rfc2064.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,984 行 · 第 1/5 页
TXT
1,984 行
Network Working Group N. Brownlee
Request for Comments: 2064 The University of Auckland
Category: Experimental January 1997
Traffic Flow Measurement: Meter MIB
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. This memo does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in TCP/IP-based internets.
In particular, this memo defines managed objects used for obtaining
traffic flow information from network traffic meters.
Table of Contents
1 The Network Management Framework . . . . . . . . . . . . . . . . 1
2 Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1 Format of Definitions . . . . . . . . . . . . . . . . . . . 3
3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Scope of Definitions, Textual Conventions . . . . . . . . . 3
3.2 Usage of the MIB variables . . . . . . . . . . . . . . . . 4
4 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 37
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7 Security Considerations . . . . . . . . . . . . . . . . . . . . 38
8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 38
1 The Network Management Framework
The Internet-standard Network Management Framework consists of three
components. They are:
RFC 1155 defines the SMI, the mechanisms used for describing and
naming objects for the purpose of management. STD 16, RFC 1212
defines a more concise description mechanism, which is wholly
consistent with the SMI.
Brownlee Experimental [Page 1]
RFC 2064 Meter MIB January 1997
RFC 1156 defines MIB-I, the core set of managed objects for the
Internet suite of protocols. STD 17, RFC 1213 [1] defines MIB-II,
an evolution of MIB-I based on implementation experience and new
operational requirements.
STD 15, RFC 1157 defines the SNMP, the protocol used for network
access to managed objects.
RFC 1442 [2] defines the SMI for version 2 of the Simple Network
Management Protocol.
RFCs 1443 and 1444 [3,4] define Textual Conventions and
Conformance Statements for version 2 of the Simple Network
Management Protocol.
RFC 1452 [5] describes how versions 1 and 2 of the Simple Network
Management Protocol should coexist.
The Framework permits new objects to be defined for the purpose of
experimentation and evaluation.
2 Objects
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the subset of Abstract Syntax Notation One (ASN.1) [6]
defined in the SMI. In particular, each object has a name, a syntax,
and an encoding. The name is an object identifier, an
administratively assigned name, which specifies an object type. The
object type together with an object instance serves to uniquely
identify a specific instantiation of the object. For human
convenience, we often use a textual string, termed the OBJECT
DESCRIPTOR, to also refer to the object type.
The syntax of an object type defines the abstract data structure
corresponding to that object type. The ASN.1 language is used for
this purpose. However, the SMI [2] purposely restricts the ASN.1
constructs which may be used. These restrictions are explicitly made
for simplicity.
The encoding of an object type is simply how that object type is
represented using the object type's syntax. Implicitly tied to the
notion of an object type's syntax and encoding is how the object type
is represented when being transmitted on the network.
The SMI specifies the use of the basic encoding rules of ASN.1 [7],
subject to the additional requirements imposed by the SNMP.
Brownlee Experimental [Page 2]
RFC 2064 Meter MIB January 1997
2.1 Format of Definitions
Section 4 contains contains the specification of all object types
contained in this MIB module. These object types are defined using
the conventions defined in [2] and [3].
3 Overview
Traffic Flow Measurement seeks to provide a well-defined method for
gathering traffic flow information from networks and internetworks.
The background for this is given in "Traffic Flow Measurement:
Background" [8]. The Realtime Traffic Flow Measurement (rtfm)
Working Group has produced a measurement architecture to achieve it;
this is documented in "Traffic Flow Measurement: Architecture" [9].
The architecture defines three entities:
- METERS, which observe network traffic flows and build up a
table of flow data records for them,
- METER REAERS, which collect traffic flow data from meters, and
- MANAGERS, which oversee the operation of meters and meter readers.
This memo defines the SNMP management information for a Traffic Flow
Meter (TFM). It documents the earlier work of the Internet Accounting
Working Group, and is intended to provide a starting point for the
Realtime Traffic Flow Measurement Working Group.
3.1 Scope of Definitions, Textual Conventions
All objects defined in this memo are registered in a single subtree
within the mib-2 namespace [1,2], and are for use in network devices
which may perform a PDU forwarding or monitoring function. For these
devices, the value of the ifSpecific variable in the MIB-II [1] has
the OBJECT IDENTIFIER value:
flowMIB OBJECT IDENTIFIER ::= mib-2 40
as defined below.
The RTFM Meter MIB was first produced and tested using SNMPv1. It
has been converted into SNMPv2 following the guidelines in RFC 1452
[5].
Brownlee Experimental [Page 3]
RFC 2064 Meter MIB January 1997
3.2 Usage of the MIB variables
The MIB breaks into four parts - control, flows, rules and
conformance statements.
The rules implement the minumum set of packet-matching actions, as
set out in the "Traffic Flow Measurment: Architecture" document [9].
In addition they provide for BASIC-style subroutines, allowing a
network manager to dramatically reduce the number of rules required
to monitor a big network.
Traffic flows are identified by a set of attributes for each of its
end-points. Attributes include network addresses for each layer of
the network protocol stack, and 'subscriber ids,' which may be used
to identify an accountable entity for the flow.
The conformance statements are set out as defined in [4]. They
explain what must be implemented in a meter which claims to conform
to this MIB.
To retrieve flow data one could simply do a linear scan of the flow
table. This would certainly work, but would require a lot of
protocol exchanges. To reduce the overhead in retrieving flow data
the flow table uses a TimeFilter variable, defined as a Textual
Convention in the RMON2 MIB [10]. This, when used together with
SNMPv2's GetBulk request, allows a meter reader to scan the flow
table and upload a specified set of flow attributes for those rows
which have changed since the last reading.
As an alternative method of reading flow data, the MIB provides an
index into the flow table called flowColumnActivityTable. This is
(logically) a three-dimensional array, subscripted by flow attribute,
activity time and starting flow number. This allows a meter reader
to retrieve (in an opaque object) data for a column of the flow table
with a minimum of SNMP overhead. An attempt has been made to include
a full ASN.1 definition of the flowColumnActivityData object.
One aspect of data collection which needs emphasis is that all the
MIB variables are set up to allow multiple independent colletors to
work properly, i.e. the flow table indexes are stateless. An
alternative approach would have been to 'snapshot' the flow table,
which would mean that the meter readers would have to be
synchronized. The stateless approach does mean that two meter
readers will never return exactly the same set of traffic counts, but
over long periods (e.g. 15-minute collections over a day) the
discrepancies are acceptable. If one really needs a snapshot, this
can be achieved by switching to an identical rule set with a
different RuleSet number, hence asynchronous collections may be
Brownlee Experimental [Page 4]
RFC 2064 Meter MIB January 1997
regarded as a useful generalisation of synchronised ones.
The control variables are the minimum set required for a meter
reader. Their number has been whittled down as experience has been
gained with the MIB implementation. A few of them are 'general,'
i.e. they control the overall behaviour of the meter. These are set
by a single 'master' manager, and no other manager should attempt to
change their values. The decision as to which manager is the
'master' must be made by the network operations personnel
responsible; this MIB does not attempt to provide any support for
interaction between managers.
There are three other groups of control groups, arranged into tables
in the same way as in the RMON MIB [10]. They are used as follows:
- RULE SET INFO: Before attempting to download a rule table a manager
must create a row in the flowRuleSetInfo with flowRuleInfoStatus
set to 'createAndWait.' When the rule set is ready the manager
must set RuleSetInfo to 'active,' indicating that the rule set is
ready for use.
- METER READER INFO: Any meter reader wishing to collect data
reliably for all flows should first create a row in the
flowReaderInfoTable with flowReaderStatus set to 'active.' It
should write that row's flowReaderLastTime object each time it
starts a collection pass through the flow table. The meter will
not recover a flow's memory until every meter reader holding a row
in this table has collected that flow's data.
- MANAGER INFO: Any manager wishing to download rule sets to the
meter must create a row in the flowManagerInfo table with
flowManagerStatus set to 'active.'. Once it has a table row, the
manager may set the control variables in its row so as to cause the
meter to run any valid rule set held by the meter.
Brownlee Experimental [Page 5]
RFC 2064 Meter MIB January 1997
4 Definitions
FLOW-METER-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, TimeTicks
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatus, TimeStamp
FROM SNMPv2-TC
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
mib-2, ifIndex
FROM RFC1213-MIB
OwnerString
FROM RMON-MIB;
flowMIB MODULE-IDENTITY
LAST-UPDATED "9603080208Z"
ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group"
CONTACT-INFO
"Nevil Brownlee, The University of Auckland
Email: n.brownlee@auckland.ac.nz"
DESCRIPTION
"MIB for the RTFM Traffic Flow Meter."
::= { mib-2 40 }
flowControl OBJECT IDENTIFIER ::= { flowMIB 1 }
flowData OBJECT IDENTIFIER ::= { flowMIB 2 }
flowRules OBJECT IDENTIFIER ::= { flowMIB 3 }
flowMIBConformance OBJECT IDENTIFIER ::= { flowMIB 4 }
-- Textual Conventions
TimeFilter ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Used as an index to a table. A TimeFilter variable allows
a GetNext or GetBulk request to find rows in a table for
which the TimeFilter index variable is greater than or equal
to a specified value. For example, a meter reader could
find all rows in the flow table which have been active at or
since a specified time.
Brownlee Experimental [Page 6]
RFC 2064 Meter MIB January 1997
More details on TimeFilter variables, their implementation
and use can be found in the RMON2 MIB [10]."
SYNTAX TimeTicks
AddressType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Indicates the type of an adjacent address or peer address.
The values used are from the 'Address Family Numbers' section
of the Assigned Numbers RFC [11]."
SYNTAX INTEGER {
ip(1),
nsap(3),
ieee802(6),
ipx(11),
appletalk(12),
decnet(13) }
AdjacentAddress ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Specifies the value of an adjacent address for various
media. The values used for IEEE 802 media are from the
'Network Management Parameters (ifType definitions)'
section of the Assigned Numbers RFC [11]. Address format
depends on the actual media, as follows:
Ethernet: ethernet(7)
6-octet 802.3 MAC address in 'canonical' order
FDDI: fddi(15)
FddiMACLongAddress, i.e. a 6-octet MAC address
in 'canonical' order (defined in the FDDI MIB [12])
Token Ring: tokenring(9)
6-octet 802.5 MAC address in 'canonical' order
PeerAddress: other(1)
If traffic is being metered inside a tunnel, its
adjacent addresses will be the peer addresses of hosts
at the ends of the tunnel
"
SYNTAX OCTET STRING (SIZE (6..20))
PeerAddress ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Specifies the value of a peer address for various network
Brownlee Experimental [Page 7]
RFC 2064 Meter MIB January 1997
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?