rfc2720.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,878 行 · 第 1/5 页
TXT
1,878 行
Network Working Group N. Brownlee
Request for Comments: 2720 The University of Auckland
Obsoletes: 2064 October 1999
Category: Standards Track
Traffic Flow Measurement: Meter MIB
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
The RTFM Traffic Measurement Architecture provides a general
framework for describing and measuring network traffic flows. Flows
are defined in terms of their Address Attribute values and measured
by a 'Traffic Meter'.
This document defines a Management Information Base (MIB) for use in
controlling an RTFM Traffic Meter, in particular for specifying the
flows to be measured. It also provides an efficient mechanism for
retrieving flow data from the meter using SNMP. Security issues
concerning the operation of traffic meters are summarised.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 The SNMP Management Framework . . . . . . . . . . . . . . . . 2
3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Scope of Definitions, Textual Conventions . . . . . . . . . 4
3.2 Usage of the MIB variables . . . . . . . . . . . . . . . . 4
4 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5 Security Considerations . . . . . . . . . . . . . . . . . . . . 46
5.1 SNMP Concerns . . . . . . . . . . . . . . . . . . . . . . 46
5.2 Traffic Meter Concerns . . . . . . . . . . . . . . . . . . 46
6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 48
7 Appendix A: Changes Introduced Since RFC 2064 . . . . . . . . . 49
8 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 50
9 Intellectual Property Notice . . . . . . . . . . . . . . . . . 50
Brownlee Standards Track [Page 1]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
10 References . . . . . . . . . . . . . . . . . . . . . . . . . . 50
11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 53
12 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 54
1 Introduction
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it describes objects for managing and collecting data
from network Realtime Traffic Flow Meters, as described in [RTFM-
ARC].
The MIB is 'basic' in the sense that it provides more than enough
information for everyday traffic measurment. Furthermore, it can be
easily extended by adding new attributes as required. The RTFM
Working group is actively pursuing the development of the meter in
this way.
2 The SNMP Management Framework
The SNMP Management Framework presently consists of five major
components:
- An overall architecture, described in RFC 2571 [RFC2571].
- Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in STD
16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215
[RFC1215]. The second version, called SMIv2, is described in STD
58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580].
- Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in STD 15, RFC 1157 [RFC1157]. A second version of the
SNMP message protocol, which is not an Internet standards track
protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and
RFC 1906 [RFC1906]. The third version of the message protocol is
called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572
[RFC2572] and RFC 2574 [RFC2574].
- Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [RFC1157]. A second set of protocol
operations and associated PDU formats is described in RFC 1905
[RFC1905].
Brownlee Standards Track [Page 2]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
- A set of fundamental applications described in RFC 2573 [RFC2573]
and the view-based access control mechanism described in RFC 2575
[RFC2575].
A more detailed introduction to the current SNMP Management Framework
can be found in [RFC2570].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.
3 Overview
Traffic Flow Measurement seeks to provide a well-defined method for
gathering traffic flow information from networks and internetworks.
The background for this is given in "Internet Accounting Background"
[ACT-BKG]. The Realtime Traffic Flow Measurement (rtfm) Working Group
has produced a measurement architecture to achieve this goal; this is
documented in "Traffic Flow Measurement: Architecture" [RTFM-ARC].
The architecture defines three entities:
- METERS, which observe network traffic flows and build up a table of
flow data records for them,
- METER READERS, which collect traffic flow data from meters, and
- MANAGERS, which oversee the operation of meters and meter readers.
This memo defines the SNMP management information for a Traffic Flow
Meter (TFM). Work in this field was begun by the Internet Accounting
Working Group. It has been further developed and expanded by the
Realtime Traffic Flow Measurement Working Group.
Brownlee Standards Track [Page 3]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
3.1 Scope of Definitions, Textual Conventions
All objects defined in this memo are registered in a single subtree
within the mib-2 namespace [MIB-II, RFC2578], and are for use in
network devices which may perform a PDU forwarding or monitoring
function. For these devices, this MIB defines a group of objects
with an SMI Network Management MGMT Code [ASG-NBR] of 40, i.e.
flowMIB OBJECT IDENTIFIER ::= mib-2 40
as defined below.
The RTFM Meter MIB was first produced and tested using SNMPv1. It
was converted into SNMPv2 following the guidelines in [RFC1908].
3.2 Usage of the MIB variables
The MIB is organised in four parts - control, data, rules and
conformance statements.
The rules implement the set of packet-matching actions, as described
in the "Traffic Flow Measurment: Architecture" document [RTFM-ARC].
In addition they provide for BASIC-style subroutines, allowing a
network manager to dramatically reduce the number of rules required
to monitor a large network.
Traffic flows are identified by a set of attributes for each of their
end-points. Attributes include network addresses for each layer of
the network protocol stack, and 'subscriber ids', which may be used
to identify an accountable entity for the flow.
The conformance statements are set out as defined in [RFC2580]. They
explain what must be implemented in a meter which claims to conform
to this MIB.
To retrieve flow data one could simply do a linear scan of the flow
table. This would certainly work, but would require a lot of
protocol exchanges. To reduce the overhead in retrieving flow data
the flow table uses a TimeFilter variable, defined as a Textual
Convention in the RMON2 MIB [RMON2-MIB].
As an alternative method of reading flow data, the MIB provides a
view of the flow table called the flowDataPackageTable. This is
(logically) a four-dimensional array, subscripted by package
selector, RuleSet, activity time and starting flow number. The
package selector is a sequence of bytes which specifies a list of
flow attributes.
Brownlee Standards Track [Page 4]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
A data package (as returned by the meter) is a sequence of values for
the attributes specified in its selector, encoded using the Basic
Encoding Rules [ASN-BER]. It allows a meter reader to retrieve all
the attribute values it requires in a single MIB object. This, when
used together with SNMPv2's GetBulk request, allows a meter reader to
scan the flow table and upload a specified set of attribute values
for flows which have changed since the last reading, and which were
created by a specified rule set.
One aspect of data collection which needs emphasis is that all the
MIB variables are set up to allow multiple independent meter readers
to work properly, i.e. the flow table indexes are stateless. An
alternative approach would have been to 'snapshot' the flow table,
which would mean that the meter readers would have to be
synchronized. The stateless approach does mean that two meter
readers will never return exactly the same set of traffic counts, but
over long periods (e.g. 15-minute collections over a day) the
discrepancies are acceptable. If one really needs a snapshot, this
can be achieved by switching to an identical rule set with a
different RuleSet number, hence asynchronous collections may be
regarded as a useful generalisation of synchronised ones.
The control variables are the minimum set required for a meter
reader. Their number has been whittled down as experience has been
gained with the MIB implementation. A few of them are 'general',
i.e. they control the overall behaviour of the meter. These are set
by a single 'master' manager, and no other manager should attempt to
change their values. The decision as to which manager is the '
master' must be made by the network operations personnel responsible;
this MIB does not attempt to define any interaction between managers.
There are three other groups of control variables, arranged into
tables in the same way as in the RMON2 MIB [RMON2-MIB]. They are used
as follows:
- RULE SET INFO: Before attempting to download a RuleSet, a manager
must create a row in the flowRuleSetInfoTable and set its
flowRuleInfoSize to a value large enough to hold the RuleSet. When
the rule set is ready the manager must set flowRuleInfoRulesReady
to 'true', indicating that the rule set is ready for use (but not
yet 'running').
- METER READER INFO: Any meter reader wishing to collect data
reliably for all flows from a RuleSet should first create a row in
the flowReaderInfoTable with flowReaderRuleSet set to that
RuleSet's index in the flowRuleSetInfoTable. It should write that
row's flowReaderLastTime object each time it starts a collection
Brownlee Standards Track [Page 5]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
pass through the flow table. The meter will not recover a flow's
memory until every meter reader holding a row for that flow's
RuleSet has collected the flow's data.
- MANAGER INFO: Any manager wishing to run a RuleSet in the meter
must create a row in the flowManagerInfo table, specifying the
desired RuleSet to run and its corresponding 'standby' RuleSet (if
one is desired). A current RuleSet is 'running' if its
flowManagerRunningStandby value is false(2), similarly a standby
RuleSet is 'running' if flowManagerRunningStandby is true(1).
Times within the meter are in terms of its Uptime, i.e. centiseconds
since the meter started. For meters implemented as self-contained
SNMP agents this will be the same as sysUptime, but this may not be
true for meters implemented as subagents. Managers can read the
meter's Uptime when neccessary (e.g. to set a TimeFilter value) by
setting flowReaderLastTime, then reading its new value.
4 Definitions
FLOW-METER-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Counter32, Counter64, Integer32, mib-2
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue
FROM SNMPv2-TC
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
ifIndex
FROM IF-MIB
TimeFilter
FROM RMON2-MIB;
flowMIB MODULE-IDENTITY
LAST-UPDATED "9910250000Z" -- October 25, 1999
ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group"
CONTACT-INFO
"Nevil Brownlee, The University of Auckland
Postal: Information Technology Sytems & Services
The University of Auckland
Private Bag 92-019
Auckland, New Zealand
Phone: +64 9 373 7599 x8941
E-mail: n.brownlee@auckland.ac.nz"
Brownlee Standards Track [Page 6]
RFC 2720 Traffic Flow Measurement: Meter MIB October 1999
DESCRIPTION
"MIB for the RTFM Traffic Flow Meter."
REVISION "9910250000Z"
DESCRIPTION
"Initial Version, published as RFC 2720."
REVISION "9908301250Z"
DESCRIPTION
"UTF8OwnerString Textual Convention added, and used to
replace OwnerString. Conceptually the same as OwnerString,
but facilitating internationalisation by using UTF-8
encoding for its characters rather than US-ASCII."
REVISION "9908191010Z"
DESCRIPTION
"Changes to SIZE specification for two variables:
- flowRuleInfoName SIZE specified as (0..127)
- flowRuleIndex SIZE increased to (1..2147483647)"
REVISION "9712230937Z"
DESCRIPTION
"Two further variables deprecated:
- flowRuleInfoRulesReady (use flowRuleInfoStatus intead)
- flowDataStatus (contains no useful information)"
REVISION "9707071715Z"
DESCRIPTION
"Significant changes since RFC 2064 include:
- flowDataPackageTable added
- flowColumnActivityTable deprecated
- flowManagerCounterWrap deprecated"
REVISION "9603080208Z"
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?