilterEntry 7 }
frwkIpFilterProtocol OBJECT-TYPE frwkIpFilterProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255) SYNTAX Unsigned32 (0..255)
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The layer-4 protocol Id to match against the IPv4 protocol "The layer-4 protocol Id to match against the IPv4 protocol
number or the IPv6 Next-Header number in the packet. A value number or the IPv6 Next-Header number in the packet. A value
of -1 means match all. Note the protocol number of 255 is of 255 means match all. Note the protocol number of 255 is
reserved by IANA, and Next-Header number of 0 is used in reserved by IANA, and Next-Header number of 0 is used in
IPv6." IPv6."
DEFVAL { -1 } DEFVAL { 255 }
::= { frwkIpFilterEntry 8 } ::= { frwkIpFilterEntry 8 }
frwkIpFilterDstL4PortMin OBJECT-TYPE frwkIpFilterDstL4PortMin OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The minimum value that the packet's layer 4 destination "The minimum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or lesser that the value specified for this be equal to or lesser that the value specified for this
filter in frwkIpFilterDstL4PortMax. filter in frwkIpFilterDstL4PortMax.
COPS-PR error code 'attrValueInvalid' must be returned if COPS-PR error code 'attrValueInvalid' must be returned if
the frwkIpFilterDstL4PortMin is greater than the frwkIpFilterDstL4PortMin is greater than
frwkIpFilterDstL4PortMax" frwkIpFilterDstL4PortMax"
REFERENCE "[COPS-PR] error codes section 4.5." REFERENCE "[COPS-PR] error codes section 4.5."
DEFVAL { 0 } DEFVAL { 0 }
Framework Policy Information Base June 7, 2002
::= { frwkIpFilterEntry 9 } ::= { frwkIpFilterEntry 9 }
frwkIpFilterDstL4PortMax OBJECT-TYPE frwkIpFilterDstL4PortMax OBJECT-TYPE
Framework Policy Information Base May 30, 2002
SYNTAX InetPortNumber SYNTAX InetPortNumber
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 destination "The maximum value that the packet's layer 4 destination
port number can have and match this filter. This value must port number can have and match this filter. This value must
be equal to or greater that the value specified for this be equal to or greater that the value specified for this
filter in frwkIpFilterDstL4PortMin. filter in frwkIpFilterDstL4PortMin.
COPS-PR error code 'attrValueInvalid' must be returned if COPS-PR error code 'attrValueInvalid' must be returned if
the frwkIpFilterDstL4PortMax is less than the frwkIpFilterDstL4PortMax is less than
skipping to change at page 47, line 51 skipping to change at page 48, line 4
SYNTAX InetPortNumber SYNTAX InetPortNumber
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum value that the packet's layer 4 source port "The maximum value that the packet's layer 4 source port
number can have and match this filter. This value must be number can have and match this filter. This value must be
equal to or greater that the value specified for this filter equal to or greater that the value specified for this filter
in frwkIpFilterSrcL4PortMin. in frwkIpFilterSrcL4PortMin.
COPS-PR error code 'attrValueInvalid' must be returned if COPS-PR error code 'attrValueInvalid' must be returned if
the frwkIpFilterSrcL4PortMax is less than the frwkIpFilterSrcL4PortMax is less than
Framework Policy Information Base June 7, 2002
frwkIpFilterSrcL4PortMin" frwkIpFilterSrcL4PortMin"
REFERENCE "[COPS-PR] error codes section 4.5." REFERENCE "[COPS-PR] error codes section 4.5."
DEFVAL { 65535 } DEFVAL { 65535 }
::= { frwkIpFilterEntry 12 } ::= { frwkIpFilterEntry 12 }
Framework Policy Information Base May 30, 2002
-- --
-- The IEEE 802 Filter Table -- The IEEE 802 Filter Table
-- --
frwk802FilterTable OBJECT-TYPE frwk802FilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF Frwk802FilterEntry SYNTAX SEQUENCE OF Frwk802FilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"IEEE 802-based filter definitions. A class that contains "IEEE 802-based filter definitions. A class that contains
skipping to change at page 48, line 52 skipping to change at page 49, line 5
frwk802FilterDstAddrMask, frwk802FilterDstAddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask, frwk802FilterSrcAddrMask,
frwk802FilterVlanId, frwk802FilterVlanId,
frwk802FilterVlanTagRequired, frwk802FilterVlanTagRequired,
frwk802FilterEtherType, frwk802FilterEtherType,
frwk802FilterUserPriority } frwk802FilterUserPriority }
::= { frwk802FilterTable 1 } ::= { frwk802FilterTable 1 }
Framework Policy Information Base June 7, 2002
Frwk802FilterEntry ::= SEQUENCE { Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress, frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress, frwk802FilterDstAddrMask PhysAddress,
Framework Policy Information Base May 30, 2002
frwk802FilterSrcAddr PhysAddress, frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress, frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32, frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired INTEGER, frwk802FilterVlanTagRequired INTEGER,
frwk802FilterEtherType Integer32, frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS frwk802FilterUserPriority BITS
} }
frwk802FilterDstAddr OBJECT-TYPE frwk802FilterDstAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
skipping to change at page 49, line 54 skipping to change at page 50, line 5
address. A zero bit in the mask thus means that the address. A zero bit in the mask thus means that the
corresponding bit in the address always matches. The corresponding bit in the address always matches. The
frwk802FilterDstAddr value must also be masked using this frwk802FilterDstAddr value must also be masked using this
value prior to any comparisons. value prior to any comparisons.
The length of this object in octets must equal the length in The length of this object in octets must equal the length in
octets of the frwk802FilterDstAddr. Note that a mask with no octets of the frwk802FilterDstAddr. Note that a mask with no
bits set (i.e., all zeroes) effectively wildcards the bits set (i.e., all zeroes) effectively wildcards the
frwk802FilterDstAddr object." frwk802FilterDstAddr object."
Framework Policy Information Base June 7, 2002
::= { frwk802FilterEntry 2 } ::= { frwk802FilterEntry 2 }
frwk802FilterSrcAddr OBJECT-TYPE frwk802FilterSrcAddr OBJECT-TYPE
SYNTAX PhysAddress SYNTAX PhysAddress
Framework Policy Information Base May 30, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 MAC address against which the 802 MAC SA of "The 802 MAC address against which the 802 MAC SA of
incoming traffic streams will be compared. Frames whose 802 incoming traffic streams will be compared. Frames whose 802
MAC SA matches the physical address specified by this MAC SA matches the physical address specified by this
object, taking into account address wildcarding as specified object, taking into account address wildcarding as specified
by the frwk802FilterSrcAddrMask object, are potentially by the frwk802FilterSrcAddrMask object, are potentially
subject to the processing guidelines that are associated subject to the processing guidelines that are associated
with this entry through the related action class." with this entry through the related action class."
skipping to change at page 50, line 55 skipping to change at page 51, line 4
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The VLAN ID (VID) that uniquely identifies a VLAN "The VLAN ID (VID) that uniquely identifies a VLAN
within the device. This VLAN may be known or unknown within the device. This VLAN may be known or unknown
(i.e., traffic associated with this VID has not yet (i.e., traffic associated with this VID has not yet
been seen by the device) at the time this entry been seen by the device) at the time this entry
is instantiated. is instantiated.
Setting the frwk802FilterVlanId object to -1 indicates that Setting the frwk802FilterVlanId object to -1 indicates that
VLAN data should not be considered during traffic VLAN data should not be considered during traffic
Framework Policy Information Base June 7, 2002
classification." classification."
::= { frwk802FilterEntry 5 } ::= { frwk802FilterEntry 5 }
frwk802FilterVlanTagRequired OBJECT-TYPE frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
Framework Policy Information Base May 30, 2002
taggedOnly(1), taggedOnly(1),
priorityTaggedPlus(2), priorityTaggedPlus(2),
untaggedOnly(3), untaggedOnly(3),
ignoreTag(4) ignoreTag(4)
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates whether the presence of an "This object indicates whether the presence of an
IEEE 802.1Q VLAN tag in data link layer frames must IEEE 802.1Q VLAN tag in data link layer frames must
be considered when determining if a given frame be considered when determining if a given frame
skipping to change at page 51, line 54 skipping to change at page 52, line 4
Setting the frwk802FilterEtherTypeMin object to -1 indicates Setting the frwk802FilterEtherTypeMin object to -1 indicates
that EtherType data should not be considered during traffic that EtherType data should not be considered during traffic
classification. classification.
Note that the position of the EtherType field depends on Note that the position of the EtherType field depends on
the underlying frame format. For Ethernet-II encapsulation, the underlying frame format. For Ethernet-II encapsulation,
the EtherType field follows the 802 MAC source address. For the EtherType field follows the 802 MAC source address. For
802.2 LLC/SNAP encapsulation, the EtherType value follows 802.2 LLC/SNAP encapsulation, the EtherType value follows
the Organization Code field in the 802.2 SNAP header. The the Organization Code field in the 802.2 SNAP header. The
Framework Policy Information Base June 7, 2002
value that is tested with regard to this filter component value that is tested with regard to this filter component
therefore depends on the data link layer frame format being therefore depends on the data link layer frame format being
used. If this 802 filter component is active when there is used. If this 802 filter component is active when there is
no EtherType field in a frame (e.g., 802.2 LLC), a match is no EtherType field in a frame (e.g., 802.2 LLC), a match is
implied." implied."
Framework Policy Information Base May 30, 2002
::= { frwk802FilterEntry 7 } ::= { frwk802FilterEntry 7 }
frwk802FilterUserPriority OBJECT-TYPE frwk802FilterUserPriority OBJECT-TYPE
SYNTAX BITS { SYNTAX BITS {
matchPriority0(0), matchPriority0(0),
matchPriority1(1), matchPriority1(1),
matchPriority2(2), matchPriority2(2),
matchPriority3(3), matchPriority3(3),
matchPriority4(4), matchPriority4(4),
matchPriority5(5), matchPriority5(5),
skipping to change at page 52, line 54 skipping to change at page 53, line 5
frwkILabelFilterTable OBJECT-TYPE frwkILabelFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkILabelFilterEntry SYNTAX SEQUENCE OF FrwkILabelFilterEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal label filter Table. This PRC is used to achieve "Internal label filter Table. This PRC is used to achieve
classification based on the internal flow label set by the classification based on the internal flow label set by the
PEP possibly after ingress classification to avoid PEP possibly after ingress classification to avoid
re-classification at the egress interface on the same PEP." re-classification at the egress interface on the same PEP."
Framework Policy Information Base June 7, 2002
::= { frwkClassifierClasses 4 } ::= { frwkClassifierClasses 4 }
frwkILabelFilterEntry OBJECT-TYPE frwkILabelFilterEntry OBJECT-TYPE
SYNTAX FrwkILabelFilterEntry SYNTAX FrwkILabelFilterEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Framework Policy Information Base May 30, 2002
"Internal label filter entry definition." "Internal label filter entry definition."
EXTENDS { frwkBaseFilterEntry } EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation, UNIQUENESS { frwkBaseFilterNegation,
frwkILabelFilterILabel } frwkILabelFilterILabel }
::= { frwkILabelFilterTable 1 } ::= { frwkILabelFilterTable 1 }
FrwkILabelFilterEntry ::= SEQUENCE { FrwkILabelFilterEntry ::= SEQUENCE {
frwkILabelFilterILabel OCTET STRING frwkILabelFilterILabel OCTET STRING
skipping to change at page 53, line 49 skipping to change at page 54, line 5
frwk802MarkerTable OBJECT-TYPE frwk802MarkerTable OBJECT-TYPE
SYNTAX SEQUENCE OF Frwk802MarkerEntry SYNTAX SEQUENCE OF Frwk802MarkerEntry
PIB-ACCESS install PIB-ACCESS install
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The 802 Marker class. An 802 packet can be marked with the "The 802 Marker class. An 802 packet can be marked with the
specified VLAN id, priority level." specified VLAN id, priority level."
::= { frwkMarkerClasses 1 } ::= { frwkMarkerClasses 1 }
Framework Policy Information Base June 7, 2002
frwk802MarkerEntry OBJECT-TYPE frwk802MarkerEntry OBJECT-TYPE
SYNTAX Frwk802MarkerEntry SYNTAX Frwk802MarkerEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"frwk802Marker entry definition." "frwk802Marker entry definition."
Framework Policy Information Base May 30, 2002
PIB-INDEX { frwk802MarkerPrid } PIB-INDEX { frwk802MarkerPrid }
UNIQUENESS { frwk802MarkerVlanId, UNIQUENESS { frwk802MarkerVlanId,
frwk802MarkerPriority } frwk802MarkerPriority }
::= { frwk802MarkerTable 1 } ::= { frwk802MarkerTable 1 }
Frwk802MarkerEntry::= SEQUENCE { Frwk802MarkerEntry::= SEQUENCE {
frwk802MarkerPrid InstanceId, frwk802MarkerPrid InstanceId,
frwk802MarkerVlanId Unsigned32, frwk802MarkerVlanId Unsigned32,
frwk802MarkerPriority Unsigned32 frwk802MarkerPriority Unsigned32
skipping to change at page 54, line 51 skipping to change at page 55, line 4
::= { frwk802MarkerEntry 3 } ::= { frwk802MarkerEntry 3 }
-- --
-- The Internal Label Marker Table -- The Internal Label Marker Table
-- --
frwkILabelMarkerTable OBJECT-TYPE frwkILabelMarkerTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkILabelMarkerEntry SYNTAX SEQUENCE OF FrwkILabelMarkerEntry
PIB-ACCESS install PIB-ACCESS install
Framework Policy Information Base June 7, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Internal Label Marker class. A flow in a PEP can be "The Internal Label Marker class. A flow in a PEP can be
marked with an internal label using this PRC." marked with an internal label using this PRC."
::= { frwkMarkerClasses 2 } ::= { frwkMarkerClasses 2 }
Framework Policy Information Base May 30, 2002
frwkILabelMarkerEntry OBJECT-TYPE frwkILabelMarkerEntry OBJECT-TYPE
SYNTAX FrwkILabelMarkerEntry SYNTAX FrwkILabelMarkerEntry
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"frwkILabelkMarker entry definition." "frwkILabelkMarker entry definition."
PIB-INDEX { frwkILabelMarkerPrid } PIB-INDEX { frwkILabelMarkerPrid }
UNIQUENESS { frwkILabelMarkerILabel } UNIQUENESS { frwkILabelMarkerILabel }
::= { frwkILabelMarkerTable 1 } ::= { frwkILabelMarkerTable 1 }
skipping to change at page 55, line 49 skipping to change at page 56, line 4
::= { frwkILabelMarkerEntry 2 } ::= { frwkILabelMarkerEntry 2 }
-- --
-- Conformance Section -- Conformance Section
-- --
frwkBasePibConformance frwkBasePibConformance
OBJECT IDENTIFIER ::= { frameworkPib 5 } OBJECT IDENTIFIER ::= { frameworkPib 5 }
frwkBasePibCompliances frwkBasePibCompliances
Framework Policy Information Base June 7, 2002
OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 } OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
frwkBasePibGroups frwkBasePibGroups
OBJECT IDENTIFIER ::= { frwkBasePibConformance 2 } OBJECT IDENTIFIER ::= { frwkBasePibConformance 2 }
Framework Policy Information Base May 30, 2002
frwkBasePibCompliance MODULE-COMPLIANCE frwkBasePibCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the "Describes the requirements for conformance to the
Framework PIB." Framework PIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { frwkPrcSupportGroup, MANDATORY-GROUPS { frwkPrcSupportGroup,
frwkPibIncarnationGroup, frwkPibIncarnationGroup,
frwkDeviceIdGroup, frwkDeviceIdGroup,
skipping to change at page 56, line 55 skipping to change at page 57, line 4
GROUP frwkReferenceGroup GROUP frwkReferenceGroup
DESCRIPTION DESCRIPTION
"The frwkReferenceGroup is mandatory if referencing "The frwkReferenceGroup is mandatory if referencing
across PIB contexts for specific client-types is to be across PIB contexts for specific client-types is to be
supported." supported."
GROUP frwkErrorGroup GROUP frwkErrorGroup
DESCRIPTION DESCRIPTION
"The frwkErrorGroup is mandatory sending errors in "The frwkErrorGroup is mandatory sending errors in
Framework Policy Information Base June 7, 2002
decisions is to be supported." decisions is to be supported."
GROUP frwkBaseFilterGroup GROUP frwkBaseFilterGroup
DESCRIPTION DESCRIPTION
"The frwkBaseFilterGroup is mandatory if filtering "The frwkBaseFilterGroup is mandatory if filtering
based on traffic components is to be supported." based on traffic components is to be supported."
Framework Policy Information Base May 30, 2002
GROUP frwkIpFilterGroup GROUP frwkIpFilterGroup
DESCRIPTION DESCRIPTION
"The frwkIpFilterGroup is mandatory if filtering "The frwkIpFilterGroup is mandatory if filtering
based on IP traffic components is to be supported." based on IP traffic components is to be supported."
GROUP frwk802FilterGroup GROUP frwk802FilterGroup
DESCRIPTION DESCRIPTION
"The frwk802FilterGroup is mandatory if filtering "The frwk802FilterGroup is mandatory if filtering
based on 802 traffic criteria is to be supported." based on 802 traffic criteria is to be supported."
skipping to change at page 57, line 53 skipping to change at page 58, line 4
frwkPibIncarnationGroup OBJECT-GROUP frwkPibIncarnationGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkPibIncarnationName, frwkPibIncarnationName,
frwkPibIncarnationId, frwkPibIncarnationId,
frwkPibIncarnationLongevity, frwkPibIncarnationLongevity,
frwkPibIncarnationTtl, frwkPibIncarnationTtl,
frwkPibIncarnationActive, frwkPibIncarnationActive,
frwkPibIncarnationFullState frwkPibIncarnationFullState
} }
Framework Policy Information Base June 7, 2002
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkDevicePibIncarnationTable." "Objects from the frwkDevicePibIncarnationTable."
::= { frwkBasePibGroups 2 } ::= { frwkBasePibGroups 2 }
Framework Policy Information Base May 30, 2002
frwkDeviceIdGroup OBJECT-GROUP frwkDeviceIdGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkDeviceIdDescr, frwkDeviceIdDescr,
frwkDeviceIdMaxMsg, frwkDeviceIdMaxMsg,
frwkDeviceIdMaxContexts } frwkDeviceIdMaxContexts }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkDeviceIdTable." "Objects from the frwkDeviceIdTable."
::= { frwkBasePibGroups 3 } ::= { frwkBasePibGroups 3 }
skipping to change at page 58, line 55 skipping to change at page 59, line 5
frwkErrorCode, frwkErrorCode,
frwkErrorSubCode, frwkErrorSubCode,
frwkErrorPrc, frwkErrorPrc,
frwkErrorInstance } frwkErrorInstance }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkErrorTable." "Objects from the frwkErrorTable."
::= { frwkBasePibGroups 6 } ::= { frwkBasePibGroups 6 }
Framework Policy Information Base June 7, 2002
frwkCapabilitySetGroup OBJECT-GROUP frwkCapabilitySetGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkCapabilitySetName, frwkCapabilitySetName,
frwkCapabilitySetCapability } frwkCapabilitySetCapability }
STATUS current STATUS current
Framework Policy Information Base May 30, 2002
DESCRIPTION DESCRIPTION
"Objects from the frwkCapabilitySetTable." "Objects from the frwkCapabilitySetTable."
::= { frwkBasePibGroups 7 } ::= { frwkBasePibGroups 7 }
frwkRoleComboGroup OBJECT-GROUP frwkRoleComboGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwkRoleComboRoles, frwkRoleComboRoles,
frwkRoleComboCapSetName } frwkRoleComboCapSetName }
STATUS current STATUS current
skipping to change at page 59, line 51 skipping to change at page 60, line 4
OBJECTS { OBJECTS {
frwkIpFilterAddrType, frwkIpFilterAddrType,
frwkIpFilterDstAddr, frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength, frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr, frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength, frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp, frwkIpFilterDscp,
frwkIpFilterFlowId, frwkIpFilterFlowId,
frwkIpFilterProtocol, frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin, frwkIpFilterDstL4PortMin,
Framework Policy Information Base June 7, 2002
frwkIpFilterDstL4PortMax, frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin, frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax } frwkIpFilterSrcL4PortMax }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkIpFilterTable." "Objects from the frwkIpFilterTable."
Framework Policy Information Base May 30, 2002
::= { frwkBasePibGroups 11 } ::= { frwkBasePibGroups 11 }
frwk802FilterGroup OBJECT-GROUP frwk802FilterGroup OBJECT-GROUP
OBJECTS { OBJECTS {
frwk802FilterDstAddr, frwk802FilterDstAddr,
frwk802FilterDstAddrMask, frwk802FilterDstAddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask, frwk802FilterSrcAddrMask,
frwk802FilterVlanId, frwk802FilterVlanId,
frwk802FilterVlanTagRequired, frwk802FilterVlanTagRequired,
skipping to change at page 61, line 5 skipping to change at page 61, line 5
frwkILabelMarkerGroup OBJECT-GROUP frwkILabelMarkerGroup OBJECT-GROUP
OBJECTS { frwkILabelMarkerILabel } OBJECTS { frwkILabelMarkerILabel }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects from the frwkILabelMarkerTable." "Objects from the frwkILabelMarkerTable."
::= { frwkBasePibGroups 15 } ::= { frwkBasePibGroups 15 }
END END
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
6. Security Considerations 6. Security Considerations
It is clear that this PIB is used for configuration using [COPS-PR], It is clear that this PIB is used for configuration using [COPS-PR],
and anything that can be configured can be misconfigured, with and anything that can be configured can be misconfigured, with
potentially disastrous effect. At this writing, no security holes potentially disastrous effect. At this writing, no security holes
have been identified beyond those that the COPS base protocol have been identified beyond those that the COPS base protocol
security is itself intended to address. These relate primarily to security is itself intended to address. These relate primarily to
controlled access to sensitive information and the ability to controlled access to sensitive information and the ability to
configure a device - or which might result from operator error, configure a device - or which might result from operator error,
skipping to change at page 62, line 5 skipping to change at page 61, line 58
are sensitive in their own right, such as passwords or monetary are sensitive in their own right, such as passwords or monetary
amounts. It may be important to control even "Notify"(read-only) amounts. It may be important to control even "Notify"(read-only)
access to these PRCs and possibly to even encrypt the values of access to these PRCs and possibly to even encrypt the values of
these PRIs when sending them over the network via COPS-PR. The use these PRIs when sending them over the network via COPS-PR. The use
of IPSEC between the PDP and the PEP, as described in [COPS], of IPSEC between the PDP and the PEP, as described in [COPS],
provides the necessary protection against security threats. However, provides the necessary protection against security threats. However,
even if the network itself is secure, there is no control as to who even if the network itself is secure, there is no control as to who
on the secure network is allowed to "Install/Notify" on the secure network is allowed to "Install/Notify"
(read/change/create/delete) the PRIs in this PIB. (read/change/create/delete) the PRIs in this PIB.
Framework Policy Information Base May 30, 2002
It is then a customer/user responsibility to ensure that the PEP/PDP It is then a customer/user responsibility to ensure that the PEP/PDP
giving access to an instance of this PIB, is properly configured to giving access to an instance of this PIB, is properly configured to
Framework Policy Information Base June 7, 2002
give access to the PRIs only to those principals (users) that have give access to the PRIs only to those principals (users) that have
legitimate rights to indeed "Install" or "Notify" (change/create/ legitimate rights to indeed "Install" or "Notify" (change/create/
delete) them. delete) them.
7. RFC Editor Considerations 7. RFC Editor Considerations
This document normatively references [INETADDR] and [DS-MIB] which This document normatively references [DS-MIB] which is in the IESG
are in the IESG last call stage. Please use the corresponding RFC last call stage. Please use the corresponding RFC number prior to
numbers prior to publishing of this document as a RFC. publishing of this document as a RFC.
8. IANA Considerations 8. IANA Considerations
This document describes the frameworkPib and frwkTcPib Policy This document describes the frameworkPib and frwkTcPib Policy
Information Base (PIB) modules for standardization under the "pib" Information Base (PIB) modules for standardization under the "pib"
branch registered with IANA. An IANA assigned PIB number is branch registered with IANA. An IANA assigned PIB number is
requested for both under the "pib" branch. requested for both under the "pib" branch.
Both these PIBs use "all" in the SUBJECT-CATEGORIES clause, i.e., Both these PIBs use "all" in the SUBJECT-CATEGORIES clause, i.e.,
they apply to all COPS client types. No new COPS client type is to they apply to all COPS client types. No new COPS client type is to
skipping to change at page 63, line 4 skipping to change at page 62, line 55
Nortel Networks, Inc. Nortel Networks, Inc.
4401 Great America Parkway 4401 Great America Parkway
Santa Clara, CA 95054 USA Santa Clara, CA 95054 USA
Phone: +1 408 495 2992 Phone: +1 408 495 2992
Email: jseligso@nortelnetworks.com Email: jseligso@nortelnetworks.com
Kwok Ho Chan Kwok Ho Chan
Nortel Networks, Inc. Nortel Networks, Inc.
600 Technology Park Drive 600 Technology Park Drive
Billerica, MA 01821 USA Billerica, MA 01821 USA
Framework Policy Information Base May 30, 2002
Phone: +1 978 288 8175 Phone: +1 978 288 8175
Email: khchan@nortelnetworks.com Email: khchan@nortelnetworks.com
Framework Policy Information Base June 7, 2002
Ravi Sahita Ravi Sahita
Intel Labs. Intel Labs.
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 712 1554 Phone: +1 503 712 1554
Email: ravi.sahita@intel.com Email: ravi.sahita@intel.com
Scott Hahn Scott Hahn
Intel Labs. Intel Labs.
2111 NE 25th Avenue 2111 NE 25th Avenue
Hillsboro, OR 97124 USA Hillsboro, OR 97124 USA
Phone: +1 503 264 8231 Phone: +1 503 264 8231
Email: scott.hahn@intel.com Email: scott.hahn@intel.com
Andrew Smith Andrew Smith
Allegro Networks Harbour Networks
6399 San Ignacio Ave. Jiuling Building
San Jose 21 North Xisanhuan Ave.
CA 95119 Beijing, 100089, PRC
FAX: 415 345 1827 EMail: ah_smith@acm.org
Email: andrew@allegronetworks.com
Francis Reichmeyer Francis Reichmeyer
PFN, Inc. PFN, Inc.
University Park at MIT University Park at MIT
26 Landsdowne Street 26 Landsdowne Street
Cambridge, MA 02139 Cambridge, MA 02139
Phone: +1 617 494 9980 Phone: +1 617 494 9980
Email: franr@pfn.com Email: franr@pfn.com
Special thanks to Carol Bell and David Durham for their many Special thanks to Carol Bell and David Durham for their many
significant comments. significant comments.
Framework Policy Information Base May 30, 2002
10. References 10. References
10.1 Normative References 10.1 Normative References
[COPS] [COPS]
Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and
A. Sastry, "The COPS (Common Open Policy Service) Protocol" A. Sastry, "The COPS (Common Open Policy Service) Protocol"
RFC 2748, January 2000. RFC 2748, January 2000.
[COPS-PR] [COPS-PR]
skipping to change at page 64, line 28 skipping to change at page 64, line 4
F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage
for Policy Provisioning," RFC 3084, March 2001. for Policy Provisioning," RFC 3084, March 2001.
[SPPI] [SPPI]
K. McCloghrie, M. Fine, J. Seligson, K. Chan, S. Hahn, K. McCloghrie, M. Fine, J. Seligson, K. Chan, S. Hahn,
R. Sahita, A. Smith, F. Reichmeyer, "Structure of Policy R. Sahita, A. Smith, F. Reichmeyer, "Structure of Policy
Provisioning Information," RFC 3159, August 2001. Provisioning Information," RFC 3159, August 2001.
[SNMP-SMI] [SNMP-SMI]
K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose
Framework Policy Information Base June 7, 2002
and S. Waldbusser, "Structure of Management Information and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[INETADDR] [INETADDR]
M. Daniele, B. Haberman, S. Routhier and J. Schoenwaelder M. Daniele, B. Haberman, S. Routhier and J. Schoenwaelder
"Textual Conventions for Internet Network Addresses" "Textual Conventions for Internet Network Addresses"
RFC3291, May 2002 RFC3291, May 2002
[802] [802]
IEEE Standards for Local and Metropolitan Area Networks: IEEE Standards for Local and Metropolitan Area Networks:
skipping to change at page 65, line 5 skipping to change at page 64, line 37
[DS-MIB] [DS-MIB]
F. Baker, K. Chan, A. Smith, "Management Information Base for F. Baker, K. Chan, A. Smith, "Management Information Base for
the Differentiated Services Architecture", the Differentiated Services Architecture",
draft-ietf-diffserv-mib-16.txt, November 2001 draft-ietf-diffserv-mib-16.txt, November 2001
[SNMPv2TC] [SNMPv2TC]
K. McCloghrie, D. Perkins, J. Schoenwaelder, "Textual K. McCloghrie, D. Perkins, J. Schoenwaelder, "Textual
Conventions for SMIv2", RFC 2579, STD 58, April 1999 Conventions for SMIv2", RFC 2579, STD 58, April 1999
Framework Policy Information Base May 30, 2002
[RFC2279] [RFC2279]
F. Yergeau, "UTF-8, a transformation format of ISO 10646", F. Yergeau, "UTF-8, a transformation format of ISO 10646",
RFC 2279, January 1998 RFC 2279, January 1998
10.2 Informative References 10.2 Informative References
[RAP-FRAMEWORK] [RAP-FRAMEWORK]
R. Yavatkar, D. Pendarakis, "A Framework for Policy-based R. Yavatkar, D. Pendarakis, "A Framework for Policy-based
Admission Control", RFC 2753, January 2000. Admission Control", RFC 2753, January 2000.
[POLTERM] [POLTERM]
A. Westerinen, J. Schnizlein, J. Strassner, M. Scherling, B. A. Westerinen, J. Schnizlein, J. Strassner, M. Scherling, B.
Quinn, S. Herzog, A. Huynh, M. Carlson, J. Perry, S. Quinn, S. Herzog, A. Huynh, M. Carlson, J. Perry, S.
Waldbusser, "Terminology for Policy-Based Management", RFC Waldbusser, "Terminology for Policy-Based Management", RFC
3198, November 2001. 3198, November 2001.
[RFC2119]
S. Bradner, "Key words to use in the RFCs", RFC 2119. Mar 1997.
11. Full Copyright 11. Full Copyright
Copyright (C) The Internet Society (2001). All Rights Reserved. This Copyright (C) The Internet Society (2001). All Rights Reserved. This
document and translations of it may be copied and furnished to document and translations of it may be copied and furnished to
Framework Policy Information Base June 7, 2002
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
skipping to change at page 66, line 5 skipping to change at page 66, line 5
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Framework Policy Information Base May 30, 2002 Framework Policy Information Base June 7, 2002
Table of Contents Table of Contents
Status of this Memo...............................................1 Status of this Memo...............................................1
Abstract..........................................................2 Abstract..........................................................2
Conventions used in this document.................................2
1. Glossary.......................................................2 1. Glossary.......................................................2
2. General PIB Concepts...........................................2 2. General PIB Concepts...........................................2
2.1. Roles........................................................2 2.1. Roles........................................................2
2.1.1. An Example.................................................4 2.1.1. An Example.................................................4
2.2. Management of Role-Combinations from the PDP.................5 2.2. Management of Role-Combinations from the PDP.................5
2.3. Updating a Request State.....................................6 2.3. Updating a Request State.....................................6
2.3.1 Full Request State..........................................7 2.3.1 Full Request State..........................................7
2.3.2 Installing PRIs in a Request................................7 2.3.2 Installing PRIs in a Request................................7
2.3.3 Updating PRIs in a Request..................................7 2.3.3 Updating PRIs in a Request..................................7
2.3.4 Removing PRIs from a Request................................7 2.3.4 Removing PRIs from a Request................................7
2.3.5 Removing EXTENDED, AUGMENTED PRIs...........................8 2.3.5 Removing EXTENDED, AUGMENTED PRIs...........................8
2.3.6 Error Handling in Request updates...........................8 2.3.6 Error Handling in Request updates...........................8
2.4. Multiple PIB Instances.......................................8 2.4. Multiple PIB Instances.......................................9
2.5. Reporting and Configuring of Device Capabilities............10 2.5. Reporting and Configuring of Device Capabilities............10
2.6. Reporting of Device Limitations.............................10 2.6. Reporting of Device Limitations.............................10
3. The Framework TC PIB module...................................12 3. The Framework TC PIB module...................................12
4. Summary of the Framework PIB..................................17 4. Summary of the Framework PIB..................................17
4.1. Base PIB classes Group......................................17 4.1. Base PIB classes Group......................................17
4.2. Device Capabilities group...................................18 4.2. Device Capabilities group...................................18
4.3. Classifier group............................................19 4.3. Classifier group............................................19
4.4. Marker group................................................19 4.4. Marker group................................................19
5. The Framework PIB Module......................................20 5. The Framework PIB Module......................................20
6. Security Considerations.......................................61 6. Security Considerations.......................................61
7. RFC Editor Considerations.....................................62 7. RFC Editor Considerations.....................................62
8. IANA Considerations...........................................62 8. IANA Considerations...........................................62
9. Author Information and Acknowledgments........................62 9. Author Information and Acknowledgments........................62
10. References...................................................64 10. References...................................................63
10.1 Normative References........................................64 10.1 Normative References........................................63
10.2 Informative References......................................65 10.2 Informative References......................................64
11. Full Copyright...............................................65 11. Full Copyright...............................................64
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/