RFC 3318
Framework Policy Information Base
Pages: 70
Historic
Historic
Part 2 of 3 – Pages 21 to 49
5. The Framework PIB Module
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN IMPORTS Unsigned32, Integer32, MODULE-IDENTITY, MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib FROM COPS-PR-SPPI InstanceId, Prid FROM COPS-PR-SPPI-TC RoleCombination, PrcIdentifierOid, AttrIdentifierOrZero, ClientType, ClientHandle FROM FRAMEWORK-TC-PIB InetAddress, InetAddressType, InetAddressPrefixLength, InetPortNumber FROM INET-ADDRESS-MIB InterfaceIndex FROM IF-MIB DscpOrAny FROM DIFFSERV-DSCP-TC TruthValue, PhysAddress FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB; frameworkPib MODULE-IDENTITY SUBJECT-CATEGORIES { all } LAST-UPDATED "200302130000Z" -- 13 Feb 2003 ORGANIZATION "IETF RAP WG" CONTACT-INFO " Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134-1706 USA Phone: +1 408 526 5260 Email: kzm@cisco.com John Seligson Nortel Networks, Inc. 4401 Great America Parkway Santa Clara, CA 95054 USA Phone: +1 408 495 2992 Email: jseligso@nortelnetworks.com
Ravi Sahita
Intel Labs.
2111 NE 25th Ave.
Hillsboro, OR 97124 USA
Phone: +1 503 712 1554
Email: ravi.sahita@intel.com
RAP WG Mailing list: rap@ops.ietf.org"
DESCRIPTION
"A PIB module containing the base set of PRCs that
provide support for management of multiple PIB contexts,
association of roles to device capabilities and other
reusable PRCs. PEPs are required for to implement this
PIB if the above features are desired. This PIB defines
PRCs applicable to 'all' subject-categories.
Copyright (C) The Internet Society (2003). This version
of this PIB module is part of RFC 3318; see the RFC
itself for full legal notices."
REVISION "200302130000Z" -- 13 Feb 2003
DESCRIPTION
"Initial version, published in RFC 3318."
::= { pib 2 }
--
-- The root OID for PRCs in the Framework PIB
--
frwkBasePibClasses
OBJECT IDENTIFIER ::= { frameworkPib 1 }
--
-- PRC Support Table
--
frwkPrcSupportTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkPrcSupportEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"Each instance of this PRC specifies a PRC that the device
supports and a bit string to indicate the attributes of the
class that are supported. These PRIs are sent to the PDP to
indicate to the PDP which PRCs, and which attributes of
these PRCs, the device supports.
All install and install-notify PRCs supported by the device
must be represented in this PRC. Notify PRCs may be
represented for informational purposes."
::= { frwkBasePibClasses 1 }
frwkPrcSupportEntry OBJECT-TYPE
SYNTAX FrwkPrcSupportEntry
STATUS current
DESCRIPTION
"An instance of the frwkPrcSupport class that identifies a
specific PRC and associated attributes as supported
by the device."
PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 }
FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc PrcIdentifierOid,
frwkPrcSupportSupportedAttrs OCTET STRING
}
frwkPrcSupportPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the frwkPrcSupport class."
::= { frwkPrcSupportEntry 1 }
frwkPrcSupportSupportedPrc OBJECT-TYPE
SYNTAX PrcIdentifierOid
STATUS current
DESCRIPTION
"The object identifier of a supported PRC. The value is the
OID of the Entry object of the PRC definition. The Entry
Object definition of a PRC has an OID with value XxxTable.1
Where, XxxTable is the OID assigned to the PRC Table
Object definition. There may not be more than one instance
of the frwkPrcSupport class with the same value of
frwkPrcSupportSupportedPrc."
::= { frwkPrcSupportEntry 2 }
frwkPrcSupportSupportedAttrs OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"A bit string representing the supported attributes of the
class that is identified by the frwkPrcSupportSupportedPrc
object.
Each bit of this bit string corresponds to a class
attribute, with the most significant bit of the i-th octet
of this octet string corresponding to the (8*i - 7)-th
attribute, and the least significant bit of the i-th octet
corresponding to the (8*i)-th class attribute. Each bit
specifies whether or not the corresponding class attribute
is currently supported, with a '1' indicating support and a
'0' indicating no support.
If the value of this bit string is N bits long and there are
more than N class attributes then the bit string is
logically extended with 0's to the required length.
On the other hand, If the PDP receives a bit string of
length N and there are less that N class attributes then the
PDP should ignore the extra bits in the bit string, i.e.,
assume those attributes are unsupported."
REFERENCE
"COPS Usage for Policy Provisioning. RFC 3084, section
2.2.1."
::= { frwkPrcSupportEntry 3 }
--
-- PIB Incarnation Table
--
frwkPibIncarnationTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkPibIncarnationEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"This PRC contains a single PRovisioning Instance per
installed context that identifies the current incarnation
of the PIB and the PDP or network manager that installed
this incarnation. The instance of this PRC is reported to
the PDP in the REQ message so that the PDP can (attempt to)
ascertain the current state of the PIB. A network manager
may use the instance to determine the state of the device."
::= { frwkBasePibClasses 2 }
frwkPibIncarnationEntry OBJECT-TYPE
SYNTAX FrwkPibIncarnationEntry
STATUS current
DESCRIPTION
"An instance of the frwkPibIncarnation class. Only
one instance of this PRC is ever instantiated per context"
PIB-INDEX { frwkPibIncarnationPrid }
::= { frwkPibIncarnationTable 1 }
FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity INTEGER,
frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationInCtxtSet TruthValue,
frwkPibIncarnationActive TruthValue,
frwkPibIncarnationFullState TruthValue
}
frwkPibIncarnationPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this PRC."
::= { frwkPibIncarnationEntry 1 }
frwkPibIncarnationName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..255))
STATUS current
DESCRIPTION
"The name of the PDP that installed the current incarnation
of the PIB into the device. A zero-length string value for
this type implies the PDP has not assigned this type any
value. By default, it is the zero length string."
::= { frwkPibIncarnationEntry 2 }
frwkPibIncarnationId OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255))
STATUS current
DESCRIPTION
"An ID to identify the current incarnation. It has meaning
to the PDP/manager that installed the PIB and perhaps its
standby PDPs/managers. A zero-length string value for
this type implies the PDP has not assigned this type any
value. By default, it is the zero-length string."
::= { frwkPibIncarnationEntry 3 }
frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX INTEGER {
expireNever(1),
expireImmediate(2),
expireOnTimeout(3)
}
STATUS current
DESCRIPTION
"This attribute controls what the PEP does with the
downloaded policy on a Client Close message or a loss of
connection to the PDP.
If set to expireNever, the PEP continues to operate with the
installed policy indefinitely. If set to expireImmediate,
the PEP immediately expires the policy obtained from the PDP
and installs policy from local configuration. If set to
expireOnTimeout, the PEP continues to operate with the
policy installed by the PDP for a period of time specified
by frwkPibIncarnationTtl. After this time (and it has not
reconnected to the original or new PDP) the PEP expires this
policy and reverts to local configuration.
For all cases, it is the responsibility of the PDP to check
the incarnation and download new policy, if necessary, on a
reconnect. On receiving a Remove-State for the active
context, this attribute value MUST be ignored and the PEP
should expire the policy in that active context immediately.
Policy enforcement timing only applies to policies that have
been installed dynamically (e.g., by a PDP via COPS)."
REFERENCE
"COPS Usage for Policy Provisioning. RFC 3084."
::= { frwkPibIncarnationEntry 4 }
frwkPibIncarnationTtl OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
STATUS current
DESCRIPTION
"The number of seconds after a Client Close or TCP timeout
for which the PEP continues to enforce the policy in the
PIB. After this interval, the PIB is considered expired and
the device no longer enforces the policy installed in the
PIB.
This attribute is only meaningful if
frwkPibIncarnationLongevity is set to expireOnTimeout."
::= { frwkPibIncarnationEntry 5 }
frwkPibIncarnationInCtxtSet OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"When the PDP installs a PRI with this flag set to 'true' it
implies this context belongs to the set of contexts out of
which at the most one context can be active at a given time.
If this attribute is set to 'false' this context is one of
the outsourcing (simultaneous active) contexts on the PEP.
This attribute is 'true' for all contexts belong to the set
of configuration contexts. Within the configuration context
set, one context can be active identified by the
frwkPibIncarnationActive attribute."
REFERENCE
"TruthValue Textual Convention, defined in RFC 2579."
::= { frwkPibIncarnationEntry 6 }
frwkPibIncarnationActive OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"When the PDP installs a PRI on the PEP with this attribute
set to 'true' and if this context belongs to the
'configuration contexts' set, i.e., the
frwkPibIncarnationInCtxtSet is set to 'true', then the PIB
instance to which this PRI belongs must become the active
PIB instance. In this case, the previous active instance
from this set MUST become inactive and the
frwkPibIncarnationActive attribute in that PIB instance MUST
be set to 'false'.
When the PDP installs an attribute frwkPibIncarnationActive
on the PEP that is 'true' in one PIB instance and if the
context belongs to the 'configuration contexts' set, the PEP
must ensure, re-setting the attribute if necessary, that the
frwkPibIncarnationActive attribute is 'false' in all other
contexts which belong to the 'configuration contexts' set."
::= { frwkPibIncarnationEntry 7 }
frwkPibIncarnationFullState OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"This attribute is interpreted only when sent in a COPS
request message from the PEP to the PDP. It does not have
any meaning when sent from the PDP to the PEP.
If this attribute is set to 'true' by the PEP, then the
request that the PEP sends to the PDP must be interpreted as
the complete configuration request for the PEP. The PDP must
in this case refresh the request information for the
handle that the request containing this PRI was received on.
If this attribute is set to 'false', then the
request PRIs sent in the request must be interpreted as
updates to the previous request PRIs sent using that handle.
See section 3.3 for details on updating request state
information."
REFERENCE
"RFC 3318 Section 2.3"
::= { frwkPibIncarnationEntry 8 }
--
-- Device Identification Table
--
frwkDeviceIdTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkDeviceIdEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This PRC contains a single PRovisioning Instance that
contains general purpose device-specific information that is
used to facilitate efficient policy communication by a PDP.
The instance of this PRC is reported to the PDP in a COPS
request message so that the PDP can take into account
certain device characteristics during policy installation."
::= { frwkBasePibClasses 3 }
frwkDeviceIdEntry OBJECT-TYPE
SYNTAX FrwkDeviceIdEntry
STATUS current
DESCRIPTION
"An instance of the frwkDeviceId class. Only one instance of
this PRC is ever instantiated."
PIB-INDEX { frwkDeviceIdPrid }
::= { frwkDeviceIdTable 1 }
FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32
}
frwkDeviceIdPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An index to uniquely identify an instance of this PRC."
::= { frwkDeviceIdEntry 1 }
frwkDeviceIdDescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (1..255))
STATUS current
DESCRIPTION
"A textual description of the PEP. This value should include
the name and version identification of the PEP's hardware
and software."
::= { frwkDeviceIdEntry 2 }
frwkDeviceIdMaxMsg OBJECT-TYPE
SYNTAX Unsigned32 (64..4294967295)
UNITS "octets"
STATUS current
DESCRIPTION
"The maximum COPS-PR message size, in octets, that the
device is capable of processing. Received messages with a
size in excess of this value must cause the PEP to return an
error to the PDP containing the global error code
'maxMsgSizeExceeded'. This is an additional error-avoidance
mechanism to allow the administrator to know the maximum
message size supported so that they have the ability to
control the message size of messages sent to the device.
This attribute must have a non-zero value. The device should
send the MAX value for Unsigned32 for this attribute if it
not defined."
DEFVAL { 4294967295 }
::= { frwkDeviceIdEntry 3 }
frwkDeviceIdMaxContexts OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "contexts"
STATUS current
DESCRIPTION
"The maximum number of unique contexts supported by
the device. This is an additional error-avoidance mechanism
to allow the administrators to have the ability to know the
maximum number of contexts supported so that they can
control the number of configuration contexts they install on
the device. This attribute must have a non-zero value. The
device should send the MAX value for Unsigned32 for this
attribute if it not defined."
DEFVAL { 4294967295 }
::= { frwkDeviceIdEntry 4 }
--
-- Component Limitations Table
--
frwkCompLimitsTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkCompLimitsEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This PRC supports the ability to export information
detailing PRC/attribute implementation limitations to the
policy management system. Instances of this PRC apply only
for PRCs with access type 'install' or 'install-notify'.
Each instance of this PRC identifies a PRovisioning Class
or attribute and a limitation related to the implementation
of the class/attribute in the device. Additional information
providing guidance related to the limitation may also be
present. These PRIs are sent to the PDP to indicate which
PRCs or PRC attributes the device supports in a restricted
manner."
::= { frwkBasePibClasses 4 }
frwkCompLimitsEntry OBJECT-TYPE
SYNTAX FrwkCompLimitsEntry
STATUS current
DESCRIPTION
"An instance of the frwkCompLimits class that identifies
a PRC or PRC attribute and a limitation related to the PRC
or PRC attribute implementation supported by the device.
COPS-PR lists the error codes that MUST be returned (if
applicable)for policy installation that don't abide by the
restrictions indicated by the limitations exported. [SPPI]
defines an INSTALL-ERRORS clause that allows PIB designers
to define PRC specific error codes that can be returned for
policy installation. This allows efficient debugging of PIB
implementations."
REFERENCE
"COPS Usage for Policy Provisioning. RFC 3084."
PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent,
frwkCompLimitsAttrPos,
frwkCompLimitsNegation,
frwkCompLimitsType,
frwkCompLimitsSubType,
frwkCompLimitsGuidance }
::= { frwkCompLimitsTable 1 }
FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent PrcIdentifierOid,
frwkCompLimitsAttrPos AttrIdentifierOrZero,
frwkCompLimitsNegation TruthValue,
frwkCompLimitsType INTEGER,
frwkCompLimitsSubType INTEGER,
frwkCompLimitsGuidance OCTET STRING
}
frwkCompLimitsPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the frwkCompLimits class."
::= { frwkCompLimitsEntry 1 }
frwkCompLimitsComponent OBJECT-TYPE
SYNTAX PrcIdentifierOid
STATUS current
DESCRIPTION
"The value is the OID of a PRC (the table entry) which is
supported in some limited fashion or contains an attribute
that is supported in some limited fashion with regard to
it's definition in the associated PIB module. The same OID
may appear in the table several times, once for each
implementation limitation acknowledged by the device."
::= { frwkCompLimitsEntry 2 }
frwkCompLimitsAttrPos OBJECT-TYPE
SYNTAX AttrIdentifierOrZero
STATUS current
DESCRIPTION
"The relative position of the attribute within the PRC
specified by the frwkCompLimitsComponent. A value of 1 would
represent the first columnar object in the PRC and a value
of N would represent the Nth columnar object in the PRC. A
value of zero (0) indicates that the limit applies to the
PRC itself and not to a specific attribute."
::= { frwkCompLimitsEntry 3 }
frwkCompLimitsNegation OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"A boolean value ,if 'true', negates the component limit
exported."
::= { frwkCompLimitsEntry 4 }
frwkCompLimitsType OBJECT-TYPE
SYNTAX INTEGER {
priSpaceLimited(1),
attrValueSupLimited(2),
attrEnumSupLimited(3),
attrLengthLimited(4),
prcLimitedNotify(5)
}
STATUS current
DESCRIPTION
"A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
attributes.
Values for this object are one of the following:
priSpaceLimited(1) - No more instances than that specified
by the guidance value may be installed in the given class.
The component identified MUST be a valid PRC. The SubType
used MUST be valueOnly(9).
attrValueSupLimited(2) - Limited values are acceptable for
the identified component. The component identified MUST be a
valid PRC attribute. The guidance OCTET STRING will be
decoded according to the attribute type.
attrEnumSupLimited(3) - Limited enumeration values are legal
for the identified component. The attribute identified MUST
be a valid enum type.
attrLengthLimited(4) - The length of the specified
value for the identified component is limited. The component
identified MUST be a valid PRC attribute of base-type OCTET
STRING.
prcLimitedNotify (5) - The component is currently limited
for use by request or report messages prohibiting decision
installation. The component identified must be a valid PRC."
::= { frwkCompLimitsEntry 5 }
frwkCompLimitsSubType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
lengthMin(2),
lengthMax(3),
rangeMin(4),
rangeMax(5),
enumMin(6),
enumMax(7),
enumOnly(8),
valueOnly(9),
bitMask(10)
}
STATUS current
DESCRIPTION
"This object indicates the type of guidance related
to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute.
A value of 'none(1)' means that no additional
guidance is provided for the noted limitation type.
A value of 'lengthMin(2)' means that the guidance
attribute provides data related to the minimum
acceptable length for the value of the identified
component. A corresponding class instance
specifying the 'lengthMax(3)' value is required
in conjunction with this sub-type.
A value of 'lengthMax(3)' means that the guidance
attribute provides data related to the maximum
acceptable length for the value of the identified
component. A corresponding class instance
specifying the 'lengthMin(2)' value is required
in conjunction with this sub-type.
A value of 'rangeMin(4)' means that the guidance
attribute provides data related to the lower bound
of the range for the value of the identified
component. A corresponding class instance
specifying the 'rangeMax(5)' value is required
in conjunction with this sub-type.
A value of 'rangeMax(5)' means that the guidance
attribute provides data related to the upper bound
of the range for the value of the identified
component. A corresponding class instance
specifying the 'rangeMin(4)' value is required
in conjunction with this sub-type.
A value of 'enumMin(6)' means that the guidance
attribute provides data related to the lowest
enumeration acceptable for the value of the
identified component. A corresponding
class instance specifying the 'enumMax(7)'
value is required in conjunction with this sub-type.
A value of 'enumMax(7)' means that the guidance
attribute provides data related to the largest
enumeration acceptable for the value of the
identified component. A corresponding
class instance specifying the 'enumMin(6)'
value is required in conjunction with this sub-type.
A value of 'enumOnly(8)' means that the guidance
attribute provides data related to a single
enumeration acceptable for the value of the
identified component.
A value of 'valueOnly(9)' means that the guidance
attribute provides data related to a single
value that is acceptable for the identified
component.
A value of 'bitMask(10)' means that the guidance
attribute is a bit mask such that all the combinations of
bits set in the bitmask are acceptable values for the
identified component which should be an attribute of type
'BITS'.
For example, an implementation of the frwkIpFilter class may
be limited in several ways, such as address mask, protocol
and Layer 4 port options. These limitations could be
exported using this PRC with the following instances:
Component Type Sub-Type Guidance
------------------------------------------------------------
DstPrefixLength attrValueSupLimited valueOnly 24
SrcPrefixLength attrValueSupLimited valueOnly 24
Protocol attrValueSupLimited rangeMin 10
Protocol attrValueSupLimited rangeMax 20
The above entries describe a number of limitations that
may be in effect for the frwkIpFilter class on a given
device. The limitations include restrictions on acceptable
values for certain attributes.
Also, an implementation of a PRC may be limited in the ways
it can be accessed. For instance, for a fictitious PRC
dscpMapEntry, which has a PIB-ACCESS of 'install-notify':
Component Type SubType Guidance
------------------------------------------------------------
dscpMapEntry prcLimitedNotify none zero-length string."
::= { frwkCompLimitsEntry 6 }
frwkCompLimitsGuidance OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"A value used to convey additional information related
to the implementation limitation. Note that a guidance
value will not necessarily be provided for all exported
limitations. If a guidance value is not provided, the
value must be a zero-length string.
The format of the guidance value, if one is present as
indicated by the frwkCompLimitsSubType attribute,
is described by the following table. Note that the
format of guidance value is dictated by the base-type of
the component whose limitation is being exported,
interpreted in the context of the frwkCompLimitsType and
frwkCompLimitsSubType values. Any other restrictions
(such as size/range/enumerated value) on the guidance
value MUST be complied with according to the definition
of the component for which guidance is being specified.
Note that numbers are encoded in network byte order.
Base Type Value
--------- -----
Unsigned32/Integer32/INTEGER 32-bit value.
Unsigned64/Integer64 64-bit Value.
OCTET STRING octets of data.
OID 32-bit OID components.
BITS Binary octets of length
same as Component specified."
::= { frwkCompLimitsEntry 7 }
--
-- Complete Reference specification table
--
frwkReferenceTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkReferenceEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"Each instance of this PRC specifies a reference to a PRI
in a specific PIB context (handle) for a specific client-
type. This table gives the PDP the ability to set up
policies that span installed contexts and the PEP the
ability to reference instances in another, perhaps
configured context. The PEP must send a
'attrReferenceUnknown' COPS-PR error to the PDP if it
encounters an invalid reference. "
REFERENCE
"COPS Usage for Policy Provisioning. RFC 3084, error
codes section 4.5."
::= { frwkBasePibClasses 5 }
frwkReferenceEntry OBJECT-TYPE
SYNTAX FrwkReferenceEntry
STATUS current
DESCRIPTION
"Entry specification for the frwkReferenceTable."
PIB-INDEX { frwkReferencePrid }
UNIQUENESS { }
::= { frwkReferenceTable 1 }
FrwkReferenceEntry ::= SEQUENCE {
frwkReferencePrid InstanceId,
frwkReferenceClientType ClientType,
frwkReferenceClientHandle ClientHandle,
frwkReferenceInstance Prid
}
frwkReferencePrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the frwkReference class."
::= { frwkReferenceEntry 1 }
frwkReferenceClientType OBJECT-TYPE
SYNTAX ClientType
STATUS current
DESCRIPTION
"Is unused if set to zero else specifies a client-type for
which the reference is to be interpreted. This non-zero
client-type must be activated explicitly via a separate
COPS client-open else this attribute is not valid."
::= { frwkReferenceEntry 2 }
frwkReferenceClientHandle OBJECT-TYPE
SYNTAX ClientHandle
STATUS current
DESCRIPTION
"Must be set to specify a valid client-handle in the scope
of the client-type specified."
::= { frwkReferenceEntry 3 }
frwkReferenceInstance OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"References a PRI in the context identified by
frwkReferenceClientHandle for client-type identified by
frwkReferenceClientType."
::= { frwkReferenceEntry 4 }
--
-- Error specification table
--
frwkErrorTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkErrorEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"Each instance of this PRC specifies a class specific
error object. Instances of this PRC are transient, i.e.,
instances received in a COPS decision message must not be
maintained by the PEP in its copy of the PIB instances. This
PRC allows a PDP to send error information to the PEP if the
PDP cannot process updates to a Request successfully."
::= { frwkBasePibClasses 6 }
frwkErrorEntry OBJECT-TYPE
SYNTAX FrwkErrorEntry
STATUS current
DESCRIPTION
"Entry specification for the frwkErrorTable."
PIB-INDEX { frwkErrorPrid }
UNIQUENESS {
frwkErrorCode,
frwkErrorSubCode,
frwkErrorPrc,
frwkErrorInstance
}
::= { frwkErrorTable 1 }
FrwkErrorEntry ::= SEQUENCE {
frwkErrorPrid InstanceId,
frwkErrorCode Unsigned32,
frwkErrorSubCode Unsigned32,
frwkErrorPrc PrcIdentifierOid,
frwkErrorInstance InstanceId
}
frwkErrorPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the frwkError class."
::= { frwkErrorEntry 1 }
frwkErrorCode OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
STATUS current
DESCRIPTION
"Error code defined in COPS-PR CPERR object."
REFERENCE
"COPS Usage for Policy Provisioning. RFC 3084."
::= { frwkErrorEntry 2 }
frwkErrorSubCode OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
STATUS current
DESCRIPTION
"The class-specific error object is used to communicate
errors relating to specific PRCs."
::= { frwkErrorEntry 3 }
frwkErrorPrc OBJECT-TYPE
SYNTAX PrcIdentifierOid
STATUS current
DESCRIPTION
"The PRC due to which the error specified by codes
(frwkErrorCode , frwkErrorSubCode) occurred."
::= { frwkErrorEntry 4 }
frwkErrorInstance OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"The PRI of the identified PRC (frwkErrorPrc) due to which
the error specified by codes (frwkErrorCode ,
frwkErrorSubCode) occurred. Must be set to zero if unused."
::= { frwkErrorEntry 5 }
--
-- The device capabilities and role combo classes group
--
frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 }
--
-- Capability Set Table
--
frwkCapabilitySetTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkCapabilitySetEntry
PIB-ACCESS notify
STATUS current
DESCRIPTION
"This PRC describes the capability sets that exist on the
interfaces on the device. The capability set is given a
unique name that identifies a set. These capability set
names are used by the PDP to determine policy information to
be associated with interfaces that possess similar sets of
capabilities."
::= { frwkDeviceCapClasses 1 }
frwkCapabilitySetEntry OBJECT-TYPE
SYNTAX FrwkCapabilitySetEntry
STATUS current
DESCRIPTION
"An instance of this PRC describes a particular set of
capabilities and associates a unique name with the set."
PIB-INDEX { frwkCapabilitySetPrid }
UNIQUENESS { frwkCapabilitySetName,
frwkCapabilitySetCapability }
::= { frwkCapabilitySetTable 1 }
FrwkCapabilitySetEntry ::= SEQUENCE {
frwkCapabilitySetPrid InstanceId,
frwkCapabilitySetName SnmpAdminString,
frwkCapabilitySetCapability Prid
}
frwkCapabilitySetPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies a
instance of the class."
::= { frwkCapabilitySetEntry 1 }
frwkCapabilitySetName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (1..255))
STATUS current
DESCRIPTION
"The name for the capability set. This name is the unique
identifier of a set of capabilities. This attribute must not
be assigned a zero-length string."
::= { frwkCapabilitySetEntry 2 }
frwkCapabilitySetCapability OBJECT-TYPE
SYNTAX Prid
STATUS current
DESCRIPTION
"The complete PRC OID and instance identifier specifying the
capability PRC instance for the interface. This attribute
references a specific instance of a capability table. The
capability table whose instance is referenced must be
defined in the client type specific PIB that this PIB is
used with. The referenced capability instance becomes a part
of the set of capabilities associated with the specified
frwkCapabilitySetName."
::= { frwkCapabilitySetEntry 3 }
--
-- Interface and Role Combination Tables
--
frwkRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkRoleComboEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"This is an abstract PRC that may be extended or referenced
to enumerate the role combinations, capability set names
assigned to any interface on a PEP. The identification of
the interface is to be defined by its extensions or
referencing PRCs."
::= { frwkDeviceCapClasses 2 }
frwkRoleComboEntry OBJECT-TYPE
SYNTAX FrwkRoleComboEntry
STATUS current
DESCRIPTION
"An instance of this PRC describes one association of an
interface to a role-combination and capability set name .
Note that an interface can have multiple associations. This
constraint is controlled by the extending or referencing
PRC's uniqueness clause."
PIB-INDEX { frwkRoleComboPrid }
UNIQUENESS { }
::= { frwkRoleComboTable 1 }
FrwkRoleComboEntry ::= SEQUENCE {
frwkRoleComboPrid InstanceId,
frwkRoleComboRoles RoleCombination,
frwkRoleComboCapSetName SnmpAdminString
}
frwkRoleComboPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An arbitrary integer index that uniquely identifies an
instance of the class."
::= { frwkRoleComboEntry 1 }
frwkRoleComboRoles OBJECT-TYPE
SYNTAX RoleCombination
STATUS current
DESCRIPTION
"The role combination assigned to a specific interface."
::= { frwkRoleComboEntry 2 }
frwkRoleComboCapSetName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..255))
STATUS current
DESCRIPTION
"The name of the capability set associated with
the Role Combination specified in frwkRoleComboRoles. If
this is a zero length string it implies the PEP is not
exporting any capability set information for this
RoleCombination. The PDP must then use the RoleCombinations
provided as the only means of assigning policies
If a non-zero length string is specified, the name must
exist in frwkCapabilitySetTable."
::= { frwkRoleComboEntry 3 }
--
-- Interface, Role Combination association via IfIndex
--
frwkIfRoleComboTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIfRoleComboEntry
PIB-ACCESS install-notify
STATUS current
DESCRIPTION
"This PRC enumerates the interface to role combination and
frwkRoleComboCapSetName mapping for all policy managed
interfaces of a device. Policy for an interface depends not
only on the capability set of an interface but also on its
roles. This table specifies all the <interface index,
interface capability set name, role combination> tuples
currently on the device"
::= { frwkDeviceCapClasses 3 }
frwkIfRoleComboEntry OBJECT-TYPE
SYNTAX FrwkIfRoleComboEntry
STATUS current
DESCRIPTION
"An instance of this PRC describes the association of
a interface to an capability set name and a role
combination.
Note that a capability set name can have multiple role
combinations assigned to it, but an IfIndex can have only
one role combination associated."
EXTENDS { frwkRoleComboEntry }
UNIQUENESS { frwkIfRoleComboIfIndex,
frwkRoleComboCapSetName }
::= { frwkIfRoleComboTable 1 }
FrwkIfRoleComboEntry ::= SEQUENCE {
frwkIfRoleComboIfIndex InterfaceIndex
}
frwkIfRoleComboIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
STATUS current
DESCRIPTION
"The value of this attribute is the ifIndex which is
associated with the specified RoleCombination and interface
capability set name."
::= { frwkIfRoleComboEntry 1 }
--
-- The Classification classes group
--
frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 }
--
-- The Base Filter Table
--
frwkBaseFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkBaseFilterEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"The Base Filter class. A packet has to match all
fields in an Filter. Wildcards may be specified for those
fields that are not relevant."
::= { frwkClassifierClasses 1 }
frwkBaseFilterEntry OBJECT-TYPE
SYNTAX FrwkBaseFilterEntry
STATUS current
DESCRIPTION
"An instance of the frwkBaseFilter class."
PIB-INDEX { frwkBaseFilterPrid }
::= { frwkBaseFilterTable 1 }
FrwkBaseFilterEntry ::= SEQUENCE {
frwkBaseFilterPrid InstanceId,
frwkBaseFilterNegation TruthValue
}
frwkBaseFilterPrid OBJECT-TYPE
SYNTAX InstanceId
STATUS current
DESCRIPTION
"An integer index to uniquely identify this Filter among all
the Filters."
::= { frwkBaseFilterEntry 1 }
frwkBaseFilterNegation OBJECT-TYPE
SYNTAX TruthValue
STATUS current
DESCRIPTION
"This attribute behaves like a logical NOT for the filter.
If the packet matches this filter and the value of this
attribute is 'true', the action associated with this filter
is not applied to the packet. If the value of this
attribute is 'false', then the action is applied to the
packet."
::= { frwkBaseFilterEntry 2 }
--
-- The IP Filter Table
--
frwkIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FrwkIpFilterEntry
PIB-ACCESS install
STATUS current
DESCRIPTION
"Filter definitions. A packet has to match all fields in a
filter. Wildcards may be specified for those fields that
are not relevant."
INSTALL-ERRORS {
invalidDstL4PortData(1),
invalidSrcL4PortData(2)
}
::= { frwkClassifierClasses 2 }
frwkIpFilterEntry OBJECT-TYPE
SYNTAX FrwkIpFilterEntry
STATUS current
DESCRIPTION
"An instance of the frwkIpFilter class."
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwkIpFilterAddrType,
frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp,
frwkIpFilterFlowId,
frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax }
::= { frwkIpFilterTable 1 }
FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstPrefixLength InetAddressPrefixLength,
frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
frwkIpFilterDscp DscpOrAny,
frwkIpFilterFlowId Integer32,
frwkIpFilterProtocol Unsigned32,
frwkIpFilterDstL4PortMin InetPortNumber,
frwkIpFilterDstL4PortMax InetPortNumber,
frwkIpFilterSrcL4PortMin InetPortNumber,
frwkIpFilterSrcL4PortMax InetPortNumber
}
frwkIpFilterAddrType OBJECT-TYPE
SYNTAX InetAddressType
STATUS current
DESCRIPTION
"The address type enumeration value to specify the type of
the packet's IP address.
While other types of addresses are defined in the
InetAddressType textual convention, an IP filter can only
use IPv4 and IPv6 addresses directly to classify traffic.
All other InetAddressTypes require mapping to the
corresponding Ipv4 or IPv6 address before being used to
classify traffic. Therefore, this object as such is not
limited to IPv4 and IPv6 addresses, i.e., it can be assigned
any of the valid values defined in the InetAddressType TC,
but the mapping of the address values to IPv4 or IPv6
addresses for the address attributes (frwkIpFilterDstAddr
and frwkIpFilterSrcAddr) must be done by the PEP. For
example when dns (16) is used, the PEP must resolve
the address to IPv4 or IPv6 at install time."
REFERENCE
"Textual Conventions for Internet Network Addresses.
RFC 3291."
::= { frwkIpFilterEntry 1 }
frwkIpFilterDstAddr OBJECT-TYPE
SYNTAX InetAddress
STATUS current
DESCRIPTION
"The IP address to match against the packet's
destination IP address. If the address type is 'ipv4',
'ipv6', 'ipv4z' or 'ipv6z' then, the attribute
frwkIpFilterDstPrefixLength indicates the number of bits
that are relevant. "
REFERENCE
"Textual Conventions for Internet Network Addresses.
RFC 3291."
::= { frwkIpFilterEntry 2 }
frwkIpFilterDstPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
STATUS current
DESCRIPTION
"The length of a mask for the matching of the destination
IP address. This attribute is interpreted only if the
InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'.
Masks are constructed by setting bits in sequence from the
most-significant bit downwards for
frwkIpFilterDstPrefixLength bits length. All other bits in
the mask, up to the number needed to fill the length of
the address frwkIpFilterDstAddr are cleared to zero. A zero
bit in the mask then means that the corresponding bit in
the address always matches.
In IPv4 addresses, a length of 0 indicates a match of any
address; a length of 32 indicates a match of a single host
address, and a length between 0 and 32 indicates the use of
a CIDR Prefix. IPv6 is similar, except that prefix lengths
range from 0..128."
REFERENCE
"Textual Conventions for Internet Network Addresses.
RFC 3291."
DEFVAL { 0 }
::= { frwkIpFilterEntry 3 }
frwkIpFilterSrcAddr OBJECT-TYPE
SYNTAX InetAddress
STATUS current
DESCRIPTION
"The IP address to match against the packet's source IP
address. If the address type is 'ipv4', 'ipv6', 'ipv4z' or
'ipv6z' then, the attribute frwkIpFilterSrcPrefixLength
indicates the number of bits that are relevant."
REFERENCE
"Textual Conventions for Internet Network Addresses.
RFC 3291."
::= { frwkIpFilterEntry 4 }
frwkIpFilterSrcPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
UNITS "bits"
STATUS current
DESCRIPTION
"The length of a mask for the matching of the source IP
address. This attribute is interpreted only if the
InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'.
Masks are constructed by setting bits in sequence from the
most-significant bit downwards for
frwkIpFilterSrcPrefixLength bits length. All other bits in
the mask, up to the number needed to fill the length of
the address frwkIpFilterSrcAddr are cleared to zero. A
zero bit in the mask then means that the corresponding bit
in the address always matches.
In IPv4 addresses, a length of 0 indicates a match of any
address; a length of 32 indicates a match of a single host
address, and a length between 0 and 32 indicates the use of
a CIDR Prefix. IPv6 is similar, except that prefix lengths
range from 0..128."
REFERENCE
"Textual Conventions for Internet Network Addresses.
RFC 3291."
DEFVAL { 0 }
::= { frwkIpFilterEntry 5 }
frwkIpFilterDscp OBJECT-TYPE
SYNTAX DscpOrAny
STATUS current
DESCRIPTION
"The value that the DSCP in the packet can have and
match this filter. A value of -1 indicates that a specific
DSCP value has not been defined and thus all DSCP values
are considered a match."
REFERENCE
"Management Information Base for the Differentiated Services
Architecture. RFC 3289."
DEFVAL { -1 }
::= { frwkIpFilterEntry 6 }
frwkIpFilterFlowId OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..1048575)
STATUS current
DESCRIPTION
"The flow label or flow identifier in an IPv6 header
that may be used to discriminate traffic flows.
The value of -1 for this attribute MUST imply that
any flow label value in the IPv6 header will match,
resulting in the flow label field of the IPv6 header
being ignored for matching this filter entry."
::= { frwkIpFilterEntry 7 }
(next page on part 3)