rfc2720.txt

来自「著名的RFC文档,其中有一些文档是已经翻译成中文的的.」· 文本 代码 · 共 1,939 行 · 第 1/5 页

Network Working Group                                         N. Brownlee
Request for Comments: 2720                     The University of Auckland
Obsoletes: 2064                                              October 1999
Category: Standards Track


                  Traffic Flow Measurement: Meter MIB

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   The RTFM Traffic Measurement Architecture provides a general
   framework for describing and measuring network traffic flows.  Flows
   are defined in terms of their Address Attribute values and measured
   by a 'Traffic Meter'.

   This document defines a Management Information Base (MIB) for use in
   controlling an RTFM Traffic Meter, in particular for specifying the
   flows to be measured.  It also provides an efficient mechanism for
   retrieving flow data from the meter using SNMP. Security issues
   concerning the operation of traffic meters are summarised.

Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2  The SNMP Management Framework   . . . . . . . . . . . . . . . .  2
   3  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
      3.1 Scope of Definitions, Textual Conventions . . . . . . . . .  4
      3.2 Usage of the MIB variables  . . . . . . . . . . . . . . . .  4
   4  Definitions . . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5  Security Considerations . . . . . . . . . . . . . . . . . . . . 46
      5.1 SNMP Concerns   . . . . . . . . . . . . . . . . . . . . . . 46
      5.2 Traffic Meter Concerns  . . . . . . . . . . . . . . . . . . 46
   6  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 48
   7  Appendix A: Changes Introduced Since RFC 2064 . . . . . . . . . 49
   8  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 50
   9  Intellectual Property Notice  . . . . . . . . . . . . . . . . . 50



Brownlee                    Standards Track                     [Page 1]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


   10 References  . . . . . . . . . . . . . . . . . . . . . . . . . . 50
   11 Author's Address  . . . . . . . . . . . . . . . . . . . . . . . 53
   12 Full Copyright Statement  . . . . . . . . . . . . . . . . . . . 54

1  Introduction

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in the Internet community.
   In particular, it describes objects for managing and collecting data
   from network Realtime Traffic Flow Meters, as described in [RTFM-
   ARC].

   The MIB is 'basic' in the sense that it provides more than enough
   information for everyday traffic measurment.  Furthermore, it can be
   easily extended by adding new attributes as required.  The RTFM
   Working group is actively pursuing the development of the meter in
   this way.

2  The SNMP Management Framework

   The SNMP Management Framework presently consists of five major
   components:

   - An overall architecture, described in RFC 2571 [RFC2571].

   - Mechanisms for describing and naming objects and events for the
     purpose of management.  The first version of this Structure of
     Management Information (SMI) is called SMIv1 and described in STD
     16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215
     [RFC1215].  The second version, called SMIv2, is described in STD
     58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580].

   - Message protocols for transferring management information.  The
     first version of the SNMP message protocol is called SNMPv1 and
     described in STD 15, RFC 1157 [RFC1157].  A second version of the
     SNMP message protocol, which is not an Internet standards track
     protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and
     RFC 1906 [RFC1906].  The third version of the message protocol is
     called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572
     [RFC2572] and RFC 2574 [RFC2574].

   - Protocol operations for accessing management information.  The
     first set of protocol operations and associated PDU formats is
     described in STD 15, RFC 1157 [RFC1157].  A second set of protocol
     operations and associated PDU formats is described in RFC 1905
     [RFC1905].





Brownlee                    Standards Track                     [Page 2]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


   - A set of fundamental applications described in RFC 2573 [RFC2573]
     and the view-based access control mechanism described in RFC 2575
     [RFC2575].

   A more detailed introduction to the current SNMP Management Framework
   can be found in [RFC2570].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB. Objects in the MIB are
   defined using the mechanisms defined in the SMI.

   This memo specifies a MIB module that is compliant to the SMIv2.  A
   MIB conforming to the SMIv1 can be produced through the appropriate
   translations.  The resulting translated MIB must be semantically
   equivalent, except where objects or events are omitted because no
   translation is possible (use of Counter64).  Some machine readable
   information in SMIv2 will be converted into textual descriptions in
   SMIv1 during the translation process.  However, this loss of machine
   readable information is not considered to change the semantics of the
   MIB.

3  Overview

   Traffic Flow Measurement seeks to provide a well-defined method for
   gathering traffic flow information from networks and internetworks.
   The background for this is given in "Internet Accounting Background"
   [ACT-BKG]. The Realtime Traffic Flow Measurement (rtfm) Working Group
   has produced a measurement architecture to achieve this goal; this is
   documented in "Traffic Flow Measurement:  Architecture" [RTFM-ARC].
   The architecture defines three entities:

   - METERS, which observe network traffic flows and build up a table of
     flow data records for them,

   - METER READERS, which collect traffic flow data from meters, and

   - MANAGERS, which oversee the operation of meters and meter readers.

   This memo defines the SNMP management information for a Traffic Flow
   Meter (TFM). Work in this field was begun by the Internet Accounting
   Working Group.  It has been further developed and expanded by the
   Realtime Traffic Flow Measurement Working Group.









Brownlee                    Standards Track                     [Page 3]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


3.1  Scope of Definitions, Textual Conventions

   All objects defined in this memo are registered in a single subtree
   within the mib-2 namespace [MIB-II, RFC2578], and are for use in
   network devices which may perform a PDU forwarding or monitoring
   function.  For these devices, this MIB defines a group of objects
   with an SMI Network Management MGMT Code [ASG-NBR] of 40, i.e.

   flowMIB OBJECT IDENTIFIER ::=  mib-2 40

   as defined below.

   The RTFM Meter MIB was first produced and tested using SNMPv1.  It
   was converted into SNMPv2 following the guidelines in [RFC1908].

3.2  Usage of the MIB variables

   The MIB is organised in four parts - control, data, rules and
   conformance statements.

   The rules implement the set of packet-matching actions, as described
   in the "Traffic Flow Measurment:  Architecture" document [RTFM-ARC].
   In addition they provide for BASIC-style subroutines, allowing a
   network manager to dramatically reduce the number of rules required
   to monitor a large network.

   Traffic flows are identified by a set of attributes for each of their
   end-points.  Attributes include network addresses for each layer of
   the network protocol stack, and 'subscriber ids', which may be used
   to identify an accountable entity for the flow.

   The conformance statements are set out as defined in [RFC2580].  They
   explain what must be implemented in a meter which claims to conform
   to this MIB.

   To retrieve flow data one could simply do a linear scan of the flow
   table.  This would certainly work, but would require a lot of
   protocol exchanges.  To reduce the overhead in retrieving flow data
   the flow table uses a TimeFilter variable, defined as a Textual
   Convention in the RMON2 MIB [RMON2-MIB].

   As an alternative method of reading flow data, the MIB provides a
   view of the flow table called the flowDataPackageTable.  This is
   (logically) a four-dimensional array, subscripted by package
   selector, RuleSet, activity time and starting flow number.  The
   package selector is a sequence of bytes which specifies a list of
   flow attributes.




Brownlee                    Standards Track                     [Page 4]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


   A data package (as returned by the meter) is a sequence of values for
   the attributes specified in its selector, encoded using the Basic
   Encoding Rules [ASN-BER]. It allows a meter reader to retrieve all
   the attribute values it requires in a single MIB object.  This, when
   used together with SNMPv2's GetBulk request, allows a meter reader to
   scan the flow table and upload a specified set of attribute values
   for flows which have changed since the last reading, and which were
   created by a specified rule set.

   One aspect of data collection which needs emphasis is that all the
   MIB variables are set up to allow multiple independent meter readers
   to work properly, i.e. the flow table indexes are stateless.  An
   alternative approach would have been to 'snapshot' the flow table,
   which would mean that the meter readers would have to be
   synchronized.  The stateless approach does mean that two meter
   readers will never return exactly the same set of traffic counts, but
   over long periods (e.g. 15-minute collections over a day) the
   discrepancies are acceptable.  If one really needs a snapshot, this
   can be achieved by switching to an identical rule set with a
   different RuleSet number, hence asynchronous collections may be
   regarded as a useful generalisation of synchronised ones.

   The control variables are the minimum set required for a meter
   reader.  Their number has been whittled down as experience has been
   gained with the MIB implementation.  A few of them are 'general',
   i.e. they control the overall behaviour of the meter.  These are set
   by a single 'master' manager, and no other manager should attempt to
   change their values.  The decision as to which manager is the '
   master' must be made by the network operations personnel responsible;
   this MIB does not attempt to define any interaction between managers.

   There are three other groups of control variables, arranged into
   tables in the same way as in the RMON2 MIB [RMON2-MIB]. They are used
   as follows:

   - RULE SET INFO: Before attempting to download a RuleSet, a manager
     must create a row in the flowRuleSetInfoTable and set its
     flowRuleInfoSize to a value large enough to hold the RuleSet.  When
     the rule set is ready the manager must set flowRuleInfoRulesReady
     to 'true', indicating that the rule set is ready for use (but not
     yet 'running').

   - METER READER INFO: Any meter reader wishing to collect data
     reliably for all flows from a RuleSet should first create a row in
     the flowReaderInfoTable with flowReaderRuleSet set to that
     RuleSet's index in the flowRuleSetInfoTable.  It should write that
     row's flowReaderLastTime object each time it starts a collection




Brownlee                    Standards Track                     [Page 5]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


     pass through the flow table.  The meter will not recover a flow's
     memory until every meter reader holding a row for that flow's
     RuleSet has collected the flow's data.

   - MANAGER INFO: Any manager wishing to run a RuleSet in the meter
     must create a row in the flowManagerInfo table, specifying the
     desired RuleSet to run and its corresponding 'standby' RuleSet (if
     one is desired).  A current RuleSet is 'running' if its
     flowManagerRunningStandby value is false(2), similarly a standby
     RuleSet is 'running' if flowManagerRunningStandby is true(1).

   Times within the meter are in terms of its Uptime, i.e. centiseconds
   since the meter started.  For meters implemented as self-contained
   SNMP agents this will be the same as sysUptime, but this may not be
   true for meters implemented as subagents.  Managers can read the
   meter's Uptime when neccessary (e.g. to set a TimeFilter value) by
   setting flowReaderLastTime, then reading its new value.

4  Definitions

FLOW-METER-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    Counter32, Counter64, Integer32, mib-2
        FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, RowStatus, TimeStamp, TruthValue
        FROM SNMPv2-TC
    OBJECT-GROUP, MODULE-COMPLIANCE
        FROM SNMPv2-CONF
    ifIndex
        FROM IF-MIB
    TimeFilter
        FROM RMON2-MIB;

flowMIB MODULE-IDENTITY
    LAST-UPDATED "9910250000Z" -- October 25, 1999
    ORGANIZATION "IETF Realtime Traffic Flow Measurement Working Group"
    CONTACT-INFO
        "Nevil Brownlee, The University of Auckland

        Postal: Information Technology Sytems & Services
                The University of Auckland
                Private Bag 92-019
                Auckland, New Zealand

        Phone:  +64 9 373 7599 x8941
        E-mail: n.brownlee@auckland.ac.nz"



Brownlee                    Standards Track                     [Page 6]

RFC 2720          Traffic Flow Measurement: Meter MIB       October 1999


    DESCRIPTION
        "MIB for the RTFM Traffic Flow Meter."

    REVISION "9910250000Z"
    DESCRIPTION
        "Initial Version, published as RFC 2720."

     REVISION "9908301250Z"
     DESCRIPTION
         "UTF8OwnerString Textual Convention added, and used to
         replace OwnerString.  Conceptually the same as OwnerString,
         but facilitating internationalisation by using UTF-8
         encoding for its characters rather than US-ASCII."

    REVISION "9908191010Z"
    DESCRIPTION
        "Changes to SIZE specification for two variables:
          - flowRuleInfoName SIZE specified as (0..127)
          - flowRuleIndex SIZE increased to (1..2147483647)"

    REVISION "9712230937Z"
    DESCRIPTION
        "Two further variables deprecated:
          - flowRuleInfoRulesReady (use flowRuleInfoStatus intead)
          - flowDataStatus (contains no useful information)"

    REVISION "9707071715Z"
    DESCRIPTION
        "Significant changes since RFC 2064 include:
          - flowDataPackageTable added
          - flowColumnActivityTable deprecated
          - flowManagerCounterWrap deprecated"

    REVISION "9603080208Z"
    DESCRIPTION
        "Initial version of this MIB (RFC 2064)"
    ::= { mib-2 40 }

flowControl         OBJECT IDENTIFIER ::= { flowMIB 1 }

flowData            OBJECT IDENTIFIER ::= { flowMIB 2 }

flowRules           OBJECT IDENTIFIER ::= { flowMIB 3 }

flowMIBConformance  OBJECT IDENTIFIER ::= { flowMIB 4 }