Network Working Group K. White Request for Comments: 2758 IBM Corp. Category: Experimental February 2000 Definitions of Managed Objects for Service Level Agreements Performance Monitoring Status of this Memo This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This memo defines a Management Information Base (MIB) for performance monitoring of Service Level Agreements (SLAs) defined via policy definitions. The MIB defined herein focuses on defining a set of objects for monitoring SLAs and not on replication of the content of the policy definitions being monitored. The goal of the MIB defined within this document is to defined statistics related to a policy rule definition for reporting on the effect that a policy rule has on a system and to defined a method of monitoring this data. Table of Contents 1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 2.0 The SNMP Network Management Framework . . . . . . . . . . 2 3.0 Structure of the MIB . . . . . . . . . . . . . . . . . . . 3 3.1 Scalar objects . . . . . . . . . . . . . . . . . . . . . . 4 3.2 slapmPolicyNameTable . . . . . . . . . . . . . . . . . . . 5 3.3 slapmPolicyRuleStatsTable . . . . . . . . . . . . . . . . 6 3.4 slapmPRMonTable . . . . . . . . . . . . . . . . . . . . . 6 3.5 slapmSubcomponentTable . . . . . . . . . . . . . . . . . . 8 4.0 Definitions . . . . . . . . . . . . . . . . . . . . . . . 8 5.0 Security Considerations . . . . . . . . . . . . . . . . . 67 6.0 Intellectual Property . . . . . . . . . . . . . . . . . . 67 7.0 Acknowledgments . . . . . . . . . . . . . . . . . . . . . 68 8.0 References . . . . . . . . . . . . . . . . . . . . . . . . 68 9.0 Author's Address . . . . . . . . . . . . . . . . . . . . . 70 10.0 Full Copyright Statement . . . . . . . . . . . . . . . . 71 White Experimental [Page 1] RFC 2758 SLAPM-MIB February 2000 1.0 Introduction The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, reference [13]. This document's purpose is to define a MIB module for performance management of Service Level Agreements (SLAs). It is assumed that an SLA is defined via policy schema definitions. The policy definitions being modeled with respect to performance management is primarily related to network Quality of Service (QOS). There are a number of methods that exist for defining and administering policy. Definition of these methods is considered out side of the scope of this document. The MIB module defined within this memo has been modeled using the various versions of the schema definitions being developed within the Policy Framework Working Group in the IETF. The content of the MIB defined within this memo has evolved along with the Policy Framework Working Group schema definitions. 2.0 The SNMP Network Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [7]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [14], STD 16, RFC 1212 [15] and RFC 1215 [16]. The second version, called SMIv2, is described in STD 58, RFC 2578 [3], STD 58, RFC 2579 [4] and STD 58, RFC 2580 [5]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [1]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [17] and RFC 1906 [18]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [18], RFC 2572 [8] and RFC 2574 [10]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [1]. A second set of protocol White Experimental [Page 2] RFC 2758 SLAPM-MIB February 2000 operations and associated PDU formats is described in RFC 1905 [6]. o A set of fundamental applications described in RFC 2573 [9] and the view-based access control mechanism described in RFC 2575 [11]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3.0 Structure of the MIB The SLAPM-MIB consists of the following components: o scalar objects o slapmPolicyNameTable o slapmPolicyRuleStatsTable (equivalent to the deprecated slapmPolicyStatsTable) o slapmPRMonTable (equivalent to the deprecated slapmPolicyMonitorTable) o slapmSubcomponentTable Refer to the compliance statement defined within SLAPM-MIB for a definition of what objects and notifications MUST be implemented by all systems as opposed to those that MUST be implemented by end systems only. Initially most of the tables defined by the MIB module within this document where directly indexed using a policy's name and a subordinate traffic profile name. Over time the structure and resulting naming has grown more complex and as such has exceeded the capacity of being used as a direct MIB table index. As a result of this the original tables (slapmPolicyStatsTable and White Experimental [Page 3] RFC 2758 SLAPM-MIB February 2000 slapmPolicyMonitorTable) have been deprecated and replaced with new tables that use an Unsigned32 index element instead of "names". A new table has been defined, slapmPolicyNameTable, that maps the Unsigned32 index to a unique name associated with a given policy rule definition. 3.1 Scalar objects Global objects defined within SLAPM-MIB: o slapmSpinLock Enables multiple management application access to SLAPM-MIB. An agent MUST implement the slapmSpinLock object to enable management applications to coordinate their use of the SLAPM-MIB. Management application use of slapmSpinLock is OPTIONAL. o slapmPolicyCountQueries, slapmPolicyCountAccesses, slapmPolicyCountSuccessAccesses, and slapmPolicyCountNotFounds Basic statistics on the amount of policy directory access that has occurred at a system. o slapmPolicyPurgeTime Used to prevent the entries in various SLAPM-MIB tables that relate to a policy definition from immediately being deleted when the corresponding policy definition no longer exists. This gives management applications time to discover this condition and close out any polled based interval data that may be being collected. All dependent slapmPRMonTable entries are also deleted when its parent slapmPolicyRuleStatsEntry is removed. Refer to the OBJECT description for slapmPolicyPurgeTime for a more precise description of this function. o slapmPolicyTrapEnable This object enables or suppresses generation of slapmPolicyRuleDeleted or slapmPolicyRuleMonDeleted notifications. o slapmPolicyTrapFilter This object enables suppression of slapmSubcMonitorNotOkay notifications. White Experimental [Page 4] RFC 2758 SLAPM-MIB February 2000 3.2 slapmPolicyNameTable The slapmPolicyNameTable maps a Unsigned32 index to a unique name associated with a given policy rule definition. Currently, the core schema definition being worked on within the Policy Framework working group defines five general classes: policyGroup, policyRule, policyCondition, policyTimePeriodCondition, and policyAction. "Policies can either be used in a stand-alone fashion or aggregated into policy groups to perform more elaborate functions. Stand-alone policies are called policy rules. Policy groups are aggregations of policy rules, or aggregations of policy groups, but not both." Each policy rule consists of a set of conditions and a set of actions. Policy rules may be aggregated into policy groups. "Instances in a directory are identified by distinguished names (DNs), which provide the same type of hierarchical organization that a file system provides in a computer system. A distinguished name is a sequence of relative distinguished names (RDNs), where an RDN provides a unique identifier for an instance within the context of its immediate superior, in the same way that a filename provides a unique identifier for a file within the context of the folder in which it resides." Each of these instances can also be named to fit in with the existing DEN practice with a commonName (cn) attribute as oppose to the classes name attribute. "The cn, or commonName, attribute is an X.500 attribute. It stands for commonName. It specifies a user-friendly name by which the object is commonly known. This name may be ambiguous by itself. This name is used in a limited scope (such as an organization). It conforms to the naming conventions of the country or culture with which it is associated. CN is used universally in DEN as the naming attribute for a class." An slapmPolicyNameEntry contains a single object, slapmPolicyNameOfRule, that contains the unique name associated with a policy rule instance. An slapmPolicyNameEntry is indexed by a Unsigned32 index, slapmPolicyNameIndex, that is assigned by the implementation of this MIB. White Experimental [Page 5] RFC 2758 SLAPM-MIB February 2000 3.3 slapmPolicyRuleStatsTable This table is functionally equivalent to the deprecated slapmPolicyStatsTable. The slapmPolicyStatsTable uses the name of both a policy definition and a traffic profile name to index an entry. The slapmPolicyRuleStatsTable uses an slapmPolicyNameEntry index (Unsigned32) instead. The slapmPolicyRuleStatsTable is the main table defined by SLAPM-MIB. The primary index for this table is slapmPolicyNameSystemAddress that enables support of multiple systems from a single policy agent. The index element, slapmPolicyNameSystemAddress, value must be either the zero-length octet string when at a policy agent only a single system is being support, 4 octets for a ipv4 address, or 16 octets for a ipv6 address. It is possible that on a single system multiple policy agent instances exists. The Entity MIB, refer to [19], should be used to handle the resulting MIBs. With respect to slapmPolicyNameSystemAddress one slapmPolicyRuleStatsEntry exists for each policy rule instance. Entries in this table are not administered via SNMP. An agent implementation for this table MUST reflect its current set of policy rule instances via table entries. The mechanisms for policy administration are outside of the scope of this memo. 3.4 slapmPRMonTable This table is functionally equivalent to the deprecated slapmPolicyMonitorTable. The slapmPolicyMonitorTable uses the name of both a policy definition and a traffic profile name to index an entry. The slapmPRMonTable uses an slapmPolicyNameEntry index (Unsigned32) instead. The slapmPRMonTable provides a method of monitoring the effect of SLA policy being used at a system. A management application creates an slapmPRMonEntry for each collection that it requires. The value of the BITS slapmPRMonControl object determines what type of monitoring occurs, at what level to monitor and whether trap support is enabled: o monitorMinRate(0) Use the value of slapmPRMonInterval as the interval to determine current traffic in and out rates, using slapmPRMonCurrentInRate and slapmPRMonCurrentOutRate, that can be compared to slapmPRMonMinRateLow for determining when to generate a slapmPolicyRuleMonNotOkay notification. The notification White Experimental [Page 6] RFC 2758 SLAPM-MIB February 2000 slapmPolicyRuleMonOkay is generated when the problem is resolved. This can be determined by comparing the current rates to slapmPRMonMinRateHigh. o monitorMaxRate(1) Use the value of slapmPRMonInterval as the interval to determine current traffic in and out rate, using slapmPRMonCurrentInRate and slapmPRMonCurrentOutRate, that can be compared to slapmPRMonMaxRateHigh for determining when to generate a slapmPolicyRuleMonNotOkay notification. The notification slapmPolicyRuleMonOkay is generated when the problem is resolved. This can be determined by comparing the current rates to slapmPRMonMaxRateLow. o monitorMaxDelay(2) Use the value of slapmPRMonInterval as the interval to determine the current delay. This can be calculated on an aggregate level by averaging the round trip times for all TCP connections associated with the policy definition. For an individual subcomponent its round trip time can be used directly. Compare this value to slapmPRMonMaxDelayHigh for determining when to generate a slapmPolicyRuleMonNotOkay notification. The notification slapmPolicyRuleMonOkay is generated when the problem is resolved. This can be determined by comparing the current rates to slapmPRMonMaxDelayLow. UDP subcomponents don't support max delay monitoring. o enableAggregateTraps(3) The slapmPRMonitorControl BITS setting, enableAggregateTraps(3), MUST be set in order for any notifications relating to slapmPolicyRuleStatsTable monitoring to be generated. o enableSubcomponentTraps(4) This slapmPRMonControl BITS setting MUST be set in order for any notifications relating to slapmSubcomponetTable monitoring to be generated. The slapmPRMonControl BITS setting monitorSubcomponents(5) MUST be selected in order for this setting to be allowed. o monitorSubcomponents(5) If selected monitor slapmSubcomponentTable entries individually. Note: aggregate policy rule monitoring is always enabled. White Experimental [Page 7] RFC 2758 SLAPM-MIB February 2000 The index element slapmPRMonOwnerIndex is used as the first index in slapmPRMonTable in order to enable SNMP VACM security control. The slapmPRMonTable is the only table that supports SNMP RowStatus operations. 3.5 slapmSubcomponentTable Entries are made into this table for the protocol entities (policy traffic profile subcomponents) to indicate actual policy rule usage, provide general statistics at either a TCP connection or UDP listener level, and enable subcomponent monitoring. 4.0 Definitions SLAPM-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, experimental, Integer32, NOTIFICATION-TYPE, Gauge32, Counter32, Unsigned32 FROM SNMPv2-SMI -- RFC2578 TEXTUAL-CONVENTION, RowStatus, TestAndIncr, DateAndTime FROM SNMPv2-TC -- RFC2579 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- RFC2580 SnmpAdminString FROM SNMP-FRAMEWORK-MIB; -- RFC2571 slapmMIB MODULE-IDENTITY LAST-UPDATED "200001240000Z" -- 24 January 2000 ORGANIZATION "International Business Machines Corp." CONTACT-INFO "Kenneth White International Business Machines Corporation Network Computing Software Division Research Triangle Park, NC, USA E-mail: wkenneth@us.ibm.com" DESCRIPTION "The Service Level Agreement Performance Monitoring MIB (SLAPM-MIB) provides data collection and monitoring capabilities for Service Level Agreements (SLAs) policy definitions." -- Revision history White Experimental [Page 8] RFC 2758 SLAPM-MIB February 2000 REVISION "200001240000Z" -- 24 January 2000 DESCRIPTION "This version published as RFC 2758." ::= { experimental 88 } -- Textual Conventions SlapmNameType ::= TEXTUAL-CONVENTION STATUS deprecated DESCRIPTION "The textual convention for naming entities within this MIB. The actual contents of an object defined using this textual convention should consist of the distinguished name portion of an name. This is usually the right-most portion of the name. This convention is necessary, since names within this MIB can be used as index items and an instance identifier is limited to 128 subidentifiers. This textual convention has been deprecated. All of the tables defined within this MIB that use this textual convention have been deprecated as well since the method of using a portion of the name (either of a policy definition or of a traffic profile) has been replaced by using an Unsigned32 index. The new slapmPolicyNameTable would then map the Unsigned32 index to a real name." SYNTAX SnmpAdminString (SIZE(0..32)) SlapmStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The textual convention for defining the various slapmPRMonTable (or old slapmPolicyMonitorTable) and the slapmSubcomponentTable states for actual policy rule traffic monitoring." SYNTAX BITS { slaMinInRateNotAchieved(0), slaMaxInRateExceeded(1), slaMaxDelayExceeded(2), slaMinOutRateNotAchieved(3), slaMaxOutRateExceeded(4), monitorMinInRateNotAchieved(5), monitorMaxInRateExceeded(6), monitorMaxDelayExceeded(7), monitorMinOutRateNotAchieved(8), monitorMaxOutRateExceeded(9) White Experimental [Page 9] RFC 2758 SLAPM-MIB February 2000 } SlapmPolicyRuleName ::= TEXTUAL-CONVENTION DISPLAY-HINT "1024t" STATUS current DESCRIPTION "To facilitate internationalization, this TC represents information taken from the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 character encoding scheme described in RFC 2044. For strings in 7-bit US-ASCII, there is no impact since the UTF-8 representation is identical to the US-ASCII encoding." SYNTAX OCTET STRING (SIZE (0..1024)) -- Top-level structure of the MIB slapmNotifications OBJECT IDENTIFIER ::= { slapmMIB 0 } slapmObjects OBJECT IDENTIFIER ::= { slapmMIB 1 } slapmConformance OBJECT IDENTIFIER ::= { slapmMIB 2 } -- All scalar objects slapmBaseObjects OBJECT IDENTIFIER ::= { slapmObjects 1 } -- Scalar Object Definitions slapmSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow cooperating applications to coordinate their use of the contents of this MIB. This typically occurs when an application seeks to create an new entry or alter an existing entry in slapmPRMonTable (or old slapmPolicyMonitorTable). A management implementation MAY utilize the slapmSpinLock to serialize its changes or additions. This usage is not required. However, slapmSpinLock MUST be supported by agent implementations." ::= { slapmBaseObjects 1 } slapmPolicyCountQueries OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION White Experimental [Page 10] RFC 2758 SLAPM-MIB February 2000 "The total number of times that a policy lookup occurred with respect to a policy agent. This is the number of times that a reference was made to a policy definition at a system and includes the number of times that a policy repository was accessed, slapmPolicyCountAccesses. The object slapmPolicyCountAccesses should be less than slapmPolicyCountQueries when policy definitions are cached at a system." ::= { slapmBaseObjects 2 } slapmPolicyCountAccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of times that a policy repository was accessed with respect to a policy agent. The value of this object should be less than slapmPolicyCountQueries, since typically policy entries are cached to minimize repository accesses." ::= { slapmBaseObjects 3 } slapmPolicyCountSuccessAccesses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of successful policy repository accesses with respect to a policy agent." ::= { slapmBaseObjects 4 } slapmPolicyCountNotFounds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of policy repository accesses, with respect to a policy agent, that resulted in an entry not being located." ::= { slapmBaseObjects 5 } slapmPolicyPurgeTime OBJECT-TYPE SYNTAX Integer32 (0..3600) -- maximum of 1 hour UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION White Experimental [Page 11] RFC 2758 SLAPM-MIB February 2000 "The purpose of this object is to define the amount of time (in seconds) to wait before removing an slapmPolicyRuleStatsEntry (or old slapmPolicyStatsEntry) when a system detects that the associated policy definition has been deleted. This gives any polling management applications time to complete their last poll before an entry is removed. An slapmPolicyRuleStatsEntry (or old slapmPolicyStatsEntry) enters the deleteNeeded(3) state via slapmPolicyRuleStatsOperStatus (or old slapmPolicyStatsOperStatus) when a system first detects that the entry needs to be removed. Once slapmPolicyPurgeTime has expired for an entry in deleteNeeded(3) state it is removed a long with any dependent slapmPRMonTable (or slapmPolicyMonitorTable) entries. A value of 0 for this option disables this function and results in the automatic purging of slapmPRMonTable (or slapmPolicyTable) entries upon transition into deleteNeeded(3) state. A slapmPolicyRuleDeleted (or slapmPolicyProfileDeleted) notification is sent when an slapmPolicyRuleStatsEntry (or slapmPolicyStatsEntry) is removed. Dependent slapmPRMonTable (or slapmPolicyMonitorTable) deletion results in a slapmPolicyRuleMonDeleted (or slapmPolicyMonitorDeleted) notification being sent. These notifications are suppressed if the value of slapmPolicyTrapEnable is disabled(2)." DEFVAL { 900 } -- 15 minute default purge time ::= { slapmBaseObjects 6 } slapmPolicyTrapEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether slapmPolicyRuleDeleted and slapmPolicyRuleMonDeleted (or slapmPolicyProfileDeleted and slapmPolicyMonitorDeleted) notifications should be generated by this system." DEFVAL { disabled } ::= { slapmBaseObjects 7 } slapmPolicyTrapFilter OBJECT-TYPE SYNTAX Integer32 (0..64) UNITS "intervals" White Experimental [Page 12] RFC 2758 SLAPM-MIB February 2000 MAX-ACCESS read-write STATUS current DESCRIPTION "The purpose of this object is to suppress unnecessary slapmSubcMonitorNotOkay (or slapmSubcomponentMonitoredEventNotAchieved), for example, notifications. Basically, a monitored event has to not meet its SLA requirement for the number of consecutive intervals indicated by the value of this object." DEFVAL { 3 } ::= { slapmBaseObjects 8 } slapmTableObjects OBJECT IDENTIFIER ::= { slapmObjects 2 } -- Sla Performance Monitoring Policy Statistics Table slapmPolicyStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF SlapmPolicyStatsEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Provides statistics on all policies known at a system. This table has been deprecated and replaced with the slapmPolicyRuleStatsTable. Older implementations of this MIB are expected to continue their support of this table." ::= { slapmTableObjects 1 } slapmPolicyStatsEntry OBJECT-TYPE SYNTAX SlapmPolicyStatsEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Defines an entry in the slapmPolicyStatsTable. This table defines a set of statistics that is kept on a per system, policy and traffic profile basis. A policy can be defined to contain multiple traffic profiles that map to a single action. Entries in this table are not created or deleted via SNMP but reflect the set of policy definitions known at a system." INDEX { slapmPolicyStatsSystemAddress, slapmPolicyStatsPolicyName, slapmPolicyStatsTrafficProfileName White Experimental [Page 13] RFC 2758 SLAPM-MIB February 2000 } ::= { slapmPolicyStatsTable 1 } SlapmPolicyStatsEntry ::= SEQUENCE { slapmPolicyStatsSystemAddress OCTET STRING, slapmPolicyStatsPolicyName SlapmNameType, slapmPolicyStatsTrafficProfileName SlapmNameType, slapmPolicyStatsOperStatus INTEGER, slapmPolicyStatsActiveConns Gauge32, slapmPolicyStatsTotalConns Counter32, slapmPolicyStatsFirstActivated DateAndTime, slapmPolicyStatsLastMapping DateAndTime, slapmPolicyStatsInOctets Counter32, slapmPolicyStatsOutOctets Counter32, slapmPolicyStatsConnectionLimit Integer32, slapmPolicyStatsCountAccepts Counter32, slapmPolicyStatsCountDenies Counter32, slapmPolicyStatsInDiscards Counter32, slapmPolicyStatsOutDiscards Counter32, slapmPolicyStatsInPackets Counter32, slapmPolicyStatsOutPackets Counter32, slapmPolicyStatsInProfileOctets Counter32, slapmPolicyStatsOutProfileOctets Counter32, slapmPolicyStatsMinRate Integer32, slapmPolicyStatsMaxRate Integer32, slapmPolicyStatsMaxDelay Integer32 } slapmPolicyStatsSystemAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0 | 4 | 16)) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Address of a system that an Policy definition relates to. A zero length octet string must be used to indicate that only a single system is being represented. Otherwise, the length of the octet string must be 4 for an ipv4 address or 16 for an ipv6 address." ::= { slapmPolicyStatsEntry 1 } slapmPolicyStatsPolicyName OBJECT-TYPE SYNTAX SlapmNameType MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Policy name that this entry relates to." ::= { slapmPolicyStatsEntry 2 } White Experimental [Page 14] RFC 2758 SLAPM-MIB February 2000 slapmPolicyStatsTrafficProfileName OBJECT-TYPE SYNTAX SlapmNameType MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "The name of a traffic profile that is associated with a policy." ::= { slapmPolicyStatsEntry 3 } slapmPolicyStatsOperStatus OBJECT-TYPE SYNTAX INTEGER { inactive(1), active(2), deleteNeeded(3) } MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The state of a policy entry: inactive(1) - An policy entry was either defined by local system definition or discovered via a directory search but has not been activated (not currently being used). active(2) - Policy entry is being used to affect traffic flows. deleteNeeded(3) - Either though local implementation dependent methods or by discovering that the directory entry corresponding to this table entry no longer exists and slapmPolicyPurgeTime needs to expire before attempting to remove the corresponding slapmPolicyStatsEntry and any dependent slapmPolicyMonitor table entries. Note: a policy traffic profile in a state other than active(1) is not being used to affect traffic flows." ::= { slapmPolicyStatsEntry 4 } slapmPolicyStatsActiveConns OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of active TCP connections that are affected by the corresponding policy entry." ::= { slapmPolicyStatsEntry 5 } White Experimental [Page 15] RFC 2758 SLAPM-MIB February 2000 slapmPolicyStatsTotalConns OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of total TCP connections that are affected by the corresponding policy entry." ::= { slapmPolicyStatsEntry 6 } slapmPolicyStatsFirstActivated OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The timestamp for when the corresponding policy entry is activated. The value of this object serves as the discontinuity event indicator when polling entries in this table. The value of this object is updated on transition of slapmPolicyStatsOperStatus into the active(2) state." DEFVAL { '0000000000000000'H } ::= { slapmPolicyStatsEntry 7 } slapmPolicyStatsLastMapping OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The timestamp for when the last time that the associated policy entry was used." DEFVAL { '0000000000000000'H } ::= { slapmPolicyStatsEntry 8 } slapmPolicyStatsInOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of octets that was received by IP for an entity that map to this entry." ::= { slapmPolicyStatsEntry 9 } slapmPolicyStatsOutOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of octets that was transmitted by IP for an White Experimental [Page 16] RFC 2758 SLAPM-MIB February 2000 entity that map to this entry." ::= { slapmPolicyStatsEntry 10 } slapmPolicyStatsConnectionLimit OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The limit for the number of active TCP connections that are allowed for this policy definition. A value of zero for this object implies that a connection limit has not been specified." ::= { slapmPolicyStatsEntry 11 } slapmPolicyStatsCountAccepts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter is incremented when a policy action's Permission value is set to Accept and a session (TCP connection) is accepted." ::= { slapmPolicyStatsEntry 12 } slapmPolicyStatsCountDenies OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter is incremented when a policy action's Permission value is set to Deny and a session is denied, or when a session (TCP connection) is rejected due to a policy's connection limit (slapmPolicyStatsConnectLimit) being reached." ::= { slapmPolicyStatsEntry 13 } slapmPolicyStatsInDiscards OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of in octets discarded. This occurs when an error is detected. Examples of this are buffer overflow, checksum error, or bad packet format." ::= { slapmPolicyStatsEntry 14 } slapmPolicyStatsOutDiscards OBJECT-TYPE White Experimental [Page 17] RFC 2758 SLAPM-MIB February 2000 SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of out octets discarded. Examples of this are buffer overflow, checksum error, or bad packet format." ::= { slapmPolicyStatsEntry 15 } slapmPolicyStatsInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of in packets received that relate to this policy entry from IP." ::= { slapmPolicyStatsEntry 16 } slapmPolicyStatsOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of out packets sent by IP that relate to this policy entry." ::= { slapmPolicyStatsEntry 17 } slapmPolicyStatsInProfileOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of in octets that are determined to be within profile." ::= { slapmPolicyStatsEntry 18 } slapmPolicyStatsOutProfileOctets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This counter counts the number of out octets that are determined to be within profile." ::= { slapmPolicyStatsEntry 19 } slapmPolicyStatsMinRate OBJECT-TYPE SYNTAX Integer32 UNITS "Kilobits per second" White Experimental [Page 18] RFC 2758 SLAPM-MIB February 2000 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The minimum transfer rate defined for this entry." ::= { slapmPolicyStatsEntry 20 } slapmPolicyStatsMaxRate OBJECT-TYPE SYNTAX Integer32 UNITS "Kilobits per second" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The maximum transfer rate defined for this entry." ::= { slapmPolicyStatsEntry 21 } slapmPolicyStatsMaxDelay OBJECT-TYPE SYNTAX Integer32 UNITS "milliseconds" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The maximum delay defined for this entry." ::= { slapmPolicyStatsEntry 22 } -- SLA Performance Monitoring Policy Monitor Table slapmPolicyMonitorTable OBJECT-TYPE SYNTAX SEQUENCE OF SlapmPolicyMonitorEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Provides a method of monitoring policies and their effect at a system. This table has been deprecated and replaced with the slapmPRMonTable. Older implementations of this MIB are expected to continue their support of this table." ::= { slapmTableObjects 2 } slapmPolicyMonitorEntry OBJECT-TYPE SYNTAX SlapmPolicyMonitorEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Defines an entry in the slapmPolicyMonitorTable. This table defines which policies should be monitored on a per policy traffic profile basis." White Experimental [Page 19] RFC 2758 SLAPM-MIB February 2000 INDEX { slapmPolicyMonitorOwnerIndex, slapmPolicyMonitorSystemAddress, slapmPolicyMonitorPolicyName, slapmPolicyMonitorTrafficProfileName } ::= { slapmPolicyMonitorTable 1 } SlapmPolicyMonitorEntry ::= SEQUENCE { slapmPolicyMonitorOwnerIndex SnmpAdminString, slapmPolicyMonitorSystemAddress OCTET STRING, slapmPolicyMonitorPolicyName SlapmNameType, slapmPolicyMonitorTrafficProfileName SlapmNameType, slapmPolicyMonitorControl BITS, slapmPolicyMonitorStatus SlapmStatus, slapmPolicyMonitorInterval Integer32, slapmPolicyMonitorIntTime DateAndTime, slapmPolicyMonitorCurrentInRate Gauge32, slapmPolicyMonitorCurrentOutRate Gauge32, slapmPolicyMonitorMinRateLow Integer32, slapmPolicyMonitorMinRateHigh Integer32, slapmPolicyMonitorMaxRateHigh Integer32, slapmPolicyMonitorMaxRateLow Integer32, slapmPolicyMonitorMaxDelayHigh Integer32, slapmPolicyMonitorMaxDelayLow Integer32, slapmPolicyMonitorMinInRateNotAchieves Counter32, slapmPolicyMonitorMaxInRateExceeds Counter32, slapmPolicyMonitorMaxDelayExceeds Counter32, slapmPolicyMonitorMinOutRateNotAchieves Counter32, slapmPolicyMonitorMaxOutRateExceeds Counter32, slapmPolicyMonitorCurrentDelayRate Gauge32, slapmPolicyMonitorRowStatus RowStatus } slapmPolicyMonitorOwnerIndex OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..16)) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "To facilitate the provisioning of access control by a security administrator using the View-Based Access Control Model (RFC 2575, VACM) for tables in which multiple users may need to independently create or modify entries, the initial index is used as an 'owner index'. Such an initial index has a syntax of SnmpAdminString, and can thus be trivially mapped to a securityName or groupName as defined in VACM, in accordance with a White Experimental [Page 20] RFC 2758 SLAPM-MIB February 2000 security policy. All entries in that table belonging to a particular user will have the same value for this initial index. For a given user's entries in a particular table, the object identifiers for the information in these entries will have the same subidentifiers (except for the 'column' subidentifier) up to the end of the encoded owner index. To configure VACM to permit access to this portion of the table, one would create vacmViewTreeFamilyTable entries with the value of vacmViewTreeFamilySubtree including the owner index portion, and vacmViewTreeFamilyMask 'wildcarding' the column subidentifier. More elaborate configurations are possible." ::= { slapmPolicyMonitorEntry 1 } slapmPolicyMonitorSystemAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0 | 4 | 16)) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Address of a system that an Policy definition relates to. A zero length octet string can be used to indicate that only a single system is being represented. Otherwise, the length of the octet string should be 4 for an ipv4 address and 16 for an ipv6 address." ::= { slapmPolicyMonitorEntry 2 } slapmPolicyMonitorPolicyName OBJECT-TYPE SYNTAX SlapmNameType MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Policy name that this entry relates to." ::= { slapmPolicyMonitorEntry 3 } slapmPolicyMonitorTrafficProfileName OBJECT-TYPE SYNTAX SlapmNameType MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "The corresponding Traffic Profile name." ::= { slapmPolicyMonitorEntry 4 } slapmPolicyMonitorControl OBJECT-TYPE SYNTAX BITS { monitorMinRate(0), monitorMaxRate(1), White Experimental [Page 21] RFC 2758 SLAPM-MIB February 2000 monitorMaxDelay(2), enableAggregateTraps(3), enableSubcomponentTraps(4), monitorSubcomponents(5) } MAX-ACCESS read-create STATUS deprecated DESCRIPTION "The value of this object determines the type and level of monitoring that is applied to a policy/profile. The value of this object can't be changed once the table entry that it is a part of is activated via a slapmPolicyMonitorRowStatus transition to active state. monitorMinRate(0) - Monitor minimum transfer rate. monitorMaxRate(1) - Monitor maximum transfer rate. monitorMaxDelay(2) - Monitor maximum delay. enableAggregateTraps(3) - The enableAggregateTraps(3) BITS setting enables notification generation when monitoring a policy traffic profile as an aggregate using the values in the corresponding slapmPolicyStatsEntry. By default this function is not enabled. enableSubcomponentTraps(4) - This BITS setting enables notification generation when monitoring all subcomponents that are mapped to an corresponding slapmPolicyStatsEntry. By default this function is not enabled. monitorSubcomponents(5) - This BITS setting enables monitoring of each subcomponent (typically a TCP connection or UDP listener) individually." DEFVAL { { monitorMinRate, monitorMaxRate, monitorMaxDelay } } ::= { slapmPolicyMonitorEntry 5 } slapmPolicyMonitorStatus OBJECT-TYPE SYNTAX SlapmStatus MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The value of this object indicates when a monitored value has not meet a threshold or isn't meeting the defined service level. The SlapmStatus TEXTUAL-CONVENTION defines two levels of not meeting a threshold. The first set: slaMinInRateNotAchieved(0), slaMaxInRateExceeded(1), slaMaxDelayExceeded(2), White Experimental [Page 22] RFC 2758 SLAPM-MIB February 2000 slaMinOutRateNotAchieved(3), slaMaxOutRateExceeded(4) are used to indicate when the SLA as an aggregate is not meeting a threshold while the second set: monitorMinInRateNotAchieved(5), monitorMaxInRateExceeded(6), monitorMaxDelayExceeded(7), monitorMinOutRateNotAchieved(8), monitorMaxOutRateExceeded(9) indicate that at least one subcomponent is not meeting a threshold." ::= { slapmPolicyMonitorEntry 6 } slapmPolicyMonitorInterval OBJECT-TYPE SYNTAX Integer32 (15..86400) -- 15 second min, 24 hour max UNITS "seconds" MAX-ACCESS read-create STATUS deprecated DESCRIPTION "The number of seconds that defines the sample period." DEFVAL {20} -- 20 seconds ::= { slapmPolicyMonitorEntry 7 } slapmPolicyMonitorIntTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The timestamp for when the last interval ended." DEFVAL { '0000000000000000'H } ::= { slapmPolicyMonitorEntry 8 } slapmPolicyMonitorCurrentInRate OBJECT-TYPE SYNTAX Gauge32 UNITS "kilobits per second" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "Using the value of the corresponding slapmPolicyMonitorInterval, slapmPolicyStatsInOctets is sampled and then divided by slapmPolicyMonitorInterval to determine the curr